INTERNET-DRAFT Donald E. Eastlake 3rd (IBM) Eric Brunner (Nokia) Bill Manning (ISI) Expires: February 2000 August 1999 draft-ietf-dnsind-iana-dns-00.txt Domain Name System (DNS) IANA Considerations ------ ---- ------ ----- ---- -------------- Status of This Document This draft, file name draft-ietf-dnsind-iana-dns-00.txt, is intended to become a Best Current Practice RFC. Distribution of this document is unlimited. Comments should be sent to the DNS Working Group mailing list <namedroppers@internic.com> or to the authors. This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months. Internet-Drafts may be updated, replaced, or obsoleted by other documents at any time. It is not appropriate to use Internet- Drafts as reference material or to cite them other than as a ``working draft'' or ``work in progress.'' To view the entire list of current Internet-Drafts, please check the "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow Directories as listed at <http://www.ietf.org/shadow.html>. D. Eastlake 3rd, E. Brunner, B. Manning [Page 1]
INTERNET-DRAFT DNS IANA Considerations August 1999 Abstract Internet Assigned Number Authority (IANA) considerations are given for the allocation of Domain Name System (DNS) classes, RR types, operation codes, error codes, etc. Table of Contents Status of This Document....................................1 Abstract...................................................2 Table of Contents..........................................2 1. Introduction............................................3 2. DNS Query/Response Header Structure.....................3 2.1 One Spare Bit?.........................................4 2.2 Opcode Assignment......................................4 2.3 RCODE Assignment.......................................4 3. DNS Resource Record Structure...........................5 3.1 RR TYPE IANA Considerations............................7 3.1.1 Special Note on the OPT RR...........................7 3.1.2 Special Note on the SINK RR..........................8 3.2 RR CLASS IANA Considerations...........................8 3.3 IANA DNS Name Considerations...........................9 3.3.1 Becoming Root........................................9 3.3.1 Reserved TLDs in the IN CLASS........................9 3.3.2 'Country Code' TLDs in the IN CLASS.................10 3.3.3 Other TLDs in the IN CLASS..........................10 4. Security Considerations................................11 References................................................12 Authors Addresses.........................................13 Expiration and File Name..................................13 D. Eastlake 3rd, E. Brunner, B. Manning [Page 2]
INTERNET-DRAFT DNS IANA Considerations August 1999 1. Introduction The Domain Name System (DNS) provides a replicated distributed secure hierarchical database which stores "resource records" (RRs) by CLASS under hierarchical domain names. This data is structured into CLASSes and zones which can be independently maintained. See [RFC 1034, 1035, 2136, 2181, 2535, etc.] familiarity with which is assumed. This document covers general IANA considerations applying across DNS query and response headers and all RRs. There may be additional IANA considerations that apply to only a particular RR type or query/response opcode. See the specific RFC defining that RR type or query/response opcode for such considerations if they have been defined. The terms of art used herein with respect to IANA Considerations are as defined in [RFC 2434]. 2. DNS Query/Response Header Structure The header for DNS queries and responses contains field/bits in the following diagram taken from [RFC 2136/2535]: 1 1 1 1 1 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | ID | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ |QR| Opcode |AA|TC|RD|RA| Z|AD|CD| RCODE | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | QDCOUNT/ZOCOUNT | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | ANCOUNT/PRCOUNT | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | NSCOUNT/UPCOUNT | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | ARCOUNT | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ The ID field identifies the query and is echoed in the response so they can be matched. The QR bit indicates whether the header is for a query or a response. The AA, TC, RD, RA, AD, and CD bits are each theoretically meaningful only in queries or only in responses, depending on the bit. However, many DNS implementations copy the query header as the initial value D. Eastlake 3rd, E. Brunner, B. Manning [Page 3]
