idnits 2.17.1 draft-gulbrandsen-dns-rr-srvcs-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Cannot find the required boilerplate sections (Copyright, IPR, etc.) in this document. Expected boilerplate is as follows today (2024-04-20) according to https://trustee.ietf.org/license-info : IETF Trust Legal Provisions of 28-dec-2009, Section 6.a: This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 2: Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 3: This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts. ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. ** Expected the document's filename to be given on the first page, but didn't find any == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) == There are 18 instances of lines with non-RFC2606-compliant FQDNs in the document. == There are 7 instances of lines with private range IPv4 addresses in the document. If these are generic example addresses, they should be changed to use any of the ranges defined in RFC 6890 (or successor): 192.0.2.x, 198.51.100.x or 203.0.113.x. ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 88: '...ty of this target host. A client MUST...' RFC 2119 keyword, line 90: '...et hosts with the same priority SHOULD...' RFC 2119 keyword, line 99: '... one first SHOULD be proportiona...' RFC 2119 keyword, line 110: '...ame of the server host. There MUST be...' RFC 2119 keyword, line 186: '...cognizant client SHOULD use this proce...' (5 more instances...) == The 'Updates: ' line in the draft header should list only the _numbers_ of the RFCs which will be updated by this document (if approved); it should not include the word 'RFC' in the list. Miscellaneous warnings: ---------------------------------------------------------------------------- -- The exact meaning of the all-uppercase expression 'MAY NOT' is not defined in RFC 2119. If it is intended as a requirements expression, it should be rewritten using one of the combinations defined in RFC 2119; otherwise it should not be all-uppercase. == The expression 'MAY NOT', while looking like RFC 2119 requirements text, is not defined in RFC 2119, and should not be used. Consider using 'MUST NOT' instead (if that is what you mean). Found 'MAY NOT' in this paragraph: - A client MAY NOT discard any of the answers returned. RFC 974 allows clients to e.g. try to connect to just the 5 first MXes returned: Such behaviour is NOT legal with SRV lookups. == Couldn't figure out when the document was first submitted -- there may comments or warnings related to the use of a disclaimer for pre-RFC5378 work that could not be issued because of this. Please check the Legal Provisions document at https://trustee.ietf.org/license-info to determine if you need the pre-RFC5378 disclaimer. -- The document date (October 1995) is 10415 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) No issues found here. Summary: 9 errors (**), 0 flaws (~~), 6 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Network Working Group Arnt Gulbrandsen 2 INTERNET-DRAFT Troll Technologies 3 Updates: RFC1035, RFC1183 Paul Vixie 4 Vixie Enterprises 5 October 1995 7 A DNS RR for specifying the location of services 9 Abstract 11 This document describes a DNS RR which specifies the location of the 12 server(s) for a specific protocol and domain (like a more general 13 form of MX). 15 Status of this memo 17 This document is an Internet-Draft. Internet-Drafts are working doc- 18 uments of the Internet Engineering Task Force (IETF), its areas, and 19 its working groups. Note that other groups may also distribute work- 20 ing documents as Internet-Drafts. 22 Internet-Drafts are draft documents valid for a maximum of six months 23 and may be updated, replaced, or obsoleted by other documents at any 24 time. It is inappropriate to use Internet-Drafts as reference mate- 25 rial or to cite them other than as ``work in progress.'' 27 To learn the current status of any Internet-Draft, please check the 28 "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow 29 Directories on ds.internic.net (US East Coast), nic.nordu.net 30 (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific 31 Rim). 33 This draft has file name "draft-gulbrandsen-dns-rr-srvcs-02.txt" and 34 expires on April 11, 1996. 