[Search] [txt|pdfized|bibtex] [Tracker] [Email] [Nits]
Versions: 00                                                            
Independent Submission                                               E. Lewis
Internet-Draft                                                          ICANN
Expires: September 9, 2015                                Date: March 9, 2015

                    User Assigned ISO 3166-1 Alpha-2 Codes
                             and the DNS Root Zone



The practice governing the delegation of ASCII two-letter domain names in
the DNS root zone is to follow the ISO 3166-1 standard?s alpha 2 codes.
This standard is maintained by the ISO 3166 Maintenance Agency.  Contained
within the gamut of ISO 3166-1 alpha 2 codes is a set of values designated
as User Assigned.  This document recommends that values designated as user
assigned be reserved from delegation in the root zone.  A specific range of
these codes is assigned expressly for private-use.

Status of This Memo

  This Internet-Draft is submitted in full conformance with the
  provisions of BCP 78 and BCP 79.

  Internet-Drafts are working documents of the Internet Engineering
  Task Force (IETF).  Note that other groups may also distribute
  working documents as Internet-Drafts.  The list of current Internet-
  Drafts is at http://datatracker.ietf.org/drafts/current/.

  Internet-Drafts are draft documents valid for a maximum of six months
  and may be updated, replaced, or obsoleted by other documents at any
  time.  It is inappropriate to use Internet-Drafts as reference
  material or to cite them other than as "work in progress."

  This Internet-Draft will expire on September 9, 2015.

Copyright Notice

  Copyright (c) 2015 IETF Trust and the persons identified as the
  document authors.  All rights reserved.

  This document is subject to BCP 78 and the IETF Trust's Legal
  Provisions Relating to IETF Documents
  (http://trustee.ietf.org/license-info) in effect on the date of
  publication of this document.  Please review these documents
  carefully, as they describe your rights and restrictions with respect
  to this document.  Code Components extracted from this document must
  include Simplified BSD License text as described in Section 4.e of
  the Trust Legal Provisions and are provided without warranty as
  described in the Simplified BSD License.

Table of Contents

  0.  NOTE TO RFC EDITOR AND REVIEWERS  . . . . . . . . . . . . . .   1
  1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   1
  2.  Private-Use Top-Level Domains . . . . . . . . . . . . . . . .   1
  3.  Future-User Top-Level Domains . . . . . . . . . . . . . . . .   1
  4.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   1
  5.  Security Considerations . . . . . . . . . . . . . . . . . . .   1
  6.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .   1
  7.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   1
  8.  Authors' Addresses  . . . . . . . . . . . . . . . . . . . . .   1


A suitable venue for discussion of this document is the dnsop working
group.  Private comments may also be directed at the editor.

This section (and sub-sections) should be removed prior to publication.

There is potential use of standards track language.  For now "MUST NOT/
are not" is in the document, hedging the issue of what track this takes.

This is a -00, comments expected. ;)

1.  Introduction

The practice governing the delegation of ASCII two-letter domain names in
the DNS [STD 13] root zone is to follow the ISO 3166-1 standard [ISO3166-1].
The ISO 3166-1 standard provides for multiple types of codings, with the
ASCII two-letter codes (known as "alpha 2" codes) being used in the DNS to
potentially represent countries and territories as country-code top-level
domains (ccTLDs) [RFC1591]. The interrelationship is documented in "ICANN
and the ISO, A Common Interest in ISO Standard 3166" [ICANNISO].

In addition to these assigned codes, there are values designated as "User
Assigned".  This document recommends that these values designated as Special
Use Domain Names [RFC 6761] be set-aside from possible delegation in the
root zone to enable applications and usages that are either non-global or
use DNS-like identifiers.

Quoting ISO 3166-1:2013 clause 8.1.3 "User-assigned code elements":

   "If users need code elements to represent country names not included
    in this part of ISO 3166, the series of letters AA, QM to QZ, XA to
    XZ, and ZZ, and the series AAA to AAZ, QMA to QZZ, XAA to XZZ, and
    ZZA to ZZZ respectively and the series of numbers 900 to 999 are

    NOTE Users are advised that the above series of codes are not
    universals, those code elements are not compatible between different

For the purposes of this document, ISO 3166-1 "alpha-2 user-assigned codes"
are defined to be AA, QM to QZ, XA to XZ, and ZZ.  The ranges ("to") are
alphabetic and contain only characters in the US-ASCII definition [RFC20].
The codes are case insensitive.

