| < draft-ietf-dnsop-extended-error-05.txt | draft-ietf-dnsop-extended-error-06.txt > | |||
|---|---|---|---|---|
| Network Working Group W. Kumari | Network Working Group W. Kumari | |||
| Internet-Draft Google | Internet-Draft Google | |||
| Intended status: Standards Track E. Hunt | Intended status: Standards Track E. Hunt | |||
| Expires: September 12, 2019 ISC | Expires: January 9, 2020 ISC | |||
| R. Arends | R. Arends | |||
| ICANN | ICANN | |||
| W. Hardaker | W. Hardaker | |||
| USC/ISI | USC/ISI | |||
| D. Lawrence | D. Lawrence | |||
| Oracle + Dyn | Oracle + Dyn | |||
| March 11, 2019 | July 08, 2019 | |||
| Extended DNS Errors | Extended DNS Errors | |||
| draft-ietf-dnsop-extended-error-05 | draft-ietf-dnsop-extended-error-06 | |||
| Abstract | Abstract | |||
| This document defines an extensible method to return additional | This document defines an extensible method to return additional | |||
| information about the cause of DNS errors. Though created primarily | information about the cause of DNS errors. Though created primarily | |||
| to extend SERVFAIL to provide additional information about the cause | to extend SERVFAIL to provide additional information about the cause | |||
| of DNS and DNSSEC failures, the Extended DNS Errors option defined in | of DNS and DNSSEC failures, the Extended DNS Errors option defined in | |||
| this document allows all response types to contain extended error | this document allows all response types to contain extended error | |||
| information. | information. | |||
| skipping to change at page 1, line 42 ¶ | skipping to change at page 1, line 42 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on September 12, 2019. | This Internet-Draft will expire on January 9, 2020. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2019 IETF Trust and the persons identified as the | Copyright (c) 2019 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 31 ¶ | skipping to change at page 2, line 31 ¶ | |||
| 3.1. The R (Retry) flag . . . . . . . . . . . . . . . . . . . 5 | 3.1. The R (Retry) flag . . . . . . . . . . . . . . . . . . . 5 | |||
| 3.2. The RESPONSE-CODE field . . . . . . . . . . . . . . . . . 5 | 3.2. The RESPONSE-CODE field . . . . . . . . . . . . . . . . . 5 | |||
| 3.3. The INFO-CODE field . . . . . . . . . . . . . . . . . . . 6 | 3.3. The INFO-CODE field . . . . . . . . . . . . . . . . . . . 6 | |||
| 3.4. The EXTRA-TEXT field . . . . . . . . . . . . . . . . . . 6 | 3.4. The EXTRA-TEXT field . . . . . . . . . . . . . . . . . . 6 | |||
| 4. Defined Extended DNS Errors . . . . . . . . . . . . . . . . . 6 | 4. Defined Extended DNS Errors . . . . . . . . . . . . . . . . . 6 | |||
| 4.1. INFO-CODEs for use with RESPONSE-CODE: NOERROR(0) . . . . 6 | 4.1. INFO-CODEs for use with RESPONSE-CODE: NOERROR(0) . . . . 6 | |||
| 4.1.1. NOERROR Extended DNS Error Code 1 - Unsupported | 4.1.1. NOERROR Extended DNS Error Code 1 - Unsupported | |||
| DNSKEY Algorithm . . . . . . . . . . . . . . . . . . 6 | DNSKEY Algorithm . . . . . . . . . . . . . . . . . . 6 | |||
| 4.1.2. NOERROR Extended DNS Error Code 2 - Unsupported | 4.1.2. NOERROR Extended DNS Error Code 2 - Unsupported | |||
| DS Algorithm . . . . . . . . . . . . . . . . . . . . 6 | DS Algorithm . . . . . . . . . . . . . . . . . . . . 6 | |||
| 4.1.3. INFO-CODEs for use with RESPONSE-CODE: NOERROR(3) . . 6 | 4.1.3. INFO-CODEs for use with RESPONSE-CODE: NOERROR(3) . . 7 | |||
| 4.1.4. NOERROR Extended DNS Error Code 4 - Forged answer . . 7 | 4.1.4. NOERROR Extended DNS Error Code 4 - Forged answer . . 7 | |||
| 4.1.5. SERVFAIL Extended DNS Error Code 5 - DNSSEC | 4.1.5. SERVFAIL Extended DNS Error Code 5 - DNSSEC | |||
| Indeterminate . . . . . . . . . . . . . . . . . . . . 7 | Indeterminate . . . . . . . . . . . . . . . . . . . . 7 | |||
