idnits 2.17.00 (12 Aug 2021) /tmp/idnits7989/draft-wkumari-dnsop-multiple-responses-04.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == There are 1 instance of lines with non-RFC2606-compliant FQDNs in the document. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (July 3, 2017) is 1783 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC7873' is defined on line 339, but no explicit reference was found in the text ** Obsolete normative reference: RFC 5395 (Obsoleted by RFC 6195) ** Obsolete normative reference: RFC 6555 (Obsoleted by RFC 8305) Summary: 2 errors (**), 0 flaws (~~), 3 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 dnsop W. Kumari 3 Internet-Draft Google 4 Intended status: Standards Track Z. Yan 5 Expires: January 4, 2018 CNNIC 6 W. Hardaker 7 USC/ISI 8 July 3, 2017 10 Returning extra answers in DNS responses. 11 draft-wkumari-dnsop-multiple-responses-04 13 Abstract 15 This document (re)introduces the ability to provide multiple answers 16 in a DNS response. This is especially useful as, in many cases, the 17 entity making the request has no a prori knowledge of what other 18 questions it will need to ask. 20 Status of This Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at http://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on January 4, 2018. 37 Copyright Notice 39 Copyright (c) 2017 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 55 1.1. Requirements notation . . . . . . . . . . . . . . . . . . 3 56 2. Background . . . . . . . . . . . . . . . . . . . . . . . . . 3 57 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 58 4. Returning multiple answers . . . . . . . . . . . . . . . . . 4 59 5. The EXTRA Resource Record . . . . . . . . . . . . . . . . . . 5 60 5.1. File Format . . . . . . . . . . . . . . . . . . . . . . . 5 61 5.2. Wire Format . . . . . . . . . . . . . . . . . . . . . . . 5 62 6. Signaling support . . . . . . . . . . . . . . . . . . . . . . 6 63 7. Stub-Resolver Considerations . . . . . . . . . . . . . . . . 6 64 8. Use of Additional information . . . . . . . . . . . . . . . . 6 65 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 66 10. Security Considerations . . . . . . . . . . . . . . . . . . . 7 67 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 7 68 12. Normative References . . . . . . . . . . . . . . . . . . . . 7 69 Appendix A. Changes / Author Notes. . . . . . . . . . . . . . . 8 70 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 72 1. Introduction 74 In many cases a name being resolved in the DNS provides the reason 75 behind why the name is being resolved. This may allow the 76 authoritative nameserver to predict what other answers a recursive 77 resolver will soon query for. By providing multiple answers in the 78 response, the authoritative name server operator can assist a caching 79 recursive resolver in pre-populating its cache before a stub resolver 80 or other client asks for the subsequent queries. Apart from 81 decreasing the latency for end users [RFC6555], this also decreases 82 the total number of queries that the recursive resolver needs to send 83 and the authoritative server needs to answer. 85 For example, the domain name administrator of Example Widgets, Inc 86 (example.com) knows that the web page at www.example.com contains 87 various other resources, including some images (served from 88 images.example.com), some Cascading Style Sheets (served from 89 css.example.com) and some JavaScript (served from data.example.com). 90 An application attempting to resolve www.example.com is very likely 91 to be a web browser rendering the page and will likely also need to 92 resolve all of these additional names as well. Providing all of 93 these answers in response to a query for www.example.com allows the 94 recursive resolver to pre-populate its cache and have these answers 95 available immediately when a stub resolver or other DNS client asks 96 for them. What is important to notice here is that the stub resolver 97 does not know what other questions it will need to make until after 98 it has already made the request for www.exmaple.com, received the 99 reply, made the HTTP connection and parsed the HTML. 101 Other examples where this technique may be useful include SMTP (by 102 including mail server addresses, SPF and DKIM records when serving 103 the MX record), SRV (by providing the target information in addition 104 to the SRV response) and TLSA (by providing any TLSA records 105 associated with a name). This same technique can also be used to 106 include both the IPv4 (A) and IPv6 (AAAA) addresses for any singular 107 address query. 109 This technique, described in this document, is purely an optimization 110 and enables a zone publisher to distribute other related answers that 111 the client is likely to need along with an answer to the original 112 request. Users get a better experience, recursive resolvers need to 113 send less queries, authoritative servers have to answer fewer 114 queries, etc. 116 1.1. Requirements notation 118 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 119 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 120 document are to be interpreted as described in [RFC2119]. 