BlackSponge
/
dns-lg
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
22 Commits
1 Branch
0 Tags
255 KiB
 
 
 
 
 
Tag: Branch: Tree: 11339949cf
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '11339949cf'
${ noResults }
dns-lg/draft-mohan-dns-query-xml-0...

560 lines
15 KiB
Raw Blame History Escape

Internet Engineering Task Force M. Parthasarathy, Ed.
Internet-Draft Apple Inc.
Intended status: Standards Track P. Vixie
Expires: March 30, 2012 ISC
September 27, 2011
draft-mohan-dns-query-xml-00
Abstract
This memo presents a technique for representing DNS messages using
XML. This enables DNS query transactions to be transported over
HTTP/HTTPS.
Status of this Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on March 30, 2012.
Copyright Notice
Copyright (c) 2011 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Parthasarathy & Vixie Expires March 30, 2012 [Page 1]
Internet-Draft DNS QUERY XML September 2011
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3
2. Protocol Overview . . . . . . . . . . . . . . . . . . . . . . 3
3. DNS XML Query . . . . . . . . . . . . . . . . . . . . . . . . 3
4. XML Representation of DNS Message . . . . . . . . . . . . . . 4
5. DNS Message Format . . . . . . . . . . . . . . . . . . . . . . 4
6. DNS Resource Record Format . . . . . . . . . . . . . . . . . . 7
7. Message Compression . . . . . . . . . . . . . . . . . . . . . 8
8. Message Update . . . . . . . . . . . . . . . . . . . . . . . . 8
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 8
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8
11. Security Considerations . . . . . . . . . . . . . . . . . . . 8
12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9
12.1. Normative References . . . . . . . . . . . . . . . . . . . 9
12.2. Informative References . . . . . . . . . . . . . . . . . . 9
Appendix A. Appendix A . . . . . . . . . . . . . . . . . . . . . 9
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 10
Parthasarathy & Vixie Expires March 30, 2012 [Page 2]
Internet-Draft DNS QUERY XML September 2011
1. Introduction
Domain Name System (DNS) is specified in RFC 1035 [RFC1035] and its
security extensions (DNSSEC) are specified in RFC 4034 [RFC4034] and
RFC 4035 [RFC4035]. DNSSEC provides origin authentication and
integrity protection for DNS data. While signing the authority data
and verifying such signatures in recursive or stub validators are
well understood and well solved problems, the channel between
authority servers and validators is commonly unusable for DNSSEC-
secured transactions due to overreach in customer premises equipment,
firewalls, intrusion detection systems, and non-DNSSEC-aware
recursive name servers operated by enterprises or service providers.
HTTP [RFC2616] is known to work in such environments and has become
the de facto tunneling protocol in the Internet. To facilitate
tunneling DNS messages over HTTP, this document describes a method of
encoding a DNS message, including the resource records, as an XML
object [XML].
1.1. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
2. Protocol Overview
In traditional DNS communication, the DNS stub resolver communicates
with a recursive server which in turn communicates with the
authoritative servers to fetch the DNS data. To fetch the DNS XML
data, the resolver communicates with a web server using HTTP/HTTPS.
It issues a GET request with parameters using the URI format in
[RFC2396] indicating the attributes of the query as it would do in a
normal DNS query. The web server on receiving the request retrieves
the DNS data and formats in XML before sending it back to the
resolver. The resolver may issue multiple DNS queries either using a
single or multiple TCP connection to the server whose details are
beyond the scope of this document.
3. DNS XML Query
The resolver issues a HTTP GET request with parameters to fetch the
DNS XML data. The structure of the query is as follows:
Parthasarathy & Vixie Expires March 30, 2012 [Page 3]
Internet-Draft DNS QUERY XML September 2011
https://server_address/dns_service/
query?name=NAME&type=TYPE&ID=VALUE&RD=VALUE&CD=VALUE&DO=VALUE
dns_service - tells the web server that the GET request is to
fetch the DNS records
query - indicates that this GET request is a DNS query and it
should return the DNS Response formatted in XML
name - The domain name being looked up
type - Type of the query as specified under "TYPE" field in the
RRTYPE registry in [IANA_DNS].
ID - Corresponds to the ID value in the DNS query. When there
are multiple queries in flight, the ID in the response can be
used to match the request.
RD - Corresponds to the "RD" bit in the DNS query. Set to 1 if
recursion is desired or 0 otherwise.
CD - Corresponds to the "CD" bit in the DNS query. Set to 1 if
validation will be done by the end host or 0 otherwise.
DO - Corresponds to the "DNSSEC OK" bit in the DNS query. It
reflects the setting of the DNSSEC OK bit in EDNS0 option.
4. XML Representation of DNS Message
The XML representation of the DNS message maps the DNS header
specified in section 4.1.1 of [RFC1035] to XML representation.
5. DNS Message Format
The DNS message is enclosed under the root element "response", under
which all the other elements appear.
<response>
All the other elements are enclosed within this element.
</response>
The XML representation of the DNS header does not represent all the
fields. Only RCODE, the AA bit and the CD bit of the second sixteen
bit field (that follows the ID field) is represented. The fields
Parthasarathy & Vixie Expires March 30, 2012 [Page 4]
Internet-Draft DNS QUERY XML September 2011
QDCOUNT and the question section are omitted. If the resolver
converts the XML representation into binary format for processing,
the omitted fields should be inferred appropriately. Rest of the
fields are described below.
<id>
The value of this field is copied from the HTTP request
