rfc9606.original   rfc9606.txt 
ADD T. Reddy Internet Engineering Task Force (IETF) T. Reddy.K
Internet-Draft Nokia Request for Comments: 9606 Nokia
Intended status: Standards Track M. Boucadair Category: Standards Track M. Boucadair
Expires: 28 October 2024 Orange ISSN: 2070-1721 Orange
26 April 2024 June 2024
DNS Resolver Information DNS Resolver Information
draft-ietf-add-resolver-info-13
Abstract Abstract
This document specifies a method for DNS resolvers to publish This document specifies a method for DNS resolvers to publish
information about themselves. DNS clients can use the resolver information about themselves. DNS clients can use the resolver
information to identify the capabilities of DNS resolvers. How DNS information to identify the capabilities of DNS resolvers. How DNS
clients use such an information is beyond the scope of this document. clients use such information is beyond the scope of this document.
Discussion Venues
This note is to be removed before publishing as an RFC.
Discussion of this document takes place on the Adaptive DNS Discovery
Working Group mailing list (add@ietf.org), which is archived at
https://mailarchive.ietf.org/arch/browse/add/.
Source for this draft and an issue tracker can be found at
https://github.com/boucadair/add-resolver-information.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This is an Internet Standards Track document.
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months This document is a product of the Internet Engineering Task Force
and may be updated, replaced, or obsoleted by other documents at any (IETF). It represents the consensus of the IETF community. It has
time. It is inappropriate to use Internet-Drafts as reference received public review and has been approved for publication by the
material or to cite them other than as "work in progress." Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 7841.
This Internet-Draft will expire on 28 October 2024. Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc9606.
Copyright Notice Copyright Notice
Copyright (c) 2024 IETF Trust and the persons identified as the Copyright (c) 2024 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents
license-info) in effect on the date of publication of this document. (https://trustee.ietf.org/license-info) in effect on the date of
Please review these documents carefully, as they describe your rights publication of this document. Please review these documents
and restrictions with respect to this document. Code Components carefully, as they describe your rights and restrictions with respect
extracted from this document must include Revised BSD License text as to this document. Code Components extracted from this document must
described in Section 4.e of the Trust Legal Provisions and are include Revised BSD License text as described in Section 4.e of the
provided without warranty as described in the Revised BSD License. Trust Legal Provisions and are provided without warranty as described
in the Revised BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology
3. Retrieving Resolver Information . . . . . . . . . . . . . . . 4 3. Retrieving Resolver Information
4. Format of the Resolver Information . . . . . . . . . . . . . 4 4. Format of the Resolver Information
5. Resolver Information Keys/Values . . . . . . . . . . . . . . 5 5. Resolver Information Keys/Values
6. An Example . . . . . . . . . . . . . . . . . . . . . . . . . 6 6. An Example
7. Security Considerations . . . . . . . . . . . . . . . . . . . 7 7. Security Considerations
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 8. IANA Considerations
8.1. RESINFO RR Type . . . . . . . . . . . . . . . . . . . . . 7 8.1. RESINFO RR Type
8.2. DNS Resolver Information Key Registration . . . . . . . . 7 8.2. DNS Resolver Information Keys Registration
8.3. Guidelines for the Designated Experts . . . . . . . . . . 8 8.3. Guidelines for the Designated Experts
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 9. References
9.1. Normative References . . . . . . . . . . . . . . . . . . 9 9.1. Normative References
9.2. Informative References . . . . . . . . . . . . . . . . . 10 9.2. Informative References
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 11 Acknowledgments
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11 Authors' Addresses
1. Introduction 1. Introduction
Historically, DNS clients communicated with recursive resolvers Historically, DNS clients communicated with recursive resolvers
without needing to know anything about the features supported by without needing to know anything about the features supported by
these resolvers. However, more and more recursive resolvers expose these resolvers. However, more and more recursive resolvers expose
different features that may impact delivered DNS services (privacy different features that may impact delivered DNS services (privacy
preservation, filtering, transparent behavior, etc.). DNS clients preservation, filtering, transparent behavior, etc.). DNS clients
can discover and authenticate encrypted DNS resolvers provided by a can discover and authenticate encrypted DNS resolvers provided by a
local network, for example, using the Discovery of Network-designated local network, for example, using the Discovery of Network-designated
skipping to change at page 3, line 11 skipping to change at line 87
capabilities to feed the resolver selection process. Instead of capabilities to feed the resolver selection process. Instead of
depending on opportunistic approaches, DNS clients need a more depending on opportunistic approaches, DNS clients need a more
reliable mechanism to discover the features that are configured on reliable mechanism to discover the features that are configured on
these resolvers. these resolvers.
