1 Network Working Group P. Mockapetris
2 Request for Comments: 1035 ISI
3 November 1987
4 Obsoletes: RFCs 882, 883, 973
5
6 DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION
7
8
9 1. STATUS OF THIS MEMO
10
11 This RFC describes the details of the domain system and protocol, and
12 assumes that the reader is familiar with the concepts discussed in a
13 companion RFC, "Domain Names - Concepts and Facilities" [RFC-1034].
14
15 The domain system is a mixture of functions and data types which are an
16 official protocol and functions and data types which are still
17 experimental. Since the domain system is intentionally extensible, new
18 data types and experimental behavior should always be expected in parts
19 of the system beyond the official protocol. The official protocol parts
20 include standard queries, responses and the Internet class RR data
21 formats (e.g., host addresses). Since the previous RFC set, several
22 definitions have changed, so some previous definitions are obsolete.
23
24 Experimental or obsolete features are clearly marked in these RFCs, and
25 such information should be used with caution.
26
27 The reader is especially cautioned not to depend on the values which
28 appear in examples to be current or complete, since their purpose is
29 primarily pedagogical. Distribution of this memo is unlimited.
30
31 Table of Contents
32
33 1. STATUS OF THIS MEMO 1
34 2. INTRODUCTION 3
35 2.1. Overview 3
36 2.2. Common configurations 4
37 2.3. Conventions 7
38 2.3.1. Preferred name syntax 7
39 2.3.2. Data Transmission Order 8
40 2.3.3. Character Case 9
41 2.3.4. Size limits 10
42 3. DOMAIN NAME SPACE AND RR DEFINITIONS 10
43 3.1. Name space definitions 10
44 3.2. RR definitions 11
45 3.2.1. Format 11
46 3.2.2. TYPE values 12
47 3.2.3. QTYPE values 12
48 3.2.4. CLASS values 13
49
50
51
52 Mockapetris [Page 1]
53 RFC 1035 Domain Implementation and Specification November 1987
54
55
56 3.2.5. QCLASS values 13
57 3.3. Standard RRs 13
58 3.3.1. CNAME RDATA format 14
59 3.3.2. HINFO RDATA format 14
60 3.3.3. MB RDATA format (EXPERIMENTAL) 14
61 3.3.4. MD RDATA format (Obsolete) 15
62 3.3.5. MF RDATA format (Obsolete) 15
63 3.3.6. MG RDATA format (EXPERIMENTAL) 16
64 3.3.7. MINFO RDATA format (EXPERIMENTAL) 16
65 3.3.8. MR RDATA format (EXPERIMENTAL) 17
66 3.3.9. MX RDATA format 17
67 3.3.10. NULL RDATA format (EXPERIMENTAL) 17
68 3.3.11. NS RDATA format 18
69 3.3.12. PTR RDATA format 18
70 3.3.13. SOA RDATA format 19
71 3.3.14. TXT RDATA format 20
72 3.4. ARPA Internet specific RRs 20
73 3.4.1. A RDATA format 20
74 3.4.2. WKS RDATA format 21
75 3.5. IN-ADDR.ARPA domain 22
76 3.6. Defining new types, classes, and special namespaces 24
77 4. MESSAGES 25
78 4.1. Format 25
79 4.1.1. Header section format 26
80 4.1.2. Question section format 28
81 4.1.3. Resource record format 29
82 4.1.4. Message compression 30
83 4.2. Transport 32
84 4.2.1. UDP usage 32
85 4.2.2. TCP usage 32
86 5. MASTER FILES 33
87 5.1. Format 33
88 5.2. Use of master files to define zones 35
89 5.3. Master file example 36
90 6. NAME SERVER IMPLEMENTATION 37
91 6.1. Architecture 37
92 6.1.1. Control 37
93 6.1.2. Database 37
94 6.1.3. Time 39
95 6.2. Standard query processing 39
96 6.3. Zone refresh and reload processing 39
97 6.4. Inverse queries (Optional) 40
98 6.4.1. The contents of inverse queries and responses 40
99 6.4.2. Inverse query and response example 41
100 6.4.3. Inverse query processing 42
101
102
103
104
105
106
107 Mockapetris [Page 2]
108 RFC 1035 Domain Implementation and Specification November 1987
109
110
111 6.5. Completion queries and responses 42
112 7. RESOLVER IMPLEMENTATION 43
113 7.1. Transforming a user request into a query 43
114 7.2. Sending the queries 44
115 7.3. Processing responses 46
116 7.4. Using the cache 47
117 8. MAIL SUPPORT 47
118 8.1. Mail exchange binding 48
119 8.2. Mailbox binding (Experimental) 48
120 9. REFERENCES and BIBLIOGRAPHY 50
121 Index 54
122
123 2. INTRODUCTION
124
125 2.1. Overview
126
127 The goal of domain names is to provide a mechanism for naming resources
128 in such a way that the names are usable in different hosts, networks,
129 protocol families, internets, and administrative organizations.
130
131 From the user's point of view, domain names are useful as arguments to a
132 local agent, called a resolver, which retrieves information associated
133 with the domain name. Thus a user might ask for the host address or
134 mail information associated with a particular domain name. To enable
135 the user to request a particular type of information, an appropriate
136 query type is passed to the resolver with the domain name. To the user,
137 the domain tree is a single information space; the resolver is
138 responsible for hiding the distribution of data among name servers from
139 the user.
140
141 From the resolver's point of view, the database that makes up the domain
142 space is distributed among various name servers. Different parts of the
143 domain space are stored in different name servers, although a particular
144 data item will be stored redundantly in two or more name servers. The
145 resolver starts with knowledge of at least one name server. When the
146 resolver processes a user query it asks a known name server for the
147 information; in return, the resolver either receives the desired
148 information or a referral to another name server. Using these
149 referrals, resolvers learn the identities and contents of other name
150 servers. Resolvers are responsible for dealing with the distribution of
151 the domain space and dealing with the effects of name server failure by
152 consulting redundant databases in other servers.
153
154 Name servers manage two kinds of data. The first kind of data held in
155 sets called zones; each zone is the complete database for a particular
156 "pruned" subtree of the domain space. This data is called
157 authoritative. A name server periodically checks to make sure that its
158 zones are up to date, and if not, obtains a new copy of updated zones
159
160
161
162 Mockapetris [Page 3]
163 RFC 1035 Domain Implementation and Specification November 1987
164
165
166 from master files stored locally or in another name server. The second
167 kind of data is cached data which was acquired by a local resolver.
168 This data may be incomplete, but improves the performance of the
169 retrieval process when non-local data is repeatedly accessed. Cached
170 data is eventually discarded by a timeout mechanism.
171
172 This functional structure isolates the problems of user interface,
173 failure recovery, and distribution in the resolvers and isolates the
174 database update and refresh problems in the name servers.
175
176 2.2. Common configurations
177
178 A host can participate in the domain name system in a number of ways,
179 depending on whether the host runs programs that retrieve information
180 from the domain system, name servers that answer queries from other
181 hosts, or various combinations of both functions. The simplest, and
182 perhaps most typical, configuration is shown below:
183
184 Local Host | Foreign
185 |
186 +---------+ +----------+ | +--------+
187 | | user queries | |queries | | |
188 | User |-------------->| |---------|->|Foreign |
189 | Program | | Resolver | | | Name |
190 | |<--------------| |<--------|--| Server |
191 | | user responses| |responses| | |
192 +---------+ +----------+ | +--------+
193 | A |
194 cache additions | | references |
195 V | |
196 +----------+ |
197 | cache | |
198 +----------+ |
199
200 User programs interact with the domain name space through resolvers; the
201 format of user queries and user responses is specific to the host and
202 its operating system. User queries will typically be operating system
203 calls, and the resolver and its cache will be part of the host operating
204 system. Less capable hosts may choose to implement the resolver as a
205 subroutine to be linked in with every program that needs its services.
206 Resolvers answer user queries with information they acquire via queries
207 to foreign name servers and the local cache.
208
209 Note that the resolver may have to make several queries to several
210 different foreign name servers to answer a particular user query, and
211 hence the resolution of a user query may involve several network
212 accesses and an arbitrary amount of time. The queries to foreign name
213 servers and the corresponding responses have a standard format described
214
215
216
217 Mockapetris [Page 4]
218 RFC 1035 Domain Implementation and Specification November 1987
219
220
221 in this memo, and may be datagrams.
222
223 Depending on its capabilities, a name server could be a stand alone
224 program on a dedicated machine or a process or processes on a large
225 timeshared host. A simple configuration might be:
226
227 Local Host | Foreign
228 |
229 +---------+ |
230 / /| |
231 +---------+ | +----------+ | +--------+
232 | | | | |responses| | |
233 | | | | Name |---------|->|Foreign |
234 | Master |-------------->| Server | | |Resolver|
235 | files | | | |<--------|--| |
236 | |/ | | queries | +--------+
237 +---------+ +----------+ |
238
239 Here a primary name server acquires information about one or more zones
240 by reading master files from its local file system, and answers queries
241 about those zones that arrive from foreign resolvers.
242
243 The DNS requires that all zones be redundantly supported by more than
244 one name server. Designated secondary servers can acquire zones and
245 check for updates from the primary server using the zone transfer
246 protocol of the DNS. This configuration is shown below:
247
248 Local Host | Foreign
249 |
250 +---------+ |
251 / /| |
252 +---------+ | +----------+ | +--------+
253 | | | | |responses| | |
254 | | | | Name |---------|->|Foreign |
255 | Master |-------------->| Server | | |Resolver|
256 | files | | | |<--------|--| |
257 | |/ | | queries | +--------+
258 +---------+ +----------+ |
259 A |maintenance | +--------+
260 | +------------|->| |
261 | queries | |Foreign |
262 | | | Name |
263 +------------------|--| Server |
264 maintenance responses | +--------+
265
266 In this configuration, the name server periodically establishes a
267 virtual circuit to a foreign name server to acquire a copy of a zone or
268 to check that an existing copy has not changed. The messages sent for
269
270
271
272 Mockapetris [Page 5]
273 RFC 1035 Domain Implementation and Specification November 1987
274
275
276 these maintenance activities follow the same form as queries and
277 responses, but the message sequences are somewhat different.
278
279 The information flow in a host that supports all aspects of the domain
280 name system is shown below:
281
282 Local Host | Foreign
283 |
284 +---------+ +----------+ | +--------+
285 | | user queries | |queries | | |
286 | User |-------------->| |---------|->|Foreign |
287 | Program | | Resolver | | | Name |
288 | |<--------------| |<--------|--| Server |
289 | | user responses| |responses| | |
290 +---------+ +----------+ | +--------+
291 | A |
292 cache additions | | references |
293 V | |
294 +----------+ |
295 | Shared | |
296 | database | |
297 +----------+ |
298 A | |
299 +---------+ refreshes | | references |
300 / /| | V |
301 +---------+ | +----------+ | +--------+
302 | | | | |responses| | |
303 | | | | Name |---------|->|Foreign |
304 | Master |-------------->| Server | | |Resolver|
305 | files | | | |<--------|--| |
306 | |/ | | queries | +--------+
307 +---------+ +----------+ |
308 A |maintenance | +--------+
309 | +------------|->| |
310 | queries | |Foreign |
311 | | | Name |
312 +------------------|--| Server |
313 maintenance responses | +--------+
314
315 The shared database holds domain space data for the local name server
316 and resolver. The contents of the shared database will typically be a
317 mixture of authoritative data maintained by the periodic refresh
318 operations of the name server and cached data from previous resolver
319 requests. The structure of the domain data and the necessity for
320 synchronization between name servers and resolvers imply the general
321 characteristics of this database, but the actual format is up to the
322 local implementor.
323
324
325
326
327 Mockapetris [Page 6]
328 RFC 1035 Domain Implementation and Specification November 1987
329
330
331 Information flow can also be tailored so that a group of hosts act
332 together to optimize activities. Sometimes this is done to offload less
333 capable hosts so that they do not have to implement a full resolver.
334 This can be appropriate for PCs or hosts which want to minimize the
The IETF is responsible for the creation and maintenance of the DNS RFCs. The ICANN DNS RFC annotation project provides a forum for collecting community annotations on these RFCs as an aid to understanding for implementers and any interested parties. The annotations displayed here are not the result of the IETF consensus process.
This RFC is included in the DNS RFCs annotation project whose home page is here.
This RFC is implemented in BIND 9.18 (all versions).
Many of the RFCs that are listed as updating RFC 1035 actually just mention it, but don't actually update anything here. For example, many of them simply define new RRtypes, which is not really an update to RFC 1035, just to the IANA registry it created. The RFCs that do update RFC 1035 are listed throughout this document.
335 amount of new network code which is required. This scheme can also
336 allow a group of hosts can share a small number of caches rather than
337 maintaining a large number of separate caches, on the premise that the
338 centralized caches will have a higher hit ratio. In either case,
339 resolvers are replaced with stub resolvers which act as front ends to
340 resolvers located in a recursive server in one or more name servers
341 known to perform that service:
342
343 Local Hosts | Foreign
344 |
345 +---------+ |
346 | | responses |
347 | Stub |<--------------------+ |
348 | Resolver| | |
349 | |----------------+ | |
350 +---------+ recursive | | |
351 queries | | |
352 V | |
353 +---------+ recursive +----------+ | +--------+
354 | | queries | |queries | | |
355 | Stub |-------------->| Recursive|---------|->|Foreign |
356 | Resolver| | Server | | | Name |
357 | |<--------------| |<--------|--| Server |
358 +---------+ responses | |responses| | |
359 +----------+ | +--------+
360 | Central | |
361 | cache | |
362 +----------+ |
363
364 In any case, note that domain components are always replicated for
365 reliability whenever possible.
366
367 2.3. Conventions
368
369 The domain system has several conventions dealing with low-level, but
370 fundamental, issues. While the implementor is free to violate these
371 conventions WITHIN HIS OWN SYSTEM, he must observe these conventions in
372 ALL behavior observed from other hosts.
373
amount of new network code which is required. This scheme can also allow a group of hosts can share a small number of caches rather than maintaining a large number of separate caches, on the premise that the centralized caches will have a higher hit ratio. In either case,
amount of new network code which is required. This scheme can also allow a group of hostscanto share a small number of caches rather than maintaining a large number of separate caches, on the premise that the centralized caches will have a higher hit ratio. In either case,
374 2.3.1. Preferred name syntax
375
376 The DNS specifications attempt to be as general as possible in the rules
377 for constructing domain names. The idea is that the name of any
378 existing object can be expressed as a domain name with minimal changes.
