draft-josefsson-dns-url-13.txt | draft-josefsson-dns-url.txt | |||
---|---|---|---|---|
Network Working Group S. Josefsson | Network Working Group S. Josefsson | |||
Expires: February 6, 2006 | Expires: February 2, 2006 | |||
Domain Name System Uniform Resource Identifiers | Domain Name System Uniform Resource Identifiers | |||
draft-josefsson-dns-url-13 | draft-josefsson-dns-url-14 | |||
Status of this Memo | Status of this Memo | |||
By submitting this Internet-Draft, each author represents that any | By submitting this Internet-Draft, each author represents that any | |||
applicable patent or other IPR claims of which he or she is aware | applicable patent or other IPR claims of which he or she is aware | |||
have been or will be disclosed, and any of which he or she becomes | have been or will be disclosed, and any of which he or she becomes | |||
aware will be disclosed, in accordance with Section 6 of BCP 79. | aware will be disclosed, in accordance with Section 6 of BCP 79. | |||
Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
skipping to change at page 1, line 33 | skipping to change at page 1, line 33 | |||
and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
The list of current Internet-Drafts can be accessed at | The list of current Internet-Drafts can be accessed at | |||
http://www.ietf.org/ietf/1id-abstracts.txt. | http://www.ietf.org/ietf/1id-abstracts.txt. | |||
The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
http://www.ietf.org/shadow.html. | http://www.ietf.org/shadow.html. | |||
This Internet-Draft will expire on February 6, 2006. | This Internet-Draft will expire on February 2, 2006. | |||
Copyright Notice | Copyright Notice | |||
Copyright (C) The Internet Society (2005). | Copyright (C) The Internet Society (2005). | |||
Abstract | Abstract | |||
This document define Uniform Resource Identifiers for Domain Name | This document defines Uniform Resource Identifiers for Domain Name | |||
System resources. | System resources. | |||
See <http://josefsson.org/dns-url/> for more information. | See <http://josefsson.org/dns-url/> for more information. | |||
Table of Contents | Table of Contents | |||
1. Introduction and Background . . . . . . . . . . . . . . . . . 3 | 1. Introduction and Background . . . . . . . . . . . . . . . . . 3 | |||
2. Usage Model . . . . . . . . . . . . . . . . . . . . . . . . . 4 | 2. Usage Model . . . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
3. DNS URI Registration . . . . . . . . . . . . . . . . . . . . . 5 | 3. DNS URI Registration . . . . . . . . . . . . . . . . . . . . . 5 | |||
4. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 | 4. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 | |||
5. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 9 | 5. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 9 | |||
6. Security Considerations . . . . . . . . . . . . . . . . . . . 9 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . 9 | |||
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 | 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 | |||
8. Copying conditions . . . . . . . . . . . . . . . . . . . . . . 10 | 8. Copying conditions . . . . . . . . . . . . . . . . . . . . . . 10 | |||
9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 10 | 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 10 | |||
9.1 Normative References . . . . . . . . . . . . . . . . . . . 10 | 9.1. Normative References . . . . . . . . . . . . . . . . . . . 10 | |||
9.2 Informative References . . . . . . . . . . . . . . . . . . 10 | 9.2. Informative References . . . . . . . . . . . . . . . . . . 10 | |||
Author's Address . . . . . . . . . . . . . . . . . . . . . . . 11 | Appendix A. Revision Changes . . . . . . . . . . . . . . . . . . 11 | |||
A. Revision Changes . . . . . . . . . . . . . . . . . . . . . . . 11 | A.1. Changes since -06 . . . . . . . . . . . . . . . . . . . . 11 | |||
A.1 Changes since -06 . . . . . . . . . . . . . . . . . . . . 11 | A.2. Changes since -07 . . . . . . . . . . . . . . . . . . . . 11 | |||
A.2 Changes since -07 . . . . . . . . . . . . . . . . . . . . 12 | A.3. Changes since -08 . . . . . . . . . . . . . . . . . . . . 12 | |||
A.3 Changes since -08 . . . . . . . . . . . . . . . . . . . . 12 | A.4. Changes since -09 . . . . . . . . . . . . . . . . . . . . 12 | |||
A.4 Changes since -09 . . . . . . . . . . . . . . . . . . . . 12 | A.5. Changes since -10 . . . . . . . . . . . . . . . . . . . . 12 | |||
A.5 Changes since -10 . . . . . . . . . . . . . . . . . . . . 12 | A.6. Changes since -11 . . . . . . . . . . . . . . . . . . . . 12 | |||
A.6 Changes since -11 . . . . . . . . . . . . . . . . . . . . 12 | A.7. Changes since -12 . . . . . . . . . . . . . . . . . . . . 12 | |||
A.7 Changes since -12 . . . . . . . . . . . . . . . . . . . . 13 | A.8. Changes since -13 . . . . . . . . . . . . . . . . . . . . 12 | |||
Intellectual Property and Copyright Statements . . . . . . . . 14 | Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 13 | |||
Intellectual Property and Copyright Statements . . . . . . . . . . 14 | ||||
1. Introduction and Background | 1. Introduction and Background | |||
The Domain Name System (DNS) [1] [2] is a widely deployed system used | The Domain Name System (DNS) [1] [2] is a widely deployed system used | |||