| 4.2. INFO-CODEs for use with RESPONSE-CODE: SERVFAIL(2) . . . 7 | 4.2. INFO-CODEs for use with RESPONSE-CODE: SERVFAIL(2) . . . 7 | |||
| 4.2.1. SERVFAIL Extended DNS Error Code 1 - DNSSEC Bogus . . 7 | 4.2.1. SERVFAIL Extended DNS Error Code 1 - DNSSEC Bogus . . 7 | |||
| 4.2.2. SERVFAIL Extended DNS Error Code 2 - Signature | 4.2.2. SERVFAIL Extended DNS Error Code 2 - Signature | |||
| Expired . . . . . . . . . . . . . . . . . . . . . . . 7 | Expired . . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 4.2.3. SERVFAIL Extended DNS Error Code 3 - Signature Not | 4.2.3. SERVFAIL Extended DNS Error Code 3 - Signature Not | |||
| Yet Valid . . . . . . . . . . . . . . . . . . . . . . 7 | Yet Valid . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 4.2.4. SERVFAIL Extended DNS Error Code 4 - DNSKEY missing . 7 | 4.2.4. SERVFAIL Extended DNS Error Code 4 - DNSKEY missing . 7 | |||
| 4.2.5. SERVFAIL Extended DNS Error Code 5 - RRSIGs missing . 7 | 4.2.5. SERVFAIL Extended DNS Error Code 5 - RRSIGs missing . 8 | |||
| 4.2.6. SERVFAIL Extended DNS Error Code 6 - No Zone Key Bit | 4.2.6. SERVFAIL Extended DNS Error Code 6 - No Zone Key Bit | |||
| Set . . . . . . . . . . . . . . . . . . . . . . . . . 8 | Set . . . . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 4.2.7. SERVFAIL Extended DNS Error Code 7 - No | 4.2.7. SERVFAIL Extended DNS Error Code 7 - No | |||
| Reachable Authority . . . . . . . . . . . . . . . . . 8 | Reachable Authority . . . . . . . . . . . . . . . . . 8 | |||
| 4.2.8. SERVFAIL Extended DNS Error Code 8 - NSEC Missing . . 8 | 4.2.8. SERVFAIL Extended DNS Error Code 8 - NSEC Missing . . 8 | |||
| 4.2.9. SERVFAIL Extended DNS Error Code 9 - Cached Error . . 8 | 4.2.9. SERVFAIL Extended DNS Error Code 9 - Cached Error . . 8 | |||
| 4.2.10. SERVFAIL Extended DNS Error Code 10 - Not Ready . . . 8 | 4.2.10. SERVFAIL Extended DNS Error Code 10 - Not Ready . . . 8 | |||
| 4.3. INFO-CODEs for use with RESPONSE-CODE: NOTIMP(4) . . . . 8 | 4.3. INFO-CODEs for use with RESPONSE-CODE: NOTIMP(4) . . . . 8 | |||
| 4.3.1. NOTIMP Extended DNS Error Code 1 - Deprecated . . . . 8 | 4.3.1. NOTIMP Extended DNS Error Code 1 - Deprecated . . . . 8 | |||
| 4.4. INFO-CODEs for use with RESPONSE-CODE: REFUSED(5) . . . . 8 | 4.4. INFO-CODEs for use with RESPONSE-CODE: REFUSED(5) . . . . 8 | |||
| 4.4.1. REFUSED Extended DNS Error Code 1 - Lame . . . . . . 8 | 4.4.1. REFUSED Extended DNS Error Code 1 - Lame . . . . . . 8 | |||
| 4.4.2. REFUSED Extended DNS Error Code 2 - Prohibited . . . 9 | 4.4.2. REFUSED Extended DNS Error Code 2 - Prohibited . . . 9 | |||
| 4.5. INFO-CODEs for use with RESPONSE-CODE: NXDOMAIN(3) . . . 9 | 4.5. INFO-CODEs for use with RESPONSE-CODE: NXDOMAIN(3) . . . 9 | |||
| 4.5.1. NXDOMAIN Extended DNS Error Code 1 - Blocked . . . . 9 | 4.5.1. NXDOMAIN Extended DNS Error Code 1 - Blocked . . . . 9 | |||
| 4.6. INFO-CODEs for use with RESPONSE-CODE: NXDOMAIN(3) . . . 9 | 4.6. INFO-CODEs for use with RESPONSE-CODE: NXDOMAIN(3) . . . 9 | |||
| 4.6.1. NXDOMAIN Extended DNS Error Code 2 - Censored . . . . 9 | 4.6.1. NXDOMAIN Extended DNS Error Code 2 - Censored . . . . 9 | |||
| 4.7. INFO-CODEs for use with RESPONSE-CODE: NXDOMAIN(3) . . . 9 | 4.7. INFO-CODEs for use with RESPONSE-CODE: NXDOMAIN(3) . . . 9 | |||
| 4.7.1. NXDOMAIN Extended DNS Error Code 3 - Stale Answer . . 9 | 4.7.1. NXDOMAIN Extended DNS Error Code 3 - Stale Answer . . 9 | |||
| 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 | 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 5.1. A New Extended Error Code EDNS Option . . . . . . . . . . 9 | 5.1. A New Extended Error Code EDNS Option . . . . . . . . . . 10 | |||
| 5.2. New Double-Index Registry Table for Extended Error Codes 10 | 5.2. New Double-Index Registry Table for Extended Error Codes 10 | |||