379
380
381
382 Mockapetris [Page 7]
383 RFC 1035 Domain Implementation and Specification November 1987
384
385
386 However, when assigning a domain name for an object, the prudent user
387 will select a name which satisfies both the rules of the domain system
388 and any existing rules for the object, whether these rules are published
389 or implied by existing programs.
390
391 For example, when naming a mail domain, the user should satisfy both the
392 rules of this memo and those in RFC-822. When creating a new host name,
393 the old rules for HOSTS.TXT should be followed. This avoids problems
394 when old software is converted to use domain names.
395
396 The following syntax will result in fewer problems with many
397
398 applications that use domain names (e.g., mail, TELNET).
399
400 <domain> ::= <subdomain> | " "
401
402 <subdomain> ::= <label> | <subdomain> "." <label>
403
404 <label> ::= <letter> [ [ <ldh-str> ] <let-dig> ]
405
406 <ldh-str> ::= <let-dig-hyp> | <let-dig-hyp> <ldh-str>
407
408 <let-dig-hyp> ::= <let-dig> | "-"
409
410 <let-dig> ::= <letter> | <digit>
411
412 <letter> ::= any one of the 52 alphabetic characters A through Z in
413 upper case and a through z in lower case
414
415 <digit> ::= any one of the ten digits 0 through 9
416
The following syntax will result in fewer problems with many applications that use domain names (e.g., mail, TELNET).
The following syntax will result in fewer problems with many applications that use domain names (e.g., mail, TELNET).
In section "2.3.1. Preferred name syntax" of RFC 1035, there occures a double newline in the middle of a sentence. This double newline should be replaced by a single newline.
417 Note that while upper and lower case letters are allowed in domain
418 names, no significance is attached to the case. That is, two names with
419 the same spelling but different case are to be treated as if identical.
420
421 The labels must follow the rules for ARPANET host names. They must
422 start with a letter, end with a letter or digit, and have as interior
423 characters only letters, digits, and hyphen. There are also some
424 restrictions on the length. Labels must be 63 characters or less.
425
426 For example, the following strings identify hosts in the Internet:
427
428 A.ISI.EDU XX.LCS.MIT.EDU SRI-NIC.ARPA
429
430 2.3.2. Data Transmission Order
431
432 The order of transmission of the header and data described in this
433 document is resolved to the octet level. Whenever a diagram shows a
434
435
436
437 Mockapetris [Page 8]
438 RFC 1035 Domain Implementation and Specification November 1987
439
440
441 group of octets, the order of transmission of those octets is the normal
442 order in which they are read in English. For example, in the following
443 diagram, the octets are transmitted in the order they are numbered.
444
445 0 1
446 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
447 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
448 | 1 | 2 |
449 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
450 | 3 | 4 |
451 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
452 | 5 | 6 |
453 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
454
455 Whenever an octet represents a numeric quantity, the left most bit in
456 the diagram is the high order or most significant bit. That is, the bit
457 labeled 0 is the most significant bit. For example, the following
458 diagram represents the value 170 (decimal).
459
460 0 1 2 3 4 5 6 7
461 +-+-+-+-+-+-+-+-+
462 |1 0 1 0 1 0 1 0|
463 +-+-+-+-+-+-+-+-+
464
465 Similarly, whenever a multi-octet field represents a numeric quantity
466 the left most bit of the whole field is the most significant bit. When
467 a multi-octet quantity is transmitted the most significant octet is
468 transmitted first.
469
All of RFC4343 is relevant to any discussion of the case of characters.
470 2.3.3. Character Case
471
472 For all parts of the DNS that are part of the official protocol, all
473 comparisons between character strings (e.g., labels, domain names, etc.)
474 are done in a case-insensitive manner. At present, this rule is in
475 force throughout the domain system without exception. However, future
476 additions beyond current usage may need to use the full binary octet
477 capabilities in names, so attempts to store domain names in 7-bit ASCII
478 or use of special bytes to terminate labels, etc., should be avoided.
479
480 When data enters the domain system, its original case should be
481 preserved whenever possible. In certain circumstances this cannot be
482 done. For example, if two RRs are stored in a database, one at x.y and
483 one at X.Y, they are actually stored at the same place in the database,
484 and hence only one casing would be preserved. The basic rule is that
485 case can be discarded only when data is used to define structure in a
486 database, and two names are identical when compared in a case
487 insensitive manner.
488
489
490
491
492 Mockapetris [Page 9]
493 RFC 1035 Domain Implementation and Specification November 1987
494
495
496 Loss of case sensitive data must be minimized. Thus while data for x.y
497 and X.Y may both be stored under a single location x.y or X.Y, data for
498 a.x and B.X would never be stored under A.x, A.X, b.x, or b.X. In
499 general, this preserves the case of the first label of a domain name,
500 but forces standardization of interior node labels.
501
502 Systems administrators who enter data into the domain database should
503 take care to represent the data they supply to the domain system in a
504 case-consistent manner if their system is case-sensitive. The data
505 distribution system in the domain system will ensure that consistent
506 representations are preserved.
507
508 2.3.4. Size limits
509
510 Various objects and parameters in the DNS have size limits. They are
511 listed below. Some could be easily changed, others are more
512 fundamental.
513
514 labels 63 octets or less
515
516 names 255 octets or less
517
518 TTL positive values of a signed 32 bit number.
519
520 UDP messages 512 octets or less
521
522 3. DOMAIN NAME SPACE AND RR DEFINITIONS
523
524 3.1. Name space definitions
525
526 Domain names in messages are expressed in terms of a sequence of labels.
527 Each label is represented as a one octet length field followed by that
528 number of octets. Since every domain name ends with the null label of
529 the root, a domain name is terminated by a length byte of zero. The
530 high order two bits of every length octet must be zero, and the
531 remaining six bits of the length field limit the label to 63 octets or
532 less.
533
534 To simplify implementations, the total length of a domain name (i.e.,
535 label octets and label length octets) is restricted to 255 octets or
536 less.
537
538 Although labels can contain any 8 bit values in octets that make up a
539 label, it is strongly recommended that labels follow the preferred
540 syntax described elsewhere in this memo, which is compatible with
541 existing host naming conventions. Name servers and resolvers must
All of RFC4343 is relevant to any discussion of the case of characters.
542 compare labels in a case-insensitive manner (i.e., A=a), assuming ASCII
543 with zero parity. Non-alphabetic codes must match exactly.
544
545
546
547 Mockapetris [Page 10]
548 RFC 1035 Domain Implementation and Specification November 1987
549
550
551 3.2. RR definitions
552
553 3.2.1. Format
554
555 All RRs have the same top level format shown below:
556
557 1 1 1 1 1 1
558 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
559 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
560 | |
561 / /
562 / NAME /
563 | |
564 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
565 | TYPE |
566 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
567 | CLASS |
568 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
569 | TTL |
570 | |
571 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
572 | RDLENGTH |
573 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--|
574 / RDATA /
575 / /
576 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
577
578
579 where:
580
581 NAME an owner name, i.e., the name of the node to which this
582 resource record pertains.
583
584 TYPE two octets containing one of the RR TYPE codes.
585
586 CLASS two octets containing one of the RR CLASS codes.
587
All of RFC4343 is relevant to any discussion of the case of characters.
588 TTL a 32 bit signed integer that specifies the time interval
589 that the resource record may be cached before the source
590 of the information should again be consulted. Zero
591 values are interpreted to mean that the RR can only be
592 used for the transaction in progress, and should not be
593 cached. For example, SOA records are always distributed
594 with a zero TTL to prohibit caching. Zero values can
595 also be used for extremely volatile data.
596
597 RDLENGTH an unsigned 16 bit integer that specifies the length in
598 octets of the RDATA field.
599
600
601
602 Mockapetris [Page 11]
603 RFC 1035 Domain Implementation and Specification November 1987
604
605
606 RDATA a variable length string of octets that describes the
607 resource. The format of this information varies
608 according to the TYPE and CLASS of the resource record.
609
610 3.2.2. TYPE values
611
612 TYPE fields are used in resource records. Note that these types are a
613 subset of QTYPEs.
614
615 TYPE value and meaning
616
617 A 1 a host address
618
619 NS 2 an authoritative name server
620
621 MD 3 a mail destination (Obsolete - use MX)
622
623 MF 4 a mail forwarder (Obsolete - use MX)
624
625 CNAME 5 the canonical name for an alias
626
627 SOA 6 marks the start of a zone of authority
628
629 MB 7 a mailbox domain name (EXPERIMENTAL)
630
631 MG 8 a mail group member (EXPERIMENTAL)
632
633 MR 9 a mail rename domain name (EXPERIMENTAL)
634
635 NULL 10 a null RR (EXPERIMENTAL)
636
637 WKS 11 a well known service description
638
639 PTR 12 a domain name pointer
640
641 HINFO 13 host information
642
643 MINFO 14 mailbox or mail list information
644
645 MX 15 mail exchange
646
647 TXT 16 text strings
648
649 3.2.3. QTYPE values
650
651 QTYPE fields appear in the question part of a query. QTYPES are a
652 superset of TYPEs, hence all TYPEs are valid QTYPEs. In addition, the
653 following QTYPEs are defined:
654
655
656
657 Mockapetris [Page 12]
658 RFC 1035 Domain Implementation and Specification November 1987
659
660
661 AXFR 252 A request for a transfer of an entire zone
662
663 MAILB 253 A request for mailbox-related records (MB, MG or MR)
664
665 MAILA 254 A request for mail agent RRs (Obsolete - see MX)
666
TTL a 32 bit signed integer that specifies the time interval
that the resource record may be cached before the source
of the information should again be consulted. Zero
values are interpreted to mean that the RR can only be
used for the transaction in progress, and should not be
cached. For example, SOA records are always distributed
with a zero TTL to prohibit caching. Zero values can
also be used for extremely volatile data.
TTL a 32 bit unsigned integer that specifies the time interval
that the resource record may be cached before the source
of the information should again be consulted. Zero
values are interpreted to mean that the RR can only be
used for the transaction in progress, and should not be
cached. For example, SOA records are always distributed
with a zero TTL to prohibit caching. Zero values can
also be used for extremely volatile data.
Section 7.2 of RFC2181 says:
It may be observed that in section 3.2.1 of RFC1035, which defines the format of a Resource Record, that the definition of the TTL field contains a throw away line which states that the TTL of an SOA record should always be sent as zero to prevent caching. This is mentioned nowhere else, and has not generally been implemented. Implementations should not assume that SOA records will have a TTL of zero, nor are they required to send SOA records with a TTL of zero.
667 * 255 A request for all records
668
669 3.2.4. CLASS values
670
671 CLASS fields appear in resource records. The following CLASS mnemonics
672 and values are defined:
673
674 IN 1 the Internet
675
676 CS 2 the CSNET class (Obsolete - used only for examples in
677 some obsolete RFCs)
678
679 CH 3 the CHAOS class
680
681 HS 4 Hesiod [Dyer 87]
682
683 3.2.5. QCLASS values
684
685 QCLASS fields appear in the question section of a query. QCLASS values
686 are a superset of CLASS values; every CLASS is a valid QCLASS. In
687 addition to CLASS values, the following QCLASSes are defined:
688
689 * 255 any class
690
691 3.3. Standard RRs
692
693 The following RR definitions are expected to occur, at least
694 potentially, in all classes. In particular, NS, SOA, CNAME, and PTR
695 will be used in all classes, and have the same format in all classes.
696 Because their RDATA format is known, all domain names in the RDATA
697 section of these RRs may be compressed.
698
699 <domain-name> is a domain name represented as a series of labels, and
700 terminated by a label with zero length. <character-string> is a single
701 length octet followed by that number of characters. <character-string>
702 is treated as binary information, and can be up to 256 characters in
703 length (including the length octet).
704
705
706
707
708
709
710
711
712 Mockapetris [Page 13]
713 RFC 1035 Domain Implementation and Specification November 1987
714
715
716 3.3.1. CNAME RDATA format
717
718 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
719 / CNAME /
720 / /
721 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
722
723 where:
724
725 CNAME A <domain-name> which specifies the canonical or primary
726 name for the owner. The owner name is an alias.
727
728 CNAME RRs cause no additional section processing, but name servers may
729 choose to restart the query at the canonical name in certain cases. See
730 the description of name server logic in [RFC-1034] for details.
731
732 3.3.2. HINFO RDATA format
733
734 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
735 / CPU /
736 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
737 / OS /
738 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
739
740 where:
741
742 CPU A <character-string> which specifies the CPU type.
743
744 OS A <character-string> which specifies the operating
745 system type.
746
747 Standard values for CPU and OS can be found in [RFC-1010].
748
749 HINFO records are used to acquire general information about a host. The
750 main use is for protocols such as FTP that can use special procedures
751 when talking between machines or operating systems of the same type.
752
753 3.3.3. MB RDATA format (EXPERIMENTAL)
754
755 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
756 / MADNAME /
757 / /
758 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
759
760 where:
761
762 MADNAME A <domain-name> which specifies a host which has the
763 specified mailbox.
764
765
766
767 Mockapetris [Page 14]
768 RFC 1035 Domain Implementation and Specification November 1987
769
770
771 MB records cause additional section processing which looks up an A type
772 RRs corresponding to MADNAME.
773
774 3.3.4. MD RDATA format (Obsolete)
775
776 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
777 / MADNAME /
778 / /
779 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
780
781 where:
782
783 MADNAME A <domain-name> which specifies a host which has a mail
784 agent for the domain which should be able to deliver
785 mail for the domain.
786
787 MD records cause additional section processing which looks up an A type
788 record corresponding to MADNAME.
789
790 MD is obsolete. See the definition of MX and [RFC-974] for details of
791 the new scheme. The recommended policy for dealing with MD RRs found in
792 a master file is to reject them, or to convert them to MX RRs with a
793 preference of 0.
794
795 3.3.5. MF RDATA format (Obsolete)
796
797 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
798 / MADNAME /
799 / /
800 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
801
802 where:
803
804 MADNAME A <domain-name> which specifies a host which has a mail
805 agent for the domain which will accept mail for
806 forwarding to the domain.