This document fills that void by specifying a mechanism that allows This document fills that void by specifying a mechanism that allows
communication of DNS resolver information to DNS clients for use in communication of DNS resolver information to DNS clients for use in
resolver selection decisions. For example, the resolver selection resolver selection decisions. For example, the resolver selection
procedure may use the retrieved resolver information to prioritize procedure may use the retrieved resolver information to prioritize
privacy-preserving resolvers over those that don't enable QNAME privacy-preserving resolvers over those that don't enable QNAME
minimization [RFC9156]. Another example is when a DNS client selects minimisation [RFC9156]. Another example is when a DNS client selects
a resolver based on its filtering capability. For instance, a DNS a resolver based on its filtering capability. For instance, a DNS
client can choose a resolver that filters domains according to a client can choose a resolver that filters domains according to a
security policy using the Blocked (15) Extended DNS Error (EDE) security policy using the Blocked (15) Extended DNS Error (EDE)
[RFC8914]. Alternatively, the client may have a policy not to select [RFC8914]. Alternatively, the client may have a policy not to select
a resolver that forges responses using the Forged Answer (4) EDE. a resolver that forges responses using the Forged Answer (4) EDE.
However, it is out of the scope of this document to define the However, it is out of the scope of this document to define the
selection procedure and policies. Once a resolver is selected by a selection procedure and policies. Once a resolver is selected by a
DNS client, and unless explicitly mentioned, this document does not DNS client, and unless explicitly mentioned, this document does not
interfere with DNS operations with that resolver. interfere with that resolver's DNS operations.
Specifically, this document defines a new resource record (RR) type Specifically, this document defines a new resource record (RR) type
for DNS clients to query the recursive resolvers. The initial for DNS clients to query the recursive resolvers. The initial
information that a resolver might want to expose is defined in information that a resolver might want to expose is defined in
Section 5. That information is scoped to cover properties that are Section 5. That information is scoped to cover properties that are
used to infer privacy and transparency policies of a resolver. Other used to infer privacy and transparency policies of a resolver. Other
information can be registered in the future per the guidance in information can be registered in the future per the guidance in
Section 8.2. The information is not intended for end user Section 8.2. The information is not intended for end-user
consumption. consumption.
2. Terminology 2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in "OPTIONAL" in this document are to be interpreted as described in BCP
BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
This document makes use of the terms defined in [RFC8499]. The This document makes use of the terms defined in [RFC8499]. The
following additional terms are used: following additional terms are used:
Encrypted DNS: Refers to a DNS scheme where DNS exchanges are Encrypted DNS: Refers to a DNS scheme where DNS exchanges are
transported over an encrypted channel between a DNS client and transported over an encrypted channel between a DNS client and
server (e.g., DNS over HTTPS (DoH) [RFC8484], DNS over TLS (DoT) server (e.g., DNS over HTTPS (DoH) [RFC8484], DNS over TLS (DoT)
[RFC7858], or DNS over QUIC (DoQ) [RFC9250]). [RFC7858], or DNS over QUIC (DoQ) [RFC9250]).
Encrypted DNS resolver: Refers to a DNS resolver that supports any Encrypted DNS resolver: Refers to a DNS resolver that supports any
encrypted DNS scheme. encrypted DNS scheme.
Reputation: "The estimation in which an identifiable actor is held, Reputation: Defined as "the estimation in which an identifiable
especially by the community or the Internet public generally" actor is held, especially by the community or the Internet public
(Section 1 of [RFC7070]). generally" per Section 1 of [RFC7070].
3. Retrieving Resolver Information 3. Retrieving Resolver Information
A DNS client that wants to retrieve the resolver information may use A DNS client that wants to retrieve the resolver information may use
the RR type "RESINFO" defined in this document. The content of the the RR type "RESINFO" defined in this document. The content of the
RDATA in a response to a query for RESINFO RR QTYPE is defined in RDATA in a response to a query for RESINFO RR QTYPE is defined in
Section 5. If the resolver understands the RESINFO RR type, the Section 5. If the resolver understands the RESINFO RR type, the
RRSet MUST have exactly one record. Invalid records MUST be silently RRset MUST have exactly one record. Invalid records MUST be silently
ignored by DNS clients. RESINFO is a property of the resolver and is ignored by DNS clients. RESINFO is a property of the resolver and is
not subject to recursive resolution. not subject to recursive resolution.
