draft-ietf-dnsind-rfc2052bis-02.txt revision 599c6d44f4d41aab5d3da98214492eb26e674b65
842ae4bd224140319ae7feec1872b93dfd491143fieldingApplications Area Arnt Gulbrandsen
842ae4bd224140319ae7feec1872b93dfd491143fieldingINTERNET-DRAFT Troll Technologies
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholesObsoletes: RFC 2052 Internet Software Consortium
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes January 1999
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes A DNS RR for specifying the location of services (DNS SRV)
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholesStatus of this Memo
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes This document is an Internet-Draft. Internet-Drafts are working
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes documents of the Internet Engineering Task Force (IETF), its areas,
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes and its working groups. Note that other groups may also distribute
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes working documents as Internet-Drafts.
e8f95a682820a599fe41b22977010636be5c2717jim Internet-Drafts are draft documents valid for a maximum of six months
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes and may be updated, replaced, or obsoleted by other documents at any
e8f95a682820a599fe41b22977010636be5c2717jim time. It is inappropriate to use Internet-Drafts as reference
1747d30b98aa1bdbc43994c02cd46ab4cb9319e4fielding material or to cite them other than as "work in progress."
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes To view the entire list of current Internet-Drafts, please check the
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes Directories on ftp.is.co.za (Africa), ftp.nordu.net (Northern
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes Europe), ftp.nis.garr.it (Southern Europe), munnari.oz.au (Pacific
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes Rim), ftp.ietf.org (US East Coast), or ftp.isi.edu (US West Coast).
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes This document describes a DNS RR which specifies the location of the
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes server(s) for a specific protocol and domain (like a more general
5c0419d51818eb02045cf923a9fe456127a44c60wrowe form of MX).
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholesOverview and rationale
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes Currently, one must either know the exact address of a server to
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes contact it, or broadcast a question. This has led to, for example,
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes ftp.whatever.com aliases [RFC 2219], the SMTP-specific MX RR, and
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes using MAC-level broadcasts to locate servers.
d266c3777146d36a4c23c17aad6f153aebea1bf4jorton The SRV RR allows administrators to use several servers for a single
d266c3777146d36a4c23c17aad6f153aebea1bf4jorton domain, to move services from host to host with little fuss, and to
d266c3777146d36a4c23c17aad6f153aebea1bf4jorton designate some hosts as primary servers for a service and others as
22f8da8087791fcb95b836c8a81937c5a9bba202bnicholes Clients ask for a specific service/protocol for a specific domain
22f8da8087791fcb95b836c8a81937c5a9bba202bnicholes (the word domain is used here in the strict RFC 1034 sense), and get
22f8da8087791fcb95b836c8a81937c5a9bba202bnicholes back the names of any available servers.
cd3bbd6d2df78d6c75e5d159a81ef8bdd5f70df9trawickGulbrandsen and Vixie Proposed [Page 1]
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholesRFC 2052bis DNS SRV RR January 1999
0568280364eb026393be492ebc732795c4934643jorton Note that where this document refers to "address records", it means A
0568280364eb026393be492ebc732795c4934643jorton RR's, AAAA RR's, or their most modern equivalent.
0568280364eb026393be492ebc732795c4934643jortonIntroductory example
0568280364eb026393be492ebc732795c4934643jorton If a SRV-cognizant web-browser wants to retrieve
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener it does a lookup of
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes and retrieves the document from one of the servers in the reply. The
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes example zone file near the end of this memo contains answering RRs
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes for this query.
796e4a7141265d8ed7036e4628161c6eafb2a789jorton The key words "MUST", "MUST NOT", "SHOULD", "SHOULD NOT" and "MAY"
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes used in this document are to be interpreted as specified in BCP 14.
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes Other terms used in this document are defined in the DNS
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes specification, RFC 1034.
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholesThe format of the SRV RR
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes Here is the format of the SRV RR, whose DNS type code is 33:
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes _Service._Proto.Name TTL Class SRV Priority Weight Port Target
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes (There is an example near the end of this document.)
