| < draft-ietf-dnsop-extended-error-13.txt | draft-ietf-dnsop-extended-error-14.txt > | |||
|---|---|---|---|---|
| Network Working Group W. Kumari | Network Working Group W. Kumari | |||
| Internet-Draft Google | Internet-Draft Google | |||
| Intended status: Standards Track E. Hunt | Intended status: Standards Track E. Hunt | |||
| Expires: June 20, 2020 ISC | Expires: July 18, 2020 ISC | |||
| R. Arends | R. Arends | |||
| ICANN | ICANN | |||
| W. Hardaker | W. Hardaker | |||
| USC/ISI | USC/ISI | |||
| D. Lawrence | D. Lawrence | |||
| Oracle + Dyn | Oracle + Dyn | |||
| December 18, 2019 | January 15, 2020 | |||
| Extended DNS Errors | Extended DNS Errors | |||
| draft-ietf-dnsop-extended-error-13 | draft-ietf-dnsop-extended-error-14 | |||
| Abstract | Abstract | |||
| This document defines an extensible method to return additional | This document defines an extensible method to return additional | |||
| information about the cause of DNS errors. Though created primarily | information about the cause of DNS errors. Though created primarily | |||
| to extend SERVFAIL to provide additional information about the cause | to extend SERVFAIL to provide additional information about the cause | |||
| of DNS and DNSSEC failures, the Extended DNS Errors option defined in | of DNS and DNSSEC failures, the Extended DNS Errors option defined in | |||
| this document allows all response types to contain extended error | this document allows all response types to contain extended error | |||
| information. Extended DNS Error information does not change the | information. Extended DNS Error information does not change the | |||
| processing of RCODEs. | processing of RCODEs. | |||
| skipping to change at page 1, line 43 ¶ | skipping to change at page 1, line 43 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on June 20, 2020. | This Internet-Draft will expire on July 18, 2020. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2019 IETF Trust and the persons identified as the | Copyright (c) 2020 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction and background . . . . . . . . . . . . . . . . . 3 | 1. Introduction and background . . . . . . . . . . . . . . . . . 3 | |||
| 1.1. Requirements notation . . . . . . . . . . . . . . . . . . 4 | 1.1. Requirements notation . . . . . . . . . . . . . . . . . . 4 | |||
| 2. Extended DNS Error EDNS0 option format . . . . . . . . . . . 4 | 2. Extended DNS Error EDNS0 option format . . . . . . . . . . . 4 | |||
| 3. Extended DNS Error Processing . . . . . . . . . . . . . . . . 5 | 3. Extended DNS Error Processing . . . . . . . . . . . . . . . . 5 | |||
| 4. Defined Extended DNS Errors . . . . . . . . . . . . . . . . . 5 | 4. Defined Extended DNS Errors . . . . . . . . . . . . . . . . . 5 | |||
| 4.1. Extended DNS Error Code 0 - Other . . . . . . . . . . . . 5 | 4.1. Extended DNS Error Code 0 - Other . . . . . . . . . . . . 6 | |||
| 4.2. Extended DNS Error Code 1 - | 4.2. Extended DNS Error Code 1 - | |||
| Unsupported DNSKEY Algorithm . . . . . . . . . . . . . . 6 | Unsupported DNSKEY Algorithm . . . . . . . . . . . . . . 6 | |||
| 4.3. Extended DNS Error Code 2 - Unsupported DS | 4.3. Extended DNS Error Code 2 - Unsupported DS | |||
| Digest Type . . . . . . . . . . . . . . . . . . . . . . . 6 | Digest Type . . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 4.4. Extended DNS Error Code 3 - Stale Answer . . . . . . . . 6 | 4.4. Extended DNS Error Code 3 - Stale Answer . . . . . . . . 6 | |||
| 4.5. Extended DNS Error Code 4 - Forged Answer . . . . . . . . 6 | 4.5. Extended DNS Error Code 4 - Forged Answer . . . . . . . . 6 | |||
| 4.6. Extended DNS Error Code 5 - DNSSEC Indeterminate . . . . 6 | 4.6. Extended DNS Error Code 5 - DNSSEC Indeterminate . . . . 6 | |||
| 4.7. Extended DNS Error Code 6 - DNSSEC Bogus . . . . . . . . 6 | 4.7. Extended DNS Error Code 6 - DNSSEC Bogus . . . . . . . . 6 | |||
| 4.8. Extended DNS Error Code 7 - Signature Expired . . . . . . 6 | 4.8. Extended DNS Error Code 7 - Signature Expired . . . . . . 6 | |||
| 4.9. Extended DNS Error Code 8 - Signature Not Yet Valid . . . 6 | 4.9. Extended DNS Error Code 8 - Signature Not Yet Valid . . . 7 | |||
| 4.10. Extended DNS Error Code 9 - DNSKEY Missing . . . . . . . 7 | 4.10. Extended DNS Error Code 9 - DNSKEY Missing . . . . . . . 7 | |||
