rfc7477.txt revision e3db607c92cd958a6bd8410f93dcc7e104ed0143
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsInternet Engineering Task Force (IETF) W. Hardaker
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsRequest for Comments: 7477 Parsons, Inc.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCategory: Standards Track March 2015
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsISSN: 2070-1721
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Child-to-Parent Synchronization in DNS
ea94d370123a5892f6c47a97f21d1b28d44bb168Tinderbox User This document specifies how a child zone in the DNS can publish a
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews record to indicate to a parental agent that the parental agent may
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews copy and process certain records from the child zone. The existence
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews of the record and any change in its value can be monitored by a
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews parental agent and acted on depending on local policy.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsStatus of This Memo
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews This is an Internet Standards Track document.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews This document is a product of the Internet Engineering Task Force
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews (IETF). It represents the consensus of the IETF community. It has
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews received public review and has been approved for publication by the
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Internet Engineering Steering Group (IESG). Further information on
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Internet Standards is available in Section 2 of RFC 5741.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Information about the current status of this document, any errata,
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews and how to provide feedback on it may be obtained at
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCopyright Notice
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Copyright (c) 2015 IETF Trust and the persons identified as the
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews document authors. All rights reserved.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews This document is subject to BCP 78 and the IETF Trust's Legal
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Provisions Relating to IETF Documents
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews (http://trustee.ietf.org/license-info) in effect on the date of
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews publication of this document. Please review these documents
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews carefully, as they describe your rights and restrictions with respect
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews to this document. Code Components extracted from this document must
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews include Simplified BSD License text as described in Section 4.e of
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews the Trust Legal Provisions and are provided without warranty as
b46346eb3026ba4bebc093bc93cfe159131e541eTinderbox User described in the Simplified BSD License.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsHardaker Standards Track [Page 1]
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsRFC 7477 Child-to-Parent Synchronization in DNS March 2015
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsTable of Contents
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews 1. Introduction ....................................................2
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews 1.1. Terminology Used in This Document ..........................3
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews 2. Definition of the CSYNC RRType ..................................3
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews 2.1. The CSYNC Resource Record Format ...........................4
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews 2.1.1. The CSYNC Resource Record Wire Format ...............4
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews 2.1.2. The CSYNC Presentation Format .......................6
d71e2e0c61df16ff37c9934c371a4a60c08974f7Mark Andrews 2.1.3. CSYNC RR Example ....................................6
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews 3. CSYNC Data Processing ...........................................6
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews 3.1. Processing Procedure .......................................7
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews 3.2. CSYNC Record Types .........................................8
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews 3.2.1. The NS type .........................................8
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews 3.2.2. The A and AAAA Types ................................9
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews 4. Operational Considerations ......................................9
d8620c7234281056fdfd2ee40cf16636b8281092Tinderbox User 4.1. Error Reporting ...........................................10
03c0efc6892ef2ed17338b2ecbb2c5f23fbad0c9Tinderbox User 4.2. Child Nameserver Selection ................................10
d8620c7234281056fdfd2ee40cf16636b8281092Tinderbox User 4.3. Out-of-Bailiwick NS Records ...............................10
d8620c7234281056fdfd2ee40cf16636b8281092Tinderbox User 4.4. Documented Parental Agent Type Support ....................11
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews 4.5. Removal of the CSYNC Records ..............................11
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews 4.6. Parent/Child/Grandchild Glue Synchronization ..............12
b49958b502ee45022010a0b1bed3968f598895a4Automatic Updater 5. Security Considerations ........................................12
b49958b502ee45022010a0b1bed3968f598895a4Automatic Updater 6. IANA Considerations ............................................12
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews 7. References .....................................................13
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews 7.1. Normative References ......................................13
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews 7.2. Informative References ....................................14
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Acknowledgments ...................................................15
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Author's Address ..................................................15
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews1. Introduction
b3cbb2f1ad021349e89807f3492df6e4e679cd56Mark Andrews This document specifies how a child zone in the DNS ([RFC1034]
665a24faf6b3711e4012ac02ae5f0981c093ac1eTinderbox User [RFC1035]) can publish a record to indicate to a parental agent (see
