home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Halting the Hacker - A P…uide to Computer Security
/
Halting the Hacker - A Practical Guide to Computer Security.iso
/
rfc
/
rfc1637.txt
< prev
next >
Wrap
Text File
|
1997-04-01
|
22KB
|
620 lines
Network Working Group B. Manning
Request for Comments: 1637 Rice University
Obsoletes: 1348 R. Colella
Category: Experimental NIST
June 1994
DNS NSAP Resource Records
Status of this Memo
This memo defines an Experimental Protocol for the Internet
community. This memo does not specify an Internet standard of any
kind. Discussion and suggestions for improvement are requested.
Distribution of this memo is unlimited.
Abstract
The Internet is moving towards the deployment of an OSI lower layers
infrastructure. This infrastructure comprises the connectionless
network protocol (CLNP) and supporting routing protocols. Also
required as part of this infrastructure is support in the Domain Name
System (DNS) for mapping between names and NSAP addresses.
This document defines the format of one new Resource Record (RR) for
the DNS for domain name-to-NSAP mapping. The RR may be used with any
NSAP address format. This document supercedes RFC 1348.
NSAP-to-name translation is accomplished through use of the PTR RR
(see STD 13, RFC 1035 for a description of the PTR RR). This paper
describes how PTR RRs are used to support this translation.
Manning & Colella [Page 1]
RFC 1637 DNS NSAP RRs June 1994
1. Introduction
The Internet is moving towards the deployment of an OSI lower layers
infrastructure. This infrastructure comprises the connectionless
network protocol (CLNP) [6] and supporting routing protocols. Also
required as part of this infrastructure is support in the Domain Name
System (DNS) [8] [9] for mapping between domain names and OSI Network
Service Access Point (NSAP) addresses [7] [Note: NSAP and NSAP
address are used interchangeably throughout this memo].
This document defines the format of one new Resource Record (RR) for
the DNS for domain name-to-NSAP mapping. The RR may be used with any
NSAP address format.
NSAP-to-name translation is accomplished through use of the PTR RR
(see RFC 1035 for a description of the PTR RR). This paper describes
how PTR RRs are used to support this translation.
This memo assumes that the reader is familiar with the DNS. Some
familiarity with NSAPs is useful; see [2] or [7] for additional
information.
2. Background
The reason for defining DNS mappings for NSAPs is to support CLNP in
the Internet. Debugging with CLNP ping and traceroute is becoming
more difficult with only numeric NSAPs as the scale of deployment
increases. Current debugging is supported by maintaining and
exchanging a configuration file with name/NSAP mappings similar in
function to hosts.txt. This suffers from the lack of a central
coordinator for this file and also from the perspective of scaling.
The former is the most serious short-term problem. Scaling of a
hosts.txt-like solution has well-known long-term scaling
difficiencies.
A second reason for this work is the proposal to use CLNP as an
alternative to IP: "TCP and UDP with Bigger Addresses (TUBA), A
Simple Proposal for Internet Addressing and Routing" [1]. For this to
be practical, the DNS must be capable of supporting CLNP addresses.
3. Scope
The methods defined in this paper are applicable to all NSAP formats.
This includes support for the notion of a custom-defined NSAP format
based on an AFI obtained by the IAB for use in the Internet.
As a point of reference, there is a distinction between registration
and publication of addresses. For IP addresses, the IANA is the root
Manning & Colella [Page 2]
RFC 1637 DNS NSAP RRs June 1994
registration authority and the DNS a publication method. For NSAPs,
addendum two of the network service definition, ISO8348/Ad2 [7] is
the root registration authority and this memo defines how the DNS is
used as a publication method.
4. Structure of NSAPs
NSAPs are hierarchically structured to allow distributed
administration and efficient routing. Distributed administration
permits subdelegated addressing authorities to, as allowed by the
delegator, further structure the portion of the NSAP space under
their delegated control. Accomodating this distributed authority
requires that there be little or no a priori knowledge of the
structure of NSAPs built into DNS resolvers and servers.
For the purposes of this memo, NSAPs can be thought of as a tree of
identifiers. The root of the tree is ISO8348/Ad2 [7], and has as its
immediately registered subordinates the one-octet Authority and
Format Identifiers (AFIs) defined there. The size of subsequently-
defined fields depends on which branch of the tree is taken. The
depth of the tree varies according to the authority responsible for
defining subsequent fields.
An example is the authority under which U.S. GOSIP defines NSAPs [3].