807
808 MF records cause additional section processing which looks up an A type
809 record corresponding to MADNAME.
810
RFC8482 gives guidance on what the proper response to and query for type ANY would be. In particular, Section 7 of RFC 8482 updates the processing instructions in RFC 1035 for ANY queries.
812 the new scheme. The recommended policy for dealing with MD RRs found in
813 a master file is to reject them, or to convert them to MX RRs with a
814 preference of 10.
815
816
817
818
819
820
821
822 Mockapetris [Page 15]
823 RFC 1035 Domain Implementation and Specification November 1987
824
825
826 3.3.6. MG RDATA format (EXPERIMENTAL)
827
828 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
829 / MGMNAME /
830 / /
831 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
832
833 where:
834
835 MGMNAME A <domain-name> which specifies a mailbox which is a
836 member of the mail group specified by the domain name.
837
838 MG records cause no additional section processing.
839
840 3.3.7. MINFO RDATA format (EXPERIMENTAL)
841
842 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
843 / RMAILBX /
844 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
845 / EMAILBX /
846 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
847
848 where:
849
850 RMAILBX A <domain-name> which specifies a mailbox which is
851 responsible for the mailing list or mailbox. If this
852 domain name names the root, the owner of the MINFO RR is
853 responsible for itself. Note that many existing mailing
854 lists use a mailbox X-request for the RMAILBX field of
855 mailing list X, e.g., Msgroup-request for Msgroup. This
856 field provides a more general mechanism.
857
858
859 EMAILBX A <domain-name> which specifies a mailbox which is to
860 receive error messages related to the mailing list or
861 mailbox specified by the owner of the MINFO RR (similar
862 to the ERRORS-TO: field which has been proposed). If
863 this domain name names the root, errors should be
864 returned to the sender of the message.
865
866 MINFO records cause no additional section processing. Although these
867 records can be associated with a simple mailbox, they are usually used
868 with a mailing list.
869
870
871
872
873
874
875
876
877 Mockapetris [Page 16]
878 RFC 1035 Domain Implementation and Specification November 1987
879
880
881 3.3.8. MR RDATA format (EXPERIMENTAL)
882
883 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
884 / NEWNAME /
885 / /
886 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
887
888 where:
889
890 NEWNAME A <domain-name> which specifies a mailbox which is the
891 proper rename of the specified mailbox.
892
893 MR records cause no additional section processing. The main use for MR
894 is as a forwarding entry for a user who has moved to a different
895 mailbox.
896
897 3.3.9. MX RDATA format
898
899 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
900 | PREFERENCE |
901 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
902 / EXCHANGE /
903 / /
904 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
905
906 where:
907
908 PREFERENCE A 16 bit integer which specifies the preference given to
909 this RR among others at the same owner. Lower values
910 are preferred.
911
912 EXCHANGE A <domain-name> which specifies a host willing to act as
913 a mail exchange for the owner name.
914
915 MX records cause type A additional section processing for the host
916 specified by EXCHANGE. The use of MX RRs is explained in detail in
917 [RFC-974].
918
919 3.3.10. NULL RDATA format (EXPERIMENTAL)
920
921 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
922 / <anything> /
923 / /
924 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
925
926 Anything at all may be in the RDATA field so long as it is 65535 octets
927 or less.
928
929
930
931
932 Mockapetris [Page 17]
933 RFC 1035 Domain Implementation and Specification November 1987
934
935
936 NULL records cause no additional section processing. NULL RRs are not
937 allowed in master files. NULLs are used as placeholders in some
938 experimental extensions of the DNS.
939
940 3.3.11. NS RDATA format
941
942 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
943 / NSDNAME /
944 / /
945 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
946
947 where:
948
949 NSDNAME A <domain-name> which specifies a host which should be
950 authoritative for the specified class and domain.
951
952 NS records cause both the usual additional section processing to locate
953 a type A record, and, when used in a referral, a special search of the
954 zone in which they reside for glue information.
955
956 The NS RR states that the named host should be expected to have a zone
957 starting at owner name of the specified class. Note that the class may
958 not indicate the protocol family which should be used to communicate
959 with the host, although it is typically a strong hint. For example,
960 hosts which are name servers for either Internet (IN) or Hesiod (HS)
961 class information are normally queried using IN class protocols.
962
963 3.3.12. PTR RDATA format
964
965 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
966 / PTRDNAME /
967 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
968
969 where:
970
971 PTRDNAME A <domain-name> which points to some location in the
972 domain name space.
973
974 PTR records cause no additional section processing. These RRs are used
975 in special domains to point to some other location in the domain space.
976 These records are simple data, and don't imply any special processing
977 similar to that performed by CNAME, which identifies aliases. See the
978 description of the IN-ADDR.ARPA domain for an example.
979
980
981
982
983
984
985
986
987 Mockapetris [Page 18]
988 RFC 1035 Domain Implementation and Specification November 1987
989
990
991 3.3.13. SOA RDATA format
992
993 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
994 / MNAME /
995 / /
996 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
997 / RNAME /
998 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
999 | SERIAL |
1000 | |
1001 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1002 | REFRESH |
1003 | |
1004 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1005 | RETRY |
1006 | |
1007 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1008 | EXPIRE |
1009 | |
1010 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1011 | MINIMUM |
1012 | |
1013 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1014
1015 where:
1016
The recommended policy for dealing with MD RRs found in a master file is to reject them, or to convert them to MX RRs with a preference of 10.
The recommended policy for dealing withMDMF RRs found in a master file is to reject them, or to convert them to MX RRs with a preference of 10.
1017 MNAME The <domain-name> of the name server that was the
1018 original or primary source of data for this zone.
1019
1020 RNAME A <domain-name> which specifies the mailbox of the
1021 person responsible for this zone.
1022
RFC1996, which defines the DNS NOTIFY mechanism,
extensively uses the SOA fields for determining when a
zone is updated. It says:
1.3. This document intentionally gives more definition to the roles of "Master," "Slave" and "Stealth" servers, their enumeration in NS RRs, and the SOA MNAME field. In that sense, this document can be considered an addendum to [RFC1035].
1023 SERIAL The unsigned 32 bit version number of the original copy
1024 of the zone. Zone transfers preserve this value. This
1025 value wraps and should be compared using sequence space
1026 arithmetic.
1027
1028 REFRESH A 32 bit time interval before the zone should be
1029 refreshed.
1030
1031 RETRY A 32 bit time interval that should elapse before a
1032 failed refresh should be retried.
1033
1034 EXPIRE A 32 bit time value that specifies the upper limit on
1035 the time interval that can elapse before the zone is no
1036 longer authoritative.
1037
1038
1039
1040
1041
1042 Mockapetris [Page 19]
1043 RFC 1035 Domain Implementation and Specification November 1987
1044
1045
1046 MINIMUM The unsigned 32 bit minimum TTL field that should be
1047 exported with any RR from this zone.
1048
1049 SOA records cause no additional section processing.
1050
1051 All times are in units of seconds.
1052
1053 Most of these fields are pertinent only for name server maintenance
1054 operations. However, MINIMUM is used in all query operations that
1055 retrieve RRs from a zone. Whenever a RR is sent in a response to a
1056 query, the TTL field is set to the maximum of the TTL field from the RR
1057 and the MINIMUM field in the appropriate SOA. Thus MINIMUM is a lower
1058 bound on the TTL field for all RRs in a zone. Note that this use of
1059 MINIMUM should occur when the RRs are copied into the response and not
1060 when the zone is loaded from a master file or via a zone transfer. The
RFC1982 clarifies how serial number arithmetic should be performed. The abstract says "The DNS has long relied upon serial number arithmetic, a concept which has never really been defined, certainly not in an IETF document, though which has been widely understood. This memo supplies the missing definition."
1061 reason for this provison is to allow future dynamic update facilities to
1062 change the SOA RR with known semantics.
1063
1064
1065 3.3.14. TXT RDATA format
1066
1067 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1068 / TXT-DATA /
1069 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1070
1071 where:
1072
1073 TXT-DATA One or more <character-string>s.
1074
1075 TXT RRs are used to hold descriptive text. The semantics of the text
1076 depends on the domain where it is found.
1077
1078 3.4. Internet specific RRs
1079
1080 3.4.1. A RDATA format
1081
1082 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1083 | ADDRESS |
1084 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1085
1086 where:
1087
1088 ADDRESS A 32 bit Internet address.
1089
1090 Hosts that have multiple Internet addresses will have multiple A
1091 records.
1092
1093
1094
1095
1096
1097 Mockapetris [Page 20]
1098 RFC 1035 Domain Implementation and Specification November 1987
1099
1100
1101 A records cause no additional section processing. The RDATA section of
1102 an A line in a master file is an Internet address expressed as four
1103 decimal numbers separated by dots without any imbedded spaces (e.g.,
1104 "10.2.0.52" or "192.0.5.6").
1105
3.4.1. A RDATA format
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| ADDRESS |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
where:
ADDRESS A 32 bit Internet address.
3.4.1. A RDATA format
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| ADDRESS |
| |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
where:
ADDRESS A 32 bit Internet address.
1106 3.4.2. WKS RDATA format
1107
1108 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1109 | ADDRESS |
1110 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1111 | PROTOCOL | |
1112 +--+--+--+--+--+--+--+--+ |
1113 | |
1114 / <BIT MAP> /
1115 / /
1116 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1117
1118 where:
1119
1120 ADDRESS An 32 bit Internet address
1121
1122 PROTOCOL An 8 bit IP protocol number
1123
1124 <BIT MAP> A variable length bit map. The bit map must be a
1125 multiple of 8 bits long.
1126
1127 The WKS record is used to describe the well known services supported by
1128 a particular protocol on a particular internet address. The PROTOCOL
1129 field specifies an IP protocol number, and the bit map has one bit per
1130 port of the specified protocol. The first bit corresponds to port 0,
1131 the second to port 1, etc. If the bit map does not include a bit for a
1132 protocol of interest, that bit is assumed zero. The appropriate values
1133 and mnemonics for ports and protocols are specified in [RFC-1010].
1134
1135 For example, if PROTOCOL=TCP (6), the 26th bit corresponds to TCP port
1136 25 (SMTP). If this bit is set, a SMTP server should be listening on TCP
1137 port 25; if zero, SMTP service is not supported on the specified
1138 address.
1139
1140 The purpose of WKS RRs is to provide availability information for
1141 servers for TCP and UDP. If a server supports both TCP and UDP, or has
1142 multiple Internet addresses, then multiple WKS RRs are used.
1143
1144 WKS RRs cause no additional section processing.
1145
1146 In master files, both ports and protocols are expressed using mnemonics
1147 or decimal numbers.
1148
1149
1150
1151
1152 Mockapetris [Page 21]
1153 RFC 1035 Domain Implementation and Specification November 1987
1154
1155
1156 3.5. IN-ADDR.ARPA domain
1157
1158 The Internet uses a special domain to support gateway location and
1159 Internet address to host mapping. Other classes may employ a similar
1160 strategy in other domains. The intent of this domain is to provide a
1161 guaranteed method to perform host address to host name mapping, and to
1162 facilitate queries to locate all gateways on a particular network in the
1163 Internet.
1164
1165 Note that both of these services are similar to functions that could be
1166 performed by inverse queries; the difference is that this part of the
1167 domain name space is structured according to address, and hence can
1168 guarantee that the appropriate data can be located without an exhaustive
1169 search of the domain space.
1170
1171 The domain begins at IN-ADDR.ARPA and has a substructure which follows
1172 the Internet addressing structure.
1173
1174 Domain names in the IN-ADDR.ARPA domain are defined to have up to four
1175 labels in addition to the IN-ADDR.ARPA suffix. Each label represents
1176 one octet of an Internet address, and is expressed as a character string
1177 for a decimal value in the range 0-255 (with leading zeros omitted
1178 except in the case of a zero octet which is represented by a single
1179 zero).
1180
1181 Host addresses are represented by domain names that have all four labels
1182 specified. Thus data for Internet address 10.2.0.52 is located at
1183 domain name 52.0.2.10.IN-ADDR.ARPA. The reversal, though awkward to
1184 read, allows zones to be delegated which are exactly one network of
1185 address space. For example, 10.IN-ADDR.ARPA can be a zone containing
1186 data for the ARPANET, while 26.IN-ADDR.ARPA can be a separate zone for
1187 MILNET. Address nodes are used to hold pointers to primary host names
1188 in the normal domain space.
1189
1190 Network numbers correspond to some non-terminal nodes at various depths
1191 in the IN-ADDR.ARPA domain, since Internet network numbers are either 1,
1192 2, or 3 octets. Network nodes are used to hold pointers to the primary
1193 host names of gateways attached to that network. Since a gateway is, by
1194 definition, on more than one network, it will typically have two or more
1195 network nodes which point at it. Gateways will also have host level
1196 pointers at their fully qualified addresses.
1197
1198 Both the gateway pointers at network nodes and the normal host pointers
1199 at full address nodes use the PTR RR to point back to the primary domain
1200 names of the corresponding hosts.
1201
1202 For example, the IN-ADDR.ARPA domain will contain information about the
1203 ISI gateway between net 10 and 26, an MIT gateway from net 10 to MIT's
1204
1205
1206
1207 Mockapetris [Page 22]
1208 RFC 1035 Domain Implementation and Specification November 1987
1209
1210
1211 net 18, and hosts A.ISI.EDU and MULTICS.MIT.EDU. Assuming that ISI
1212 gateway has addresses 10.2.0.22 and 26.0.0.103, and a name MILNET-
1213 GW.ISI.EDU, and the MIT gateway has addresses 10.0.0.77 and 18.10.0.4
1214 and a name GW.LCS.MIT.EDU, the domain database would contain:
1215
1216 10.IN-ADDR.ARPA. PTR MILNET-GW.ISI.EDU.
1217 10.IN-ADDR.ARPA. PTR GW.LCS.MIT.EDU.
1218 18.IN-ADDR.ARPA. PTR GW.LCS.MIT.EDU.
1219 26.IN-ADDR.ARPA. PTR MILNET-GW.ISI.EDU.
1220 22.0.2.10.IN-ADDR.ARPA. PTR MILNET-GW.ISI.EDU.
1221 103.0.0.26.IN-ADDR.ARPA. PTR MILNET-GW.ISI.EDU.
1222 77.0.0.10.IN-ADDR.ARPA. PTR GW.LCS.MIT.EDU.
