]> pere.pagekite.me Git - homepage.git/blob - reports/rfc/draft-ietf-ids-dnsnames-00.txt
projects / homepage.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Generated.
[homepage.git] / reports / rfc / draft-ietf-ids-dnsnames-00.txt
1
2
3
4
5 INTERNET-DRAFT Martin Hamilton
6 draft-ietf-ids-dnsnames-00.txt Loughborough University
7 Expires in six months Russ Wright
8 Lawrence Berkeley Laboratory
9 May 1996
10
11
12 Use of DNS Aliases for Network Services
13 Filename: draft-ietf-ids-dnsnames-00.txt
14
15
16 Status of this Memo
17
18 This document is an Internet-Draft. Internet-Drafts are working
19 documents of the Internet Engineering Task Force (IETF), its
20 areas, and its working groups. Note that other groups may also
21 distribute working documents as Internet-Drafts.
22
23 Internet-Drafts are draft documents valid for a maximum of six
24 months and may be updated, replaced, or obsoleted by other
25 documents at any time. It is inappropriate to use Internet-
26 Drafts as reference material or to cite them other than as ``work
27 in progress.''
28
29 To learn the current status of any Internet-Draft, please check
30 the ``1id-abstracts.txt'' listing contained in the Internet-
31 Drafts Shadow Directories on ftp.is.co.za (Africa), nic.nordu.net
32 (Europe), munnari.oz.au (Pacific Rim), ds.internic.net (US East
33 Coast), or ftp.isi.edu (US West Coast).
34
35 Abstract
36
37 It has become a common practice to use symbolic names (usually
38 CNAMEs) in the Domain Name Service (DNS - [1,2]) to refer to network
39 services such as anonymous FTP [3] servers, Gopher [4] servers, and
40 most notably World-Wide Web HTTP [5] servers. This is desirable for
41 a number of reasons. It provides a way of moving services from one
42 machine to another transparently, and a mechanism by which people or
43 agents may programatically discover that an organization runs, say, a
44 World-Wide Web server.
45
46 Although this approach has been almost universally adopted, there is
47 no standards document or similar specification for these commonly
48 used names. This document seeks to rectify this situation by
49 gathering together the extant "folklore" on naming conventions, and
50 proposes a mechanism for accommodating new protocols. Distribution
51 of this document is unlimited. Comments should be sent to the IETF
52 Integrated Directory Services mailing list, ietf-ids@umich.edu, or
53
54
55
56 [Page 1]
57 \f
58 INTERNET-DRAFT May 1996
59
60
61 directly to the authors.
62
63 1. Rationale
64
65 In order to locate the network services offered at a particular
66 Internet domain one is faced with the choice of selecting from a
67 growing number of centralized databases - typically Web or Usenet
68 News "wanderers", or attempting to infer the existence of network
69 services from whatever DNS information may be available. The former
70 approach is not practical in some cases, notably when the entity
71 seeking service information is a program.
72
73 Perhaps the most visible example of the latter approach at work is in
74 the case of World-Wide Web HTTP servers. It is common practice to
75 try prefixing the domain name of an organization with "http://www."
76 in order to reach its World-Wide Web site, e.g. taking "hivnet.fr"
77 and arriving at "http://www.hivnet.fr." Some popular World-Wide Web
78 browsers have gone so far as to provide automatic support for this
79 domain name expansion.
80
81 Ideally, the DNS or some complementary directory service would
82 provide a means for programs to determine automatically the network
83 services which are offered at a particular Internet domain, the
84 protocols which are used to deliver them, and other technical
85 information such as TCP [6] and UDP [7] port numbers.
86
87 Unfortunately, although much work has been done on developing "yellow
88 pages" directory service technologies, and on attempting to define
89 new types of DNS resource record to provide this type of information,
90 there is no widely agreed upon or widely deployed solution to the
91 problem - except in a small number of cases.
92
93 The first case is where the DNS already provides a lookup capability
94 for the type of information being sought after. For example: Mail
95 Exchanger (MX) records specify how mail to a particular domain should
96 be routed [8], the Start of Authority (SOA) records make it possible
97 to determine who is responsible for a given domain, and Name Server
98 (NS) records indicate which hosts provide DNS name service for a
99 given domain.
100
101 The second case is where the DNS does not provide an appropriate
102 lookup capability, but there is some widely accepted convention for
103 finding this information. Some use has been made of Text (TXT)
104 records in this scenario, but in the vast majority of cases a
105 Canonical Name (CNAME) or Address (A) record pointer is used to
106 indicate the host or hosts which provide the service. This document
107 proposes a slight formalization of this well-known alias approach.