b49958b502ee45022010a0b1bed3968f598895a4Automatic Updater Section 1.1 for a definition of "parental agent") that it can copy
b49958b502ee45022010a0b1bed3968f598895a4Automatic Updater and process certain records from the child zone. The existence of
b3cbb2f1ad021349e89807f3492df6e4e679cd56Mark Andrews the record and any change in its value can be monitored by a parental
b3cbb2f1ad021349e89807f3492df6e4e679cd56Mark Andrews agent and acted on depending on local policy.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Currently, some resource records (RRs) in a parent zone are typically
d9f0b06dc2bba47e3fe63afdf41c638d3517ceffTinderbox User expected to be in sync with the source data in the child's zone. The
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews most common records that should match are the nameserver (NS) records
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews and any necessary associated address records (A and AAAA), also known
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews as "glue records". These records are referred to as "delegation
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews It has been challenging for operators of child DNS zones to update
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews their delegation records within the parent's set in a timely fashion.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews These difficulties may stem from operator laziness as well as from
d8620c7234281056fdfd2ee40cf16636b8281092Tinderbox UserHardaker Standards Track [Page 2]
6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox UserRFC 7477 Child-to-Parent Synchronization in DNS March 2015
6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User the complexities of maintaining a large number of DNS zones. Having
6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User an automated mechanism for signaling updates will greatly ease the
6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User child zone operator's maintenance burden and improve the robustness
d8620c7234281056fdfd2ee40cf16636b8281092Tinderbox User of the DNS as a whole.
6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User This document introduces a new Resource Record Type (RRType) named
6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User "CSYNC" that indicates which delegation records published by a child
6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User DNS operator should be processed by a parental agent and used to
6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User update the parent zone's DNS data.
6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User This specification was not designed to synchronize DNSSEC security
6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User records, such as DS RRsets. For a solution to this problem, see the
6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User complementary solution [RFC7344], which is designed to maintain
6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User security delegation information. In addition, this specification
6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User does not address how to perform bootstrapping operations, including
6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User to get the required initial DNSSEC-secured operating environment in
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews1.1. Terminology Used in This Document
6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews document are to be interpreted as described in [RFC2119].
6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User Terminology describing relationships between the interacting roles
6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User involved in this document are defined in the following list:
6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User Child: The entity on record that has the delegation of the domain
6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User from the parent
6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User Parent: The domain in which the child is registered
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Child DNS operator: The entity that maintains and publishes the zone
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews information for the child DNS
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Parental agent: The entity that the child has relationship with, to
d9f0b06dc2bba47e3fe63afdf41c638d3517ceffTinderbox User change its delegation information
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews2. Definition of the CSYNC RRType
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews The CSYNC RRType contains, in its RDATA component, these parts: an
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews SOA serial number, a set of flags, and a simple bit-list indicating
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews the DNS RRTypes in the child that should be processed by the parental
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews agent in order to modify the DNS delegation records within the
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews parent's zone for the child DNS operator. Child DNS operators
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews wanting a parental agent to perform the synchronization steps
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews outlined in this document MUST publish a CSYNC record at the apex of
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews the child zone. Parental agent implementations MAY choose to query
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsHardaker Standards Track [Page 3]
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsRFC 7477 Child-to-Parent Synchronization in DNS March 2015
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews child zones for this record and process DNS record data as indicated
d71e2e0c61df16ff37c9934c371a4a60c08974f7Mark Andrews by the Type Bit Map field in the RDATA of the CSYNC record. How the
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews data is processed is described in Section 3.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Parental agents MUST process the entire set of child data indicated
1c09d68dfd18b6e839c8cd68b78c11b3ccca4160Automatic Updater by the Type Bit Map field (i.e., all record types indicated along
1c09d68dfd18b6e839c8cd68b78c11b3ccca4160Automatic Updater with all of the necessary records to support processing of that type)
1c09d68dfd18b6e839c8cd68b78c11b3ccca4160Automatic Updater or else parental agents MUST NOT make any changes to parental records
1c09d68dfd18b6e839c8cd68b78c11b3ccca4160Automatic Updater at all. Errors due to unsupported Type Bit Map bits, or otherwise
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews nonpunishable data, SHALL result in no change to the parent zone's
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews delegation information for the child. Parental agents MUST ignore a
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews child's CSYNC RDATA set if multiple CSYNC resource records are found;
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews only a single CSYNC record should ever be present.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews The parental agent MUST perform DNSSEC validation ([RFC4033]