to, among other things, translate host names into IP addresses. | to, among other things, translate host names into IP addresses. | |||
Several protocols are using Uniform Resource Identifier (URI) to | Several protocols are using Uniform Resource Identifier (URI) to | |||
refer to data. By defining a URI scheme for DNS data, the gap | refer to data. By defining a URI scheme for DNS data, the gap | |||
between these two worlds are bridged. The DNS URI scheme defined | between these two worlds are bridged. The DNS URI scheme defined | |||
here can be used to reference any data stored in the DNS. | here can be used to reference any data stored in the DNS. | |||
Data browsers may support DNS URIs by forming DNS queries and render | Data browsers may support DNS URIs by forming DNS queries and | |||
DNS responses using HTML [14], similar to what is commonly done for | rendering DNS responses using HTML [12], similar to what is commonly | |||
FTP [6] resources. Applications that are Multipurpose Internet Mail | done for FTP [6] resources. Applications that are Multipurpose | |||
Extension (MIME) [7] aware may tag DNS data retrieve using this | Internet Mail Extensions (MIME) [7] aware may tag DNS data retrieved | |||
scheme with the text/dns or application/dns types as specified in | using this scheme with the text/dns or application/dns types as | |||
[18]. | specified in [15]. | |||
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | |||
document are to be interpreted as described in RFC 2119 [3]. | document are to be interpreted as described in RFC 2119 [3]. | |||
2. Usage Model | 2. Usage Model | |||
The reader is referred to section 1 of [5] for an in-depth discussion | The reader is referred to section 1 of [5] for an in-depth discussion | |||
of URI classifications. In particular, the reader is assumed to be | of URI classifications. In particular, the reader is assumed to be | |||
familiar with the "name" vs "locator" distinction. This section | familiar with the disction between "name" and "locator". This | |||
describe how the DNS URI scheme is intended to be used, and outline | section describes how the DNS URI scheme is intended to be used, and | |||
future work that may be required to use URIs with the DNS for some | outlines future work that may be required to use URIs with the DNS | |||
applications. | for some applications. | |||
The URI scheme described in this document focus on the data stored in | The URI scheme described in this document focuses on the data stored | |||
the DNS. As such, there is no provision to specify any of the fields | in the DNS. As such, there is no provision to specify any of the | |||
in the actual DNS protocol. This is intentional, so that the URI may | fields in the actual DNS protocol. This is intentional, so that the | |||
be used even in situations where the DNS protocol is not used | URI may be used even in situations where the DNS protocol is not used | |||
directly. Two examples for this is zone file editors and DNS-related | directly. Two examples for this are zone file editors and DNS- | |||
configuration files, which may use this URI scheme to identify data. | related configuration files, which may use this URI scheme to | |||
The application would not use the DNS protocol to resolve the URIs. | identify data. The application would not use the DNS protocol to | |||
resolve the URIs. | ||||
A limitation of this design is that it do not accommodate all | A limitation of this design is that it does not accommodate all | |||
protocol parameters within the DNS protocol. It is expected that for | protocol parameters within the DNS protocol. It is expected that, | |||
certain applications, a more detailed URI syntax that map more | for certain applications, a more detailed URI syntax that maps more | |||
closely to the DNS protocol may be required. However, such an URI | closely to the DNS protocol may be required. However, such a URI | |||
definition is not included in this document. This document specify a | definition is not included in this document. This document specifies | |||
URI that is primarily intended to name DNS resources, but it can also | a URI that is primarily intended to name DNS resources, but it can | |||
be used to locate said resources for simple (but common) | also be used to locate said resources for simple, yet common, | |||
applications. | applications. | |||
3. DNS URI Registration | 3. DNS URI Registration | |||
The section contain the registration template for the DNS URI scheme | The section contains the registration template for the DNS URI scheme | |||
in accordance with [13]. | in accordance with [11]. | |||
URL scheme name: "dns". | URL scheme name: "dns". | |||
URL scheme syntax: A DNS URI designate a DNS resource record set, | URL scheme syntax: A DNS URI designates a DNS resource record set, | |||
referenced by domain name, class, type and optionally the authority. | referenced by domain name, class, type and, optionally, the | |||
The DNS URI follows the generic syntax from RFC 3986 [5], and is | authority. The DNS URI follows the generic syntax from RFC 3986 [5], | |||
described using ABNF [4]. Strings are not case sensitive and free | and is described using ABNF [4]. Strings are not case-sensitive and | |||
