dnsop L. Pan
Internet-Draft
Intended status: Informational Y. Fu
Expires: January 4, 2018 CNNIC
July 3, 2017
SWILD RR Type (Wildcard on Intermediate Nameservers)
draft-pan-dnsop-swild-rr-type-00
Abstract
This document describes a new SWILD RR type for Intermediate
Nameservers to cache subdomain wildcard record, in order to reduce
the cache size and optimize the wildcard domain cache miss.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 4, 2018.
Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Pan & Fu Expires January 4, 2018 [Page 1]
Internet-DraSWILD RR Type (Wildcard on Intermediate Nameserve July 2017
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. The SWILD Resource Record . . . . . . . . . . . . . . . . . . 3
4. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 3
4.1. Authoritative Nameserver . . . . . . . . . . . . . . . . 3
4.2. Intermediate Nameserver: Recursive Resolver . . . . . . . 4
4.2.1. Recursive Resolvers that support SWILD RR . . . . . . 4
4.2.2. Recursive Resolvers that not support SWILD RR . . . . 4
4.3. Intermediate Nameserver: Forwarding Resolvers . . . . . . 4
5. DNS Cache . . . . . . . . . . . . . . . . . . . . . . . . . . 5
6. DNSSEC . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 5
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 5
8.1. Normative References . . . . . . . . . . . . . . . . . . 5
8.2. Informative References . . . . . . . . . . . . . . . . . 6
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6
1. Introduction
[RFC1034] and [RFC4592] described wildcard domain name.
Nowadays wildcard domain is globally used, especially on CDN, P2P,
advertise, anti-virus, DNSBLs service.
Take "*.github.io" for example,
foo.github.io. 3599 IN CNAME github.map.fastly.net.
github.map.fastly.net. 25 IN A 151.101.0.133
github.map.fastly.net. 25 IN A 151.101.192.133
github.map.fastly.net. 25 IN A 151.101.64.133
github.map.fastly.net. 25 IN A 151.101.128.133
Wildcard domain is simple configured on Authoritative Nameserver, but
Intermediate Nameservers have to cache various domains
(xxx.github.io, yyy.github.io, ... ) of the same wildcard domain
configuration.
Moreover, [DNSNoise] found that many of wildcard domains are
disposable (short live time), but with low cache hit rate, increase
cache size.
This document specifies a new SWILD RR type for Intermediate
Nameservers to cache subdomain wildcard record, in order to reduce
the cache size and optimize the wildcard domain cache miss.
Pan & Fu Expires January 4, 2018 [Page 2]
Internet-DraSWILD RR Type (Wildcard on Intermediate Nameserve July 2017
It is OPT-IN, Intermediate Nameservers can choose not to implement or
enable it.
2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
Basic terms used in this specification are defined in the documents
[RFC1034], [RFC1035], [RFC4592], [RFC7719], [RFC7871] and [RFC8020].
Authoritative Nameserver: Described in [RFC1035] Section 6.
Intermediate Nameserver: Described in [RFC7871] Section 4.
Recursive Resolver: Described in [RFC1035] Section 7.
Forwarding Resolver: Described in [RFC2308] Section 1.
3. The SWILD Resource Record
The presentation format of the SWILD RR is as follows:
owner ttl class SWILD target
The "target" is a subdomain of the owner, to indicate that all
subdomains of the "owner" have the same configuration with the
"target".
4. Overview
We use a special character "_" to indicate the wildcard domain
configuration on Intermediate Nameservers, make all the subdomains
CNAME to the "_" subdomain, and generate a SWILD RR "_".
If most of Recursive Resolvers support SWILD RR in the future, "_"
special character is not strictly used for SWILD target.
Take "*.foo.com" for example.
4.1. Authoritative Nameserver
Authoritative Nameserver configures the zonefile of "foo.com":
o add SWILD RR "_" to indicate subdomain wildcard.
o configure "_.foo.com".
Pan & Fu Expires January 4, 2018 [Page 3]
Internet-DraSWILD RR Type (Wildcard on Intermediate Nameserve July 2017
o make "*.foo.com" CNAME to "_.foo.com".
Note that, there is not any other subdomain configured in the
"foo.com" zone except "_.foo.com".
$ORIGIN foo.com.