122 2. Background 124 The existing DNS specifications [RFC1034] allow for supplemental 125 information to be included in the "additional" section of the DNS 126 response, but in order to defeat cache poisoning attacks most 127 implementations either ignore or don't trust additional records they 128 didn't ask for. For more background, see [Ref.Bellovin] and 129 [RFC2181]. 131 Not trusting the information in the additional section was necessary 132 since there was no way to authenticate it. If a resolver queries for 133 www.example.com and received answers for www.invalid.com as well, it 134 is impossible for a non-validating resolver to tell if these were 135 actually from invalid.com or if an attacker was trying to push bad 136 information for invalid.com into the resolver's cache. In a world of 137 ubiquitous DNSSEC deployment [Ed note: By the time this document is 138 published, there *will* be ubiquitous DNSSEC :-) ], a validating 139 resolver can validate, authenticate and trust the records in the 140 additional information. 142 3. Terminology 144 Additional records Additional records are records that the 145 authoritative nameserver has included in the Additional section. 147 EXTRA Resource Record The EXTRA resource record (defined below) 148 carries a list fo additional records to send. 150 Primary query A Primary query (or primary question) is a QNAME that 151 the name server operator would like to return additional answers 152 for. 154 Supporting DNSSEC information Supporting DNSSEC information is the 155 DNSSEC RRSIGs that prove the authenticity of the Additional 156 records. 158 Stub Resolver The term "Stub Resolver" is used in this document to 159 refer to the most common instance of a DNS client sending DNS 160 requests to a Recursive Resolver. However, other DNS clients are 161 not excluded from these usages and where we write "Stub Resolver" 162 you may read it as "Stub Resolver or other DNS client". 164 4. Returning multiple answers 166 The authoritative nameserver should include as many of the instructed 167 additional records identified by the Extra Resource Record and 168 Supporting DNSSEC information as will fit in the response packet. 169 These additional records (and Supporting DNSSEC information) are 170 appended to the additional section of the response. 172 In order to include additional records in a response, these 173 conditions need to be met: 175 1. Additional records MUST only be included when the Name Server is 176 authoritative for the zone, and the records to be returned are 177 DNSSEC signed. 179 2. The supporting DNSSEC information necessary to perform validation 180 on the records MUST be included. 182 3. The Authoritative Name Server SHOULD include as many of the 183 additional records as will fit in the response. Additional 184 records SHOULD be inserted in the order specified in the 185 Additional records list. 187 4. Zone administrators SHOULD only include records identified in the 188 EXTRA Resource Records that they expect a client to need. 190 5. The EXTRA Resource Record 192 To allow a zone content administrator to instruct the name server 193 which additional records to serve when it receives a query to a 194 label, we introduce the EXTRA Resource Record (RR). These additional 195 records are appended to the additional section (note that the EXTRA 196 RR itself is not appended). The EXTRA resource record MAY still be 197 queried for directly (e.g for debugging), in which case the record 198 itself is returned. 200 5.1. File Format 202 The format of the EXTRA RR is: 204 label EXTRA "label,type; label,type; label,type; ..." 206 For example, if the operator of example.com would like to also return 207 A record answers for images.example.com, css.html.example.com and 208 both an A and AAAA for data.example.com when queried for 209 www.example.com, they would create the following record: 211 www.example.com. EXTRA "images,A; css,A; data,A; data,AAAA;" 213 The entries in the EXTRA list are ordered. An authoritative 214 nameserver SHOULD insert the records in the order listed when filling 215 the response packet. This is to allow the operator to express a 216 preference in case all the records will not fit in the response. The 217 TTL of the records added to the Additional section are MUST be the 218 same as if queried directly. 220 In some cases a zone content administrator might not know what all 221 additional records clients need. For example, the owner of 222 www.example.com may have outsourced his DNS operations to a third 223 party. DNS administrators may be able to mine their query logs, and 224 see that, in a large majority of cases, a recursive server asks for 225 foo.example.com and then very soon after asks for bar.example.com, 226 and so may decide to optimize this by opportunistically returning bar 227 when queried for foo. This functionality could also be included in 228 the authoritative name server software itself, but discussions of 229 these are outside the scope of this document. 