draft-ietf-dnsop-extended-error-13.txt   draft-ietf-dnsop-extended-error-14.txt 
Network Working Group W. Kumari Network Working Group W. Kumari
Internet-Draft Google Internet-Draft Google
Intended status: Standards Track E. Hunt Intended status: Standards Track E. Hunt
Expires: June 20, 2020 ISC Expires: July 18, 2020 ISC
R. Arends R. Arends
ICANN ICANN
W. Hardaker W. Hardaker
USC/ISI USC/ISI
D. Lawrence D. Lawrence
Oracle + Dyn Oracle + Dyn
December 18, 2019 January 15, 2020
Extended DNS Errors Extended DNS Errors
draft-ietf-dnsop-extended-error-13 draft-ietf-dnsop-extended-error-14
Abstract Abstract
This document defines an extensible method to return additional This document defines an extensible method to return additional
information about the cause of DNS errors. Though created primarily information about the cause of DNS errors. Though created primarily
to extend SERVFAIL to provide additional information about the cause to extend SERVFAIL to provide additional information about the cause
of DNS and DNSSEC failures, the Extended DNS Errors option defined in of DNS and DNSSEC failures, the Extended DNS Errors option defined in
this document allows all response types to contain extended error this document allows all response types to contain extended error
information. Extended DNS Error information does not change the information. Extended DNS Error information does not change the
processing of RCODEs. processing of RCODEs.
skipping to change at page 1, line 43 skipping to change at page 1, line 43
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on June 20, 2020. This Internet-Draft will expire on July 18, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction and background . . . . . . . . . . . . . . . . . 3 1. Introduction and background . . . . . . . . . . . . . . . . . 3
1.1. Requirements notation . . . . . . . . . . . . . . . . . . 4 1.1. Requirements notation . . . . . . . . . . . . . . . . . . 4
2. Extended DNS Error EDNS0 option format . . . . . . . . . . . 4 2. Extended DNS Error EDNS0 option format . . . . . . . . . . . 4
3. Extended DNS Error Processing . . . . . . . . . . . . . . . . 5 3. Extended DNS Error Processing . . . . . . . . . . . . . . . . 5
4. Defined Extended DNS Errors . . . . . . . . . . . . . . . . . 5 4. Defined Extended DNS Errors . . . . . . . . . . . . . . . . . 5
4.1. Extended DNS Error Code 0 - Other . . . . . . . . . . . . 5 4.1. Extended DNS Error Code 0 - Other . . . . . . . . . . . . 6
4.2. Extended DNS Error Code 1 - 4.2. Extended DNS Error Code 1 -
Unsupported DNSKEY Algorithm . . . . . . . . . . . . . . 6 Unsupported DNSKEY Algorithm . . . . . . . . . . . . . . 6
4.3. Extended DNS Error Code 2 - Unsupported DS 4.3. Extended DNS Error Code 2 - Unsupported DS
Digest Type . . . . . . . . . . . . . . . . . . . . . . . 6 Digest Type . . . . . . . . . . . . . . . . . . . . . . . 6
4.4. Extended DNS Error Code 3 - Stale Answer . . . . . . . . 6 4.4. Extended DNS Error Code 3 - Stale Answer . . . . . . . . 6
4.5. Extended DNS Error Code 4 - Forged Answer . . . . . . . . 6 4.5. Extended DNS Error Code 4 - Forged Answer . . . . . . . . 6
4.6. Extended DNS Error Code 5 - DNSSEC Indeterminate . . . . 6 4.6. Extended DNS Error Code 5 - DNSSEC Indeterminate . . . . 6
4.7. Extended DNS Error Code 6 - DNSSEC Bogus . . . . . . . . 6 4.7. Extended DNS Error Code 6 - DNSSEC Bogus . . . . . . . . 6
4.8. Extended DNS Error Code 7 - Signature Expired . . . . . . 6 4.8. Extended DNS Error Code 7 - Signature Expired . . . . . . 6
4.9. Extended DNS Error Code 8 - Signature Not Yet Valid . . . 6 4.9. Extended DNS Error Code 8 - Signature Not Yet Valid . . . 7