insertion of linear-white-space is not permitted. | free insertion of linear-white-space is not permitted. | |||
dnsurl = "dns:" [ "//" dnsauthority "/" ] | dnsurl = "dns:" [ "//" dnsauthority "/" ] | |||
dnsname ["?" dnsquery] | dnsname ["?" dnsquery] | |||
dnsauthority = host [ ":" port ] | dnsauthority = host [ ":" port ] | |||
; See RFC 3986 for the | ; See RFC 3986 for the | |||
; definition of "host" and "port". | ; definition of "host" and "port". | |||
dnsname = *pchar | dnsname = *pchar | |||
; See RFC 3986 for the | ; See RFC 3986 for the | |||
; definition of "pchar". | ; definition of "pchar". | |||
; The "dnsname" field may be a | ; The "dnsname" field may be a | |||
; "relative" or "absolute" name, | ; "relative" or "absolute" name, | |||
; as per RFC 1034 section 3.1. | ; as per RFC 1034 section 3.1. | |||
; Note further that an empty | ; Note further that an empty | |||
; "dnsname" value is to be | ; "dnsname" value is to be | |||
; interpreted as the root itself. | ; interpreted as the root itself. | |||
; See below on relative dnsname's. | ; See below on relative dnsnames. | |||
dnsquery = dnsqueryelement [";" dnsquery] | dnsquery = dnsqueryelement [";" dnsquery] | |||
dnsqueryelement = ( "CLASS=" dnsclassval ) / ( "TYPE=" dnstypeval ) | dnsqueryelement = ( "CLASS=" dnsclassval ) / ( "TYPE=" dnstypeval ) | |||
; Each clause MUST NOT be used more | ; Each clause MUST NOT be used more | |||
; than once. | ; than once. | |||
dnsclassval = 1*digit / "IN" / "CH" / | dnsclassval = 1*digit / "IN" / "CH" / | |||
<Any IANA registered DNS class mnemonic> | <Any IANA registered DNS class mnemonic> | |||
dnstypeval = 1*digit / "A" / "NS" / "MD" / | dnstypeval = 1*digit / "A" / "NS" / "MD" / | |||
<Any IANA registered DNS type mnemonic> | <Any IANA registered DNS type mnemonic> | |||
Unless specified in the URI, the authority ("dnsauthority") is | Unless specified in the URI, the authority ("dnsauthority") is | |||
assumed to be locally known, the class ("dnsclassval") to be the | assumed to be locally known, the class ("dnsclassval") to be the | |||
Internet class ("IN"), and the type ("dnstypeval") to be the Address | Internet class ("IN"), and the type ("dnstypeval") to be the Address | |||
type ("A"). These default values match the typical use of DNS; to | type ("A"). These default values match the typical use of DNS: to | |||
look up addresses for host names. | look up addresses for host names. | |||
A dnsquery element MUST NOT contain more than one occurance of the | A dnsquery element MUST NOT contain more than one occurrence of the | |||
"CLASS" and "TYPE" fields. For example, both "dns: | "CLASS" and "TYPE" fields. For example, both "dns: | |||
example?TYPE=A;TYPE=TXT" and "dns:example?TYPE=A;TYPE=A" are invalid. | example?TYPE=A;TYPE=TXT" and "dns:example?TYPE=A;TYPE=A" are invalid. | |||
However, the fields may occur in any order, so that both "dns: | However, the fields may occur in any order, so that both "dns: | |||
example?TYPE=A;CLASS=IN" and "dns:example?CLASS=IN;TYPE=A" are valid. | example?TYPE=A;CLASS=IN" and "dns:example?CLASS=IN;TYPE=A" are valid. | |||
The digit representation of types and classes MAY be used when a | The digit representation of types and classes MAY be used when a | |||
mnemonic for the corresponding value is not well known (e.g., for | mnemonic for the corresponding value is not well known (e.g., for | |||
newly introduced types or classes), but SHOULD NOT be used for the | newly introduced types or classes), but SHOULD NOT be used for the | |||
types or classes defined in the DNS specification [2]. All | types or classes defined in the DNS specification [2]. All | |||
implementations MUST recognize the mnemonics defined in [2]. | implementations MUST recognize the mnemonics defined in [2]. | |||
To avoid ambiguity, relative "dnsname" values (i.e., those not ending | To avoid ambiguity, relative "dnsname" values (i.e., those not ending | |||
with ".") are assumed to be relative to the root. For example, "dns: | with ".") are assumed to be relative to the root. For example, "dns: | |||
host.example" and "dns:host.example." both refer to the same owner | host.example" and "dns:host.example." both refer to the same owner | |||
name, namely "host.example.". Further, an empty "dnsname" value is | name, namely "host.example.". Further, an empty "dnsname" value is | |||
considered to be a degenerative form of a relative name, which refer | considered to be a degenerative form of a relative name, which refers | |||
to the root ("."). | to the root ("."). | |||
To resolve a DNS URI using the DNS protocol [2] a query is created, | To resolve a DNS URI using the DNS protocol, [2] a query is created, | |||
using as input the dnsname, dnsclassval and dnstypeval from the URI | using as input the dnsname, dnsclassval and dnstypeval from the URI | |||
string (or the appropriate default values). If an authority | string (or the appropriate default values). If an authority | |||
("dnsauthority") is given in the URI string, this indicate the server | ("dnsauthority") is given in the URI string, this indicates the | |||
that should receive the DNS query, otherwise the default DNS server | server that should receive the DNS query. Otherwise, the default DNS | |||
should receive it. | server should receive it. | |||
