Internet Draft Dan Oscarsson
draft-ietf-idn-udns-03.txt Telia ProSoft
Updates: RFC 2181, 1035, 1034, 2535 19 August 2001
Expires: 19 February 2002
Using the Universal Character Set in the Domain Name System (UDNS)
Status of this memo
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that other
groups may also distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
Abstract
Since the Domain Name System (DNS) [RFC1035] was created there have
been a desire to use other characters than ASCII in domain names.
Lately this desire have grown very strong and several groups have
started to experiment with non-ASCII names. This document defines
how the Universal Character Set (UCS) [ISO10646] is to be used in
DNS. It includes both a transition scheme for older software
supporting non-ASCII handling in applications only, as well as how to
use UCS in labels and having more than 63 octets in a label.
1. Introduction
While the need for non-ASCII domain names have existed since the
creation of the DNS, the need have increased very much during the
last few years. Currently there are at least two implementations
using UTF-8 in use, and others using other methods.
To avoid several different implementations of non-ASCII names in DNS
Dan Oscarsson Expires: 19 February 2002 [Page 1]
Internet Draft Universal DNS 19 August 2001
that do not work together, and to avoid breaking the current ASCII
only DNS, there is an immediate need to standardise how DNS shall
handle non-ASCII names.
While the DNS protocol allow any octet in character data, so far the
octets are only defined for the ASCII code points. Octets outside the
ASCII range have no defined interpretation. This document defines how
all octets are to be used in character data allowing a standardised
way to use non-ASCII in DNS.
The specification here conforms to the IDN requirements [IDNREQ].
1.1 Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
IDN: Internationalised Domain Name, here used to mean a domain name
containing non-ASCII characters.
ACE: ASCII Compatible Encoding. Used to encode IDNs in a way
compatible with the ASCII host name syntax.
1.2 Previous versions of this document
This version contains just minor corrections to the 4:th version.
The third version of this document included a way to return both
ASCII and non-ASCII versions of a name. As this could not be
guaranteed to work it has been removed.
The second version of this document was available as draft-ietf-idn-
udns-00.txt. It included a lot of possibilities as well as a flag bit
that is now removed.
The first version of this document was available as draft-oscarsson-
i18ndns-00.txt.
2. The DNS Protocol
The DNS protocol is used when communicating between DNS servers and
other DNS servers or DNS clients. User interface issues like the
format of zone files or how to enter or display domain names are not
part of the protocol.
The update of the protocol defined here can be used immediately as it
Dan Oscarsson Expires: 19 February 2002 [Page 2]
Internet Draft Universal DNS 19 August 2001
is fully compatible with the DNS of today.
For a long time there will be software understanding UCS in DNS and
software only understanding ASCII in DNS. It is therefore necessary
to support a mixing of both types. For the following text software
understanding UCS in DNS will be called UDNS aware.
This specification supports the following scenarios:
- UDNS unaware client, UDNS aware DNS server
- UDNS aware client, UDNS unaware DNS server
- UDNS aware client, UDNS aware DNS server
2.1 Fundamentals
2.1.1 Standard Character Encoding (SCE)
Character data need to be able to represent as much as possible of
the characters in the world as well as being compatible with ASCII.
Character data is used in labels and in text fields in the RDATA part
of a RR.
The Standard Character Encoding of character data used in the DNS
protocol MUST:
- Use ISO 10646 (UCS) [ISO10646] as coded character set.
- Be normalised using form C as defined in Unicode technical report
#15 [UTR15]. See also [CHNORM].
- Encoded using the UTF-8 [RFC2279] character encoding scheme.
2.1.2 Binary Comparison Format (BCF)
RFC 1035 states that the labels of a name are matched case-
insensitively. When using UCS this is no longer enough as there are
other forms than case that need to match as equivalent. Form-
insensitive matching of UCS includes:
- Letters of different case are compared as the same character.