1223 4.0.10.18.IN-ADDR.ARPA. PTR GW.LCS.MIT.EDU.
1224 103.0.3.26.IN-ADDR.ARPA. PTR A.ISI.EDU.
1225 6.0.0.10.IN-ADDR.ARPA. PTR MULTICS.MIT.EDU.
1226
1227 Thus a program which wanted to locate gateways on net 10 would originate
1228 a query of the form QTYPE=PTR, QCLASS=IN, QNAME=10.IN-ADDR.ARPA. It
1229 would receive two RRs in response:
1230
1231 10.IN-ADDR.ARPA. PTR MILNET-GW.ISI.EDU.
1232 10.IN-ADDR.ARPA. PTR GW.LCS.MIT.EDU.
1233
1234 The program could then originate QTYPE=A, QCLASS=IN queries for MILNET-
1235 GW.ISI.EDU. and GW.LCS.MIT.EDU. to discover the Internet addresses of
1236 these gateways.
1237
1238 A resolver which wanted to find the host name corresponding to Internet
1239 host address 10.0.0.6 would pursue a query of the form QTYPE=PTR,
1240 QCLASS=IN, QNAME=6.0.0.10.IN-ADDR.ARPA, and would receive:
1241
1242 6.0.0.10.IN-ADDR.ARPA. PTR MULTICS.MIT.EDU.
1243
1244 Several cautions apply to the use of these services:
1245 - Since the IN-ADDR.ARPA special domain and the normal domain
1246 for a particular host or gateway will be in different zones,
1247 the possibility exists that that the data may be inconsistent.
1248
1249 - Gateways will often have two names in separate domains, only
1250 one of which can be primary.
1251
1252 - Systems that use the domain database to initialize their
1253 routing tables must start with enough gateway information to
1254 guarantee that they can access the appropriate name server.
1255
1256 - The gateway data only reflects the existence of a gateway in a
1257 manner equivalent to the current HOSTS.TXT file. It doesn't
1258 replace the dynamic availability information from GGP or EGP.
1259
1260
1261
1262 Mockapetris [Page 23]
1263 RFC 1035 Domain Implementation and Specification November 1987
1264
1265
1266 3.6. Defining new types, classes, and special namespaces
1267
1268 The previously defined types and classes are the ones in use as of the
1269 date of this memo. New definitions should be expected. This section
1270 makes some recommendations to designers considering additions to the
1271 existing facilities. The mailing list NAMEDROPPERS@SRI-NIC.ARPA is the
1272 forum where general discussion of design issues takes place.
1273
1274 In general, a new type is appropriate when new information is to be
1275 added to the database about an existing object, or we need new data
1276 formats for some totally new object. Designers should attempt to define
1277 types and their RDATA formats that are generally applicable to all
1278 classes, and which avoid duplication of information. New classes are
1279 appropriate when the DNS is to be used for a new protocol, etc which
1280 requires new class-specific data formats, or when a copy of the existing
1281 name space is desired, but a separate management domain is necessary.
1282
1283 New types and classes need mnemonics for master files; the format of the
1284 master files requires that the mnemonics for type and class be disjoint.
1285
1286 TYPE and CLASS values must be a proper subset of QTYPEs and QCLASSes
1287 respectively.
1288
1289 The present system uses multiple RRs to represent multiple values of a
1290 type rather than storing multiple values in the RDATA section of a
1291 single RR. This is less efficient for most applications, but does keep
1292 RRs shorter. The multiple RRs assumption is incorporated in some
1293 experimental work on dynamic update methods.
1294
1295 The present system attempts to minimize the duplication of data in the
1296 database in order to insure consistency. Thus, in order to find the
1297 address of the host for a mail exchange, you map the mail domain name to
1298 a host name, then the host name to addresses, rather than a direct
1299 mapping to host address. This approach is preferred because it avoids
1300 the opportunity for inconsistency.
1301
1302 In defining a new type of data, multiple RR types should not be used to
1303 create an ordering between entries or express different formats for
1304 equivalent bindings, instead this information should be carried in the
1305 body of the RR and a single type used. This policy avoids problems with
1306 caching multiple types and defining QTYPEs to match multiple types.
1307
1308 For example, the original form of mail exchange binding used two RR
1309 types one to represent a "closer" exchange (MD) and one to represent a
1310 "less close" exchange (MF). The difficulty is that the presence of one
1311 RR type in a cache doesn't convey any information about the other
1312 because the query which acquired the cached information might have used
1313 a QTYPE of MF, MD, or MAILA (which matched both). The redesigned
1314
1315
1316
1317 Mockapetris [Page 24]
1318 RFC 1035 Domain Implementation and Specification November 1987
1319
1320
1321 service used a single type (MX) with a "preference" value in the RDATA
1322 section which can order different RRs. However, if any MX RRs are found
1323 in the cache, then all should be there.
1324
1325 4. MESSAGES
1326
1327 4.1. Format
1328
1329 All communications inside of the domain protocol are carried in a single
1330 format called a message. The top level format of message is divided
1331 into 5 sections (some of which are empty in certain cases) shown below:
1332
1333 +---------------------+
1334 | Header |
1335 +---------------------+
1336 | Question | the question for the name server
1337 +---------------------+
1338 | Answer | RRs answering the question
1339 +---------------------+
1340 | Authority | RRs pointing toward an authority
1341 +---------------------+
1342 | Additional | RRs holding additional information
1343 +---------------------+
1344
1345 The header section is always present. The header includes fields that
1346 specify which of the remaining sections are present, and also specify
1347 whether the message is a query or a response, a standard query or some
1348 other opcode, etc.
1349
1350 The names of the sections after the header are derived from their use in
1351 standard queries. The question section contains fields that describe a
1352 question to a name server. These fields are a query type (QTYPE), a
1353 query class (QCLASS), and a query domain name (QNAME). The last three
1354 sections have the same format: a possibly empty list of concatenated
1355 resource records (RRs). The answer section contains RRs that answer the
1356 question; the authority section contains RRs that point toward an
1357 authoritative name server; the additional records section contains RRs
1358 which relate to the query, but are not strictly answers for the
1359 question.
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372 Mockapetris [Page 25]
1373 RFC 1035 Domain Implementation and Specification November 1987
1374
1375
3.4.2. WKS RDATA format
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| ADDRESS |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| PROTOCOL | |
+--+--+--+--+--+--+--+--+ |
| |
/ <BIT MAP> /
/ /
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
where:
ADDRESS An 32 bit Internet address
PROTOCOL An 8 bit IP protocol number
<BIT MAP> A variable length bit map. The bit map must be a
multiple of 8 bits long
3.4.2. WKS RDATA format
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| ADDRESS |
| |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| PROTOCOL | |
+--+--+--+--+--+--+--+--+ |
| |
/ <BIT MAP> /
/ /
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
where:
ADDRESS An 32 bit Internet address
PROTOCOL An 8 bit IP protocol number
<BIT MAP> A variable length bit map. The bit map must be a
multiple of 8 bits long
1376 4.1.1. Header section format
1377
1378 The header contains the following fields:
1379
ID A 16 bit identifier assigned by the program that
generates any kind of query. This identifier is copied
the corresponding reply and can be used by the requester
to match up replies to outstanding queries.
ID A 16 bit identifier assigned by the program that
generates any kind of query. This identifier is copied
to the corresponding reply and can be used by the
requester to match up replies to outstanding queries.
There’s a missing preposition.
1380 1 1 1 1 1 1
1381 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
1382 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1383 | ID |
1384 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1385 |QR| Opcode |AA|TC|RD|RA| Z | RCODE |
1386 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1387 | QDCOUNT |
1388 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1389 | ANCOUNT |
1390 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1391 | NSCOUNT |
1392 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1393 | ARCOUNT |
1394 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1395
1396 where:
1397
1 1 1 1 1 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| ID |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|QR| Opcode |AA|TC|RD|RA| Z | RCODE |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| QDCOUNT |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| ANCOUNT |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| NSCOUNT |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| ARCOUNT |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1 1 1 1 1 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| ID |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|QR| OPCODE |AA|TC|RD|RA| Z | RCODE |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| QDCOUNT |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| ANCOUNT |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| NSCOUNT |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| ARCOUNT |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1398 ID A 16 bit identifier assigned by the program that
1399 generates any kind of query. This identifier is copied
1400 the corresponding reply and can be used by the requester
1401 to match up replies to outstanding queries.
1402
1403 QR A one bit field that specifies whether this message is a
1404 query (0), or a response (1).
1405
ID A 16 bit identifier assigned by the program that
generates any kind of query. This identifier is copied
the corresponding reply and can be used by the requester
to match up replies to outstanding queries.
ID A 16 bit identifier assigned by the program that
generates any kind of query. This identifier is copied
to the corresponding reply and can be used by the
requester to match up replies to outstanding queries.
1406 OPCODE A four bit field that specifies kind of query in this
1407 message. This value is set by the originator of a query
1408 and copied into the response. The values are:
1409
1410 0 a standard query (QUERY)
1411
OPCODE A four bit field that specifies kind of query in this
message. This value is set by the originator of a query
and copied into the response. The values are:
OPCODE A four bit field that specifies the kind of query in
this message. This value is set by the originator of a
query and copied into the response. The values are:
1412 1 an inverse query (IQUERY)
1413
1414 2 a server status request (STATUS)
1415
1416 3-15 reserved for future use
1417
1418 AA Authoritative Answer - this bit is valid in responses,
1419 and specifies that the responding name server is an
1420 authority for the domain name in question section.
1421
1422 Note that the contents of the answer section may have
1423 multiple owner names because of aliases. The AA bit
1424
1425
1426
1427 Mockapetris [Page 26]
1428 RFC 1035 Domain Implementation and Specification November 1987
1429
1430
1431 corresponds to the name which matches the query name, or
1432 the first owner name in the answer section.
1433
1434 TC TrunCation - specifies that this message was truncated
1435 due to length greater than that permitted on the
1436 transmission channel.
1437
1438 RD Recursion Desired - this bit may be set in a query and
1439 is copied into the response. If RD is set, it directs
1440 the name server to pursue the query recursively.
1441 Recursive query support is optional.
1442
RFC3425 obsoletes IQUERY.
1443 RA Recursion Available - this be is set or cleared in a
1444 response, and denotes whether recursive query support is
1445 available in the name server.
1446
1447 Z Reserved for future use. Must be zero in all queries
1448 and responses.
1449
1450 RCODE Response code - this 4 bit field is set as part of
1451 responses. The values have the following
1452 interpretation:
1453
1454 0 No error condition
1455
1456 1 Format error - The name server was
1457 unable to interpret the query.
1458
1459 2 Server failure - The name server was
1460 unable to process this query due to a
1461 problem with the name server.
1462
1463 3 Name Error - Meaningful only for
1464 responses from an authoritative name
1465 server, this code signifies that the
1466 domain name referenced in the query does
1467 not exist.
1468
1469 4 Not Implemented - The name server does
1470 not support the requested kind of query.
1471
1472 5 Refused - The name server refuses to
1473 perform the specified operation for
1474 policy reasons. For example, a name
1475 server may not wish to provide the
1476 information to the particular requester,
1477 or a name server may not wish to perform
1478 a particular operation (e.g., zone
1479
1480
1481
1482 Mockapetris [Page 27]
1483 RFC 1035 Domain Implementation and Specification November 1987
1484
1485
1486 transfer) for particular data.
1487
1488 6-15 Reserved for future use.
1489
1490 QDCOUNT an unsigned 16 bit integer specifying the number of
1491 entries in the question section.
1492
1493 ANCOUNT an unsigned 16 bit integer specifying the number of
1494 resource records in the answer section.
1495
1496 NSCOUNT an unsigned 16 bit integer specifying the number of name
1497 server resource records in the authority records
1498 section.
1499
1500 ARCOUNT an unsigned 16 bit integer specifying the number of
1501 resource records in the additional records section.
1502
1503 4.1.2. Question section format
1504
1505 The question section is used to carry the "question" in most queries,
1506 i.e., the parameters that define what is being asked. The section
1507 contains QDCOUNT (usually 1) entries, each of the following format:
1508
1509 1 1 1 1 1 1
1510 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
1511 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1512 | |
1513 / QNAME /
1514 / /
1515 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1516 | QTYPE |
1517 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1518 | QCLASS |
1519 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1520
1521 where:
1522
1523 QNAME a domain name represented as a sequence of labels, where
1524 each label consists of a length octet followed by that
1525 number of octets. The domain name terminates with the
1526 zero length octet for the null label of the root. Note
1527 that this field may be an odd number of octets; no
1528 padding is used.
1529
1530 QTYPE a two octet code which specifies the type of the query.
1531 The values for this field include all codes valid for a
1532 TYPE field, together with some more general codes which
1533 can match more than one type of RR.
1534
1535
1536
1537 Mockapetris [Page 28]
1538 RFC 1035 Domain Implementation and Specification November 1987
1539
1540
1541 QCLASS a two octet code that specifies the class of the query.
1542 For example, the QCLASS field is IN for the Internet.
1543
1544 4.1.3. Resource record format
1545
1546 The answer, authority, and additional sections all share the same
1547 format: a variable number of resource records, where the number of
1548 records is specified in the corresponding count field in the header.
1549 Each resource record has the following format:
1550 1 1 1 1 1 1
1551 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
1552 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1553 | |
1554 / /
1555 / NAME /
1556 | |
1557 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1558 | TYPE |
1559 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1560 | CLASS |
1561 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1562 | TTL |
1563 | |
1564 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1565 | RDLENGTH |
1566 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--|
1567 / RDATA /
1568 / /
1569 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1570
1571 where:
1572
1573 NAME a domain name to which this resource record pertains.
1574
1575 TYPE two octets containing one of the RR type codes. This
1576 field specifies the meaning of the data in the RDATA
1577 field.
1578
1579 CLASS two octets which specify the class of the data in the
1580 RDATA field.
1581
1582 TTL a 32 bit unsigned integer that specifies the time
1583 interval (in seconds) that the resource record may be
1584 cached before it should be discarded. Zero values are
1585 interpreted to mean that the RR can only be used for the
1586 transaction in progress, and should not be cached.
1587
1588
1589
1590
1591
1592 Mockapetris [Page 29]
1593 RFC 1035 Domain Implementation and Specification November 1987
1594
1595
1596 RDLENGTH an unsigned 16 bit integer that specifies the length in
1597 octets of the RDATA field.