Note that DNS URIs could be resolved by other protocols than the DNS | Note that DNS URIs could be resolved by other protocols than the DNS | |||
protocol, or by using the DNS protocol in some other way than as | protocol, or by using the DNS protocol in some other way than as | |||
described above (e.g., multicast DNS). DNS URIs do not require the | described above (e.g., multicast DNS). DNS URIs do not require the | |||
use of the DNS protocol, although it is expected to be the typical | use of the DNS protocol, although it is expected to be the typical | |||
usage. The previous paragraph only illustrate how DNS URIs are | usage. The previous paragraph only illustrates how DNS URIs are | |||
resolved using the DNS protocol. | resolved using the DNS protocol. | |||
A client MAY want to check that it understands the dnsclassval and | A client MAY want to check that it understands the dnsclassval and | |||
dnstypeval before sending a query, so that it will be able to | dnstypeval before sending a query, so that it will be able to | |||
understand the response. However, a typical example of a client that | understand the response. However, a typical example of a client that | |||
would not need to check dnsclassval and dnstypeval would be a proxy, | would not need to check dnsclassval and dnstypeval would be a proxy | |||
that would just treat the received answer as opaque data. | that would just treat the received answer as opaque data. | |||
Character encoding considerations: The characters are encoded as per | Character encoding considerations: Characters are encoded as per RFC | |||
RFC 3986 [5]. The DNS protocol do not consider character sets, it | 3986 [5]. The DNS protocol does not consider character sets, it | |||
simply transports opaque data. In particular, the "dnsname" field of | simply transports opaque data. In particular, the "dnsname" field of | |||
the DNS URI is to be considered an internationalized domain name | the DNS URI is to be considered an internationalized domain name | |||
(IDN) unaware domain name slot, in the terminology of [16]. The | (IDN) unaware domain name slot, in the terminology of RFC3940 [14]. | |||
considerations for "host" and "port" are discussed in [5] | The considerations for "host" and "port" are discussed in [5] | |||
Because "." is used as the DNS label separator, an escaping mechanism | Because "." is used as the DNS label separator, an escaping mechanism | |||
is required to encode a "." that is part of a DNS label. The | is required to encode a "." that is part of a DNS label. The | |||
escaping mechanism is described in section 5.1 of RFC 1035. For | escaping mechanism is described in section 5.1 of RFC 1035 [2]. For | |||
example, a DNS label of "exa.mple" can be escaped as "exa\.mple" or | example, a DNS label of "exa.mple" can be escaped as "exa\.mple" or | |||
"exa\046mple". However, the URI specification disallow the "\" | "exa\046mple". However, the URI specification disallows the "\" | |||
character from occuring directly in URIs, so it must be escaped as | character from occurring directly in URIs, so it must be escaped as | |||
"%5c". The single DNS label "exa.mple" is thus encoded as "exa% | "%5c". The single DNS label "exa.mple" is thus encoded as "exa% | |||
5c.mple". The same mechanism can be used to encode other characters, | 5c.mple". The same mechanism can be used to encode other characters, | |||
for example "?" and ";". Note that "." and "%2e" are equivalent | for example "?" and ";". Note that "." and "%2e" are equivalent | |||
within dnsname, and are interchangable. | within dnsname, and are interchangeable. | |||
This URI specification allows all possible domain names to be encoded | This URI specification allows all possible domain names to be | |||
(of course following the encoding rules of [5]), however certain | encoded, provided the encoding rules are observed per [5]), however | |||
applications may restrict the set of valid characters. Care should | certain applications may restrict the set of valid characters. Care | |||
be taken so that invalid characters in these contexts does not cause | should be taken so that invalid characters in these contexts does not | |||
harm. In particular, host names in the DNS have certain | cause harm. In particular, host names in the DNS have certain | |||
restrictions. It is up to these application to limit this subset, | restrictions. It is up to these application to limit this subset; | |||
this URI scheme places no restrictions. | this URI scheme places no restrictions. | |||
Intended usage: Whenever DNS resources are useful to reference by | Intended usage: Whenever it is useful for DNS resources to be | |||
protocol independent identifiers, often when the data is more | referenced by protocol-independent identifiers, this URI | |||
important than the access method. Since software in general has | specification is applicable. Often, this occurs when the data is | |||
more important than the access method. Since software in general has | ||||
coped without this so far, it is not anticipated to be implemented | coped without this so far, it is not anticipated to be implemented | |||
widely, nor migrated to by existing systems, but specific solutions | widely, nor migrated to by existing systems, but specific solutions | |||
