draft-kerr-ixfr-only-01.txt revision ac0680e9ebb2dc4235e4381232c457876fae792f
6a42ab64276ff832a47e009be1208f7c7d4da22dAutomatic UpdaterDNSext Working Group O. Sury
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic UpdaterUpdates: 1995 (if approved) S. Kerr, Ed.
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic UpdaterIntended status: Standards Track ISC
6a42ab64276ff832a47e009be1208f7c7d4da22dAutomatic UpdaterExpires: August 30, 2010 February 26, 2010
6a42ab64276ff832a47e009be1208f7c7d4da22dAutomatic Updater IXFR-ONLY to Prevent IXFR Fallback to AXFR
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater draft-kerr-ixfr-only-01
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater This documents proposes a new QTYPE (Query pseudo RRtype) for the
ea94d370123a5892f6c47a97f21d1b28d44bb168Tinderbox User Domain Name System (DNS). IXFR-ONLY is a variant of IXFR (RFC 1995)
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater that allows an authoritative server to incrementally update zone
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater content from another (primary) server without falling back from IXFR
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater to AXFR. This way, alternate peers can be contacted more quickly and
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater convergence of zone content may be achieved much faster in important,
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater resilient operational scenarios.
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic UpdaterStatus of this Memo
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater This Internet-Draft is submitted to IETF in full conformance with the
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater provisions of BCP 78 and BCP 79.
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater Internet-Drafts are working documents of the Internet Engineering
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater Task Force (IETF), its areas, and its working groups. Note that
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater other groups may also distribute working documents as Internet-
b6b8f8a0362da8c749021c4b6376cfb96047912bTinderbox User Internet-Drafts are draft documents valid for a maximum of six months
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater and may be updated, replaced, or obsoleted by other documents at any
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater time. It is inappropriate to use Internet-Drafts as reference
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater material or to cite them other than as "work in progress."
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater The list of current Internet-Drafts can be accessed at
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater http://www.ietf.org/ietf/1id-abstracts.txt.
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater The list of Internet-Draft Shadow Directories can be accessed at
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater This Internet-Draft will expire on August 30, 2010.
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic UpdaterCopyright Notice
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater Copyright (c) 2010 IETF Trust and the persons identified as the
b46346eb3026ba4bebc093bc93cfe159131e541eTinderbox User document authors. All rights reserved.
d060d8669f5558690e7faf4a1c12fe5c02a7c60dAutomatic UpdaterSury & Kerr Expires August 30, 2010 [Page 1]
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic UpdaterInternet-Draft IXFR-ONLY February 2010
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater This document is subject to BCP 78 and the IETF Trust's Legal
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater Provisions Relating to IETF Documents
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater (http://trustee.ietf.org/license-info) in effect on the date of
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater publication of this document. Please review these documents
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater carefully, as they describe your rights and restrictions with respect
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater to this document. Code Components extracted from this document must
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater include Simplified BSD License text as described in Section 4.e of
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater the Trust Legal Provisions and are provided without warranty as
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater described in the BSD License.
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic UpdaterTable of Contents
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater 1.1. Requirements Language . . . . . . . . . . . . . . . . . . . 3
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater 2. IXFR Server Side . . . . . . . . . . . . . . . . . . . . . . . 4
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater 3. IXFR Client Side . . . . . . . . . . . . . . . . . . . . . . . 4
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater 4. Applicability of IXFR-ONLY . . . . . . . . . . . . . . . . . . 5
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 5
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater 6. Security Considerations . . . . . . . . . . . . . . . . . . . . 5
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater 7. Normative References . . . . . . . . . . . . . . . . . . . . . 5
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 6
ed4475f3f583f6137b4ff7fea775c5363a4fdb29Automatic UpdaterSury & Kerr Expires August 30, 2010 [Page 2]
ed4475f3f583f6137b4ff7fea775c5363a4fdb29Automatic UpdaterInternet-Draft IXFR-ONLY February 2010
d060d8669f5558690e7faf4a1c12fe5c02a7c60dAutomatic Updater1. Introduction
d060d8669f5558690e7faf4a1c12fe5c02a7c60dAutomatic Updater For large DNS zones, RFC 1995 [RFC1995] defines Incremental Zone
d060d8669f5558690e7faf4a1c12fe5c02a7c60dAutomatic Updater Transfer (IXFR), which allows only to transfer the changed portion(s)
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater In the document, an IXFR client and an IXFR server is defined as in
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater RFC 1995 [RFC1995], a secondary name server which requests IXFR is
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater called an IXFR client and a primary or secondary name server which
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater responds to the request is called an IXFR server.