1598
The abstract of RFC8767 says: "This document defines a method (serve-stale) for recursive resolvers to use stale DNS data to avoid outages when authoritative nameservers cannot be reached to refresh expired data." The reason this updates RFC 1034 is that the definition of TTL in RFC 1035 says that the TTL is "a 32 bit unsigned integer that specifies the time interval (in seconds) that the resource record may be cached before it should be discarded". RFC 8767 softens that "should" and describes various scenarios when it is acceptable to serve stale data.
1599 RDATA a variable length string of octets that describes the
1600 resource. The format of this information varies
1601 according to the TYPE and CLASS of the resource record.
1602 For example, the if the TYPE is A and the CLASS is IN,
1603 the RDATA field is a 4 octet ARPA Internet address.
1604
1605 4.1.4. Message compression
1606
1607 In order to reduce the size of messages, the domain system utilizes a
1608 compression scheme which eliminates the repetition of domain names in a
RDATA a variable length string of octets that describes the
resource. The format of this information varies
according to the TYPE and CLASS of the resource record.
For example, the if the TYPE is A and the CLASS is IN,
the RDATA field is a 4 octet ARPA Internet address.
RDATA a variable length string of octets that describes the
resource. The format of this information varies
according to the TYPE and CLASS of the resource record.
For example, the if the TYPE is A and the CLASS is IN,
the RDATA field is a 4 octet ARPA Internet address.
1609 message. In this scheme, an entire domain name or a list of labels at
1610 the end of a domain name is replaced with a pointer to a prior occurance
1611 of the same name.
1612
1613 The pointer takes the form of a two octet sequence:
1614
1615 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1616 | 1 1| OFFSET |
1617 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1618
1619 The first two bits are ones. This allows a pointer to be distinguished
1620 from a label, since the label must begin with two zero bits because
1621 labels are restricted to 63 octets or less. (The 10 and 01 combinations
1622 are reserved for future use.) The OFFSET field specifies an offset from
1623 the start of the message (i.e., the first octet of the ID field in the
1624 domain header). A zero offset specifies the first byte of the ID field,
1625 etc.
1626
1627 The compression scheme allows a domain name in a message to be
1628 represented as either:
1629
1630 - a sequence of labels ending in a zero octet
1631
1632 - a pointer
1633
1634 - a sequence of labels ending with a pointer
1635
In this scheme, an entire domain name or a list of labels at the end of a domain name is replaced with a pointer to a prior occurance of the same name.
In this scheme, an entire domain name or a list of labels at the end of a domain name is replaced with a pointer to a prior occurarence of the same name.
1636 Pointers can only be used for occurances of a domain name where the
1637 format is not class specific. If this were not the case, a name server
1638 or resolver would be required to know the format of all RRs it handled.
1639 As yet, there are no such cases, but they may occur in future RDATA
1640 formats.
1641
1642 If a domain name is contained in a part of the message subject to a
1643 length field (such as the RDATA section of an RR), and compression is
1644
1645
1646
1647 Mockapetris [Page 30]
1648 RFC 1035 Domain Implementation and Specification November 1987
1649
1650
1651 used, the length of the compressed name is used in the length
1652 calculation, rather than the length of the expanded name.
1653
1654 Programs are free to avoid using pointers in messages they generate,
1655 although this will reduce datagram capacity, and may cause truncation.
1656 However all programs are required to understand arriving messages that
1657 contain pointers.
1658
1659 For example, a datagram might need to use the domain names F.ISI.ARPA,
1660 FOO.F.ISI.ARPA, ARPA, and the root. Ignoring the other fields of the
1661 message, these domain names might be represented as:
1662
1663 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1664 20 | 1 | F |
1665 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1666 22 | 3 | I |
1667 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1668 24 | S | I |
1669 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1670 26 | 4 | A |
1671 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1672 28 | R | P |
1673 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1674 30 | A | 0 |
1675 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1676
1677 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1678 40 | 3 | F |
1679 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1680 42 | O | O |
1681 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1682 44 | 1 1| 20 |
1683 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1684
1685 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1686 64 | 1 1| 26 |
1687 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1688
1689 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1690 92 | 0 | |
1691 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1692
1693 The domain name for F.ISI.ARPA is shown at offset 20. The domain name
1694 FOO.F.ISI.ARPA is shown at offset 40; this definition uses a pointer to
1695 concatenate a label for FOO to the previously defined F.ISI.ARPA. The
1696 domain name ARPA is defined at offset 64 using a pointer to the ARPA
1697 component of the name F.ISI.ARPA at 20; note that this pointer relies on
1698 ARPA being the last label in the string at 20. The root domain name is
1699
1700
1701
1702 Mockapetris [Page 31]
1703 RFC 1035 Domain Implementation and Specification November 1987
1704
1705
1706 defined by a single octet of zeros at 92; the root domain name has no
1707 labels.
1708
1709 4.2. Transport
1710
1711 The DNS assumes that messages will be transmitted as datagrams or in a
1712 byte stream carried by a virtual circuit. While virtual circuits can be
1713 used for any DNS activity, datagrams are preferred for queries due to
1714 their lower overhead and better performance. Zone refresh activities
1715 must use virtual circuits because of the need for reliable transfer.
1716
1717 The Internet supports name server access using TCP [RFC-793] on server
1718 port 53 (decimal) as well as datagram access using UDP [RFC-768] on UDP
1719 port 53 (decimal).
1720
1721 4.2.1. UDP usage
1722
Messages sent using UDP user server port 53 (decimal).
Messages sent using UDP uses server port 53 (decimal).
--VERIFIER NOTES-- Duplicate of errata #4227.
RFC7766 describes the implementation requirements for DNS over TCP.
Section 7 of RFC 7766 says:
RFC 1035 is ambiguous on the question of whether TCP responses may be reordered -- the only relevant text is in Section 4.2.1, which relates to UDP: Queries or their responses may be reordered by the network, or by processing in name servers, so resolvers should not depend on them being returned in order. For the avoidance of future doubt, this requirement is clarified. Authoritative servers and recursive resolvers are RECOMMENDED to support the preparing of responses in parallel and sending them out of order, regardless of the transport protocol in use. Stub and recursive resolvers MUST be able to process responses that arrive in a different order than that in which the requests were sent, regardless of the transport protocol in use.
1723 Messages sent using UDP user server port 53 (decimal).
1724
1725 Messages carried by UDP are restricted to 512 bytes (not counting the IP
1726 or UDP headers). Longer messages are truncated and the TC bit is set in
1727 the header.
1728
1729 UDP is not acceptable for zone transfers, but is the recommended method
1730 for standard queries in the Internet. Queries sent using UDP may be
1731 lost, and hence a retransmission strategy is required. Queries or their
1732 responses may be reordered by the network, or by processing in name
1733 servers, so resolvers should not depend on them being returned in order.
1734
1735 The optimal UDP retransmission policy will vary with performance of the
1736 Internet and the needs of the client, but the following are recommended:
1737
1738 - The client should try other servers and server addresses
1739 before repeating a query to a specific address of a server.
1740
1741 - The retransmission interval should be based on prior
1742 statistics if possible. Too aggressive retransmission can
1743 easily slow responses for the community at large. Depending
1744 on how well connected the client is to its expected servers,
1745 the minimum retransmission interval should be 2-5 seconds.
1746
1747 More suggestions on server selection and retransmission policy can be
1748 found in the resolver section of this memo.
1749
1750 4.2.2. TCP usage
1751
1752 Messages sent over TCP connections use server port 53 (decimal). The
1753 message is prefixed with a two byte length field which gives the message
1754
1755
1756
1757 Mockapetris [Page 32]
1758 RFC 1035 Domain Implementation and Specification November 1987
1759
1760
1761 length, excluding the two byte length field. This length field allows
1762 the low-level processing to assemble a complete message before beginning
1763 to parse it.
1764
1765 Several connection management policies are recommended:
1766
1767 - The server should not block other activities waiting for TCP
1768 data.
1769
1770 - The server should support multiple connections.
1771
1772 - The server should assume that the client will initiate
1773 connection closing, and should delay closing its end of the
1774 connection until all outstanding client requests have been
1775 satisfied.
1776
1777 - If the server needs to close a dormant connection to reclaim
1778 resources, it should wait until the connection has been idle
1779 for a period on the order of two minutes. In particular, the
Messages sent using UDP user server port 53 (decimal).
Messages sent using UDP userserver port 53 (decimal).
1780 server should allow the SOA and AXFR request sequence (which
1781 begins a refresh operation) to be made on a single connection.
1782 Since the server would be unable to answer queries anyway, a
1783 unilateral close or reset may be used instead of a graceful
1784 close.
1785
1786 5. MASTER FILES
1787
1788 Master files are text files that contain RRs in text form. Since the
1789 contents of a zone can be expressed in the form of a list of RRs a
1790 master file is most often used to define a zone, though it can be used
1791 to list a cache's contents. Hence, this section first discusses the
1792 format of RRs in a master file, and then the special considerations when
1793 a master file is used to create a zone in some name server.
1794
1795 5.1. Format
1796
1797 The format of these files is a sequence of entries. Entries are
1798 predominantly line-oriented, though parentheses can be used to continue
1799 a list of items across a line boundary, and text literals can contain
1800 CRLF within the text. Any combination of tabs and spaces act as a
1801 delimiter between the separate items that make up an entry. The end of
1802 any line in the master file can end with a comment. The comment starts
1803 with a ";" (semicolon).
1804
RFC5936 is a complete re-definition of AXFR. Its abstract says: "The definition of AXFR has proven insufficient in detail, thereby forcing implementations intended to be compliant to make assumptions, impeding interoperability. Yet today we have a satisfactory set of implementations that do interoperate. This document is a new definition of AXFR -- new in the sense that it records an accurate definition of an interoperable AXFR mechanism."
1805 The following entries are defined:
1806
1807 <blank>[<comment>]
1808
1809
1810
1811
1812 Mockapetris [Page 33]
1813 RFC 1035 Domain Implementation and Specification November 1987
1814
1815
1816 $ORIGIN <domain-name> [<comment>]
1817
1818 $INCLUDE <file-name> [<domain-name>] [<comment>]
1819
1820 <domain-name><rr> [<comment>]
1821
1822 <blank><rr> [<comment>]
1823
1824 Blank lines, with or without comments, are allowed anywhere in the file.
1825
1826 Two control entries are defined: $ORIGIN and $INCLUDE. $ORIGIN is
1827 followed by a domain name, and resets the current origin for relative
1828 domain names to the stated name. $INCLUDE inserts the named file into
1829 the current file, and may optionally specify a domain name that sets the
1830 relative domain name origin for the included file. $INCLUDE may also
1831 have a comment. Note that a $INCLUDE entry never changes the relative
1832 origin of the parent file, regardless of changes to the relative origin
1833 made within the included file.
1834
1835 The last two forms represent RRs. If an entry for an RR begins with a
1836 blank, then the RR is assumed to be owned by the last stated owner. If
1837 an RR entry begins with a <domain-name>, then the owner name is reset.
1838
1839 <rr> contents take one of the following forms:
1840
1841 [<TTL>] [<class>] <type> <RDATA>
1842
1843 [<class>] [<TTL>] <type> <RDATA>
1844
1845 The RR begins with optional TTL and class fields, followed by a type and
1846 RDATA field appropriate to the type and class. Class and type use the
1847 standard mnemonics, TTL is a decimal integer. Omitted class and TTL
1848 values are default to the last explicitly stated values. Since type and
1849 class mnemonics are disjoint, the parse is unique. (Note that this
1850 order is different from the order used in examples and the order used in
1851 the actual RRs; the given order allows easier parsing and defaulting.)
1852
1853 <domain-name>s make up a large share of the data in the master file.
1854 The labels in the domain name are expressed as character strings and
1855 separated by dots. Quoting conventions allow arbitrary characters to be
1856 stored in domain names. Domain names that end in a dot are called
1857 absolute, and are taken as complete. Domain names which do not end in a
1858 dot are called relative; the actual domain name is the concatenation of
1859 the relative part with an origin specified in a $ORIGIN, $INCLUDE, or as
1860 an argument to the master file loading routine. A relative name is an
1861 error when no origin is available.
1862
1863
1864
1865
1866
1867 Mockapetris [Page 34]
1868 RFC 1035 Domain Implementation and Specification November 1987
1869
1870
1871 <character-string> is expressed in one or two ways: as a contiguous set
1872 of characters without interior spaces, or as a string beginning with a "
1873 and ending with a ". Inside a " delimited string any character can
1874 occur, except for a " itself, which must be quoted using \ (back slash).
1875
Section 4 of RFC2308 says:
The Master File format [RFC 1035 Section 5] is extended to include the following directive: $TTL <TTL> [comment] All resource records appearing after the directive, and which do not explicitly include a TTL value, have their TTL set to the TTL given in the $TTL directive. SIG records without a explicit TTL get their TTL from the "original TTL" of the SIG record [RFC 2065 Section 4.5].
1876 Because these files are text files several special encodings are
1877 necessary to allow arbitrary data to be loaded. In particular:
1878
1879 of the root.
1880
1881 @ A free standing @ is used to denote the current origin.
1882
1883 \X where X is any character other than a digit (0-9), is
1884 used to quote that character so that its special meaning
1885 does not apply. For example, "\." can be used to place
1886 a dot character in a label.
1887
Because these files are text files several special encodings are
necessary to allow arbitrary data to be loaded. In particular:
of the root.
@ A free standing @ is used to denote the current origin.
Because these files are text files several special encodings are necessary to allow arbitrary data to be loaded. In particular:of the root.@ A free standing @ is used to denote the current origin.
1888 \DDD where each D is a digit is the octet corresponding to
1889 the decimal number described by DDD. The resulting
1890 octet is assumed to be text and is not checked for
1891 special meaning.
1892
1893 ( ) Parentheses are used to group data that crosses a line
1894 boundary. In effect, line terminations are not
1895 recognized within parentheses.
1896
1897 ; Semicolon is used to start a comment; the remainder of
1898 the line is ignored.
1899
1900 5.2. Use of master files to define zones
1901
1902 When a master file is used to load a zone, the operation should be
1903 suppressed if any errors are encountered in the master file. The
1904 rationale for this is that a single error can have widespread
1905 consequences. For example, suppose that the RRs defining a delegation
1906 have syntax errors; then the server will return authoritative name
1907 errors for all names in the subzone (except in the case where the
1908 subzone is also present on the server).