(especially security related) may find this appropriate. | (especially security-related) may find this appropriate. | |||
Applications and/or protocols which use this scheme: Security related | Applications and/or protocols which use this scheme: Security- | |||
software. DNS administration tools. Network programming packages. | related software, DNS administration tools, and network programming | |||
packages. | ||||
Interoperability considerations: The data referenced by this URI | Interoperability considerations: The data referenced by this URI | |||
scheme might be transferred by protocols that are not URI aware (such | scheme might be transferred by protocols that are not URI aware (such | |||
as the DNS protocol). This is not anticipated to have any serious | as the DNS protocol). This is not anticipated to have any serious | |||
interoperability impact though. | interoperability impact. | |||
Interoperability problems may occur if one entity understands a new | Interoperability problems may occur if one entity understands a new | |||
DNS class/type mnemonic and another entity do not understand it. | DNS class/type mnemonic that another entity does not. This is an | |||
This is an interoperability problem for DNS software in general, | interoperability problem for DNS software in general, although it is | |||
although it is not a major practical problem as the DNS types and | not a major practical problem for current DNS deployments as the DNS | |||
classes are fairly static. To guarantee interoperability | types and classes are fairly static. To guarantee interoperability, | |||
implementations can use integers for all mnemonics not defined in | implementations can use integers for all mnemonics not defined in | |||
[2]. | [2]. | |||
Interaction with Binary Labels [12], or other extended label types, | Interaction with Binary Labels [10] or other extended label types has | |||
has not been analyzed. However, they appear to be infrequently used | not been analyzed. However, they appear to be infrequently used in | |||
in practice. | practice. | |||
Contact: simon@josefsson.org | Contact: simon@josefsson.org | |||
Author/Change Controller: simon@josefsson.org | Author/Change Controller: simon@josefsson.org | |||
4. Examples | 4. Examples | |||
A DNS URI is of the following general form. This is intended to | A DNS URI is of the following general form. This is intended to | |||
illustrate, not define, the scheme. | illustrate, not define, the scheme: | |||
dns:[//authority/]domain[?CLASS=class;TYPE=type] | dns:[//authority/]domain[?CLASS=class;TYPE=type] | |||
The following illustrate a URI for a resource with the absolute name | The following illustrates a URI for a resource with the absolute name | |||
"www.example.org.", the Internet (IN) class and the Address (A) type: | "www.example.org.", the Internet (IN) class and the Address (A) type: | |||
dns:www.example.org.?clAsS=IN;tYpE=A | dns:www.example.org.?clAsS=IN;tYpE=A | |||
Since the default class is IN, and the default type is A, the same | Since the default class is IN, and the default type is A, the same | |||
resource can be identified by a shorter URI, using a relative name: | resource can be identified by a shorter URI using a relative name: | |||
dns:www.example.org | dns:www.example.org | |||
The following illustrate a URI for a resource with the name | The following illustrate a URI for a resource with the name | |||
"simon.example.org", for the CERT type, in the Internet (IN) class: | "simon.example.org" for the CERT type in the Internet (IN) class: | |||
dns:simon.example.org?type=CERT | dns:simon.example.org?type=CERT | |||
The following illustrate a URI for a resource with the name | The following illustrate a URI for a resource with the name | |||
"ftp.example.org", in the Internet (IN) class and the address (A) | "ftp.example.org", in the Internet (IN) class and the address (A) | |||
type, but from the DNS authority 192.168.1.1 instead of the default | type, but from the DNS authority 192.168.1.1 instead of the default | |||
authority: | authority: | |||
dns://192.168.1.1/ftp.example.org?type=A | dns://192.168.1.1/ftp.example.org?type=A | |||
The following illustrate various escaping techniques. The owner name | The following illustrates various escaping techniques. The owner | |||
would be "world wide web.example\.domain.org" where "\." denote the | name would be "world wide web.example\.domain.example" where "\." | |||
character "." as part of a label, and "." denote the label separator: | denotes the character "." as part of a label, and "." denotes the | |||
label separator: | ||||
dns:world%20wide%20web.example%5c.domain.example?TYPE=TXT | dns:world%20wide%20web.example%5c.domain.example?TYPE=TXT | |||
The following illustrate a strange, but valid, DNS resource: | The following illustrates a strange, but valid, DNS resource: | |||
dns://fw.example.org/*.%20%00.example?type=TXT | dns://fw.example.org/*.%20%00.example?type=TXT | |||
5. Acknowledgments | 5. Acknowledgments | |||
Thanks to Stuart Cheshire, Donald Eastlake, Pasi Eronen, Bill Fenner, | Thanks to Stuart Cheshire, Donald Eastlake, Pasi Eronen, Bill Fenner, | |||
Ted Hardie, Russ Housley, Peter Koch, Andrew Main, Larry Masinter, | Ted Hardie, Russ Housley, Peter Koch, Andrew Main, Larry Masinter, | |||