- Code points of primary typographical variations of the same
character are compared as the same character. An example is double
width/normal width characters or presentation forms of a
character.
- Some characters are represented with multiple code points in UCS.
All code points of one character must compare as the same. For
example the degree Kelvin sign is the same as the letter K.
The original definition is now extended to be: labels must be
compared using form-insensitivity.
Dan Oscarsson Expires: 19 February 2002 [Page 3]
Internet Draft Universal DNS 19 August 2001
To handle form-insensitivity it is here defined the Binary Comparison
Format (BCF) to which strings can be mapped. After strings is mapped
to BCF they can be compared using binary string comparison.
Implementors may implement the form-insensitive comparison without
using BCF, as long as the results are the same.
Mapping of a label to BCF is typically done by steps like: changing
all upper case letters to lower case, mapping different forms to one
form and changing different code points of one character into a
single code point.
For the UCS character code range 0-255 (ASCII and ISO 8859-1) the BCF
MUST be done by mapping all upper case characters to lower case
following the one to one mapping as defined in the Unicode 3.0
Character Database [UDATA].
The definition of the Binary Comparison Format (BCF) for the rest of
UCS will be defined in a separate document. The nearest today is
[NAMEPREP].
2.1.3 Backward Compatibility Encoding (BCE)
To support older software expecting only ASCII and to support
downgrading from 8-bit to 7-bit ASCII in other protocols (like SMTP)
a Backward Compatibility Encoding (BCE) is available. It is a
transition mechanism and will no longer be supported at some future
time when it is so decided.
The Backward Compatibility Encoding (BCE) of a label is defined as
the BCF of the label encoded using an ASCII Compatible Encoding
(ACE).
The definition of the ACE to be used, is defined in a separate
document. Typical definitions that are suitable are [SACE] and
[RACE].
The reason that the BCF form of the label is used is to support
solutions where only applications know about non-ASCII labels. By
using BCF the server need not know about UCS and can just do binary
matching so it can be handled in old servers. Though due to the fact
that BCF destroys information contained in the original form of a
label it is impossible to return the original form to a client using
BCE.
2.1.4 Long names
The current DNS protocol limits a label to 63 octets. As UTF-8 take
more than one octet for some characters, an UTF-8 name cannot have 63
Dan Oscarsson Expires: 19 February 2002 [Page 4]
Internet Draft Universal DNS 19 August 2001
characters in a label like an ASCII name can. For example a name
using Hangul would have a maximum of 21 characters.
The limits imposed by RFC 1035 is 63 octets per label and 255 octets
for the full name. The 255 limit is not a protocol limit but one to
simplify implementations.
To support longer names a long label type is defined using [RFC2671]
as extended label 0b000011 (the label type will be assigned by IANA
and may not be the number used here).
1 1 1 1 1 1 1 1 1 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
|0 1 0 0 0 0 1 1| length | label data ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
length: length of label in octets
label data: the label
The long label MUST be handled by all software following this
specification. Also, they MUST support a UDP packet size of up to
1280 bytes.
The limits for labels are updated since RFC 1025 as follows:
A label is limited to a maximum of 63 character code points in UCS
normalised using Unicode form C. The full name is limited to a
maximum of 255 character code points normalised as for a label.
A long label MUST always use the Standard Character Encoding (SCE).
As long labels are not understood by older software, a response MUST
not include a long label unless the query did. At a later date, IETF
may change this.
2.2 Rules for matching of domain names in UDNS aware DNS servers
To be able to handle correct domain name matching in lookups, the
following MUST be followed by DNS servers:
- Do matching on authorative data using form-insensitive matching
for the characters used in the data (for example a zone using only
ASCII need only handle matching of ASCII characters).
- On non-authorative data, either do binary matching or case-
insensitive matching on ASCII letters and binary matching on all
others.
