home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Skunkware 98
/
Skunkware 98.iso
/
src
/
net
/
t4b-t5b.gz
/
t4b-t5b
Wrap
Text File
|
1997-05-01
|
95KB
|
2,433 lines
Index: bind/doc/rfc/rfc2136
diff -c /dev/null bind/doc/rfc/rfc2136:8.1
*** /dev/null Wed Apr 30 21:24:39 1997
--- bind/doc/rfc/rfc2136 Wed Apr 30 10:27:14 1997
***************
*** 0 ****
--- 1,1459 ----
+
+
+
+
+
+
+ Network Working Group P. Vixie, Editor
+ Request for Comments: 2136 ISC
+ Updates: 1035 S. Thomson
+ Category: Standards Track Bellcore
+ Y. Rekhter
+ Cisco
+ J. Bound
+ DEC
+ April 1997
+
+ Dynamic Updates in the Domain Name System (DNS UPDATE)
+
+ Status of this Memo
+
+ This document specifies an Internet standards track protocol for the
+ Internet community, and requests discussion and suggestions for
+ improvements. Please refer to the current edition of the "Internet
+ Official Protocol Standards" (STD 1) for the standardization state
+ and status of this protocol. Distribution of this memo is unlimited.
+
+ Abstract
+
+ The Domain Name System was originally designed to support queries of
+ a statically configured database. While the data was expected to
+ change, the frequency of those changes was expected to be fairly low,
+ and all updates were made as external edits to a zone's Master File.
+
+ Using this specification of the UPDATE opcode, it is possible to add
+ or delete RRs or RRsets from a specified zone. Prerequisites are
+ specified separately from update operations, and can specify a
+ dependency upon either the previous existence or nonexistence of an
+ RRset, or the existence of a single RR.
+
+ UPDATE is atomic, i.e., all prerequisites must be satisfied or else
+ no update operations will take place. There are no data dependent
+ error conditions defined after the prerequisites have been met.
+
+ 1 - Definitions
+
+ This document intentionally gives more definition to the roles of
+ "Master," "Slave," and "Primary Master" servers, and their
+ enumeration in NS RRs, and the SOA MNAME field. In that sense, the
+ following server type definitions can be considered an addendum to
+ [RFC1035], and are intended to be consistent with [RFC1996]:
+
+ Slave an authoritative server that uses AXFR or IXFR to
+ retrieve the zone and is named in the zone's NS
+ RRset.
+
+
+
+ Vixie, et. al. Standards Track [Page 1]
+
+ RFC 2136 DNS Update April 1997
+
+
+ Master an authoritative server configured to be the
+ source of AXFR or IXFR data for one or more slave
+ servers.
+
+ Primary Master master server at the root of the AXFR/IXFR
+ dependency graph. The primary master is named in
+ the zone's SOA MNAME field and optionally by an NS
+ RR. There is by definition only one primary master
+ server per zone.
+
+ A domain name identifies a node within the domain name space tree
+ structure. Each node has a set (possibly empty) of Resource Records
+ (RRs). All RRs having the same NAME, CLASS and TYPE are called a
+ Resource Record Set (RRset).
+
+ The pseudocode used in this document is for example purposes only.
+ If it is found to disagree with the text, the text shall be
+ considered authoritative. If the text is found to be ambiguous, the
+ pseudocode can be used to help resolve the ambiguity.
+
+ 1.1 - Comparison Rules
+
+ 1.1.1. Two RRs are considered equal if their NAME, CLASS, TYPE,
+ RDLENGTH and RDATA fields are equal. Note that the time-to-live
+ (TTL) field is explicitly excluded from the comparison.
+
+ 1.1.2. The rules for comparison of character strings in names are
+ specified in [RFC1035 2.3.3].
+
+ 1.1.3. Wildcarding is disabled. That is, a wildcard ("*") in an
+ update only matches a wildcard ("*") in the zone, and vice versa.
+
+ 1.1.4. Aliasing is disabled: A CNAME in the zone matches a CNAME in
+ the update, and will not otherwise be followed. All UPDATE
+ operations are done on the basis of canonical names.
+
+ 1.1.5. The following RR types cannot be appended to an RRset. If the
+ following comparison rules are met, then an attempt to add the new RR
+ will result in the replacement of the previous RR:
+
+ SOA compare only NAME, CLASS and TYPE -- it is not possible to
+ have more than one SOA per zone, even if any of the data
+ fields differ.
+
+ WKS compare only NAME, CLASS, TYPE, ADDRESS, and PROTOCOL
+ -- only one WKS RR is possible for this tuple, even if the
+ services masks differ.
+
+
+
+
+ Vixie, et. al. Standards Track [Page 2]
+
+ RFC 2136 DNS Update April 1997
+
+
+ CNAME compare only NAME, CLASS, and TYPE -- it is not possible
+ to have more than one CNAME RR, even if their data fields
+ differ.
+
+ 1.2 - Glue RRs
+
+ For the purpose of determining whether a domain name used in the
+ UPDATE protocol is contained within a specified zone, a domain name
+ is "in" a zone if it is owned by that zone's domain name. See
+ section 7.18 for details.
+
+ 1.3 - New Assigned Numbers
+
+ CLASS = NONE (254)
+ RCODE = YXDOMAIN (6)
+ RCODE = YXRRSET (7)
+ RCODE = NXRRSET (8)
+ RCODE = NOTAUTH (9)
+ RCODE = NOTZONE (10)
+ Opcode = UPDATE (5)
+
+ 2 - Update Message Format
+
+ The DNS Message Format is defined by [RFC1035 4.1]. Some extensions
+ are necessary (for example, more error codes are possible under
+ UPDATE than under QUERY) and some fields must be overloaded (see
+ description of CLASS fields below).
+
+ The overall format of an UPDATE message is, following [ibid]:
+
+ +---------------------+
+ | Header |
+ +---------------------+
+ | Zone | specifies the zone to be updated
+ +---------------------+
+ | Prerequisite | RRs or RRsets which must (not) preexist
+ +---------------------+
+ | Update | RRs or RRsets to be added or deleted
+ +---------------------+
+ | Additional Data | additional data
+ +---------------------+
+
+
+
+
+
+
+
+
+
+
+ Vixie, et. al. Standards Track [Page 3]
+
+ RFC 2136 DNS Update April 1997
+
+
+ The Header Section specifies that this message is an UPDATE, and
+ describes the size of the other sections. The Zone Section names the
+ zone that is to be updated by this message. The Prerequisite Section
+ specifies the starting invariants (in terms of zone content) required
+ for this update. The Update Section contains the edits to be made,
+ and the Additional Data Section contains data which may be necessary
+ to complete, but is not part of, this update.
+
+ 2.1 - Transport Issues
+
+ An update transaction may be carried in a UDP datagram, if the
+ request fits, or in a TCP connection (at the discretion of the
+ requestor). When TCP is used, the message is in the format described
+ in [RFC1035 4.2.2].
+
+ 2.2 - Message Header
+
+ The header of the DNS Message Format is defined by [RFC 1035 4.1].
+ Not all opcodes define the same set of flag bits, though as a
+ practical matter most of the bits defined for QUERY (in [ibid]) are
+ identically defined by the other opcodes. UPDATE uses only one flag
+ bit (QR).
+
+ The DNS Message Format specifies record counts for its four sections
+ (Question, Answer, Authority, and Additional). UPDATE uses the same
+ fields, and the same section formats, but the naming and use of these
+ sections differs as shown in the following modified header, after
+ [RFC1035 4.1.1]:
+
+ 1 1 1 1 1 1
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | ID |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ |QR| Opcode | Z | RCODE |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | ZOCOUNT |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | PRCOUNT |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | UPCOUNT |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | ADCOUNT |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+
+
+
+
+
+
+ Vixie, et. al. Standards Track [Page 4]
+
+ RFC 2136 DNS Update April 1997
+
+
+ These fields are used as follows:
+
+ ID A 16-bit identifier assigned by the entity that generates any
+ kind of request. This identifier is copied in the
+ corresponding reply and can be used by the requestor to match
+ replies to outstanding requests, or by the server to detect
+ duplicated requests from some requestor.
+
+ QR A one bit field that specifies whether this message is a
+ request (0), or a response (1).
+
+ Opcode A four bit field that specifies the kind of request in this
+ message. This value is set by the originator of a request
+ and copied into the response. The Opcode value that
+ identifies an UPDATE message is five (5).
+
+ Z Reserved for future use. Should be zero (0) in all requests
+ and responses. A non-zero Z field should be ignored by
+ implementations of this specification.
+
+ RCODE Response code - this four bit field is undefined in requests
+ and set in responses. The values and meanings of this field
+ within responses are as follows:
+
+ Mneumonic Value Description
+ ------------------------------------------------------------
+ NOERROR 0 No error condition.
+ FORMERR 1 The name server was unable to interpret
+ the request due to a format error.
+ SERVFAIL 2 The name server encountered an internal
+ failure while processing this request,
+ for example an operating system error
+ or a forwarding timeout.
+ NXDOMAIN 3 Some name that ought to exist,
+ does not exist.
+ NOTIMP 4 The name server does not support
+ the specified Opcode.
+ REFUSED 5 The name server refuses to perform the
+ specified operation for policy or
+ security reasons.
+ YXDOMAIN 6 Some name that ought not to exist,
+ does exist.
+ YXRRSET 7 Some RRset that ought not to exist,
+ does exist.
+ NXRRSET 8 Some RRset that ought to exist,
+ does not exist.
+
+
+
+
+
+ Vixie, et. al. Standards Track [Page 5]
+
+ RFC 2136 DNS Update April 1997
+
+
+ NOTAUTH 9 The server is not authoritative for
+ the zone named in the Zone Section.
+ NOTZONE 10 A name used in the Prerequisite or
+ Update Section is not within the
+ zone denoted by the Zone Section.
+
+ ZOCOUNT The number of RRs in the Zone Section.
+
+ PRCOUNT The number of RRs in the Prerequisite Section.
+
+ UPCOUNT The number of RRs in the Update Section.
+
+ ADCOUNT The number of RRs in the Additional Data Section.
+
+ 2.3 - Zone Section
+
+ The Zone Section has the same format as that specified in [RFC1035
+ 4.1.2], with the fields redefined as follows:
+
+ 1 1 1 1 1 1
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | |
+ / ZNAME /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | ZTYPE |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | ZCLASS |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+ UPDATE uses this section to denote the zone of the records being
+ updated. All records to be updated must be in the same zone, and
+ therefore the Zone Section is allowed to contain exactly one record.
+ The ZNAME is the zone name, the ZTYPE must be SOA, and the ZCLASS is
+ the zone's class.