Michael Mealling, Steve Mattson, Paul Vixie, Sam Weiler, and Bert | Michael Mealling, Steve Mattson, Marcos Sanz, Jason Sloderbeck, Paul | |||
Wijnen for comments and suggestions. The author acknowledges the RSA | Vixie, Sam Weiler, and Bert Wijnen for comments and suggestions. The | |||
Laboratories for supporting the work that led to this document. | author acknowledges RSA Laboratories for supporting the work that led | |||
to this document. | ||||
6. Security Considerations | 6. Security Considerations | |||
If a DNS URI references domains in the Internet DNS environment, both | If a DNS URI references domains in the Internet DNS environment, both | |||
the URI itself and the information referenced by the URI is public | the URI itself and the information referenced by the URI is public | |||
information. If a DNS URI is used within an "internal" DNS | information. If a DNS URI is used within an "internal" DNS | |||
environment, both the DNS URI and the data is referenced should be | environment, both the DNS URI and the data is referenced should be | |||
handled using the same considerations that apply to DNS data in the | handled using the same considerations that apply to DNS data in the | |||
environment. | "internal" environment. | |||
If information referenced by DNS URIs are used to make security | If information referenced by DNS URIs are used to make security | |||
decisions (examples of such data include, but is not limited to, | decisions (examples of such data include, but is not limited to, | |||
certificates stored in the DNS [10]), implementations may need to | certificates stored in the DNS [9]), implementations may need to | |||
employ security techniques such as Secure DNS [9], or even CMS [15] | employ security techniques such as Secure DNS [16], CMS [13], or | |||
or OpenPGP [8], to protect the data during transport. How to | OpenPGP [8], to protect the data during transport. How to implement | |||
implement this will depend on the usage scenario, and it is not up to | this will depend on the usage scenario, and it is not up to this URI | |||
this URI scheme to define how the data referenced by DNS URIs should | scheme to define how the data referenced by DNS URIs should be | |||
be protected. | protected. | |||
If applications accept unknown dnsqueryelement values (e.g., accepts | If applications accept unknown dnsqueryelement values in a URI (e.g., | |||
the URI "dns:www.example.org?secret=value" without knowing what the | URI "dns:www.example.org?secret=value") without knowing what the | |||
"secret=value" dnsqueryelement means), a covert channel used to | "secret=value" dnsqueryelement means, a covert channel used to "leak" | |||
"leak" information may be enabled. The implications of covert | information may be enabled. The implications of covert channels | |||
channels should be understood by applications that accepts unknown | should be understood by applications that accept unknown | |||
dnsqueryelement values. | dnsqueryelement values. | |||
Slight variations, such as difference between upper and lower case in | Slight variations, such as difference between upper and lower case in | |||
the dnsname field, can be used as a covert channel to leak | the dnsname field, can be used as a covert channel to leak | |||
information. | information. | |||
7. IANA Considerations | 7. IANA Considerations | |||
The IANA is asked to register the DNS URI scheme, using the template | The IANA is asked to register the DNS URI scheme, using the template | |||
in section 3, in accordance with RFC 2717 [13]. | in section 3, in accordance with RFC 2717 [11]. | |||
8. Copying conditions | 8. Copying conditions | |||
Copyright (c) 2000, 2001, 2002, 2003, 2004, 2005 Simon Josefsson | Copyright (c) 2000, 2001, 2002, 2003, 2004, 2005 Simon Josefsson | |||
Regarding this entire document or any portion of it, the author makes | Regarding this entire document or any portion of it, the author makes | |||
no guarantees and is not responsible for any damage resulting from | no guarantees and is not responsible for any damage resulting from | |||
its use. The author grants irrevocable permission to anyone to use, | its use. The author grants irrevocable permission to anyone to use, | |||
modify, and distribute it in any way that does not diminish the | modify, and distribute it in any way that does not diminish the | |||
rights of anyone else to use, modify, and distribute it, provided | rights of anyone else to use, modify, and distribute it, provided | |||
that redistributed derivative works do not contain misleading author | that redistributed derivative works do not contain misleading author | |||
or version information. Derivative works need not be licensed under | or version information. Derivative works need not be licensed under | |||
similar terms. | similar terms. | |||
9. References | 9. References | |||
9.1 Normative References | 9.1. Normative References | |||
[1] Mockapetris, P., "Domain names - concepts and facilities", | [1] Mockapetris, P., "Domain names - concepts and facilities", | |||
STD 13, RFC 1034, November 1987. | STD 13, RFC 1034, November 1987. | |||
[2] Mockapetris, P., "Domain names - implementation and | [2] Mockapetris, P., "Domain names - implementation and | |||
