--- 1/draft-ietf-dnsop-extended-error-13.txt 2020-01-15 11:13:36.589083485 -0800 +++ 2/draft-ietf-dnsop-extended-error-14.txt 2020-01-15 11:13:36.621084303 -0800 @@ -1,25 +1,25 @@ Network Working Group W. Kumari Internet-Draft Google Intended status: Standards Track E. Hunt -Expires: June 20, 2020 ISC +Expires: July 18, 2020 ISC R. Arends ICANN W. Hardaker USC/ISI D. Lawrence Oracle + Dyn - December 18, 2019 + January 15, 2020 Extended DNS Errors - draft-ietf-dnsop-extended-error-13 + draft-ietf-dnsop-extended-error-14 Abstract This document defines an extensible method to return additional information about the cause of DNS errors. Though created primarily to extend SERVFAIL to provide additional information about the cause of DNS and DNSSEC failures, the Extended DNS Errors option defined in this document allows all response types to contain extended error information. Extended DNS Error information does not change the processing of RCODEs. @@ -32,71 +32,71 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on June 20, 2020. + This Internet-Draft will expire on July 18, 2020. Copyright Notice - Copyright (c) 2019 IETF Trust and the persons identified as the + Copyright (c) 2020 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction and background . . . . . . . . . . . . . . . . . 3 1.1. Requirements notation . . . . . . . . . . . . . . . . . . 4 2. Extended DNS Error EDNS0 option format . . . . . . . . . . . 4 3. Extended DNS Error Processing . . . . . . . . . . . . . . . . 5 4. Defined Extended DNS Errors . . . . . . . . . . . . . . . . . 5 - 4.1. Extended DNS Error Code 0 - Other . . . . . . . . . . . . 5 + 4.1. Extended DNS Error Code 0 - Other . . . . . . . . . . . . 6 4.2. Extended DNS Error Code 1 - Unsupported DNSKEY Algorithm . . . . . . . . . . . . . . 6 4.3. Extended DNS Error Code 2 - Unsupported DS Digest Type . . . . . . . . . . . . . . . . . . . . . . . 6 4.4. Extended DNS Error Code 3 - Stale Answer . . . . . . . . 6 4.5. Extended DNS Error Code 4 - Forged Answer . . . . . . . . 6 4.6. Extended DNS Error Code 5 - DNSSEC Indeterminate . . . . 6 4.7. Extended DNS Error Code 6 - DNSSEC Bogus . . . . . . . . 6 4.8. Extended DNS Error Code 7 - Signature Expired . . . . . . 6 - 4.9. Extended DNS Error Code 8 - Signature Not Yet Valid . . . 6 + 4.9. Extended DNS Error Code 8 - Signature Not Yet Valid . . . 7 4.10. Extended DNS Error Code 9 - DNSKEY Missing . . . . . . . 7 4.11. Extended DNS Error Code 10 - RRSIGs Missing . . . . . . . 7 4.12. Extended DNS Error Code 11 - No Zone Key Bit Set . . . . 7 4.13. Extended DNS Error Code 12 - NSEC Missing . . . . . . . . 7 4.14. Extended DNS Error Code 13 - Cached Error . . . . . . . . 7 4.15. Extended DNS Error Code 14 - Not Ready . . . . . . . . . 7 4.16. Extended DNS Error Code 15 - Blocked . . . . . . . . . . 7 4.17. Extended DNS Error Code 16 - Censored . . . . . . . . . . 7 - 4.18. Extended DNS Error Code 17 - Filtered . . . . . . . . . . 7 + 4.18. Extended DNS Error Code 17 - Filtered . . . . . . . . . . 8 4.19. Extended DNS Error Code 18 - Prohibited . . . . . . . . . 8 4.20. Extended DNS Error Code 19 - Stale NXDOMAIN Answer . . . 8 4.21. Extended DNS Error Code 20 - Not Authoritative . . . . . 8 4.22. Extended DNS Error Code 21 - Not Supported . . . . . . . 8 4.23. Extended DNS Error Code 22 - No Reachable Authority . . . 8 4.24. Extended DNS Error Code 23 - Network Error . . . . . . . 8 - 4.25. Extended DNS Error Code 24 - Invalid Data . . . . . . . . 8 + 4.25. Extended DNS Error Code 24 - Invalid Data . . . . . . . . 9 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 5.1. A New Extended DNS Error Code EDNS Option . . . . . . . . 9 5.2. New Registry Table for Extended DNS Error Codes . . . . . 9 6. Security Considerations . . . . . . . . . . . . . . . . . . . 11 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 12 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 12 8.1. Normative References . . . . . . . . . . . . . . . . . . 12 8.2. Informative References . . . . . . . . . . . . . . . . . 13 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 13 @@ -202,30 +202,34 @@ includes OPT Pseudo-RR [RFC6891]. This document includes a set of initial codepoints (and requests to the IANA to add them to the registry), but is extensible via the IANA registry to allow additional error and information codes to be defined in the future. 3. Extended DNS Error Processing When the response grows beyond the requestor's UDP payload size [RFC6891], servers SHOULD truncate messages by dropping EDE options before dropping other data from packets. Implementations SHOULD set - the truncation bit when dropping EDE options. + the truncation bit when dropping EDE options. Long EXTRA-TEXT fields + may trigger truncation, which is usually undesirable for the + supplemental nature of EDE. Implementers and operators creating EDE + options SHOULD avoid setting unnecessarily long EXTRA-TEXT contents + to avoid truncation. When a resolver or forwarder receives an EDE option, whether or not (and how) to pass along EDE information on to their original client is implementation dependent. Implementations MAY choose to not forward information, or they MAY choose to create a new EDE option(s) that conveys the information encoded in the received EDE. When doing - so, care should be taken to ensure any information is properly - attributed since an EDNS0 option received by the original client will - be perceived only to have come from the resolver or forwarder sending + so, the source of the error SHOULD be attributed in the EXTRA-TEXT + field, since an EDNS0 option received by the original client will be + perceived only to have come from the resolver or forwarder sending it. 4. Defined Extended DNS Errors This document defines some initial EDE codes. The mechanism is intended to be extensible, and additional code-points can be registered in the "Extended DNS Errors" registry Section 5.1. The INFO-CODE from the EDE EDNS option is used to serve as an index into the "Extended DNS Error" IANA registry, the initial values for which are defined in the following sub-sections. @@ -374,21 +378,21 @@ An authoritative server that cannot answer with data for a zone it is otherwise configured to support. This may occur because its most recent zone is too old, or has expired, for example. 5. IANA Considerations 5.1. A New Extended DNS Error Code EDNS Option This document defines a new EDNS(0) option, entitled "Extended DNS - Error", assigned a value of TBD1 from the "DNS EDNS0 Option Codes + Error", assigned a value of TBD from the "DNS EDNS0 Option Codes (OPT)" registry [to be removed upon publication: [http://www.iana.org/assignments/dns-parameters/dns- parameters.xhtml#dns-parameters-11] Value Name Status Reference ----- ---------------- ------ ------------------ TBD Extended DNS Error TBD [ This document ] 5.2. New Registry Table for Extended DNS Error Codes