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes The symbolic name of the desired service, as defined in Assigned
8113dac419143273351446c3ad653f3fe5ba5cfdwrowe Numbers [STD 2] or locally. An underscore (_) is prepended to
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes the service identifier to avoid collisions with DNS labels that
482f676c6c19b1c5bb5cca04dad11509c1da3a4cwrowe occur in nature.
482f676c6c19b1c5bb5cca04dad11509c1da3a4cwrowe Some widely used services, notably POP, don't have a single
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes universal name. If Assigned Numbers names the service
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes indicated, that name is the only name which is legal for SRV
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes lookups. Only locally defined services may be named locally.
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes The Service is case insensitive.
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes The symbolic name of the desired protocol, with an underscore
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes (_) prepended to prevent collisions with DNS labels that occur
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholesGulbrandsen and Vixie Proposed [Page 2]
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholesRFC 2052bis DNS SRV RR January 1999
482f676c6c19b1c5bb5cca04dad11509c1da3a4cwrowe in nature. _TCP and _UDP are at present the most useful values
482f676c6c19b1c5bb5cca04dad11509c1da3a4cwrowe for this field, though any name defined by Assigned Numbers or
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes locally may be used (as for Service). The Proto is case
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes insensitive.
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes The domain this RR refers to. The SRV RR is unique in that the
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes name one searches for is not this name; the example near the end
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes shows this clearly.
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes Standard DNS meaning [RFC 1035].
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes Standard DNS meaning [RFC 1035]. SRV records occur in the IN
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes As for MX, the priority of this target host. A client MUST
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes attempt to contact the target host with the lowest-numbered
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes priority it can reach; target hosts with the same priority
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes SHOULD be tried in an order defined by the weight field. The
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes range is 0-65535. This is a 16 bit binary integer in network
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes A load balancing mechanism. When selecting a target host among
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes the those that have the same priority, the chance of trying this
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes one first SHOULD be proportional to its weight, as specified
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes below. Larger weights lead to a higher probability of being
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener selected. The range of this number is 0-65535. This is a 16
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener bit binary integer in network byte order. Domain administrators
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener are urged to use Weight 0 when there isn't any load balancing to
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener do, to make the RR easier to read for humans (less noisy). In
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener the presence records containing weights greater than 0, records
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes with weight 0 have a very small chance of being selected.
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes To choose the target, the client SHOULD implement the effect of
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener this algorithm. This permits administrators to plan weights to
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes achieve the load distribution desired. Each time a target is
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes needed, the client should order the remaining (not previously
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes used) SRV RRs at the current priority in any random fashion,
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes except placing all those with weight 0 at the beginning of the
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes list. Compute the sum of the weights of those RRs, and with
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes each RR associate the running sum in the selected order. Then
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener choose a random number (not necessarily of integral value)
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes between 0 and the sum computed (inclusive), and select the RR
8113dac419143273351446c3ad653f3fe5ba5cfdwrowe whose running sum value is the first in the selected order which
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholesGulbrandsen and Vixie Proposed [Page 3]
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholesRFC 2052bis DNS SRV RR January 1999
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes is greater than or equal to the random number selected.
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes The port on this target host of this service. The range is
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes 0-65535. This is a 16 bit binary integer in network byte order.
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes This is often as specified in Assigned Numbers but need not be.
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener As for MX, the domain name of the target host. There MUST be
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener one or more address records for this name, the name MUST NOT be
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener an alias (in the sense of RFC 1034 or RFC 2181). Implementors
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes are urged, but not required, to return the address record(s) in
8113dac419143273351446c3ad653f3fe5ba5cfdwrowe the Additional Data section. Unless and until permitted by
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes future standards action, name compression is not to be used for
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes A Target of "." means that the service is decidedly not
9ad7b260be233be7d7b5576979825cac72e15498rederpj available at this domain.
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholesApplicability Statement
f43b67c5a9d29b572eac916f8335cedc80c908bebnicholes In general, it is expected that SRV records will be used by clients
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes for applications where the relevant protocol specification indicates
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes that clients should use the SRV record. The examples in this
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes document use familiar protocols as an aid in understanding. It is
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes not intended that those protocols will necessarily use SRV records.