36 Overview and rationale 38 Currently, one must either know the exact address of a server to con- 39 tact it, or broadcast a question. This has led to e.g. 40 ftp.whatever.com aliases, the SMTP-specific MX RR, and using MAC- 41 level broadcasts to locate servers. 43 The SRV RR allows a client to ask for a specific service/protocol for 44 a specific domain (the word domain is used here in the strict RFC1034 45 sense), and get back the names of any available servers. This allows 46 domain adminstrators to use several servers for a single domain, to 47 move servers with little fuss, and to designate some servers as pri- 48 mary and others as backups. 50 The format of the SRV RR 52 Here is the format of the SRV RR: 54 service.protocol.name ttl class SRV priority weight port target 56 (There is an example near the end of the draft.) 58 Service 59 The symbolic name of the desired service, as defined in Assigned 60 Numbers or locally. 62 Some widely-used services, notably POP, don't have a single uni- 63 versal name. If Assigned Numbers names the service indicated, 64 that name is the only name which is legal for SRV lookups. Only 65 locally defined services may be named locally. 67 The Service is case insensitive (it has to be, it's part of the 68 DNS look-up key). 70 Protocol 71 The symbolic name of the desired protocol. TCP and UDP are at 72 present the most useful values for this field, though any name 73 defined by Assigned Numbers or locally may be used (as for Ser- 74 vice). Case insensitive. 76 Name 77 The domain this RR refers to. The SRV RR is unique in that the 78 name one searches for is not this name; the example near the end 79 shows this clearly. 81 TTL 82 Standard DNS meaning. 84 Class 85 Standard DNS meaning. 87 Priority 88 As for MX, the priority of this target host. A client MUST 89 attempt to contact the target host with the lowest-numbered pri- 90 ority it can reach; target hosts with the same priority SHOULD 91 be tried in pseudorandom order. The range is 0-65535. Domain 92 adminstrators are urged to use Priority 0 for the primary 93 server(s), to make the RR easier to read for humans using dig or 94 similar tools. 96 Weight 97 Load balancing mechanism. When selecting a target host among 98 the those that have the same priority, the chance of trying this 99 one first SHOULD be proportional to its weight. The range of 100 this number is 1-65535. Domain adminstrators are urged to use 101 Weight 0 when there isn't any load balancing to do, to make the 102 RR easier to read for humans (less noisy). 104 Port 105 The port where on this server host of this service. The range 106 is 0-65535. This is often as specified in Assigned Numbers but 107 need not be. 109 Target 110 As for MX, the domain name of the server host. There MUST be 111 one or more A records for this name. Implementors are urged, but 112 not required, to return the A record(s) in the Additional Data 113 section. Name compression is to be used for this field. 115 Domain adminstrator advice 117 Asking everyone to update their telnet (for example) clients when the 118 first internet site adds a SRV RR for Telnet/TCP is futile (even if 119 desirable). Therefore SRV will have to coexist with old-style A 120 record lookups for a long time, and DNS administrators should try to 121 provide A records to support old clients: 123 - Where the services for a single domain are spread over several 124 hosts, it seems advisable to have a list of A RRs at the same 125 DNS node as the SRV RR, listing reasonable (if perhaps subopti- 126 mal) fallback hosts for Telnet, NNTP and other protocols likely 127 to be used with this name. Some programs only try the first 128 address they get back from e.g. gethostbyaddr(), and we don't 129 know how widespread this behaviour is. 131 - Where one service is provided by several hosts, one can either 132 provide A records for all the hosts (in which case the round- 133 robin mechanism, where available, will share the load equally) 134 or just for one (presumably the fastest). 136 - If a host is intended to provide a service only when the main 137 server(s) is/are down, it probably shouldn't be listed in A 138 records. 140 - Hosts that are referenced by backup A records must use the port 141 number specified in Assigned Numbers for the service. 143 Currently there's a practical limit of 512 bytes for DNS replies. 