INTERNET DRAFT M. Ohta draft-ietf-dnsind-ixfr-04.txt Tokyo Institute of Technology November 1995 Incremental Zone Transfer in DNS Status of this Memo This document is an Internet-Draft. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months. Internet-Drafts may be updated, replaced, or obsoleted by other documents at any time. It is not appropriate to use Internet- Drafts as reference material or to cite them other than as a ``working draft'' or ``work in progress.'' To learn the current status of any Internet-Draft, please check the 1id-abstracts.txt listing contained in the Internet-Drafts Shadow Directories on ds.internic.net, nic.nordu.net, ftp.nisc.sri.com, or munnari.oz.au. Abstract This document proposes extensions to the DNS protocols to provide an incremental zone transfer (IXFR) mechanism. 1. Introduction For the quick propagation of changes to a DNS database [STD13], it is necessary to reduce latency by actively notifying servers of the change. This is accomplished by NOTIFY extension of DNS [NOTIFY]. The current full zone transfer mechanism (AXFR) is not an efficient means to propagate changes to a small part of a zone, as it transfers the entire zone file. Incremental transfer (IXFR) as proposed is a more efficient mechanism, as it transfers only the changed portion(s) of a zone. In this document, a secondary name server which requests IXFR is called an IXFR client and a primary or secondary name server which responds to the request is called an IXFR server. 2. Brief Description of the Protocol M. Ohta Expires on May 15, 1996 [Page 1]
INTERNET DRAFT Incremental Zone Transfer in DNS November 1995 If an IXFR client, which likely has an older version of a zone, thinks it needs new information about the zone (typically through SOA refresh timeout or the NOTIFY mechanism), it sends an IXFR message containing the SOA serial number of its, presumably outdated, copy of the zone. An IXFR server should keep record of the newest version of the zone and the differences between that copy and several older versions. When an IXFR request with an older version number is received, the IXFR server needs to send only the differences required to make that version current. Alternatively, the server may choose to transfer the entire zone just as in a normal full zone transfer. Upon an update of a zone, new difference information should not be available until after the updated version is placed in a stable storage. Otherwise, if a server crashes, the effect of IXFR on unstable data, which is lost on the server at the crash, will persistently survive the following IXFRs on some client, causing inconsistency of the database. If an IXFR query with the same or newer version number than that of the server is received, it is replied to with a single SOA record of the server's current version, just as in AXFR. Transport of a query may be by either UDP or TCP. If an IXFR query is via UDP, the IXFR server may attempt to reply using UDP if the entire response can be contained in a single DNS packet. If the UDP reply does not fit, the query is responded to with a single SOA record of the server's current version to inform the client that a TCP query should be initiated. Thus, a client should first make an IXFR query using UDP. If the query type is not recognized by the server, an AXFR (preceded by a UDP SOA query) should be tried. If the query response is a single packet with the entire new zone, or if the server does not have a newer version than the client, everything is done. Otherwise, a TCP IXFR query should be tried. To ensure integrity, servers should use UDP checksums for all UDP responses. A cautious client which receives a UDP packet with the checksum value of zero should ignore the result and try a TCP IXFR instead. The query type value of IXFR assigned by IANA is 251. 3. Query Format The IXFR query packet format is the same as that of a normal DNS M. Ohta Expires on May 15, 1996 [Page 2]
INTERNET DRAFT Incremental Zone Transfer in DNS November 1995 query, but with the query type being IXFR and the authority section containing the SOA record of client's version of the zone. 4. Response Format If incremental zone transfer is not available, the entire zone is returned. The first and the last RR of the response is the SOA record of the zone. I.e. the behavior is the same as an AXFR response except the query type is IXFR. If incremental zone transfer is available, one or more difference sequences is returned. The list of difference sequences is preceded and followed by a copy of the server's current version of the SOA. Each difference sequence represents one update to the zone (one SOA serial change) consisting of deleted RRs and added RRs. The first RR of the deleted RRs is the older SOA RR and the first RR of the added RRs is the newer SOA RR. Modification of an RR is performed first by removing the original RR and then adding the modified one. The sequences of differential information are ordered oldest first newest last. Thus, the differential sequences are the history of changes made since the version known by the IXFR client up to the server's current version. RRs in the incremental transfer messages may be partial. That is, if a single RR of multiple RRs of the same RR type changes, only the changed RR is transferred. An IXFR client, should only replace an older version with a newer version after all the differences have been successfully processed. An incremental response is different from that of a non-incremental response in that it begins with two SOA RRs, the server's current SOA followed by the SOA of the client's version which is about to be replaced. 5. Purging Strategy An IXFR server can not be required to forever hold all previous versions and may delete them anytime. In general, there is a trade- off between the size of storage space and the possibility of using IXFR. Information about older versions should be purged if the total length of an IXFR response would be longer than that of an AXFR response. M. Ohta Expires on May 15, 1996 [Page 3]
