| draft-ietf-dnsop-name-server-management-reqs-01.txt | draft-ietf-dnsop-name-server-management-reqs-02.txt | |||
|---|---|---|---|---|
| DNSOP W. Hardaker | DNSOP W. Hardaker | |||
| Internet-Draft Sparta, Inc. | Internet-Draft Sparta, Inc. | |||
| Intended status: Informational September 3, 2008 | Intended status: Informational February 12, 2009 | |||
| Expires: March 7, 2009 | Expires: August 16, 2009 | |||
| Requirements for Management of Name Servers for the DNS | Requirements for Management of Name Servers for the DNS | |||
| draft-ietf-dnsop-name-server-management-reqs-01.txt | draft-ietf-dnsop-name-server-management-reqs-02.txt | |||
| Status of this Memo | Status of this Memo | |||
| By submitting this Internet-Draft, each author represents that any | This Internet-Draft is submitted to IETF in full conformance with the | |||
| applicable patent or other IPR claims of which he or she is aware | provisions of BCP 78 and BCP 79. | |||
| have been or will be disclosed, and any of which he or she becomes | ||||
| aware will be disclosed, in accordance with Section 6 of BCP 79. | ||||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
| other groups may also distribute working documents as Internet- | other groups may also distribute working documents as Internet- | |||
| Drafts. | Drafts. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| The list of current Internet-Drafts can be accessed at | The list of current Internet-Drafts can be accessed at | |||
| http://www.ietf.org/ietf/1id-abstracts.txt. | http://www.ietf.org/ietf/1id-abstracts.txt. | |||
| The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
| http://www.ietf.org/shadow.html. | http://www.ietf.org/shadow.html. | |||
| This Internet-Draft will expire on March 7, 2009. | This Internet-Draft will expire on August 16, 2009. | |||
| Copyright Notice | ||||
| Copyright (c) 2009 IETF Trust and the persons identified as the | ||||
| document authors. All rights reserved. | ||||
| This document is subject to BCP 78 and the IETF Trust's Legal | ||||
| Provisions Relating to IETF Documents | ||||
| (http://trustee.ietf.org/license-info) in effect on the date of | ||||
| publication of this document. Please review these documents | ||||
| carefully, as they describe your rights and restrictions with respect | ||||
| to this document. | ||||
| Abstract | Abstract | |||
| Management of name servers for the Domain Name Service (DNS) has | Management of name servers for the Domain Name Service (DNS) has | |||
| traditionally been done using vendor-specific monitoring, | traditionally been done using vendor-specific monitoring, | |||
| configuration and control methods. Although some service monitoring | configuration and control methods. Although some service monitoring | |||
| platforms can test the functionality of the DNS itself there is not a | platforms can test the functionality of the DNS itself there is not a | |||
| interoperable way to manage (monitor, control and configure) the | interoperable way to manage (monitor, control and configure) the | |||
| internal aspects of a name server itself. | internal aspects of a name server itself. | |||
| skipping to change at page 2, line 42 | skipping to change at page 2, line 50 | |||
| 4. Security Requirements . . . . . . . . . . . . . . . . . . . . 11 | 4. Security Requirements . . . . . . . . . . . . . . . . . . . . 11 | |||
| 4.1. Authentication . . . . . . . . . . . . . . . . . . . . . . 11 | 4.1. Authentication . . . . . . . . . . . . . . . . . . . . . . 11 | |||
| 4.2. Integrity Protection . . . . . . . . . . . . . . . . . . . 11 | 4.2. Integrity Protection . . . . . . . . . . . . . . . . . . . 11 | |||
| 4.3. Confidentiality . . . . . . . . . . . . . . . . . . . . . 11 | 4.3. Confidentiality . . . . . . . . . . . . . . . . . . . . . 11 | |||
| 4.4. Authorization . . . . . . . . . . . . . . . . . . . . . . 11 | 4.4. Authorization . . . . . . . . . . . . . . . . . . . . . . 11 | |||
| 4.5. Solution Impacts on Security . . . . . . . . . . . . . . . 12 | 4.5. Solution Impacts on Security . . . . . . . . . . . . . . . 12 | |||
| 5. Other Requirements . . . . . . . . . . . . . . . . . . . . . . 12 | 5. Other Requirements . . . . . . . . . . . . . . . . . . . . . . 12 | |||
| 5.1. Extensibility . . . . . . . . . . . . . . . . . . . . . . 12 | 5.1. Extensibility . . . . . . . . . . . . . . . . . . . . . . 12 | |||
| 5.1.1. Vendor Extensions . . . . . . . . . . . . . . . . . . 13 | 5.1.1. Vendor Extensions . . . . . . . . . . . . . . . . . . 13 | |||
| 5.1.2. Extension Identification . . . . . . . . . . . . . . . 13 | 5.1.2. Extension Identification . . . . . . . . . . . . . . . 13 | |||
| 5.1.3. Namespace Collision Protection . . . . . . . . . . . . 13 | 5.1.3. Name-Space Collision Protection . . . . . . . . . . . 13 | |||
| 6. Security Considerations . . . . . . . . . . . . . . . . . . . 13 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . 13 | |||
| 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 | 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 | |||
