draft-ietf-urn-naptr-rr-02.txt   draft-ietf-urn-naptr-rr-03.txt 
Network Working Group M. Mealling Network Working Group M. Mealling
draft-ietf-urn-naptr-rr-02.txt Network Solutions, Inc. Internet-Draft Network Solutions, Inc.
Category: Standards Track R. Daniel Expires: December 23, 1999 R. Daniel
Expires: September, 1999 DATAFUSION, Inc. DATAFUSION, Inc.
June 24, 1999
The Naming Authority Pointer (NAPTR) DNS Resource Record The Naming Authority Pointer (NAPTR) DNS Resource Record
draft-ietf-urn-naptr-rr-03.txt
Status of this Memo Status of this Memo
===================
This document is an Internet-Draft and is in full conformance This document is an Internet-Draft and is in full conformance with
with all provisions of Section 10 of RFC2026. all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as other groups may also distribute working documents as
Internet-Drafts. Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other months and may be updated, replaced, or obsoleted by other documents
documents at any time. It is inappropriate to use Internet- at any time. It is inappropriate to use Internet-Drafts as reference
Drafts as reference material or to cite them other than as material or to cite them other than as "work in progress."
"work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at To view the entire list of Internet-Draft Shadow Directories, see
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
Abstract: This Internet-Draft will expire on December 23, 1999.
=========
This document describes a DNS Resource Record (RR) which specifies Abstract
a rewrite rule that, when applied to an existing string,
will produce a new domain. Reasons for rewriting a domain
vary from URN Resource Discovery Systems to moving out-of-date
services to new domains.
This document updates those portions of RFC2168 specifically This document describes a DNS Resource Record which specifies a
dealing with the definition of the NAPTR record. rewrite rule that, when applied to an existing string will produce a
new domain. Reasons for rewriting a domain vary from URN Resource
Discovery Systems to moving out of date services to new domains.
Introduction: This document updates the portions of RFC2168 specifically dealing
============= with the definition of the NAPTR record.
This RR was originally produced by the URN [3] Working Group as Copyright Notice
a way to encode rule-sets in DNS so that the delegated
sections of a URI could be decomposed in such a way that they Copyright (C) The Internet Society (1999). All Rights Reserved.
could be changed and re-delegated over time. The result was
a Resource Record that included a regular expression that would Table of Contents
be used by a client program to rewrite a string into a domain name.
Regular expressions were chosen for their compactness to 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
expressivity ratio allowing for a great deal of information 2. NAPTR RR Format . . . . . . . . . . . . . . . . . . . . . . . 4
to be encoded in a rather small DNS packet. 3. Substitution Expression Grammar . . . . . . . . . . . . . . . 8
4. The Basic NAPTR Algorithm . . . . . . . . . . . . . . . . . . 10
5. Concerning How NAPTR Uses SRV Records . . . . . . . . . . . . 11
6. Application Specifications . . . . . . . . . . . . . . . . . . 12
7. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
7.1 Example 1 . . . . . . . . . . . . . . . . . . . . . . . . . . 13
7.2 Example 2 . . . . . . . . . . . . . . . . . . . . . . . . . . 14
7.3 Example 3 . . . . . . . . . . . . . . . . . . . . . . . . . . 15
8. DNS Packet Format . . . . . . . . . . . . . . . . . . . . . . 17
9. Master File Format . . . . . . . . . . . . . . . . . . . . . . 18
10. Advice for DNS Administrators . . . . . . . . . . . . . . . . 19
11. Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
12. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 21
References . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 22
A. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 24
B. Security Considerations . . . . . . . . . . . . . . . . . . . 25
1. Introduction
This RR was originally produced by the URN Working Group[3] as a
way to encode rule-sets in DNS so that the delegated sections of a
URI could be decomposed in such a way that they could be changed and
re-delegated over time. The result was a Resource Record that
included a regular expression that would be used by a client program
to rewrite a string into a domain name. Regular expressions were
chosen for their compactness to expressivity ratio allowing for a
great deal of information to be encoded in a rather small DNS
packet.
Mealling & Daniel [Page 1]
The function of rewriting a string according to the rules in a The function of rewriting a string according to the rules in a
record has usefulness in several different applications. This record has usefulness in several different applications. This
document defines the basic assumptions to which all of those document defines the basic assumptions to which all of those
applications must adhere to. It does not define the reasons the applications must adhere to. It does not define the reasons the
rewrite is used, what the expected outcomes are, or what they are rewrite is used, what the expected outcomes are, or what they are
used for. Those are specified by applications that define how they used for. Those are specified by applications that define how they
use the NAPTR record and algorithms within their contexts. use the NAPTR record and algorithms within their contexts.
Flags and other fields are also specified in the RR to control the Flags and other fields are also specified in the RR to control the
rewrite procedure in various ways or to provide information on how rewrite procedure in various ways or to provide information on how
to communicate with the host at the domain name that was the result to communicate with the host at the domain name that was the result
of the rewrite. of the rewrite.
The final result is a RR that has several fields that interact The final result is a RR that has several fields that interact in a
in a non-trivial but implementable way. This document specifies non-trivial but implementable way. This document specifies those
those fields and their values. fields and their values.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL This document does not define applications that utilizes this
NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and rewrite functionality. Instead it specifies just the mechanics of
"OPTIONAL" in this document are to be interpreted as described in how it is done. Why its done, what the rules concerning the inputs,
RFC 2119. and the types of rules used are reserved for other documents that
fully specify a particular application. This seperation is due to
several differrent applications all wanting to take advantage of the
rewrite rule lookup process. Each one has vastly different reasons
for why and how it uses the service, thus requiring that the
definition of the service be generic.
NAPTR RR Format The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
=============== "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in
this document are to be interpreted as described in RFC 2119.
The format of the NAPTR RR is given below. The DNS type code for 2. NAPTR RR Format
NAPTR is 35. [1] [2]
The format of the NAPTR RR is given below. The DNS[1]type code[2]
for NAPTR is 35.