2. Private-Use Top-Level Domains

Two areas of identifier use have been identified that can benefit from the
use of private-use namespace:

 1. Local-only usage. In locally configured environments where
    Internet traffic will not traverse the global Internet. While it is
    preferred that such usages use sub-domains within another domain
    registered for the specific hosting entity, not all such configurations
    have such a domain available. This is analogous to the use of private
    addressing described in [RFC 1918].

 2. Use by DNS-like applications. Some applications use network identifiers
    that are similar in appearance to domain names, and may be interpreted
    by software as domain names, but are not intended to use the global
    DNS resolution service (such as connecting to the DNS root servers via
    port 53 and performing recursive lookups). Using namespace allocated
    for private-use will guard against conflicts with the global DNS
    resolution system.

This document sets aside the range XA to XZ for as private-use TLDs that can
be used to support these two functions. The permanent reservation of these
user-assigned codes for this purpose by the standard allows for the
assumption that these codes will never risk requiring delegation through
future assignment to represent a country or territory.

3. Future-Use Top-Level Domains

It is unclear which future applications may require specific top-level
domains for which delegation and assignment through the regular root zone
management process is not appropriate. This document sets aside the
remaining user-assigned codes AA, QM to QZ, and ZZ, for such purposes.
These codes are reserved for future protocol uses to be defined by a future
Standards Track RFC that updates this document.

4.  IANA Considerations

There currently exists an IANA registry of Special Use Domain Names, where
the alpha-2 user-assigned codes are to be added.  The procedure for adding
names to that registry is defined in "Special-Use Domain Names" [RFC 6761].
The documented procedure is heavily dependent on demonstrated protocol use
of a name that justifies being reserved on the basis of "special use."

This proposal is not based on demonstrated use but rather the need to
provide clarity on what "User Assigned" means in the context of the root
zone, and to document that practice governing delegation in the root zone.
So while this proposal fails the test of RFC 6761, based on other merits,
the alpha-2 user-assigned codes ought to be added to that registry.

This proposal notes that other users of the ISO 3166-1 standard have used
"User Assigned" for other purposes. For example, "XK" is reportedly used in
other applications as a temporary country-code to represent Kosovo. This
reservation means that these User Assigned codes MUST NOT(/are not) be used
in the root zone for applications such as country-code top-level domains.

IANA is requested to:

1. add the alpha-2 user-assigned codes XA to XZ to the Special Use Domain
Names registry, designated as "Private Use".

2. add the alpha-2 user-assigned codes AA, QN to QZ, and ZZ as "Future Use".

4.1 Domain Name Reservation Considerations

Borrowing from RFC 6761, these are necessary definitions of strings
included in the Special Use Domain Name registry.

1.  Users:

     Are human users expected to recognize these names as special and
     use them differently?  In what way?

Not necessarily.  Applications may decide to use names that end with the
alpha-2 user-assigned codes XA to XZ in scenarios where the name usage may
be confused or conflict with the DNS but without the intention of placing
data in the DNS.  This is up to the application and (human) user.

2.  Application Software:

    Are writers of application software expected to make their
    software recognize these names as special and treat them
    differently?  In what way?  (For example, if a human user enters
    such a name, should the application software reject it with an
    error message?)

Applications may elect to use names ending with the alpha-2 user-assigned
codes XA to XZ for usages where the domain is neither required nor intended
to be placed in the root zone.  The purpose of the reservation is to ensure
that any such use is not disrupted by additions to the root zone.

3.  Name Resolution APIs and Libraries:

    Are writers of name resolution APIs and libraries expected to
    make their software recognize these names as special and treat
    them differently?  If so, how?

