Detached Domain Name System (DNS) Information
RFC 2540

 
Document Type RFC - Experimental (March 1999; No errata)
Last updated 2013-03-02
Stream IETF
Formats plain text pdf html
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 2540 (Experimental)
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                        D. Eastlake
Request for Comments: 2540                                           IBM
Category: Experimental                                        March 1999

             Detached Domain Name System (DNS) Information

Status of this Memo

   This memo defines an Experimental Protocol for the Internet
   community.  It does not specify an Internet standard of any kind.
   Discussion and suggestions for improvement are requested.
   Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (1999).  All Rights Reserved.

Abstract

   A standard format is defined for representing detached DNS
   information.  This is anticipated to be of use for storing
   information retrieved from the Domain Name System (DNS), including
   security information, in archival contexts or contexts not connected
   to the Internet.

Table of Contents

   Abstract...................................................1
   1. Introduction............................................1
   2. General Format..........................................2
   2.1 Binary Format..........................................3
   2.2. Text Format...........................................4
   3. Usage Example...........................................4
   4. IANA Considerations.....................................4
   5. Security Considerations.................................4
   References.................................................5
   Author's Address...........................................5
   Full Copyright Statement...................................6

1. Introduction

   The Domain Name System (DNS) is a replicated hierarchical distributed
   database system [RFC 1034, 1035] that can provide highly available
   service.  It provides the operational basis for Internet host name to
   address translation, automatic SMTP mail routing, and other basic
   Internet functions.  The DNS has been extended as described in [RFC
   2535] to permit the general storage of public cryptographic keys in

Eastlake                      Experimental                      [Page 1]
RFC 2540                Detached DNS Information              March 1999

   the DNS and to enable the authentication of information retrieved
   from the DNS though digital signatures.

   The DNS was not originally designed for storage of information
   outside of the active zones and authoritative master files that are
   part of the connected DNS.  However there may be cases where this is
   useful, particularly in connection with archived security
   information.

2. General Format

   The formats used for detached Domain Name System (DNS) information
   are similar to those used for connected DNS information. The primary
   difference is that elements of the connected DNS system (unless they
   are an authoritative server for the zone containing the information)
   are required to count down the Time To Live (TTL) associated with
   each DNS Resource Record (RR) and discard them (possibly fetching a
   fresh copy) when the TTL reaches zero.  In contrast to this, detached
   information may be stored in a off-line file, where it can not be
   updated, and perhaps used to authenticate historic data or it might
   be received via non-DNS protocols long after it was retrieved from
   the DNS.  Therefore, it is not practical to count down detached DNS
   information TTL and it may be necessary to keep the data beyond the
   point where the TTL (which is defined as an unsigned field) would
   underflow.  To preserve information as to the freshness of this
   detached data, it is accompanied by its retrieval time.

   Whatever retrieves the information from the DNS must associate this
   retrieval time with it.  The retrieval time remains fixed thereafter.
   When the current time minus the retrieval time exceeds the TTL for
   any particular detached RR, it is no longer a valid copy within the
   normal connected DNS scheme.  This may make it invalid in context for
   some detached purposes as well.  If the RR is a SIG (signature) RR it
   also has an expiration time.  Regardless of the TTL, it and any RRs
   it signs can not be considered authenticated after the signature
   expiration time.

Eastlake                      Experimental                      [Page 2]
RFC 2540                Detached DNS Information              March 1999

2.1 Binary Format

   The standard binary format for detached DNS information is as
   follows:

                         1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Show full document text