Domain TTL Class Order Preference Flags Service Regexp Replacement Domain TTL Class Order Preference Flags Service Regexp Replacement
Domain Domain
The domain name to which this resource record refers. This The domain name to which this resource record refers. This is the
is the 'key' for this entry in the rule database. This value 'key' for this entry in the rule database. This value will either
will either be the first well known key (<something>.uri.net be the first well known key (<something>.uri.net for example) or
for example) or a new key that is the output of a replacement a new key that is the output of a replacement or regexp rewrite.
or regexp rewrite. Beyond this, it has the standard DNS Beyond this, it has the standard DNS requirements[1].
requirements. [1]
TTL TTL
Standard DNS meaning. [1] Standard DNS meaning. [1]
Class Class
Standard DNS meaning [1] Standard DNS meaning[1].
Order Order
A 16-bit unsigned integer specifying the order in which A 16-bit unsigned integer specifying the order in which the NAPTR
the NAPTR records MUST be processed to ensure the correct records MUST be processed to ensure the correct ordering of
ordering of rules. Low numbers are processed before high rules. Low numbers are processed before high numbers, and once a
numbers, and once a NAPTR is found whose rule "matches" NAPTR is found whose rule "matches" the target, the client MUST
the target, the client MUST NOT consider any NAPTRs with NOT consider any NAPTRs with a higher value for order (except as
a higher value for order (except as noted below for the noted below for the Flags field).
Flags field).
Mealling & Daniel [Page 2]
Preference Preference
A 16-bit unsigned integer that specifies the order in A 16-bit unsigned integer that specifies the order in which NAPTR
which NAPTR records with equal "order" values SHOULD be records with equal "order" values SHOULD be processed, low
processed, low numbers being processed before high numbers. numbers being processed before high numbers. This is similar to
This is similar to the preference field in an MX record, and the preference field in an MX record, and is used so domain
is used so domain administrators can direct clients towards administrators can direct clients towards more capable hosts or
more capable hosts or lighter weight protocols. A client MAY lighter weight protocols. A client MAY look at records with
look at records with higher preference values if it has a higher preference values if it has a good reason to do so such as
good reason to do so such as not understanding the preferred not understanding the preferred protocol or service.
protocol or service.
The important difference between Order and Preference is that
once a match is found the client MUST NOT consider records with a
different Order but they MAY process records with the same Order
but different Preferences. I.e. Preference is used to give weight
to rules that are considered the same from an authority
standpoint but not from a simple load balancing standpoint.
Flags Flags
A <character-string> containing flags to control aspects of A <character-string> containing flags to control aspects of the
the rewriting and interpretation of the fields in the rewriting and interpretation of the fields in the record. Flags
record. Flags are single characters from the set [A-Z0-9]. are single characters from the set [A-Z0-9]. The case of the
The case of the alphabetic characters is not significant. alphabetic characters is not significant.
At this time only four flags, "S", "A", "U", and "P", are At this time only four flags, "S", "A", "U", and "P", are
defined. The "S", "A" and "U" flags denote a terminal lookup. defined. The "S", "A" and "U" flags denote a terminal lookup.
This means that this NAPTR record is the last one and that the This means that this NAPTR record is the last one and that the
flag determines what the next stage should be. The "S" flag flag determines what the next stage should be. The "S" flag
means that the next lookup should be for SRV [4] records. means that the next lookup should be for SRV records[4]. See
"A" means that the next lookup should be for A records. Section 5 for additional information on how NAPTR uses the SRV
The "U" flag means that the next step is not a DNS lookup record type. "A" means that the next lookup should be for A
but that the output of the Regexp field is a URL [10]. records. The "U" flag means that the next step is not a DNS
lookup but that the output of the Regexp field is a URL[9].
The "P" flag says that the remainder of the application side The "P" flag says that the remainder of the application side
algorithm shall be carried out in a Protocol-specific algorithm shall be carried out in a Protocol-specific fashion.
fashion. The new set of rules is identified by the Protocol The new set of rules is identified by the Protocol specified in
specified in the Services field. The record that contains the Services field. The record that contains the 'P' flag is the
the 'P' flag is the last record that is interpreted by the last record that is interpreted by the rules specified in this
rules specified in this document. The new rules are document. The new rules are dependent on the application for
dependent on the application for which they are being used which they are being used and the protocol specified. For
and the protocol specified. For example, if the application example, if the application is a URI RDS and the protocol is WIRE
is a URI RDS and the protocol is WIRE then the new set of then the new set of rules are governed by the algorithms
rules are governed by the algorithms surrounding the WIRE surrounding the WIRE HTTP specification and not this document.
HTTP specification and not this document.
The remaining alphabetic flags are reserved for future The remaining alphabetic flags are reserved for future versions
versions of the NAPTR specification. The numeric flags of the NAPTR specification. The numeric flags may be used for
may be used for local experimentation. The S, A, U and P flags local experimentation. The S, A, U and P flags are all mutually
are all mutually exclusive, and resolution libraries MAY exclusive, and resolution libraries MAY signal an error if more
signal an error if more than one is given. (Experimental code than one is given. (Experimental code and code for assisting in
and code for assisting in the creation of NAPTRs would be more the creation of NAPTRs would be more likely to signal such an
likely to signal such an error than a client such as a error than a client such as a browser). It is anticipated that
browser). It is anticipated that multiple flags will be multiple flags will be allowed in the future, so implementers
allowed in the future, so implementers MUST NOT assume that MUST NOT assume that the flags field can only contain 0 or 1
the flags field can only contain 0 or 1 characters. Finally, characters. Finally, if a client encounters a record with an
if a client encounters a record with an unknown flag, it MUST unknown flag, it MUST ignore it and move to the next record. This
ignore it and move to the next record. This test takes test takes precedence even over the "order" field. Since flags
precedence even over the "order" field. Since flags can can control the interpretation placed on fields, a novel flag
control the interpretation placed on fields, a novel flag might change the interpretation of the regexp and/or replacement
might change the interpretation of the regexp and/or fields such that it is impossible to determine if a record
replacement fields such that it is impossible to determine matched a given target.
if a record matched a given target.
Mealling & Daniel [Page 3] The "S", "A", and "U" flags are called 'terminal' flags since
The "S", "A", and "U" flags are called 'terminal' flags they halt the looping rewrite algorithm. If those flags are not
since they halt any looping rewrite algorithms. If those present, clients may assume that another NAPTR RR exists at the
flags are not present, clients may assume that another domain name produced by the current rewrite rule. Since the "P"
NAPTR RR exists at the domain name produced by the current flag specifies a new algorithm, it may or may not be 'terminal'.
rewrite rule. Since the "P" flag specifies a new algorithm, Thus, the client cannot assume that another NAPTR exists since
it may or may not be 'terminal'. Thus, the client cannot this case is determined elsewhere.
assume that another NAPTR exists since this case is
determined elsewhere.
