< draft-fujiwara-dnsop-additional-answers-00.txt   draft-fujiwara-dnsop-additional-answers-01.txt >
Network Working Group K. Fujiwara Network Working Group K. Fujiwara
Internet-Draft JPRS Internet-Draft JPRS
Intended status: Informational October 29, 2017 Intended status: Informational January 10, 2018
Expires: May 2, 2018 Expires: July 14, 2018
Returning additional answers in DNS responses Returning additional answers in DNS responses
draft-fujiwara-dnsop-additional-answers-00 draft-fujiwara-dnsop-additional-answers-01
Abstract Abstract
This document proposes to document the ability to provide multiple This document proposes to document the ability to provide multiple
answers in single DNS response. For example, authoritative servers answers in single DNS response. For example, authoritative servers
may add a NSEC resource record or A/AAAA resource records of the may add a NSEC resource record or A/AAAA resource records of the
query name. This is especially useful as, in many cases, the entity query name. This is especially useful as, in many cases, the entity
making the request has no a priori knowledge of what other questions making the request has no a priori knowledge of what other questions
it will need to ask. It is already possible (an authoritative server it will need to ask. It is already possible (an authoritative server
MAY already sends what it wants in the additional section). This MAY already sends what it wants in the additional section). This
skipping to change at page 1, line 38 skipping to change at page 1, line 38
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on May 2, 2018. This Internet-Draft will expire on July 14, 2018.
Copyright Notice Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Background . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Background . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
4. Returning multiple answers . . . . . . . . . . . . . . . . . 4 4. Returning multiple answers . . . . . . . . . . . . . . . . . 4
5. Possible additional answers . . . . . . . . . . . . . . . . . 4 5. Possible additional answers . . . . . . . . . . . . . . . . . 4
6. Stub-Resolver Considerations . . . . . . . . . . . . . . . . 4 6. Stub-Resolver Considerations . . . . . . . . . . . . . . . . 5
7. Use of Additional information . . . . . . . . . . . . . . . . 5 7. Use of Additional information . . . . . . . . . . . . . . . . 5
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5
9. Security Considerations . . . . . . . . . . . . . . . . . . . 5 9. Security Considerations . . . . . . . . . . . . . . . . . . . 5
10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 5 10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 6
11. Change History . . . . . . . . . . . . . . . . . . . . . . . 6 11. Change History . . . . . . . . . . . . . . . . . . . . . . . 6
11.1. 00 to 01 . . . . . . . . . . . . . . . . . . . . . . . . 6
12. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 6
12.1. Normative References . . . . . . . . . . . . . . . . . . 6 12.1. Normative References . . . . . . . . . . . . . . . . . . 6
12.2. Informative References . . . . . . . . . . . . . . . . . 7 12.2. Informative References . . . . . . . . . . . . . . . . . 7
Appendix A. Comparisons of multiple response proposals . . . . . 7 Appendix A. Comparisons of multiple response proposals . . . . . 7
A.1. draft-wkumari-dnsop-multiple-responses . . . . . . . . . 7 A.1. draft-wkumari-dnsop-multiple-responses . . . . . . . . . 7
A.2. draft-fujiwara-dnsop-additional-answers . . . . . . . . . 7 A.2. draft-fujiwara-dnsop-additional-answers . . . . . . . . . 8
A.3. draft-bellis-dnsext-multi-qtypes . . . . . . . . . . . . 7 A.3. draft-bellis-dnsext-multi-qtypes . . . . . . . . . . . . 8
A.4. draft-yao-dnsop-accompanying-questions . . . . . . . . . 8 A.4. draft-yao-dnsop-accompanying-questions . . . . . . . . . 8
A.5. QDCOUNT>1 idea . . . . . . . . . . . . . . . . . . . . . 8 A.5. draft-vavrusa-dnsop-aaaa-for-free . . . . . . . . . . . . 8
A.6. Comparison chart . . . . . . . . . . . . . . . . . . . . 8 A.6. QDCOUNT>1 idea . . . . . . . . . . . . . . . . . . . . . 8
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 8 A.7. Comparison chart . . . . . . . . . . . . . . . . . . . . 9
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 9
1. Introduction 1. Introduction
[I-D.wkumari-dnsop-multiple-responses] proposes pseudo resource [I-D.wkumari-dnsop-multiple-responses] proposes pseudo resource
record that controls resource records added into additional section. record that controls resource records added into additional section.
It offers any combinations of owner names and record types that are It offers any combinations of owner names and record types that are
added into additional section. added into additional section.
In many cases, combinations are limited and DNS software developers In many cases, combinations are limited and DNS software developers
knows well. This document proposes that DNS server software knows well. This document proposes that DNS server software
skipping to change at page 4, line 29 skipping to change at page 4, line 32
o To prove the non-existence of the resource record type, additional o To prove the non-existence of the resource record type, additional
records may be NSEC/NSEC3 resource records for the query name and records may be NSEC/NSEC3 resource records for the query name and
some other query names (for example, TLSA owner name). Validating some other query names (for example, TLSA owner name). Validating
resolvers can generate negative NODATA/NXDOMAIN response with resolvers can generate negative NODATA/NXDOMAIN response with
Aggressive Use of DNSSEC-validated cache [RFC8198]. Aggressive Use of DNSSEC-validated cache [RFC8198].
o Responses with additional records fit in the required response o Responses with additional records fit in the required response
size. size.
