diff options
author | Todd C. Miller <millert@cvs.openbsd.org> | 1998-05-22 02:51:15 +0000 |
---|---|---|
committer | Todd C. Miller <millert@cvs.openbsd.org> | 1998-05-22 02:51:15 +0000 |
commit | 162c273b88b66f71bcd54f4109b0b0b322851e41 (patch) | |
tree | 643aa4ab3797301cd1e8de4909a2c08121a072cd | |
parent | 7ac814106465c723cd3c20fa4f352fb0e39a35b7 (diff) |
updated bind docs
36 files changed, 50729 insertions, 0 deletions
diff --git a/usr.sbin/named/doc/misc/FAQ.2of2 b/usr.sbin/named/doc/misc/FAQ.2of2 new file mode 100644 index 00000000000..40e16494b5b --- /dev/null +++ b/usr.sbin/named/doc/misc/FAQ.2of2 @@ -0,0 +1,1298 @@ +Newsgroups: comp.protocols.tcp-ip.domains,comp.answers,news.answers +Path: vixie!news1.digital.com!su-news-hub1.bbnplanet.com!news.bbnplanet.com!cam-news-hub1.bbnplanet.com!news.mathworks.com!news.kei.com!uhog.mit.edu!rutgers!njitgw.njit.edu!hertz.njit.edu!cdp2582 +From: cdp2582@hertz.njit.edu (Chris Peckham) +Subject: comp.protocols.tcp-ip.domains Frequently Asked Questions (FAQ) (Part 2 of 2) +Message-ID: <cptd-faq-2-849940949@njit.edu> +Followup-To: comp.protocols.tcp-ip.domains +Originator: cdp2582@hertz.njit.edu +Keywords: BIND,DOMAIN,DNS +Sender: news@njit.edu +Supersedes: <cptd-faq-2-847336183@njit.edu> +Nntp-Posting-Host: hertz.njit.edu +X-Posting-Frequency: posted during the first week of each month +Reply-To: domain-faq@njit.edu (comp.protocols.tcp-ip.domains FAQ comments) +Organization: NJIT.EDU - New Jersey Institute of Technology, Newark, NJ, USA +References: <cptd-faq-1-849940949@njit.edu> +Date: Sat, 7 Dec 1996 06:42:49 GMT +Approved: news-answers-request@MIT.EDU +Expires: Sat 11 Jan 97 02:42:29 EDT +Lines: 1277 +Xref: vixie comp.protocols.tcp-ip.domains:12905 comp.answers:22441 news.answers:85683 + +Posted-By: auto-faq 3.1.1.2 +Archive-name: internet/tcp-ip/domains-faq/part2 +Revision: 1.13 1996/12/07 06:42:15 + + +(Continued from Part 1, where you'll find the introduction and +table of contents.) + + +=============================================================================== + +Section 5. CONFIGURATION + + Q5.1 Changing a Secondary server to a Primary server ? + Q5.2 Moving a Primary server to another server + Q5.3 How do I subnet a Class B Address ? + Q5.4 Subnetted domain name service + Q5.5 Recommended format/style of DNS files + Q5.6 DNS on a system not connected to the Internet + Q5.7 Multiple Domain configuration + Q5.8 wildcard MX records + Q5.9 How do you identify a wildcard MX record ? + Q5.10 Why are fully qualified domain names recommended ? + Q5.11 Distributing load using named + Q5.12 Order of returned records + Q5.13 resolv.conf + Q5.14 How do I delegate authority for sub-domains ? + Q5.15 DNS instead of NIS on a Sun OS 4.1.x system + Q5.16 Patches to add functionality to BIND + Q5.17 How to serve multiple domains from one server + +----------------------------------------------------------------------------- + +Question 5.1. Changing a Secondary server to a Primary server ? + +Date: Fri Jul 5 23:54:35 EDT 1996 + +For 4.8.3, it's prudent to kill and restart following any changes to +named.boot. + +In BIND 4.9.3, you only have to kill and restart named if you change a +primary zone to a secondary or v-v, or if you delete a zone and remain +authoritative for its parent. Every other case should be taken care of by +a HUP. (Ed. note: 4.9.3b9 may still require you to kill and restart the +server due to some bugs in the HUP code). + +You will also need to update the server information on the root servers. +You can do this by filing a new domain registration form to inform +InterNIC of the change. They will then update the root server's SOA +records. This process usually takes 10-12 business days after they +receive the request. + +----------------------------------------------------------------------------- + +Question 5.2. Moving a Primary server to another server + +Date: Fri Jul 5 23:54:35 EDT 1996 + +The usual solution is to move the primary to ns.newserver.com, and have +ns.oldserver.com be configured as a secondary server until the change to +the root servers takes place after the request has been made to the +InterNIC. + +If you are moving to a different ISP which will change your IP's, the +recommened setting for the SOA that would minimize problems for your name +servers using the old settings can be done as follows: + +Gradually lower the TTL value in your SOA (that's the last one of the five +numbers) to always be equal to the time left until you change over. +(assuming that none of your resource records have individual