| 6. Security Considerations . . . . . . . . . . . . . . . . . . . 12 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . 12 | |||
| 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 13 | 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 13 | |||
| 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 13 | 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 13 | |||
| 8.1. Normative References . . . . . . . . . . . . . . . . . . 13 | 8.1. Normative References . . . . . . . . . . . . . . . . . . 13 | |||
| 8.2. Informative References . . . . . . . . . . . . . . . . . 13 | 8.2. Informative References . . . . . . . . . . . . . . . . . 14 | |||
| Appendix A. Changes / Author Notes. . . . . . . . . . . . . . . 14 | Appendix A. Changes / Author Notes. . . . . . . . . . . . . . . 14 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 14 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 14 | |||
| 1. Introduction and background | 1. Introduction and background | |||
| There are many reasons that a DNS query may fail, some of them | There are many reasons that a DNS query may fail, some of them | |||
| transient, some permanent; some can be resolved by querying another | transient, some permanent; some can be resolved by querying another | |||
| server, some are likely best handled by stopping resolution. | server, some are likely best handled by stopping resolution. | |||
| Unfortunately, the error signals that a DNS server can return are | Unfortunately, the error signals that a DNS server can return are | |||
| very limited, and are not very expressive. This means that | very limited, and are not very expressive. This means that | |||
| skipping to change at page 4, line 32 ¶ | skipping to change at page 4, line 32 ¶ | |||
| Error (EDE) information in DNS messages. The option is structured as | Error (EDE) information in DNS messages. The option is structured as | |||
| follows: | follows: | |||
| 1 1 1 1 1 1 | 1 1 1 1 1 1 | |||
| 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 | |||
| +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ | +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ | |||
| 0: | OPTION-CODE | | 0: | OPTION-CODE | | |||
| +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ | +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ | |||
| 2: | OPTION-LENGTH | | 2: | OPTION-LENGTH | | |||
| +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ | +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ | |||
| 4: | R | RESERVED | | 4: | RCODE | R | Res | | |||
| +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ | +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ | |||
| 6: | RESPONSE-CODE | INFO-CODE | | 6: | INFO-CODE | | |||
| +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ | +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ | |||
| 8: | EXTRA-TEXT | | 6: / EXTRA-TEXT ... / | |||
| +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ | +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ | |||
| Field definition details: | Field definition details: | |||
| o OPTION-CODE, 2 octets (defined in [RFC6891]), for EDE is TBD. | o OPTION-CODE, 2 octets (defined in [RFC6891]), for EDE is TBD. | |||
| [RFC Editor: change TBD to the proper code once assigned by IANA.] | [RFC Editor: change TBD to the proper code once assigned by IANA.] | |||
| o OPTION-LENGTH, 2 octets ((defined in [RFC6891]) contains the | o OPTION-LENGTH, 2 octets ((defined in [RFC6891]) contains the | |||
| length of the payload (everything after OPTION-LENGTH) in octets | length of the payload (everything after OPTION-LENGTH) in octets | |||
| and should be 4 plus the length of the EXTRA-TEXT section (which | and should be 4 plus the length of the EXTRA-TEXT section (which | |||