+
+ 2.4 - Prerequisite Section
+
+ This section contains a set of RRset prerequisites which must be
+ satisfied at the time the UPDATE packet is received by the primary
+ master server. The format of this section is as specified by
+ [RFC1035 4.1.3]. There are five possible sets of semantics that can
+ be expressed here, summarized as follows and then explained below.
+
+ (1) RRset exists (value independent). At least one RR with a
+ specified NAME and TYPE (in the zone and class specified by
+ the Zone Section) must exist.
+
+
+
+ Vixie, et. al. Standards Track [Page 6]
+
+ RFC 2136 DNS Update April 1997
+
+
+ (2) RRset exists (value dependent). A set of RRs with a
+ specified NAME and TYPE exists and has the same members
+ with the same RDATAs as the RRset specified here in this
+ Section.
+
+ (3) RRset does not exist. No RRs with a specified NAME and TYPE
+ (in the zone and class denoted by the Zone Section) can exist.
+
+ (4) Name is in use. At least one RR with a specified NAME (in
+ the zone and class specified by the Zone Section) must exist.
+ Note that this prerequisite is NOT satisfied by empty
+ nonterminals.
+
+ (5) Name is not in use. No RR of any type is owned by a
+ specified NAME. Note that this prerequisite IS satisfied by
+ empty nonterminals.
+
+ The syntax of these is as follows:
+
+ 2.4.1 - RRset Exists (Value Independent)
+
+ At least one RR with a specified NAME and TYPE (in the zone and class
+ specified in the Zone Section) must exist.
+
+ For this prerequisite, a requestor adds to the section a single RR
+ whose NAME and TYPE are equal to that of the zone RRset whose
+ existence is required. RDLENGTH is zero and RDATA is therefore
+ empty. CLASS must be specified as ANY to differentiate this
+ condition from that of an actual RR whose RDLENGTH is naturally zero
+ (0) (e.g., NULL). TTL is specified as zero (0).
+
+ 2.4.2 - RRset Exists (Value Dependent)
+
+ A set of RRs with a specified NAME and TYPE exists and has the same
+ members with the same RDATAs as the RRset specified here in this
+ section. While RRset ordering is undefined and therefore not
+ significant to this comparison, the sets be identical in their
+ extent.
+
+ For this prerequisite, a requestor adds to the section an entire
+ RRset whose preexistence is required. NAME and TYPE are that of the
+ RRset being denoted. CLASS is that of the zone. TTL must be
+ specified as zero (0) and is ignored when comparing RRsets for
+ identity.
+
+
+
+
+
+
+
+ Vixie, et. al. Standards Track [Page 7]
+
+ RFC 2136 DNS Update April 1997
+
+
+ 2.4.3 - RRset Does Not Exist
+
+ No RRs with a specified NAME and TYPE (in the zone and class denoted
+ by the Zone Section) can exist.
+
+ For this prerequisite, a requestor adds to the section a single RR
+ whose NAME and TYPE are equal to that of the RRset whose nonexistence
+ is required. The RDLENGTH of this record is zero (0), and RDATA
+ field is therefore empty. CLASS must be specified as NONE in order
+ to distinguish this condition from a valid RR whose RDLENGTH is
+ naturally zero (0) (for example, the NULL RR). TTL must be specified
+ as zero (0).
+
+ 2.4.4 - Name Is In Use
+
+ Name is in use. At least one RR with a specified NAME (in the zone
+ and class specified by the Zone Section) must exist. Note that this
+ prerequisite is NOT satisfied by empty nonterminals.
+
+ For this prerequisite, a requestor adds to the section a single RR
+ whose NAME is equal to that of the name whose ownership of an RR is
+ required. RDLENGTH is zero and RDATA is therefore empty. CLASS must
+ be specified as ANY to differentiate this condition from that of an
+ actual RR whose RDLENGTH is naturally zero (0) (e.g., NULL). TYPE
+ must be specified as ANY to differentiate this case from that of an
+ RRset existence test. TTL is specified as zero (0).
+
+ 2.4.5 - Name Is Not In Use
+
+ Name is not in use. No RR of any type is owned by a specified NAME.
+ Note that this prerequisite IS satisfied by empty nonterminals.
+
+ For this prerequisite, a requestor adds to the section a single RR
+ whose NAME is equal to that of the name whose nonownership of any RRs
+ is required. RDLENGTH is zero and RDATA is therefore empty. CLASS
+ must be specified as NONE. TYPE must be specified as ANY. TTL must
+ be specified as zero (0).
+
+ 2.5 - Update Section
+
+ This section contains RRs to be added to or deleted from the zone.
+ The format of this section is as specified by [RFC1035 4.1.3]. There
+ are four possible sets of semantics, summarized below and with
+ details to follow.
+
+
+
+
+
+
+
+ Vixie, et. al. Standards Track [Page 8]
+
+ RFC 2136 DNS Update April 1997
+
+
+ (1) Add RRs to an RRset.
+ (2) Delete an RRset.
+ (3) Delete all RRsets from a name.
+ (4) Delete an RR from an RRset.
+
+ The syntax of these is as follows:
+
+ 2.5.1 - Add To An RRset
+
+ RRs are added to the Update Section whose NAME, TYPE, TTL, RDLENGTH
+ and RDATA are those being added, and CLASS is the same as the zone
+ class. Any duplicate RRs will be silently ignored by the primary
+ master.
+
+ 2.5.2 - Delete An RRset
+
+ One RR is added to the Update Section whose NAME and TYPE are those
+ of the RRset to be deleted. TTL must be specified as zero (0) and is
+ otherwise not used by the primary master. CLASS must be specified as
+ ANY. RDLENGTH must be zero (0) and RDATA must therefore be empty.
+ If no such RRset exists, then this Update RR will be silently ignored
+ by the primary master.
+
+ 2.5.3 - Delete All RRsets From A Name
+
+ One RR is added to the Update Section whose NAME is that of the name
+ to be cleansed of RRsets. TYPE must be specified as ANY. TTL must
+ be specified as zero (0) and is otherwise not used by the primary
+ master. CLASS must be specified as ANY. RDLENGTH must be zero (0)
+ and RDATA must therefore be empty. If no such RRsets exist, then
+ this Update RR will be silently ignored by the primary master.
+
+ 2.5.4 - Delete An RR From An RRset
+
+ RRs to be deleted are added to the Update Section. The NAME, TYPE,
+ RDLENGTH and RDATA must match the RR being deleted. TTL must be
+ specified as zero (0) and will otherwise be ignored by the primary
+ master. CLASS must be specified as NONE to distinguish this from an
+ RR addition. If no such RRs exist, then this Update RR will be
+ silently ignored by the primary master.
+
+
+
+
+
+
+
+
+
+
+
+ Vixie, et. al. Standards Track [Page 9]
+
+ RFC 2136 DNS Update April 1997
+
+
+ 2.6 - Additional Data Section
+
+ This section contains RRs which are related to the update itself, or
+ to new RRs being added by the update. For example, out of zone glue
+ (A RRs referred to by new NS RRs) should be presented here. The
+ server can use or ignore out of zone glue, at the discretion of the
+ server implementor. The format of this section is as specified by
+ [RFC1035 4.1.3].
+
+ 3 - Server Behavior
+
+ A server, upon receiving an UPDATE request, will signal NOTIMP to the
+ requestor if the UPDATE opcode is not recognized or if it is
+ recognized but has not been implemented. Otherwise, processing
+ continues as follows.
+
+ 3.1 - Process Zone Section
+
+ 3.1.1. The Zone Section is checked to see that there is exactly one
+ RR therein and that the RR's ZTYPE is SOA, else signal FORMERR to the
+ requestor. Next, the ZNAME and ZCLASS are checked to see if the zone
+ so named is one of this server's authority zones, else signal NOTAUTH
+ to the requestor. If the server is a zone slave, the request will be
+ forwarded toward the primary master.
+
+ 3.1.2 - Pseudocode For Zone Section Processing
+
+ if (zcount != 1 || ztype != SOA)
+ return (FORMERR)
+ if (zone_type(zname, zclass) == SLAVE)
+ return forward()
+ if (zone_type(zname, zclass) == MASTER)
+ return update()
+ return (NOTAUTH)
+
+ Sections 3.2 through 3.8 describe the primary master's behaviour,
+ whereas Section 6 describes a forwarder's behaviour.
+
+ 3.2 - Process Prerequisite Section
+
+ Next, the Prerequisite Section is checked to see that all
+ prerequisites are satisfied by the current state of the zone. Using
+ the definitions expressed in Section 1.2, if any RR's NAME is not
+ within the zone specified in the Zone Section, signal NOTZONE to the
+ requestor.
+
+
+
+
+
+
+ Vixie, et. al. Standards Track [Page 10]
+
+ RFC 2136 DNS Update April 1997
+
+
+ 3.2.1. For RRs in this section whose CLASS is ANY, test to see that
+ TTL and RDLENGTH are both zero (0), else signal FORMERR to the
+ requestor. If TYPE is ANY, test to see that there is at least one RR
+ in the zone whose NAME is the same as that of the Prerequisite RR,
+ else signal NXDOMAIN to the requestor. If TYPE is not ANY, test to
+ see that there is at least one RR in the zone whose NAME and TYPE are
+ the same as that of the Prerequisite RR, else signal NXRRSET to the
+ requestor.
+
+ 3.2.2. For RRs in this section whose CLASS is NONE, test to see that
+ the TTL and RDLENGTH are both zero (0), else signal FORMERR to the
+ requestor. If the TYPE is ANY, test to see that there are no RRs in
+ the zone whose NAME is the same as that of the Prerequisite RR, else
+ signal YXDOMAIN to the requestor. If the TYPE is not ANY, test to
+ see that there are no RRs in the zone whose NAME and TYPE are the
+ same as that of the Prerequisite RR, else signal YXRRSET to the
+ requestor.
+
+ 3.2.3. For RRs in this section whose CLASS is the same as the ZCLASS,
+ test to see that the TTL is zero (0), else signal FORMERR to the
+ requestor. Then, build an RRset for each unique <NAME,TYPE> and
+ compare each resulting RRset for set equality (same members, no more,
+ no less) with RRsets in the zone. If any Prerequisite RRset is not
+ entirely and exactly matched by a zone RRset, signal NXRRSET to the
+ requestor. If any RR in this section has a CLASS other than ZCLASS
+ or NONE or ANY, signal FORMERR to the requestor.