A DNS client can retrieve the resolver information using the RESINFO A DNS client can retrieve the resolver information using the RESINFO
RR type and the QNAME of the domain name that is used to authenticate RR type and the QNAME of the domain name that is used to authenticate
the DNS resolver (referred to as the Authentication Domain Name (ADN) the DNS resolver (referred to as the Authentication Domain Name (ADN)
in DNR [RFC9463]). in DNR [RFC9463]).
If the Special-Use Domain Name "resolver.arpa", defined in [RFC9462], If the Special-Use Domain Name "resolver.arpa", defined in [RFC9462],
is used to discover an encrypted DNS resolver, the client can is used to discover an encrypted DNS resolver, the client can
retrieve the resolver information using the RESINFO RR type and QNAME retrieve the resolver information using the RESINFO RR type and QNAME
of "resolver.arpa". In this case, a client has to contend with the of "resolver.arpa". In this case, a client has to contend with the
risk that a resolver does not support RESINFO. The resolver might risk that a resolver does not support RESINFO. The resolver might
pass the query upstream, and then the client can receive a positive pass the query upstream, and then the client can receive a positive
RESINFO response either from a legitimate DNS resolver or an RESINFO response from either a legitimate DNS resolver or an
attacker. attacker.
The DNS client MUST set the Recursion Desired (RD) bit of the query The DNS client MUST set the Recursion Desired (RD) bit of the query
to 0. The DNS client MUST discard the response if the AA flag in the to 0. The DNS client MUST discard the response if the AA flag in the
response is set to 0, indicating that the DNS resolver is not response is set to 0, indicating that the DNS resolver is not
authoritative for the response. authoritative for the response.
If a group of resolvers is sharing the same ADN and/or anycast If a group of resolvers is sharing the same ADN and/or anycast
address, then these instances SHOULD expose a consistent RESINFO. address, then these instances SHOULD expose a consistent RESINFO.
4. Format of the Resolver Information 4. Format of the Resolver Information
The resolver information record uses the same format as DNS TXT The resolver information record uses the same format as DNS TXT
records. The format rules for TXT records are defined in the base records. The format rules for TXT records are defined in the base
DNS specification (Section 3.3.14 of [RFC1035]) and further DNS specification (Section 3.3.14 of [RFC1035]) and are further
elaborated in the DNS-based Service Discovery (DNS-SD) specification elaborated in the DNS-based Service Discovery (DNS-SD) specification
(Section 6.1 of [RFC6763]). The recommendations to limit the TXT (Section 6.1 of [RFC6763]). The recommendations to limit the TXT
record size are discussed in Section 6.1 of [RFC6763]. record size are discussed in Section 6.1 of [RFC6763].
Similar to DNS-SD, the RESINFO RR type uses "key/value" pairs to Similar to DNS-SD, the RESINFO RR type uses "key/value" pairs to
convey the resolver information. Each "key/value" pair is encoded convey the resolver information. Each key/value pair is encoded
using the format rules defined in Section 6.3 of [RFC6763]. Using using the format rules defined in Section 6.3 of [RFC6763]. Using
standardized "key/value" syntax within the RESINFO RR type makes it standardized key/value syntax within the RESINFO RR type makes it
easier for future keys to be defined. If a DNS client sees unknown easier for future keys to be defined. If a DNS client sees unknown
keys in a RESINFO RR type, it MUST silently ignore them. The same keys in a RESINFO RR type, it MUST silently ignore them. The same
rules for the keys as those defined in Section 6.4 of [RFC6763] MUST rules for the keys, as defined in Section 6.4 of [RFC6763], MUST be
be followed for RESINFO. followed for RESINFO.
Resolver information keys MUST either be defined in the IANA registry Resolver information keys MUST either be defined in the IANA registry
(Section 8.2) or begin with the substring "temp-" for names defined (Section 8.2) or begin with the substring "temp-" for names defined
for local use only. for local use only.
5. Resolver Information Keys/Values 5. Resolver Information Keys/Values
The following resolver information keys are defined: The following resolver information keys are defined:
qnamemin: The presence of this key indicates that the DNS resolver qnamemin: The presence of this key indicates that the DNS resolver
skipping to change at page 5, line 29 skipping to change at line 200
Note that, per the rules for the keys defined in Section 6.4 of Note that, per the rules for the keys defined in Section 6.4 of
[RFC6763], if there is no '=' in a key, then it is a boolean [RFC6763], if there is no '=' in a key, then it is a boolean
attribute, simply identified as being present, with no value. attribute, simply identified as being present, with no value.