| may be a zero-length string). | may be a zero-length string). | |||
| o The RETRY flag, 1 bit; the RETRY bit (R) indicates a flag defined | o The RETRY flag, 1 bit; the RETRY bit (R) indicates a flag defined | |||
| for use in this specification. | for use in this specification. | |||
| o The RESERVED bits, 15 bits: these bits are reserved for future | o The RESERVED bits, 4 bits: these bits are reserved for future use, | |||
| use, potentially as additional flags. The RESERVED bits MUST be | potentially as additional flags. The RESERVED bits MUST be set to | |||
| set to 0 by the sender and MUST be ignored by the receiver. | 0 by the sender and MUST be ignored by the receiver. | |||
| o RESPONSE-CODE, 4 bits. | o RESPONSE-CODE, 12 bits: the concatenation of the upper 8-bits of | |||
| o INFO-CODE, 12-bits. | the RCODE (stored in the TTL field of the EDNS0 resource record | |||
| [RFC2671]) and the 4 bits of the RCODE field of the DNS message. | ||||
| o INFO-CODE, 16-bits, which is the principal contribution of this | ||||
| document. | ||||
| o EXTRA-TEXT, a variable length, UTF-8 encoded, text field that may | o EXTRA-TEXT, a variable length, UTF-8 encoded, text field that may | |||
| hold additional textual information. | hold additional textual information. Note: EXTRA-TEXT may be zero | |||
| octets in length, indicating there is no EXTRA-TEXT included. | ||||
| 3. Use of the Extended DNS Error option | 3. Use of the Extended DNS Error option | |||
| The Extended DNS Error (EDE) is an EDNS option. It can be included | The Extended DNS Error (EDE) is an EDNS option. It can be included | |||
| in any response (SERVFAIL, NXDOMAIN, REFUSED, etc) to a query that | in any response (SERVFAIL, NXDOMAIN, REFUSED, etc) to a query that | |||
| includes OPT Pseudo-RR [RFC6891]. This document includes a set of | includes OPT Pseudo-RR [RFC6891]. This document includes a set of | |||
| initial codepoints (and requests to the IANA to add them to the | initial codepoints (and requests to the IANA to add them to the | |||
| registry), but is extensible via the IANA registry to allow | registry), but is extensible via the IANA registry to allow | |||
| additional error and information codes to be defined in the future. | additional error and information codes to be defined in the future. | |||
| skipping to change at page 5, line 45 ¶ | skipping to change at page 5, line 49 ¶ | |||
| if it receives a response with an unknown code - retry or drop the | if it receives a response with an unknown code - retry or drop the | |||
| query. Note that this flag is only a suggestion. Unless a | query. Note that this flag is only a suggestion. Unless a | |||
| protective transport mechanism (like TSIG [RFC2845] or (D)TLS xref | protective transport mechanism (like TSIG [RFC2845] or (D)TLS xref | |||
| target="RFC7858"/>, [RFC8094]) is used, the bit's value could have | target="RFC7858"/>, [RFC8094]) is used, the bit's value could have | |||
| have been altered by a person-in-the-middle. Receivers can choose to | have been altered by a person-in-the-middle. Receivers can choose to | |||
| ignore this hint. See the security considerations for additional | ignore this hint. See the security considerations for additional | |||
| considerations. | considerations. | |||
| 3.2. The RESPONSE-CODE field | 3.2. The RESPONSE-CODE field | |||
| This 4-bit value SHOULD be a copy of the RCODE from the primary DNS | This 12-bit value SHOULD be a copy of the combined RCODE from the | |||
| packet. RESPONSE-CODEs MAY use a different RCODE to provide | extended RCODE field defined in the EDNS0 optional resource record | |||
| additional or better information. For example, multiple EDNS0/EDE | (stored in the TTL field of the EDNS0 resource record [RFC2671]) and | |||