@ 86400 IN SWILD _
_ 3600 IN CNAME map.bar.net.
* 600 IN CNAME _
4.2. Intermediate Nameserver: Recursive Resolver
4.2.1. Recursive Resolvers that support SWILD RR
Recursive Resolver sends "xxx.foo.com" A RR query to Authoritative
Nameserver, get subdomain wildcard response:
xxx.foo.com. 600 IN CNAME _.foo.com.
_.foo.com. 3600 IN CNAME map.bar.net.
map.bar.net. 600 IN A 202.38.64.10
foo.com. 86400 IN SWILD _.foo.com.
Recursive Resolver knows that SWILD RR is for wildcard domain on
recursive side, marks "_.foo.com" as wildcard domains of "*.foo.com".
In TTL time, if Recursive Resolver receives a "yyy.foo.com" A RR
query, it can directly return this subdomain wildcard response:
yyy.foo.com. 600 IN CNAME _.foo.com.
_.foo.com. 3600 IN CNAME map.bar.net.
map.bar.net. 600 IN A 202.38.64.10
foo.com. 86400 IN SWILD _.foo.com.
4.2.2. Recursive Resolvers that not support SWILD RR
Recursive Resolver can deal with DNS response as usual.
The next time, Recursive Resolver receives a "yyy.foo.com" A RR
query, it can send DNS query to Authoritative Nameserver.
4.3. Intermediate Nameserver: Forwarding Resolvers
Forwarding Resolver sends query to its next-hop Resolver is similar
with Recursive Resolver sends query to Authoritative Nameserver.
Pan & Fu Expires January 4, 2018 [Page 4]
Internet-DraSWILD RR Type (Wildcard on Intermediate Nameserve July 2017
5. DNS Cache
Intermediate Nameservers' cache size can be reduced, avoid to cache
various domains of the same wildcard domain configuration.
Intermediate Nameservers' cache hit rate will rise, avoid to query
Authoritative Nameserver for the same wildcard domain configuration.
6. DNSSEC
Clients and DNSSEC-Enabled Intermediate Nameservers can use DNSSEC to
validate all the responses with the Authoritative Nameserver.
DNSSEC-Enabled Intermediate Nameservers can only validate the SWILD
RRSIG of "foo.com" and the RRSIGs of "_.foo.com", not need to
validate the CNAME RRSIG of "yyy.foo.com".
7. Acknowledgements
Thanks to all in the DNSOP, DNSPRIV and DNSEXT mailing list.
8. References
8.1. Normative References
[RFC1034] Mockapetris, P., "Domain Names - Concepts and Facilities",
RFC 1034, November 1987.
[RFC1035] Mockapetris, P., "Domain Names - Implementation and
Specification", RFC 1035, November 1987.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", RFC 2119, March 1997.
[RFC2308] Andrews, M., "Negative Caching of DNS Queries (DNS
NCACHE)", RFC 2308, March 1998.
[RFC4592] Lewis, E., "The Role of Wildcards in the Domain Name
System", RFC 4592, July 2006.
[RFC7719] Hoffman, P., Sullivan, A., and K. Fujiwara, "DNS
Terminology", RFC 7719, December 2015.
[RFC7871] Contavalli, C., van der Gasst, W., Lawrence, D., and W.
Kumari, "Client Subnet in DNS Queries", RFC 7871, May
2016.
Pan & Fu Expires January 4, 2018 [Page 5]
Internet-DraSWILD RR Type (Wildcard on Intermediate Nameserve July 2017
[RFC8020] Bortzmeyer, S. and S. Huque, "NXDOMAIN: There Really Is
Nothing Underneath", RFC 8020, Nov 2016.
8.2. Informative References
[DNSNoise]
"DNS Noise: Measuring the Pervasiveness of Disposable
Domains in Modern DNS Traffic",
<http://ieeexplore.ieee.org/document/6903614/>.
Authors' Addresses
Lanlan Pan
Beijing
China
Email: abbypan@gmail.com
URI: https://github.com/abbypan
Yu Fu
CNNIC
No.4 South 4th Street, Zhongguancun
Beijing
China
Email: fuyu@cnnic.cn
Pan & Fu Expires January 4, 2018 [Page 6]