| 4.11. Extended DNS Error Code 10 - RRSIGs Missing . . . . . . . 7 | 4.11. Extended DNS Error Code 10 - RRSIGs Missing . . . . . . . 7 | |||
| 4.12. Extended DNS Error Code 11 - No Zone Key Bit Set . . . . 7 | 4.12. Extended DNS Error Code 11 - No Zone Key Bit Set . . . . 7 | |||
| 4.13. Extended DNS Error Code 12 - NSEC Missing . . . . . . . . 7 | 4.13. Extended DNS Error Code 12 - NSEC Missing . . . . . . . . 7 | |||
| 4.14. Extended DNS Error Code 13 - Cached Error . . . . . . . . 7 | 4.14. Extended DNS Error Code 13 - Cached Error . . . . . . . . 7 | |||
| 4.15. Extended DNS Error Code 14 - Not Ready . . . . . . . . . 7 | 4.15. Extended DNS Error Code 14 - Not Ready . . . . . . . . . 7 | |||
| 4.16. Extended DNS Error Code 15 - Blocked . . . . . . . . . . 7 | 4.16. Extended DNS Error Code 15 - Blocked . . . . . . . . . . 7 | |||
| 4.17. Extended DNS Error Code 16 - Censored . . . . . . . . . . 7 | 4.17. Extended DNS Error Code 16 - Censored . . . . . . . . . . 7 | |||
| 4.18. Extended DNS Error Code 17 - Filtered . . . . . . . . . . 7 | 4.18. Extended DNS Error Code 17 - Filtered . . . . . . . . . . 8 | |||
| 4.19. Extended DNS Error Code 18 - Prohibited . . . . . . . . . 8 | 4.19. Extended DNS Error Code 18 - Prohibited . . . . . . . . . 8 | |||
| 4.20. Extended DNS Error Code 19 - Stale NXDOMAIN Answer . . . 8 | 4.20. Extended DNS Error Code 19 - Stale NXDOMAIN Answer . . . 8 | |||
| 4.21. Extended DNS Error Code 20 - Not Authoritative . . . . . 8 | 4.21. Extended DNS Error Code 20 - Not Authoritative . . . . . 8 | |||
| 4.22. Extended DNS Error Code 21 - Not Supported . . . . . . . 8 | 4.22. Extended DNS Error Code 21 - Not Supported . . . . . . . 8 | |||
| 4.23. Extended DNS Error Code 22 - No Reachable Authority . . . 8 | 4.23. Extended DNS Error Code 22 - No Reachable Authority . . . 8 | |||
| 4.24. Extended DNS Error Code 23 - Network Error . . . . . . . 8 | 4.24. Extended DNS Error Code 23 - Network Error . . . . . . . 8 | |||
| 4.25. Extended DNS Error Code 24 - Invalid Data . . . . . . . . 8 | 4.25. Extended DNS Error Code 24 - Invalid Data . . . . . . . . 9 | |||
| 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 | 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 5.1. A New Extended DNS Error Code EDNS Option . . . . . . . . 9 | 5.1. A New Extended DNS Error Code EDNS Option . . . . . . . . 9 | |||
| 5.2. New Registry Table for Extended DNS Error Codes . . . . . 9 | 5.2. New Registry Table for Extended DNS Error Codes . . . . . 9 | |||
| 6. Security Considerations . . . . . . . . . . . . . . . . . . . 11 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . 11 | |||
| 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 12 | 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 12 | |||
| 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 12 | 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 12 | |||
| 8.1. Normative References . . . . . . . . . . . . . . . . . . 12 | 8.1. Normative References . . . . . . . . . . . . . . . . . . 12 | |||
| 8.2. Informative References . . . . . . . . . . . . . . . . . 13 | 8.2. Informative References . . . . . . . . . . . . . . . . . 13 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 13 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 13 | |||
| skipping to change at page 5, line 24 ¶ | skipping to change at page 5, line 24 ¶ | |||
| includes OPT Pseudo-RR [RFC6891]. This document includes a set of | includes OPT Pseudo-RR [RFC6891]. This document includes a set of | |||
| initial codepoints (and requests to the IANA to add them to the | initial codepoints (and requests to the IANA to add them to the | |||
| registry), but is extensible via the IANA registry to allow | registry), but is extensible via the IANA registry to allow | |||
| additional error and information codes to be defined in the future. | additional error and information codes to be defined in the future. | |||
| 3. Extended DNS Error Processing | 3. Extended DNS Error Processing | |||
| When the response grows beyond the requestor's UDP payload size | When the response grows beyond the requestor's UDP payload size | |||
| [RFC6891], servers SHOULD truncate messages by dropping EDE options | [RFC6891], servers SHOULD truncate messages by dropping EDE options | |||