INTERNET-DRAFT DNS IANA Considerations August 1999 of the response header without clearing bits. Thus any attempt to use a "query" bit with a different meaning in a response or to define a query meaning for a "response" bit is dangerous and such meanings may only be assigned by an IETF standards action. The QDCOUNT, ANCOUNT, NSCOUNT, and ARCOUNT fields give the number of queries in the Query section, answer RRs in the Answer section, RRs in the Authority section, and informational RRs in the Additional Information section, respectively, for all opcodes except Update. These fields have the same structure and data type for update but are instead the counts for the Zone, Prerequisite, Update, and Additional Information sections. 2.1 One Spare Bit? While it would appear that the "Z" bit is spare, there have been DNS implementations for which that bit being on in a query meant that only a response from the primary server for a zone is acceptable. It is believed that modern DNS implementations ignore this bit. Assigning a meaning to this bit requires an IETF standards action. 2.2 Opcode Assignment IANA DNS OpCode assignments are shown at <ftp://ftp.isi.edu/in- notes/iana/assignments/dns-parameters>. Currently the following OpCodes are assigned. OpCode Name Reference 0 Query [RFC 1035] 1 IQuery (Inverse Query) [RFC 1035] 2 Status [RFC 1035] 3 available for assignment 4 Notify [RFC 1996] 5 Update [RFC 2136] 6-15 available for assignment New OpCode assignments require an IETF consensus. 2.3 RCODE Assignment Current IANA DNS RCODE assignments are shown at <ftp://ftp.isi.edu/in-notes/iana/assignments/dns-parameters>... D. Eastlake 3rd, E. Brunner, B. Manning [Page 4]
INTERNET-DRAFT DNS IANA Considerations August 1999 The range of RCODEs is extended beyond four bits to twelve bits for implementations of DNS supporting the OPT RR (see Section 3.1.1). RCODEs can appear both at the top level of a DNS response in the header or inside TSIG RRs [RFC XXX3]. The TSIG RR has a 16 bit RCODE error field. RCODE Name Reference 0 NoError No Error [RFC 1035] 1 FormErr Format Error [RFC 1035] 2 ServFail Server Failure [RFC 1035] 3 NXDomain Non-Existent Domain [RFC 1035] 4 NotImp Not Implemented [RFC 1035] 5 Refused Query Refused [RFC 1035] 6 YXDomain Name Exists when it should not [RFC 2136] 7 YXRRSet RR Set Exists when it should not [RFC 2136] 8 NXRRSet RR Set that should exist does not [RFC 2136] 9 NotAuth Server Not Authoritative for zone [RFC 2136] 10 NotZone Name not contained in zone [RFC 2136] 11-15 available for assignment 16 BADSIG Signature Failure [RFC XXX3] 17 BADKEY Key not recognized [RFC XXX3] 18 BADTIME Signature out of time window [RFC XXX3] 19-0xFFFF available for assignment Since it is important that RCODEs be understood for interoperability, new RCODE assignment requires an IETF consensus. 3. DNS Resource Record Structure All RRs have the same top level format shown in the figure below taken from RFC 1035: D. Eastlake 3rd, E. Brunner, B. Manning [Page 5]
INTERNET-DRAFT DNS IANA Considerations August 1999 1 1 1 1 1 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | | / / / NAME / | | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | TYPE | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | CLASS | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | TTL | | | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | RDLENGTH | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--| / RDATA / / / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ NAME is an owner name, i.e., the name of the node to which this resource record pertains. Names are specific to a CLASS as described in section 3.2. Names