The presence of this key indicates that the DNS resolver is The presence of this key indicates that the DNS resolver is
configured to minimise the amount of privacy-sensitive data sent configured to minimise the amount of privacy-sensitive data sent
to an authoritative name server. to an authoritative name server.
This is an optional attribute. This is an optional attribute.
exterr: If the DNS resolver supports extended DNS errors (EDE) exterr: If the DNS resolver supports the EDE option defined in
option [RFC8914] to return additional information about the cause [RFC8914] to return additional information about the cause of DNS
of DNS errors, the value of this key lists the possible extended errors, the value of this key lists the possible EDE codes that
DNS error codes that can be returned by this DNS resolver. A can be returned by this DNS resolver. A value can be an
value can be an individual EDE or a range of EDEs. Range values individual EDE or a range of EDEs. Range values MUST be
MUST be identified by "-". When multiple non-contiguous values identified by "-". When multiple non-contiguous values are
are present, these values MUST be comma-separated. present, these values MUST be comma-separated.
Returned EDEs (e.g., Blocked (15), Censored (16), and Filtered Returned EDEs (e.g., Blocked (15), Censored (16), and Filtered
(17)) indicate whether the DNS resolver is configured to reveal (17)) indicate whether the DNS resolver is configured to reveal
the reason why a query was filtered/blocked, when such event the reason why a query was filtered/blocked when such an event
happens. If the resolver's capabilities are updated to include happens. If the resolver's capabilities are updated to include
new similar error codes, the resolver can terminate the TLS new similar error codes, the resolver can terminate the TLS
session, prompting the client to initiate a new TLS connection and session, prompting the client to initiate a new TLS connection and
retrieve the resolver information again. This allows the client retrieve the resolver information again. This allows the client
to become aware of the resolver's updated capabilities. to become aware of the resolver's updated capabilities.
Alternatively, if the client receives an EDE for a DNS request, Alternatively, if the client receives an EDE for a DNS request,
but that EDE was not listed in the "exterr", the client can query but that EDE was not listed in the "exterr", the client can query
the resolver again to learn about the updated resolver's the resolver again to learn about the updated resolver's
capabilities to return new error codes. If a mismatch still capabilities to return new error codes. If a mismatch still
exists, the client can identify that the resolver information is exists, the client can identify that the resolver information is
inaccurate and discard it. inaccurate and discard it.
This is an optional attribute. This is an optional attribute.
infourl: An URL that points to the generic unstructured resolver infourl: A URL that points to the generic unstructured resolver
information (e.g., DoH APIs supported, possible HTTP status codes information (e.g., DoH APIs supported, possible HTTP status codes
returned by the DoH server, or how to report a problem) for returned by the DoH server, or how to report a problem) for
troubleshooting purposes. The server that exposes such troubleshooting purposes. The server that exposes such
information is called "resolver information server". information is called "resolver information server".
The resolver information server MUST support only the content-type The resolver information server MUST support only the content-type
'text/html' for the resolver information. The DNS client MUST "text/html" for the resolver information. The DNS client MUST
reject invalid the URL if the scheme is not "https". Invalid URLs reject the URL as invalid if the scheme is not "https". Invalid
MUST be ignored. The URL MUST be treated only as diagnostic URLs MUST be ignored. The URL MUST be treated only as diagnostic
information for IT staff. It is not intended for end user information for IT staff. It is not intended for end-user
consumption as the URL can possibly provide misleading consumption as the URL can possibly provide misleading
information. information.
This key can be used by IT staff to retrieve other useful This key can be used by IT staff to retrieve other useful
information about the resolver and also the procedure to report information about the resolver and also the procedure to report
problems (e.g., invalid filtering). problems (e.g., invalid filtering).
This is an optional attribute. This is an optional attribute.
New keys can be defined as per the procedure defined in Section 8.2. New keys can be defined as per the procedure defined in Section 8.2.