| records may be included in the response and the supplemental EDNS0/ | the 4 bits of the RCODE field of the DNS message. RESPONSE-CODEs MAY | |||
| EDE records may wish to include other RESPONSE-CODE values based on | use a different RCODE to provide additional or better information. | |||
| communication results with other DNS servers. | For example, multiple EDNS0/EDE records may be included in the | |||
| response and the supplemental EDNS0/EDE records may wish to include | ||||
| other RESPONSE-CODE values based on communication results with other | ||||
| DNS servers. | ||||
| 3.3. The INFO-CODE field | 3.3. The INFO-CODE field | |||
| This 12-bit value provides the additional context for the RESPONSE- | This 16-bit value provides the additional context for the RESPONSE- | |||
| CODE value. This combination of the RESPONSE-CODE and the INFO-CODE | CODE value. This combination of the RESPONSE-CODE and the INFO-CODE | |||
| serve as a joint-index into the IANA "Extended DNS Errors" registry. | serve as a joint-index into the IANA "Extended DNS Errors" registry. | |||
| Note to implementers: the combination of the RESPONSE-CODE and INFO- | Note to implementers: the combination of the RESPONSE-CODE and INFO- | |||
| CODE fits within a 16-bit field, allowing implementers the choice of | CODE fits within a 24-bit field, allowing implementers the choice of | |||
| treating the combination as either two separate values, as defined in | treating the combination as either two separate values, as defined in | |||
| this document, or as a single 16-bit integer as long as the results | this document, or as a single 24-bit integer as long as the results | |||
| are deterministic. | are deterministic. | |||
| 3.4. The EXTRA-TEXT field | 3.4. The EXTRA-TEXT field | |||
| The UTF-8-encoded, EXTRA-TEXT field may be zero-length, or may hold | The UTF-8-encoded, EXTRA-TEXT field may be zero-length, or may hold | |||
| additional information useful to network operators. | additional information useful to network operators. | |||
| 4. Defined Extended DNS Errors | 4. Defined Extended DNS Errors | |||
| This document defines some initial EDE codes. The mechanism is | This document defines some initial EDE codes. The mechanism is | |||
| skipping to change at page 9, line 45 ¶ | skipping to change at page 10, line 4 ¶ | |||
| 4.7.1. NXDOMAIN Extended DNS Error Code 3 - Stale Answer | 4.7.1. NXDOMAIN Extended DNS Error Code 3 - Stale Answer | |||
| The resolver was unable to resolve answer within its time limits and | The resolver was unable to resolve answer within its time limits and | |||
| decided to answer with a previously cached NXDOMAIN answer instead of | decided to answer with a previously cached NXDOMAIN answer instead of | |||
| answering with an error. This is typically caused by problems on | answering with an error. This is typically caused by problems on | |||
| authoritative side, possibly as result of a DoS attack. The R flag | authoritative side, possibly as result of a DoS attack. The R flag | |||
| should not be set, since retrying is likely to create additional load | should not be set, since retrying is likely to create additional load | |||
| without yielding a more fresh answer. | without yielding a more fresh answer. | |||
| 5. IANA Considerations | 5. IANA Considerations | |||
| 5.1. A New Extended Error Code EDNS Option | 5.1. A New Extended Error Code EDNS Option | |||
| This document defines a new EDNS(0) option, entitled "Extended DNS | This document defines a new EDNS(0) option, entitled "Extended DNS | |||
| Error", assigned a value of TBD1 from the "DNS EDNS0 Option Codes | Error", assigned a value of TBD1 from the "DNS EDNS0 Option Codes | |||