consist of an ordered sequence of one or more labels each of which has a label type [RFC 1035]. The last label in each name is "root" which is wire encoded as a single zero octet. New label types are assigned as provided in [RFC XXX1]. TYPE is two octets containing one of the RR TYPE codes. See section 3.1. CLASS is two octets containing one of the RR CLASS codes. See section 3.2. TTL is a 32 bit unsigned integer that specifies the time interval that the resource record may be cached before the source of the information should again be consulted. Zero is interpreted to mean that the RR can only be used for the transaction in progress. RDLENGTH is an unsigned 16 bit integer that specifies the length in octets of the RDATA field. RDATA is a variable length string of octets that describes the resource. The format of this information varies according to the TYPE and in some cases the CLASS of the resource record. D. Eastlake 3rd, E. Brunner, B. Manning [Page 6]
INTERNET-DRAFT DNS IANA Considerations August 1999 3.1 RR TYPE IANA Considerations There are three subcategories of RR TYPE numbers: data TYPEs, QTYPEs, and Meta-TYPEs. QTYPES can only be used in queries. Meta-TYPEs designate transient data associate with an particular DNS message and in some cases can also be used in queries. Thus far, data types have been assigned from 1 upwards plus the block from 100 through 103 while Q and Meta Types have been assigned from 255 downwards. IANA RR TYPE assignments are documented at <ftp://ftp.isi.edu/in- notes/iana/assignments/dns-parameters>. There are currently three Meta-types: TSIG [RFC XXX3], TKEY, and OPT [RFC XXX1]. There are currently five Qtypes: * (all), MAILA, MAILB, AXFR, and IXFR. RR TYPE zero is used as a special indicator for the SIG RR [RFC 2535] and in other circumstances and must never be allocated for ordinary use. Remaining types in the range 0x0001 to 0x7FFF are assigned by authority of IETF consensus. The current pattern of assigning regular data types from 1 upwards and Q and Meta types from 255 downward should continue until that range is exhausted. Types from 0x8000 through 0xFEFF are assigned based on RFC publication. Types from 0xFF00 through 0xFFFF are for private experimental use. Because their use is not coordinated, it may conflict between different experiments. 3.1.1 Special Note on the OPT RR The OPT (OPTion) RR, number (TBD), is specified in [RFC XXX1]. Its primary purpose is to extend the effective field size of various DNS fields including RCODE, label type, OpCode, flag bits, and RDATA size. In particular, for resolvers and servers that recognize it, it extends the RCODE field from 4 to 12 bits. IANA considerations for label types are given in [RFC XXX1]. D. Eastlake 3rd, E. Brunner, B. Manning [Page 7]
INTERNET-DRAFT DNS IANA Considerations August 1999 3.1.2 Special Note on the SINK RR The (Kitchen) SINK RR, number 40, is specified in RFC [XXX2]. It is designed to accommodate demands for proprietary RRs and provides flexible encoding and semantic labeling of the RDATA potion. This should virtually eliminate the need to allocate RR types codes for private or proprietary purposes. 3.2 RR CLASS IANA Considerations DNS CLASSes have been little used but constitute another dimension of the DNS distributed database. In particular, there is no necessary relationship between the namespace or roots servers for one CLASS and those for another CLASS. A name can have completely different meanings in different CLASSes. However, as global networking and DNS have evolved, the IN, or Internet, CLASS has dominated DNS use. IANA DNS CLASS assignments are shown at <ftp://ftp.isi.edu/in- notes/iana/assignments/dns-parameters>. There are two subcategories of DNS CLASSes: normal data containing classes and QCLASSes that are only meaningful in queries or updates. The current data class assignments are as follows: 1 - Internet (IN), 3 - Chaos (CH), and 4 - Hesiod (HS). The currently assigned Q classes are as follows: 255 - Any and 254 - None. Allocation of CLASS 0x0000 requires an IETF standards action. Allocation of remaining CLASSes in the range of 0x0001-0x00FF are by IETF consensus with data classes given the lowest available value and QCLASSes the highest available value in that range until that range is exhausted. Allocation of CLASSes in the range 0x0100 through 0x7FFF is by IETF consensus. Allocation of CLASSes in the range 0x8000 through 0xFEFF is by RFC publication. CLASSes in the range 0xF000 through 0xFFFE are for private experimental use. Because their use is not coordinated, it may conflict between different experiments. CLASS 0xFFFF can only be assigned by an IETF standards action. D. Eastlake 3rd, E. Brunner, B. Manning [Page 8]