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews [RFC4034] [RFC4035]), of the CSYNC RRType data and MUST perform
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews DNSSEC validation of any data to be copied from the child to the
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews parent. Parents MUST NOT process any data from any of these records
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews if any of the validation results indicate anything other than
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews "Secure" [RFC4034] or if any the required data cannot be successfully
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews2.1. The CSYNC Resource Record Format
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews2.1.1. The CSYNC Resource Record Wire Format
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews The CSYNC RDATA consists of the following fields:
f6da30bb5447c23d880b09f601441e70c5313557Mark Andrews 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews | SOA Serial |
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews | Flags | Type Bit Map /
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews / Type Bit Map (continued) /
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
a057e8e33baa5fa369be28a9680585200ce3ff73Mark Andrews2.1.1.1. The SOA Serial Field
8c9957e63274e6ea44d182703116307b1a65dabbMark Andrews The SOA Serial field contains a copy of the 32-bit SOA serial number
a057e8e33baa5fa369be28a9680585200ce3ff73Mark Andrews from the child zone. If the soaminimum flag is set, parental agents
b46346eb3026ba4bebc093bc93cfe159131e541eTinderbox User querying children's authoritative servers MUST NOT act on data from
b46346eb3026ba4bebc093bc93cfe159131e541eTinderbox User zones advertising an SOA serial number less than this value. See
b46346eb3026ba4bebc093bc93cfe159131e541eTinderbox User [RFC1982] for properly implementing "less than" logic. If the
b46346eb3026ba4bebc093bc93cfe159131e541eTinderbox User soaminimum flag is not set, parental agents MUST ignore the value in
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews the SOA Serial field. Clients can set the field to any value if the
d71e2e0c61df16ff37c9934c371a4a60c08974f7Mark Andrews soaminimum flag is unset, such as the number zero.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsHardaker Standards Track [Page 4]
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsRFC 7477 Child-to-Parent Synchronization in DNS March 2015
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Note that a child zone's current SOA serial number may be greater
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews than the number indicated by the CSYNC record. A child SHOULD update
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews the SOA Serial field in the CSYNC record every time the data being
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews referenced by the CSYNC record is changed (e.g., an NS record or
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews associated address record is changed). A child MAY choose to update
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews the SOA Serial field to always match the current SOA Serial field.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Parental agents MAY cache SOA serial numbers from data they use and
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews refuse to process data from zones older than the last instance from
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews which they pulled data.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Although Section 3.2 of [RFC1982] describes how to properly implement
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews a less-than comparison operation with SOA serial numbers that may
7329012471d165cd3dc4180ad2a0a43de91e7f01Mark Andrews wrap beyond the 32-bit value in both the SOA record and the CSYNC
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews record, it is important that a child using the soaminimum flag must
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews not increment its SOA serial number value more than 2^16 within the
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews period of time that a parent might wait between polling the child for
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews the CSYNC record.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews2.1.1.2. The Flags Field
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews The Flags field contains 16 bits of boolean flags that define
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews operations that affect the processing of the CSYNC record. The flags
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews defined in this document are as follows:
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews 0x00 0x01: "immediate"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews 0x00 0x02: "soaminimum"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews The definitions for how the flags are to be used can be found in
d9f0b06dc2bba47e3fe63afdf41c638d3517ceffTinderbox User The remaining flags are reserved for use by future specifications.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Undefined flags MUST be set to 0 by CSYNC publishers. Parental
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews agents MUST NOT process a CSYNC record if it contains a 1 value for a
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews flag that is unknown to or unsupported by the parental agent.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews2.1.1.2.1. The Type Bit Map Field
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews The Type Bit Map field indicates the record types to be processed by
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews the parental agent, according to the procedures in Section 3. The
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Type Bit Map field is encoded in the same way as the Type Bit Map
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews field of the NSEC record, described in [RFC4034], Section 4.1.2. If
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews a bit has been set that a parental agent implementation does not
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews understand, the parental agent MUST NOT act upon the record.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Specifically, a parental agent must not simply copy the data, and it
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews must understand the semantics associated with a bit in the Type Bit
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Map field that has been set to 1.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsHardaker Standards Track [Page 5]
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsRFC 7477 Child-to-Parent Synchronization in DNS March 2015
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews2.1.2. The CSYNC Presentation Format
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User The CSYNC presentation format is as follows:
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User The SOA Serial field is represented as an integer.