General purpose API's and libraries interacting with DNS need not be aware
of the special use of names ending in alpha-2 user assigned codes.  Turnkey
API's and libraries can elect to treat names specially and avoid contacting
the root zone to resolve a name.

4.  Caching DNS Servers:

    Are developers of caching domain name servers expected to make
    their implementations recognize these names as special and treat
    them differently?  If so, how?

No, no change to the basic DNS protocol elements.

5.  Authoritative DNS Servers:

    Are developers of authoritative domain name servers expected to
    make their implementations recognize these names as special and
    treat them differently?  If so, how?

No, no change to the basic DNS protocol elements.

6.  DNS Server Operators:

    Does this reserved Special-Use Domain Name have any potential
    impact on DNS server operators?  If they try to configure their
    authoritative DNS server as authoritative for this reserved name,
    will compliant name server software reject it as invalid?  Do DNS
    server operators need to know about that and understand why?
    Even if the name server software doesn't prevent them from using
    this reserved name, are there other ways that it may not work as
    expected, of which the DNS server operator should be aware?

No, the reservations do not, but if names ending with the alpha-2
user-assigned codes are seen in queries, the replies, if stemming from the
root zone, will be RCODE=NXDOMAIN [RFC 2308].

7.  DNS Registries/Registrars:

    How should DNS Registries/Registrars treat requests to register
    this reserved domain name?  Should such requests be denied?
    Should such requests be allowed, but only to a specially-
    designated entity?  (For example, the name "www.example.org" is
    reserved for documentation examples and is not available for
    registration; however, the name is in fact registered; and there
    is even a web site at that name, which states circularly that the
    name is reserved for use in documentation and cannot be

Policy regarding registration of domain name labels is defined in other
operational documents.  (There is a difference between registration and
delegation of names.)

4.2 Other considerations

Other uses of domain names are to consider any names ending in alpha-2
user-assigned codes XA to XZ are reserved for private use.  i.e., Issuance
of an Extended Validation Certificate [EVValidation] with a name contained
in the subjectAltName:dNSName field ending in an alpha-2 user-assigned code
XA to XZ as a name not registered properly under the root zone.

5.  Security Considerations

Names appearing to be domain names ending in alpha-2 user-assigned codes
will be independent of the root zone, hence nothing can be said about their
security implications from the root zone perspective.  Within the root zone
context, the names are not delegated but reported as reserved for this
purpose and noted in the IANA Special Use Domain Name registry.

6.  Acknowledgements

David Conrad, Jaap Akkerhuis, Kal Feher, Andrew Sullivan, Kim Davies[6] so
far have played a role.

7.  References

7.1.  Normative References

[STD 13]   Mockapetris, P., "Domain names - concepts and facilities",
          STD 13, RFC 1034, November 1987 and Mockapetris, P.,
          "Domain names - implementation and specification",
          STD 13, RFC 1035, November 1987.

[RFC 20]   Cerf, V., "ASCII format for network interchange",
          STD 80, RFC 20, October 1969.

[RFC 1591] Postel, J., "Domain Name System Structure and Delegation",
          RFC 1591, March 1994.

[RFC 1918] Rekhter, Y., Moskowitz, B., Karrenberg, D., de Groot, G., and
          E. Lear, "Address Allocation for Private Internets",
          BCP 5, RFC 1918, February 1996.

[RFC 2308] Andrews, M., "Negative Caching of DNS Queries (DNS NCACHE)",
          RFC 2308, March 1998.

[RFC 6761] Cheshire, S. and M. Krochmal, "Special-Use Domain Names",
          RFC 6761, February 2013.

[ISO 3166-1]   ISO 3166-1:2013 "Codes for the representation of names of
              countries and their subdivisions -- Part 1: Country codes"

7.2.  Informative References

7.3.  URIs

[ICANN ISO] https://www.icann.org/resources/pages/

[EVValidation] https://cabforum.org/wp-content/uploads/EV-V1_5_2Libre.pdf

8. Author's Address

   Edward Lewis
   801 17th Street NW
   Suite 401
   Washington DC, 20006 US

Lewis                     Expires September 9, 2015                 [Page  1]