+
+ 3.2.4 - Table Of Metavalues Used In Prerequisite Section
+
+ CLASS TYPE RDATA Meaning
+ ------------------------------------------------------------
+ ANY ANY empty Name is in use
+ ANY rrset empty RRset exists (value independent)
+ NONE ANY empty Name is not in use
+ NONE rrset empty RRset does not exist
+ zone rrset rr RRset exists (value dependent)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Vixie, et. al. Standards Track [Page 11]
+
+ RFC 2136 DNS Update April 1997
+
+
+ 3.2.5 - Pseudocode for Prerequisite Section Processing
+
+ for rr in prerequisites
+ if (rr.ttl != 0)
+ return (FORMERR)
+ if (zone_of(rr.name) != ZNAME)
+ return (NOTZONE);
+ if (rr.class == ANY)
+ if (rr.rdlength != 0)
+ return (FORMERR)
+ if (rr.type == ANY)
+ if (!zone_name<rr.name>)
+ return (NXDOMAIN)
+ else
+ if (!zone_rrset<rr.name, rr.type>)
+ return (NXRRSET)
+ if (rr.class == NONE)
+ if (rr.rdlength != 0)
+ return (FORMERR)
+ if (rr.type == ANY)
+ if (zone_name<rr.name>)
+ return (YXDOMAIN)
+ else
+ if (zone_rrset<rr.name, rr.type>)
+ return (YXRRSET)
+ if (rr.class == zclass)
+ temp<rr.name, rr.type> += rr
+ else
+ return (FORMERR)
+
+ for rrset in temp
+ if (zone_rrset<rrset.name, rrset.type> != rrset)
+ return (NXRRSET)
+
+ 3.3 - Check Requestor's Permissions
+
+ 3.3.1. Next, the requestor's permission to update the RRs named in
+ the Update Section may be tested in an implementation dependent
+ fashion or using mechanisms specified in a subsequent Secure DNS
+ Update protocol. If the requestor does not have permission to
+ perform these updates, the server may write a warning message in its
+ operations log, and may either signal REFUSED to the requestor, or
+ ignore the permission problem and proceed with the update.
+
+
+
+
+
+
+
+
+ Vixie, et. al. Standards Track [Page 12]
+
+ RFC 2136 DNS Update April 1997
+
+
+ 3.3.2. While the exact processing is implementation defined, if these
+ verification activities are to be performed, this is the point in the
+ server's processing where such performance should take place, since
+ if a REFUSED condition is encountered after an update has been
+ partially applied, it will be necessary to undo the partial update
+ and restore the zone to its original state before answering the
+ requestor.
+
+ 3.3.3 - Pseudocode for Permission Checking
+
+ if (security policy exists)
+ if (this update is not permitted)
+ if (local option)
+ log a message about permission problem
+ if (local option)
+ return (REFUSED)
+
+ 3.4 - Process Update Section
+
+ Next, the Update Section is processed as follows.
+
+ 3.4.1 - Prescan
+
+ The Update Section is parsed into RRs and each RR's CLASS is checked
+ to see if it is ANY, NONE, or the same as the Zone Class, else signal
+ a FORMERR to the requestor. Using the definitions in Section 1.2,
+ each RR's NAME must be in the zone specified by the Zone Section,
+ else signal NOTZONE to the requestor.
+
+ 3.4.1.2. For RRs whose CLASS is not ANY, check the TYPE and if it is
+ ANY, AXFR, MAILA, MAILB, or any other QUERY metatype, or any
+ unrecognized type, then signal FORMERR to the requestor. For RRs
+ whose CLASS is ANY or NONE, check the TTL to see that it is zero (0),
+ else signal a FORMERR to the requestor. For any RR whose CLASS is
+ ANY, check the RDLENGTH to make sure that it is zero (0) (that is,
+ the RDATA field is empty), and that the TYPE is not AXFR, MAILA,
+ MAILB, or any other QUERY metatype besides ANY, or any unrecognized
+ type, else signal FORMERR to the requestor.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Vixie, et. al. Standards Track [Page 13]
+
+ RFC 2136 DNS Update April 1997
+
+
+ 3.4.1.3 - Pseudocode For Update Section Prescan
+
+ [rr] for rr in updates
+ if (zone_of(rr.name) != ZNAME)
+ return (NOTZONE);
+ if (rr.class == zclass)
+ if (rr.type & ANY|AXFR|MAILA|MAILB)
+ return (FORMERR)
+ elsif (rr.class == ANY)
+ if (rr.ttl != 0 || rr.rdlength != 0
+ || rr.type & AXFR|MAILA|MAILB)
+ return (FORMERR)
+ elsif (rr.class == NONE)
+ if (rr.ttl != 0 || rr.type & ANY|AXFR|MAILA|MAILB)
+ return (FORMERR)
+ else
+ return (FORMERR)
+
+ 3.4.2 - Update
+
+ The Update Section is parsed into RRs and these RRs are processed in
+ order.
+
+ 3.4.2.1. If any system failure (such as an out of memory condition,
+ or a hardware error in persistent storage) occurs during the
+ processing of this section, signal SERVFAIL to the requestor and undo
+ all updates applied to the zone during this transaction.
+
+ 3.4.2.2. Any Update RR whose CLASS is the same as ZCLASS is added to
+ the zone. In case of duplicate RDATAs (which for SOA RRs is always
+ the case, and for WKS RRs is the case if the ADDRESS and PROTOCOL
+ fields both match), the Zone RR is replaced by Update RR. If the
+ TYPE is SOA and there is no Zone SOA RR, or the new SOA.SERIAL is
+ lower (according to [RFC1982]) than or equal to the current Zone SOA
+ RR's SOA.SERIAL, the Update RR is ignored. In the case of a CNAME
+ Update RR and a non-CNAME Zone RRset or vice versa, ignore the CNAME
+ Update RR, otherwise replace the CNAME Zone RR with the CNAME Update
+ RR.
+
+ 3.4.2.3. For any Update RR whose CLASS is ANY and whose TYPE is ANY,
+ all Zone RRs with the same NAME are deleted, unless the NAME is the
+ same as ZNAME in which case only those RRs whose TYPE is other than
+ SOA or NS are deleted. For any Update RR whose CLASS is ANY and
+ whose TYPE is not ANY all Zone RRs with the same NAME and TYPE are
+ deleted, unless the NAME is the same as ZNAME in which case neither
+ SOA or NS RRs will be deleted.
+
+
+
+
+
+ Vixie, et. al. Standards Track [Page 14]
+
+ RFC 2136 DNS Update April 1997
+
+
+ 3.4.2.4. For any Update RR whose class is NONE, any Zone RR whose
+ NAME, TYPE, RDATA and RDLENGTH are equal to the Update RR is deleted,
+ unless the NAME is the same as ZNAME and either the TYPE is SOA or
+ the TYPE is NS and the matching Zone RR is the only NS remaining in
+ the RRset, in which case this Update RR is ignored.
+
+ 3.4.2.5. Signal NOERROR to the requestor.
+
+ 3.4.2.6 - Table Of Metavalues Used In Update Section
+
+ CLASS TYPE RDATA Meaning
+ ---------------------------------------------------------
+ ANY ANY empty Delete all RRsets from a name
+ ANY rrset empty Delete an RRset
+ NONE rrset rr Delete an RR from an RRset
+ zone rrset rr Add to an RRset
+
+ 3.4.2.7 - Pseudocode For Update Section Processing
+
+ [rr] for rr in updates
+ if (rr.class == zclass)
+ if (rr.type == CNAME)
+ if (zone_rrset<rr.name, ~CNAME>)
+ next [rr]
+ elsif (zone_rrset<rr.name, CNAME>)
+ next [rr]
+ if (rr.type == SOA)
+ if (!zone_rrset<rr.name, SOA> ||
+ zone_rr<rr.name, SOA>.serial > rr.soa.serial)
+ next [rr]
+ for zrr in zone_rrset<rr.name, rr.type>
+ if (rr.type == CNAME || rr.type == SOA ||
+ (rr.type == WKS && rr.proto == zrr.proto &&
+ rr.address == zrr.address) ||
+ rr.rdata == zrr.rdata)
+ zrr = rr
+ next [rr]
+ zone_rrset<rr.name, rr.type> += rr
+ elsif (rr.class == ANY)
+ if (rr.type == ANY)
+ if (rr.name == zname)
+ zone_rrset<rr.name, ~(SOA|NS)> = Nil
+ else
+ zone_rrset<rr.name, *> = Nil
+ elsif (rr.name == zname &&
+ (rr.type == SOA || rr.type == NS))
+ next [rr]
+ else
+
+
+
+ Vixie, et. al. Standards Track [Page 15]
+
+ RFC 2136 DNS Update April 1997
+
+
+ zone_rrset<rr.name, rr.type> = Nil
+ elsif (rr.class == NONE)
+ if (rr.type == SOA)
+ next [rr]
+ if (rr.type == NS && zone_rrset<rr.name, NS> == rr)
+ next [rr]
+ zone_rr<rr.name, rr.type, rr.data> = Nil
+ return (NOERROR)
+
+ 3.5 - Stability
+
+ When a zone is modified by an UPDATE operation, the server must
+ commit the change to nonvolatile storage before sending a response to
+ the requestor or answering any queries or transfers for the modified
+ zone. It is reasonable for a server to store only the update records
+ as long as a system reboot or power failure will cause these update
+ records to be incorporated into the zone the next time the server is
+ started. It is also reasonable for the server to copy the entire
+ modified zone to nonvolatile storage after each update operation,
+ though this would have suboptimal performance for large zones.
+
+ 3.6 - Zone Identity
+
+ If the zone's SOA SERIAL is changed by an update operation, that
+ change must be in a positive direction (using modulo 2**32 arithmetic
+ as specified by [RFC1982]). Attempts to replace an SOA with one
+ whose SERIAL is less than the current one will be silently ignored by
+ the primary master server.
+
+ If the zone's SOA's SERIAL is not changed as a result of an update
+ operation, then the server shall increment it automatically before
+ the SOA or any changed name or RR or RRset is included in any
+ response or transfer. The primary master server's implementor might
+ choose to autoincrement the SOA SERIAL if any of the following events
+ occurs:
+
+ (1) Each update operation.
+
+ (2) A name, RR or RRset in the zone has changed and has subsequently
+ been visible to a DNS client since the unincremented SOA was
+ visible to a DNS client, and the SOA is about to become visible
+ to a DNS client.
+
+ (3) A configurable period of time has elapsed since the last update
+ operation. This period shall be less than or equal to one third
+ of the zone refresh time, and the default shall be the lesser of
+ that maximum and 300 seconds.
+
+
+
+
+ Vixie, et. al. Standards Track [Page 16]
+
+ RFC 2136 DNS Update April 1997
+
+
+ (4) A configurable number of updates has been applied since the last
+ SOA change. The default value for this configuration parameter
+ shall be one hundred (100).
+
+ It is imperative that the zone's contents and the SOA's SERIAL be
+ tightly synchronized. If the zone appears to change, the SOA must
+ appear to change as well.