DNS servers MAY interpret these flags and values and use DNS servers MAY interpret these flags and values and use that
that information to include appropriate SRV and A records information to include appropriate SRV and A records in the
in the additional information portion of the DNS packet. additional information portion of the DNS packet. Clients are
Clients are encouraged to check for additional information encouraged to check for additional information but are not
but are not required to do so. required to do so.
Service Service
Specifies the service(s) available down this rewrite Specifies the service(s) available down this rewrite path. It may
path. It may also specify the particular protocol that also specify the particular protocol that is used to talk with a
is used to talk with a service. A protocol MUST be specified service. A protocol MUST be specified if the flags field states
if the flags field states that the NAPTR is terminal. If a that the NAPTR is terminal. If a protocol is specified, but the
protocol is specified, but the flags field does not state that flags field does not state that the NAPTR is terminal, the next
the NAPTR is terminal, the next lookup MUST be for a NAPTR. lookup MUST be for a NAPTR. The client MAY choose not to perform
The client MAY choose not to perform the next lookup if the the next lookup if the protocol is unknown, but that behavior
protocol is unknown, but that behavior MUST NOT be relied MUST NOT be relied upon.
upon.
The service field may take any of the values below (using the The service field may take any of the values below (using the
Augmented BNF of RFC 2234 [5]): Augmented BNF of RFC 2234 [5]):
service_field = [ [protocol] *("+" rs)] service_field = [ [protocol] *("+" rs)]
protocol = ALPHA *31ALPHANUM protocol = ALPHA *31ALPHANUM
rs = ALPHA *31ALPHANUM rs = ALPHA *31ALPHANUM
; The protocol and rs fields are limited to 32 ; The protocol and rs fields are limited to 32
; characters and must start with an alphabetic. ; characters and must start with an alphabetic.
For example, an optional protocol specification followed by 0 For example, an optional protocol specification followed by 0 or
or more resolution services. Each resolution service is more resolution services. Each resolution service is indicated by
indicated by an initial '+' character. an initial '+' character.
Note that the empty string is also a valid service field. This Note that the empty string is also a valid service field. This
will typically be seen at the beginning of a series of rules, will typically be seen at the beginning of a series of rules,
when it is impossible to know what services and protocols when it is impossible to know what services and protocols will be
will be offered by a particular service. offered by a particular service.
The actual format of the service request and response will be The actual format of the service request and response will be
determined by the resolution protocol, and is the subject for determined by the resolution protocol, and is the subject for
other documents. Protocols need not offer all services. The other documents. Protocols need not offer all services. The
labels for service requests shall be formed from the set of labels for service requests shall be formed from the set of
characters [A-Z0-9]. The case of the alphabetic characters is characters [A-Z0-9]. The case of the alphabetic characters is not
not significant. significant.
The list of "valid" protocols for any given NAPTR record is any
protocol that implements some or all of the services defined for
a NAPTR application. Currently, THTTP[6] is the only protocol
that is known to make that claim at the time of publication. Any
other protocol that is to be used must have documentation
specifying:
Mealling & Daniel [Page 4]
The list of "valid" protocols for any given NAPTR record is
any protocol that implements some or all of the services
defined for a NAPTR application. Currently, THTTP [6] is
the only protocol that is known to make that claim at the time
of publication. Any other protocol that is to be used must
have documentation specifying:
* how it implements the services of the application * how it implements the services of the application
* how it is to appear in the NAPTR record (i.e., the
string id of the protocol)
The list of valid Resolution Services is defined by the * how it is to appear in the NAPTR record (i.e., the string id
documents that specify individual NAPTR based applications. of the protocol)
One example is RFC-XXXX, "Resolution of Uniform Resource
Identifiers using the Domain Name System" [7].
It is worth noting that the interpretation of this field The list of valid Resolution Services is defined by the documents
is subject to being changed by new flags, and that the current that specify individual NAPTR based applications. One example is
specification is oriented towards telling clients how to RFC-XXXX, "Resolution of Uniform Resource Identifiers using the
talk with a URN resolver. Domain Name System"[7].
It is worth noting that the interpretation of this field is
subject to being changed by new flags, and that the current
specification is oriented towards telling clients how to talk
with a URN resolver.
Regexp Regexp
A STRING containing a substitution expression that is applied A STRING containing a substitution expression that is applied to
to the original string held by the client in order to the original string held by the client in order to construct the
construct the next domain name to lookup. The grammar of the next domain name to lookup. The grammar of the substitution
substitution expression is given in the next section. expression is given in the next section.
The regular expressions MUST NOT be used in a cumulative The regular expressions MUST NOT be used in a cumulative fashion,
fashion, that is, they should only be applied to the original that is, they should only be applied to the original string held
string held by the client, never to the domain name produced by the client, never to the domain name produced by a previous
by a previous NAPTR rewrite. The latter is tempting in some NAPTR rewrite. The latter is tempting in some applications but
applications but experience has shown such use to be experience has shown such use to be extremely fault sensitive,
extremely fault sensitive, very error prone, and extremely very error prone, and extremely difficult to debug.
difficult to debug.
Replacement Replacement
The next NAME to query for NAPTR, SRV, or A records depending The next NAME to query for NAPTR, SRV, or A records depending on
on the value of the flags field. This MUST be a fully qualified the value of the flags field. This MUST be a fully qualified
domain-name. Unless and until permitted by future standards domain-name. Unless and until permitted by future standards
action, name compression is not to be used for this field. action, name compression is not to be used for this field.