| 8. Document History . . . . . . . . . . . . . . . . . . . . . . . 13 | 8. Document History . . . . . . . . . . . . . . . . . . . . . . . 13 | |||
| 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 14 | 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 14 | |||
| 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 14 | 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 14 | |||
| 10.1. Normative References . . . . . . . . . . . . . . . . . . . 14 | 10.1. Normative References . . . . . . . . . . . . . . . . . . . 14 | |||
| 10.2. Informative References . . . . . . . . . . . . . . . . . . 15 | 10.2. Informative References . . . . . . . . . . . . . . . . . . 15 | |||
| Appendix A. Deployment Scenarios . . . . . . . . . . . . . . . . 15 | Appendix A. Deployment Scenarios . . . . . . . . . . . . . . . . 15 | |||
| A.1. Non-Standard Zones . . . . . . . . . . . . . . . . . . . . 16 | A.1. Non-Standard Zones . . . . . . . . . . . . . . . . . . . . 16 | |||
| A.2. Redundancy Sharing . . . . . . . . . . . . . . . . . . . . 16 | A.2. Redundancy Sharing . . . . . . . . . . . . . . . . . . . . 16 | |||
| A.3. DNSSEC Management . . . . . . . . . . . . . . . . . . . . 16 | A.3. DNSSEC Management . . . . . . . . . . . . . . . . . . . . 16 | |||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 17 | Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 17 | |||
| Intellectual Property and Copyright Statements . . . . . . . . . . 18 | ||||
| 1. Introduction | 1. Introduction | |||
| Management of name servers for the Domain Name Service (DNS) | Management of name servers for the Domain Name Service (DNS) | |||
| [RFC1034] [RFC1035] has traditionally been done using vendor-specific | [RFC1034] [RFC1035] has traditionally been done using vendor-specific | |||
| monitoring, configuration and control methods. Although some service | monitoring, configuration and control methods. Although some service | |||
| monitoring platforms can test the functionality of the DNS itself | monitoring platforms can test the functionality of the DNS itself | |||
| there is not a interoperable way to manage (monitor, control and | there is not a interoperable way to manage (monitor, control and | |||
| configure) the internal aspects of a name server itself. | configure) the internal aspects of a name server itself. | |||
| skipping to change at page 7, line 37 | skipping to change at page 7, line 37 | |||
| o Slave Servers | o Slave Servers | |||
| o Recursive Servers | o Recursive Servers | |||
| The management solution SHOULD support all of these types of name | The management solution SHOULD support all of these types of name | |||
| servers as they are all equally important. Note that "Recursive | servers as they are all equally important. Note that "Recursive | |||
| Servers" can be further broken down by the security sub-roles they | Servers" can be further broken down by the security sub-roles they | |||
| might implement, as defined in section 2 of [RFC4033]. These sub- | might implement, as defined in section 2 of [RFC4033]. These sub- | |||
| roles are also important to support within any management solution. | roles are also important to support within any management solution. | |||
| The requirements in this document explicitly exclude dealing with | As stated earlier, the management of stub resolvers is considered out | |||
| management of stub resolvers. Management of stub resolvers is | of scope for this documents. | |||
| considered specifically out of scope of this document. | ||||
| 3. Management Operation Types | 3. Management Operation Types | |||
| Management operations can traditionally be broken into four | Management operations can traditionally be broken into four | |||
| categories: | categories: | |||
| o Control | o Control | |||
| o Configuration | o Configuration | |||
| o Health and Monitoring | ||||
| o Health and Monitoring | ||||
| o Alarms and Events | o Alarms and Events | |||
| This section discusses requirements for each of these four management | This section discusses requirements for each of these four management | |||
| types in detail. | types in detail. | |||
| 3.1. Control Requirements | 3.1. Control Requirements | |||
| The management solution MUST be capable of performing basic service | The management solution MUST be capable of performing basic service | |||
| control operations. | control operations. | |||
| skipping to change at page 13, line 21 | skipping to change at page 13, line 21 | |||
| 5.1.2. Extension Identification | 5.1.2. Extension Identification | |||
| It MUST be possible for a management station to understand which | It MUST be possible for a management station to understand which | |||
| parts of returned data are specific to a given vendor or other | parts of returned data are specific to a given vendor or other | |||
| standardized extension. The data returned needs to be appropriately | standardized extension. The data returned needs to be appropriately | |||
| marked through the use of name spaces or similar mechanisms to ensure | marked through the use of name spaces or similar mechanisms to ensure | |||