+
+ 3.7 - Atomicity
+
+ During the processing of an UPDATE transaction, the server must
+ ensure atomicity with respect to other (concurrent) UPDATE or QUERY
+ transactions. No two transactions can be processed concurrently if
+ either depends on the final results of the other; in particular, a
+ QUERY should not be able to retrieve RRsets which have been partially
+ modified by a concurrent UPDATE, and an UPDATE should not be able to
+ start from prerequisites that might not still hold at the completion
+ of some other concurrent UPDATE. Finally, if two UPDATE transactions
+ would modify the same names, RRs or RRsets, then such UPDATE
+ transactions must be serialized.
+
+ 3.8 - Response
+
+ At the end of UPDATE processing, a response code will be known. A
+ response message is generated by copying the ID and Opcode fields
+ from the request, and either copying the ZOCOUNT, PRCOUNT, UPCOUNT,
+ and ADCOUNT fields and associated sections, or placing zeros (0) in
+ the these "count" fields and not including any part of the original
+ update. The QR bit is set to one (1), and the response is sent back
+ to the requestor. If the requestor used UDP, then the response will
+ be sent to the requestor's source UDP port. If the requestor used
+ TCP, then the response will be sent back on the requestor's open TCP
+ connection.
+
+ 4 - Requestor Behaviour
+
+ 4.1. From a requestor's point of view, any authoritative server for
+ the zone can appear to be able to process update requests, even
+ though only the primary master server is actually able to modify the
+ zone's master file. Requestors are expected to know the name of the
+ zone they intend to update and to know or be able to determine the
+ name servers for that zone.
+
+
+
+
+
+
+
+
+
+ Vixie, et. al. Standards Track [Page 17]
+
+ RFC 2136 DNS Update April 1997
+
+
+ 4.2. If update ordering is desired, the requestor will need to know
+ the value of the existing SOA RR. Requestors who update the SOA RR
+ must update the SOA SERIAL field in a positive direction (as defined
+ by [RFC1982]) and also preserve the other SOA fields unless the
+ requestor's explicit intent is to change them. The SOA SERIAL field
+ must never be set to zero (0).
+
+ 4.3. If the requestor has reasonable cause to believe that all of a
+ zone's servers will be equally reachable, then it should arrange to
+ try the primary master server (as given by the SOA MNAME field if
+ matched by some NS NSDNAME) first to avoid unnecessary forwarding
+ inside the slave servers. (Note that the primary master will in some
+ cases not be reachable by all requestors, due to firewalls or network
+ partitioning.)
+
+ 4.4. Once the zone's name servers been found and possibly sorted so
+ that the ones more likely to be reachable and/or support the UPDATE
+ opcode are listed first, the requestor composes an UPDATE message of
+ the following form and sends it to the first name server on its list:
+
+ ID: (new)
+ Opcode: UPDATE
+ Zone zcount: 1
+ Zone zname: (zone name)
+ Zone zclass: (zone class)
+ Zone ztype: T_SOA
+ Prerequisite Section: (see previous text)
+ Update Section: (see previous text)
+ Additional Data Section: (empty)
+
+ 4.5. If the requestor receives a response, and the response has an
+ RCODE other than SERVFAIL or NOTIMP, then the requestor returns an
+ appropriate response to its caller.
+
+ 4.6. If a response is received whose RCODE is SERVFAIL or NOTIMP, or
+ if no response is received within an implementation dependent timeout
+ period, or if an ICMP error is received indicating that the server's
+ port is unreachable, then the requestor will delete the unusable
+ server from its internal name server list and try the next one,
+ repeating until the name server list is empty. If the requestor runs
+ out of servers to try, an appropriate error will be returned to the
+ requestor's caller.
+
+
+
+
+
+
+
+
+
+ Vixie, et. al. Standards Track [Page 18]
+
+ RFC 2136 DNS Update April 1997
+
+
+ 5 - Duplicate Detection, Ordering and Mutual Exclusion
+
+ 5.1. For correct operation, mechanisms may be needed to ensure
+ idempotence, order UPDATE requests and provide mutual exclusion. An
+ UPDATE message or response might be delivered zero times, one time,
+ or multiple times. Datagram duplication is of particular interest
+ since it covers the case of the so-called "replay attack" where a
+ correct request is duplicated maliciously by an intruder.
+
+ 5.2. Multiple UPDATE requests or responses in transit might be
+ delivered in any order, due to network topology changes or load
+ balancing, or to multipath forwarding graphs wherein several slave
+ servers all forward to the primary master. In some cases, it might
+ be required that the earlier update not be applied after the later
+ update, where "earlier" and "later" are defined by an external time
+ base visible to some set of requestors, rather than by the order of
+ request receipt at the primary master.
+
+ 5.3. A requestor can ensure transaction idempotence by explicitly
+ deleting some "marker RR" (rather than deleting the RRset of which it
+ is a part) and then adding a new "marker RR" with a different RDATA
+ field. The Prerequisite Section should specify that the original
+ "marker RR" must be present in order for this UPDATE message to be
+ accepted by the server.
+
+ 5.4. If the request is duplicated by a network error, all duplicate
+ requests will fail since only the first will find the original
+ "marker RR" present and having its known previous value. The
+ decisions of whether to use such a "marker RR" and what RR to use are
+ left up to the application programmer, though one obvious choice is
+ the zone's SOA RR as described below.
+
+ 5.5. Requestors can ensure update ordering by externally
+ synchronizing their use of successive values of the "marker RR."
+ Mutual exclusion can be addressed as a degenerate case, in that a
+ single succession of the "marker RR" is all that is needed.
+
+ 5.6. A special case where update ordering and datagram duplication
+ intersect is when an RR validly changes to some new value and then
+ back to its previous value. Without a "marker RR" as described
+ above, this sequence of updates can leave the zone in an undefined
+ state if datagrams are duplicated.
+
+ 5.7. To achieve an atomic multitransaction "read-modify-write" cycle,
+ a requestor could first retrieve the SOA RR, and build an UPDATE
+ message one of whose prerequisites was the old SOA RR. It would then
+ specify updates that would delete this SOA RR and add a new one with
+ an incremented SOA SERIAL, along with whatever actual prerequisites
+
+
+
+ Vixie, et. al. Standards Track [Page 19]
+
+ RFC 2136 DNS Update April 1997
+
+
+ and updates were the object of the transaction. If the transaction
+ succeeds, the requestor knows that the RRs being changed were not
+ otherwise altered by any other requestor.
+
+ 6 - Forwarding
+
+ When a zone slave forwards an UPDATE message upward toward the zone's
+ primary master server, it must allocate a new ID and prepare to enter
+ the role of "forwarding server," which is a requestor with respect to
+ the forward server.
+
+ 6.1. The set of forward servers will be same as the set of servers
+ this zone slave would use as the source of AXFR or IXFR data. So,
+ while the original requestor might have used the zone's NS RRset to
+ locate its update server, a forwarder always forwards toward its
+ designated zone master servers.
+
+ 6.2. If the original requestor used TCP, then the TCP connection from
+ the requestor is still open and the forwarder must use TCP to forward
+ the message. If the original requestor used UDP, the forwarder may
+ use either UDP or TCP to forward the message, at the whim of the
+ implementor.
+
+ 6.3. It is reasonable for forward servers to be forwarders
+ themselves, if the AXFR dependency graph being followed is a deep one
+ involving firewalls and multiple connectivity realms. In most cases
+ the AXFR dependency graph will be shallow and the forward server will
+ be the primary master server.
+
+ 6.4. The forwarder will not respond to its requestor until it
+ receives a response from its forward server. UPDATE transactions
+ involving forwarders are therefore time synchronized with respect to
+ the original requestor and the primary master server.
+
+ 6.5. When there are multiple possible sources of AXFR data and
+ therefore multiple possible forward servers, a forwarder will use the
+ same fallback strategy with respect to connectivity or timeout errors
+ that it would use when performing an AXFR. This is implementation
+ dependent.
+
+ 6.6. When a forwarder receives a response from a forward server, it
+ copies this response into a new response message, assigns its
+ requestor's ID to that message, and sends the response back to the
+ requestor.
+
+
+
+
+
+
+
+ Vixie, et. al. Standards Track [Page 20]
+
+ RFC 2136 DNS Update April 1997
+
+
+ 7 - Design, Implementation, Operation, and Protocol Notes
+
+ Some of the principles which guided the design of this UPDATE
+ specification are as follows. Note that these are not part of the
+ formal specification and any disagreement between this section and
+ any other section of this document should be resolved in favour of
+ the other section.
+
+ 7.1. Using metavalues for CLASS is possible only because all RRs in
+ the packet are assumed to be in the same zone, and CLASS is an
+ attribute of a zone rather than of an RRset. (It is for this reason
+ that the Zone Section is not optional.)
+
+ 7.2. Since there are no data-present or data-absent errors possible
+ from processing the Update Section, any necessary data-present and
+ data- absent dependencies should be specified in the Prerequisite
+ Section.
+
+ 7.3. The Additional Data Section can be used to supply a server with
+ out of zone glue that will be needed in referrals. For example, if
+ adding a new NS RR to HOME.VIX.COM specifying a nameserver called
+ NS.AU.OZ, the A RR for NS.AU.OZ can be included in the Additional
+ Data Section. Servers can use this information or ignore it, at the
+ discretion of the implementor. We discourage caching this
+ information for use in subsequent DNS responses.
+
+ 7.4. The Additional Data Section might be used if some of the RRs
+ later needed for Secure DNS Update are not actually zone updates, but
+ rather ancillary keys or signatures not intended to be stored in the
+ zone (as an update would be), yet necessary for validating the update
+ operation.
+
+ 7.5. It is expected that in the absence of Secure DNS Update, a
+ server will only accept updates if they come from a source address
+ that has been statically configured in the server's description of a
+ primary master zone. DHCP servers would be likely candidates for
+ inclusion in this statically configured list.
+
+ 7.6. It is not possible to create a zone using this protocol, since
+ there is no provision for a slave server to be told who its master
+ servers are. It is expected that this protocol will be extended in
+ the future to cover this case. Therefore, at this time, the addition
+ of SOA RRs is unsupported. For similar reasons, deletion of SOA RRs
+ is also unsupported.
+
+
+
+
+
+
+
+ Vixie, et. al. Standards Track [Page 21]
+
+ RFC 2136 DNS Update April 1997
+
+
+ 7.7. The prerequisite for specifying that a name own at least one RR
+ differs semantically from QUERY, in that QUERY would return
+ <NOERROR,ANCOUNT=0> rather than NXDOMAIN if queried for an RRset at
+ this name, while UPDATE's prerequisite condition [Section 2.4.4]
+ would NOT be satisfied.