4.10. Extended DNS Error Code 9 - DNSKEY Missing . . . . . . . 7 4.10. Extended DNS Error Code 9 - DNSKEY Missing . . . . . . . 7
4.11. Extended DNS Error Code 10 - RRSIGs Missing . . . . . . . 7 4.11. Extended DNS Error Code 10 - RRSIGs Missing . . . . . . . 7
4.12. Extended DNS Error Code 11 - No Zone Key Bit Set . . . . 7 4.12. Extended DNS Error Code 11 - No Zone Key Bit Set . . . . 7
4.13. Extended DNS Error Code 12 - NSEC Missing . . . . . . . . 7 4.13. Extended DNS Error Code 12 - NSEC Missing . . . . . . . . 7
4.14. Extended DNS Error Code 13 - Cached Error . . . . . . . . 7 4.14. Extended DNS Error Code 13 - Cached Error . . . . . . . . 7
4.15. Extended DNS Error Code 14 - Not Ready . . . . . . . . . 7 4.15. Extended DNS Error Code 14 - Not Ready . . . . . . . . . 7
4.16. Extended DNS Error Code 15 - Blocked . . . . . . . . . . 7 4.16. Extended DNS Error Code 15 - Blocked . . . . . . . . . . 7
4.17. Extended DNS Error Code 16 - Censored . . . . . . . . . . 7 4.17. Extended DNS Error Code 16 - Censored . . . . . . . . . . 7
4.18. Extended DNS Error Code 17 - Filtered . . . . . . . . . . 7 4.18. Extended DNS Error Code 17 - Filtered . . . . . . . . . . 8
4.19. Extended DNS Error Code 18 - Prohibited . . . . . . . . . 8 4.19. Extended DNS Error Code 18 - Prohibited . . . . . . . . . 8
4.20. Extended DNS Error Code 19 - Stale NXDOMAIN Answer . . . 8 4.20. Extended DNS Error Code 19 - Stale NXDOMAIN Answer . . . 8
4.21. Extended DNS Error Code 20 - Not Authoritative . . . . . 8 4.21. Extended DNS Error Code 20 - Not Authoritative . . . . . 8
4.22. Extended DNS Error Code 21 - Not Supported . . . . . . . 8 4.22. Extended DNS Error Code 21 - Not Supported . . . . . . . 8
4.23. Extended DNS Error Code 22 - No Reachable Authority . . . 8 4.23. Extended DNS Error Code 22 - No Reachable Authority . . . 8
4.24. Extended DNS Error Code 23 - Network Error . . . . . . . 8 4.24. Extended DNS Error Code 23 - Network Error . . . . . . . 8
4.25. Extended DNS Error Code 24 - Invalid Data . . . . . . . . 8 4.25. Extended DNS Error Code 24 - Invalid Data . . . . . . . . 9
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9
5.1. A New Extended DNS Error Code EDNS Option . . . . . . . . 9 5.1. A New Extended DNS Error Code EDNS Option . . . . . . . . 9
5.2. New Registry Table for Extended DNS Error Codes . . . . . 9 5.2. New Registry Table for Extended DNS Error Codes . . . . . 9
6. Security Considerations . . . . . . . . . . . . . . . . . . . 11 6. Security Considerations . . . . . . . . . . . . . . . . . . . 11
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 12 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 12
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 12 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 12
8.1. Normative References . . . . . . . . . . . . . . . . . . 12 8.1. Normative References . . . . . . . . . . . . . . . . . . 12
8.2. Informative References . . . . . . . . . . . . . . . . . 13 8.2. Informative References . . . . . . . . . . . . . . . . . 13
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 13 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 13
skipping to change at page 5, line 24 skipping to change at page 5, line 24
includes OPT Pseudo-RR [RFC6891]. This document includes a set of includes OPT Pseudo-RR [RFC6891]. This document includes a set of
initial codepoints (and requests to the IANA to add them to the initial codepoints (and requests to the IANA to add them to the
registry), but is extensible via the IANA registry to allow registry), but is extensible via the IANA registry to allow
additional error and information codes to be defined in the future. additional error and information codes to be defined in the future.