6. An Example 6. An Example
Figure 1 shows an example of a published resolver information record. Figure 1 shows an example of a published resolver information record.
resolver.example.net. 7200 IN RESINFO qnamemin exterr=15-17 resolver.example.net. 7200 IN RESINFO qnamemin exterr=15-17
infourl=https://resolver.example.com/guide infourl=https://resolver.example.com/guide
Figure 1: An Example of Resolver Information Record Figure 1: An Example of a Resolver Information Record
As mentioned in Section 3, a DNS client that discovers the ADN As mentioned in Section 3, a DNS client that discovers the ADN
"resolver.example.net" of its resolver using DNR will issue a query "resolver.example.net" of its resolver using DNR will issue a query
for RESINFO RR QTYPE for that ADN and will learn that the resolver: for RESINFO RR QTYPE for that ADN and will learn that:
* enables QNAME minimisation, * the resolver enables QNAME minimisation,
* can return Blocked (15), Censored (16), and Filtered (17) EDEs, * the resolver can return Blocked (15), Censored (16), and Filtered
and (17) EDEs, and
* that more information can be retrieved from * more information can be retrieved from
https://resolver.example.com/guide. "https://resolver.example.com/guide".
7. Security Considerations 7. Security Considerations
DNS clients communicating with discovered DNS resolvers MUST use one DNS clients communicating with discovered DNS resolvers MUST use one
of the following measures to prevent DNS response forgery attacks: of the following measures to prevent DNS response forgery attacks:
1. Establish an authenticated secure connection to the DNS resolver. 1. Establish an authenticated secure connection to the DNS resolver.
2. Implement local DNSSEC validation (Section 10 of [RFC8499]) to 2. Implement local DNSSEC validation (Section 10 of [RFC8499]) to
verify the authenticity of the resolver information. verify the authenticity of the resolver information.
It is important to note that, of these two measures, only the first It is important to note that, of these two measures, only the first
one can apply to queries for 'resolver.arpa'. one can apply to queries for "resolver.arpa".
An encrypted resolver may return incorrect information in RESINFO. An encrypted resolver may return incorrect information in RESINFO.
If the client cannot validate the attributes received from the If the client cannot validate the attributes received from the
resolver, that will be used for resolver selection or displayed to resolver, which will be used for resolver selection or displayed to
the end-user, the client should process those attributes only if the the end user, the client should process those attributes only if the
encrypted resolver has sufficient reputation according to local encrypted resolver has sufficient reputation according to local
policy (e.g., user configuration, administrative configuration, or a policy (e.g., user configuration, administrative configuration, or a
built-in list of reputable resolvers). This approach limits the built-in list of reputable resolvers). This approach limits the
ability of a malicious encrypted resolver to cause harm with false ability of a malicious encrypted resolver to cause harm with false
claims. claims.
8. IANA Considerations 8. IANA Considerations
Note to the RFC Editor: Please update "RFCXXXX" occurrences with
the RFC number to be assigned to this document.
8.1. RESINFO RR Type 8.1. RESINFO RR Type
This document requests IANA to update this entry from the "Resource IANA has updated the "Resource Record (RR) TYPEs" registry under the
Record (RR) TYPEs" registry of the "Domain Name System (DNS) "Domain Name System (DNS) Parameters" registry group [RRTYPE] as
Parameters" registry group available at [RRTYPE]: follows:
Type: RESINFO Type: RESINFO
Value: 261 Value: 261
Meaning: Resolver Information as Key/Value Pairs Meaning: Resolver Information as Key/Value Pairs
Reference: RFCXXXX Reference: RFC 9606
8.2. DNS Resolver Information Key Registration 8.2. DNS Resolver Information Keys Registration
This document requests IANA to create a new registry entitled "DNS IANA has created a new registry called "DNS Resolver Information
Resolver Information Keys" under the "Domain Name System (DNS) Keys" under the "Domain Name System (DNS) Parameters" registry group
Parameters" registry group ([IANA-DNS]). This new registry contains [IANA-DNS]. This new registry contains definitions of the keys that
definitions of the keys that can be used to provide the resolver can be used to provide the resolver information.
information.
The registration procedure is Specification Required (Section 4.6 of The registration procedure is Specification Required (Section 4.6 of
[RFC8126]). Designated experts should carefully consider the [RFC8126]). Designated experts should carefully consider the
security implications of allowing a resolver to include new keys in security implications of allowing a resolver to include new keys in
this registry. Additional considerations are provided in this registry. Additional considerations are provided in
Section 8.3. Section 8.3.