INTERNET-DRAFT DNS IANA Considerations August 1999 3.3 IANA DNS Name Considerations TheHesiod [Dyer 87] and Chaos CLASSes are essentially for local use. (Chaos was a network system implemented at MIT.) The IN CLASS is the only DNS CLASS in global use on the Internet at this time. 3.3.1 Becoming Root In practice, it is quite easy to put up a set of root servers. DNS resolvers which use those root servers will see the namespace they support. DNS has only downward pointers from zone to subzone and no upward pointers going from zone to superzone. Thus, in creating a root zone, it works technically to pick whatever top level domains (TLDs) you want including, if you wish, TLDs that are not generally recognized. Setting up your own root zone like this is commonly done within local enclaves to hide some local names, for security and efficiency. In some cases, local TLDs are added. But for the global Internet, the use of variant root zones would lead to non-interoperability at the application level. Users would find that email addresses didn't work or addressed different accounts for those using different root zone contents. Links in web pages wouldn't work or would address different web resources for those using different root zone contents. As a result, despite strenuous attempts to promote alternatives, no significant portion of the global Internet has ever used other than the IETF recommended root zone contents except, in some cases, for strictly local names. 3.3.1 Reserved TLDs in the IN CLASS All single octet length top level domain (TLD) names in the IN class are reserved as are all TLDs containing any octets that are not ASCII letters or digits. One reason for reserving single octet TLDs is that, should the root zone ever get very large, there are technical solutions which would be eased by having the single byte TLDs available. [For like reasons, it is recommended that within TLDs or indeed within any zone that is or might become very large, all single octet names be reserved. However, this decision is up to the authority for each non-root zone.] Binary label TLDs [RFC XXX4] and other new TLD label data types are reserved. D. Eastlake 3rd, E. Brunner, B. Manning [Page 9]
INTERNET-DRAFT DNS IANA Considerations August 1999 The above reservations also provides a means of escape should other name allocation paint the IN CLASS namespace into a corner. Assignment of the above reserved names requires an IETF consensus. Finally, the four TLDs "example", "invalid", "localhost", and "test" are reserved as described in [RFC 2606]. 3.3.2 'Country Code' TLDs in the IN CLASS All two octet length TLDs in the IN class consisting of letters are reserved for assignment to territories. Those (1) allocated by [ISO 3166] and (2) allocated by the Universal Postal Union [UPU] and reserved in [ISO 3166] even though not formally assigned by [ISO 3166] (e.g., a few British Channel Islands), are assigned as so allocated by the generally recognized acting government of the area associated with the "country code" or on a first come first served basis to a designated registry if there is no such government or the government has not exercised control. In addition, due to historical factors and consistent with the normal diplomatic usage of special consideration for founders, the United States of America, as founder of the Internet, is also assigned the three letter TLDs "gov" and "mil". A country code for a territory with a generally recognized acting government should be considered part of the territory of that government. Decisions by said government as to who should control the DNS for that TLD are final and unappealable. Country codes consisting of a letter and a digit or two digits are not currently used by [ISO 3166] or the [UPU]. However, to permit possible expansion of the two octet country codes, they are reserved for future allocation as described in the previous paragraph. 