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User The Flags field is represented as an integer.
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User The Type Bit Map field is represented as a sequence of RRType
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews mnemonics. When the mnemonic is not known, the TYPE
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews representation described in [RFC3597], Section 5, MUST be used.
370c55dfcdc559b8761ef3eb4921498580caf14cAutomatic Updater Implementations that support parsing of presentation format
370c55dfcdc559b8761ef3eb4921498580caf14cAutomatic Updater records SHOULD be able to read and understand these TYPE
370c55dfcdc559b8761ef3eb4921498580caf14cAutomatic Updater representations as well.
370c55dfcdc559b8761ef3eb4921498580caf14cAutomatic Updater2.1.3. CSYNC RR Example
370c55dfcdc559b8761ef3eb4921498580caf14cAutomatic Updater The following CSYNC RR shows an example entry for "example.com" that
77dccf2a5d9327d16b4374a135cdb99bdd48620eAutomatic Updater indicates the NS, A, and AAAA bits are set and should be processed by
77dccf2a5d9327d16b4374a135cdb99bdd48620eAutomatic Updater the parental agent for example.com. The parental agent should pull
370c55dfcdc559b8761ef3eb4921498580caf14cAutomatic Updater data only from a zone using a minimum SOA serial number of 66 (0x42
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User in hexadecimal).
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User example.com. 3600 IN CSYNC 66 3 A NS AAAA
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User The RDATA component of the example CSYNC RR would be encoded on the
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User wire as follows:
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User 0x00 0x00 0x00 0x42 (SOA Serial)
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User 0x00 0x03 (Flags = immediate | soaminimum)
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User 0x00 0x04 0x60 0x00 0x00 0x08 (Type Bit Map)
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User3. CSYNC Data Processing
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User The CSYNC record and associated data must be processed as an "all or
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User nothing" operation set. If a parental agent fails to successfully
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User query for any of the required records, the whole operation MUST be
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User aborted. (Note that a query resulting in "no records exist" as
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User proven by NSEC or NSEC3 is to be considered successful).
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User Parental agents MAY:
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User Process the CSYNC record immediately if the "immediate" flag is
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User set. If the "immediate" flag is not set, the parental agent MUST
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User NOT act until the zone administrator approves the operation
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User through an out-of-band mechanism (such as through pushing a button
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User via a web interface).
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsHardaker Standards Track [Page 6]
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox UserRFC 7477 Child-to-Parent Synchronization in DNS March 2015
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Choose not to process the CSYNC record immediately, even if the
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews "immediate" flag is set. That is, a parental agent might require
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User the child zone administrator approve the operation through an out-
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User of-band mechanism (such as through pushing a button via a web
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Note: how the approval is done out of band is outside the scope of
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User this document and is implementation specific to parental agents.
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User3.1. Processing Procedure
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User The following shows a sequence of steps that SHOULD be used when
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User collecting and processing CSYNC records from a child zone. Because
e68c527dff2f1f7df2a542f8d6f9181a27e05eb7Tinderbox User DNS queries are not allowed to contain more than one "question" at a
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User time, a sequence of requests is needed. When processing a CSYNC
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User transaction request, all DNS queries should be sent to a single
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User authoritative name server for the child zone. To ensure a single
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User host is being addressed, DNS over TCP SHOULD be used to avoid
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User conversing with multiple nodes at an anycast address.