108
109
110
111
112 [Page 2]
113 \f
114 INTERNET-DRAFT May 1996
115
116
117 It should be noted that the DNS provides a Well Known Services (WKS)
118 lookup capability, which makes it possible to determine the services
119 offered by a particular host given its domain name. In practice this
120 is not widely used, and was deprecated in the Host Requirements
121 specification [9]. In fact, WKS is really trying to solve a
122 different problem - advertising the services provided by a particular
123 machine, rather than which machines provide particular services for a
124 domain as a whole.
125
126 2. A generic framework
127
128 One approach to dealing with aliases for new protocols would be to
129 define a standard set of DNS aliases for the most popular network
130 services, and an accompanying review procedure for registering new
131 protocols - such as has been attempted with Internet Media (MIME)
132 Types [10]. We suggest that in the rapidly changing world of
133 computer networking this may not be the most appropriate way of
134 tackling the problem.
135
136 The Internet Assigned Numbers Authority (IANA) maintains a registry
137 of well known port numbers, registered port numbers, protocol and
138 service names [11]. We propose that this list be used to determine
139 the a default port number, transport protocol (e.g. TCP or UDP) and
140 DNS alias for a given application protocol.
141
142 e.g.
143
144 -----------------------------------------------------------
145 Name Port Transport Protocol
146 -----------------------------------------------------------
147 finger 79 TCP Finger [12]
148 ftp 21 TCP File Transfer Protocol
149 gopher 70 TCP Internet Gopher Protocol
150 ldap 389 TCP/UDP Lightweight Directory Access
151 Protocol [13]
152 ntp 123 UDP Network Time Protocol [14]
153 rwhois 4321 TCP Referral WHOIS [15]
154 whois 43 TCP NICNAME/WHOIS [16]
155 -----------------------------------------------------------
156
157 If it is not appropriate to use the information registered with IANA
158 for a particular application protocol, we suggest the protocol
159 specification should indicate why this is the case - and preferably
160 propose an alternative mechanism. For example, a Remote Procedure
161 Call (RPC) based application protocol which does not use a fixed port
162 number by default might determine which port to use by contacting a
163 remote RPC portmapper.
164
165
166
167
168 [Page 3]
169 \f
170 INTERNET-DRAFT May 1996
171
172
173 We suggest that the DNS alias to be used for a service be taken
174 initially from the IANA lists of well known port numbers (in the
175 traditionally "restricted" rage 0 to 1023) and registered port
176 numbers (1024 to 65535), with recourse to the list of protocol and
177 service names if there is some confusion over the preferred alias.
178 This might be necessary if, for example, the name associated with the
179 IANA registered port number for a protocol contains the underscore
180 character "_", the plus character "+", or the dot character "." -
181 these are not legal as domain name components.
182
183 3. Special cases
184
185 In addition to the character set problems outlined above, there are a
186 small number of special cases which are not currently catered for in
187 the IANA registry. We propose that IANA maintain a list of these in
188 addition to the existing assigned numbers information.
189
190 Some common examples:
191
192 -----------------------------------------------------------
193 Alias Service
194 -----------------------------------------------------------
195 archie archie [17] (alias for "prospero")
196 cso CCSO nameserver [18] (alias for "csnet-ns")
197 fsp File Service Protocol [19]
198 news Usenet News via NNTP [20] (alias for "nntp")
199 ns DNS servers, and CCSO nameservers (aliases for
200 "domain" and "csnet-ns")
201 ph CCSO (alias for "csnet-ns")
202 wais Wide Area Information Server [21] (alias for
203 "z39.50")
204 www World-Wide Web HTTP (alias for "http")
205 -----------------------------------------------------------
206
207 4. (Ab)Use of the DNS as a directory service
208
209 The widespread use of these common aliases effectively means that it
210 is sometimes possible to "guess" the domain names associated with an
211 organization's network services, though this is becoming more
212 difficult as the number of organizations registered in the DNS
213 increases.
214
215 It should be understood by implementors that the existence of a DNS
216 entry such as
217
218 www.hivnet.fr
219
220 does not constitute a registration of a World-Wide Web service.
221
222
223
224 [Page 4]
225 \f
226 INTERNET-DRAFT May 1996
227
228
229 There is no requirement that the domain name resolve to an IP address
230 or addresses. There is no requirement that a host be listening for
231 HTTP connections, or if it is, that the HTTP server be running on
232 port 80. Finally, even if all of these things are true, there can be
233 no guarantee that the World-Wide Web server will be prepared to honor
234 requests from arbitrary clients.
235
236 Having said this, the aliases do provide useful "hints" about the
237 services offered. We propose that they be taken in this spirit.
238
239 The conventions described in this document are, essentially, only
240 useful when the organization's domain name can be determined - e.g.
