[Docs] [txt|pdf] [Tracker] [Email] [Nits]

Versions: 00

Network Working Group                                             J. Yao
Internet-Draft                                                    X. Lee
Intended status: Informational                                     CNNIC
Expires: May 17, 2012                                  November 14, 2011


             xNAME loop detection and its usage suggestion
                   draft-yao-dnsop-xname-loop-00.txt

Abstract

   The Domain Name System (DNS) has provided some means, such as CNAME
   or DNAME, where a query can be redirected to a different name.  The
   zone operator should be careful about this redirection, which may
   forms a loop.  The detail analysis of xNAME loop detection and its
   impacts are not specified in the RFC 1035 and RFC 2672.  This
   document gives a detail analysis of xNAME loop and its impacts.  It
   also gives some advices for using xNAME.

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on May 17, 2012.

Copyright Notice

   Copyright (c) 2011 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of



Yao & Lee                 Expires May 17, 2012                  [Page 1]


Internet-Draft                    bname                    November 2011


   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

   This document may contain material from IETF Documents or IETF
   Contributions published or made publicly available before November
   10, 2008.  The person(s) controlling the copyright in some of this
   material may not have granted the IETF Trust the right to allow
   modifications of such material outside the IETF Standards Process.
   Without obtaining an adequate license from the person(s) controlling
   the copyright in such materials, this document may not be modified
   outside the IETF Standards Process, and derivative works of it may
   not be created outside the IETF Standards Process, except to format
   it for publication as an RFC or to translate it into languages other
   than English.


Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . . 3
     1.1.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . 3
   2.  Single xNAME  . . . . . . . . . . . . . . . . . . . . . . . . . 3
     2.1.  a CNAME b . . . . . . . . . . . . . . . . . . . . . . . . . 4
     2.2.  a DNAME b . . . . . . . . . . . . . . . . . . . . . . . . . 4
     2.3.  a BNAME b . . . . . . . . . . . . . . . . . . . . . . . . . 4
   3.  Single-mapping and Multi-mapping  . . . . . . . . . . . . . . . 4
   4.  Combination of xNAMEs . . . . . . . . . . . . . . . . . . . . . 4
     4.1.  Combination of xNAMEs of the same type  . . . . . . . . . . 4
       4.1.1.  CNAME chain . . . . . . . . . . . . . . . . . . . . . . 4
       4.1.2.  DNAME chain . . . . . . . . . . . . . . . . . . . . . . 5
       4.1.3.  BNAME chain . . . . . . . . . . . . . . . . . . . . . . 5
     4.2.  Combination of xNAMEs of the different types  . . . . . . . 6
   5.  Suggestion of xNAME use . . . . . . . . . . . . . . . . . . . . 7
   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 7
   7.  Security Considerations . . . . . . . . . . . . . . . . . . . . 7
   8.  Change History  . . . . . . . . . . . . . . . . . . . . . . . . 7
     8.1.  draft-yao-dnsop-xNAME-loop: Version 00  . . . . . . . . . . 7
   9.  References  . . . . . . . . . . . . . . . . . . . . . . . . . . 8
     9.1.  Normative References  . . . . . . . . . . . . . . . . . . . 8
     9.2.  Informative References  . . . . . . . . . . . . . . . . . . 8
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . . . 8











Yao & Lee                 Expires May 17, 2012                  [Page 2]


Internet-Draft                    bname                    November 2011


1.  Introduction

   RFC 1035 defines the canonical name (CNAME) RR, which directs itself
   to other names.  RFC 2672 defines the DNAME RR, which directs its
   descedants to other names.  There has been a proposal for another
   redirection RR, "BNAME", which will direct both itself and its
   descedants to other names.  In addition, as specified in [RFC2672],
   redirection through a DNAME also results in the synthesis of a CNAME
   RR in the response; as described in [I-D.yao-dnsext-bname],
   redirection through a BNAME also results in the synthesis of a CNAME
   RR in the response In this document, we will refer to all RRs causing
   such redirection as xNAME RRs.  Naming loops can be created with
   CNAME, DNAME or BNAME record alone, or any combinations of CNAME,
   DNAME and BNAME records.  Implementors should note, however, that
   fairly lengthy chains of xNAME records may be valid.  The zone
   operator should be careful about this redirection, which may forms a
   loop.  However, the detail analysis of name loop detection and its
   impacts are not specified in the RFC 1035 and RFC 2672.  This
   document gives a detail analysis of xNAME loop and its impacts.  It
   also gives some advices for using xNAME.

