Extended DNS Errors
draft-ietf-dnsop-extended-error-01
Network Working Group W. Kumari
Internet-Draft Google
Intended status: Standards Track E. Hunt
Expires: January 3, 2019 ISC
R. Arends
ICANN
W. Hardaker
USC/ISI
D. Lawrence
Akamai Technologies
July 02, 2018
Extended DNS Errors
draft-ietf-dnsop-extended-error-01
Abstract
This document defines an extensible method to return additional
information about the cause of DNS errors. The primary use case is
to extend SERVFAIL to provide additional information about the cause
of DNS and DNSSEC failures.
[ Open question: The document currently defines a registry for
errors. It has also been suggested that the option also carry human
readable (text) messages, to allow the server admin to provide
additional debugging information (e.g: "example.com pointed their NS
at us. No idea why...", "We don't provide recursive DNS to
192.0.2.0. Please stop asking...", "Have you tried Acme Anvil and
DNS? We do DNS right..." (!). Please let us know if you think text
is needed, or if a 16bit FCFS registry is expressive enough. ]
[ Open question: This document discusses extended *errors*, but it
has been suggested that this could be used to also annotate *non-
error* messages. The authors do not think that this is a good idea,
but could be persuaded otherwise. ]
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Kumari, et al. Expires January 3, 2019 [Page 1]
Internet-Draft draft-ietf-dnsop-extended-error July 2018
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 3, 2019.
Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction and background . . . . . . . . . . . . . . . . . 3
1.1. Requirements notation . . . . . . . . . . . . . . . . . . 3
2. Extended Error EDNS0 option format . . . . . . . . . . . . . 4
3. Use of the Extended DNS Error option . . . . . . . . . . . . 5
4. Defined Extended DNS Errors . . . . . . . . . . . . . . . . . 5
4.1. SERVFAIL(3) extended information codes . . . . . . . . . 6
4.1.1. Extended DNS Error Code 1 - DNSSEC Bogus . . . . . . 6
4.1.2. Extended DNS Error Code 2 - DNSSEC Indeterminate . . 6
4.1.3. Extended DNS Error Code 3 - Signature Expired . . . . 6
4.1.4. Extended DNS Error Code 4 - Signature Not Yet Valid . 6
4.1.5. Extended DNS Error Code 5 - Unsupported
DNSKEY Algorithm . . . . . . . . . . . . . . . . . . 6
4.1.6. Extended DNS Error Code 6 - Unsupported
DS Algorithm . . . . . . . . . . . . . . . . . . . . 6
4.1.7. Extended DNS Error Code 7 - DNSKEY missing . . . . . 6
4.1.8. Extended DNS Error Code 8 - RRSIGs missing . . . . . 6
4.1.9. Extended DNS Error Code 9 - No Zone Key Bit Set . . . 7
4.2. REFUSED(5) extended information codes . . . . . . . . . . 7
4.2.1. Extended DNS Error Code 1 - Lame . . . . . . . . . . 7
4.2.2. Extended DNS Error Code 2 - Prohibited . . . . . . . 7
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7
Show full document text