1909
1910 Several other validity checks that should be performed in addition to
1911 insuring that the file is syntactically correct:
1912
1913 1. All RRs in the file should have the same class.
1914
1915 2. Exactly one SOA RR should be present at the top of the zone.
1916
1917 3. If delegations are present and glue information is required,
1918 it should be present.
1919
1920
1921
1922 Mockapetris [Page 35]
1923 RFC 1035 Domain Implementation and Specification November 1987
1924
1925
1926 4. Information present outside of the authoritative nodes in the
1927 zone should be glue information, rather than the result of an
1928 origin or similar error.
1929
1930 5.3. Master file example
1931
Several other validity checks that should be performed in addition to
insuring that the file is syntactically correct:
1. All RRs in the file should have the same class.
2. Exactly one SOA RR should be present at the top of the zone.
3. If delegations are present and glue information is required,
it should be present.
4. Information present outside of the authoritative nodes in the
zone should be glue information, rather than the result of an
origin or similar error.
Several other validity checks that should be performed in addition to
insuring that the file is syntactically correct:
1. All RRs in the file should have the same class.
2. Exactly one SOA RR should be present at the top of the zone.
3. If delegations are present and glue information is required,
it should be present.
4. Information present outside of the authoritative nodes in the
zone should be glue information, rather than the result of an
origin or similar error.
5. At least one NS RR must be present at the top of the zone.
1932 The following is an example file which might be used to define the
1933 ISI.EDU zone.and is loaded with an origin of ISI.EDU:
1934
1935 @ IN SOA VENERA Action\.domains (
1936 20 ; SERIAL
1937 7200 ; REFRESH
1938 600 ; RETRY
1939 3600000; EXPIRE
1940 60) ; MINIMUM
1941
1942 NS A.ISI.EDU.
1943 NS VENERA
1944 NS VAXA
1945 MX 10 VENERA
1946 MX 20 VAXA
1947
1948 A A 26.3.0.103
1949
1950 VENERA A 10.1.0.52
1951 A 128.9.0.32
1952
1953 VAXA A 10.2.0.27
1954 A 128.9.0.33
1955
1956
1957 $INCLUDE <SUBSYS>ISI-MAILBOXES.TXT
1958
1959 Where the file <SUBSYS>ISI-MAILBOXES.TXT is:
1960
1961 MOE MB A.ISI.EDU.
1962 LARRY MB A.ISI.EDU.
1963 CURLEY MB A.ISI.EDU.
1964 STOOGES MG MOE
1965 MG LARRY
1966 MG CURLEY
1967
1968 Note the use of the \ character in the SOA RR to specify the responsible
1969 person mailbox "Action.domains@E.ISI.EDU".
1970
1971
1972
1973
1974
1975
1976
1977 Mockapetris [Page 36]
1978 RFC 1035 Domain Implementation and Specification November 1987
1979
1980
1981 6. NAME SERVER IMPLEMENTATION
1982
1983 6.1. Architecture
1984
1985 The optimal structure for the name server will depend on the host
1986 operating system and whether the name server is integrated with resolver
1987 operations, either by supporting recursive service, or by sharing its
1988 database with a resolver. This section discusses implementation
1989 considerations for a name server which shares a database with a
1990 resolver, but most of these concerns are present in any name server.
1991
1992 6.1.1. Control
1993
1994 A name server must employ multiple concurrent activities, whether they
1995 are implemented as separate tasks in the host's OS or multiplexing
1996 inside a single name server program. It is simply not acceptable for a
1997 name server to block the service of UDP requests while it waits for TCP
1998 data for refreshing or query activities. Similarly, a name server
1999 should not attempt to provide recursive service without processing such
2000 requests in parallel, though it may choose to serialize requests from a
2001 single client, or to regard identical requests from the same client as
2002 duplicates. A name server should not substantially delay requests while
2003 it reloads a zone from master files or while it incorporates a newly
2004 refreshed zone into its database.
2005
2006 6.1.2. Database
2007
2008 While name server implementations are free to use any internal data
2009 structures they choose, the suggested structure consists of three major
2010 parts:
2011
2012 - A "catalog" data structure which lists the zones available to
2013 this server, and a "pointer" to the zone data structure. The
2014 main purpose of this structure is to find the nearest ancestor
2015 zone, if any, for arriving standard queries.
2016
2017 - Separate data structures for each of the zones held by the
2018 name server.
2019
2020 - A data structure for cached data. (or perhaps separate caches
2021 for different classes)
2022
2023 All of these data structures can be implemented an identical tree
2024 structure format, with different data chained off the nodes in different
2025 parts: in the catalog the data is pointers to zones, while in the zone
2026 and cache data structures, the data will be RRs. In designing the tree
2027 framework the designer should recognize that query processing will need
2028 to traverse the tree using case-insensitive label comparisons; and that
2029
2030
2031
2032 Mockapetris [Page 37]
2033 RFC 1035 Domain Implementation and Specification November 1987
2034
2035
2036 in real data, a few nodes have a very high branching factor (100-1000 or
2037 more), but the vast majority have a very low branching factor (0-1).
2038
The following is an example file which might be used to define the ISI.EDU zone.and is loaded with an origin of ISI.EDU:
The following is an example file which might be used to define the ISI.EDU zone.and is loaded with an origin of ISI.EDU:
The following is an example file which might be used to define the
ISI.EDU zone.and is loaded with an origin of ISI.EDU:
@ IN SOA VENERA Action\.domains (
20 ; SERIAL
7200 ; REFRESH
600 ; RETRY
3600000; EXPIRE
60) ; MINIMUM
NS A.ISI.EDU.
NS VENERA
NS VAXA
MX 10 VENERA
MX 20 VAXA
A A 26.3.0.103
VENERA A 10.1.0.52
A 128.9.0.32
VAXA A 10.2.0.27
A 128.9.0.33
[...]
Note the use of the \ character in the SOA RR to specify the responsible
person mailbox "Action.domains@E.ISI.EDU".
The following is an example file which might be used to define the
ISI.EDU zone.and is loaded with an origin of ISI.EDU:
@ IN SOA VENERA Action\.domains (
20 ; SERIAL
7200 ; REFRESH
600 ; RETRY
3600000; EXPIRE
60) ; MINIMUM
NS A.ISI.EDU.
NS VENERA
NS VAXA
MX 10 VENERA
MX 20 VAXA
A A 26.3.0.103
VENERA A 10.1.0.52
A 128.9.0.32
VAXA A 10.2.0.27
A 128.9.0.33
[...]
Note the use of the \ character in the SOA RR to specify the responsible
person mailbox "Action.domains@E.ISI.EDU".
2039 One way to solve the case problem is to store the labels for each node
2040 in two pieces: a standardized-case representation of the label where all
2041 ASCII characters are in a single case, together with a bit mask that
2042 denotes which characters are actually of a different case. The
2043 branching factor diversity can be handled using a simple linked list for
2044 a node until the branching factor exceeds some threshold, and
2045 transitioning to a hash structure after the threshold is exceeded. In
2046 any case, hash structures used to store tree sections must insure that
2047 hash functions and procedures preserve the casing conventions of the
2048 DNS.
2049
2050 The use of separate structures for the different parts of the database
2051 is motivated by several factors:
2052
2053 - The catalog structure can be an almost static structure that
2054 need change only when the system administrator changes the
2055 zones supported by the server. This structure can also be
2056 used to store parameters used to control refreshing
2057 activities.
2058
2059 - The individual data structures for zones allow a zone to be
2060 replaced simply by changing a pointer in the catalog. Zone
2061 refresh operations can build a new structure and, when
2062 complete, splice it into the database via a simple pointer
2063 replacement. It is very important that when a zone is
2064 refreshed, queries should not use old and new data
2065 simultaneously.
2066
2067 - With the proper search procedures, authoritative data in zones
2068 will always "hide", and hence take precedence over, cached
2069 data.
2070
2071 - Errors in zone definitions that cause overlapping zones, etc.,
2072 may cause erroneous responses to queries, but problem
2073 determination is simplified, and the contents of one "bad"
2074 zone can't corrupt another.
2075
2076 - Since the cache is most frequently updated, it is most
2077 vulnerable to corruption during system restarts. It can also
2078 become full of expired RR data. In either case, it can easily
2079 be discarded without disturbing zone data.
2080
2081 A major aspect of database design is selecting a structure which allows
2082 the name server to deal with crashes of the name server's host. State
2083 information which a name server should save across system crashes
2084
2085
2086
2087 Mockapetris [Page 38]
2088 RFC 1035 Domain Implementation and Specification November 1987
2089
2090
2091 includes the catalog structure (including the state of refreshing for
2092 each zone) and the zone data itself.
2093
2094 6.1.3. Time
2095
2096 Both the TTL data for RRs and the timing data for refreshing activities
2097 depends on 32 bit timers in units of seconds. Inside the database,
2098 refresh timers and TTLs for cached data conceptually "count down", while
2099 data in the zone stays with constant TTLs.
2100
2101 A recommended implementation strategy is to store time in two ways: as
2102 a relative increment and as an absolute time. One way to do this is to
2103 use positive 32 bit numbers for one type and negative numbers for the
2104 other. The RRs in zones use relative times; the refresh timers and
2105 cache data use absolute times. Absolute numbers are taken with respect
2106 to some known origin and converted to relative values when placed in the
2107 response to a query. When an absolute TTL is negative after conversion
2108 to relative, then the data is expired and should be ignored.
2109
2110 6.2. Standard query processing
2111
2112 The major algorithm for standard query processing is presented in
2113 [RFC-1034].
2114
2115 When processing queries with QCLASS=*, or some other QCLASS which
2116 matches multiple classes, the response should never be authoritative
2117 unless the server can guarantee that the response covers all classes.
2118
2119 When composing a response, RRs which are to be inserted in the
2120 additional section, but duplicate RRs in the answer or authority
2121 sections, may be omitted from the additional section.
2122
All of RFC4343 is relevant to any discussion of the case of characters.
2123 When a response is so long that truncation is required, the truncation
2124 should start at the end of the response and work forward in the
2125 datagram. Thus if there is any data for the authority section, the
2126 answer section is guaranteed to be unique.
2127
2128 The MINIMUM value in the SOA should be used to set a floor on the TTL of
2129 data distributed from a zone. This floor function should be done when
2130 the data is copied into a response. This will allow future dynamic
2131 update protocols to change the SOA MINIMUM field without ambiguous
2132 semantics.
2133
2134 6.3. Zone refresh and reload processing
2135
2136 In spite of a server's best efforts, it may be unable to load zone data
2137 from a master file due to syntax errors, etc., or be unable to refresh a
2138 zone within the its expiration parameter. In this case, the name server
2139
2140
2141
2142 Mockapetris [Page 39]
2143 RFC 1035 Domain Implementation and Specification November 1987
2144
2145
2146 should answer queries as if it were not supposed to possess the zone.
2147
2148 If a master is sending a zone out via AXFR, and a new version is created
2149 during the transfer, the master should continue to send the old version
2150 if possible. In any case, it should never send part of one version and
2151 part of another. If completion is not possible, the master should reset
2152 the connection on which the zone transfer is taking place.
2153
2154 6.4. Inverse queries (Optional)
2155
2156 Inverse queries are an optional part of the DNS. Name servers are not
2157 required to support any form of inverse queries. If a name server
2158 receives an inverse query that it does not support, it returns an error
2159 response with the "Not Implemented" error set in the header. While
2160 inverse query support is optional, all name servers must be at least
2161 able to return the error response.
2162
2163 6.4.1. The contents of inverse queries and responses Inverse
2164 queries reverse the mappings performed by standard query operations;
2165 while a standard query maps a domain name to a resource, an inverse
2166 query maps a resource to a domain name. For example, a standard query
2167 might bind a domain name to a host address; the corresponding inverse
2168 query binds the host address to a domain name.
2169
2170 Inverse queries take the form of a single RR in the answer section of
2171 the message, with an empty question section. The owner name of the
2172 query RR and its TTL are not significant. The response carries
2173 questions in the question section which identify all names possessing
2174 the query RR WHICH THE NAME SERVER KNOWS. Since no name server knows
2175 about all of the domain name space, the response can never be assumed to
2176 be complete. Thus inverse queries are primarily useful for database
2177 management and debugging activities. Inverse queries are NOT an
2178 acceptable method of mapping host addresses to host names; use the IN-
2179 ADDR.ARPA domain instead.
2180
When a response is so long that truncation is required, the truncation should start at the end of the response and work forward in the datagram. Thus if there is any data for the authority section, the answer section is guaranteed to be unique.
When a response is so long that truncation is required, the truncation should start at the end of the response and work forward in the datagram. Thus if there is any data for the authority section, the answer section is guaranteed to beuniquecomplete.
2181 Where possible, name servers should provide case-insensitive comparisons
2182 for inverse queries. Thus an inverse query asking for an MX RR of
2183 "Venera.isi.edu" should get the same response as a query for
2184 "VENERA.ISI.EDU"; an inverse query for HINFO RR "IBM-PC UNIX" should
2185 produce the same result as an inverse query for "IBM-pc unix". However,
2186 this cannot be guaranteed because name servers may possess RRs that
2187 contain character strings but the name server does not know that the
2188 data is character.
2189
2190 When a name server processes an inverse query, it either returns:
2191
2192 1. zero, one, or multiple domain names for the specified
2193 resource as QNAMEs in the question section
2194
2195
2196
2197 Mockapetris [Page 40]
2198 RFC 1035 Domain Implementation and Specification November 1987
2199
2200
2201 2. an error code indicating that the name server doesn't support
2202 inverse mapping of the specified resource type.
2203
2204 When the response to an inverse query contains one or more QNAMEs, the
2205 owner name and TTL of the RR in the answer section which defines the
2206 inverse query is modified to exactly match an RR found at the first
2207 QNAME.
2208
2209 RRs returned in the inverse queries cannot be cached using the same
2210 mechanism as is used for the replies to standard queries. One reason
2211 for this is that a name might have multiple RRs of the same type, and
2212 only one would appear. For example, an inverse query for a single
2213 address of a multiply homed host might create the impression that only
2214 one address existed.