specification", STD 13, RFC 1035, November 1987. | specification", STD 13, RFC 1035, November 1987. | |||
[3] Bradner, S., "Key words for use in RFCs to Indicate Requirement | [3] Bradner, S., "Key words for use in RFCs to Indicate Requirement | |||
Levels", BCP 14, RFC 2119, March 1997. | Levels", BCP 14, RFC 2119, March 1997. | |||
[4] Crocker, D. and P. Overell, "Augmented BNF for Syntax | [4] Crocker, D. and P. Overell, "Augmented BNF for Syntax | |||
Specifications: ABNF", RFC 2234, November 1997. | Specifications: ABNF", RFC 2234, November 1997. | |||
[5] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform | [5] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform | |||
Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986, | Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986, | |||
January 2005. | January 2005. | |||
9.2 Informative References | 9.2. Informative References | |||
[6] Postel, J. and J. Reynolds, "File Transfer Protocol", STD 9, | [6] Postel, J. and J. Reynolds, "File Transfer Protocol", STD 9, | |||
RFC 959, October 1985. | RFC 959, October 1985. | |||
[7] Freed, N., Klensin, J., and J. Postel, "Multipurpose Internet | [7] Freed, N., Klensin, J., and J. Postel, "Multipurpose Internet | |||
Mail Extensions (MIME) Part Four: Registration Procedures", | Mail Extensions (MIME) Part Four: Registration Procedures", | |||
BCP 13, RFC 2048, November 1996. | BCP 13, RFC 2048, November 1996. | |||
[8] Callas, J., Donnerhacke, L., Finney, H., and R. Thayer, | [8] Callas, J., Donnerhacke, L., Finney, H., and R. Thayer, | |||
"OpenPGP Message Format", RFC 2440, November 1998. | "OpenPGP Message Format", RFC 2440, November 1998. | |||
[9] Eastlake, D., "Domain Name System Security Extensions", | [9] Eastlake, D. and O. Gudmundsson, "Storing Certificates in the | |||
RFC 2535, March 1999. | ||||
[10] Eastlake, D. and O. Gudmundsson, "Storing Certificates in the | ||||
Domain Name System (DNS)", RFC 2538, March 1999. | Domain Name System (DNS)", RFC 2538, March 1999. | |||
[11] Myers, M., Ankney, R., Malpani, A., Galperin, S., and C. Adams, | [10] Crawford, M., "Binary Labels in the Domain Name System", | |||
"X.509 Internet Public Key Infrastructure Online Certificate | ||||
Status Protocol - OCSP", RFC 2560, June 1999. | ||||
[12] Crawford, M., "Binary Labels in the Domain Name System", | ||||
RFC 2673, August 1999. | RFC 2673, August 1999. | |||
[13] Petke, R. and I. King, "Registration Procedures for URL Scheme | [11] Petke, R. and I. King, "Registration Procedures for URL Scheme | |||
Names", BCP 35, RFC 2717, November 1999. | Names", BCP 35, RFC 2717, November 1999. | |||
[14] Connolly, D. and L. Masinter, "The 'text/html' Media Type", | [12] Connolly, D. and L. Masinter, "The 'text/html' Media Type", | |||
RFC 2854, June 2000. | RFC 2854, June 2000. | |||
[15] Housley, R., "Cryptographic Message Syntax (CMS)", RFC 3369, | [13] Housley, R., "Cryptographic Message Syntax (CMS)", RFC 3369, | |||
August 2002. | August 2002. | |||
[16] Faltstrom, P., Hoffman, P., and A. Costello, | [14] Faltstrom, P., Hoffman, P., and A. Costello, | |||
"Internationalizing Domain Names in Applications (IDNA)", | "Internationalizing Domain Names in Applications (IDNA)", | |||
RFC 3490, March 2003. | RFC 3490, March 2003. | |||
[17] Yergeau, F., "UTF-8, a transformation format of ISO 10646", | [15] Josefsson, S., "Domain Name System Media Types", RFC 4027, | |||
STD 63, RFC 3629, November 2003. | ||||
[18] Josefsson, S., "Domain Name System Media Types", RFC 4027, | ||||
April 2005. | April 2005. | |||
Author's Address | [16] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, | |||
"DNS Security Introduction and Requirements", RFC 4033, | ||||
Simon Josefsson | March 2005. | |||
Email: simon@josefsson.org | ||||
Appendix A. Revision Changes | Appendix A. Revision Changes | |||
Note to RFC editor: Remove this appendix before publication. | Note to RFC editor: Remove this appendix before publication. | |||
A.1 Changes since -06 | A.1. Changes since -06 | |||
The MIME registration templates for text/dns and application/dns was | The MIME registration templates for text/dns and application/dns was | |||
removed, and will be defined in separate documents. | removed, and will be defined in separate documents. | |||
Improved discussion related to which mnemonics that must be | Improved discussion related to which mnemonics that must be | |||
supported. The interoperability problem that provoked the | supported. The interoperability problem that provoked the | |||
clarification is also mentioned. | clarification is also mentioned. | |||
Security consideration improvements. | Security consideration improvements. | |||
A.2 Changes since -07 | A.2. Changes since -07 | |||
Author/Change Controller changed to author of this document, not | Author/Change Controller changed to author of this document, not | |||
IESG. Terminology section collapsed into introduction. The second | IESG. Terminology section collapsed into introduction. The second | |||
paragraph of the introduction rewritten and gives explicit examples. | paragraph of the introduction rewritten and gives explicit examples. | |||
Intended usage and applications fields fixed. Moved this revision | Intended usage and applications fields fixed. Moved this revision | |||
