idnits 2.17.1 draft-ietf-dnsind-edns0-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Cannot find the required boilerplate sections (Copyright, IPR, etc.) in this document. Expected boilerplate is as follows today (2024-04-25) according to https://trustee.ietf.org/license-info : IETF Trust Legal Provisions of 28-dec-2009, Section 6.a: This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 2: Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 3: This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts. ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an Introduction section. ** The document seems to lack a Security Considerations section. ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack an Authors' Addresses Section. ** There are 63 instances of too long lines in the document, the longest one being 3 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == Line 98 has weird spacing: '...in name emp...' -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- Couldn't find a document date in the document -- date freshness check skipped. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Missing reference section? 'RFC1035' on line 198 looks like a reference Summary: 11 errors (**), 0 flaws (~~), 2 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 DNSIND Working Group Paul Vixie 3 INTERNET-DRAFT ISC 4 September, 1998 6 Extension mechanisms for DNS (EDNS0) 8 Status of this Memo 10 This document is an Internet-Draft. Internet-Drafts are working 11 documents of the Internet Engineering Task Force (IETF), its areas, 12 and its working groups. Note that other groups may also distribute 13 working documents as Internet-Drafts. 15 Internet-Drafts are draft documents valid for a maximum of six months 16 and may be updated, replaced, or obsoleted by other documents at any 17 time. It is inappropriate to use Internet-Drafts as reference 18 material or to cite them other than as ``work in progress.'' 20 To view the entire list of current Internet-Drafts, please check the 21 "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow 22 Directories on ftp.is.co.za (Africa), ftp.nordu.net (Northern 23 Europe), ftp.nis.garr.it (Southern Europe), munnari.oz.au (Pacific 24 Rim), ftp.ietf.org (US East Coast), or ftp.isi.edu (US West Coast). 26 Abstract 28 The Domain Name System's wire protocol includes a number of fixed 29 fields whose range has been or soon will be exhausted, and does not 30 allow clients to advertise their capabilities to servers. This 31 document describes backward compatible mechanisms for allowing the 32 protocol to grow. 34 1 - Rationale and Scope 36 1.1. DNS (see [RFC1035]) specifies a Message Format and within such 37 messages there are standard formats for encoding options, errors, and 38 name compression. The maximum allowable size of a DNS Message is fixed. 39 Many of DNS's protocol limits are too small for uses which are or which 40 are desired to become common. There is no way for clients to advertise 41 their capabilities to servers. 43 1.2. Existing clients will not know how to interpret the protocol 44 extensions detailed here. In practice, these clients will be upgraded 45 when they have need of a new feature, and only new features will make 46 use of the extensions. We must however take account of client behaviour 47 in the face of extra fields, and design a fallback scheme for 48 interoperability with these clients. 50 2 - Affected Protocol Elements 52 2.1. The DNS Message Header's (see [RFC1035 4.1.1]) second full 16-bit 53 word is divided into a 4-bit OPCODE, a 4-bit RCODE, and a number of 54 1-bit flags. The original reserved Z bits have been allocated to 55 various purposes, and most of the RCODE values are now in use. More 56 types and more possible RCODEs are needed. 58 2.2. The first two bits of a wire format domain label are used to denote 59 the type of the label. [RFC1035 4.1.4] allocates two of the four 60 possible types and reserves the other two. Proposals for use of the 61 remaining types far outnumber those available. More label types are 62 needed. 64 2.3. DNS Messages are limited to 512 octets in size when sent over UDP. 65 While the minimum maximum reassembly buffer size is still 512 bytes, 66 most of the hosts now connected to the Internet are able to reassemble 67 larger datagrams. Some mechanism must be created to allow requestors to 68 advertise larger buffer sizes to responders. 70 3 - Extended Label Types 72 3.1. The ``0 1'' label type will now indicate an extended label type, 73 whose value is encoded in the lower six bits of the first octet of a 74 label. All subsequently developed label types should be encoded using 75 an extended label type. 77 3.2. The ``1 1 1 1 1 1'' extended label type will be reserved for future 78 expansion of the extended label type code space. 80 4 - OPT pseudo-RR 82 4.1. The OPT pseudo-RR can be added to the additional data section of 83 either a request or a response. An OPT is called a pseudo-RR because it 84 pertains to a particular transport level message and not to any actual 85 DNS data. OPT RRs shall never be cached, forwarded, or stored in or 86 loaded from master files. 