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User 1. Query for the child zone's SOA record
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User 2. Query for the child zone's CSYNC record
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User 3. Query for the child zone's data records, as required by the CSYNC
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User record's Type Bit Map field
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User * Note: if any of the resulting records being queried are not
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User authoritative within the child zone but rather in a grandchild
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User or deeper, SOA record queries must be made for the
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User grandchildren. This will require the parental agent to
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User determine where the child/grandchild zone cuts occur. Because
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User of the additional operational complexity, parental agents MAY
6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User choose not to support this protocol with children making use
6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User of records that are authoritative in the grandchildren.
6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User 4. Query for the collected SOA records again, starting with the
6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User deepest and ending with the SOA of the child's.
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User If the SOA records from the first, middle, and last steps for a given
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User zone have different serial numbers (for example, because the zone was
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User edited and republished during the interval between steps 1 and 4),
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User then the CSYNC record obtained in the second set SHOULD NOT be
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User processed (rapidly changing child zones may need special
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User consideration or processing). The operation MAY be restarted or
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User retried in the future.
d9f0b06dc2bba47e3fe63afdf41c638d3517ceffTinderbox UserHardaker Standards Track [Page 7]
d9f0b06dc2bba47e3fe63afdf41c638d3517ceffTinderbox UserRFC 7477 Child-to-Parent Synchronization in DNS March 2015
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User If the soaminimum flag is set and the SOA serial numbers are equal
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User but less than the CSYNC record's SOA Serial field [RFC1982], the
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User record MUST NOT be processed. If state is being kept by the parental
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User agent and the SOA serial number is less than the last time a CSYNC
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User record was processed, this CSYNC record SHOULD NOT be processed.
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User Similarly, if state is being kept by the parental agent and the SOA
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User Serial field of the CSYNC record is less than the SOA Serial field of
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User the CSYNC record from last time, then this CSYNC record SHOULD NOT be
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User If a failure of any kind occurs while trying to obtain any of the
b90c4f0646e61b6cc82bde5a93e400e1015974b8Tinderbox User required data, or if DNSSEC fails to validate all of the data
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User returned for these queries as "secure", then this CSYNC record MUST
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User NOT be processed.
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User See the "Operational Consideration" section (Section 4) for
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User additional guidance about processing.
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User3.2. CSYNC Record Types
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User This document defines how the following record types may be processed
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User if the CSYNC Type Bit Map field indicates they are to be processed.
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User3.2.1. The NS type
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User The NS type flag indicates that the NS records from the child zone
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User should be copied into the parent's delegation information records for
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User NS records found within the child's zone should be copied verbatim
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User (with the exception of the Time to Live (TTL) field, for which the
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User parent MAY want to select a different value) and the result published
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User within the parent zone should be a set of NS records that match
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User exactly. If the child has published a new NS record within their
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User set, this record should be added to the parent zone. Similarly, if
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User NS records in the parent's delegation records for the child contain
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User records that have been removed in the child's NS set, then they
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User should be removed in the parent's set as well.
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User Parental agents MAY refuse to perform NS updates if the replacement
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User records fail to meet NS record policies required by the parent zone
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User (e.g., "every child zone must have at least two NS records").
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User Parental agents MUST NOT perform NS updates if there are no NS
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User records returned in a query, as verified by DNSSEC denial-of-
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User existence protection. This situation should never happen unless the
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User child nameservers are misconfigured.
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox UserHardaker Standards Track [Page 8]
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox UserRFC 7477 Child-to-Parent Synchronization in DNS March 2015
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User Note that it is permissible for a child's nameserver to return a
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User CSYNC record that removes the queried nameserver itself from the
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User future NS or address set.
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User3.2.2. The A and AAAA Types
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User The A and AAAA type flags indicates that the A and AAAA address glue
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User records for in-bailiwick NS records within the child zone should be
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User copied verbatim (with the exception of the TTL field, for which the
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User parent MAY want to select a different value) into the parent's
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User delegation information.
