draft-ietf-dnsind-notify-06.txt   draft-ietf-dnsind-notify-07.txt 
DNSIND Working Group Paul Vixie (ISC) DNSIND Working Group Paul Vixie (ISC)
<draft-ietf-dnsind-notify-06.txt> <draft-ietf-dnsind-notify-07.txt>
Updates: RFC 1035 Updates: RFC 1035
A Mechanism for Prompt Notification of Zone Changes (DNS NOTIFY) A Mechanism for Prompt Notification of Zone Changes (DNS NOTIFY)
Status of this Memo Status of this Memo
This document is an Internet-Draft. Internet-Drafts are working This document is an Internet-Draft. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas, documents of the Internet Engineering Task Force (IETF), its areas,
and its working groups. Note that other groups may also distribute and its working groups. Note that other groups may also distribute
skipping to change at page 3, line 23 skipping to change at page 3, line 23
may be interested, the master may send the changed RR's name, class, may be interested, the master may send the changed RR's name, class,
type, and optionally, new RDATA(s), to each known slave server using a type, and optionally, new RDATA(s), to each known slave server using a
best efforts protocol based on the NOTIFY opcode. best efforts protocol based on the NOTIFY opcode.
3.2. NOTIFY uses the DNS Message Format, although it uses only a subset 3.2. NOTIFY uses the DNS Message Format, although it uses only a subset
of the available fields. Fields not otherwise described herein are to of the available fields. Fields not otherwise described herein are to
be filled with binary zero (0), and implementations must ignore all be filled with binary zero (0), and implementations must ignore all
messages for which this is not the case. messages for which this is not the case.
3.3. NOTIFY is similar to QUERY in that it has a request message with 3.3. NOTIFY is similar to QUERY in that it has a request message with
the header QR flag ``set'' and a response message with QR ``clear''. the header QR flag ``clear'' and a response message with QR ``set''.
The response message contains no useful information, but its reception The response message contains no useful information, but its reception
by the master is an indication that the slave has received the NOTIFY by the master is an indication that the slave has received the NOTIFY
and that the master can remove the slave from any retry queue for this and that the master can remove the slave from any retry queue for this
NOTIFY event. NOTIFY event.
3.4. A master repeatedly sends a NOTIFY request to a slave until either 3.4. The transport protocol used for a NOTIFY transaction will be UDP
too many copies have been sent (a ``timeout''), an ICMP message unless the master has reason to believe that TCP is necessary; for
indicating that the port is unreachable, or until a NOTIFY response is example, if a firewall has been installed between master and slave, and
received from the slave with a matching query ID, QNAME, and IP source only TCP has been allowed; or, if the changed RR is too large to fit in
address. a UDP/DNS datagram.
3.5. If TCP is used, both master and slave must continue to offer name
service during the transaction, even when the TCP transaction is not
making progress. The NOTIFY request is sent once, and a ``timeout'' is
said to have occurred if no NOTIFY response is received within a
reasonable interval.
3.6. If UDP is used, a master periodically sends a NOTIFY request to a
slave until either too many copies have been sent (a ``timeout''), an
ICMP message indicating that the port is unreachable, or until a NOTIFY
response is received from the slave with a matching query ID, QNAME, IP
source address, and UDP source port number.
Note: Note:
The interval between retransmissions, and the total number of The interval between transmissions, and the total number of
retransmissions, should be operational parameters specifiable by the retransmissions, should be operational parameters specifiable by the
name server administrator, perhaps on a per-zone basis. Reasonable name server administrator, perhaps on a per-zone basis. Reasonable
defaults are a 60 second interval and 5 attempts. It is also defaults are a 60 second interval (or timeout if using TCP), and a
reasonable to use additive or exponential backoff for the retry maximum of 5 retransmissions (for UDP). It is considered reasonable
interval. to use additive or exponential backoff for the retry interval.
3.4. A NOTIFY request has QCOUNT>0, ANCOUNT>=0, AUCOUNT>=0, ADCOUNT>=0. 3.7. A NOTIFY request has QDCOUNT>0, ANCOUNT>=0, AUCOUNT>=0, ADCOUNT>=0.