231 5.2. Wire Format 233 The wire format of the EXTRA RR is the same as the wire format for a 234 TXT RR: 236 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ 237 / TXT-DATA / 238 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ 240 Where TXT-DATA is one or more s. 242 The EXTRA RR has RR type TBD [RFC Editor: insert the IANA assigned 243 value and delete this note] 245 6. Signaling support 247 Recursive Resolvers (or other DNS clients) that support EXTRA records 248 MAY signal this by setting the OPT record's EXTRA bit (bit NN [TBD: 249 assigned by IANA] in the EDNS0 extension header to 1. 251 7. Stub-Resolver Considerations 253 No modifications need to be made to stub-resolvers to get the 254 predominate benefit of this protocol, since the majority of the speed 255 gain will take place between the validating recursive resolver and 256 the authoritative name server. However, stub resolvers may choose to 257 support this technique, and / or may query directly for the EXTRA RR 258 if it wants to pre-query for data that will likely be needed in the 259 process of supporting its application. 261 8. Use of Additional information 263 When receiving additional records in the additional section, a 264 resolver follows certain rules: 266 1. Additional records MUST be validated before being used. 268 2. Additional records SHOULD have lower priority in the cache than 269 answers received because they were requested. This is to help 270 evict Additional records from the cache first (to help prevent 271 cache filling attacks). 273 3. Recursive resolvers MAY choose to ignore Additional records for 274 any reason, including CPU or cache space concerns, phase of the 275 moon, etc. It may choose to accept all, some or none of the 276 Additional records. 278 9. IANA Considerations 280 This document contains the following IANA assignment requirements: 282 1. The EXTRA bit discussed in Section 6 needs to be allocated. 284 10. Security Considerations 286 Additional records will make DNS responses even larger than they are 287 currently, leading to larger records that can be used in DNS 288 reflection attacks. One could mitigate this by only serving 289 responses to EXTRA requests over TCP or when using Cookies [RFC5395], 290 although there is no easy way to signal this to a client other than 291 through the use of the truncate bit. 293 A malicious authoritative server could include a large number of 294 extra records (and associated DNSSEC information) and attempt to DoS 295 the recursive by making it do lots of DNSSEC validation. However, 296 this is not considered a realistic threat; CPU for validation is 297 cheap compared to bandwidth. This can be mitigated by allowing the 298 recursive resolver to ignore Additional records whenever it considers 299 itself under attack or its CPU resources are otherwise over- 300 committed. 302 This specification requires that the all of the Additional records 303 are signed, and all necessary DNSSEC information for validation be 304 included to avoid cache poisoning attacks. 306 11. Acknowledgements 308 The authors to thank Mark Andrews, John Dickinson, Kazunori Fujiwara, 309 Bob Harold, John Heidemann, Tony Finch. 311 12. Normative References 313 [Ref.Bellovin] 314 Bellovin, S., "Using the Domain Name System for System 315 Break-Ins", 1995, 316 . 318 [RFC1034] Mockapetris, P., "Domain names - concepts and facilities", 319 STD 13, RFC 1034, DOI 10.17487/RFC1034, November 1987, 320 . 322 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 323 Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/ 324 RFC2119, March 1997, 325 . 327 [RFC2181] Elz, R. and R. Bush, "Clarifications to the DNS 328 Specification", RFC 2181, DOI 10.17487/RFC2181, July 1997, 329 . 331 [RFC5395] Eastlake 3rd, D., "Domain Name System (DNS) IANA 332 Considerations", RFC 5395, DOI 10.17487/RFC5395, November 333 2008, . 335 [RFC6555] Wing, D. and A. Yourtchenko, "Happy Eyeballs: Success with 336 Dual-Stack Hosts", RFC 6555, DOI 10.17487/RFC6555, April 337 2012, . 339 [RFC7873] Eastlake 3rd, D. and M. Andrews, "Domain Name System (DNS) 340 Cookies", RFC 7873, DOI 10.17487/RFC7873, May 2016, 341 . 343 Appendix A. Changes / Author Notes. 345 [RFC Editor: Please remove this section before publication ] 347 From -03 to -04: 349 o Some additional text explaining how this differs from solutions 350 which include muiltiple queries (you don't know what to ask until 351 you have received some answers). 353 From -02 to -03: 355 o Sat down and rewrote and cleaned up large sections of text. 357 o Changed name of RR from Additional to EXTRA (the term "Additional" 358 is overloaded in general) 360 o Clarified that stub resolvers and other clients MAY use this 361 specification. 363 o Attempted to clarify that the individual RRs are added to the 364 response, not the EXTRA record itself. The EXTRA RR can be 365 queried directly. 367 From -00 to -01: 369 o Nothing change in the template. 371 Authors' Addresses 372 Warren Kumari 373 Google 374 1600 Amphitheatre Parkway 375 Mountain View, CA 94043 376 US 378 Email: warren@kumari.net 380 Zhiwei Yan 381 CNNIC 382 No.4 South 4th Street, Zhongguancun 383 Beijing 100190 384 P. R. China 386 Email: yanzhiwei@cnnic.cn 388 Wes Hardaker 389 USC/ISI 390 P.O. Box 382 391 Davis, CA 95617 392 US 394 Email: ietf@hardakers.net