| (OPT)" registry [to be removed upon publication: | (OPT)" registry [to be removed upon publication: | |||
| [http://www.iana.org/assignments/dns-parameters/dns- | [http://www.iana.org/assignments/dns-parameters/dns- | |||
| parameters.xhtml#dns-parameters-11] | parameters.xhtml#dns-parameters-11] | |||
| Value Name Status Reference | Value Name Status Reference | |||
| ----- ---------------- ------ ------------------ | ----- ---------------- ------ ------------------ | |||
| TBD Extended DNS Error TBD [ This document ] | TBD Extended DNS Error TBD [ This document ] | |||
| 5.2. New Double-Index Registry Table for Extended Error Codes | 5.2. New Double-Index Registry Table for Extended Error Codes | |||
| This document defines a new double-index IANA registry table, where | This document defines a new double-index IANA registry table, where | |||
| the first index value is the RCODE value and the second index value | the first index value is the combined RCODE value (see the | |||
| is the INFO-CODE from the Extended DNS Error EDNS option defined in | Section 3.2 section) and the second index value is the INFO-CODE from | |||
| this document. The IANA is requested to create and maintain this | the Extended DNS Error EDNS option defined in this document. The | |||
| "Extended DNS Error codes" registry. The codepoint space for each | IANA is requested to create and maintain this "Extended DNS Error | |||
| INFO-CODE index is to be broken into 3 ranges: | codes" registry. The codepoint space for each INFO-CODE index is to | |||
| be broken into 3 ranges: | ||||
| o 0 - 3583: Specification required. | o 0 - 65023: Specification required. | |||
| o 3584 - 3839: First Come First Served. | o 65023 - 65279: First come, first served. | |||
| o 3840 - 4095: Experimental / Private use | o 65280 - 65536: Experimental / Private use | |||
| A starting set of entries, based on the contents of this document, is | A starting set of entries, based on the contents of this document, is | |||
| as follows: | as follows: | |||
| RESPONSE-CODE: 0 (NOERROR) | RESPONSE-CODE: 0 (NOERROR) | |||
| INFO-CODE: 1 | INFO-CODE: 1 | |||
| Purpose: Unsupported DNSKEY | Purpose: Unsupported DNSKEY | |||
| Reference: Section 4.1.1 | Reference: Section 4.1.1 | |||
| RESPONSE-CODE: 0 (NOERROR) | RESPONSE-CODE: 0 (NOERROR) | |||
| skipping to change at page 13, line 31 ¶ | skipping to change at page 13, line 39 ¶ | |||
| 8. References | 8. References | |||
| 8.1. Normative References | 8.1. Normative References | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
| DOI 10.17487/RFC2119, March 1997, <https://www.rfc- | DOI 10.17487/RFC2119, March 1997, <https://www.rfc- | |||
| editor.org/info/rfc2119>. | editor.org/info/rfc2119>. | |||
| [RFC2671] Vixie, P., "Extension Mechanisms for DNS (EDNS0)", | ||||
| RFC 2671, DOI 10.17487/RFC2671, August 1999, | ||||
| <https://www.rfc-editor.org/info/rfc2671>. | ||||
| [RFC6891] Damas, J., Graff, M., and P. Vixie, "Extension Mechanisms | [RFC6891] Damas, J., Graff, M., and P. Vixie, "Extension Mechanisms | |||
| for DNS (EDNS(0))", STD 75, RFC 6891, | for DNS (EDNS(0))", STD 75, RFC 6891, | |||
| DOI 10.17487/RFC6891, April 2013, <https://www.rfc- | DOI 10.17487/RFC6891, April 2013, <https://www.rfc- | |||
| editor.org/info/rfc6891>. | editor.org/info/rfc6891>. | |||
| 8.2. Informative References | 8.2. Informative References | |||
| [GeoffValidation] | [GeoffValidation] | |||
| IANA, "A quick review of DNSSEC Validation in today's | IANA, "A quick review of DNSSEC Validation in today's | |||
| Internet", June 2016, <http://www.potaroo.net/ | Internet", June 2016, <http://www.potaroo.net/ | |||
| End of changes. 23 change blocks. | ||||
| 35 lines changed or deleted | 47 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||