3.3.3 Other TLDs in the IN CLASS IANA manages the "arpa" and "int" TLDs. The "arpa" TLD is assigned for use in the IPv4 inverse mapping and IANA delegates /8 subzones to holders of a /8 chunk of address space, including the regional address registries. "int" includes the IPv6 inverse address mapping which is at "ip6.int", international registrations at "reg.int", and also provides for recognized international organizations. IANA considerations for IP address assignment are given elsewhere. Control and assignment of various other existing or prospective IN CLASS TLDs is currently in a state of flux being transfered to the ICANN (www.icann.org) DNSO (Domain Name Support Organization, www.dnso.org). Traditionally "edu" was used for educational D. Eastlake 3rd, E. Brunner, B. Manning [Page 10]
INTERNET-DRAFT DNS IANA Considerations August 1999 institutions, "net" for network infrastructure organizations, "com" for commercial organizations, and "org" for other non-profit organizations. New registrations in "edu" are currently restricted to four year or longer institutions of higher learning. 4. Security Considerations This document addresses IANA considerations in the allocation of general DNS parameters, not security. See [RFC 2535] for secure DNS considerations. D. Eastlake 3rd, E. Brunner, B. Manning [Page 11]
INTERNET-DRAFT DNS IANA Considerations August 1999 References [Dyer 87] - Dyer, S., and F. Hsu, "Hesiod", Project Athena Technical Plan - Name Service, April 1987, [ISO 3166] - Codes for the representation of names of countries. [RFC 1034] - P. Mockapetris, "Domain Names - Concepts and Facilities", STD 13, November 1987. [RFC 1035] - P. Mockapetris, "Domain Names - Implementation and Specifications", STD 13, November 1987. [RFC 1996] - P. Vixie, "A Mechanism for Prompt Notification of Zone Changes (DNS NOTIFY)", August 1996. [RFC 2119] - S. Bradner, "Key words for use in RFCs to Indicate Requirement Levels", March 1997. [RFC 2136] - P. Vixie, S. Thomson, Y. Rekhter, J. Bound, "Dynamic Updates in the Domain Name System (DNS UPDATE)", 04/21/1997. [RFC 2181] - Robert Elz, Randy Bush, "Clarifications to the DNS Specification", July 1997. [RFC 2434] - "Guidelines for Writing an IANA Considerations Section in RFCs", T. Narten, H. Alvestrand, October 1998. [RFC 2535] - D. Eastlake, "Domain Name System Security Extensions", March 1999. [RFC 2606] - D. Eastlake, A. Panitz, "Reserved Top Level DNS Names", June 1999. [RFC XXX1] - P. Vixie, "Extension mechanisms for DNS (EDNS0)", xxx 1999 (draft-ietf-dnsind-edns0-*.txt). [RFC XXX2] - D. Eastlake, "The Kitchen Sink DNS Resource Record", xxx 1999 (draft-ietf-dnsind-kitchen-sink-*.txt). [RFC XXX3] - P. Vixie, O. Gundmundsson, D. Eastlake, B. Wellington, "Secret Key Transaction Signatures for DNS (TSIG)" xxx 1999 (draft- ietf-dnsind-tsig-*.txt). [RFC XXX4] - M. Crawford, "Binary Labels in the Domain Name System", xxx 1999 (draft-ietf-dnsind-binary-labels-*.txt). [UPU] - <http://www.upu/int> D. Eastlake 3rd, E. Brunner, B. Manning [Page 12]
INTERNET-DRAFT DNS IANA Considerations August 1999 Authors Addresses Donald E. Eastlake 3rd IBM 65 Shindegan Hill Road Carmel, NY 10512 USA Telephone: +1-914-784-7913 (w) +1-914-276-2668 (h) fax: +1-914-784-3833 (w) email: dee3@us.ibm.com Eric Brunner Mokia Research Center 3 Burlington Woods Drive, Suite 250 Burlington, MA 01803 USA Telephone: +1 781-359-5159 fax: +1 781-359-5196 email: brunner@maine.rr.com Bill Manning USC/ISI 4676 Admiralty Way, #1001 Marina del Rey, CA 90292 USA Telephone: +1 310 822 1511 email: bmanning@isi.edu Expiration and File Name This draft expires February 2000. Its file name is draft-ietf-dnsind-iana-dns-00.txt. D. Eastlake 3rd, E. Brunner, B. Manning [Page 13]