+
+ 7.8. It is possible for a UDP response to be lost in transit and for
+ a request to be retried due to a timeout condition. In this case an
+ UPDATE that was successful the first time it was received by the
+ primary master might ultimately appear to have failed when the
+ response to a duplicate request is finally received by the requestor.
+ (This is because the original prerequisites may no longer be
+ satisfied after the update has been applied.) For this reason,
+ requestors who require an accurate response code must use TCP.
+
+ 7.9. Because a requestor who requires an accurate response code will
+ initiate their UPDATE transaction using TCP, a forwarder who receives
+ a request via TCP must forward it using TCP.
+
+ 7.10. Deferral of SOA SERIAL autoincrements is made possible so that
+ serial numbers can be conserved and wraparound at 2**32 can be made
+ an infrequent occurance. Visible (to DNS clients) SOA SERIALs need
+ to differ if the zone differs. Note that the Authority Section SOA
+ in a QUERY response is a form of visibility, for the purposes of this
+ prerequisite.
+
+ 7.11. A zone's SOA SERIAL should never be set to zero (0) due to
+ interoperability problems with some older but widely installed
+ implementations of DNS. When incrementing an SOA SERIAL, if the
+ result of the increment is zero (0) (as will be true when wrapping
+ around 2**32), it is necessary to increment it again or set it to one
+ (1). See [RFC1982] for more detail on this subject.
+
+ 7.12. Due to the TTL minimalization necessary when caching an RRset,
+ it is recommended that all TTLs in an RRset be set to the same value.
+ While the DNS Message Format permits variant TTLs to exist in the
+ same RRset, and this variance can exist inside a zone, such variance
+ will have counterintuitive results and its use is discouraged.
+
+ 7.13. Zone cut management presents some obscure corner cases to the
+ add and delete operations in the Update Section. It is possible to
+ delete an NS RR as long as it is not the last NS RR at the root of a
+ zone. If deleting all RRs from a name, SOA and NS RRs at the root of
+ a zone are unaffected. If deleting RRsets, it is not possible to
+ delete either SOA or NS RRsets at the top of a zone. An attempt to
+ add an SOA will be treated as a replace operation if an SOA already
+ exists, or as a no-op if the SOA would be new.
+
+
+
+
+ Vixie, et. al. Standards Track [Page 22]
+
+ RFC 2136 DNS Update April 1997
+
+
+ 7.14. No semantic checking is required in the primary master server
+ when adding new RRs. Therefore a requestor can cause CNAME or NS or
+ any other kind of RR to be added even if their target name does not
+ exist or does not have the proper RRsets to make the original RR
+ useful. Primary master servers that DO implement this kind of
+ checking should take great care to avoid out-of-zone dependencies
+ (whose veracity cannot be authoritatively checked) and should
+ implement all such checking during the prescan phase.
+
+ 7.15. Nonterminal or wildcard CNAMEs are not well specified by
+ [RFC1035] and their use will probably lead to unpredictable results.
+ Their use is discouraged.
+
+ 7.16. Empty nonterminals (nodes with children but no RRs of their
+ own) will cause <NOERROR,ANCOUNT=0> responses to be sent in response
+ to a query of any type for that name. There is no provision for
+ empty terminal nodes -- so if all RRs of a terminal node are deleted,
+ the name is no longer in use, and queries of any type for that name
+ will result in an NXDOMAIN response.
+
+ 7.17. In a deep AXFR dependency graph, it has not historically been
+ an error for slaves to depend mutually upon each other. This
+ configuration has been used to enable a zone to flow from the primary
+ master to all slaves even though not all slaves have continuous
+ connectivity to the primary master. UPDATE's use of the AXFR
+ dependency graph for forwarding prohibits this kind of dependency
+ loop, since UPDATE forwarding has no loop detection analagous to the
+ SOA SERIAL pretest used by AXFR.
+
+ 7.18. Previously existing names which are occluded by a new zone cut
+ are still considered part of the parent zone, for the purposes of
+ zone transfers, even though queries for such names will be referred
+ to the new subzone's servers. If a zone cut is removed, all parent
+ zone names that were occluded by it will again become visible to
+ queries. (This is a clarification of [RFC1034].)
+
+ 7.19. If a server is authoritative for both a zone and its child,
+ then queries for names at the zone cut between them will be answered
+ authoritatively using only data from the child zone. (This is a
+ clarification of [RFC1034].)
+
+
+
+
+
+
+
+
+
+
+
+ Vixie, et. al. Standards Track [Page 23]
+
+ RFC 2136 DNS Update April 1997
+
+
+ 7.20. Update ordering using the SOA RR is problematic since there is
+ no way to know which of a zone's NS RRs represents the primary
+ master, and the zone slaves can be out of date if their SOA.REFRESH
+ timers have not elapsed since the last time the zone was changed on
+ the primary master. We recommend that a zone needing ordered updates
+ use only servers which implement NOTIFY (see [RFC1996]) and IXFR (see
+ [RFC1995]), and that a client receiving a prerequisite error while
+ attempting an ordered update simply retry after a random delay period
+ to allow the zone to settle.
+
+ 8 - Security Considerations
+
+ 8.1. In the absence of [RFC2137] or equivilent technology, the
+ protocol described by this document makes it possible for anyone who
+ can reach an authoritative name server to alter the contents of any
+ zones on that server. This is a serious increase in vulnerability
+ from the current technology. Therefore it is very strongly
+ recommended that the protocols described in this document not be used
+ without [RFC2137] or other equivalently strong security measures,
+ e.g. IPsec.
+
+ 8.2. A denial of service attack can be launched by flooding an update
+ forwarder with TCP sessions containing updates that the primary
+ master server will ultimately refuse due to permission problems.
+ This arises due to the requirement that an update forwarder receiving
+ a request via TCP use a synchronous TCP session for its forwarding
+ operation. The connection management mechanisms of [RFC1035 4.2.2]
+ are sufficient to prevent large scale damage from such an attack, but
+ not to prevent some queries from going unanswered during the attack.
+
+ Acknowledgements
+
+ We would like to thank the IETF DNSIND working group for their input
+ and assistance, in particular, Rob Austein, Randy Bush, Donald
+ Eastlake, Masataka Ohta, Mark Andrews, and Robert Elz. Special
+ thanks to Bill Simpson, Ken Wallich and Bob Halley for reviewing this
+ document.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Vixie, et. al. Standards Track [Page 24]
+
+ RFC 2136 DNS Update April 1997
+
+
+ References
+
+ [RFC1035]
+ Mockapetris, P., "Domain Names - Implementation and
+ Specification", STD 13, RFC 1035, USC/Information Sciences
+ Institute, November 1987.
+
+ [RFC1982]
+ Elz, R., "Serial Number Arithmetic", RFC 1982, University of
+ Melbourne, August 1996.
+
+ [RFC1995]
+ Ohta, M., "Incremental Zone Transfer", RFC 1995, Tokyo Institute
+ of Technology, August 1996.
+
+ [RFC1996]
+ Vixie, P., "A Mechanism for Prompt Notification of Zone Changes",
+ RFC 1996, Internet Software Consortium, August 1996.
+
+ [RFC2065]
+ Eastlake, D., and C. Kaufman, "Domain Name System Protocol
+ Security Extensions", RFC 2065, January 1997.
+
+ [RFC2137]
+ Eastlake, D., "Secure Domain Name System Dynamic Update", RFC
+ 2137, April 1997.
+
+ Authors' Addresses
+
+ Yakov Rekhter
+ Cisco Systems
+ 170 West Tasman Drive
+ San Jose, CA 95134-1706
+
+ Phone: +1 914 528 0090
+ EMail: yakov@cisco.com
+
+
+ Susan Thomson
+ Bellcore
+ 445 South Street
+ Morristown, NJ 07960
+
+ Phone: +1 201 829 4514
+ EMail: set@thumper.bellcore.com
+
+
+
+
+
+
+ Vixie, et. al. Standards Track [Page 25]
+
+ RFC 2136 DNS Update April 1997
+
+
+ Jim Bound
+ Digital Equipment Corp.
+ 110 Spitbrook Rd ZK3-3/U14
+ Nashua, NH 03062-2698
+
+ Phone: +1 603 881 0400
+ EMail: bound@zk3.dec.com
+
+
+ Paul Vixie
+ Internet Software Consortium
+ Star Route Box 159A
+ Woodside, CA 94062
+
+ Phone: +1 415 747 0204
+ EMail: paul@vix.com
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Vixie, et. al. Standards Track [Page 26]
+
Index: bind/doc/rfc/rfc2137
diff -c /dev/null bind/doc/rfc/rfc2137:8.1
*** /dev/null Wed Apr 30 21:24:39 1997
--- bind/doc/rfc/rfc2137 Wed Apr 30 10:27:15 1997
***************
*** 0 ****
--- 1,619 ----
+
+
+
+
+
+
+ Network Working Group D. Eastlake 3rd
+ Request for Comments: 2137 CyberCash, Inc.
+ Updates: 1035 April 1997
+ Category: Standards Track
+
+
+ Secure Domain Name System Dynamic Update
+
+ Status of this Memo
+
+ This document specifies an Internet standards track protocol for the
+ Internet community, and requests discussion and suggestions for
+ improvements. Please refer to the current edition of the "Internet
+ Official Protocol Standards" (STD 1) for the standardization state
+ and status of this protocol. Distribution of this memo is unlimited.
+
+ Abstract
+
+ Domain Name System (DNS) protocol extensions have been defined to
+ authenticate the data in DNS and provide key distribution services
+ [RFC2065]. DNS Dynamic Update operations have also been defined
+ [RFC2136], but without a detailed description of security for the
+ update operation. This memo describes how to use DNSSEC digital
+ signatures covering requests and data to secure updates and restrict
+ updates to those authorized to perform them as indicated by the
+ updater's possession of cryptographic keys.