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholesDomain administrator advice
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes Expecting everyone to update their client applications when the first
3e6d7277b90d3011db832139afc20efb5f17e203rederpj internet site adds a SRV RR for some server is futile (even if
3e6d7277b90d3011db832139afc20efb5f17e203rederpj desirable). Therefore SRV would have to coexist with address record
3e6d7277b90d3011db832139afc20efb5f17e203rederpj lookups for existing protocols, and DNS administrators should try to
3e6d7277b90d3011db832139afc20efb5f17e203rederpj provide address records to support old clients:
f43b67c5a9d29b572eac916f8335cedc80c908bebnicholes - Where the services for a single domain are spread over several
e8f95a682820a599fe41b22977010636be5c2717jim hosts, it seems advisable to have a list of address records at
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener the same DNS node as the SRV RR, listing reasonable (if perhaps
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener suboptimal) fallback hosts for Telnet, NNTP and other protocols
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener likely to be used with this name. Note that some programs only
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener try the first address they get back from e.g. gethostbyname(),
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener and we don't know how widespread this behavior is.
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener - Where one service is provided by several hosts, one can either
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener provide address records for all the hosts (in which case the
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener round-robin mechanism, where available, will share the load
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener equally) or just for one (presumably the fastest).
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovenerGulbrandsen and Vixie Proposed [Page 4]
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovenerRFC 2052bis DNS SRV RR January 1999
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener - If a host is intended to provide a service only when the main
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener server(s) is/are down, it probably shouldn't be listed in
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener address records.
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener - Hosts that are referenced by backup address records must use the
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener port number specified in Assigned Numbers for the service.
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener - Designers of future protocols for which "secondary servers" is
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener not useful (or meaningful) may choose to not use SRV's support
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener for secondary servers. Clients for such protocols may use or
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener ignore SRV RRs with Priority higher than the RR with the lowest
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener Priority for a domain.
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener Currently there's a practical limit of 512 bytes for DNS replies.
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener Until all resolvers can handle larger responses, domain
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener administrators are strongly advised to keep their SRV replies below
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes All round numbers, wrote Dr. Johnson, are false, and these numbers
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes are very round: A reply packet has a 30-byte overhead plus the name
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener of the service ("_telnet._tcp.example.com" for instance); each SRV RR
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener adds 20 bytes plus the name of the target host; each NS RR in the NS
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener section is 15 bytes plus the name of the name server host; and
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener finally each A RR in the additional data section is 20 bytes or so,
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener and there are A's for each SRV and NS RR mentioned in the answer.
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener This size estimate is extremely crude, but shouldn't underestimate
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener the actual answer size by much. If an answer may be close to the
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener limit, using a DNS query tool (e.g. "dig") to look at the actual
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener answer is a good idea.
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovenerThe "Weight" field
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener Weight, the load balancing field, is not quite satisfactory, but the
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener actual load on typical servers changes much too quickly to be kept
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener around in DNS caches. It seems to the authors that offering
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener administrators a way to say "this machine is three times as fast as
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener that one" is the best that can practically be done.
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes The only way the authors can see of getting a "better" load figure is
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes asking a separate server when the client selects a server and
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes contacts it. For short-lived services like SMTP an extra step in the
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes connection establishment seems too expensive, and for long-lived
0e05808dc59a321566303084c84b9826a4353cefrederpj services like telnet, the load figure may well be thrown off a minute
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes after the connection is established when someone else starts or
b08925593f214f621161742925dcf074a8047e0acovener finishes a heavy job.
e8f95a682820a599fe41b22977010636be5c2717jimGulbrandsen and Vixie Proposed [Page 5]
3dfeb02cfb853d8717ca0cc259b59fea610173f5bnicholesRFC 2052bis DNS SRV RR January 1999
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholesThe Port number
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes Currently, the translation from service name to port number happens
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes at the client, often using a file such as /etc/services.
ebe5305f8b22507374358f32b74d12fb50c05a25covener Moving this information to the DNS makes it less necessary to update
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes these files on every single computer of the net every time a new
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes service is added, and makes it possible to move standard services out
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes of the "root-only" port range on unix.