The structure of the registry is as follows: The structure of the registry is as follows:
Name: The key name. The name MUST conform to the definition in Name: The key name. The name MUST conform to the definition in
Section 4 of this document. The IANA registry MUST NOT register Section 4 of this document. The IANA registry MUST NOT register
names that begin with "temp-", so these names can be used freely names that begin with "temp-" so that these names can be used
by any implementer. freely by any implementer.
Description: A description of the registered key. Description: A description of the registered key.
Specification: The reference specification for the registered Reference: The reference specification for the registered element.
element.
The initial content of this registry is provided in Table 1. The initial contents of this registry are provided in Table 1.
+==========+=====================================+===============+ +==========+=====================================+===========+
| Name | Description | Specification | | Name | Description | Reference |
+==========+=====================================+===============+ +==========+=====================================+===========+
| qnamemin | The presence of the key name | RFCXXXX | | qnamemin | The presence of the key name | RFC 9606 |
| | indicates that QNAME minimization | | | | indicates that QNAME minimisation | |
| | is enabled | | | | is enabled. | |
+----------+-------------------------------------+---------------+ +----------+-------------------------------------+-----------+
| exterr | Lists the set of enabled extended | RFCXXXX | | exterr | Lists the set of enabled extended | RFC 9606 |
| | DNS errors. It must be an INFO- | | | | DNS errors. It must be an INFO- | |
| | CODE decimal value in the "Extended | | | | CODE decimal value in the "Extended | |
| | DNS Error Codes" registry. | | | | DNS Error Codes" registry | |
+----------+-------------------------------------+---------------+ | | <https://www.iana.org/assignments/ | |
| infourl | Provides an URL that points to an | RFCXXXX | | | dns-parameters/>. | |
| | unstructured resolver information | | +----------+-------------------------------------+-----------+
| | that is used for troubleshooting | | | infourl | Provides a URL that points to | RFC 9606 |
+----------+-------------------------------------+---------------+ | | unstructured resolver information | |
| | that is used for troubleshooting. | |
+----------+-------------------------------------+-----------+
Table 1: Initial RESINFO Registry Table 1: Initial Contents of the DNS Resolver Information
Keys Registry
8.3. Guidelines for the Designated Experts 8.3. Guidelines for the Designated Experts
It is suggested that multiple designated experts be appointed for It is suggested that multiple designated experts be appointed for
registry change requests. registry change requests.
Criteria that should be applied by the designated experts include Criteria that should be applied by the designated experts include
determining whether the proposed registration duplicates existing determining whether the proposed registration duplicates existing
entries and whether the registration description is clear and fits entries and whether the registration description is clear and fits
the purpose of this registry. the purpose of this registry.
Registration requests are evaluated within a three-week review period Registration requests are evaluated within a two-week review period
on the advice of one or more designated experts. Within the review on the advice of one or more designated experts. Within the review
period, the designated experts will either approve or deny the period, the designated experts will either approve or deny the
registration request, communicating this decision to IANA. Denials registration request, communicating this decision to IANA. Denials
should include an explanation and, if applicable, suggestions as to should include an explanation and, if applicable, suggestions as to
how to make the request successful. how to make the request successful.
9. References 9. References
9.1. Normative References 9.1. Normative References
[RFC1035] Mockapetris, P., "Domain names - implementation and [RFC1035] Mockapetris, P., "Domain names - implementation and
specification", STD 13, RFC 1035, DOI 10.17487/RFC1035, specification", STD 13, RFC 1035, DOI 10.17487/RFC1035,
November 1987, <https://www.rfc-editor.org/rfc/rfc1035>. November 1987, <https://www.rfc-editor.org/info/rfc1035>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/rfc/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC6763] Cheshire, S. and M. Krochmal, "DNS-Based Service [RFC6763] Cheshire, S. and M. Krochmal, "DNS-Based Service
Discovery", RFC 6763, DOI 10.17487/RFC6763, February 2013, Discovery", RFC 6763, DOI 10.17487/RFC6763, February 2013,
<https://www.rfc-editor.org/rfc/rfc6763>. <https://www.rfc-editor.org/info/rfc6763>.
[RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for
Writing an IANA Considerations Section in RFCs", BCP 26, Writing an IANA Considerations Section in RFCs", BCP 26,
RFC 8126, DOI 10.17487/RFC8126, June 2017, RFC 8126, DOI 10.17487/RFC8126, June 2017,
<https://www.rfc-editor.org/rfc/rfc8126>. <https://www.rfc-editor.org/info/rfc8126>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/rfc/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8914] Kumari, W., Hunt, E., Arends, R., Hardaker, W., and D. [RFC8914] Kumari, W., Hunt, E., Arends, R., Hardaker, W., and D.
