idnits 2.17.1 

draft-salgado-rrserial-01.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  == There are 1 instance of lines with non-RFC6890-compliant IPv4 addresses
     in the document.  If these are example addresses, they should be changed.


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the IETF Trust and authors Copyright Line does not
     match the current year

  -- The document date (January 27, 2020) is 1550 days in the past.  Is this
     intentional?


  Checking references for intended status: Informational
  ----------------------------------------------------------------------------

     No issues found here.

     Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 1 comment (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.
--------------------------------------------------------------------------------


2	Internet Engineering Task Force                               H. Salgado
3	Internet-Draft                                                 NIC Chile
4	Intended status: Informational                          January 27, 2020
5	Expires: July 30, 2020

7	      The "RRSERIAL" EDNS option for the SOA serial of a RR's zone
8	                       draft-salgado-rrserial-01

10	Abstract

12	   The "RRSERIAL" EDNS option allows a DNS querier to ask a DNS
13	   authoritative server to add a EDNS option in the answer of such query
14	   with the SOA serial number field of the origin zone which contains
15	   the answered resource record.

17	   This "RRSERIAL" data allows to debug problems and diagnosis by
18	   helping to recognize the origin of an answer, associating this answer
19	   with a respective zone version.

21	Status of This Memo

23	   This Internet-Draft is submitted in full conformance with the
24	   provisions of BCP 78 and BCP 79.

26	   Internet-Drafts are working documents of the Internet Engineering
27	   Task Force (IETF).  Note that other groups may also distribute
28	   working documents as Internet-Drafts.  The list of current Internet-
29	   Drafts is at https://datatracker.ietf.org/drafts/current/.

31	   Internet-Drafts are draft documents valid for a maximum of six months
32	   and may be updated, replaced, or obsoleted by other documents at any
33	   time.  It is inappropriate to use Internet-Drafts as reference
34	   material or to cite them other than as "work in progress."

36	   This Internet-Draft will expire on July 30, 2020.

38	Copyright Notice

40	   Copyright (c) 2020 IETF Trust and the persons identified as the
41	   document authors.  All rights reserved.

43	   This document is subject to BCP 78 and the IETF Trust's Legal
44	   Provisions Relating to IETF Documents
45	   (https://trustee.ietf.org/license-info) in effect on the date of
46	   publication of this document.  Please review these documents
47	   carefully, as they describe your rights and restrictions with respect
48	   to this document.  Code Components extracted from this document must
49	   include Simplified BSD License text as described in Section 4.e of
50	   the Trust Legal Provisions and are provided without warranty as
51	   described in the Simplified BSD License.

53	Table of Contents

55	   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
56	     1.1.  Requirements Language . . . . . . . . . . . . . . . . . .   3
57	   2.  The RRSERIAL Option . . . . . . . . . . . . . . . . . . . . .   3
58	   3.  RRSERIAL Processing . . . . . . . . . . . . . . . . . . . . .   3
59	     3.1.  Querier . . . . . . . . . . . . . . . . . . . . . . . . .   3
60	     3.2.  Responder . . . . . . . . . . . . . . . . . . . . . . . .   3
61	   4.  Example usage . . . . . . . . . . . . . . . . . . . . . . . .   3
62	   5.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .   4
63	   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   4
64	     6.1.  DNS EDNS0 Option Code Registration  . . . . . . . . . . .   4
65	   7.  Security Considerations . . . . . . . . . . . . . . . . . . .   4
66	   8.  Normative References  . . . . . . . . . . . . . . . . . . . .   4
67	   Appendix A.  Implementation References  . . . . . . . . . . . . .   5
68	   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .   5

70	1.  Introduction

72	   The "RRSERIAL" EDNS option [RFC6891] allows a DNS querier to ask a
73	   DNS authoritative server to add a EDNS option in the answer of such
74	   query with the SOA serial number field of the zone which contains the
75	   answered resource record.

77	   This "RRSERIAL" data allows to debugging helping to recognize the
78	   origin of an answer, associating this answer with a respective zone
79	   version.

81	   The DNS data is of loose coherent nature, meaning that a record
82	   obtained by a response could be out-of-sync with other authoritative
83	   sources of the same data.  This makes it difficult to debug the
84	   responses because you'd need to couple an answer with the version of
85	   the zone used to obtain such data.  Even when you could use a
86	   separate question to ask for the SOA RR of the zone to ask for its
87	   serial, this separate question is in another time and could even
88	   arrive to another authoritative source, so it's not directly
89	   correlated with another query.