144 Until all resolvers can handle larger responses, domain adminstrators 145 are strongly advised to keep their SRV replies below 512 bytes. 147 All round numbers, wrote Dr. Johnson, are false, and these numbers 148 are very round: A reply packet has a 30-byte overhead plus the name 149 of the service ("telnet.tcp.asdf.com" for instance); each SRV RR adds 150 20 bytes plus the name of the target host; each NS RR in the NS sec- 151 tion is 15 bytes plus the name of the name server host; and finally 152 each A RR in the additional data section is 20 bytes or so, and there 153 are A's for each SRV and NS RR mentioned in the answer. This size 154 estimate is extremely crude, but shouldn't underestimate the actual 155 answer size by much. If an answer may be close to the limit, using 156 e.g. "dig" to look at the actual answer is a good idea. 158 The "Weight" field 160 Weight, the load balancing field, is not quite satisfactory, but the 161 actual load on typical servers changes much too quickly to be kept 162 around in DNS caches. It seems to the authors that offering adminis- 163 trators a way to say "this machine is three times as fast as that 164 one" is the best that can practically be done. 166 The only way the authors can see of getting a "better" load figure is 167 asking a separate server when the client selects a server and con- 168 tacts it. For short-lived services like SMTP an extra step in the 169 connection establishment seems too expensive, and for long-lived ser- 170 vices like telnet, the load figure may well be thrown off a minute 171 after the connection is established when someone else starts or fin- 172 ishes a heavy job. 174 The Port number 176 Currently, the translation from service name to port number happens 177 at the client, often using a file such as /etc/services. 179 Moving this information to the DNS makes it less necessary to update 180 these files on every single computer of the net every time a new ser- 181 vice is added, and makes it possible to move standard services out of 182 the "root-only" port range on unix. 184 Usage rules 186 A SRV-cognizant client SHOULD use this procedure to locate a list of 187 servers and connect to the preferred one: 189 Do a lookup for QNAME=service.protocol.target, QCLASS=IN, 190 QTYPE=SRV. 192 If the reply is NOERROR, ANCOUNT>0 and there is at least one SRV 193 RR which specifies the requested Service and Protocol in the 194 reply: 196 for all such RR's, build a list of (Priority, Weight, Tar- 197 get) tuples 199 Sort the list by priority (lowest number first) 201 Create a new empty list 203 For each distinct priority level 204 While there are still elements left at this priority 205 level 206 Select an element randomly, with probability 207 Weight, and move it to the tail of the new list 209 For each element in the new list 211 query the DNS for A RR's for the Target or use any 212 RR's found in the Additional Data secion of the ear- 213 lier SRV query. 215 for each A RR found, try to connect to the (protocol, 216 address, service). 218 else if the service desired is SMTP 220 skip to RFC974 (MX). 222 else 224 Do a lookup for QNAME=target, QCLASS=IN, QTYPE=A 226 for each A RR found, try to connect to the (protocol, 227 address, service) 229 Notes: 231 - Port numbers SHOULD NOT be used in place of the symbolic service 232 or protocol names (for the same reason why variant names cannot 233 be allowed: Applications would have to do two or more lookups). 235 - If a truncated response comes back from an SRV query, and the 236 Additional Data section has at least one complete RR in it, the 237 answer MUST be considered complete and the client resolver 238 SHOULD NOT retry the query using TCP, but use normal UDP queries 239 for A RR's missing from the Additional Data section. 241 - A client MAY NOT discard any of the answers returned. RFC 974 242 allows clients to e.g. try to connect to just the 5 first MXes 243 returned: Such behaviour is NOT legal with SRV lookups. 245 - If the Additional Data section doesn't contain A RR's for all 246 the SRV RR's, the client MUST look up the A RR(s). (This hap- 247 pens quite often when the A RR has shorter TTL than the SRV or 248 NS RR's.) 250 - SRV RRs with Protocol TCP and Service SMTP override MX RR's. 251 This allows firewalled organizations with several SMTP relays to 252 control the load distribution using the Weight field. 