parameters. It is used by the resolver to match the response
to the request.
</id>
<aa>
Corresponds to the AA bit in the header. If AA is set, this
element is set to 1 and otherwise 0.
</aa>
<ad>
Corresponds to the AD bit in the header. If AD is set, this
element is set to 1 and otherwise 0.
</ad>
<cd>
Corresponds to the CD bit in the header. If CD is set, this
element is set to 1 and otherwise 0.
</cd>
<rcode>
RCODE of the response represented as specified under "Name"
field of the RCODE registry in [IANA_DNS].
</rcode>
<anscount>
Number of answers in the answers element described below
</anscount>
<answers>
Parthasarathy & Vixie Expires March 30, 2012 [Page 5]
Internet-Draft DNS QUERY XML September 2011
This section contains all the records in the answer section of the
response with each resource record in the answer element.
<answer>
Each answer element contains a resource record
</answer>
</answers>
<nscount>
Number of authorities in the authorities element described
below
</nscount>
<authorities>
This section contains all the records in the authority section of
the response with each resource record in the authority element.
<authority>
Each authority element contains a resource record
</authority>
</authorities>
<arcount>
Number of additional records in the additionals element given
below
</arcount>
<additionals>
This section contains all the records in the additional section of
the response with each resource record in the additional element.
<additional>
Parthasarathy & Vixie Expires March 30, 2012 [Page 6]
Internet-Draft DNS QUERY XML September 2011
Each additional element contains a resource record
</additional>
</additionals>
6. DNS Resource Record Format
Every DNS resource record contains a name, type, class, ttl, rdlength
and type specific rdata. The XML elements for each of these are
described below.
<name>
Textual representation of the domain name to which this
resource record pertains as it appears in the master file
</name>
<type>
Type of the RDATA field as specified under "TYPE" field in the
RRTYPE registry in [IANA_DNS].
</type>
<class>
Class of the RDATA field as specified under "Name" field in the
Class registry in [IANA_DNS].
</class>
<ttl>
Time to live value of this resource record in seconds
</ttl>
<rdlength>
Length of the RDATA field
</rdlength>
<rdata>
Parthasarathy & Vixie Expires March 30, 2012 [Page 7]
Internet-Draft DNS QUERY XML September 2011
RDATA is represented as zero or more words of hexadecimal data
described in RFC 3597 [RFC3597]. The special token \# and
RDATA length are not included.
</rdata>
7. Message Compression
Message compression is not supported. All names should be fully
expanded.
8. Message Update
DNS Update RFC 2136 [RFC2136] is not supported.
9. Acknowledgements
TBD
10. IANA Considerations
This memo includes no request to IANA.
11. Security Considerations
In the current DNS system, there is no trust relationship between the
stub resolver and the rest of the system. When the users connect to
the Internet using their ISP that provides the Internet service, they
expect the ISP to provide trustworthy DNS service. When they connect
to the Internet from hotspots and other places, there is no trust
whatsoever. There are also many popular open recursive resolvers
that are available in the Internet today that provide DNS resolution.
Similarly, the DNS service described in this document may be provided
via both HTTP and HTTPS. Depending on the stub resolver's trust
relationship with the DNS service provider, it can use HTTP or HTTPS.
When DNSSEC is used, the DNS data can be authenticated independently.
DNSSEC itself cannot be used to validate the IP address of the server
that is providing the DNS service using the method described in this
document.
12. References
Parthasarathy & Vixie Expires March 30, 2012 [Page 8]
Internet-Draft DNS QUERY XML September 2011
12.1. Normative References
[RFC1035] Mockapetris, P., "Domain names - implementation and
specification", STD 13, RFC 1035, November 1987.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3597] Gustafsson, A., "Handling of Unknown DNS Resource Record
(RR) Types", RFC 3597, September 2003.
[RFC4034] Arends, R., Austein, R., Larson, M., Massey, D., and S.
Rose, "Resource Records for the DNS Security Extensions",
RFC 4034, March 2005.
[RFC4035] Arends, R., Austein, R., Larson, M., Massey, D., and S.
Rose, "Protocol Modifications for the DNS Security
Extensions", RFC 4035, March 2005.
12.2. Informative References
[IANA_DNS]
"Domain Name System Parameters",
<http://www.iana.org/assignments/dns-parameters>.
[RFC2136] Vixie, P., Thomson, S., Rekhter, Y., and J. Bound,
"Dynamic Updates in the Domain Name System (DNS UPDATE)",
RFC 2136, April 1997.
[RFC2396] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
Resource Identifiers (URI): Generic Syntax", RFC 2396,
August 1998.
[RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H.,
Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext
Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999.
[XML] T, Bray., J, Paoli., and Sperberg-McQueen. C.M.,
"Extensible Markup Language (XML)", 1998.
Appendix A. Appendix A
This section provides a few sample queries and responses
Parthasarathy & Vixie Expires March 30, 2012 [Page 9]
Internet-Draft DNS QUERY XML September 2011
QUERY: https://server_address/dns_service/
query?name=www.isc.org&type=A&ID=2345&RD=1
RESPONSE:
<?xml version="1.0" encoding="US-ASCII"?>
<response>
<ID>2345</id>
<aa>1</aa>
<rcode>0</rcode>
<anscount>1</anscount>
<answers>
<answer>9514402A</answer>
</answers>
</response>
Authors' Addresses
Mohan Parthasarathy (editor)
Apple Inc.
1 Infinite loop
Cupertino, 95014
USA
Phone: +1 408 862 7901
Email: mparthasarathy@apple.com
Paul Vixie
ISC
950 Charter Street
Redwood City, 94063
USA
Phone: +1 650 423 1300
Email: vixie@isc.org
Parthasarathy & Vixie Expires March 30, 2012 [Page 10]