Under the AFI of 47, NIST (National Institute of Standards and
Technology) obtained a value of 0005 (the AFI of 47 defines the next
field as being two octets consisting of four BCD digits from the
International Code Designator space [4]). NIST defined the subsequent
fields in [3], as shown in Figure 1. The field immediately following
0005 is a format identifier for the rest of the U.S. GOSIP NSAP
structure, with a hex value of 80. Following this is the three-octet
field, values for which are allocated to network operators; the
registration authority for this field is delegated to GSA (General
Services Administration).
The last octet of the NSAP is the NSelector (NSel). In practice, the
NSAP minus the NSel identifies the CLNP protocol machine on a given
system, and the NSel identifies the CLNP user. Since there can be
more than one CLNP user (meaning multiple NSel values for a given
"base" NSAP), the representation of the NSAP should be CLNP-user
independent. To achieve this, an NSel value of zero shall be used
with all NSAP values stored in the DNS. An NSAP with NSel=0
identifies the network layer itself. It is left to the application
retrieving the NSAP to determine the appropriate value to use in that
instance of communication.
Manning & Colella [Page 3]
RFC 1637 DNS NSAP RRs June 1994
|--------------|
| <-- IDP --> |
|--------------|-------------------------------------|
| AFI | IDI | <-- DSP --> |
|-----|--------|-------------------------------------|
| 47 | 0005 | DFI | AA |Rsvd | RD |Area | ID |Sel |
|-----|--------|-----|----|-----|----|-----|----|----|
octets | 1 | 2 | 1 | 3 | 2 | 2 | 2 | 6 | 1 |
|-----|--------|-----|----|-----|----|-----|----|----|
IDP Initial Domain Part
AFI Authority and Format Identifier
IDI Initial Domain Identifier
DSP Domain Specific Part
DFI DSP Format Identifier
AA Administrative Authority
Rsvd Reserved
RD Routing Domain Identifier
Area Area Identifier
ID System Identifier
SEL NSAP Selector
Figure 1: GOSIP Version 2 NSAP structure.
When CLNP is used to support TCP and UDP services, the NSel value
used is the appropriate IP PROTO value as registered with the IANA.
For "standard" OSI, the selection of NSel values is left as a matter
of local administration. Administrators of systems that support the
OSI transport protocol [5] in addition to TCP/UDP must select NSels
for use by OSI Transport that do not conflict with the IP PROTO
values.
In the NSAP RRs in Master Files and in the printed text in this memo,
NSAPs are often represented as a string of "."-separated hex values.
The values correspond to convenient divisions of the NSAP to make it
more readable. For example, the "."-separated fields might correspond
to the NSAP fields as defined by the appropriate authority (ISOC,
RARE, U.S. GOSIP, ANSI, etc.). The use of this notation is strictly
for readability. The "."s do not appear in DNS packets and DNS
servers can ignore them when reading Master Files. For example, a
printable representation of the first four fields of a U.S. GOSIP
NSAP might look like
47.0005.80.005a00
Manning & Colella [Page 4]
RFC 1637 DNS NSAP RRs June 1994
and a full U.S. GOSIP NSAP might appear as
47.0005.80.005a00.0000.1000.0020.00800a123456.00.
Other NSAP formats have different lengths and different
administratively defined field widths to accomodate different
requirements. For more information on NSAP formats in use see RFC
1629 [2].
5. The NSAP RR
The NSAP RR is defined with mnemonic "NSAP" and TYPE code 22
(decimal) and is used to map from domain names to NSAPs. Name-to-NSAP
mapping in the DNS using the NSAP RR operates analogously to IP
address lookup. A query is generated by the resolver requesting an
NSAP RR for a provided domain name.
NSAP RRs conform to the top level RR format and semantics as defined
in Section 3.2.1 of RFC 1035.
1 1 1 1 1 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| |
/ /
/ NAME /
| |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| TYPE = NSAP |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| CLASS = IN |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| TTL |
| |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| RDLENGTH |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
/ RDATA /
/ /
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
where:
* NAME: an owner name, i.e., the name of the node to which this
resource record pertains.
* TYPE: two octets containing the NSAP RR TYPE code of 22 (decimal).
Manning & Colella [Page 5]
RFC 1637 DNS NSAP RRs June 1994
* CLASS: two octets containing the RR IN CLASS code of 1.
* TTL: a 32 bit signed integer that specifies the time interval in
seconds that the resource record may be cached before the source
of the information should again be consulted. Zero values are
interpreted to mean that the RR can only be used for the
transaction in progress, and should not be cached. For example,
SOA records are always distributed with a zero TTL to prohibit
caching. Zero values can also be used for extremely volatile data.
* RDLENGTH: an unsigned 16 bit integer that specifies the length in
octets of the RDATA field.
* RDATA: a variable length string of octets containing the NSAP.