+
+ Acknowledgements
+
+ The contributions of the following persons (who are listed in
+ alphabetic order) to this memo are gratefully acknowledged:
+
+ Olafur Gudmundsson (ogud@tis.com>
+ Charlie Kaufman <Charlie_Kaufman@iris.com>
+ Stuart Kwan <skwan@microsoft.com>
+ Edward Lewis <lewis@tis.com>
+
+ Table of Contents
+
+ 1. Introduction............................................2
+ 1.1 Overview of DNS Dynamic Update.........................2
+ 1.2 Overview of DNS Security...............................2
+ 2. Two Basic Modes.........................................3
+ 3. Keys....................................................5
+ 3.1 Update Keys............................................6
+ 3.1.1 Update Key Name Scope................................6
+ 3.1.2 Update Key Class Scope...............................6
+ 3.1.3 Update Key Signatory Field...........................6
+
+
+
+ Eastlake Standards Track [Page 1]
+
+ RFC 2137 SDNSDU April 1997
+
+
+ 3.2 Zone Keys and Update Modes.............................8
+ 3.3 Wildcard Key Punch Through.............................9
+ 4. Update Signatures.......................................9
+ 4.1 Update Request Signatures..............................9
+ 4.2 Update Data Signatures................................10
+ 5. Security Considerations................................10
+ References................................................10
+ Author's Address..........................................11
+
+ 1. Introduction
+
+ Dynamic update operations have been defined for the Domain Name
+ System (DNS) in RFC 2136, but without a detailed description of
+ security for those updates. Means of securing the DNS and using it
+ for key distribution have been defined in RFC 2065.
+
+ This memo proposes techniques based on the defined DNS security
+ mechanisms to authenticate DNS updates.
+
+ Familiarity with the DNS system [RFC 1034, 1035] is assumed.
+ Familiarity with the DNS security and dynamic update proposals will
+ be helpful.
+
+ 1.1 Overview of DNS Dynamic Update
+
+ DNS dynamic update defines a new DNS opcode, new DNS request and
+ response structure if that opcode is used, and new error codes. An
+ update can specify complex combinations of deletion and insertion
+ (with or without pre-existence testing) of resource records (RRs)
+ with one or more owner names; however, all testing and changes for
+ any particular DNS update request are restricted to a single zone.
+ Updates occur at the primary server for a zone.
+
+ The primary server for a secure dynamic zone must increment the zone
+ SOA serial number when an update occurs or the next time the SOA is
+ retrieved if one or more updates have occurred since the previous SOA
+ retrieval and the updates themselves did not update the SOA.
+
+ 1.2 Overview of DNS Security
+
+ DNS security authenticates data in the DNS by also storing digital
+ signatures in the DNS as SIG resource records (RRs). A SIG RR
+ provides a digital signature on the set of all RRs with the same
+ owner name and class as the SIG and whose type is the type covered by
+ the SIG. The SIG RR cryptographically binds the covered RR set to
+ the signer, time signed, signature expiration date, etc. There are
+ one or more keys associated with every secure zone and all data in
+ the secure zone is signed either by a zone key or by a dynamic update
+
+
+
+ Eastlake Standards Track [Page 2]
+
+ RFC 2137 SDNSDU April 1997
+
+
+ key tracing its authority to a zone key.
+
+ DNS security also defines transaction SIGs and request SIGs.
+ Transaction SIGs appear at the end of a response. Transaction SIGs
+ authenticate the response and bind it to the corresponding request
+ with the key of the host where the responding DNS server is. Request
+ SIGs appear at the end of a request and authenticate the request with
+ the key of the submitting entity.
+
+ Request SIGs are the primary means of authenticating update requests.
+
+ DNS security also permits the storage of public keys in the DNS via
+ KEY RRs. These KEY RRs are also, of course, authenticated by SIG
+ RRs. KEY RRs for zones are stored in their superzone and subzone
+ servers, if any, so that the secure DNS tree of zones can be
+ traversed by a security aware resolver.
+
+ 2. Two Basic Modes
+
+ A dynamic secure zone is any secure DNS zone containing one or more
+ KEY RRs that can authorize dynamic updates, i.e., entity or user KEY
+ RRs with the signatory field non-zero, and whose zone KEY RR
+ signatory field indicates that updates are implemented. There are two
+ basic modes of dynamic secure zone which relate to the update
+ strategy, mode A and mode B. A summary comparison table is given
+ below and then each mode is described.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Eastlake Standards Track [Page 3]
+
+ RFC 2137 SDNSDU April 1997
+
+
+ SUMMARY OF DYNAMIC SECURE ZONE MODES
+
+ CRITERIA: | MODE A | MODE B
+ =========================+====================+===================
+ Definition: | Zone Key Off line | Zone Key On line
+ =========================+====================+===================
+ Server Workload | Low | High
+ -------------------------+--------------------+-------------------
+ Static Data Security | Very High | Medium-High
+ -------------------------+--------------------+-------------------
+ Dynamic Data Security | Medium | Medium-High
+ -------------------------+--------------------+-------------------
+ Key Restrictions | Fine grain | Coarse grain
+ -------------------------+--------------------+-------------------
+ Dynamic Data Temporality | Transient | Permanent
+ -------------------------+--------------------+-------------------
+ Dynamic Key Rollover | No | Yes
+ -------------------------+--------------------+-------------------
+
+ For mode A, the zone owner key and static zone master file are always
+ kept off-line for maximum security of the static zone contents.
+
+ As a consequence, any dynamicly added or changed RRs are signed in
+ the secure zone by their authorizing dynamic update key and they are
+ backed up, along with this SIG RR, in a separate online dynamic
+ master file. In this type of zone, server computation is minimized
+ since the server need only check signatures on the update data and
+ request, which have already been signed by the updater, generally a
+ much faster operation than signing data. However, the AXFR SIG and
+ NXT RRs which covers the zone under the zone key will not cover
+ dynamically added data. Thus, for type A dynamic secure zones, zone
+ transfer security is not automatically provided for dynamically added
+ RRs, where they could be omitted, and authentication is not provided
+ for the server denial of the existence of a dynamically added type.
+ Because the dynamicly added RRs retain their update KEY signed SIG,
+ finer grained control of updates can be implemented via bits in the
+ KEY RR signatory field. Because dynamic data is only stored in the
+ online dynamic master file and only authenticated by dynamic keys
+ which expire, updates are transient in nature. Key rollover for an
+ entity that can authorize dynamic updates is more cumbersome since
+ the authority of their key must be traceable to a zone key and so, in
+ general, they must securely communicate a new key to the zone
+ authority for manual transfer to the off line static master file.
+ NOTE: for this mode the zone SOA must be signed by a dynamic update
+ key and that private key must be kept on line so that the SOA can be
+ changed for updates.
+
+
+
+
+
+ Eastlake Standards Track [Page 4]
+
+ RFC 2137 SDNSDU April 1997
+
+
+ For mode B, the zone owner key and master file are kept on-line at
+ the zone primary server. When authenticated updates succeed, SIGs
+ under the zone key for the resulting data (including the possible NXT
+ type bit map changes) are calculated and these SIG (and possible NXT)
+ changes are entered into the zone and the unified on-line master
+ file. (The zone transfer AXFR SIG may be recalculated for each
+ update or on demand when a zone transfer is requested and it is out
+ of date.)
+
+ As a consequence, this mode requires considerably more computational
+ effort on the part of the server as the public/private keys are
+ generally arranged so that signing (calculating a SIG) is more effort
+ than verifying a signature. The security of static data in the zone
+ is decreased because the ultimate state of the static data being
+ served and the ultimate zone authority private key are all on-line on
+ the net. This means that if the primary server is subverted, false
+ data could be authenticated to secondaries and other
+ servers/resolvers. On the other hand, this mode of operation means
+ that data added dynamically is more secure than in mode A. Dynamic
+ data will be covered by the AXFR SIG and thus always protected during
+ zone transfers and will be included in NXT RRs so that it can be
+ falsely denied by a server only to the same extent that static data
+ can (i.e., if it is within a wild card scope). Because the zone key
+ is used to sign all the zone data, the information as to who
+ originated the current state of dynamic RR sets is lost, making
+ unavailable the effects of some of the update control bits in the KEY
+ RR signatory field. In addition, the incorporation of the updates
+ into the primary master file and their authentication by the zone key
+ makes then permanent in nature. Maintaining the zone key on-line
+ also means that dynamic update keys which are signed by the zone key
+ can be dynamically updated since the zone key is available to
+ dynamically sign new values.
+
+ NOTE: The Mode A / Mode B distinction only effects the validation
+ and performance of update requests. It has no effect on retrievals.
+ One reasonable operational scheme may be to keep a mostly static main
+ zone operating in Mode A and have one or more dynamic subzones
+ operating in Mode B.
+
+ 3. Keys
+
+ Dynamic update requests depend on update keys as described in section
+ 3.1 below. In addition, the zone secure dynamic update mode and
+ availability of some options is indicated in the zone key. Finally,
+ a special rule is used in searching for KEYs to validate updates as
+ described in section 3.3.
+
+
+
+
+
+ Eastlake Standards Track [Page 5]
+
+ RFC 2137 SDNSDU April 1997
+
+
+ 3.1 Update Keys
+
+ All update requests to a secure zone must include signatures by one
+ or more key(s) that together can authorize that update. In order for
+ the Domain Name System (DNS) server receiving the request to confirm
+ this, the key or keys must be available to and authenticated by that
+ server as a specially flagged KEY Resource Record.
+
+ The scope of authority of such keys is indicated by their KEY RR
+ owner name, class, and signatory field flags as described below. In
+ addition, such KEY RRs must be entity or user keys and not have the
+ authentication use prohibited bit on. All parts of the actual update
+ must be within the scope of at least one of the keys used for a
+ request SIG on the update request as described in section 4.
+
+ 3.1.1 Update Key Name Scope
+
+ The owner name of any update authorizing KEY RR must (1) be the same
+ as the owner name of any RRs being added or deleted or (2) a wildcard
+ name including within its extended scope (see section 3.3) the name
+ of any RRs being added or deleted and those RRs must be in the same
+ zone.
+
+ 3.1.2 Update Key Class Scope
+
+ The class of any update authorizing KEY RR must be the same as the
+ class of any RR's being added or deleted.
+
+ 3.1.3 Update Key Signatory Field
+
+ The four bit "signatory field" (see RFC 2065) of any update
+ authorizing KEY RR must be non-zero. The bits have the meanings
+ described below for non-zone keys (see section 3.2 for zone type
+ keys).
+
+ UPDATE KEY RR SIGNATORY FIELD BITS
+
+ 0 1 2 3
+ +-----------+-----------+-----------+-----------+
+ | zone | strong | unique | general |
+ +-----------+-----------+-----------+-----------+
+
+ Bit 0, zone control - If nonzero, this key is authorized to attach,
+ detach, and move zones by creating and deleting NS, glue A, and
+ zone KEY RR(s). If zero, the key can not authorize any update
+ that would effect such RRs. This bit is meaningful for both
+ type A and type B dynamic secure zones.
+
+
+
+
+ Eastlake Standards Track [Page 6]
+
+ RFC 2137 SDNSDU April 1997
+
+
+ NOTE: do not confuse the "zone" signatory field bit with the
+ "zone" key type bit.