852ccdd42a71550c974111b49415204ffeca6573Automatic Updater IXFR is an efficient way to transfer changes in zones from IXFR
852ccdd42a71550c974111b49415204ffeca6573Automatic Updater servers to IXFR clients. However, when an IXFR client has multiple
852ccdd42a71550c974111b49415204ffeca6573Automatic Updater IXFR servers for a single zone, it is possible that not all IXFR
852ccdd42a71550c974111b49415204ffeca6573Automatic Updater servers have the zone with same serial number for that zone. In this
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater case, if an IXFR client attempts an IXFR from an IXFR server which
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater does not have zone with the serial number used by the IXFR client,
852ccdd42a71550c974111b49415204ffeca6573Automatic Updater the IXFR server will fall back to a full zone transfer (AXFR) when it
f39512a917cdd06c611d366603374f6ef570c80eTinderbox User has a version of the zone with serial number greater than the serial
f39512a917cdd06c611d366603374f6ef570c80eTinderbox User requested by the IXFR client.
f39512a917cdd06c611d366603374f6ef570c80eTinderbox User For example, IXFR server NS1 may have serial numbers 1, 2, and 3 for
f39512a917cdd06c611d366603374f6ef570c80eTinderbox User a zone, and IXFR server NS2 may have serial numbers 1 and 3 for the
f39512a917cdd06c611d366603374f6ef570c80eTinderbox User same zone. An IXFR client that has the zone with serial number 2
f39512a917cdd06c611d366603374f6ef570c80eTinderbox User which sends an IXFR request to IXFR server NS2 will get a full zone
852ccdd42a71550c974111b49415204ffeca6573Automatic Updater transfer (AXFR) of the zone at serial number 3. This is because NS2
852ccdd42a71550c974111b49415204ffeca6573Automatic Updater does not know the zone with serial number 2, and therefore does not
852ccdd42a71550c974111b49415204ffeca6573Automatic Updater know what the differences are between zone with serial number 2 and
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater If the IXFR client in this example had known to send the query to
852ccdd42a71550c974111b49415204ffeca6573Automatic Updater IXFR server NS1, then it could have gotten an incremental transfer
852ccdd42a71550c974111b49415204ffeca6573Automatic Updater (IXFR). But IXFR clients can only know what the latest version of
852ccdd42a71550c974111b49415204ffeca6573Automatic Updater the zone is at a IXFR server (this information is available via an
852ccdd42a71550c974111b49415204ffeca6573Automatic Updater The IXFR-ONLY query type provides a way for the IXFR client to ask
852ccdd42a71550c974111b49415204ffeca6573Automatic Updater each IXFR server to return an error instead of sending the current
852ccdd42a71550c974111b49415204ffeca6573Automatic Updater version of the zone via full zone transfer (AXFR). By using this, a
852ccdd42a71550c974111b49415204ffeca6573Automatic Updater IXFR client can check each IXFR server until it finds one able to
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater1.1. Requirements Language
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
ed4475f3f583f6137b4ff7fea775c5363a4fdb29Automatic Updater "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
852ccdd42a71550c974111b49415204ffeca6573Automatic Updater document are to be interpreted as described in RFC 2119 [RFC2119].
852ccdd42a71550c974111b49415204ffeca6573Automatic UpdaterSury & Kerr Expires August 30, 2010 [Page 3]
3cddb2c552ee6582e8db0849c28747f6b6ca57feAutomatic UpdaterInternet-Draft IXFR-ONLY February 2010
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater2. IXFR Server Side
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater A IXFR server receiving a DNS message requesting IXFR-ONLY will reply
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater as described in RFC 1995 [RFC1995] if it is able to produce an IXFR
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater for the serial number requested.
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater If the IXFR server is is not able to reply with an IXFR it MUST NOT
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater reply with an AXFR unless AXFR result is smaller than IXFR result.
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater Instead, it MUST reply with RCODE CannotIXFR. (!FIXME)
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater If the IXFR result is larger than an AXFR, then an IXFR server MAY
852ccdd42a71550c974111b49415204ffeca6573Automatic Updater reply with an AXFR result instead. This is an optimization, and IXFR
852ccdd42a71550c974111b49415204ffeca6573Automatic Updater servers MAY only reply with AXFR if they are certain that the reply
852ccdd42a71550c974111b49415204ffeca6573Automatic Updater using AXFR is smaller than an equivalent IXFR reply.
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater3. IXFR Client Side
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater An IXFR client who wishes to use IXFR-ONLY will send a message to one
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater of the IXFR servers. The format is exactly the same as for IXFR,
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater except the IXFR-ONLY QTYPE code is used instead of the IXFR QTYPE
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater If the IXFR server replies with IXFR, then the IXFR client is done.
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater If the IXFR server replies with an RCODE of CannotIXFR, then the IXFR
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater client proceeds on to a different IXFR server. In this case the IXFR
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater server implements IXFR-ONLY, but does not have information about zone
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater with the serial number requested.