The effect of the above is:
Dan Oscarsson Expires: 19 February 2002 [Page 5]
Internet Draft Universal DNS 19 August 2001
- only servers handling authorative data must implement form-
insensitive matching of names. And they need only implement the
subset needed for the subset of characters of UCS they support in
their authorative zones.
- it normally gives fast lookup because data is usually sent like:
resolver <-> server <-> authorative server.
While form-insensitive matching can be complex and CPU consuming,
the server in the middle will do caching with only simple and fast
binary matching. So the impact of complex matching rules should
not slow down DNS very much.
2.3 Mixing of UDNS aware and non-UDNS aware clients and servers
To handle the mixing of UDNS aware and non-UDNS aware clients and
servers the following MUST be followed for clients and servers.
2.3.1 Native UDNS aware client
A native UDNS aware client is a client supporting all in this
document.
When doing a query it MUST:
- Use the long label in the QNAME.
- If server rejected query due to long label, retry the query using
the normal short label. If the QNAME contains non-ASCII it must be
encoded using BCE.
- Handle answers containg BCE.
The client may skip trying a query using the long label if it knows
the server does not understand it.
2.3.2 Application based UDNS aware client
An application based UDNS aware client is a client supporting UDNS
through BCE handling in the application.
It only understands BCE and need only a non-UDNS aware resolver to
work. All encoding and decoding of BCE is handled in the
application.
Due to BCE being an ACE of BCF the names returned in an answer need
not contain the real form of the name. Instead it may contains the
simplified form used in name matching. As this is a transition
mechanism to support non-ASCII in names before the DNS servers have
been upgraded, it is acceptable and will give people a reason to
upgrade.
2.3.3 non-UDNS aware client
Dan Oscarsson Expires: 19 February 2002 [Page 6]
Internet Draft Universal DNS 19 August 2001
A non-UDNS aware client will send ASCII or whatever is sent from an
application. It can be BCE which will for the client just be ASCII
text.
2.3.4 UDNS aware server
An UDNS aware server MUST handle all in this document and follow:
- If an incoming query contains a long label the answer may contain
a long label and the client is identified as being UDNS aware.
- If the query comes from a non-UDNS aware client and the answer
contains non-ASCII, the non-ASCII labels must be encoded using
BCE.
- If a short label is used in a query and the QNAME contains non-
ASCII, an authorative server must handle the query if the
character encoding can be recognised. If must recognise SCE and
should recognise common encodings used for the labels in the
domain it is authorative for. Answers will use BCE for all labels
except the one matching QNAME. This will allow clients using the
local character set to work in many cases before the resolver code
is upgraded.
2.3.5 non-UDNS aware server
A non-UDNS server can only handle ASCII matching when comparing
names. It can support the transition mechanism with BCE. The
authorative zones will then have to be loaded with manually BCE
encoded names.
2.4 DNSSEC
As labels now can have non-ASCII in them, DNSSEC [RFC2535] need to be
revised so that it also can handle that.
3. Effect on other protocols
As now a domain name may include non-ASCII many other protocols that
include domain names need to be updated. For example SMTP, HTTP and
URIs. The BCE format can be used when interfacing with ASCII only
software or protocols. Protocols like SMTP could be extended using
ESMTP and a UTF8 option that defines that all headers are in UTF-8.
It is recommended that protocols updated to handle i18n do this by
encoding character data in the same standard format as defined for
DNS in this document (UCS normalised form C). The use of encoding it
in ASCII or by tagged character sets should be avoided.
DNS do not only have domain names in them, for example e-mail
Dan Oscarsson Expires: 19 February 2002 [Page 7]
Internet Draft Universal DNS 19 August 2001
addresses are also included. So an e-mail address would be expected
to be changed to include non-ASCII both before and after the @-sign.
Software need to be updated to follow the user interface
recommendations given above, so that a human will see the characters
in their local character set, if possible.