88 4.2. An OPT RR has a fixed part and a variable set of options expressed 89 as {attribute, value} pairs. The fixed part holds some DNS meta data 90 and also a small collection of new protocol elements which we expect to 91 be so popular that it would be a waste of wire space to encode them as 92 {attribute, value} pairs. 94 4.3. The fixed part of an OPT RR is structured as follows: 96 Field Name Field Type Description 97 ----------------------------------------------------- 98 NAME domain name empty (root domain) 99 TYPE u_int16_t OPT (XXX IANA) 100 CLASS u_int16_t sender's UDP buffer size 101 TTL u_int32_t extended RCODE and flags 102 RDLEN u_int16_t describes RDATA 103 RDATA octet stream {attribute,value} pairs 105 4.4. The variable part of an OPT RR is encoded in its RDATA and is 106 structured as zero or more of the following: 108 +0 (MSB) +1 (LSB) 109 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 110 0: | OPTION-CODE | 111 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 112 2: | OPTION-LENGTH | 113 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 114 4: | | 115 / OPTION-DATA / 116 / / 117 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 119 OPTION-CODE Assigned by the IANA. Value 65535 is reserved for future 120 expansion. 122 OPTION-LENGTH Size (in octets) of OPTION-DATA. 124 OPTION-DATA Varies per OPTION-CODE. 126 4.5. The sender's UDP buffer size is the number of octets of the largest 127 UDP payload that can be reassembled and delivered in the sender's 128 network stack. Note that path MTU, with or without fragmentation, may 129 be smaller than this. 131 4.5.1. Note that a 512-octet UDP payload requires a 576-octet IP 132 reassembly buffer. Choosing 1280 on an Ethernet connected requestor 133 would be reasonable. The consequence of choosing too large a value may 134 be an ICMP message from an intermediate gateway, or even a silent drop 135 of the response message. Requestors are advised to retry in such cases. 137 4.5.2. Both requestors and responders are advised to take account of the 138 path's already discovered MTU (if known) when considering message sizes. 140 4.6. The extended RCODE and flags are structured as follows: 142 +0 (MSB) +1 (LSB) 143 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 144 0: | EXTENDED-RCODE | VERSION | 145 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 146 2: | Z | 147 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 149 EXTENDED-RCODE Forms upper 8 bits of extended 12-bit RCODE. 151 VERSION Indicates the implementation level of whoever sets it. 152 Full conformance with the draft standard version of this 153 specification is version ``0.'' Note that both 154 requestors and responders should set this to the highest 155 level they implement, that responders should send back 156 RCODE=BADVERS (XXX IANA) and that requestors should be 157 prepared to probe using lower version numbers if they 158 receive an RCODE=BADVERS. 160 Z Set to zero by senders and ignored by receivers, unless 161 modified in a subsequent specification. 163 5 - Transport Considerations 165 5.1. The presence of an OPT pseudo-RR in a request should be taken as an 166 indication that the requestor fully implements the given version of 167 EDNS, and can correctly understand any response that conforms to that 168 feature's specification. 170 5.2. Lack of use of these features in a request must be taken as an 171 indication that the requestor does not implement any part of this 172 specification and that the responder may make no use of any protocol 173 extension described here in its response. 175 5.3. Responders who do not understand these protocol extensions are 176 expected to send a respose with RCODE NOTIMPL, FORMERR, or SERVFAIL. 177 Therefore use of extensions should be ``probed'' such that a responder 178 who isn't known to support them be allowed a retry with no extensions if 179 it responds with such an RCODE. If a responder's capability level is 180 cached by a requestor, a new probe should be sent periodically to test 181 for changes to responder capability. 183 6 - Security Considerations 185 Requestor-side specification of the maximum buffer size may open a new 186 DNS denial of service attack if responders can be made to send messages 187 which are too large for intermediate gateways to forward, thus leading 188 to potential ICMP storms between gateways and responders. 190 7 - Acknowledgements 192 Paul Mockapetris, Mark Andrews, Robert Elz, Don Lewis, Bob Halley, 193 Donald Eastlake, Rob Austein, Matt Crawford, and Randy Bush were each 194 instrumental in creating this specification. 196 8 - References 198 [RFC1035] P. Mockapetris, ``Domain Names - Implementation and 199 Specification,'' RFC 1035, USC/Information Sciences 200 Institute, November 1987. 202 9 - Author's Address 204 Paul Vixie 205 Internet Software Consortium 206 950 Charter Street 207 Redwood City, CA 94063 208 +1 650 779 7001 209