Additional records may be controlled by server configuration.
"enable additional a/aaaa" or "enable additonal nsec*" options are
possible.
5. Possible additional answers 5. Possible additional answers
Possible query and additional records pairs are: Possible query and additional records pairs are:
o NAME A : NAME AAAA (or NAME NSEC/NSEC3) o NAME A : NAME AAAA (or NAME NSEC/NSEC3)
o NAME AAAA : NAME A (or NAME NSEC/NSEC3) o NAME AAAA : NAME A (or NAME NSEC/NSEC3)
o NAME MX : mail exchange A/AAAA (and/or mail exchange NSEC/NSEC3) o NAME MX : mail exchange A/AAAA (and/or mail exchange NSEC/NSEC3)
skipping to change at page 6, line 10 skipping to change at page 6, line 16
The author acknowledges authors of The author acknowledges authors of
[I-D.wkumari-dnsop-multiple-responses] because many part of idea and [I-D.wkumari-dnsop-multiple-responses] because many part of idea and
texts are copied from the draft. texts are copied from the draft.
The author would like to specifically thank Stephane Bortzmeyer for The author would like to specifically thank Stephane Bortzmeyer for
extensive review and comments. extensive review and comments.
11. Change History 11. Change History
11.1. 00 to 01
Sync with IETF 100 presentation
o Added system wide configration that controls additional records
o Added "draft-vavrusa-dnsop-aaaa-for-free"
o Updated comparison table
12. References 12. References
12.1. Normative References 12.1. Normative References
[I-D.ietf-dnsop-terminology-bis] [I-D.ietf-dnsop-terminology-bis]
Hoffman, P., Sullivan, A., and K. Fujiwara, "DNS Hoffman, P., Sullivan, A., and K. Fujiwara, "DNS
Terminology", draft-ietf-dnsop-terminology-bis-07 (work in Terminology", draft-ietf-dnsop-terminology-bis-08 (work in
progress), October 2017. progress), November 2017.
[I-D.wkumari-dnsop-multiple-responses] [I-D.wkumari-dnsop-multiple-responses]
Kumari, W., Yan, Z., Hardaker, W., and D. Lawrence, Kumari, W., Yan, Z., Hardaker, W., and D. Lawrence,
"Returning extra answers in DNS responses.", draft- "Returning extra answers in DNS responses.", draft-
wkumari-dnsop-multiple-responses-05 (work in progress), wkumari-dnsop-multiple-responses-05 (work in progress),
July 2017. July 2017.
[RFC1034] Mockapetris, P., "Domain names - concepts and facilities", [RFC1034] Mockapetris, P., "Domain names - concepts and facilities",
STD 13, RFC 1034, DOI 10.17487/RFC1034, November 1987, STD 13, RFC 1034, DOI 10.17487/RFC1034, November 1987,
<https://www.rfc-editor.org/info/rfc1034>. <https://www.rfc-editor.org/info/rfc1034>.
skipping to change at page 7, line 9 skipping to change at page 7, line 25
2015, <https://www.rfc-editor.org/info/rfc7719>. 2015, <https://www.rfc-editor.org/info/rfc7719>.
[RFC8198] Fujiwara, K., Kato, A., and W. Kumari, "Aggressive Use of [RFC8198] Fujiwara, K., Kato, A., and W. Kumari, "Aggressive Use of
DNSSEC-Validated Cache", RFC 8198, DOI 10.17487/RFC8198, DNSSEC-Validated Cache", RFC 8198, DOI 10.17487/RFC8198,
July 2017, <https://www.rfc-editor.org/info/rfc8198>. July 2017, <https://www.rfc-editor.org/info/rfc8198>.
12.2. Informative References 12.2. Informative References
[I-D.bellis-dnsext-multi-qtypes] [I-D.bellis-dnsext-multi-qtypes]
Bellis, R., "DNS Multiple QTYPEs", draft-bellis-dnsext- Bellis, R., "DNS Multiple QTYPEs", draft-bellis-dnsext-
multi-qtypes-04 (work in progress), July 2017. multi-qtypes-05 (work in progress), January 2018.
[I-D.vavrusa-dnsop-aaaa-for-free]
marek@vavrusa.com, m. and O. Gu[eth]mundsson, "Providing
AAAA records for free with QTYPE=A", draft-vavrusa-dnsop-
aaaa-for-free-00 (work in progress), March 2016.