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User Queries should be sent by the parental agent to determine the A and
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User AAAA record addresses for each NS record within a NS set for the
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User child that are in bailiwick.
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User Note: only the matching types should be queried. For example, if the
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User AAAA bit has not been set, then the AAAA records (if any) in the
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User parent's delegation should remain as is. If a given address type is
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User set and the child's zone contains no data for that type (as proven by
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User appropriate NSEC or NSEC3 records), then the result in the parent's
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User delegation records for the child should be an empty set. However, if
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User the end result of processing would leave no glue records present in
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User the parent zone for any of the of the in-bailiwick NS records, then
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User the parent MUST NOT update the glue address records. That is, if the
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User result of the processing would leave no in-bailiwick A or AAAA
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User records when there are in-bailiwick NS records, then processing of
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User the address records cannot happen as it would leave the parent/child
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User relationship without any address linkage.
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User The procedure for querying for A and AAAA records MUST occur after
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User the procedure, if required, for querying for NS records as defined in
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User Section 3.2.1. This ensures that the right set of NS records is used
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User as provided by the current NS set of the child. That is, for CSYNC
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User records that have the NS bit set, the NS set used should be the one
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User pulled from the child while processing the CSYNC record. For CSYNC
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User records without the NS bit set, the existing NS records within the
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User parent should be used to determine which A and/or AAAA records to
77dccf2a5d9327d16b4374a135cdb99bdd48620eAutomatic Updater4. Operational Considerations
77dccf2a5d9327d16b4374a135cdb99bdd48620eAutomatic Updater There are a number of important operational aspects to consider when
77dccf2a5d9327d16b4374a135cdb99bdd48620eAutomatic Updater deploying a CSYNC RRType.
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox UserHardaker Standards Track [Page 9]
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox UserRFC 7477 Child-to-Parent Synchronization in DNS March 2015
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User4.1. Error Reporting
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User There is no inline mechanism for a parental agent to report errors to
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User operators of child zones. Thus, the only error reporting mechanisms
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User must be out of band, such as through a web console or over email.
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User Parental agents should, at a minimum, at least log errors encountered
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews when processing CSYNC records. Child operators utilizing the
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User "immediate" flag that fail to see an update within the parental
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User agent's specified operational window should access the parental
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User agent's error logging interface to determine why an update failed to
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User be processed.
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User4.2. Child Nameserver Selection
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User Parental agents will need to poll child nameservers in search of
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User CSYNC records and related data records.
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User Parental agents MAY perform best-possible verification by querying
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews all NS records for available data to determine which has the most
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User recent SOA and CSYNC version (in an ideal world, they would all be
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User equal, but this is not possible in practice due to synchronization
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User delays and transfer failures).
be6c1c506161e6f45fcff5d0425f78801bc267c1Automatic Updater Parental agents may offer a configuration interface to allow child
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User operators to specify which nameserver should be considered the master
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User to send data queries, too. Note that this master could be a
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User different nameserver than the publicly listed nameservers in the NS
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User set (i.e., it may be a "hidden master").
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User Parental agents with a large number of clients may choose to offer a
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User programmatic interface to let their children indicate that new CSYNC
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User records and data are available for polling rather than polling every
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User child on a frequent basis.
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User Children that wish to phase out a nameserver will need to publish the
be6c1c506161e6f45fcff5d0425f78801bc267c1Automatic Updater CSYNC record to remove the nameserver and then wait for the parental
be6c1c506161e6f45fcff5d0425f78801bc267c1Automatic Updater agent to process the published record before turning off the service.
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User This is required because the child cannot control which nameserver in
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User the existing NS set the parental agent may choose to query when
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User performing CSYNC processing.