If ANCOUNT>0, then the answer section represents an unsecure hint at the If ANCOUNT>0, then the answer section represents an unsecure hint at the
new RRset for this <QNAME,QCLASS,QTYPE>. A slave receiving such a hint new RRset for this <QNAME,QCLASS,QTYPE>. A slave receiving such a hint
is free to treat equivilence of this answer section with its local data is free to treat equivilence of this answer section with its local data
as a ``no further work needs to be done'' indication. If ANCOUNT=0, or as a ``no further work needs to be done'' indication. If ANCOUNT=0, or
ANCOUNT>0 and the answer section differs from the slave's local data, ANCOUNT>0 and the answer section differs from the slave's local data,
then the slave should query its known masters to retrieve the new data. then the slave should query its known masters to retrieve the new data.
3.5. In no case shall the answer section of a NOTIFY request be used to 3.8. In no case shall the answer section of a NOTIFY request be used to
update a slave's local data, or to indicate that a zone transfer needs update a slave's local data, or to indicate that a zone transfer needs
to be undertaken, or to change the slave's zone refresh timers. Only a to be undertaken, or to change the slave's zone refresh timers. Only a
``data present; data same'' condition can lead a slave to act ``data present; data same'' condition can lead a slave to act
differently if ANCOUNT>0 than it would if ANCOUNT=0. differently if ANCOUNT>0 than it would if ANCOUNT=0.
3.6. This version of the NOTIFY specification makes no use of the 3.9. This version of the NOTIFY specification makes no use of the
authority or additional data sections, and so conforming implementations authority or additional data sections, and so conforming implementations
should set AUCOUNT=0 and ADCOUNT=0 when transmitting requests. Since a should set AUCOUNT=0 and ADCOUNT=0 when transmitting requests. Since a
future revision of this specification may define a backwards compatible future revision of this specification may define a backwards compatible
use for either or both of these sections, current implementations must use for either or both of these sections, current implementations must
ignore these sections, but not the entire message, if AUCOUNT>0 and/or ignore these sections, but not the entire message, if AUCOUNT>0 and/or
ADCOUNT>0. ADCOUNT>0.
3.7. If a slave receives a NOTIFY request from a host that is not a 3.10. If a slave receives a NOTIFY request from a host that is not a
known master for the zone containing the QNAME, it should ignore the known master for the zone containing the QNAME, it should ignore the
request and produce an error message in its operations log. request and produce an error message in its operations log.
Note: Note:
This implies that slaves of a multihomed master must either know This implies that slaves of a multihomed master must either know
their master by the ``closest'' of the master's interface addresses, their master by the ``closest'' of the master's interface addresses,
or must know all of the master's interface addresses. Otherwise, a or must know all of the master's interface addresses. Otherwise, a
valid NOTIFY request might come from an address that is not on the valid NOTIFY request might come from an address that is not on the
slave's state list of masters for the zone, which would be an error. slave's state list of masters for the zone, which would be an error.
3.8. The only defined NOTIFY event at this time is that the SOA RR has 3.11. The only defined NOTIFY event at this time is that the SOA RR has
changed. Upon completion of a NOTIFY transaction for QTYPE=SOA, the changed. Upon completion of a NOTIFY transaction for QTYPE=SOA, the
slave should behave as though the zone given in the QNAME had reached slave should behave as though the zone given in the QNAME had reached
its REFRESH interval (see [RFC1035]), i.e., it should query its masters its REFRESH interval (see [RFC1035]), i.e., it should query its masters
for the SOA of the zone given in the NOTIFY QNAME, and check the answer for the SOA of the zone given in the NOTIFY QNAME, and check the answer
to see if the SOA SERIAL has been incremented since the last time the to see if the SOA SERIAL has been incremented since the last time the
zone was fetched. If so, a zone transfer (either AXFR or IXFR) should zone was fetched. If so, a zone transfer (either AXFR or IXFR) should
be initiated. be initiated.
Note: Note:
Because a deep server dependency graph may have multiple paths from Because a deep server dependency graph may have multiple paths from
the primary master to any given slave, it is possible that a slave the primary master to any given slave, it is possible that a slave
will receive a NOTIFY from one of its known masters even though the will receive a NOTIFY from one of its known masters even though the
rest of its known masters have not yet updated their copies of the rest of its known masters have not yet updated their copies of the
zone. Therefore, when issuing a QUERY for the zone's SOA, the query zone. Therefore, when issuing a QUERY for the zone's SOA, the query
should be directed at the known master who was the source of the should be directed at the known master who was the source of the
NOTIFY event, and not at any of the other known masters. This NOTIFY event, and not at any of the other known masters. This
represents a departure from [RFC1035], which specifies that upon represents a departure from [RFC1035], which specifies that upon
expiry of the SOA REFRESH interval, all known masters should be expiry of the SOA REFRESH interval, all known masters should be
queried in turn. queried in turn.