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes A SRV-cognizant client SHOULD use this procedure to locate a list of
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes servers and connect to the preferred one:
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes Do a lookup for QNAME=_service._protocol.target, QCLASS=IN,
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes If the reply is NOERROR, ANCOUNT>0 and there is at least one SRV
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes RR which specifies the requested Service and Protocol in the
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes If there is precisely one SRV RR, and its Target is "."
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes (the root domain), abort.
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes Else, for all such RR's, build a list of (Priority, Weight,
9ad7b260be233be7d7b5576979825cac72e15498rederpj Target) tuples
9ad7b260be233be7d7b5576979825cac72e15498rederpj Sort the list by priority (lowest number first)
9ad7b260be233be7d7b5576979825cac72e15498rederpj Create a new empty list
9ad7b260be233be7d7b5576979825cac72e15498rederpj For each distinct priority level
9ad7b260be233be7d7b5576979825cac72e15498rederpj While there are still elements left at this priority
9ad7b260be233be7d7b5576979825cac72e15498rederpj Select an element randomly, with probability
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes Weight, as specified above, and move it to the
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes tail of the new list
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes For each element in the new list
ebe5305f8b22507374358f32b74d12fb50c05a25covener query the DNS for address records for the Target or
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes use any such records found in the Additional Data
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes section of the earlier SRV response.
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes for each address record found, try to connect to the
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes (protocol, address, service).
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholesGulbrandsen and Vixie Proposed [Page 6]
ebe5305f8b22507374358f32b74d12fb50c05a25covenerRFC 2052bis DNS SRV RR January 1999
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes else if the service desired is SMTP (and SMTP has been defined
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes elsewhere to expect SRV lookups)
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes skip to RFC 974 (MX).
b08925593f214f621161742925dcf074a8047e0acovener Do a lookup for QNAME=target, QCLASS=IN, QTYPE=A
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes for each address record found, try to connect to the
9ad7b260be233be7d7b5576979825cac72e15498rederpj (protocol, address, service)
9ad7b260be233be7d7b5576979825cac72e15498rederpj - Port numbers SHOULD NOT be used in place of the symbolic service
128a5d93141a86e3afa151e921035a07297c9833rederpj or protocol names (for the same reason why variant names cannot
128a5d93141a86e3afa151e921035a07297c9833rederpj be allowed: Applications would have to do two or more lookups).
9ad7b260be233be7d7b5576979825cac72e15498rederpj - If a truncated response comes back from an SRV query, the rules
9ad7b260be233be7d7b5576979825cac72e15498rederpj described in [RFC2181] shall apply.
128a5d93141a86e3afa151e921035a07297c9833rederpj - A client MAY use means other than Weight to choose among target
9ad7b260be233be7d7b5576979825cac72e15498rederpj hosts with equal Priority.
9ad7b260be233be7d7b5576979825cac72e15498rederpj - A client MUST parse all of the RR's in the reply.
9ad7b260be233be7d7b5576979825cac72e15498rederpj - If the Additional Data section doesn't contain address records
9ad7b260be233be7d7b5576979825cac72e15498rederpj for all the SRV RR's and the client may want to connect to the
128a5d93141a86e3afa151e921035a07297c9833rederpj target host(s) involved, the client MUST look up the address
9ad7b260be233be7d7b5576979825cac72e15498rederpj record(s). (This happens quite often when the address record
9ad7b260be233be7d7b5576979825cac72e15498rederpj has shorter TTL than the SRV or NS RR's.)
9ad7b260be233be7d7b5576979825cac72e15498rederpj - Future protocols could be designed to use SRV RR lookups as the
9ad7b260be233be7d7b5576979825cac72e15498rederpj means by which clients locate their servers.
9ad7b260be233be7d7b5576979825cac72e15498rederpjFictional example
9ad7b260be233be7d7b5576979825cac72e15498rederpj This is (part of) the zone file for example.com, a still-unused
9ad7b260be233be7d7b5576979825cac72e15498rederpj 1995032001 3600 3600 604800 86400 )
8445dae5cc606ba8ba04efc341cc1e081d95920drpluemGulbrandsen and Vixie Proposed [Page 7]
7add8f7fb048534390571801b7794f71cd9e127abnicholesRFC 2052bis DNS SRV RR January 1999
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes _ftp._tcp SRV 0 0 21 server.example.com.