Substitution Expression Grammar: 3. Substitution Expression Grammar
================================
The content of the regexp field is a substitution expression. True The content of the regexp field is a substitution expression. True
sed(1) substitution expressions are not appropriate for use in this sed(1) substitution expressions are not appropriate for use in this
application for a variety of reasons, therefore the contents of the application for a variety of reasons, therefore the contents of the
regexp field MUST follow the grammar below: regexp field MUST follow the grammar below:
Mealling & Daniel [Page 5]
subst_expr = delim-char ere delim-char repl delim-char *flags subst_expr = delim-char ere delim-char repl delim-char *flags
delim-char = "/" / "!" / ... <Any non-digit or non-flag character delim-char = "/" / "!" / ... <Any non-digit or non-flag character
other than backslash '\'. All occurances of a delim_char other than backslash '\'. All occurances of a delim_char
in a subst_expr must be the same character.> in a subst_expr must be the same character.>
ere = POSIX Extended Regular Expression (see [8], section ere = POSIX Extended Regular Expression
2.8.4)
repl = 1 * ( OCTET / backref ) repl = 1 * ( OCTET / backref )
backref = "\" 1POS_DIGIT backref = "\" 1POS_DIGIT
flags = "i" flags = "i"
POS_DIGIT = %x31-39 ; 0 is not an allowed backref POS_DIGIT = %x31-39 ; 0 is not an allowed backref
The definition of a POSIX Extended Regular Expression can be found
in [8], section 2.8.4.
The result of applying the substitution expression to the original The result of applying the substitution expression to the original
URI MUST result in either a string that obeys the syntax for DNS URI MUST result in either a string that obeys the syntax for DNS
host names [1] or a URI [10] if the Flags field contains a 'U'. domain-names[1] or a URI[9] if the Flags field contains a 'U'.
Since it is possible for the regexp field to be improperly Since it is possible for the regexp field to be improperly
specified, such that a non-conforming host name can be constructed, specified, such that a non-conforming domain-name can be
client software SHOULD verify that the result is a legal host name constructed, client software SHOULD verify that the result is a
before making queries on it. legal DNS domain-name before making queries on it.
Backref expressions in the repl portion of the substitution Backref expressions in the repl portion of the substitution
expression are replaced by the (possibly empty) string of characters expression are replaced by the (possibly empty) string of characters
enclosed by '(' and ')' in the ERE portion of the substitution enclosed by '(' and ')' in the ERE portion of the substitution
expression. N is a single digit from 1 through 9, inclusive. It expression. N is a single digit from 1 through 9, inclusive. It
specifies the N'th backref expression, the one that begins with the specifies the N'th backref expression, the one that begins with the
N'th '(' and continues to the matching ')'. For example, the ERE N'th '(' and continues to the matching ')'. For example, the ERE
(A(B(C)DE)(F)G) (A(B(C)DE)(F)G)
skipping to change at page 10, line ? skipping to change at page 9, line 10
The "i" flag indicates that the ERE matching SHALL be performed in a The "i" flag indicates that the ERE matching SHALL be performed in a
case-insensitive fashion. Furthermore, any backref replacements MAY case-insensitive fashion. Furthermore, any backref replacements MAY
be normalized to lower case when the "i" flag is given. be normalized to lower case when the "i" flag is given.
The first character in the substitution expression shall be used as The first character in the substitution expression shall be used as
the character that delimits the components of the substitution the character that delimits the components of the substitution
expression. There must be exactly three non-escaped occurrences of expression. There must be exactly three non-escaped occurrences of
the delimiter character in a substitution expression. Since escaped the delimiter character in a substitution expression. Since escaped
occurrences of the delimiter character will be interpreted as occurrences of the delimiter character will be interpreted as
occurrences of that character, digits MUST NOT be used as delimiters. occurrences of that character, digits MUST NOT be used as
Backrefs would be confused with literal digits were this allowed. delimiters. Backrefs would be confused with literal digits were this
Similarly, if flags are specified in the substitution expression, the allowed. Similarly, if flags are specified in the substitution
delimiter character must not also be a flag character. expression, the delimiter character must not also be a flag
character.
Mealling & Daniel [Page 6]
The Basic NAPTR Algorithm 4. The Basic NAPTR Algorithm
============================================
The behavior and meaning of the flags and services assume an The behavior and meaning of the flags and services assume an
algorithm where the output of one rewrite is a new key that points algorithm where the output of one rewrite is a new key that points
to another rule. This looping algorithm allows NAPTR records to to another rule. This looping algorithm allows NAPTR records to
incrementally specify a complete rule. These incremental rules incrementally specify a complete rule. These incremental rules can
can be delegated which allows other entities to specify rules so be delegated which allows other entities to specify rules so that
that one entity does not need to understand _all_ rules. one entity does not need to understand _all_ rules.
The algorithm starts with a string and some known key (domain). The algorithm starts with a string and some known key (domain).
NAPTR records for this key are retrieved, those with unknown NAPTR records for this key are retrieved, those with unknown Flags
Flags or inappropriate Services are discarded and the remaining or inappropriate Services are discarded and the remaining records
records are sorted by their Order field. Within each value of Order, are sorted by their Order field. Within each value of Order, the
the records are further sorted by the Preferences field. records are further sorted by the Preferences field.
The records are examined in sorted order until a matching record
is found. A record is considered a match iff:
1) it has a Replacement field value instead of a Regexp field value. The records are examined in sorted order until a matching record is
found. A record is considered a match iff:
or 1. it has a Replacement field value instead of a Regexp field value.
2) the Regexp field matches the string held by the client. 2. or the Regexp field matches the string held by the client.
The first match MUST be the match that is used. Once a match is The first match MUST be the match that is used. Once a match is
found, the Services field is examined for whether or not this rule found, the Services field is examined for whether or not this rule
advances toward the desired result. If so, the rule is advances toward the desired result. If so, the rule is applied to
applied to the target string. If not, the process halts. The domain the target string. If not, the process halts. The domain that
that results from the regular expression is then used as the results from the regular expression is then used as the domain of
domain of the next loop through the NAPTR algorithm. Note that the next loop through the NAPTR algorithm. Note that the same target
the same target string is used throughout the algorithm. string is used throughout the algorithm.
This looping is extremely important since it is the method by This looping is extremely important since it is the method by which
which complex rules are broken down into manageable delegated chunks. complex rules are broken down into manageable delegated chunks. The
The flags fields simply determine at which point the looping should flags fields simply determine at which point the looping should stop
stop (or other specialized behavior). (or other specialized behavior).
Since flags are valid at any level of the algorithm, the degenerative Since flags are valid at any level of the algorithm, the
case is to never loop but to look up the NAPTR and then stop. In degenerative case is to never loop but to look up the NAPTR and then
many specialized cases this is all that is needed. Implementors stop. In many specialized cases this is all that is needed.
should be aware that the degenerative case should not become the Implementors should be aware that the degenerative case should not
common case. become the common case.