INTERNET DRAFT Incremental Zone Transfer in DNS November 1995 Given that the purpose of IXFR is to reduce AXFR overhead, this strategy is quite reasonable. The strategy assures that the amount of storage required is at most twice that of the current zone information. Information older than the SOA expire period may also be purged. 6. Example Given the following three generations of data with the current serial number of 3, JAIN.AD.JP. IN SOA NS.JAIN.AD.JP. mohta.jain.ad.jp. ( 1 600 600 3600000 604800) IN NS NS.JAIN.AD.JP. NS.JAIN.AD.JP. IN A 133.69.136.1 NEZU.JAIN.AD.JP. IN A 133.69.136.5 NEZU.JAIN.AD.JP. is removed and JAIN-BB.JAIN.AD.JP. is added. jain.ad.jp. IN SOA ns.jain.ad.jp. mohta.jain.ad.jp. ( 2 600 600 3600000 604800) IN NS NS.JAIN.AD.JP. NS.JAIN.AD.JP. IN A 133.69.136.1 JAIN-BB.JAIN.AD.JP. IN A 133.69.136.4 IN A 192.41.197.2 One of the IP addresses of JAIN-BB.JAIN.AD.JP. is changed. JAIN.AD.JP. IN SOA ns.jain.ad.jp. mohta.jain.ad.jp. ( 3 600 600 3600000 604800) IN NS NS.JAIN.AD.JP. NS.JAIN.AD.JP. IN A 133.69.136.1 JAIN-BB.JAIN.AD.JP. IN A 133.69.136.3 IN A 192.41.197.2 The following IXFR query +---------------------------------------------------+ Header | OPCODE=SQUERY | +---------------------------------------------------+ Question | QNAME=JAIN.AD.JP., QCLASS=IN, QTYPE=IXFR | +---------------------------------------------------+ Answer | <empty> | +---------------------------------------------------+ Authority | JAIN.AD.JP. IN SOA serial=1 | +---------------------------------------------------+ Additional | <empty> | M. Ohta Expires on May 15, 1996 [Page 4]
INTERNET DRAFT Incremental Zone Transfer in DNS November 1995 +---------------------------------------------------+ could be replied to with the following full zone transfer message: +---------------------------------------------------+ Header | OPCODE=SQUERY, RESPONSE | +---------------------------------------------------+ Question | QNAME=JAIN.AD.JP., QCLASS=IN, QTYPE=IXFR | +---------------------------------------------------+ Answer | JAIN.AD.JP. IN SOA serial=3 | | JAIN.AD.JP. IN NS NS.JAIN.AD.JP. | | NS.JAIN.AD.JP. IN A 133.69.136.1 | | JAIN-BB.JAIN.AD.JP. IN A 133.69.136.3 | | JAIN-BB.JAIN.AD.JP. IN A 192.41.197.2 | | JAIN.AD.JP. IN SOA serial=3 | +---------------------------------------------------+ Authority | <empty> | +---------------------------------------------------+ Additional | <empty> | +---------------------------------------------------+ or with the following incremental message: +---------------------------------------------------+ Header | OPCODE=SQUERY, RESPONSE | +---------------------------------------------------+ Question | QNAME=JAIN.AD.JP., QCLASS=IN, QTYPE=IXFR | +---------------------------------------------------+ Answer | JAIN.AD.JP. IN SOA serial=3 | | JAIN.AD.JP. IN SOA serial=1 | | NEZU.JAIN.AD.JP. IN A 133.69.136.5 | | JAIN.AD.JP. IN SOA serial=2 | | JAIN-BB.JAIN.AD.JP. IN A 133.69.136.4 | | JAIN-BB.JAIN.AD.JP. IN A 192.41.197.2 | | JAIN.AD.JP. IN SOA serial=2 | | JAIN-BB.JAIN.AD.JP. IN A 133.69.136.4 | | JAIN.AD.JP. IN SOA serial=3 | | JAIN-BB.JAIN.AD.JP. IN A 133.69.136.3 | | JAIN.AD.JP. IN SOA serial=3 | +---------------------------------------------------+ Authority | <empty> | +---------------------------------------------------+ Additional | <empty> | +---------------------------------------------------+ or, if UDP packet overflow occurs, with the following message: +---------------------------------------------------+ M. Ohta Expires on May 15, 1996 [Page 5]
INTERNET DRAFT Incremental Zone Transfer in DNS November 1995 Header | OPCODE=SQUERY, RESPONSE | +---------------------------------------------------+ Question | QNAME=JAIN.AD.JP., QCLASS=IN, QTYPE=IXFR | +---------------------------------------------------+ Answer | JAIN.AD.JP. IN SOA serial=3 | +---------------------------------------------------+ Authority | <empty> | +---------------------------------------------------+ Additional | <empty> | +---------------------------------------------------+ 7. Acknowledgements The original idea of IXFR was conceived by Anant Kumar, Steve Hotz and Jon Postel. For the refinement of the protocol and documentation, many people have contributed including, but not limited to, Anant Kumar, Robert Austein, Paul Vixie, Randy Bush, Mark Andrews and the members of the IETF DNSIND working group. 8. References [NOTIFY] Vixie, P., "Notify: a mechanism for prompt notification of authority zone changes", work in progress as <draft-ietf-dnsind- notify-01.txt> [STD13] Mockapetris, P., "Domain Name System" (RFC1034 and RFC1035), November 1987. 9. Security Considerations Though DNS is related to several security problems, no attempt is made to fix them in this document. This document is believed to introduce no additional security problems to the current DNS protocol. 10. Author's Address Masataka Ohta Computer Center, Tokyo Institute of Technology 2-12-1, O-okayama, Meguro-ku, Tokyo 152, JAPAN Phone: +81-3-5734-3299 Fax: +81-3-5734-3415 EMail: mohta@necom830.cc.titech.ac.jp M. Ohta Expires on May 15, 1996 [Page 6]
