summaryrefslogtreecommitdiff
path: root/contrib/bind9/doc/rfc/rfc2540.txt
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/bind9/doc/rfc/rfc2540.txt')
-rw-r--r--contrib/bind9/doc/rfc/rfc2540.txt339
1 files changed, 0 insertions, 339 deletions
diff --git a/contrib/bind9/doc/rfc/rfc2540.txt b/contrib/bind9/doc/rfc/rfc2540.txt
deleted file mode 100644
index 631480618867..000000000000
--- a/contrib/bind9/doc/rfc/rfc2540.txt
+++ /dev/null
@@ -1,339 +0,0 @@
-
-
-
-
-
-
-Network Working Group D. Eastlake
-Request for Comments: 2540 IBM
-Category: Experimental March 1999
-
-
- Detached Domain Name System (DNS) Information
-
-Status of this Memo
-
- This memo defines an Experimental Protocol for the Internet
- community. It does not specify an Internet standard of any kind.
- Discussion and suggestions for improvement are requested.
- Distribution of this memo is unlimited.
-
-Copyright Notice
-
- Copyright (C) The Internet Society (1999). All Rights Reserved.
-
-Abstract
-
- A standard format is defined for representing detached DNS
- information. This is anticipated to be of use for storing
- information retrieved from the Domain Name System (DNS), including
- security information, in archival contexts or contexts not connected
- to the Internet.
-
-Table of Contents
-
- Abstract...................................................1
- 1. Introduction............................................1
- 2. General Format..........................................2
- 2.1 Binary Format..........................................3
- 2.2. Text Format...........................................4
- 3. Usage Example...........................................4
- 4. IANA Considerations.....................................4
- 5. Security Considerations.................................4
- References.................................................5
- Author's Address...........................................5
- Full Copyright Statement...................................6
-
-1. Introduction
-
- The Domain Name System (DNS) is a replicated hierarchical distributed
- database system [RFC 1034, 1035] that can provide highly available
- service. It provides the operational basis for Internet host name to
- address translation, automatic SMTP mail routing, and other basic
- Internet functions. The DNS has been extended as described in [RFC
- 2535] to permit the general storage of public cryptographic keys in
-
-
-
-Eastlake Experimental [Page 1]
-
-RFC 2540 Detached DNS Information March 1999
-
-
- the DNS and to enable the authentication of information retrieved
- from the DNS though digital signatures.
-
- The DNS was not originally designed for storage of information
- outside of the active zones and authoritative master files that are
- part of the connected DNS. However there may be cases where this is
- useful, particularly in connection with archived security
- information.
-
-2. General Format
-
- The formats used for detached Domain Name System (DNS) information
- are similar to those used for connected DNS information. The primary
- difference is that elements of the connected DNS system (unless they
- are an authoritative server for the zone containing the information)
- are required to count down the Time To Live (TTL) associated with
- each DNS Resource Record (RR) and discard them (possibly fetching a
- fresh copy) when the TTL reaches zero. In contrast to this, detached
- information may be stored in a off-line file, where it can not be
- updated, and perhaps used to authenticate historic data or it might
- be received via non-DNS protocols long after it was retrieved from
- the DNS. Therefore, it is not practical to count down detached DNS
- information TTL and it may be necessary to keep the data beyond the
- point where the TTL (which is defined as an unsigned field) would
- underflow. To preserve information as to the freshness of this
- detached data, it is accompanied by its retrieval time.
-
- Whatever retrieves the information from the DNS must associate this
- retrieval time with it. The retrieval time remains fixed thereafter.
- When the current time minus the retrieval time exceeds the TTL for
- any particular detached RR, it is no longer a valid copy within the
- normal connected DNS scheme. This may make it invalid in context for
- some detached purposes as well. If the RR is a SIG (signature) RR it
- also has an expiration time. Regardless of the TTL, it and any RRs
- it signs can not be considered authenticated after the signature
- expiration time.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Eastlake Experimental [Page 2]
-
-RFC 2540 Detached DNS Information March 1999
-
-
-2.1 Binary Format
-
- The standard binary format for detached DNS information is as
- follows:
-
- 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | first retrieval time |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | RR count | |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Resource Records (RRs) |
- / /
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|
- | next retrieval time |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | RR count | |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Resource Records (RRs) |
- / /
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- / ... /
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | hex 20 |
- +-+-+-+-+-+-+-+-+
-
- Retrieval time - the time that the immediately following information
- was obtained from the connected DNS system. It is an unsigned
- number of seconds since the start of 1 January 1970, GMT,
- ignoring leap seconds, in network (big-endian) order. Note that
- this time can not be before the initial proposal of this
- standard. Therefore, the initial byte of an actual retrieval
- time, considered as a 32 bit unsigned quantity, would always be
- larger than 20 hex. The end of detached DNS information is
- indicated by a "retrieval time" field initial byte equal to 0x20.