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes _finger._tcp SRV 0 0 79 server.example.com.
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes ; telnet - use old-slow-box or new-fast-box if either is
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes ; available, make three quarters of the logins go to
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes ; new-fast-box.
7add8f7fb048534390571801b7794f71cd9e127abnicholes _telnet._tcp SRV 0 1 23 old-slow-box.example.com.
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes ; if neither old-slow-box or new-fast-box is up, switch to
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes ; using the sysdmin's box and the server
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes ; HTTP - server is the main server, new-fast-box is the backup
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes ; (On new-fast-box, the HTTP daemon runs on port 8000)
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes _http._tcp SRV 0 0 80 server.example.com.
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes ; since we want to support both http://example.com/ and
7add8f7fb048534390571801b7794f71cd9e127abnicholes ; http://www.example.com/ we need the next two RRs as well
3dfeb02cfb853d8717ca0cc259b59fea610173f5bnicholes ; SMTP - mail goes to the server, and to the IP provider if
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes ; the net is down
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes _smtp._tcp SRV 0 0 25 server.example.com.
ebe5305f8b22507374358f32b74d12fb50c05a25covener ; NNTP - use the IP provider's NNTP server
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes _nntp._tcp SRV 0 0 119 nntphost.ip-provider.net.
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes ; IDB is an locally defined protocol
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes _idb._tcp SRV 0 0 2025 new-fast-box.example.com.
3dfeb02cfb853d8717ca0cc259b59fea610173f5bnicholes server A 172.30.79.10
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes old-slow-box A 172.30.79.11
3dfeb02cfb853d8717ca0cc259b59fea610173f5bnicholes sysadmins-box A 172.30.79.12
3dfeb02cfb853d8717ca0cc259b59fea610173f5bnicholes new-fast-box A 172.30.79.13
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes ; backup address records - new-fast-box and old-slow-box are
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes ; included, naturally, and server is too, but might go
e8f95a682820a599fe41b22977010636be5c2717jim ; if the load got too bad
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes @ A 172.30.79.10
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes A 172.30.79.11
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes A 172.30.79.13
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes ; backup address record for www.example.com
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes www A 172.30.79.10
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes ; NO other services are supported
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes *._tcp SRV 0 0 0 .
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes *._udp SRV 0 0 0 .
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes In this example, a telnet connection to "example.com." needs an SRV
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes lookup of "_telnet._tcp.example.com." and possibly A lookups of "new-
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholesGulbrandsen and Vixie Proposed [Page 8]
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholesRFC 2052bis DNS SRV RR January 1999
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes fast-box.example.com." and/or the other hosts named. The size of the
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes SRV reply is approximately 365 bytes:
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes 30 bytes general overhead
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes 20 bytes for the query string, "_telnet._tcp.example.com."
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes 130 bytes for 4 SRV RR's, 20 bytes each plus the lengths of "new-
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes fast-box", "old-slow-box", "server" and "sysadmins-box" -
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes "example.com" in the query section is quoted here and doesn't
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes need to be counted again.
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes 75 bytes for 3 NS RRs, 15 bytes each plus the lengths of "server",
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes "ns1.ip-provider.net." and "ns2" - again, "ip-provider.net." is
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes quoted and only needs to be counted once.
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes 120 bytes for the 6 address records (assuming IPv4 only) mentioned
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes by the SRV and NS RR's.
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholesIANA Considerations
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes The IANA has assigned RR type value 33 to the SRV RR. No other IANA
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes services are required by this document.
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholesChanges from RFC 2052
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes This document obsoletes RFC 2052. The major change from that
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes previous, experimental, version of this specification is that now the
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes protocol and service labels are prepended with an underscore, to
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes lower the probability of an accidental clash with a similar name used
54d22ed1c429b903b029bbd62621f11a9e286137minfrin for unrelated purposes. Aside from that, changes are only intended
54d22ed1c429b903b029bbd62621f11a9e286137minfrin to increase the clarity and completeness of the document.
6733d943c9e8d0f27dd077a04037e8c49eb090ffcovenerSecurity Considerations
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes The authors believes this RR to not cause any new security problems.