The value is the binary encoding of the NSAP as it would appear in
the CLNP source or destination address field. A typical example of
such an NSAP (in hex) is shown below. For this NSAP, RDLENGTH is
20 (decimal); "."s have been omitted to emphasize that they don't
appear in the DNS packets.
39840f80005a0000000001e13708002010726e00
5.1 Additional Section Processing
[The specification in this section is necessary for completeness in
describing name server support for TUBA. For the time being, name
servers participating in TUBA demonstrations MAY ELECT to implement
this behavior; it SHOULD NOT be the default behavior of name servers
because the IPng sweepstakes are still outstanding and further
consideration is required for truncation and other issues.]
RFC 1035 describes the additional section processing (ASP) required
when servers encounter NS records during query processing. From
Section 3.3.11, "NS RDATA format":
NS records cause both the usual additional section processing to
locate a type A record, and, when used in a referral, a special
search of the zone in which they reside for glue information.
For TUBA, identical ASP is required on type NSAP records to support
servers and resolvers that use CLNP, either because of preference or
because it is the only internetworking protocol available (i.e., in
the absense of IPv4). Thus, NS records cause ASP which locates a type
NSAP record in addition to a type A record. Both type A and NSAP
records should be returned, if available.
Manning & Colella [Page 6]
RFC 1637 DNS NSAP RRs June 1994
6. NSAP-to-name Mapping Using the PTR RR
The PTR RR is defined in RFC 1035. This RR is typically used under
the "IN-ADDR.ARPA" domain to map from IPv4 addresses to domain names.
Similarly, the PTR RR is used to map from NSAPs to domain names under
the "NSAP.INT" domain. A domain name is generated from the NSAP
according to the rules described below. A query is sent by the
resolver requesting a PTR RR for the provided domain name.
A domain name is generated from an NSAP by reversing the hex nibbles
of the NSAP, treating each nibble as a separate subdomain, and
appending the top-level subdomain name "NSAP.INT" to it. For example,
the domain name used in the reverse lookup for the NSAP
47.0005.80.005a00.0000.0001.e133.ffffff000162.00
would appear as
0.0.2.6.1.0.0.0.f.f.f.f.f.f.3.3.1.e.1.0.0.0.0.0.0.0.0.0.a.5.0.0. \
0.8.5.0.0.0.7.4.NSAP.INT.
[Implementation note: For sanity's sake user interfaces should be
designed to allow users to enter NSAPs using their natural order,
i.e., as they are typically written on paper. Also, arbitrary "."s
should be allowed (and ignored) on input.]
7. Master File Format
The format of NSAP RRs (and NSAP-related PTR RRs) in Master Files
conforms to Section 5, "Master Files," of RFC 1035. Below are
examples of the use of these RRs in Master Files to support name-to-
NSAP and NSAP-to-name mapping.
The NSAP RR introduces a new hex string format for the RDATA field.
The format is "0x" (i.e., a zero followed by an 'x' character)
followed by a variable length string of hex characters (0 to 9, a to
f). The hex string is case-insensitive. "."s (i.e., periods) may be
inserted in the hex string anywhere after the "0x" for readability.
The "."s have no significance other than for readability and are not
propagated in the protocol (e.g., queries or zone transfers).
Manning & Colella [Page 7]
RFC 1637 DNS NSAP RRs June 1994
;;;;;;
;;;;;; Master File for domain nsap.nist.gov.
;;;;;;
@ IN SOA emu.ncsl.nist.gov. root.emu.ncsl.nist.gov. (
1994041800 ; Serial - date
1800 ; Refresh - 30 minutes
300 ; Retry - 5 minutes
604800 ; Expire - 7 days
3600 ) ; Minimum - 1 hour
IN NS emu.ncsl.nist.gov.
IN NS tuba.nsap.lanl.gov.
;
;
$ORIGIN nsap.nist.gov.