91	   This EDNS option is aimed only to authorative servers for a zone.
92	   Resolvers and forwarders should ignore the option.  It's only
93	   intended for hop-to-hop communication (not transitive).

95	1.1.  Requirements Language

97	   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
98	   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
99	   document are to be interpreted as described in RFC 2119 [RFC2119].

101	2.  The RRSERIAL Option

103	   The OPTION-CODE for the RRSERIAL option is <TBD>.

105	   The OPTION-DATA for the RRSERIAL option is an unsigned 32 bit version
106	   number as defined in the SERIAL field of the "SOA RDATA Format"
107	   section (3.3.13) of "DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION"
108	   (RFC 1035 [RFC1035]) specification.

110	3.  RRSERIAL Processing

112	3.1.  Querier

114	   The EDNS RRSERIAL option MAY be included on any QUERY, by adding a
115	   zero-length EDNS RRSERIAL option to the options field of the OPT
116	   record when the query is made.

118	3.2.  Responder

120	   If an EDNS RRSERIAL option is sent to a server that is authoritative
121	   for the zone queried, and the RCODE for the answer is NOERROR, the
122	   OPTION-DATA MUST be a copy of the serial field of the SOA resource
123	   record of the zone which contains the resource record of the ANSWER
124	   section.

126	   Otherwise, the answer MUST NOT add an EDNS RRSERIAL option to the
127	   response.

129	4.  Example usage
130	     $ dig @auth_server www.example.com AAAA +rrserial +norec +nocmd

132	     ; (1 server found)
133	     ;; global options: +cmd
134	     ;; Got answer:
135	     ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16429
136	     ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

138	     ;; OPT PSEUDOSECTION:
139	     ; EDNS: version: 0, flags:; udp: 4096
140	     ; RRSERIAL: 2019073001
141	     ;; QUESTION SECTION:
142	     ;www.example.com.                    IN      AAAA

144	     ;; ANSWER SECTION:
145	     www.example.com.             900     IN      AAAA

147	     ;; Query time: 53 msec
148	     ;; SERVER: authoritative#53(2001:DB8::53)
149	     ;; WHEN: Tue Aug 07 16:54:05 -04 2018
150	     ;; MSG SIZE  rcvd: 71

152	5.  Acknowledgements

154	   This document was made by his author in its entirety, so there're no
155	   acknowledgements yet.

157	6.  IANA Considerations

159	6.1.  DNS EDNS0 Option Code Registration

161	   Ask to IANA for a code point registration for "RRSERIAL" option.

163	7.  Security Considerations

165	   There's no risk on disclosure of private information, as the SERIAL
166	   of the SOA record is already publicly available.

168	8.  Normative References

170	   [RFC1035]  Mockapetris, P., "Domain names - implementation and
171	              specification", STD 13, RFC 1035, DOI 10.17487/RFC1035,
172	              November 1987, <https://www.rfc-editor.org/info/rfc1035>.

174	   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
175	              Requirement Levels", BCP 14, RFC 2119,
176	              DOI 10.17487/RFC2119, March 1997,
177	              <https://www.rfc-editor.org/info/rfc2119>.

179	   [RFC6891]  Damas, J., Graff, M., and P. Vixie, "Extension Mechanisms
180	              for DNS (EDNS(0))", STD 75, RFC 6891,
181	              DOI 10.17487/RFC6891, April 2013,
182	              <https://www.rfc-editor.org/info/rfc6891>.

184	Appendix A.  Implementation References

186	   There's a patched NSD server 4.1.23 with support for RRSERIAL with
187	   the experimental opcode 65024 maintained in github
188	   https://github.com/huguei/nsd/tree/rrserial , and installed for live
189	   testing in 200.1.122.30 address with configured zones
190	   dateserial.example.com and incserial.example.com; with MX, TXT and
191	   AAAA apex records.

193	Author's Address

195	   Hugo Salgado
196	   NIC Chile
197	   Miraflores 222, piso 14
198	   Santiago  CP 8320198
199	   CL

201	   Phone: +56 2 29407700
202	   Email: hsalgado@nic.cl