- Use of a "retrieval time" field with a leading unsigned byte of
- zero indicates a 64 bit (actually 8 leading zero bits plus a 56
- bit quantity). This 64 bit format will be required when
- retrieval time is larger than 0xFFFFFFFF, which is some time in
- the year 2106. The meaning of retrieval times with an initial
- byte between 0x01 and 0x1F is reserved (see section 5).
- Retrieval times will not generally be 32 bit aligned with respect
- to each other due to the variable length nature of RRs.
-
- RR count - an unsigned integer number (with bytes in network order)
- of following resource records retrieved at the preceding
- retrieval time.
-
-
-
-
-
-Eastlake Experimental [Page 3]
-
-RFC 2540 Detached DNS Information March 1999
-
-
- Resource Records - the actual data which is in the same format as if
- it were being transmitted in a DNS response. In particular, name
- compression via pointers is permitted with the origin at the
- beginning of the particular detached information data section,
- just after the RR count.
-
-2.2. Text Format
-
- The standard text format for detached DNS information is as
- prescribed for zone master files [RFC 1035] except that the $INCLUDE
- control entry is prohibited and the new $DATE entry is required
- (unless the information set is empty). $DATE is followed by the date
- and time that the following information was obtained from the DNS
- system as described for retrieval time in section 2.1 above. It is
- in the text format YYYYMMDDHHMMSS where YYYY is the year (which may
- be more than four digits to cover years after 9999), the first MM is
- the month number (01-12), DD is the day of the month (01-31), HH is
- the hour in 24 hours notation (00-23), the second MM is the minute
- (00-59), and SS is the second (00-59). Thus a $DATE must appear
- before the first RR and at every change in retrieval time through the
- detached information.
-
-3. Usage Example
-
- A document might be authenticated by a key retrieved from the DNS in
- a KEY resource record (RR). To later prove the authenticity of this
- document, it would be desirable to preserve the KEY RR for that
- public key, the SIG RR signing that KEY RR, the KEY RR for the key
- used to authenticate that SIG, and so on through SIG and KEY RRs
- until a well known trusted key is reached, perhaps the key for the
- DNS root or some third party authentication service. (In some cases
- these KEY RRs will actually be sets of KEY RRs with the same owner
- and class because SIGs actually sign such record sets.)
-
- This information could be preserved as a set of detached DNS
- information blocks.
-
-4. IANA Considerations
-
- Allocation of meanings to retrieval time fields with a initial byte
- of between 0x01 and 0x1F requires an IETF consensus.
-
-5. Security Considerations
-
- The entirety of this document concerns a means to represent detached
- DNS information. Such detached resource records may be security
- relevant and/or secured information as described in [RFC 2535]. The
- detached format provides no overall security for sets of detached
-
-
-
-Eastlake Experimental [Page 4]
-
-RFC 2540 Detached DNS Information March 1999
-
-
- information or for the association between retrieval time and
- information. This can be provided by wrapping the detached
- information format with some other form of signature. However, if
- the detached information is accompanied by SIG RRs, its validity
- period is indicated in those SIG RRs so the retrieval time might be
- of secondary importance.
-
-References
-
- [RFC 1034] Mockapetris, P., "Domain Names - Concepts and
- Facilities", STD 13, RFC 1034, November 1987.
-
- [RFC 1035] Mockapetris, P., " Domain Names - Implementation and
- Specifications", STD 13, RFC 1035, November 1987.
-
- [RFC 2535] Eastlake, D., "Domain Name System Security Extensions",
- RFC 2535, March 1999.
-
-Author's Address
-
- Donald E. Eastlake 3rd
- IBM
- 65 Shindegan Hill Road, RR #1
- Carmel, NY 10512
-
- Phone: +1-914-276-2668(h)
- +1-914-784-7913(w)
- Fax: +1-914-784-3833(w)
- EMail: dee3@us.ibm.com
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Eastlake Experimental [Page 5]
-
-RFC 2540 Detached DNS Information March 1999
-
-
-Full Copyright Statement
-
- Copyright (C) The Internet Society (1999). All Rights Reserved.
-
- This document and translations of it may be copied and furnished to
- others, and derivative works that comment on or otherwise explain it
- or assist in its implementation may be prepared, copied, published
- and distributed, in whole or in part, without restriction of any
- kind, provided that the above copyright notice and this paragraph are
- included on all such copies and derivative works. However, this
- document itself may not be modified in any way, such as by removing
- the copyright notice or references to the Internet Society or other
- Internet organizations, except as needed for the purpose of
- developing Internet standards in which case the procedures for
- copyrights defined in the Internet Standards process must be
- followed, or as required to translate it into languages other than
- English.
-
- The limited permissions granted above are perpetual and will not be
- revoked by the Internet Society or its successors or assigns.
-
- This document and the information contained herein is provided on an
- "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
- TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
- BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
- HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
- MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Eastlake Experimental [Page 6]
-
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-22 11:29:24 +0000