4. Security Considerations
As always with data, if software does not check for data that can be
a problem, security may be affected. As more characters than ASCII is
allowed, software only expecting ASCII and with no checks may now get
security problems.
5. References
[RFC1034] P. Mockapetris, "Domain Names - Concepts and Facilities",
STD 13, RFC 1034, November 1987.
[RFC1035] P. Mockapetris, "Domain Names - Implementation and
Specification", STD 13, RFC 1035, November 1987.
[RFC2119] Scott Bradner, "Key words for use in RFCs to Indicate
Requirement Levels", March 1997, RFC 2119.
[RFC2181] R. Elz and R. Bush, "Clarifications to the DNS
Specification", RFC 2181, July 1997.
[RFC2279] F. Yergeau, "UTF-8, a transformation format of ISO 10646",
RFC 2279, January 1998.
[RFC2535] D. Eastlake, "Domain Name System Security Extensions".
RFC 2535, March 1999.
[RFC2671] P. Vixie, "Extension Mechanisms for DNS (EDNS0)", RFC
2671, August 1999.
[ISO10646] ISO/IEC 10646-1:2000. International Standard --
Information technology -- Universal Multiple-Octet Coded
Character Set (UCS)
[Unicode] The Unicode Consortium, "The Unicode Standard -- Version
3.0", ISBN 0-201-61633-5. Described at
http://www.unicode.org/unicode/standard/versions/
Unicode3.0.html
[UTR15] M. Davis and M. Duerst, "Unicode Normalization Forms",
Unicode Technical Report #15, Nov 1999,
Dan Oscarsson Expires: 19 February 2002 [Page 8]
Internet Draft Universal DNS 19 August 2001
http://www.unicode.org/unicode/reports/tr15/.
[UTR21] M. Davis, "Case Mappings", Unicode Technical Report #21,
Dec 1999, http://www.unicode.org/unicode/reports/tr21/.
[UDATA] The Unicode Character Database,
ftp://ftp.unicode.org/Public/UNIDATA/UnicodeData.txt.
The database is described in
ftp://ftp.unicode.org/Public/UNIDATA/
UnicodeCharacterDatabase.html.
[IDNREQ] James Seng, "Requirements of Internationalized Domain
Names", draft-ietf-idn-requirement.
[IANADNS] Donald Eastlake, Eric Brunner, Bill Manning, "Domain Name
System (DNS) IANA Considerations",draft-ietf-dnsext-iana-dns.
[IDNE] Marc Blanchet,Paul Hoffman, "Internationalized domain
names using EDNS (IDNE)", draft-ietf-idn-idne.
[CHNORM] M. Duerst, M. Davis, "Character Normalization in IETF
Protocols", draft-duerst-i18n-norm.
[IDNCOMP] Paul Hoffman, "Comparison of Internationalized Domain Name
Proposals", draft-ietf-idn-compare.
[NAMEPREP] Paul Hoffman, "Comparison of Internationalized Domain Name
Proposals", draft-ietf-idn-compare.
[SACE] Dan Oscarsson, "Simple ASCII Compatible Encoding", draft-
ietf-idn-sace.
[RACE] Paul Hoffman, "RACE: Row-based ASCII Compatible Encoding
for IDN", draft-ietf-idn-race.
6. Acknowledgements
Paul Hoffman giving many comments in our e-mail discussions.
Ideas from drafts by Paul Hoffman, Stuart Kwan, James Gilroy and Kent
Karlsson.
Magnus Gustavsson, Mark Davis, Kent Karlsson and Andrew Draper for
comments on my draft.
Discussions and comments by the members of the IDN working group.
Dan Oscarsson Expires: 19 February 2002 [Page 9]
Internet Draft Universal DNS 19 August 2001
Author's Address
Dan Oscarsson
Telia ProSoft AB
Box 85
201 20 Malmo
Sweden
E-mail: Dan.Oscarsson@trab.se
Dan Oscarsson Expires: 19 February 2002 [Page 10]