3. Extended DNS Error Processing 3. Extended DNS Error Processing
When the response grows beyond the requestor's UDP payload size When the response grows beyond the requestor's UDP payload size
[RFC6891], servers SHOULD truncate messages by dropping EDE options [RFC6891], servers SHOULD truncate messages by dropping EDE options
before dropping other data from packets. Implementations SHOULD set before dropping other data from packets. Implementations SHOULD set
the truncation bit when dropping EDE options. the truncation bit when dropping EDE options. Long EXTRA-TEXT fields
may trigger truncation, which is usually undesirable for the
supplemental nature of EDE. Implementers and operators creating EDE
options SHOULD avoid setting unnecessarily long EXTRA-TEXT contents
to avoid truncation.
When a resolver or forwarder receives an EDE option, whether or not When a resolver or forwarder receives an EDE option, whether or not
(and how) to pass along EDE information on to their original client (and how) to pass along EDE information on to their original client
is implementation dependent. Implementations MAY choose to not is implementation dependent. Implementations MAY choose to not
forward information, or they MAY choose to create a new EDE option(s) forward information, or they MAY choose to create a new EDE option(s)
that conveys the information encoded in the received EDE. When doing that conveys the information encoded in the received EDE. When doing
so, care should be taken to ensure any information is properly so, the source of the error SHOULD be attributed in the EXTRA-TEXT
attributed since an EDNS0 option received by the original client will field, since an EDNS0 option received by the original client will be
be perceived only to have come from the resolver or forwarder sending perceived only to have come from the resolver or forwarder sending
it. it.
4. Defined Extended DNS Errors 4. Defined Extended DNS Errors
This document defines some initial EDE codes. The mechanism is This document defines some initial EDE codes. The mechanism is
intended to be extensible, and additional code-points can be intended to be extensible, and additional code-points can be
registered in the "Extended DNS Errors" registry Section 5.1. The registered in the "Extended DNS Errors" registry Section 5.1. The
INFO-CODE from the EDE EDNS option is used to serve as an index into INFO-CODE from the EDE EDNS option is used to serve as an index into
the "Extended DNS Error" IANA registry, the initial values for which the "Extended DNS Error" IANA registry, the initial values for which
are defined in the following sub-sections. are defined in the following sub-sections.
skipping to change at page 9, line 10 skipping to change at page 9, line 16
An authoritative server that cannot answer with data for a zone it is An authoritative server that cannot answer with data for a zone it is
otherwise configured to support. This may occur because its most otherwise configured to support. This may occur because its most
recent zone is too old, or has expired, for example. recent zone is too old, or has expired, for example.
5. IANA Considerations 5. IANA Considerations
5.1. A New Extended DNS Error Code EDNS Option 5.1. A New Extended DNS Error Code EDNS Option
This document defines a new EDNS(0) option, entitled "Extended DNS This document defines a new EDNS(0) option, entitled "Extended DNS
Error", assigned a value of TBD1 from the "DNS EDNS0 Option Codes Error", assigned a value of TBD from the "DNS EDNS0 Option Codes
(OPT)" registry [to be removed upon publication: (OPT)" registry [to be removed upon publication:
[http://www.iana.org/assignments/dns-parameters/dns- [http://www.iana.org/assignments/dns-parameters/dns-
parameters.xhtml#dns-parameters-11] parameters.xhtml#dns-parameters-11]
Value Name Status Reference Value Name Status Reference
----- ---------------- ------ ------------------ ----- ---------------- ------ ------------------
TBD Extended DNS Error TBD [ This document ] TBD Extended DNS Error TBD [ This document ]
5.2. New Registry Table for Extended DNS Error Codes 5.2. New Registry Table for Extended DNS Error Codes
 End of changes. 12 change blocks. 
14 lines changed or deleted 18 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/