   xNAME RRs can be explicitly retrieved by querying for the xNAME type.
   When a different type is queried and an xNAME RR is encountered, the
   xNAME RR (and possibly a synthesized CNAME) is added to the answer of
   the response, and the query is restarted with the name to which it
   was redirected.  An xNAME may redirect a query to a name at which
   there is another xNAME and so on.  In this document, we use "xNAME
   chain" to refer to a series of one or more xNAMEs each of which
   refers to another xNAME except the last, which may refer to a non-
   xNAME or results in an error.

1.1.  Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119]

   All the basic terms used in this specification are defined in the
   documents [RFC1034] and [RFC1035].


2.  Single xNAME

   If there is only one xNAME which does not creat any chain, it will
   not cause a xNAME loop.






Yao & Lee                 Expires May 17, 2012                  [Page 3]


Internet-Draft                    bname                    November 2011


2.1.  a CNAME b

   A single CNAME RR identifies its owner name as an alias.  If a CNAME
   b, and b refers to a non-xNAME or results in an error, it will not
   cause the loop.

2.2.  a DNAME b

   A single DNAME RR directs its descedants to other names.  If a DNAME
   b, and b refers to a non-xNAMEor results in an error, it will not
   cause the loop.

2.3.  a BNAME b

   A single BNAME RR directs both the owner name itself and its
   descedants to other names.  If a BNAME b, and b refers to a non-xNAME
   or results in an error, it will not cause the loop.


3.  Single-mapping and Multi-mapping

   The resource record "a CNAME b" creates a one-to-one mapping, which
   means that name a is redirected to b.  We call such mapping as
   single-mapping, and such xNAME as single-mapping xNAME.  The resource
   record "a DNAME b" or "a BNAME b" create a many-to-many mapping,
   which means that many names under a is redirected to many names under
   b.  We call such mapping as multi-mapping, and such xNAME as multi-
   mapping xNAME.


4.  Combination of xNAMEs

4.1.  Combination of xNAMEs of the same type

   It is possible to form a xNAME loop due to the same types.

4.1.1.  CNAME chain

   CNAME can form a long chain.  We can chain together CNAME records,
   which may lead to create a CNAME loop.  For example,

      a CNAME b
      b CNAME c
      c CNAME d

   In this case, d may point to another CNAME or a non-xNAME or results
   in an error.  CNAME is a kind of one to one mapping, which means that
   one name points or maps to only one name.  The resolver can detect



Yao & Lee                 Expires May 17, 2012                  [Page 4]


Internet-Draft                    bname                    November 2011


   the loop, just following the chain.

4.1.2.  DNAME chain

   DNAME can form a long chain.  We can chain together DNAME records,
   which may lead to create a DNAME loop.  For example,

      a DNAME b
      b DNAME c
      c DNAME d

   In this case, d may point to another DNAME or a non-xNAME or results
   in an error.  DNAME is a kind of many to many mapping, which means
   that many names point or map to many names.  The resolver can not
   easily detect the loop.  Using the example above, for any X which is
   a valid name string, we have

      X.a CNAME X.b
      X.b CNAME X.c
      X.c CNAME X.d

   In this case, in order to detect whether it forms a loop, it must
   check every name under "d" domain while "d" may have millions of
   names or thousands of sub-zones.  If the domain "a" and "d" are not
   under the control of the same owner, detection of dname loop are
   impossilbe if "a" and "d" have too many childrens.

4.1.3.  BNAME chain

   BNAME can form a long chain. we can chain together BNAME records,
   which may lead to create a BNAME loop.  For example,

      a BNAME b
      b BNAME c
      c BNAME d

   In this case, d may point to another BNAME or a non-xNAME or results
   in an error.  BNAME is a kind of many to many mapping, which means
   that many names point or map to many names.  The resolver can not
   easily detect the loop.  Using the example above, for any X which is
   a valid name string, we have

      X.a CNAME X.b
      X.b CNAME X.c
      X.c CNAME X.d

   In this case, in order to detect whether it forms a loop, it must
   check every name under "d" domain while "d" may have millions of



Yao & Lee                 Expires May 17, 2012                  [Page 5]


Internet-Draft                    bname                    November 2011


   names or thousands of sub-zones.  If the domain "a" and "d" are not
   under the control of the same owner, detection of dname loop are
   impossilbe if "a" and "d" have too many childrens.  On the other
   hand, since the BNAME also maps the owner name itself, we also have

      a CNAME b;
      b CNAME c;
      c CNAME d;

   For this case, it is easy to detect the name loop.  But in the whole,
   it is not easy to detect the BNAME loop.