Lawrence, "Extended DNS Errors", RFC 8914, Lawrence, "Extended DNS Errors", RFC 8914,
DOI 10.17487/RFC8914, October 2020, DOI 10.17487/RFC8914, October 2020,
<https://www.rfc-editor.org/rfc/rfc8914>. <https://www.rfc-editor.org/info/rfc8914>.
[RFC9156] Bortzmeyer, S., Dolmans, R., and P. Hoffman, "DNS Query [RFC9156] Bortzmeyer, S., Dolmans, R., and P. Hoffman, "DNS Query
Name Minimisation to Improve Privacy", RFC 9156, Name Minimisation to Improve Privacy", RFC 9156,
DOI 10.17487/RFC9156, November 2021, DOI 10.17487/RFC9156, November 2021,
<https://www.rfc-editor.org/rfc/rfc9156>. <https://www.rfc-editor.org/info/rfc9156>.
[RFC9462] Pauly, T., Kinnear, E., Wood, C. A., McManus, P., and T. [RFC9462] Pauly, T., Kinnear, E., Wood, C. A., McManus, P., and T.
Jensen, "Discovery of Designated Resolvers", RFC 9462, Jensen, "Discovery of Designated Resolvers", RFC 9462,
DOI 10.17487/RFC9462, November 2023, DOI 10.17487/RFC9462, November 2023,
<https://www.rfc-editor.org/rfc/rfc9462>. <https://www.rfc-editor.org/info/rfc9462>.
[RFC9463] Boucadair, M., Ed., Reddy.K, T., Ed., Wing, D., Cook, N., [RFC9463] Boucadair, M., Ed., Reddy.K, T., Ed., Wing, D., Cook, N.,
and T. Jensen, "DHCP and Router Advertisement Options for and T. Jensen, "DHCP and Router Advertisement Options for
the Discovery of Network-designated Resolvers (DNR)", the Discovery of Network-designated Resolvers (DNR)",
RFC 9463, DOI 10.17487/RFC9463, November 2023, RFC 9463, DOI 10.17487/RFC9463, November 2023,
<https://www.rfc-editor.org/rfc/rfc9463>. <https://www.rfc-editor.org/info/rfc9463>.
9.2. Informative References 9.2. Informative References
[I-D.pp-add-resinfo] [IANA-DNS] IANA, "Domain Name System (DNS) Parameters",
Sood, P. and P. E. Hoffman, "DNS Resolver Information <https://www.iana.org/assignments/dns-parameters/>.
Self-publication", Work in Progress, Internet-Draft,
draft-pp-add-resinfo-02, 30 June 2020, [RESINFO] Sood, P. and P. Hoffman, "DNS Resolver Information Self-
publication", Work in Progress, Internet-Draft, draft-pp-
add-resinfo-02, 30 June 2020,
<https://datatracker.ietf.org/doc/html/draft-pp-add- <https://datatracker.ietf.org/doc/html/draft-pp-add-
resinfo-02>. resinfo-02>.
[IANA-DNS] IANA, "Domain Name System (DNS) Parameters",
<http://www.iana.org/assignments/dns-parameters/dns-
parameters.xhtml#dns-parameters-4>.
[RFC7070] Borenstein, N. and M. Kucherawy, "An Architecture for [RFC7070] Borenstein, N. and M. Kucherawy, "An Architecture for
Reputation Reporting", RFC 7070, DOI 10.17487/RFC7070, Reputation Reporting", RFC 7070, DOI 10.17487/RFC7070,
November 2013, <https://www.rfc-editor.org/rfc/rfc7070>. November 2013, <https://www.rfc-editor.org/info/rfc7070>.
[RFC7858] Hu, Z., Zhu, L., Heidemann, J., Mankin, A., Wessels, D., [RFC7858] Hu, Z., Zhu, L., Heidemann, J., Mankin, A., Wessels, D.,
and P. Hoffman, "Specification for DNS over Transport and P. Hoffman, "Specification for DNS over Transport
Layer Security (TLS)", RFC 7858, DOI 10.17487/RFC7858, May Layer Security (TLS)", RFC 7858, DOI 10.17487/RFC7858, May
2016, <https://www.rfc-editor.org/rfc/rfc7858>. 2016, <https://www.rfc-editor.org/info/rfc7858>.