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User4.3. Out-of-Bailiwick NS Records
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User When a zone contains NS records where the domain name pointed at does
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User not fall within the zone itself, there is no way for the parent to
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User safely update the associated glue records. Thus, the child DNS
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews operator MAY indicate that the NS records should be synchronized, and
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox UserHardaker Standards Track [Page 10]
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox UserRFC 7477 Child-to-Parent Synchronization in DNS March 2015
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User MAY set any glue record flags (A, AAAA) as well, but the parent will
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User only update those glue records that are below the child's delegation
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User Children deploying NS records pointing to domain names within their
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User own children (the "grandchildren") SHOULD ensure the grandchildren's
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User associated glue records are properly set before publishing the CSYNC
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User record. That is, it is imperative that proper communication and
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User synchronization exist between the child and the grandchild.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews4.4. Documented Parental Agent Type Support
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Parental agents that support processing CSYNC records SHOULD publicly
6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User document the following minimum processing characteristics:
d71e2e0c61df16ff37c9934c371a4a60c08974f7Mark Andrews The fact that they support CSYNC processing
6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User The Type Bit Map bits they support
6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User The frequency with which they poll clients (which may also be
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User configurable by the client)
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User If they support the "immediate" flag
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews If they poll a child's single nameserver, a configured list of
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User nameservers, or all of the advertised nameservers when querying
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User If they support SOA serial number caching to avoid issues with
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User regression and/or replay
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User Where errors for CSYNC processing are published
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User If they support sending queries to a "hidden master"
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User4.5. Removal of the CSYNC Records
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User Children MAY remove the CSYNC record upon noticing that the parent
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User zone has published the required records, thus eliminating the need
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User for the parent to continually query for the CSYNC record and all
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User corresponding records. By removing the CSYNC record from the child
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User zone, the parental agent will only need to perform the query for the
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User CSYNC record and can stop processing when it finds it missing. This
6c8a888822cfe45f0525e7496dcaa27d341b6a5eAutomatic Updater will reduce resource usage by both the child and the parental agent.
90153b6536f7a5078e1c157c980110dbcd7fe205Mark AndrewsHardaker Standards Track [Page 11]
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox UserRFC 7477 Child-to-Parent Synchronization in DNS March 2015
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User4.6. Parent/Child/Grandchild Glue Synchronization
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User When a child needs to publish a CSYNC record that synchronizes NS and
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User A/AAAA glue records and the NS record is actually pointing to a child
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User of the child (a grandchild of the parent), then it is critical that
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User the glue records in the child point to the proper real addresses
90153b6536f7a5078e1c157c980110dbcd7fe205Mark Andrews records published by the grandchild. It is assumed that if a child
90153b6536f7a5078e1c157c980110dbcd7fe205Mark Andrews is using a grandchild's nameserver that they must be in careful
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User synchronization. Specifically, this specification requires this to
90153b6536f7a5078e1c157c980110dbcd7fe205Mark Andrews be the case.
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User5. Security Considerations
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User This specification requires the use of DNSSEC in order to determine
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User that the data being updated was unmodified by third parties.
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User Parental agents implementing CSYNC processing MUST ensure all DNS
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User transactions are validated by DNSSEC as "secure". Clients deploying
0e1dece22e128f9dfa723316a35c4b3f06912381Tinderbox User CSYNC MUST ensure their zones are signed, current and properly linked
6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User to the parent zone with a DS record that points to an appropriate
6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User DNSKEY of the child's zone.
6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User This specification does not address how to perform bootstrapping
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User operations to get the required initial DNSSEC-secured operating
0e1dece22e128f9dfa723316a35c4b3f06912381Tinderbox User environment in place. Additionally, this specification was not
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User designed to synchronize DNSSEC security records, such as DS pointers,
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User or the CSYNC record itself. Thus, implementations of this protocol
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User MUST NOT use it to synchronize DS records, DNSKEY materials, CDS
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User records, CDNSKEY records, or CSYNC records. Similarly, future
8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User documents extending this protocol MUST NOT offer the ability to
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews synchronize DS, DNSKEY materials, CDS records, CDNSKEY records, or
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews CSYNC records. For such a solution, please see the complimentary
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews solution [RFC7344] for maintaining security delegation information.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews To ensure that an older CSYNC record making use of the soaminimum
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews flag cannot be replayed to revert values, the SOA serial number MUST
d9f0b06dc2bba47e3fe63afdf41c638d3517ceffTinderbox User NOT be incremented by more than 2^16 during the lifetime of the
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews signature window of the associated RRSIGs signing the SOA and CSYNC
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews records. Note that this is independent of whether or not the
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews increment causes the 2^32 bit serial number field to wrap.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews6. IANA Considerations
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews This document defines a new DNS Resource Record Type, named "CSYNC".