+
+ Bit 1, strong update - If nonzero, this key is authorized to add and
+ delete RRs even if there are other RRs with the same owner name
+ and class that are authenticated by a SIG signed with a
+ different dynamic update KEY. If zero, the key can only
+ authorize updates where any existing RRs of the same owner and
+ class are authenticated by a SIG using the same key. This bit
+ is meaningful only for type A dynamic zones and is ignored in
+ type B dynamic zones.
+
+ Keeping this bit zero on multiple KEY RRs with the same or
+ nested wild card owner names permits multiple entities to exist
+ that can create and delete names but can not effect RRs with
+ different owner names from any they created. In effect, this
+ creates two levels of dynamic update key, strong and weak, where
+ weak keys are limited in interfering with each other but a
+ strong key can interfere with any weak keys or other strong
+ keys.
+
+ Bit 2, unique name update - If nonzero, this key is authorized to add
+ and update RRs for only a single owner name. If there already
+ exist RRs with one or more names signed by this key, they may be
+ updated but no new name created until the number of existing
+ names is reduced to zero. This bit is meaningful only for mode
+ A dynamic zones and is ignored in mode B dynamic zones. This bit
+ is meaningful only if the owner name is a wildcard. (Any
+ dynamic update KEY with a non-wildcard name is, in effect, a
+ unique name update key.)
+
+ This bit can be used to restrict a KEY from flooding a zone with
+ new names. In conjunction with a local administratively imposed
+ limit on the number of dynamic RRs with a particular name, it
+ can completely restrict a KEY from flooding a zone with RRs.
+
+ Bit 3, general update - The general update signatory field bit has no
+ special meaning. If the other three bits are all zero, it must
+ be one so that the field is non-zero to designate that the key
+ is an update key. The meaning of all values of the signatory
+ field with the general bit and one or more other signatory field
+ bits on is reserved.
+
+ All the signatory bit update authorizations described above only
+ apply if the update is within the name and class scope as per
+ sections 3.1.1 and 3.1.2.
+
+
+
+
+
+ Eastlake Standards Track [Page 7]
+
+ RFC 2137 SDNSDU April 1997
+
+
+ 3.2 Zone Keys and Update Modes
+
+ Zone type keys are automatically authorized to sign anything in their
+ zone, of course, regardless of the value of their signatory field.
+ For zone keys, the signatory field bits have different means than
+ they they do for update keys, as shown below. The signatory field
+ MUST be zero if dynamic update is not supported for a zone and MUST
+ be non-zero if it is.
+
+ ZONE KEY RR SIGNATORY FIELD BITS
+
+ 0 1 2 3
+ +-----------+-----------+-----------+-----------+
+ | mode | strong | unique | general |
+ +-----------+-----------+-----------+-----------+
+
+ Bit 0, mode - This bit indicates the update mode for this zone. Zero
+ indicates mode A while a one indicates mode B.
+
+ Bit 1, strong update - If nonzero, this indicates that the "strong"
+ key feature described in section 3.1.3 above is implemented and
+ enabled for this secure zone. If zero, the feature is not
+ available. Has no effect if the zone is a mode B secure update
+ zone.
+
+ Bit 2, unique name update - If nonzero, this indicates that the
+ "unique name" feature described in section 3.1.3 above is
+ implemented and enabled for this secure zone. If zero, this
+ feature is not available. Has no effect if the zone is a mode B
+ secure update zone.
+
+ Bit 3, general - This bit has no special meeting. If dynamic update
+ for a zone is supported and the other bits in the zone key
+ signatory field are zero, it must be a one. The meaning of zone
+ keys where the signatory field has the general bit and one or
+ more other bits on is reserved.
+
+ If there are multiple dynamic update KEY RRs for a zone and zone
+ policy is in transition, they might have different non-zero signatory
+ fields. In that case, strong and unique name restrictions must be
+ enforced as long as there is a non-expired zone key being advertised
+ that indicates mode A with the strong or unique name bit on
+ respectively. Mode B updates MUST be supported as long as there is a
+ non-expired zone key that indicates mode B. Mode A updates may be
+ treated as mode B updates at server option if non-expired zone keys
+ indicate that both are supported.
+
+
+
+
+
+ Eastlake Standards Track [Page 8]
+
+ RFC 2137 SDNSDU April 1997
+
+
+ A server that will be executing update operations on a zone, that is,
+ the primary master server, MUST not advertize a zone key that will
+ attract requests for a mode or features that it can not support.
+
+ 3.3 Wildcard Key Punch Through
+
+ Just as a zone key is valid throughout the entire zone, update keys
+ with wildcard names are valid throughout their extended scope, within
+ the zone. That is, they remain valid for any name that would match
+ them, even existing specific names within their apparent scope.
+
+ If this were not so, then whenever a name within a wildcard scope was
+ created by dynamic update, it would be necessary to first create a
+ copy of the KEY RR with this name, because otherwise the existence of
+ the more specific name would hide the authorizing KEY RR and would
+ make later updates impossible. An updater could create such a KEY RR
+ but could not zone sign it with their authorizing signer. They would
+ have to sign it with the same key using the wildcard name as signer.
+ Thus in creating, for example, one hundred type A RRs authorized by a
+ *.1.1.1.in-addr.arpa. KEY RR, without key punch through 100 As, 100
+ KEYs, and 200 SIGs would have to be created as opposed to merely 100
+ As and 100 SIGs with key punch through.
+
+ 4. Update Signatures
+
+ Two kinds of signatures can appear in updates. Request signatures,
+ which are always required, cover the entire request and authenticate
+ the DNS header, including opcode, counts, etc., as well as the data.
+ Data signatures, on the other hand, appear only among the RRs to be
+ added and are only required for mode A operation. These two types of
+ signatures are described further below.
+
+ 4.1 Update Request Signatures
+
+ An update can effect multiple owner names in a zone. It may be that
+ these different names are covered by different dynamic update keys.
+ For every owner name effected, the updater must know a private key
+ valid for that name (and the zone's class) and must prove this by
+ appending request SIG RRs under each such key.
+
+ As specified in RFC 2065, a request signature is a SIG RR occurring
+ at the end of a request with a type covered field of zero. For an
+ update, request signatures occur in the Additional information
+ section. Each request SIG signs the entire request, including DNS
+ header, but excluding any other request SIG(s) and with the ARCOUNT
+ in the DNS header set to what it wold be without the request SIGs.
+
+
+
+
+
+ Eastlake Standards Track [Page 9]
+
+ RFC 2137 SDNSDU April 1997
+
+
+ 4.2 Update Data Signatures
+
+ Mode A dynamic secure zones require that the update requester provide
+ SIG RRs that will authenticate the after update state of all RR sets
+ that are changed by the update and are non-empty after the update.
+ These SIG RRs appear in the request as RRs to be added and the
+ request must delete any previous data SIG RRs that are invalidated by
+ the request.
+
+ In Mode B dynamic secure zones, all zone data is authenticated by
+ zone key SIG RRs. In this case, data signatures need not be included
+ with the update. A resolver can determine which mode an updatable
+ secure zone is using by examining the signatory field bits of the
+ zone KEY RR (see section 3.2).
+
+ 5. Security Considerations
+
+ Any zone permitting dynamic updates is inherently less secure than a
+ static secure zone maintained off line as recommended in RFC 2065. If
+ nothing else, secure dynamic update requires on line change to and
+ re-signing of the zone SOA resource record (RR) to increase the SOA
+ serial number. This means that compromise of the primary server host
+ could lead to arbitrary serial number changes.
+
+ Isolation of dynamic RRs to separate zones from those holding most
+ static RRs can limit the damage that could occur from breach of a
+ dynamic zone's security.
+
+ References
+
+ [RFC2065] Eastlake, D., and C. Kaufman, "Domain Name System Security
+ Extensions", RFC 2065, CyberCash, Iris, January 1997.
+
+ [RFC2136] Vixie, P., Editor, Thomson, T., Rekhter, Y., and J. Bound,
+ "Dynamic Updates in the Domain Name System (DNS UPDATE)", RFC 2136,
+ April 1997.
+
+ [RFC1035] Mockapetris, P., "Domain Names - Implementation and
+ Specifications", STD 13, RFC 1035, November 1987.
+
+ [RFC1034] Mockapetris, P., "Domain Names - Concepts and Facilities",
+ STD 13, RFC 1034, November 1987.
+
+
+
+
+
+
+
+
+
+ Eastlake Standards Track [Page 10]
+
+ RFC 2137 SDNSDU April 1997
+
+
+ Author's Address
+
+ Donald E. Eastlake, 3rd
+ CyberCash, Inc.
+ 318 Acton Street
+ Carlisle, MA 01741 USA
+
+ Phone: +1 508-287-4877
+ +1 508-371-7148 (fax)
+ +1 703-620-4200 (main office, Reston, Virginia, USA)
+ EMail: dee@cybercash.com
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Eastlake Standards Track [Page 11]
+
Index: bind/src/CHANGES
diff -c bind/src/CHANGES:8.9 bind/src/CHANGES:8.10
*** bind/src/CHANGES:8.9 Mon Apr 28 12:16:19 1997
--- bind/src/CHANGES Wed Apr 30 15:38:10 1997
***************
*** 1,4 ****
--- 1,18 ----
+ --- 8.1-T5B released ---
+
+ 182. [bug] fix the way bindname is allocated in hesiod_to_bind().
+
+ 181. [bug] MAXHOSTNAMELEN wasn't defined on Solaris.
+
+ 180. [bug] a check for zptr != NULL in res_update was wrong. It
+ should have been zptr == NULL.
+
+ 179. [bug] sq_remove() and sq_done() were calling ns_freexfr()
+ when any stream was removed, resulting in a panic
+ when the server was reloaded. ns_freexfr() is now
+ only called when a zone transfer stream is removed.
+
--- 8.1-T4B released ---
178. [bug] if the server was reloaded and then a zone was
Index: bind/src/README
diff -c bind/src/README:8.14 bind/src/README:8.15
*** bind/src/README:8.14 Fri Apr 25 22:59:02 1997
--- bind/src/README Wed Apr 30 15:38:10 1997
***************
*** 1,4 ****
! This is the source portion of BIND version 8.1-T4B. Its companions are
"doc" and "contrib" so you are probably not missing anything.
BIND 8 Features
--- 1,4 ----
! This is the source portion of BIND version 8.1-T5B. Its companions are
"doc" and "contrib" so you are probably not missing anything.