241 from some external database. A number of groups, including the IETF,
242 have been working on ways of finding domain names given a set of
243 information such as organization name, location, and business type.
244 It is hoped that one or more of these will eventually make it
245 possible to augment the basic lookup service which the DNS provides
246 with a more generalised search and retrieval capability.
247
248 5. DNS server configuration
249
250 In the short term, whilst directory service technology and further
251 types of DNS resource record are being developed, domain name
252 administrators are encouraged to use these common names for the
253 network services they run. They will make it easier for outsiders to
254 find information about your organization, and also make it easier for
255 you to move services from one machine to another.
256
257 There are two conventional approaches to creating these DNS entries.
258 One is to add a single CNAME record to your DNS server's
259 configuration, e.g.
260
261 ph.hivnet.fr. IN CNAME baby.hivnet.fr.
262
263 Note that in this scenario no information about ph.hivnet.fr should
264 exist in the DNS other than the CNAME record. An alternative
265 approach would be to create an A record for each of the IP addresses
266 associated with ph.hivnet.fr, e.g.
267
268 ph.hivnet.fr. IN A 194.167.157.2
269
270 Recent DNS server implementations provide a "round-robin" feature
271 which causes the host's IP addresses to be returned in a different
272 order each time the address is looked up.
273
274 Network clients are starting to appear which, when they encounter a
275 host with multiple addresses, use heuristics to determine the address
276 to contact - e.g. picking the one which has the shortest round-trip-
277
278
279
280 [Page 5]
281 \f
282 INTERNET-DRAFT May 1996
283
284
285 time. Thus, if a server is mirrored (replicated) at a number of
286 locations, it may be desirable to list the IP addresses of the mirror
287 servers as A records of the primary server. This is only likely to
288 be appropriate if the mirror servers are exact copies of the original
289 server.
290
291 6. Limitations of this approach
292
293 Some services require that a client have more information than the
294 server's domain name and (default) port number. For example, an LDAP
295 client needs to know a starting search base within the Directory
296 Information Tree in order to have a meaningful dialogue with the
297 server. This document does not attempt to address this problem.
298
299 In some cases, different aliases are in common use for the same
300 service - e.g. "ph", "cso" and "ns" for the CCSO nameserver. It
301 might appear to be in everyone's interest to narrow the choice of
302 alias down to a single name. However, if current practice implies
303 that a number of aliases are equally valid, it would be advisable to
304 support them all. This increases the likelihood of the service being
305 found.
306
307 <<contentious>> Given the confusion over the multiple use of the "ns"
308 alias in particular, we could suggest/mandate that everyone move to a
309 single name, e.g. the IANA registered "csnet-ns" or one of "cso" and
310 "ph". Should we be trying to do this ? Discuss! <</contentious>>
311
312 Another problem is the use of a single alias to refer to multiple
313 network services, e.g. "ns" is commonly used to refer to both hosts
314 which run the CCSO nameserver, and DNS servers themselves. In this
315 particular case the DNS already provides a lookup capability for
316 nameservers via the NS record. As noted, implementations should be
317 resilient in the event that the name does not point to the expected
318 service.
319
320 7. Security considerations
321
322 The DNS is open to many kinds of "spoofing" attacks, and it cannot be
323 guaranteed that the result returned by a DNS lookup is indeed the
324 genuine information. Spoofing may take the form of denial of
325 service, such as directing of the client to a non-existent address,
326 or a passive attack such as an intruder's server which masquerades as
327 the legitimate one.
328
329 Work is ongoing to remedy this situation insofar as the DNS is
330 concerned [22]. In the meantime it should be noted that stronger
331 authentication mechanisms such as public key cryptography with large
332 key sizes are a pre-requisite if the DNS is being used in any
333
334
335
336 [Page 6]
337 \f
338 INTERNET-DRAFT May 1996
339
340
341 sensitive situations. Examples of these would be on-line financial
342 transactions, and any situation where privacy is a concern - such as
343 the querying of medical records over the network. Strong encryption
344 of the network traffic may also be advisable, to protect against TCP
345 connection "hijacking" and packet sniffing.
346
347 8. Conclusions
348
349 The service names registered with the IANA provide a sensible set of
350 defaults which may be used as an aid in determining the hosts which
351 offer particular services for a given domain name.
352
353 This document has noted some exceptions which are either inherently
354 unsuitable for this treatment, or already have a substantial
355 installed base using alternative aliases.
356
357 9. Acknowledgements
358
359 Thanks to Jeff Allen, Tom Gillman, Renato Iannella, Thomas
360 Lenggenhager, Bill Manning, Andy Powell, Sri Sataluri, and <<your
361 name here!!>> for their comments on draft versions of this document.