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews The IANA has assigned a code point from the "Resource Record (RR)
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews TYPEs" sub-registry of the "Domain Name System (DNS) Parameters"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews registry (http://www.iana.org/assignments/dns-parameters) for this
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsHardaker Standards Track [Page 12]
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsRFC 7477 Child-to-Parent Synchronization in DNS March 2015
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews TYPE Value Meaning Reference
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews ----- ------ -------------------------- -----------
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews CSYNC 62 Child-to-Parent Synchronization [RFC7477]
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews The IANA has created and maintains a sub-registry (the "Child
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Synchronization (CSYNC) Flags" registry) of the "Domain Name System
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews (DNS) Parameters" registry. The initial values for this registry are
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews A "Standards Action" [RFC5226] is required for the assignment of new
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews This registry holds a set of single-bit "Flags" for use in the CSYNC
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews record within the 16-bit Flags field. Thus, a maximum of 16 flags
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews may be defined.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews The initial assignments in this registry are:
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Bit Flag Description Reference
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews ---- ------ ------------- -----------
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Bit 0 immediate Immediately process this [RFC7477],
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews CSYNC record. Section 3
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Bit 1 soaminimum Require a SOA serial [RFC7477],
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews number greater than the Section 2.1.1.1
d9f0b06dc2bba47e3fe63afdf41c638d3517ceffTinderbox User one specified.
057cafaa3df7be7a6dcca71fbaf8fb498fd83518Mark Andrews7. References
057cafaa3df7be7a6dcca71fbaf8fb498fd83518Mark Andrews7.1. Normative References
057cafaa3df7be7a6dcca71fbaf8fb498fd83518Mark Andrews [RFC1982] Elz, R. and R. Bush, "Serial Number Arithmetic", RFC 1982,
057cafaa3df7be7a6dcca71fbaf8fb498fd83518Mark Andrews August 1996, <http://www.rfc-editor.org/info/rfc1982>.
057cafaa3df7be7a6dcca71fbaf8fb498fd83518Mark Andrews [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
057cafaa3df7be7a6dcca71fbaf8fb498fd83518Mark Andrews Requirement Levels", BCP 14, RFC 2119, March 1997,
057cafaa3df7be7a6dcca71fbaf8fb498fd83518Mark Andrews [RFC3597] Gustafsson, A., "Handling of Unknown DNS Resource Record
d9f0b06dc2bba47e3fe63afdf41c638d3517ceffTinderbox User (RR) Types", RFC 3597, September 2003,
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews [RFC4034] Arends, R., Austein, R., Larson, M., Massey, D., and S.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Rose, "Resource Records for the DNS Security Extensions",
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews RFC 4034, March 2005,
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsHardaker Standards Track [Page 13]
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsRFC 7477 Child-to-Parent Synchronization in DNS March 2015
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews7.2. Informative References
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews [RFC1034] Mockapetris, P., "Domain names - concepts and facilities",
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews STD 13, RFC 1034, November 1987,
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews [RFC1035] Mockapetris, P., "Domain names - implementation and
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews specification", STD 13, RFC 1035, November 1987,
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews [RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Rose, "DNS Security Introduction and Requirements", RFC
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews 4033, March 2005,
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews [RFC4035] Arends, R., Austein, R., Larson, M., Massey, D., and S.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Rose, "Protocol Modifications for the DNS Security
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Extensions", RFC 4035, March 2005,
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews IANA Considerations Section in RFCs", BCP 26, RFC 5226,
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews May 2008, <http://www.rfc-editor.org/info/rfc5226>.
issues surrounding parent/child relationships and synchronization.
conducted by ep.net called "Child Activated DNS Refresh".
P.O. Box 382