Mealling & Daniel [Page 7] 5. Concerning How NAPTR Uses SRV Records
Application Specifications When the SRV record type was originally specified it assumed that
========================== the client did not know the specific domain-name before hand. The
client would construct a domain-name more in the form of a question
than the usual case of knowing ahead of time that the domain-name
should exist. I.e., if the client wants to know if there is a TCP
based HTTP server running at a particular domain, the client would
construct the domain-name _http._tcp.somedomain.com and ask the DNS
if that records exists.
In the case of NAPTR, the actual domain-name is specified by the
various fields in the NAPTR record. In this case the client isn't
asking a question but is instead attempting to get at information
that it has been told exists in an SRV record at that particular
domain-name. While this usage of SRV is slightly different than the
SRV authors originally intended it does not break any of the
assumptions concerning what SRV contains. Since NAPTR specifies the
entire domain a priori it could have ignored the underscore
collission avoidance convention. It was determined that such a
radical departure from how SRV was assumed to work would cause
problems in the long run. Thus the underscores were kept.
6. Application Specifications
It should be noted that the NAPTR algorithm is the basic assumption It should be noted that the NAPTR algorithm is the basic assumption
about how NAPTR works. The reasons for the rewrite and the expected about how NAPTR works. The reasons for the rewrite and the expected
output and its use are specified by documents that define what output and its use are specified by documents that define what
applications the NAPTR record and algorithm are used for. Any applications the NAPTR record and algorithm are used for. Any
document that defines such an application must define the following: document that defines such an application must define the following:
* The first known key or how to build it o The first known domain-name or how to build it
* The valid Services and Protocols
* What the expected use is for the output of the last rewrite o The valid Services and Protocols
* The validity and/or behavior of any 'P' flag protocols.
* The general semantics surrounding why and how NAPTR and its o What the expected use is for the output of the last rewrite
o The validity and/or behavior of any 'P' flag protocols.
o The general semantics surrounding why and how NAPTR and its
algorithm are being used. algorithm are being used.
Currently the only example of such a document is RFC-XXXX, Currently the only example of such a document is RFC-XXXX,
"Resolution of Uniform Resource Identifiers using the Domain Name "Resolution of Uniform Resource Identifiers using the Domain Name
System" [7]. System" [7].
Examples 7. Examples
============================================
NOTE: These are examples only. They are taken from ongoing work and NOTE: These are examples only. They are taken from ongoing work and
may not represent the end result of that work. They are here for may not represent the end result of that work. They are here for
pedagogical reasons only. pedagogical reasons only.
Example 1 7.1 Example 1
NAPTR was originally specified for use with the a Uniform Resource NAPTR was originally specified for use with the a Uniform Resource
Name Resolver Discovery System. This example details how a Name Resolver Discovery System. This example details how a
particular URN would use the NAPTR record to find a resolver particular URN would use the NAPTR record to find a resolver
service. service. The document that actually specifies this fully is
RFCXXXX[7].
Consider a URN namespace based on MIME Content-Ids. The URN might Consider a URN namespace based on MIME Content-Ids. The URN might
look like this: look like this:
urn:cid:199606121851.1@mordred.gatech.edu urn:cid:199606121851.1@mordred.gatech.edu
(Note that this example is chosen for pedagogical purposes, and does (Note that this example is chosen for pedagogical purposes, and does
not conform to the CID URL scheme.) not conform to the CID URL scheme.)
The first step in the resolution process is to find out about the CID The first step in the resolution process is to find out about the
namespace. The namespace identifier [3], cid, is extracted from the CID namespace. The namespace identifier[3], 'cid', is extracted from
URN, prepended to urn.net. 'cid.urn.net' then becomes the first the URN, prepended to urn.net. 'cid.urn.net' then becomes the first
'known' key in the NAPTR algorithm. the NAPTR for cid.urn.net looked 'known' key in the NAPTR algorithm. The process of determining the
up and returns a record: first known key is defined by the URN RDS application document (
RFCXXXX[7]). The NAPTR records for cid.urn.net looked up and return
a single record:
cid.urn.net cid.urn.net.
;; order pref flags service regexp replacement ;; order pref flags service regexp replacement
IN NAPTR 100 10 "" "" "/urn:cid:.+@([^\.]+\.)(.*)$/\2/i" . IN NAPTR 100 10 "" "" "/urn:cid:.+@([^\.]+\.)(.*)$/\2/i" .
Mealling & Daniel [Page 8]
There is only one NAPTR response, so ordering the responses is not a There is only one NAPTR response, so ordering the responses is not a
problem. The replacement field is empty, so the pattern provided problem. The replacement field is empty, so the pattern provided in
in the regexp field is used . We apply that regexp to the the regexp field is used . We apply that regexp to the entire URN to
entire URN to see if it matches, which it does. The \2 part of the see if it matches, which it does. The \2 part of the substitution
substitution expression returns the string "gatech.edu". Since the expression returns the string "gatech.edu". Since the flags field
flags field does not contain "s" or "a", the lookup is not terminal does not contain "s" or "a", the lookup is not terminal and our next
and our next probe to DNS is for more NAPTR records where the new probe to DNS is for more NAPTR records where the new domain is
domain is 'gatech.edu' and the string is the same string as before. 'gatech.edu' and the string is the same string as before.
Note that the rule does not extract the full domain name from the Note that the rule does not extract the full domain name from the
CID, instead it assumes the CID comes from a host and extracts its CID, instead it assumes the CID comes from a host and extracts its
domain. While all hosts, such as mordred, could have their very own domain. While all hosts, such as mordred, could have their very own
NAPTR, maintaining those records for all the machines at a site as NAPTR, maintaining those records for all the machines at a site as
large as Georgia Tech would be an intolerable burden. Wildcards are large as Georgia Tech would be an intolerable burden. Wildcards are
not appropriate here since they only return results when there is no not appropriate here since they only return results when there is no
exactly matching names already in the system. exactly matching names already in the system.
The record returned from the query on "gatech.edu" might look like: The record returned from the query on "gatech.edu" might look like:
gatech.edu IN NAPTR gatech.edu.
;; order pref flags service regexp replacement ;; order pref flags service regexp replacement
IN NAPTR 100 50 "s" "z3950+N2L+N2C" "" _z3950._tcp.gatech.edu IN NAPTR 100 50 "s" "z3950+N2L+N2C" "" _z3950._tcp.gatech.edu.