2215
2216 6.4.2. Inverse query and response example The overall structure
2217 of an inverse query for retrieving the domain name that corresponds to
2218 Internet address 10.1.0.52 is shown below:
2219
All of RFC4343 is relevant to any discussion of the case of characters.
2220 +-----------------------------------------+
+-----------------------------------------+
Header | OPCODE=RESPONSE, ID=997 |
+-----------------------------------------+
Question |QTYPE=A, QCLASS=IN, QNAME=VENERA.ISI.EDU |
+-----------------------------------------+
Answer | VENERA.ISI.EDU A IN 10.1.0.52 |
+-----------------------------------------+
Authority | <empty> |
+-----------------------------------------+
Additional | <empty> |
+-----------------------------------------+
+-----------------------------------------+
Header | OPCODE=IQUERY, ID=997, QR=1 |
+-----------------------------------------+
Question |QTYPE=A, QCLASS=IN, QNAME=VENERA.ISI.EDU |
+-----------------------------------------+
Answer | VENERA.ISI.EDU A IN 10.1.0.52 |
+-----------------------------------------+
Authority | <empty> |
+-----------------------------------------+
Additional | <empty> |
+-----------------------------------------+
2221 Header | OPCODE=IQUERY, ID=997 |
2222 +-----------------------------------------+
2223 Question | <empty> |
2224 +-----------------------------------------+
2225 Answer | <anyname> A IN 10.1.0.52 |
2226 +-----------------------------------------+
2227 Authority | <empty> |
2228 +-----------------------------------------+
2229 Additional | <empty> |
2230 +-----------------------------------------+
2231
2232 This query asks for a question whose answer is the Internet style
2233 address 10.1.0.52. Since the owner name is not known, any domain name
2234 can be used as a placeholder (and is ignored). A single octet of zero,
2235 signifying the root, is usually used because it minimizes the length of
2236 the message. The TTL of the RR is not significant. The response to
2237 this query might be:
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252 Mockapetris [Page 41]
2253 RFC 1035 Domain Implementation and Specification November 1987
2254
2255
2256 +-----------------------------------------+
2257 Header | OPCODE=RESPONSE, ID=997 |
2258 +-----------------------------------------+
2259 Question |QTYPE=A, QCLASS=IN, QNAME=VENERA.ISI.EDU |
2260 +-----------------------------------------+
2261 Answer | VENERA.ISI.EDU A IN 10.1.0.52 |
2262 +-----------------------------------------+
2263 Authority | <empty> |
2264 +-----------------------------------------+
2265 Additional | <empty> |
2266 +-----------------------------------------+
2267
2268 Note that the QTYPE in a response to an inverse query is the same as the
2269 TYPE field in the answer section of the inverse query. Responses to
2270 inverse queries may contain multiple questions when the inverse is not
2271 unique. If the question section in the response is not empty, then the
2272 RR in the answer section is modified to correspond to be an exact copy
2273 of an RR at the first QNAME.
2274
2275 6.4.3. Inverse query processing
2276
2277 Name servers that support inverse queries can support these operations
2278 through exhaustive searches of their databases, but this becomes
2279 impractical as the size of the database increases. An alternative
2280 approach is to invert the database according to the search key.
2281
2282 For name servers that support multiple zones and a large amount of data,
2283 the recommended approach is separate inversions for each zone. When a
2284 particular zone is changed during a refresh, only its inversions need to
2285 be redone.
2286
2287 Support for transfer of this type of inversion may be included in future
2288 versions of the domain system, but is not supported in this version.
2289
2290 6.5. Completion queries and responses
2291
2292 The optional completion services described in RFC-882 and RFC-883 have
2293 been deleted. Redesigned services may become available in the future.
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307 Mockapetris [Page 42]
2308 RFC 1035 Domain Implementation and Specification November 1987
2309
2310
2311 7. RESOLVER IMPLEMENTATION
2312
2313 The top levels of the recommended resolver algorithm are discussed in
2314 [RFC-1034]. This section discusses implementation details assuming the
2315 database structure suggested in the name server implementation section
2316 of this memo.
2317
2318 7.1. Transforming a user request into a query
2319
2320 The first step a resolver takes is to transform the client's request,
2321 stated in a format suitable to the local OS, into a search specification
2322 for RRs at a specific name which match a specific QTYPE and QCLASS.
2323 Where possible, the QTYPE and QCLASS should correspond to a single type
2324 and a single class, because this makes the use of cached data much
2325 simpler. The reason for this is that the presence of data of one type
2326 in a cache doesn't confirm the existence or non-existence of data of
2327 other types, hence the only way to be sure is to consult an
2328 authoritative source. If QCLASS=* is used, then authoritative answers
2329 won't be available.
2330
2331 Since a resolver must be able to multiplex multiple requests if it is to
2332 perform its function efficiently, each pending request is usually
2333 represented in some block of state information. This state block will
2334 typically contain:
2335
RFC3425 obsoletes IQUERY.
2336 - A timestamp indicating the time the request began.
2337 The timestamp is used to decide whether RRs in the database
2338 can be used or are out of date. This timestamp uses the
2339 absolute time format previously discussed for RR storage in
2340 zones and caches. Note that when an RRs TTL indicates a
2341 relative time, the RR must be timely, since it is part of a
2342 zone. When the RR has an absolute time, it is part of a
2343 cache, and the TTL of the RR is compared against the timestamp
2344 for the start of the request.
2345
2346 Note that using the timestamp is superior to using a current
2347 time, since it allows RRs with TTLs of zero to be entered in
2348 the cache in the usual manner, but still used by the current
2349 request, even after intervals of many seconds due to system
2350 load, query retransmission timeouts, etc.
2351
2352 - Some sort of parameters to limit the amount of work which will
2353 be performed for this request.
2354
2355 The amount of work which a resolver will do in response to a
2356 client request must be limited to guard against errors in the
2357 database, such as circular CNAME references, and operational
2358 problems, such as network partition which prevents the
2359
2360
2361
2362 Mockapetris [Page 43]
2363 RFC 1035 Domain Implementation and Specification November 1987
2364
2365
2366 resolver from accessing the name servers it needs. While
2367 local limits on the number of times a resolver will retransmit
2368 a particular query to a particular name server address are
2369 essential, the resolver should have a global per-request
2370 counter to limit work on a single request. The counter should
2371 be set to some initial value and decremented whenever the
2372 resolver performs any action (retransmission timeout,
2373 retransmission, etc.) If the counter passes zero, the request
2374 is terminated with a temporary error.
2375
2376 Note that if the resolver structure allows one request to
2377 start others in parallel, such as when the need to access a
2378 name server for one request causes a parallel resolve for the
2379 name server's addresses, the spawned request should be started
2380 with a lower counter. This prevents circular references in
2381 the database from starting a chain reaction of resolver
2382 activity.
2383
2384 - The SLIST data structure discussed in [RFC-1034].
2385
2386 This structure keeps track of the state of a request if it
2387 must wait for answers from foreign name servers.
2388
2389 7.2. Sending the queries
2390
2391 As described in [RFC-1034], the basic task of the resolver is to
2392 formulate a query which will answer the client's request and direct that
2393 query to name servers which can provide the information. The resolver
2394 will usually only have very strong hints about which servers to ask, in
2395 the form of NS RRs, and may have to revise the query, in response to
2396 CNAMEs, or revise the set of name servers the resolver is asking, in
2397 response to delegation responses which point the resolver to name
2398 servers closer to the desired information. In addition to the
2399 information requested by the client, the resolver may have to call upon
2400 its own services to determine the address of name servers it wishes to
2401 contact.
2402
2403 In any case, the model used in this memo assumes that the resolver is
2404 multiplexing attention between multiple requests, some from the client,
2405 and some internally generated. Each request is represented by some
2406 state information, and the desired behavior is that the resolver
2407 transmit queries to name servers in a way that maximizes the probability
2408 that the request is answered, minimizes the time that the request takes,
2409 and avoids excessive transmissions. The key algorithm uses the state
2410 information of the request to select the next name server address to
2411 query, and also computes a timeout which will cause the next action
2412 should a response not arrive. The next action will usually be a
2413 transmission to some other server, but may be a temporary error to the
2414
2415
2416
2417 Mockapetris [Page 44]
2418 RFC 1035 Domain Implementation and Specification November 1987
2419
2420
2421 client.
2422
2423 The resolver always starts with a list of server names to query (SLIST).
2424 This list will be all NS RRs which correspond to the nearest ancestor
2425 zone that the resolver knows about. To avoid startup problems, the
2426 resolver should have a set of default servers which it will ask should
2427 it have no current NS RRs which are appropriate. The resolver then adds
2428 to SLIST all of the known addresses for the name servers, and may start
2429 parallel requests to acquire the addresses of the servers when the
2430 resolver has the name, but no addresses, for the name servers.
2431
2432 To complete initialization of SLIST, the resolver attaches whatever
2433 history information it has to the each address in SLIST. This will
2434 usually consist of some sort of weighted averages for the response time
2435 of the address, and the batting average of the address (i.e., how often
2436 the address responded at all to the request). Note that this
2437 information should be kept on a per address basis, rather than on a per
2438 name server basis, because the response time and batting average of a
2439 particular server may vary considerably from address to address. Note
2440 also that this information is actually specific to a resolver address /
2441 server address pair, so a resolver with multiple addresses may wish to
2442 keep separate histories for each of its addresses. Part of this step
2443 must deal with addresses which have no such history; in this case an
2444 expected round trip time of 5-10 seconds should be the worst case, with
2445 lower estimates for the same local network, etc.
2446
2447 Note that whenever a delegation is followed, the resolver algorithm
2448 reinitializes SLIST.
2449
2450 The information establishes a partial ranking of the available name
2451 server addresses. Each time an address is chosen and the state should
2452 be altered to prevent its selection again until all other addresses have
2453 been tried. The timeout for each transmission should be 50-100% greater
2454 than the average predicted value to allow for variance in response.
2455
2456 Some fine points:
2457
2458 - The resolver may encounter a situation where no addresses are
2459 available for any of the name servers named in SLIST, and
2460 where the servers in the list are precisely those which would
2461 normally be used to look up their own addresses. This
2462 situation typically occurs when the glue address RRs have a
2463 smaller TTL than the NS RRs marking delegation, or when the
2464 resolver caches the result of a NS search. The resolver
2465 should detect this condition and restart the search at the
2466 next ancestor zone, or alternatively at the root.
2467
2468
2469
2470
2471
2472 Mockapetris [Page 45]
2473 RFC 1035 Domain Implementation and Specification November 1987
2474
2475
2476 - If a resolver gets a server error or other bizarre response
2477 from a name server, it should remove it from SLIST, and may
2478 wish to schedule an immediate transmission to the next
2479 candidate server address.
2480
2481 7.3. Processing responses
2482
2483 The first step in processing arriving response datagrams is to parse the
2484 response. This procedure should include:
2485
2486 - Check the header for reasonableness. Discard datagrams which
2487 are queries when responses are expected.
2488
2489 - Parse the sections of the message, and insure that all RRs are
2490 correctly formatted.
2491
2492 - As an optional step, check the TTLs of arriving data looking
2493 for RRs with excessively long TTLs. If a RR has an
2494 excessively long TTL, say greater than 1 week, either discard
2495 the whole response, or limit all TTLs in the response to 1
2496 week.
2497
2498 The next step is to match the response to a current resolver request.
2499 The recommended strategy is to do a preliminary matching using the ID
2500 field in the domain header, and then to verify that the question section
2501 corresponds to the information currently desired. This requires that
2502 the transmission algorithm devote several bits of the domain ID field to
2503 a request identifier of some sort. This step has several fine points:
2504
2505 - Some name servers send their responses from different
2506 addresses than the one used to receive the query. That is, a
2507 resolver cannot rely that a response will come from the same
2508 address which it sent the corresponding query to. This name
2509 server bug is typically encountered in UNIX systems.
2510
2511 - If the resolver retransmits a particular request to a name
2512 server it should be able to use a response from any of the
2513 transmissions. However, if it is using the response to sample
2514 the round trip time to access the name server, it must be able
2515 to determine which transmission matches the response (and keep
2516 transmission times for each outgoing message), or only
2517 calculate round trip times based on initial transmissions.
2518
2519 - A name server will occasionally not have a current copy of a
2520 zone which it should have according to some NS RRs. The
2521 resolver should simply remove the name server from the current
2522 SLIST, and continue.
2523
2524
2525
2526
2527 Mockapetris [Page 46]
2528 RFC 1035 Domain Implementation and Specification November 1987
2529
2530
2531 7.4. Using the cache
2532
2533 In general, we expect a resolver to cache all data which it receives in
2534 responses since it may be useful in answering future client requests.
2535 However, there are several types of data which should not be cached:
2536
2537 - When several RRs of the same type are available for a
2538 particular owner name, the resolver should either cache them
2539 all or none at all. When a response is truncated, and a
2540 resolver doesn't know whether it has a complete set, it should
2541 not cache a possibly partial set of RRs.
2542
2543 - Cached data should never be used in preference to
2544 authoritative data, so if caching would cause this to happen
2545 the data should not be cached.
2546
2547 - The results of an inverse query should not be cached.
2548
2549 - The results of standard queries where the QNAME contains "*"
2550 labels if the data might be used to construct wildcards. The
2551 reason is that the cache does not necessarily contain existing
2552 RRs or zone boundary information which is necessary to
2553 restrict the application of the wildcard RRs.
2554
2555 - RR data in responses of dubious reliability. When a resolver
2556 receives unsolicited responses or RR data other than that
2557 requested, it should discard it without caching it. The basic
2558 implication is that all sanity checks on a packet should be
2559 performed before any of it is cached.
2560
2561 In a similar vein, when a resolver has a set of RRs for some name in a
2562 response, and wants to cache the RRs, it should check its cache for
2563 already existing RRs. Depending on the circumstances, either the data
2564 in the response or the cache is preferred, but the two should never be
2565 combined. If the data in the response is from authoritative data in the
2566 answer section, it is always preferred.
2567
2568 8. MAIL SUPPORT
2569
2570 The domain system defines a standard for mapping mailboxes into domain
2571 names, and two methods for using the mailbox information to derive mail
2572 routing information. The first method is called mail exchange binding
2573 and the other method is mailbox binding. The mailbox encoding standard
2574 and mail exchange binding are part of the DNS official protocol, and are
2575 the recommended method for mail routing in the Internet. Mailbox
2576 binding is an experimental feature which is still under development and
2577 subject to change.