254 - Designers of new protocols are urged to specify that SRV lookups 255 be mandatory for those protocols. 257 - Client resolvers may treat Weight 0 as equal to 1. 259 Fictional example 261 This is (part of) the zone file for asdf.com, a still-unused domain: 263 $ORIGIN asdf.com. 264 @ SOA server.asdf.com. root.asdf.com. ( 265 1995032001 3600 3600 604800 86400 ) 266 NS server.asdf.com. 267 NS ns1.ip-provider.net. 268 NS ns2.ip-provider.net. 269 ftp.tcp SRV 0 0 21 server.asdf.com. 270 finger.tcp SRV 0 0 79 server.asdf.com. 271 ; telnet - use old-slow-box or new-fast-box if either is 272 ; available, make three quarters of the logins go to 273 ; new-fast-box. 274 telnet.tcp SRV 0 1 23 old-slow-box.asdf.com. 275 SRV 0 3 23 new-fast-box.asdf.com. 276 ; if neither old-slow-box or new-fast-box is up, switch to 277 ; using the sysdmin's box and the server 278 SRV 1 0 23 sysadmins-box.asdf.com. 279 SRV 1 0 23 server.asdf.com. 280 ; SMTP - mail goes to the server, and to the IP provider if 281 ; the net is down 282 smtp.tcp SRV 0 0 25 server.asdf.com. 283 SRV 1 0 25 mailhost.ip-provider.net. 284 MX 0 server.asdf.com. 285 MX 1 mailhost.ip-provider.net. 286 ; NNTP - use the IP providers's NNTP server 287 nntp.tcp SRV 0 0 119 nntphost.ip-provider.net. 288 ; addresses 289 server A 172.30.79.10 290 old-slow-box A 172.30.79.11 291 sysadmins-box A 172.30.79.12 292 new-fast-box A 172.30.79.13 293 ; backup A records - new-fast-box and old-slow-box are 294 ; included, naturally, and server is too, but might go 295 ; if the load got too bad 296 @ A 172.30.79.10 297 A 172.30.79.11 298 A 172.30.79.13 300 In this example, a telnet connection to "asdf.com." needs an SRV 301 lookup of "telnet.tcp.asdf.com." and possibly A lookups of "new-fast- 302 box.asdf.com." and/or the other hosts named. The size of the SRV 303 reply is approximately 365 bytes: 305 30 bytes general overhead 306 20 bytes for the query string, "telnet.tcp.asdf.com." 307 130 bytes for 4 SRV RR's, 20 bytes each plus the lengths of "new- 308 fast-box", "old-slow-box", "server" and "sysadmins-box" - 309 "asdf.com" in the query section is quoted here and doesn't need 310 to be counted again. 311 75 bytes for 3 NS RRs, 15 bytes each plus the lengths of "server", 312 "ns1.ip-provider.net." and "ns2" - again, "ip-provider.net." is 313 quoted and only needs to be counted once. 314 120 bytes for the 6 A RR's mentioned by the SRV and NS RR's. 316 Refererences 318 RFC 1794: T. Brisco, "DNS Support for Load Balancing", 04/20/1995. 320 RFC 1713: A. Romao, "Tools for DNS debugging", 11/03/1994. 322 RFC 1712: C. Farrell, M. Schulze, S. Pleitner, D. Baldoni, "DNS 323 Encoding of Geographical Location", 11/01/1994. 325 RFC 1706: B. Manning, R. Colella, "DNS NSAP Resource Records", 326 10/26/1994. 328 RFC 1700: J. Reynolds, J. Postel, "ASSIGNED NUMBERS", 10/20/1994. 330 RFC 1536: A. Kumar, J. Postel, C. Neuman, P. Danzig, S. Miller, "Com- 331 mon DNS Implementation Errors and Suggested Fixes.", 10/06/1993. 333 RFC 1183: R. Ullman, P. Mockapetris, L. Mamakos, C. Everhart, "New 334 DNS RR Definitions", 10/08/1990. 336 RFC 1101: P. Mockapetris, "DNS encoding of network names and other 337 types", 04/01/1989. 339 RFC 1035: P. Mockapetris, "Domain names - implementation and specifi- 340 cation", 11/01/1987. 342 RFC 1034: P. Mockapetris, "Domain names - concepts and facilities", 343 11/01/1987. 345 RFC 1033: M. Lottor, "Domain administrators operations guide", 346 11/01/1987. 348 RFC 1032: M. Stahl, "Domain administrators guide", 11/01/1987. 350 RFC 974: C. Partridge, "Mail routing and the domain system", 351 01/01/1986. 353 Security Considerations 355 The authors believes this RR to be perfectly safe - or rather, not to 356 cause any new security problems. We assume that as the DNS-security 357 people invent new features, DNS servers will return the relevant RRs 358 in the Additional Data section when answering an SRV query. 360 Authors' Addresses 362 Arnt Gulbrandsen 363 Troll Tech 364 Postboks 6133 Etterstad 365 N-0602 Oslo 366 Norway 368 Phone: +47 22646966 370 Mail: agulbra@troll.no 372 Paul Vixie 373 Vixie Enterprises 374 Star Route 159A 375 Woodside, CA 94062 377 Phone: (415) 747-0204 379 Mail: paul@vix.com