IN NAPTR 100 50 "s" "rcds+N2C" "" _rcds._udp.gatech.edu IN NAPTR 100 50 "s" "rcds+N2C" "" _rcds._udp.gatech.edu.
IN NAPTR 100 50 "s" "http+N2L+N2C+N2R" "" _http._tcp.gatech.edu IN NAPTR 100 50 "s" "http+N2L+N2C+N2R" "" _http._tcp.gatech.edu.
Continuing with the example, note that the values of the order and Continuing with the example, note that the values of the order and
preference fields are equal in all records, so the client is free to preference fields are equal in all records, so the client is free to
pick any record. The flags field tells us that these are the last pick any record. The flags field tells us that these are the last
NAPTR patterns we should see, and after the rewrite (a simple NAPTR patterns we should see, and after the rewrite (a simple
replacement in this case) we should look up SRV records to get replacement in this case) we should look up SRV records to get
information on the hosts that can provide the necessary service. information on the hosts that can provide the necessary service.
Assuming we prefer the Z39.50 protocol, our lookup might return: Assuming we prefer the Z39.50 protocol, our lookup might return:
;; Pref Weight Port Target ;; Pref Weight Port Target
_z3950._tcp.gatech.edu IN SRV 0 0 1000 z3950.gatech.edu _z3950._tcp.gatech.edu. IN SRV 0 0 1000 z3950.gatech.edu.
IN SRV 0 0 1000 z3950.cc.gatech.edu IN SRV 0 0 1000 z3950.cc.gatech.edu.
IN SRV 0 0 1000 z3950.uga.edu IN SRV 0 0 1000 z3950.uga.edu.
telling us three hosts that could actually do the resolution, and telling us three hosts that could actually do the resolution, and
giving us the port we should use to talk to their Z39.50 server. giving us the port we should use to talk to their Z39.50 server.
Recall that the regular expression used \2 to extract a domain name Recall that the regular expression used \2 to extract a domain name
from the CID, and \. for matching the literal '.' characters from the CID, and \. for matching the literal '.' characters
separating the domain name components. Since '\' is the escape separating the domain name components. Since '\' is the escape
character, literal occurances of a backslash must be escaped by character, literal occurances of a backslash must be escaped by
another backslash. For the case of the cid.urn.net record above, the another backslash. For the case of the cid.urn.net record above, the
regular expression entered into the zone file should be regular expression entered into the master file should be
"/urn:cid:.+@([^\\.]+\\.)(.*)$/\\2/i". When the client code actually "/urn:cid:.+@([^\\.]+\\.)(.*)$/\\2/i". When the client code
receives the record, the pattern will have been converted to actually receives the record, the pattern will have been converted
"/urn:cid:.+@([^.]+\.)(.*)$/\2/i". to "/urn:cid:.+@([^\.]+\.)(.*)$/\2/i".
Mealling & Daniel [Page 9]
Example 2 7.2 Example 2
Even if URN systems were in place now, there would still be a Even if URN systems were in place now, there would still be a
tremendous number of URLs. It should be possible to develop a URN tremendous number of URLs. It should be possible to develop a URN
resolution system that can also provide location independence for resolution system that can also provide location independence for
those URLs. This is related to the requirement that URNs be able to those URLs. This is related to the requirement that URNs be able to
grandfather in names from other naming systems, such as ISO Formal grandfather in names from other naming systems, such as ISO Formal
Public Identifiers, Library of Congress Call Numbers, ISBNs, ISSNs, Public Identifiers, Library of Congress Call Numbers, ISBNs, ISSNs,
etc. etc.
The NAPTR RR could also be used for URLs that have already been The NAPTR RR could also be used for URLs that have already been
assigned. Assume we have the URL for a very popular piece of assigned. Assume we have the URL for a very popular piece of
software that the publisher wishes to mirror at multiple sites around software that the publisher wishes to mirror at multiple sites
the world: around the world:
http://www.foo.com/software/latest-beta.exe http://www.foo.com/software/latest-beta.exe
We extract the prefix, "http", and lookup NAPTR records for Using the rules specified in RFCXXXX[7] we extract the prefix,
http.uri.net. This might return a record of the form "http", and lookup NAPTR records for http.uri.net. Note again that
RFCXXXX defines the first known key as the URI scheme appended with
the string ".uri.net". This might return a record of the form
http.uri.net IN NAPTR http.uri.net. IN NAPTR
;; order pref flags service regexp replacement ;; order pref flags service regexp replacement
100 90 "" "" "!http://([^/:]+)!\1!i" . 100 90 "" "" "!http://([^/:]+)!\1!i" .
This expression returns everything after the first double slash and This expression returns everything after the first double slash and
before the next slash or colon. (We use the '!' character to delimit before the next slash or colon. (We use the '!' character to delimit
the parts of the substitution expression. Otherwise we would have to the parts of the substitution expression. Otherwise we would have to
use backslashes to escape the forward slashes and would have a use backslashes to escape the forward slashes and would have a
regexp in the zone file that looked like regexp in the zone file that looked like
"/http:\\/\\/([^\\/:]+)/\\1/i".). "/http:\\/\\/([^\\/:]+)/\\1/i".).
Applying this pattern to the URL extracts "www.foo.com". Looking up Applying this pattern to the URL extracts "www.foo.com". Looking up
NAPTR records for that might return: NAPTR records for that might return:
www.foo.com www.foo.com.
;; order pref flags service regexp replacement ;; order pref flags service regexp replacement
IN NAPTR 100 100 "s" "http+L2R" "" _http._tcp.foo.com IN NAPTR 100 100 "s" "http+L2R" "" _http._tcp.foo.com.
IN NAPTR 100 100 "s" "ftp+L2R" "" _ftp._tcp.foo.com IN NAPTR 100 100 "s" "ftp+L2R" "" _ftp._tcp.foo.com.
Looking up SRV records for http.tcp.foo.com would return information Looking up SRV records for http.tcp.foo.com would return information
on the hosts that foo.com has designated to be its mirror sites. The on the hosts that foo.com has designated to be its mirror sites. The
client can then pick one for the user. client can then pick one for the user.
Example 3 7.3 Example 3
A non-URI example is where a NAPTR is used to specify the available A non-URI example is where a NAPTR is used to specify the available
mappings from a domain-name to telephony based endpoints. In this mappings from a domain-name to telephony based endpoints. In this
example the regular expression field is not used since the important example the regular expression field is not used since the important
information is encoded within the services field. information is encoded within the services field.