BIND 8 Features
Index: bind/src/Version
diff -c bind/src/Version:8.5 bind/src/Version:8.6
*** bind/src/Version:8.5 Thu Apr 24 18:31:39 1997
--- bind/src/Version Wed Apr 30 15:38:11 1997
***************
*** 1 ****
! 8.1-T4B
--- 1 ----
! 8.1-T5B
Index: bind/src/bin/named/ns_defs.h
diff -c bind/src/bin/named/ns_defs.h:8.30 bind/src/bin/named/ns_defs.h:8.31
*** bind/src/bin/named/ns_defs.h:8.30 Thu Apr 24 16:02:27 1997
--- bind/src/bin/named/ns_defs.h Wed Apr 30 15:40:21 1997
***************
*** 1,6 ****
/*
* from ns.h 4.33 (Berkeley) 8/23/90
! * $Id: ns_defs.h,v 8.30 1997/04/24 23:02:27 vixie Exp $
*/
/*
--- 1,6 ----
/*
* from ns.h 4.33 (Berkeley) 8/23/90
! * $Id: ns_defs.h,v 8.31 1997/04/30 22:40:21 halley Exp $
*/
/*
***************
*** 456,461 ****
--- 456,462 ----
#define STREAM_READ_EV 0x04
#define STREAM_CONNECT_EV 0x08
#define STREAM_DONE_CLOSE 0x10
+ #define STREAM_AXFR 0x20
struct netinfo {
struct netinfo *next;
Index: bind/src/bin/named/ns_main.c
diff -c bind/src/bin/named/ns_main.c:8.49 bind/src/bin/named/ns_main.c:8.50
*** bind/src/bin/named/ns_main.c:8.49 Thu Apr 24 18:31:45 1997
--- bind/src/bin/named/ns_main.c Wed Apr 30 15:40:22 1997
***************
*** 1,6 ****
#if !defined(lint) && !defined(SABER)
static char sccsid[] = "@(#)ns_main.c 4.55 (Berkeley) 7/1/91";
! static char rcsid[] = "$Id: ns_main.c,v 8.49 1997/04/25 01:31:45 vixie Exp $";
#endif /* not lint */
/*
--- 1,6 ----
#if !defined(lint) && !defined(SABER)
static char sccsid[] = "@(#)ns_main.c 4.55 (Berkeley) 7/1/91";
! static char rcsid[] = "$Id: ns_main.c,v 8.50 1997/04/30 22:40:22 halley Exp $";
#endif /* not lint */
/*
***************
*** 1291,1297 ****
INSIST_ERR(evDeselectFD(ev, qp->evID_w) != -1);
if (qp->flags & STREAM_CONNECT_EV)
INSIST_ERR(evCancelConn(ev, qp->evID_c) != -1);
! ns_freexfr(qp);
(void) close(qp->s_rfd);
if (qp == streamq)
streamq = qp->s_next;
--- 1291,1298 ----
INSIST_ERR(evDeselectFD(ev, qp->evID_w) != -1);
if (qp->flags & STREAM_CONNECT_EV)
INSIST_ERR(evCancelConn(ev, qp->evID_c) != -1);
! if (qp->flags & STREAM_AXFR)
! ns_freexfr(qp);
(void) close(qp->s_rfd);
if (qp == streamq)
streamq = qp->s_next;
***************
*** 1510,1516 ****
free(sp->s_wbuf);
sp->s_wbuf = NULL;
}
! ns_freexfr(sp);
sp->s_refcnt = 0;
sp->s_time = tt.tv_sec;
if (sp->flags & STREAM_DONE_CLOSE) {
--- 1511,1518 ----
free(sp->s_wbuf);
sp->s_wbuf = NULL;
}
! if (sp->flags & STREAM_AXFR)
! ns_freexfr(sp);
sp->s_refcnt = 0;
sp->s_time = tt.tv_sec;
if (sp->flags & STREAM_DONE_CLOSE) {
Index: bind/src/bin/named/ns_xfr.c
diff -c bind/src/bin/named/ns_xfr.c:8.16 bind/src/bin/named/ns_xfr.c:8.17
*** bind/src/bin/named/ns_xfr.c:8.16 Thu Apr 24 16:58:51 1997
--- bind/src/bin/named/ns_xfr.c Wed Apr 30 15:40:22 1997
***************
*** 1,5 ****
#if !defined(lint) && !defined(SABER)
! static char rcsid[] = "$Id: ns_xfr.c,v 8.16 1997/04/24 23:58:51 vixie Exp $";
#endif /* not lint */
/*
--- 1,5 ----
#if !defined(lint) && !defined(SABER)
! static char rcsid[] = "$Id: ns_xfr.c,v 8.17 1997/04/30 22:40:22 halley Exp $";
#endif /* not lint */
/*
***************
*** 103,108 ****
--- 103,109 ----
(char *)&sndlowat, sizeof sndlowat);
#endif
zones[zone].z_numxfrs++;
+ qsp->flags |= STREAM_AXFR;
if (sq_openw(qsp, 64*1024) == -1)
goto abort;
memset(&qsp->xfr, 0, sizeof qsp->xfr);
***************
*** 165,170 ****
--- 166,172 ----
while (qsp->xfr.lev)
qsp->xfr.lev = sx_freelev(qsp->xfr.lev);
zones[qsp->xfr.zone].z_numxfrs--;
+ qsp->flags &= ~STREAM_AXFR;
}
/* u_char *
Index: bind/src/lib/irs/hesiod.c
diff -c bind/src/lib/irs/hesiod.c:1.13 bind/src/lib/irs/hesiod.c:1.14
*** bind/src/lib/irs/hesiod.c:1.13 Thu Apr 24 15:34:14 1997
--- bind/src/lib/irs/hesiod.c Wed Apr 30 15:39:02 1997
***************
*** 1,5 ****
#if defined(LIBC_SCCS) && !defined(lint)
! static const char rcsid[] = "$Id: hesiod.c,v 1.13 1997/04/24 22:34:14 vixie Exp $";
#endif
/*
--- 1,5 ----
#if defined(LIBC_SCCS) && !defined(lint)
! static const char rcsid[] = "$Id: hesiod.c,v 1.14 1997/04/30 22:39:02 halley Exp $";
#endif
/*
***************
*** 164,187 ****
char *
hesiod_to_bind(void *context, const char *name, const char *type) {
struct hesiod_p *ctx = (struct hesiod_p *) context;
! char bindname[MAXDNAME], *cp, *ret;
char **rhs_list = NULL;
! const char *RHS;
!
! strcpy(bindname, name);
! if ((cp = strchr(bindname, '@')) != NULL) {
! *cp++ = '\0';
! if (strchr(cp, '.'))
! RHS = name + (cp - bindname);
! else if (NULL != (rhs_list = hesiod_resolve(context, cp,
! "rhs-extension")))
RHS = *rhs_list;
else {
errno = ENOENT;
return (NULL);
}
! } else
RHS = ctx->RHS;
strcat(bindname, ".");
strcat(bindname, type);
if (ctx->LHS) {
--- 164,204 ----
char *
hesiod_to_bind(void *context, const char *name, const char *type) {
struct hesiod_p *ctx = (struct hesiod_p *) context;
! char *bindname;
char **rhs_list = NULL;
! const char *RHS, *cp;
!
! /* Decide what our RHS is, and set cp to the end of the actual name. */
! if ((cp = strchr(name, '@')) != NULL) {
! if (strchr(cp + 1, '.'))
! RHS = cp + 1;
! else if ((rhs_list = hesiod_resolve(context, cp + 1,
! "rhs-extension")) != NULL)
RHS = *rhs_list;
else {
errno = ENOENT;
return (NULL);
}
! } else {
RHS = ctx->RHS;
+ cp = name + strlen(name);
+ }
+
+ /*
+ * Allocate the space we need, including up to three periods and
+ * the terminating NUL.
+ */
+ if ((bindname = malloc((cp - name) + strlen(type) + strlen(RHS) +
+ (ctx->LHS ? strlen(ctx->LHS) : 0) + 4)) == NULL) {
+ errno = ENOMEM;
+ if (rhs_list)
+ hesiod_free_list(context, rhs_list);
+ return NULL;
+ }
+
+ /* Now put together the DNS name. */
+ memcpy(bindname, name, cp - name);
+ bindname[cp - name] = '\0';
strcat(bindname, ".");
strcat(bindname, type);
if (ctx->LHS) {
***************
*** 190,206 ****
strcat(bindname, ctx->LHS);
}
if (RHS[0] != '.')
! strcat(bindname,".");
strcat(bindname, RHS);
if (rhs_list)
hesiod_free_list(context, rhs_list);
! ret = malloc(strlen(bindname) + 1);
! if (!ret) {
! errno = ENOMEM;
! return (NULL);
! }
! strcpy(ret, bindname);
! return (ret);
}
/*
--- 207,219 ----
strcat(bindname, ctx->LHS);
}
if (RHS[0] != '.')
! strcat(bindname, ".");
strcat(bindname, RHS);
+
if (rhs_list)
hesiod_free_list(context, rhs_list);
!
! return (bindname);
}
/*
Index: bind/src/lib/resolv/res_update.c
diff -c bind/src/lib/resolv/res_update.c:1.10 bind/src/lib/resolv/res_update.c:1.11
*** bind/src/lib/resolv/res_update.c:1.10 Fri Apr 25 21:01:35 1997
--- bind/src/lib/resolv/res_update.c Wed Apr 30 15:39:33 1997
***************
*** 1,5 ****
#if !defined(lint) && !defined(SABER)
! static char rcsid[] = "$Id: res_update.c,v 1.10 1997/04/26 04:01:35 vixie Exp $";
#endif /* not lint */
/*
--- 1,5 ----
#if !defined(lint) && !defined(SABER)
! static char rcsid[] = "$Id: res_update.c,v 1.11 1997/04/30 22:39:33 halley Exp $";
#endif /* not lint */
/*
***************
*** 320,326 ****
if (strcasecmp(zname, zptr->z_origin) == 0)
break;
}
! if (zptr != NULL)
/* should not happen */
return (-1);
if (nscount > 0) {
--- 320,326 ----
if (strcasecmp(zname, zptr->z_origin) == 0)
break;
}
! if (zptr == NULL)
/* should not happen */
return (-1);
if (nscount > 0) {
Index: bind/src/port/solaris/include/port_after.h
diff -c bind/src/port/solaris/include/port_after.h:1.5 bind/src/port/solaris/include/port_after.h:1.6
*** bind/src/port/solaris/include/port_after.h:1.5 Mon Feb 10 15:04:20 1997
--- bind/src/port/solaris/include/port_after.h Wed Apr 30 15:41:40 1997
***************
*** 50,52 ****
--- 50,60 ----
#define NEED_DAEMON
int daemon(int nochdir, int noclose);
+
+ /*
+ * Solaris defines this in <netdb.h> instead of in <sys/param.h>. We don't
+ * define it in our <netdb.h>, so we define it here.
+ */
+ #ifndef MAXHOSTNAMELEN
+ #define MAXHOSTNAMELEN 256
+ #endif