;
; hosts
;
bsdi1 IN NSAP 0x47.0005.80.005a00.0000.0001.e133.ffffff000161.00
IN A 129.6.224.161
IN HINFO PC_486 BSDi1.1(TUBA)
;
bsdi2 IN NSAP 0x47.0005.80.005a00.0000.0001.e133.ffffff000162.00
IN A 129.6.224.162
IN HINFO PC_486 BSDi1.1(TUBA)
;
cursive IN NSAP 0x47.0005.80.005a00.0000.0001.e133.ffffff000171.00
IN A 129.6.224.171
IN HINFO PC_386 DOS_5.0/NCSA_Telnet(TUBA)
;
infidel IN NSAP 0x47.0005.80.005a00.0000.0001.e133.ffffff000164.00
IN A 129.6.55.164
IN HINFO PC/486 BSDi1.0(TUBA)
;
; routers
;
cisco1 IN NSAP 0x47.0005.80.005a00.0000.0001.e133.aaaaaa000151.00
IN A 129.6.224.151
IN A 129.6.225.151
IN A 129.6.229.151
;
3com1 IN NSAP 0x47.0005.80.005a00.0000.0001.e133.aaaaaa000111.00
IN A 129.6.224.111
IN A 129.6.225.111
IN A 129.6.228.111
Manning & Colella [Page 8]
RFC 1637 DNS NSAP RRs June 1994
;;;;;;
;;;;;; Master File for reverse mapping of NSAPs under the
;;;;;; NSAP prefix:
;;;;;;
;;;;;; 47.0005.80.005a00.0000.0001.e133
;;;;;;
@ IN SOA emu.ncsl.nist.gov. root.emu.ncsl.nist.gov. (
1994041800 ; Serial - date
1800 ; Refresh - 30 minutes
300 ; Retry - 5 minutes
604800 ; Expire - 7 days
3600 ) ; Minimum - 1 hour
IN NS emu.ncsl.nist.gov.
IN NS tuba.nsap.lanl.gov.
;
;
$ORIGIN 3.3.1.e.1.0.0.0.0.0.0.0.0.0.a.5.0.0.0.8.5.0.0.0.7.4.NSAP.INT.
;
0.0.1.6.1.0.0.0.f.f.f.f.f.f IN PTR bsdi1.nsap.nist.gov.
;
0.0.2.6.1.0.0.0.f.f.f.f.f.f IN PTR bsdi2.nsap.nist.gov.
;
0.0.1.7.1.0.0.0.f.f.f.f.f.f IN PTR cursive.nsap.nist.gov.
;
0.0.4.6.1.0.0.0.f.f.f.f.f.f IN PTR infidel.nsap.nist.gov.
;
0.0.1.5.1.0.0.0.a.a.a.a.a.a IN PTR cisco1.nsap.nist.gov.
;
0.0.1.1.1.0.0.0.a.a.a.a.a.a IN PTR 3com1.nsap.nist.gov.
8. Security Considerations
Security issues are not discussed in this memo.
Manning & Colella [Page 9]
RFC 1637 DNS NSAP RRs June 1994
9. Authors' Addresses
Bill Manning
Rice University -- ONCS
P.O. Box 1892
6100 South Main
Houston, Texas 77251-1892
USA
Phone: +1.713.285.5415
EMail: bmanning@rice.edu
Richard Colella
National Institute of Standards and Technology
Technology/B217
Gaithersburg, MD 20899
USA
Phone: +1 301-975-3627
Fax: +1 301 590-0932
EMail: colella@nist.gov
10. References
[1] Callon R., "TCP and UDP with Bigger Addresses (TUBA), A Simple
Proposal for Internet Addressing and Routing", RFC 1347, DEC,
June 1992.
[2] Colella, R., Gardner, E., Callon, R., and Y. Rekhter, "Guidelines
for OSI NSAP Allocation inh the Internet", RFC 1629, NIST,
Wellfleet, Mitre, T.J. Watson Research Center, IBM Corp., May
1994.
[3] GOSIP Advanced Requirements Group. Government Open Systems
Interconnection Profile (GOSIP) Version 2. Federal Information
Processing Standard 146-1, U.S. Department of Commerce, National
Institute of Standards and Technology, Gaithersburg, MD, April
1991.
[4] ISO/IEC. Data interchange - structures for the identification of
organization. International Standard 6523, ISO/IEC JTC 1,
Switzerland, 1984.
[5] ISO/IEC. Connection oriented transport protocol specification.
International Standard 8073, ISO/IEC JTC 1, Switzerland, 1986.
Manning & Colella [Page 10]
RFC 1637 DNS NSAP RRs June 1994
[6] ISO/IEC. Protocol for Providing the Connectionless-mode Network
Service. International Standard 8473, ISO/IEC JTC 1,
Switzerland, 1986.
[7] ISO/IEC. Information Processing Systems -- Data Communications --
Network Service Definition Addendum 2: Network Layer Addressing.
International Standard 8348/Addendum 2, ISO/IEC JTC 1,
Switzerland, 1988.
[8] Mockapetris, P., "Domain Names -- Concepts and Facilities", STD
13, RFC 1034, USC/Information Sciences Institute, November 1987.
[9] Mockapetris, P., "Domain Names -- Implementation and
Specification", STD 13, RFC 1035, USC/Information Sciences
Institute, November 1987.
Manning & Colella [Page 11]