0.0.0.4.6.2.6.5.8.6.4.e164.int. 0.0.0.4.6.2.6.5.8.6.4.e164.int.
IN NAPTR 100 10 "s" "h323call+N2R" "" _h323._udp.tele2.se. IN NAPTR 100 10 "s" "h323call+N2R" "" _h323._udp.tele2.se.
IN NAPTR 102 10 "s" "potscall+N2R" "" _potscall._tcp.tele2.se. IN NAPTR 102 10 "s" "potscall+N2R" "" _potscall._tcp.tele2.se.
IN NAPTR 102 10 "s" "smtp+N2R" "" _smtp._tcp.tele2.se. IN NAPTR 102 10 "s" "smtp+N2R" "" _smtp._tcp.tele2.se.
In these examples the domain is an encoded E164 telephone number. In these examples the domain is an encoded E164 telephone number.
The services field specifies that, for this particular telephone The services field specifies that, for this particular telephone
number, the services that are available are h323call, potscall number, the services that are available are h323call, potscall and
and smtp; and that "tele2.se" is the target that provides those smtp; and that "tele2.se" is the target that provides those
services. Since the flag is "s", the next step should be a services. Since the flag is "s", the next step should be a query for
query for an SRV record which will contain specific information an SRV record which will contain specific information about the
about the "tele2.se" domain. "tele2.se" domain.
DNS Packet Format 8. DNS Packet Format
=================
The packet format for the NAPTR record is as follows The packet format for the NAPTR record is as follows
1 1 1 1 1 1 1 1 1 1 1 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| ORDER | | ORDER |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| PREFERENCE | | PREFERENCE |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
/ FLAGS / / FLAGS /
skipping to change at page 11, line 51 skipping to change at page 17, line 29
/ REGEXP / / REGEXP /
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
/ REPLACEMENT / / REPLACEMENT /
/ / / /
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
where: where:
FLAGS A <character-string> which contains various flags. FLAGS A <character-string> which contains various flags.
SERVICES A <character-string> which contains protocol SERVICES A <character-string> which contains protocol and service
and service identifiers. identifiers.
REGEXP A <character-string> which contains a regular REGEXP A <character-string> which contains a regular expression.
expression.
REPLACEMENT A <domain-name> which specifies the new value in REPLACEMENT A <domain-name> which specifies the new value in the
the case where the regular expression is a simple case where the regular expression is a simple replacement
replacement operation. operation.
Master File Format <character-string> and <domain-name> as used here are defined in
================== RFC1035[1].
9. Master File Format
The master file format follows the standard rules in RFC-1035 [1]. The master file format follows the standard rules in RFC-1035 [1].
Order and preference, being 16-bit unsigned integers, shall be Order and preference, being 16-bit unsigned integers, shall be an
an integer between 0 and 65535. The Flags and Services and Regexp integer between 0 and 65535. The Flags and Services and Regexp
fields are all <character-string>s that cannot contain spaces and fields are all quoted <character-string>s. Since the Regexp field
thus can be included in their above specified form. While the can contain numerous backslashes and thus should be treated with
Regexp field is also a <character-string> it can contain care. See Section 10 for how to correctly enter and escape the
numerous backslashes and thus should be treated with care. regular expression.
Advice to domain administrators 10. Advice for DNS Administrators
===============================
Beware of regular expressions. Not only are they difficult to get Beware of regular expressions. Not only are they difficult to get
correct on their own, but there is the previously mentioned correct on their own, but there is the previously mentioned
interaction with DNS. Any backslashes in a regexp must be entered interaction with DNS. Any backslashes in a regexp must be entered
twice in a zone file in order to appear once in a query response. twice in a zone file in order to appear once in a query response.
More seriously, the need for double backslashes has probably not been More seriously, the need for double backslashes has probably not
tested by all implementors of DNS servers. been tested by all implementors of DNS servers.
The "a" flag allows the next lookup to be for A records rather than The "a" flag allows the next lookup to be for A records rather than
SRV records. Since there is no place for a port specification in the SRV records. Since there is no place for a port specification in the
NAPTR record, when the "A" flag is used the specified protocol must NAPTR record, when the "A" flag is used the specified protocol must
be running on its default port. be running on its default port.
The URN Syntax draft defines a canonical form for each URN, which The URN Syntax draft defines a canonical form for each URN, which
requires %encoding characters outside a limited repertoire. The requires %encoding characters outside a limited repertoire. The
regular expressions MUST be written to operate on that canonical regular expressions MUST be written to operate on that canonical
form. Since international character sets will end up with extensive form. Since international character sets will end up with extensive
use of %encoded characters, regular expressions operating on them use of %encoded characters, regular expressions operating on them
will be essentially impossible to read or write by hand. will be essentially impossible to read or write by hand.
Notes: 11. Notes
======
- A client MUST process multiple NAPTR records in the order o A client MUST process multiple NAPTR records in the order
specified by the "order" field, it MUST NOT simply use the first specified by the "order" field, it MUST NOT simply use the first
record that provides a known protocol and service combination. record that provides a known protocol and service combination.
- When multiple RRs have the same "order", the client should use
the value of the preference field to select the next NAPTR to o When multiple RRs have the same "order" and all other criteria
consider. However, because of preferred protocols or services as being equal, the client should use the value of the preference
well as estimates of network distance and bandwidth, clients may field to select the next NAPTR to consider. However, because it
use different criteria to sort the records. will often be the case where preferred protocols or services
- If the lookup after a rewrite fails, clients are strongly exist, clients may use this additional criteria to sort
the records.
o If the lookup after a rewrite fails, clients are strongly
encouraged to report a failure, rather than backing up to pursue encouraged to report a failure, rather than backing up to pursue
other rewrite paths. other rewrite paths.
- Note that SRV RRs impose additional requirements on clients.
Acknowledgments: o Note that SRV RRs impose additional requirements on clients.
=================
The editors would like to thank Keith Moore for all his consultations 12. Acknowledgments
during the development of this draft. We would also like to thank
Paul Vixie for his assistance in debugging our implementation, and
his answers on our questions. Finally, we would like to acknowledge
our enormous intellectual debt to the participants in the Knoxville
series of meetings, as well as to the participants in the URI and URN
working groups.