4.2.  Combination of xNAMEs of the different types

   If there are many different types of xNAME in the chain, it is very
   difficulty to identify the loop.

   Different xNAMEs can form a long chain.  We can chain together
   different xNAME records, which may lead to create a xNAME loop.  For
   example,

      a xNAME b;
      x xNAME c;

   if xNAME is DNAME or BNAME, it will creat a many to many mapping; if
   it is CNAME, it will create a one to one mapping.  For the example
   above, we can divid it into 4 cases: For the case 1:

      a Single-mapping  b;
      x Single-mapping  c;

   For the case 2:

      a Multi-mapping b;
      x Multi-mapping c;

   For the case 3:

      a Single-mapping b;
      x Multi-mapping c;

   For the case 4:

      a Multi-mapping b;
      x Single-mapping c;

   In the cases above for the example provided in this section, the user
   may easily detect the loop for the case 1.  For other cases, it is



Yao & Lee                 Expires May 17, 2012                  [Page 6]


Internet-Draft                    bname                    November 2011


   very difficult to detect the mapping since Multi-mapping create
   complex mappling which is not easily detected.

   There are other more complex examples.  But one thing is clear.  If
   Multi-mapping xNAME is involved, it will create the complex of
   detecting of the loop of xNAME.


5.  Suggestion of xNAME use

   If the xNAME chain is formed with single-mapping xNAME only, it can
   easily check the xNAME loop.  But when multi-mapping xNAME is added
   into the chain, it makes the xNAME detection very difficult.

   In order to avoid the possible loop, the following suggestions should
   be considered:

   1.  If there is a xNAME chain, it is better that all names related to
       xNAME records are under the control of the same owner.
   2.  If there is a xNAME chain, the shortes chain is preferred.
   3.  If there is a xNAME chain, there should have only one multi-
       mapping xNAME
   4.  Adding a new xNAME to a xNAME chain, the 1, 2 and 3 requirements
       listed above should be considered to check whether the new xNAME
       should be configured.


6.  IANA Considerations

   IANA is requested to do nothing for this document


7.  Security Considerations

   TBD


8.  Change History

   [[anchor16: RFC Editor: Please remove this section.]]

8.1.  draft-yao-dnsop-xNAME-loop: Version 00

   o  xNAME loop detection


9.  References




Yao & Lee                 Expires May 17, 2012                  [Page 7]


Internet-Draft                    bname                    November 2011


9.1.  Normative References

   [RFC1034]  Mockapetris, P., "Domain names - concepts and facilities",
              STD 13, RFC 1034, November 1987.

   [RFC1035]  Mockapetris, P., "Domain names - implementation and
              specification", STD 13, RFC 1035, November 1987.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC2672]  Crawford, M., "Non-Terminal DNS Name Redirection",
              RFC 2672, August 1999.

9.2.  Informative References

   [I-D.yao-dnsext-bname]
              Yao, J., Lee, X., and P. Vixie, "Bundled DNS Name
              Redirection", draft-yao-dnsext-bname-05 (work in
              progress), August 2010.

   [RFC2672bis]
              Rose, S. and W. Wijngaards, "Update to DNAME Redirection
              in the DNS", Internet-Draft ietf-dnsext-rfc2672bis-dname-
              17.txt, 6 2009.


Authors' Addresses

   Jiankang YAO
   CNNIC
   No.4 South 4th Street, Zhongguancun
   Beijing

   Phone: +86 10 58813007
   Email: yaojk@cnnic.cn


   Xiaodong LEE
   CNNIC
   No.4 South 4th Street, Zhongguancun
   Beijing

   Phone: +86 10 58813020
   Email: lee@cnnic.cn






Yao & Lee                 Expires May 17, 2012                  [Page 8]


Html markup produced by rfcmarkup 1.129c, available from https://tools.ietf.org/tools/rfcmarkup/