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes Some problems become more visible, though.
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes - The ability to specify ports on a fine-grained basis obviously
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes changes how a router can filter packets. It becomes impossible
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes to block internal clients from accessing specific external
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes services, slightly harder to block internal users from running
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes unauthorized services, and more important for the router
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes operations and DNS operations personnel to cooperate.
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes - There is no way a site can keep its hosts from being referenced
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes as servers (as, indeed, some sites become unwilling secondary
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes MXes today). This could lead to denial of service.
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes - With SRV, DNS spoofers can supply false port numbers, as well as
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholesGulbrandsen and Vixie Proposed [Page 9]
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholesRFC 2052bis DNS SRV RR January 1999
54d22ed1c429b903b029bbd62621f11a9e286137minfrin host names and addresses. Because this vunerability exists
54d22ed1c429b903b029bbd62621f11a9e286137minfrin already, with names and addresses, this is not a new
54d22ed1c429b903b029bbd62621f11a9e286137minfrin vunerability, merely a slightly extended one, with little
54d22ed1c429b903b029bbd62621f11a9e286137minfrin practical effect.
54d22ed1c429b903b029bbd62621f11a9e286137minfrin STD 2: Reynolds, J., Postel, J., "Assigned Numbers", STD 2, RFC 1700,
54d22ed1c429b903b029bbd62621f11a9e286137minfrin October 1994 (as currently updated by the IANA).
482f676c6c19b1c5bb5cca04dad11509c1da3a4cwrowe RFC 1034: Mockapetris, P., "Domain names - concepts and facilities",
8a03cd420b800a2428f49f4617293de9b2387b20jorton STD 13, RFC 1034, November 1987.
54d22ed1c429b903b029bbd62621f11a9e286137minfrin RFC 1035: Mockapetris, P., "Domain names - Implementation and
54d22ed1c429b903b029bbd62621f11a9e286137minfrin Specification", STD 13, RFC 1035, November 1987.
54d22ed1c429b903b029bbd62621f11a9e286137minfrin RFC 974: Partridge, C., "Mail routing and the domain system", RFC
54d22ed1c429b903b029bbd62621f11a9e286137minfrin 974, January 1986.
54d22ed1c429b903b029bbd62621f11a9e286137minfrin BCP 14: Bradner, S., "Key words for use in RFCs to Indicate
54d22ed1c429b903b029bbd62621f11a9e286137minfrin Requirement Levels", BCP 14, RFC 2119, March 1997.
54d22ed1c429b903b029bbd62621f11a9e286137minfrin RFC 2181: Elz, R., Bush, R., "Clarifications to the DNS
54d22ed1c429b903b029bbd62621f11a9e286137minfrin Specification", RFC 2181, July 1997
54d22ed1c429b903b029bbd62621f11a9e286137minfrin RFC 2219: Hamilton, M., Wright, R., "Use of DNS Aliases for Network
54d22ed1c429b903b029bbd62621f11a9e286137minfrin Services", BCP 17, RFC 2219, October 1997
54d22ed1c429b903b029bbd62621f11a9e286137minfrinAcknowledgements
edc346c3223efd41e6a2057c37cea69744b73dccwrowe The algorithm used to select from the weighted SRV RRs of equal
54d22ed1c429b903b029bbd62621f11a9e286137minfrin priority is adapted from one supplied by Dan Bernstein.
54d22ed1c429b903b029bbd62621f11a9e286137minfrinAuthors' Addresses
54d22ed1c429b903b029bbd62621f11a9e286137minfrin Arnt Gulbrandsen Paul Vixie
54d22ed1c429b903b029bbd62621f11a9e286137minfrin Troll Tech Internet Software Consortium
54d22ed1c429b903b029bbd62621f11a9e286137minfrin Postboks 6133 Etterstad 950 Charter Street
54d22ed1c429b903b029bbd62621f11a9e286137minfrin N-0602 Oslo, Norway Redwood City, CA 94063
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes +47 22646966 +1 650 779 7001
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes <agulbra@troll.no> <paul@vix.com>
8113dac419143273351446c3ad653f3fe5ba5cfdwroweGulbrandsen and Vixie Proposed [Page 10]