4 - Semantic Details 4.1. Retaining query state information across host 4 - Details and Examples
reboots is optional, but it is reasonable to simply execute an SOA
NOTIFY transaction on each authority zone when a server first starts. 4.1. Retaining query state information across host reboots is optional,
but it is reasonable to simply execute an SOA NOTIFY transaction on each
authority zone when a server first starts.
4.2. Each slave is likely to receive several copies of the same NOTIFY 4.2. Each slave is likely to receive several copies of the same NOTIFY
request: One from the primary master, and one from each other slave as request: One from the primary master, and one from each other slave as
that slave transfers the new zone and notifies its potential peers. The that slave transfers the new zone and notifies its potential peers. The
NOTIFY protocol supports this multiplicity by requiring that NOTIFY be NOTIFY protocol supports this multiplicity by requiring that NOTIFY be
sent by a slave/master only AFTER it has updated the SOA RR or has sent by a slave/master only AFTER it has updated the SOA RR or has
determined that no update is necessary, which in practice means after a determined that no update is necessary, which in practice means after a
successful zone transfer. Thus, barring delivery reordering, the last successful zone transfer. Thus, barring delivery reordering, the last
NOTIFY any slave receives will be the one indicating the latest change. NOTIFY any slave receives will be the one indicating the latest change.
Since a slave always requests SOAs and AXFR/IXFRs only from its known Since a slave always requests SOAs and AXFR/IXFRs only from its known
skipping to change at page 7, line 5 skipping to change at page 7, line 32
This is intended to be identical to the NOTIFY request, except that the This is intended to be identical to the NOTIFY request, except that the
QR bit is also set. The query ID of the response must be the same as QR bit is also set. The query ID of the response must be the same as
was received in the request. was received in the request.
4.8 - Master Receives a NOTIFY Response from Slave 4.8 - Master Receives a NOTIFY Response from Slave
When a master server receives a NOTIFY response, it deletes this query When a master server receives a NOTIFY response, it deletes this query
from the retry queue, thus completing the ``notification process'' of from the retry queue, thus completing the ``notification process'' of
``this'' RRset change to ``that'' server. ``this'' RRset change to ``that'' server.
Security Considerations 5 - Security Considerations
We believe that the NOTIFY operation's only security considerations are: We believe that the NOTIFY operation's only security considerations are:
1. That a previous SOA query can optionally cause a master to NOTIFY a 1. That a NOTIFY request with a forged IP/UDP source address can cause a
false slave.
2. That a NOTIFY request with a forged IP/UDP source address can cause a
slave to send spurious SOA queries to its masters, leading to a slave to send spurious SOA queries to its masters, leading to a
benign denial of service attack if the forged requests are sent very benign denial of service attack if the forged requests are sent very
often. often.
3. That TCP spoofing could be used against a slave server given NOTIFY 2. That TCP spoofing could be used against a slave server given NOTIFY
as a means of synchronizing an SOA query and UDP/DNS spoofing as a as a means of synchronizing an SOA query and UDP/DNS spoofing as a
means of forcing a zone transfer. means of forcing a zone transfer.
References 6 - References
[RFC1035] [RFC1035]
P. Mockapetris, "Domain Names - Implementation and Specification", P. Mockapetris, "Domain Names - Implementation and Specification",
RFC 1035, USC/Information Sciences Institute, November 1987. RFC 1035, USC/Information Sciences Institute, November 1987.
[IXFR] [IXFR]
M. Ohta, "Incremental Zone Transfer", Internet Draft, February 1996, M. Ohta, "Incremental Zone Transfer", Internet Draft, February 1996,
<draft-ietf-dnsind-ixfr-06.txt>. <draft-ietf-dnsind-ixfr-06.txt>.
Author's Address 7 - Author's Address
Paul Vixie Paul Vixie
Internet Software Consortium Internet Software Consortium
Star Route Box 159A Star Route Box 159A
Woodside, CA 94062 Woodside, CA 94062
+1 415 747 0204 +1 415 747 0204
<paul@vix.com> <paul@vix.com>
 End of changes. 16 change blocks. 
27 lines changed or deleted 38 lines changed or added

This html diff was produced by rfcdiff 1.32. The latest version is available from http://www.levkowetz.com/ietf/tools/rfcdiff/