References: The editors would like to thank Keith Moore for all his
=========== consultations during the development of this draft. We would also
like to thank Paul Vixie for his assistance in debugging our
implementation, and his answers on our questions. Finally, we would
like to acknowledge our enormous intellectual debt to the
participants in the Knoxville series of meetings, as well as to the
participants in the URI and URN working groups.
References
[1] Mockapetris, P., "Domain names - implementation and [1] Mockapetris, P., "Domain names - implementation and
specification", STD 13, RFC 1035, November 1987. specification", RFC 1035, STD 13, November 1987.
[2] Mockapetris, P., "Domain names - concepts and [2] Mockapetris, P., "Domain names - concepts and facilities", RFC
facilities", STD 13, RFC 1034, November 1987. 1034, STD 13, November 1987.
[3] Moats, Ryan, "URN Syntax", RFC-2141, May 1997. [3] Moats, R., "URN Syntax", RFC 2141, May 1997.
[4] Gulbrandsen, A. and P. Vixie, "A DNS RR for specifying [4] Eastlake, D., Gulbrandsen, A., "A DNS RR for specifying the
the location of services (DNS SRV)", RFC-2052, October 1996. location of services (DNS SRV)", January 1999.
[5] Crocker, D., Overell, P. "Augmented BNF for Syntax [5] Crocker, D., Overell, P., "Augmented BNF for Syntax
Specifications: ABNF", RFC-2234, November 1997. Specifications: ABNF", RFC 2234, November 1997.
[6] Daniel R. "A Trivial Convention for using HTTP in URN Resolution". [6] Daniel, R., "A Trivial Convention for using HTTP in URN
RFC2169. June 1997. Resolution", RFC 2169, June 1997.
[7] Mealling, M., Daniel, R., "Resolution of Uniform Resource [7] Mealling, M., Daniel, R., "Resolution of Uniform Resource
Identifiers using the Domain Name System", RFC-XXXX, Identifiers using the Domain Name System", July 1999.
November 1998.
[8] IEEE Standard for Information Technology - Portable Operating [8] IEEE, "IEEE Standard for Information Technology - Portable
System Interface (POSIX) - Part 2: Shell and Utilities (Vol. 1); Operating System Interface (POSIX) - Part 2: Shell and
IEEE Std 1003.2-1992; The Institute of Electrical and Utilities (Vol. 1)", IEEE Std 1003.2-1992, January 1993.
Electronics Engineers; New York; 1993. ISBN:1-55937-255-9
[9] Braden, R., "Requirements for Internet Hosts - Application and [9] Berners-Lee, T., Fielding, R., Masinter, L., "Uniform Resource
and Support", RFC-1123, Oct. 1989. Identifiers (URI): Generic Syntax", RFC 2396, August 1998.
[10] Berners-Lee, T., R. Fielding, L. Masinter. "Uniform Resource Authors' Addresses
Identifiers (URI): Generic Syntax", RFC-2396, August 1998.
IANA Considerations Michael Mealling
=================== Network Solutions, Inc.
505 Huntmar Park Drive
Herndon, VA 22070
US
The only registration function that impacts the IANA is for Phone: +1 770 935 5492
the values that are standardized for the Services and Flags fields. EMail: michaelm@netsol.com
To extend the valid values of the Flags field beyond what is URI: http://www.netsol.com
specified in this document requires a published specification that Ron Daniel
is approved by the IESG. DATAFUSION, Inc.
139 Townsend Street, Ste. 100
San Francisco, CA 94107
US
The values for the Services field will be determined by the Phone: +1 415 222 0100
application that makes use of the NAPTR record. Those values EMail: rdaniel@datafusion.net
must be specified in a published specification and approved URI: http://www.datafusion.net
Appendix A. IANA Considerations
The only registration function that impacts the IANA is for the
values that are standardized for the Services and Flags fields. To
extend the valid values of the Flags field beyond what is specified
in this document requires a published specification that is approved
by the IESG. by the IESG.
Security Considerations The values for the Services field will be determined by the
======================= application that makes use of the NAPTR record. Those values must be
specified in a published specification and approved by the IESG.
Appendix B. Security Considerations
The interactions with DNSSEC are currently being studied. It is The interactions with DNSSEC are currently being studied. It is
expected that NAPTR records will be signed with SIG records once expected that NAPTR records will be signed with SIG records once the
the DNSSEC work is deployed. DNSSEC work is deployed.
The rewrite rules make identifiers from other namespaces subject to The rewrite rules make identifiers from other namespaces subject to
the same attacks as normal domain names. Since they have not been the same attacks as normal domain names. Since they have not been
easily resolvable before, this may or may not be considered a easily resolvable before, this may or may not be considered a
problem. problem.
Regular expressions should be checked for sanity, not blindly passed Regular expressions should be checked for sanity, not blindly passed
to something like PERL. to something like PERL.
This document has discussed a way of locating a service, but has not This document has discussed a way of locating a service, but has not
discussed any detail of how the communication with that service takes discussed any detail of how the communication with that service
place. There are significant security considerations attached to the takes place. There are significant security considerations attached
communication with a service. Those considerations are outside the to the communication with a service. Those considerations are
scope of this document, and must be addressed by the specifications outside the scope of this document, and must be addressed by the
for particular communication protocols. specifications for particular communication protocols.
Author Contact Information: Full Copyright Statement
===========================
Michael Mealling Copyright (C) The Internet Society (1999). All Rights Reserved.
Network Solutions
505 Huntmar Park Drive
Herndon, VA 22070
voice: (703) 742-0400
fax: (703) 742-9552
email: michaelm@netsol.com
URL: http://www.netsol.com/
Ron Daniel Jr. This document and translations of it may be copied and furnished to
DATAFUSION, Inc. others, and derivative works that comment on or otherwise explain it
139 Townsend Street, Ste. 100 or assist in its implmentation may be prepared, copied, published
San Francisco, CA 94107 and distributed, in whole or in part, without restriction of any
415.222.0100 fax 415.222.0150 kind, provided that the above copyright notice and this paragraph
rdaniel@datafusion.net are included on all such copies and derivative works. However, this
http://www.datafusion.net document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
 End of changes. 111 change blocks. 
356 lines changed or deleted 408 lines changed or added

This html diff was produced by rfcdiff 1.34. The latest version is available from http://tools.ietf.org/tools/rfcdiff/