tracking information to an appendix. Mention IDN in charset section. | tracking information to an appendix. Mention IDN in charset section. | |||
All previous thanks to suggestions by Larry Masinter. | All previous thanks to suggestions by Larry Masinter. | |||
A.3 Changes since -08 | A.3. Changes since -08 | |||
Modifications derived from Last-Call comments: Made more clear that | Modifications derived from Last-Call comments: Made more clear that | |||
DNS URIs does not imply use of the DNS protocol, but the issue is not | DNS URIs does not imply use of the DNS protocol, but the issue is not | |||
stressed because of the apparent inflamatory state of affairs. Added | stressed because of the apparent inflamatory state of affairs. Added | |||
informative references to HTML and FTP. Clarified that dnsname can | informative references to HTML and FTP. Clarified that dnsname can | |||
be empty. Clarified that first dnsqueryelement "win" in case of | be empty. Clarified that first dnsqueryelement "win" in case of | |||
ambiguity. Clarified security consideration with respect to unknown | ambiguity. Clarified security consideration with respect to unknown | |||
dnsqueryelements. Use "authority" instead of "server". Say "IANA | dnsqueryelements. Use "authority" instead of "server". Say "IANA | |||
registered" instead of "standard". Interoperability note about | registered" instead of "standard". Interoperability note about | |||
binary DNS labels. Typos. | binary DNS labels. Typos. | |||
A.4 Changes since -09 | A.4. Changes since -09 | |||
Use legal texts from RFC 3667. Update UTF-8 reference to RFC 3629. | Use legal texts from RFC 3667. Update UTF-8 reference to RFC 3629. | |||
Simplified introduction. Discuss relative and absolute dnsname's. | Simplified introduction. Discuss relative and absolute dnsname's. | |||
Clarify that empty dnsname correspond to the root. Change so that | Clarify that empty dnsname correspond to the root. Change so that | |||
dns:foo?TYPE=A;TYPE=TXT is invalid, instead of meaning TYPE=A. The | dns:foo?TYPE=A;TYPE=TXT is invalid, instead of meaning TYPE=A. The | |||
underspecified extension mechanism was dropped; now only TYPE= and | underspecified extension mechanism was dropped; now only TYPE= and | |||
CLASS= are permitted. Remove background discussion of why the | CLASS= are permitted. Remove background discussion of why the | |||
dnsname field is made a IDN unaware domain name slot. Use standard | dnsname field is made a IDN unaware domain name slot. Use standard | |||
DNS escaping (i.e, "\." for ".") instead of broken approach that | DNS escaping (i.e, "\." for ".") instead of broken approach that | |||
violated the URI specification. Improve examples. Add security | violated the URI specification. Improve examples. Add security | |||
considerations. | considerations. | |||
A.5 Changes since -10 | A.5. Changes since -10 | |||
Add section "Usage Model". Move acknowledgements, as per rfc2223bis. | Add section "Usage Model". Move acknowledgements, as per rfc2223bis. | |||
Add permissive copying condition. Updates to align with RFC 3986. | Add permissive copying condition. Updates to align with RFC 3986. | |||
A.6 Changes since -11 | A.6. Changes since -11 | |||
Fix typos. IESG feedback: Move RFC2119 reference to normative | Fix typos. IESG feedback: Move RFC2119 reference to normative | |||
section. Replace OCSP example with X.509 CRL Distribution Point | section. Replace OCSP example with X.509 CRL Distribution Point | |||
extension. Fix ABNF not to use "...". | extension. Fix ABNF not to use "...". | |||
A.7 Changes since -12 | A.7. Changes since -12 | |||
Reference MIME and RFC 4027. IESG feedback: Do not mention OpenPGP/ | Reference MIME and RFC 4027. IESG feedback: Do not mention OpenPGP/ | |||
X.509 as illustrative examples in the introduction section. | X.509 as illustrative examples in the introduction section. | |||
A.8. Changes since -13 | ||||
Fix typos. | ||||
Author's Address | ||||
Simon Josefsson | ||||
Email: simon@josefsson.org | ||||
Intellectual Property Statement | Intellectual Property Statement | |||
The IETF takes no position regarding the validity or scope of any | The IETF takes no position regarding the validity or scope of any | |||
Intellectual Property Rights or other rights that might be claimed to | Intellectual Property Rights or other rights that might be claimed to | |||
pertain to the implementation or use of the technology described in | pertain to the implementation or use of the technology described in | |||
this document or the extent to which any license under such rights | this document or the extent to which any license under such rights | |||
might or might not be available; nor does it represent that it has | might or might not be available; nor does it represent that it has | |||
made any independent effort to identify any such rights. Information | made any independent effort to identify any such rights. Information | |||
on the procedures with respect to rights in RFC documents can be | on the procedures with respect to rights in RFC documents can be | |||
found in BCP 78 and BCP 79. | found in BCP 78 and BCP 79. | |||
End of changes. | ||||
This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/ |