362
363 This work was supported by grants from the UK Electronic Libraries
364 Programme (eLib) and the European Commission's Telematics for
365 Research Programme.
366
367 10. References
368
369 Request For Comments (RFC) and Internet Draft documents are available
370 from <URL:ftp://ftp.internic.net> and numerous mirror sites.
371
372 [1] P. V. Mockapetris. "Domain names - concepts and
373 facilities", RFC 1034. November 1987.
374
375
376 [2] P. V. Mockapetris. "Domain names - implementation
377 and specification", RFC 1035. November 1987.
378
379
380 [3] J. Postel, J. K. Reynolds. "File Transfer Proto-
381 col", RFC 959. October 1985.
382
383
384 [4] F. Anklesaria, M. McCahill, P. Lindner, D. Johnson,
385 D. Torrey & B. Albert. "The Internet Gopher Proto-
386 col (a distributed document search and retrieval
387 protocol)", RFC 1436. March 1993.
388
389
390
391
392 [Page 7]
393 \f
394 INTERNET-DRAFT May 1996
395
396
397 [5] T. Berners-Lee, R. Fielding, H. Nielsen. "Hyper-
398 text Transfer Protocol -- HTTP/1.0", RFC 1945. May
399 1996.
400
401
402 [6] J. Postel. "Transmission Control Protocol", RFC
403 793. September 1981.
404
405
406 [7] J. Postel. "User Datagram Protocol", RFC 768.
407 August 1980.
408
409
410 [8] C. Partridge. "Mail routing and the domain sys-
411 tem", RFC 974. January 1986.
412
413
414 [9] R. T. Braden. "Requirements for Internet hosts -
415 application and support", RFC 1123. October 1989.
416
417
418 [10] J. Postel. "Media Type Registration Procedure",
419 RFC 1590. March 1994.
420
421
422 [11] J. Reynolds, J. Postel. "ASSIGNED NUMBERS", RFC
423 1700. October 1994.
424
425
426 [12] D. Zimmerman. "The Finger User Information Proto-
427 col", RFC 1288. December 1992.
428
429
430 [13] W. Yeong, T. Howes, S. Kille. "Lightweight Direc-
431 tory Access Protocol", RFC 1777. March 1995.
432
433
434 [14] D. Mills. "Network Time Protocol (Version 3)
435 Specification, Implementation", RFC 1305. March
436 1992.
437
438
439 [15] S. Williamson & M. Kosters. "Referral Whois Proto-
440 col (RWhois)", RFC 1714. November 1994.
441
442
443 [16] K. Harrenstien, M. K. Stahl, E.J. Feinler.
444 "NICNAME/WHOIS", RFC 954. October 1985.
445
446
447
448 [Page 8]
449 \f
450 INTERNET-DRAFT May 1996
451
452
453 [17] A. Emtage, P. Deutsch. "archie - An Electronic
454 Directory Service for the Internet", Winter Usenix
455 Conference Proceedings 1992. Pages 93-110.
456
457
458 [18] R. Hedberg, S. Dorner, P. Pomes. "The CCSO
459 Nameserver (Ph) Architecture", Internet Draft.
460 February 1996.
461
462
463 [19] FSP software distribution:
464 <URL:ftp://ftp.germany.eu.net/pub/networking/inet/fsp>
465
466
467 [20] B. Kantor, P. Lapsley. "Network News Transfer Pro-
468 tocol", RFC 977. February 1986.
469
470
471 [21] M. St. Pierre, J. Fullton, K. Gamiel, J. Goldman,
472 B. Kahle, J. Kunze, H. Morris & F. Schiettecatte.
473 "WAIS over Z39.50-1988", RFC 1625. June 1994.
474
475
476 [22] D. E. Eastlake 3rd, C. W. Kaufman. "Domain Name
477 System Security Extensions", Internet Draft. Janu-
478 ary 1996.
479
480
481 11. Authors addresses
482
483 Martin Hamilton
484 Department of Computer Studies
485 Loughborough University of Technology
486 Leics. LE11 3TU, UK
487
488 Email: m.t.hamilton@lut.ac.uk
489
490
491 Russ Wright
492 Information & Computing Sciences Division
493 Lawrence Berkeley National Laboratory
494 1 Cyclotron Road, Berkeley
495 Mail-Stop: 50B-2258
496 CA 94720, USA
497
498 Email: wright@lbl.gov
499
500
501
502
503
504 [Page 9]
505 \f
506 INTERNET-DRAFT May 1996
507
508
509 This Internet Draft expires 29th November, 1996.
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560 [Page 10]
561 \f
Nettsider og blogg.