| that the base management model data can be logically separated from | that the base management model data can be logically separated from | |||
| extension data without needing to understand the extension data | extension data without needing to understand the extension data | |||
| itself. | itself. | |||
| 5.1.3. Namespace Collision Protection | 5.1.3. Name-Space Collision Protection | |||
| It MUST be possible to protect against multiple extensions | It MUST be possible to protect against multiple extensions | |||
| conflicting with each other. The use of name-space protection | conflicting with each other. The use of name-space protection | |||
| mechanisms for communicated management variables is common practice | mechanisms for communicated management variables is common practice | |||
| to protect against problems. Name-space identification techniques | to protect against problems. Name-space identification techniques | |||
| also frequently solve the "Extension Identification" requirement | also frequently solve the "Extension Identification" requirement | |||
| discussed in Section 5.1.2 as well. | discussed in Section 5.1.2 as well. | |||
| 6. Security Considerations | 6. Security Considerations | |||
| skipping to change at page 14, line 27 | skipping to change at page 14, line 27 | |||
| In particular, the following team members contributed significantly | In particular, the following team members contributed significantly | |||
| to the text in the document: | to the text in the document: | |||
| Stephane Bortzmeyer | Stephane Bortzmeyer | |||
| Stephen Morris | Stephen Morris | |||
| Phil Regnauld | Phil Regnauld | |||
| Further editing contributions and wording suggestions were made by: | Further editing contributions and wording suggestions were made by: | |||
| Alfred Hines. | Alfred Hoenes. | |||
| 10. References | 10. References | |||
| 10.1. Normative References | 10.1. Normative References | |||
| [RFC1034] Mockapetris, P., "Domain names - concepts and facilities", | [RFC1034] Mockapetris, P., "Domain names - concepts and facilities", | |||
| STD 13, RFC 1034, November 1987. | STD 13, RFC 1034, November 1987. | |||
| [RFC1035] Mockapetris, P., "Domain names - implementation and | [RFC1035] Mockapetris, P., "Domain names - implementation and | |||
| specification", STD 13, RFC 1035, November 1987. | specification", STD 13, RFC 1035, November 1987. | |||
| skipping to change at page 18, line 4 | skipping to change at line 758 | |||
| Author's Address | Author's Address | |||
| Wes Hardaker | Wes Hardaker | |||
| Sparta, Inc. | Sparta, Inc. | |||
| P.O. Box 382 | P.O. Box 382 | |||
| Davis, CA 95617 | Davis, CA 95617 | |||
| US | US | |||
| Phone: +1 530 792 1913 | Phone: +1 530 792 1913 | |||
| Email: ietf@hardakers.net | Email: ietf@hardakers.net | |||
| Full Copyright Statement | ||||
| Copyright (C) The IETF Trust (2008). | ||||
| This document is subject to the rights, licenses and restrictions | ||||
| contained in BCP 78, and except as set forth therein, the authors | ||||
| retain all their rights. | ||||
| This document and the information contained herein are provided on an | ||||
| "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS | ||||
| OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND | ||||
| THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS | ||||
| OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF | ||||
| THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED | ||||
| WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. | ||||
| Intellectual Property | ||||
| The IETF takes no position regarding the validity or scope of any | ||||
| Intellectual Property Rights or other rights that might be claimed to | ||||
| pertain to the implementation or use of the technology described in | ||||
| this document or the extent to which any license under such rights | ||||
| might or might not be available; nor does it represent that it has | ||||
| made any independent effort to identify any such rights. Information | ||||
| on the procedures with respect to rights in RFC documents can be | ||||
| found in BCP 78 and BCP 79. | ||||
| Copies of IPR disclosures made to the IETF Secretariat and any | ||||
| assurances of licenses to be made available, or the result of an | ||||
| attempt made to obtain a general license or permission for the use of | ||||
| such proprietary rights by implementers or users of this | ||||
| specification can be obtained from the IETF on-line IPR repository at | ||||
| http://www.ietf.org/ipr. | ||||
| The IETF invites any interested party to bring to its attention any | ||||
| copyrights, patents or patent applications, or other proprietary | ||||
| rights that may cover technology that may be required to implement | ||||
| this standard. Please address the information to the IETF at | ||||
| ietf-ipr@ietf.org. | ||||
| End of changes. 12 change blocks. | ||||
| 16 lines changed or deleted | 24 lines changed or added | |||
This html diff was produced by rfcdiff 1.35. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||