2578
2579
2580
2581
2582 Mockapetris [Page 47]
2583 RFC 1035 Domain Implementation and Specification November 1987
2584
2585
2586 The mailbox encoding standard assumes a mailbox name of the form
2587 "<local-part>@<mail-domain>". While the syntax allowed in each of these
2588 sections varies substantially between the various mail internets, the
2589 preferred syntax for the ARPA Internet is given in [RFC-822].
2590
2591 The DNS encodes the <local-part> as a single label, and encodes the
2592 <mail-domain> as a domain name. The single label from the <local-part>
2593 is prefaced to the domain name from <mail-domain> to form the domain
2594 name corresponding to the mailbox. Thus the mailbox HOSTMASTER@SRI-
2595 NIC.ARPA is mapped into the domain name HOSTMASTER.SRI-NIC.ARPA. If the
2596 <local-part> contains dots or other special characters, its
2597 representation in a master file will require the use of backslash
2598 quoting to ensure that the domain name is properly encoded. For
2599 example, the mailbox Action.domains@ISI.EDU would be represented as
2600 Action\.domains.ISI.EDU.
2601
2602 8.1. Mail exchange binding
2603
2604 Mail exchange binding uses the <mail-domain> part of a mailbox
2605 specification to determine where mail should be sent. The <local-part>
2606 is not even consulted. [RFC-974] specifies this method in detail, and
2607 should be consulted before attempting to use mail exchange support.
2608
2609 One of the advantages of this method is that it decouples mail
2610 destination naming from the hosts used to support mail service, at the
2611 cost of another layer of indirection in the lookup function. However,
2612 the addition layer should eliminate the need for complicated "%", "!",
2613 etc encodings in <local-part>.
2614
2615 The essence of the method is that the <mail-domain> is used as a domain
2616 name to locate type MX RRs which list hosts willing to accept mail for
2617 <mail-domain>, together with preference values which rank the hosts
2618 according to an order specified by the administrators for <mail-domain>.
2619
2620 In this memo, the <mail-domain> ISI.EDU is used in examples, together
2621 with the hosts VENERA.ISI.EDU and VAXA.ISI.EDU as mail exchanges for
2622 ISI.EDU. If a mailer had a message for Mockapetris@ISI.EDU, it would
2623 route it by looking up MX RRs for ISI.EDU. The MX RRs at ISI.EDU name
2624 VENERA.ISI.EDU and VAXA.ISI.EDU, and type A queries can find the host
2625 addresses.
2626
2627 8.2. Mailbox binding (Experimental)
2628
2629 In mailbox binding, the mailer uses the entire mail destination
2630 specification to construct a domain name. The encoded domain name for
2631 the mailbox is used as the QNAME field in a QTYPE=MAILB query.
2632
2633 Several outcomes are possible for this query:
2634
2635
2636
2637 Mockapetris [Page 48]
2638 RFC 1035 Domain Implementation and Specification November 1987
2639
2640
2641 1. The query can return a name error indicating that the mailbox
2642 does not exist as a domain name.
2643
2644 In the long term, this would indicate that the specified
2645 mailbox doesn't exist. However, until the use of mailbox
2646 binding is universal, this error condition should be
2647 interpreted to mean that the organization identified by the
2648 global part does not support mailbox binding. The
2649 appropriate procedure is to revert to exchange binding at
2650 this point.
2651
2652 2. The query can return a Mail Rename (MR) RR.
2653
2654 The MR RR carries new mailbox specification in its RDATA
2655 field. The mailer should replace the old mailbox with the
2656 new one and retry the operation.
2657
2658 3. The query can return a MB RR.
2659
2660 The MB RR carries a domain name for a host in its RDATA
2661 field. The mailer should deliver the message to that host
2662 via whatever protocol is applicable, e.g., b,SMTP.
2663
2664 4. The query can return one or more Mail Group (MG) RRs.
2665
2666 This condition means that the mailbox was actually a mailing
2667 list or mail group, rather than a single mailbox. Each MG RR
2668 has a RDATA field that identifies a mailbox that is a member
2669 of the group. The mailer should deliver a copy of the
2670 message to each member.
2671
2672 5. The query can return a MB RR as well as one or more MG RRs.
2673
This timestamp uses the absolute time format previously discussed for RR storage in zones and caches
This timestamp uses the absolute time format previously discussed for RR storage inzones andcaches
2674 This condition means the the mailbox was actually a mailing
2675 list. The mailer can either deliver the message to the host
2676 specified by the MB RR, which will in turn do the delivery to
2677 all members, or the mailer can use the MG RRs to do the
2678 expansion itself.
2679
2680 In any of these cases, the response may include a Mail Information
2681 (MINFO) RR. This RR is usually associated with a mail group, but is
2682 legal with a MB. The MINFO RR identifies two mailboxes. One of these
2683 identifies a responsible person for the original mailbox name. This
2684 mailbox should be used for requests to be added to a mail group, etc.
2685 The second mailbox name in the MINFO RR identifies a mailbox that should
2686 receive error messages for mail failures. This is particularly
2687 appropriate for mailing lists when errors in member names should be
2688 reported to a person other than the one who sends a message to the list.
2689
2690
2691
2692 Mockapetris [Page 49]
2693 RFC 1035 Domain Implementation and Specification November 1987
2694
2695
2696 New fields may be added to this RR in the future.
2697
2698
2699 9. REFERENCES and BIBLIOGRAPHY
2700
2701 [Dyer 87] S. Dyer, F. Hsu, "Hesiod", Project Athena
2702 Technical Plan - Name Service, April 1987, version 1.9.
2703
2704 Describes the fundamentals of the Hesiod name service.
2705
2706 [IEN-116] J. Postel, "Internet Name Server", IEN-116,
2707 USC/Information Sciences Institute, August 1979.
2708
2709 A name service obsoleted by the Domain Name System, but
2710 still in use.
2711
2712 [Quarterman 86] J. Quarterman, and J. Hoskins, "Notable Computer Networks",
2713 Communications of the ACM, October 1986, volume 29, number
2714 10.
2715
2716 [RFC-742] K. Harrenstien, "NAME/FINGER", RFC-742, Network
2717 Information Center, SRI International, December 1977.
2718
2719 [RFC-768] J. Postel, "User Datagram Protocol", RFC-768,
2720 USC/Information Sciences Institute, August 1980.
2721
2722 [RFC-793] J. Postel, "Transmission Control Protocol", RFC-793,
2723 USC/Information Sciences Institute, September 1981.
2724
2725 [RFC-799] D. Mills, "Internet Name Domains", RFC-799, COMSAT,
2726 September 1981.
2727
2728 Suggests introduction of a hierarchy in place of a flat
2729 name space for the Internet.
2730
2731 [RFC-805] J. Postel, "Computer Mail Meeting Notes", RFC-805,
2732 USC/Information Sciences Institute, February 1982.
2733
2734 [RFC-810] E. Feinler, K. Harrenstien, Z. Su, and V. White, "DOD
2735 Internet Host Table Specification", RFC-810, Network
2736 Information Center, SRI International, March 1982.
2737
2738 Obsolete. See RFC-952.
2739
2740 [RFC-811] K. Harrenstien, V. White, and E. Feinler, "Hostnames
2741 Server", RFC-811, Network Information Center, SRI
2742 International, March 1982.
2743
2744
2745
2746
2747 Mockapetris [Page 50]
2748 RFC 1035 Domain Implementation and Specification November 1987
2749
2750
2751 Obsolete. See RFC-953.
2752
2753 [RFC-812] K. Harrenstien, and V. White, "NICNAME/WHOIS", RFC-812,
2754 Network Information Center, SRI International, March
2755 1982.
2756
2757 [RFC-819] Z. Su, and J. Postel, "The Domain Naming Convention for
2758 Internet User Applications", RFC-819, Network
2759 Information Center, SRI International, August 1982.
2760
2761 Early thoughts on the design of the domain system.
2762 Current implementation is completely different.
2763
2764 [RFC-821] J. Postel, "Simple Mail Transfer Protocol", RFC-821,
2765 USC/Information Sciences Institute, August 1980.
2766
2767 [RFC-830] Z. Su, "A Distributed System for Internet Name Service",
2768 RFC-830, Network Information Center, SRI International,
2769 October 1982.
2770
2771 Early thoughts on the design of the domain system.
2772 Current implementation is completely different.
2773
2774 [RFC-882] P. Mockapetris, "Domain names - Concepts and
2775 Facilities," RFC-882, USC/Information Sciences
2776 Institute, November 1983.
2777
2778 Superceeded by this memo.
2779
2780 [RFC-883] P. Mockapetris, "Domain names - Implementation and
2781 Specification," RFC-883, USC/Information Sciences
2782 Institute, November 1983.
2783
2784 Superceeded by this memo.
2785
2786 [RFC-920] J. Postel and J. Reynolds, "Domain Requirements",
2787 RFC-920, USC/Information Sciences Institute,
2788 October 1984.
2789
2790 Explains the naming scheme for top level domains.
2791
2792 [RFC-952] K. Harrenstien, M. Stahl, E. Feinler, "DoD Internet Host
2793 Table Specification", RFC-952, SRI, October 1985.
2794
2795 Specifies the format of HOSTS.TXT, the host/address
2796 table replaced by the DNS.
2797
2798
2799
2800
2801
2802 Mockapetris [Page 51]
2803 RFC 1035 Domain Implementation and Specification November 1987
2804
2805
2806 [RFC-953] K. Harrenstien, M. Stahl, E. Feinler, "HOSTNAME Server",
2807 RFC-953, SRI, October 1985.
2808
2809 This RFC contains the official specification of the
2810 hostname server protocol, which is obsoleted by the DNS.
2811 This TCP based protocol accesses information stored in
2812 the RFC-952 format, and is used to obtain copies of the
2813 host table.
2814
2815 [RFC-973] P. Mockapetris, "Domain System Changes and
2816 Observations", RFC-973, USC/Information Sciences
2817 Institute, January 1986.
2818
2819 Describes changes to RFC-882 and RFC-883 and reasons for
2820 them.
2821
2822 [RFC-974] C. Partridge, "Mail routing and the domain system",
2823 RFC-974, CSNET CIC BBN Labs, January 1986.
2824
2825 Describes the transition from HOSTS.TXT based mail
2826 addressing to the more powerful MX system used with the
2827 domain system.
2828
2829 [RFC-1001] NetBIOS Working Group, "Protocol standard for a NetBIOS
2830 service on a TCP/UDP transport: Concepts and Methods",
2831 RFC-1001, March 1987.
2832
2833 This RFC and RFC-1002 are a preliminary design for
2834 NETBIOS on top of TCP/IP which proposes to base NetBIOS
2835 name service on top of the DNS.
2836
2837 [RFC-1002] NetBIOS Working Group, "Protocol standard for a NetBIOS
2838 service on a TCP/UDP transport: Detailed
2839 Specifications", RFC-1002, March 1987.
2840
2841 [RFC-1010] J. Reynolds, and J. Postel, "Assigned Numbers", RFC-1010,
2842 USC/Information Sciences Institute, May 1987.
2843
2844 Contains socket numbers and mnemonics for host names,
2845 operating systems, etc.
2846
2847 [RFC-1031] W. Lazear, "MILNET Name Domain Transition", RFC-1031,
2848 November 1987.
2849
2850 Describes a plan for converting the MILNET to the DNS.
2851
2852 [RFC-1032] M. Stahl, "Establishing a Domain - Guidelines for
2853 Administrators", RFC-1032, November 1987.
2854
2855
2856
2857 Mockapetris [Page 52]
2858 RFC 1035 Domain Implementation and Specification November 1987
2859
2860
2861 Describes the registration policies used by the NIC to
2862 administer the top level domains and delegate subzones.
2863
2864 [RFC-1033] M. Lottor, "Domain Administrators Operations Guide",
2865 RFC-1033, November 1987.
2866
2867 A cookbook for domain administrators.
2868
2869 [Solomon 82] M. Solomon, L. Landweber, and D. Neuhengen, "The CSNET
2870 Name Server", Computer Networks, vol 6, nr 3, July 1982.
2871
2872 Describes a name service for CSNET which is independent
2873 from the DNS and DNS use in the CSNET.
2874
2875
2876
2877
2878
2879
2880
2881
2882
2883
2884
2885
2886
2887
2888
2889
2890
2891
2892
2893
2894
2895
2896
2897
2898
2899
2900
2901
2902
2903
2904
2905
2906
2907
2908
2909
2910
2911
2912 Mockapetris [Page 53]
2913 RFC 1035 Domain Implementation and Specification November 1987
2914
2915
2916 Index
2917
2918 * 13
2919
2920 ; 33, 35
2921
2922 <character-string> 35
2923 <domain-name> 34
2924
2925 @ 35
2926
2927 \ 35
2928
2929 A 12
2930
2931 Byte order 8
2932
2933 CH 13
2934 Character case 9
2935 CLASS 11
2936 CNAME 12
2937 Completion 42
2938 CS 13
2939
2940 Hesiod 13
2941 HINFO 12
2942 HS 13
2943
2944 IN 13
2945 IN-ADDR.ARPA domain 22
2946 Inverse queries 40
2947
2948 Mailbox names 47
2949 MB 12
2950 MD 12
2951 MF 12
2952 MG 12
2953 MINFO 12
2954 MINIMUM 20
2955 MR 12
2956 MX 12
2957
2958 NS 12
2959 NULL 12
2960
2961 Port numbers 32
2962 Primary server 5
2963 PTR 12, 18
2964
2965
2966
2967 Mockapetris [Page 54]
2968 RFC 1035 Domain Implementation and Specification November 1987
2969
2970
2971 QCLASS 13
2972 QTYPE 12
2973
2974 RDATA 12
2975 RDLENGTH 11
2976
2977 Secondary server 5
2978 SOA 12
2979 Stub resolvers 7
2980
2981 TCP 32
2982 TXT 12
2983 TYPE 11
2984
2985 UDP 32
2986
2987 WKS 12
2988
2989
2990
2991
2992
2993
2994
2995
2996
2997
2998
2999
3000
3001
3002
3003
3004
3005
3006
3007
3008
3009
3010
3011
3012
3013
3014
3015
3016
3017
3018
3019
3020
3021
3022 Mockapetris [Page 55]
3023