[I-D.yao-dnsop-accompanying-questions] [I-D.yao-dnsop-accompanying-questions]
Yao, J., Vixie, P., Kong, N., and X. Lee, "A DNS Query Yao, J., Vixie, P., Kong, N., and X. Lee, "A DNS Query
including A Main Question with Accompanying Questions", including A Main Question with Accompanying Questions",
draft-yao-dnsop-accompanying-questions-04 (work in draft-yao-dnsop-accompanying-questions-04 (work in
progress), September 2017. progress), September 2017.
Appendix A. Comparisons of multiple response proposals Appendix A. Comparisons of multiple response proposals
A.1. draft-wkumari-dnsop-multiple-responses A.1. draft-wkumari-dnsop-multiple-responses
skipping to change at page 8, line 13 skipping to change at page 8, line 33
different owner names. different owner names.
A.4. draft-yao-dnsop-accompanying-questions A.4. draft-yao-dnsop-accompanying-questions
[I-D.yao-dnsop-accompanying-questions] proposes new EDNS option that [I-D.yao-dnsop-accompanying-questions] proposes new EDNS option that
carry additional query names, query types and rcodes. carry additional query names, query types and rcodes.
New authoritative server software required. New full-service New authoritative server software required. New full-service
resolver software required. No configuration. resolver software required. No configuration.
A.5. QDCOUNT>1 idea A.5. draft-vavrusa-dnsop-aaaa-for-free
[I-D.vavrusa-dnsop-aaaa-for-free] proposes additional AAAA resource
records in answer section. New authoritative server software
required. New full-service resolver software required because
existing full-service resolvers ignore additional AAAA resource
records. No configuration.
A.6. QDCOUNT>1 idea
No drafts. QDCOUNT is not limited to 1 in [RFC1035]. No drafts. QDCOUNT is not limited to 1 in [RFC1035].
No protocol changes between authoritative servers and full-service No protocol changes between authoritative servers and full-service
resolvers, however, some implementations (For example, BIND 9, NSD, resolvers, however, some implementations (For example, BIND 9, NSD,
Unbound) treats QDCOUNT>1 as FORMERR. New authoritative server Unbound) treats QDCOUNT>1 as FORMERR. New authoritative server
software required. New full-service resolver software required. software required. New full-service resolver software required.
Supports different owner names and types, however, it cannot answer Supports different owner names and types, however, it cannot answer
different rcodes. No configuration. A database that each IP address different rcodes. No configuration. A database that each IP address
support QDCOUNT>1 is required in full-service resolvers. support QDCOUNT>1 is required in full-service resolvers.
A.6. Comparison chart A.7. Comparison chart
------------------+---------+----------+----------+----------+--------- ----------------+-----------+----------+---------+---------+------------
Draft | wkumari | fujiawra | bellis | yao |QDCOUNT>1 Draft |additional |multiple |aaaa for | multi |accompanying
------------------+---------+----------+----------+----------+--------- |answers |responses |free | qtypes |querstions
Protocol change | No | No | Yes | Yes | Yes ----------------+-----------+----------+---------+---------+------------
New Auth soft | Yes | Yes | Yes | Yes | Yes Protocol change | No | No | Yes? | Yes | Yes
code size | some | little | large? | large? | large? Code size | little | some | little | large? | large?
New Resolver soft | No | No | Required | Required | Required Resolver modification No | No | Yes? | Yes | Yes
Config complexity | Yes | No | No | No | No Config complexity| No | Yes | No | No | No
Multiple names | Yes | Yes | No | Yes | maybe Multiple names | Yes | Yes | No | No | Yes
Multiple types | Yes | Yes | Yes | Yes | Yes Multiple types | Yes | Yes | AAAA | Yes | Yes
Multiple rcodes | --- | --- | need not | Yes | No Multiple rcodes | (NSEC*) | --- | --- | --- | Yes
Require DNSSEC | (Yes) | (Yes) | No | No | No Negative response | Yes | No | No | Yes | Yes
Response fat if | config | always | query | query | query Fat response if | always | config | always | query | query
Stub support ? | No | No | possible | possible | possible Stub support ? | No | No | ? | possible| possible
IP addr Database | No | No | EDNS | EDNS | New Deployment | easy | easy | gradual | gradual | gradual
Deploy? | Easy | Easy | Yes? | Yes? | No? Require DNSSEC | (Yes) | (Yes) | No | No | No
------------------+---------+----------+----------+----------+--------- IP addr Database| No | No | No | EDNS | EDNS
----------------+-----------+----------+---------+---------+------------
Author's Address Author's Address
Kazunori Fujiwara Kazunori Fujiwara
Japan Registry Services Co., Ltd. Japan Registry Services Co., Ltd.
Chiyoda First Bldg. East 13F, 3-8-1 Nishi-Kanda Chiyoda First Bldg. East 13F, 3-8-1 Nishi-Kanda
Chiyoda-ku, Tokyo 101-0065 Chiyoda-ku, Tokyo 101-0065
Japan Japan
Phone: +81 3 5215 8451 Phone: +81 3 5215 8451
Email: fujiwara@jprs.co.jp Email: fujiwara@jprs.co.jp
 End of changes. 17 change blocks. 
34 lines changed or deleted 65 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/