| before dropping other data from packets. Implementations SHOULD set | before dropping other data from packets. Implementations SHOULD set | |||
| the truncation bit when dropping EDE options. | the truncation bit when dropping EDE options. Long EXTRA-TEXT fields | |||
| may trigger truncation, which is usually undesirable for the | ||||
| supplemental nature of EDE. Implementers and operators creating EDE | ||||
| options SHOULD avoid setting unnecessarily long EXTRA-TEXT contents | ||||
| to avoid truncation. | ||||
| When a resolver or forwarder receives an EDE option, whether or not | When a resolver or forwarder receives an EDE option, whether or not | |||
| (and how) to pass along EDE information on to their original client | (and how) to pass along EDE information on to their original client | |||
| is implementation dependent. Implementations MAY choose to not | is implementation dependent. Implementations MAY choose to not | |||
| forward information, or they MAY choose to create a new EDE option(s) | forward information, or they MAY choose to create a new EDE option(s) | |||
| that conveys the information encoded in the received EDE. When doing | that conveys the information encoded in the received EDE. When doing | |||
| so, care should be taken to ensure any information is properly | so, the source of the error SHOULD be attributed in the EXTRA-TEXT | |||
| attributed since an EDNS0 option received by the original client will | field, since an EDNS0 option received by the original client will be | |||
| be perceived only to have come from the resolver or forwarder sending | perceived only to have come from the resolver or forwarder sending | |||
| it. | it. | |||
| 4. Defined Extended DNS Errors | 4. Defined Extended DNS Errors | |||
| This document defines some initial EDE codes. The mechanism is | This document defines some initial EDE codes. The mechanism is | |||
| intended to be extensible, and additional code-points can be | intended to be extensible, and additional code-points can be | |||
| registered in the "Extended DNS Errors" registry Section 5.1. The | registered in the "Extended DNS Errors" registry Section 5.1. The | |||
| INFO-CODE from the EDE EDNS option is used to serve as an index into | INFO-CODE from the EDE EDNS option is used to serve as an index into | |||
| the "Extended DNS Error" IANA registry, the initial values for which | the "Extended DNS Error" IANA registry, the initial values for which | |||
| are defined in the following sub-sections. | are defined in the following sub-sections. | |||
| skipping to change at page 9, line 10 ¶ | skipping to change at page 9, line 16 ¶ | |||
| An authoritative server that cannot answer with data for a zone it is | An authoritative server that cannot answer with data for a zone it is | |||
| otherwise configured to support. This may occur because its most | otherwise configured to support. This may occur because its most | |||
| recent zone is too old, or has expired, for example. | recent zone is too old, or has expired, for example. | |||
| 5. IANA Considerations | 5. IANA Considerations | |||
| 5.1. A New Extended DNS Error Code EDNS Option | 5.1. A New Extended DNS Error Code EDNS Option | |||
| This document defines a new EDNS(0) option, entitled "Extended DNS | This document defines a new EDNS(0) option, entitled "Extended DNS | |||
| Error", assigned a value of TBD1 from the "DNS EDNS0 Option Codes | Error", assigned a value of TBD from the "DNS EDNS0 Option Codes | |||
| (OPT)" registry [to be removed upon publication: | (OPT)" registry [to be removed upon publication: | |||
| [http://www.iana.org/assignments/dns-parameters/dns- | [http://www.iana.org/assignments/dns-parameters/dns- | |||
| parameters.xhtml#dns-parameters-11] | parameters.xhtml#dns-parameters-11] | |||
| Value Name Status Reference | Value Name Status Reference | |||
| ----- ---------------- ------ ------------------ | ----- ---------------- ------ ------------------ | |||
| TBD Extended DNS Error TBD [ This document ] | TBD Extended DNS Error TBD [ This document ] | |||
| 5.2. New Registry Table for Extended DNS Error Codes | 5.2. New Registry Table for Extended DNS Error Codes | |||
| End of changes. 12 change blocks. | ||||
| 14 lines changed or deleted | 18 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||