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater If the IXFR server replies with any RCODE other than CannotIXFR or
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater NoError, then the IXFR client proceeds on to a different IXFR server.
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater In this case the IXFR server does not implement IXFR-ONLY.
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater If the IXFR client attempts IXFR-ONLY to each IXFR server and none of
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater them reply with an incremental transfer (IXFR), then it should
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater attempt an IXFR as described in RFC 1995 [RFC1995] to each of the
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater IXFR servers which replied with an RCODE other than CannotIXFR or
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater The method described above allows IXFR clients to operate normally in
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater situatians where some of the IXFR servers do support IXFR-ONLY, and
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater some who do not. IXFR clients MAY remember which IXFR servers
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater support IXFR-ONLY and query those IXFR servers first. However since
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater IXFR servers may change software or even run a mix of software, IXFR
ea94d370123a5892f6c47a97f21d1b28d44bb168Tinderbox User clients MUST attempt to query each IXFR server periodically when they
ea94d370123a5892f6c47a97f21d1b28d44bb168Tinderbox User attempt to get new versions of a zone.
ea94d370123a5892f6c47a97f21d1b28d44bb168Tinderbox UserSury & Kerr Expires August 30, 2010 [Page 4]
ea94d370123a5892f6c47a97f21d1b28d44bb168Tinderbox UserInternet-Draft IXFR-ONLY February 2010
ea94d370123a5892f6c47a97f21d1b28d44bb168Tinderbox User Implementations MAY allow IXFR clients to disable IXFR-ONLY for a
ea94d370123a5892f6c47a97f21d1b28d44bb168Tinderbox User given IXFR server, if this is known in advance. These IXFR servers
ea94d370123a5892f6c47a97f21d1b28d44bb168Tinderbox User are treated as if they replied with an RCODE other than CannotIXFR or
ea94d370123a5892f6c47a97f21d1b28d44bb168Tinderbox User NoError, although no query with IXFR-ONLY is actually sent.
b46346eb3026ba4bebc093bc93cfe159131e541eTinderbox User4. Applicability of IXFR-ONLY
b46346eb3026ba4bebc093bc93cfe159131e541eTinderbox User Implementations SHOULD allow IXFR clients to disable IXFR-ONLY
b68a2d272b958eb2c40cce59ee33e71c5f5f521bTinderbox User Implementations MAY allow IXFR clients to disable IXFR-ONLY for a
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater specific zone. This may be useful for small zones, where fallback to
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater AXFR is cheap, or in other cases where IXFR-ONLY is causing problems.
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater Usage of IXFR-ONLY may cause IXFR clients to prefer particular IXFR
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater servers, by shifting load to ones that support IXFR-ONLY. If this a
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater problem, then administrators can disable IXFR-ONLY in implementations
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater that allow it.
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater If a IXFR client has a single IXFR server for a zone, it SHOULD use
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater IXFR rather than IXFR-ONLY.
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater5. IANA Considerations
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater IANA allocates the new IXFR-ONLY QTYPE, which means "incremental
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater transfer only". IANA allocates the CannotIXFR RCODE, which means
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater "Server cannot provide IXFR for zone".
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater6. Security Considerations
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater IXFR-ONLY may be used by someone to get information about the state
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater of IXFR servers by providing a quick and efficient way to check which
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater versions of a zone each IXFR server supports. Zones should be
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater secured via TSIG [RFC2845] to prevent unauthorized information
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater exposure. However, even administrators of IXFR servers may not want
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater this information given to IXFR clients, in which case they will need
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater to disable IXFR-ONLY.
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater7. Normative References
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater [RFC1995] Ohta, M., "Incremental Zone Transfer in DNS", RFC 1995,
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic UpdaterSury & Kerr Expires August 30, 2010 [Page 5]
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic UpdaterInternet-Draft IXFR-ONLY February 2010
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater Requirement Levels", BCP 14, RFC 2119, March 1997.
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater [RFC2845] Vixie, P., Gudmundsson, O., Eastlake, D., and B.
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater Wellington, "Secret Key Transaction Authentication for DNS
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater (TSIG)", RFC 2845, May 2000.
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic UpdaterAuthors' Addresses
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater 120 00 Praha 2
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater Phone: +420 222 745 110
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater Email: ondrej.sury@nic.cz
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater Shane Kerr (editor)
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater Bennebrokestraat 17-I
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater 1015 PE Amsterdam
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater Phone: +31 64 6336297
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater Email: shane@isc.org
731cc132f22dbc9e0ecd7035dce314a61076d31bAutomatic UpdaterSury & Kerr Expires August 30, 2010 [Page 6]