[RFC8484] Hoffman, P. and P. McManus, "DNS Queries over HTTPS [RFC8484] Hoffman, P. and P. McManus, "DNS Queries over HTTPS
(DoH)", RFC 8484, DOI 10.17487/RFC8484, October 2018, (DoH)", RFC 8484, DOI 10.17487/RFC8484, October 2018,
<https://www.rfc-editor.org/rfc/rfc8484>. <https://www.rfc-editor.org/info/rfc8484>.
[RFC8499] Hoffman, P., Sullivan, A., and K. Fujiwara, "DNS [RFC8499] Hoffman, P., Sullivan, A., and K. Fujiwara, "DNS
Terminology", RFC 8499, DOI 10.17487/RFC8499, January Terminology", RFC 8499, DOI 10.17487/RFC8499, January
2019, <https://www.rfc-editor.org/rfc/rfc8499>. 2019, <https://www.rfc-editor.org/info/rfc8499>.
[RFC9250] Huitema, C., Dickinson, S., and A. Mankin, "DNS over [RFC9250] Huitema, C., Dickinson, S., and A. Mankin, "DNS over
Dedicated QUIC Connections", RFC 9250, Dedicated QUIC Connections", RFC 9250,
DOI 10.17487/RFC9250, May 2022, DOI 10.17487/RFC9250, May 2022,
<https://www.rfc-editor.org/rfc/rfc9250>. <https://www.rfc-editor.org/info/rfc9250>.
[RRTYPE] IANA, "Resource Record (RR) TYPEs", [RRTYPE] IANA, "Resource Record (RR) TYPEs",
<https://www.iana.org/assignments/dns-parameters/dns- <https://www.iana.org/assignments/dns-parameters/>.
parameters.xhtml>.
Acknowledgments Acknowledgments
This specification leverages the work that has been documented in This specification leverages the work that has been documented in
[I-D.pp-add-resinfo]. [RESINFO].
Thanks to Tommy Jensen, Vittorio Bertola, Vinny Parla, Chris Box, Ben Thanks to Tommy Jensen, Vittorio Bertola, Vinny Parla, Chris Box, Ben
Schwartz, Tony Finch, Daniel Kahn Gillmor, Eric Rescorla, Shashank Schwartz, Tony Finch, Daniel Kahn Gillmor, Eric Rescorla, Shashank
Jain, Florian Obser, Richard Baldry, and Martin Thomson for the Jain, Florian Obser, Richard Baldry, and Martin Thomson for the
discussion and comments. discussion and comments.
Thanks to Mark Andrews, Joe Abley, Paul Wouters, and Tim Wicinski for Thanks to Mark Andrews, Joe Abley, Paul Wouters, and Tim Wicinski for
the discussion on the RR formatting rules. the discussion on RR formatting rules.
Special thanks to Tommy Jensen for the careful and thoughtful Special thanks to Tommy Jensen for the careful and thoughtful
Shepherd review. Shepherd review.
Thanks to Johan Stenstam and Jim Reid for the dns-dir reviews, Ray Thanks to Johan Stenstam and Jim Reid for the dns-dir reviews, Ray
Bellis for the RRTYPE allocation review, Arnt Gulbrandsen for the ART Bellis for the RRTYPE allocation review, Arnt Gulbrandsen for the ART
review, and Mallory Knodel for the gen-art review. review, and Mallory Knodel for the gen-art review.
Thanks to Eric Vyncke for the AD review. Thanks to Éric Vyncke for the AD review.
Thanks to Gunter Van de Velde, Erik Kline, Paul Wouters, Orie Steele, Thanks to Gunter Van de Velde, Erik Kline, Paul Wouters, Orie Steele,
Warren Kumari, Roman Danyliw, and Murray Kucherawy for the IESG Warren Kumari, Roman Danyliw, and Murray Kucherawy for the IESG
review. review.
Authors' Addresses Authors' Addresses
Tirumaleswar Reddy Tirumaleswar Reddy.K
Nokia Nokia
India India
Email: kondtir@gmail.com Email: kondtir@gmail.com
Mohamed Boucadair Mohamed Boucadair
Orange Orange
35000 Rennes 35000 Rennes
France France
Email: mohamed.boucadair@orange.com Email: mohamed.boucadair@orange.com
 End of changes. 62 change blocks. 
158 lines changed or deleted 139 lines changed or added

This html diff was produced by rfcdiff 1.48.