TTL's set, if +so, do likewise witht them.) So, the day before, lower to 43200 seconds +(12 hours). Then lower every few hours to be the time remaining until +the change-over. So, an hour before the change, you may just want to +lower it all the way to 60 seconds or so. That way no one can cache +information past the change-over. + +After the change, start gradually incrementing the TTL value, because +you'll probably be making changes to work out problems. Once everything +stabilizes, move the TTL up to whatever your normal values are. + +To minimize name servers from using the "old settings", you can do the +same thing with the "refresh" interval in the SOA (the second number of +the SOA). That will tell the secondaries to refresh every X seconds. +Lower that value as you approach the changeover date. You probably don't +want to go much below an hour or you'll start the primary thrashing as all +the secondaries perpetually refresh. + +Also see the answer to the "How can I change the IP address of our server +?" in the INTRODUCTION section. + +----------------------------------------------------------------------------- + +Question 5.3. How do I subnet a Class B Address ? + +Date: Fri Apr 28 13:34:52 EDT 1995 + +That you need to subnet at all is something of a misconception. You can +also think of a class B network as giving you 65,534 individual hosts, and +such a network will work. You can also configure your class B as 16,384 +networks of 2 hosts each. That's obviously not very practical, but it +needs to be made clear that you are not constrained by the size of an +octet (remember that many older devices would not work in a network +configured in this manner). + +So, the question is: why do you need to subnet? One reason is that it is +easier to manage a subnetted network, and in fact, you can delegate the +responsibility for address space management to local administrators on the +various subnets. Also, IP based problems will end up localized rather +than affecting your entire network. + +If your network is a large backbone with numerous segments individually +branching off the backbone, that too suggests subnetting. + +Subnetting can also be used to improve routing conditions. + +You may wish to partition your network to disallow certain protocols on +certain segments of your net. You can, for example, restrict IP or IPX to +certain segments only by adding a router routing high level protocols, +and across the router you may have to subnet. + +Finally, as far as how many subnets you need depends on the answer to the +above question. As far as subnet masks are concerned, the mask can be +anything from 255.0.0.0 to 255.255.255.252. You'll probably be looking at +9 or 10 bits for the subnet (last octet 128 or 192 respectively). RFC +1219 discusses the issue of subnetting very well and leaves the network +administrator with a large amount of flexibility for future growth. + +----------------------------------------------------------------------------- + +Question 5.4. Subnetted domain name service + +Date: Mon Aug 5 23:00:16 EDT 1996 + +If you are looking for some examples of handling subnetted class C +networks as separate DNS domains, see the Internet Draft + +draft-ietf-cidrd-classless-inaddr-02.txt + +for more information. This file is available for anonymous ftp at + +ds.internic.net : +/internet-drafts/draft-ietf-cidrd-classless-inaddr-02.txt + +or other IETF mirror sites (ftp.is.ca.za [Africa], nic.nordu.net [Europe], +munnari.oz.au [Pacific Rim], ds.internic.net [US East Coast], or +ftp.isi.edu [US West Coast]). + +Details follow- You need to delegate down to the fourth octet, so you will +have one domain per IP address ! Here is how you can subdelegate a +in-addr.arpa address for non-byte aligned subnet masks: + +Take as an example the net 192.1.1.x, and example subnet mask +255.255.255.240. + +We first define the domain for the class C net, + + $origin 1.1.192.in-addr.arpa + @ SOA (usual stuff) + @ ns some.nameserver + ns some.other.nameserver + ; delegate a subdomain + one ns one.nameserver + ns some.nameserver + ; delegate another + two ns two.nameserver + ns some.nameserver + ; CNAME pointers to subdomain one + 0 CNAME 0.one + 1 CNAME 1.one + ; through + 15 CNAME 15.one + ; CNAME pointers to subdomain two + 16 CNAME 16.two + 17 CNAME 17.two + 31 CNAME 31.two + ; CNAME as many as required. + +Now, in the delegated nameserver, one.nameserver + + $origin one.1.1.192.in-addr.arpa + @ SOA (usual stuff) + NS one.nameserver + NS some.nameserver ; secondary for us + 0 PTR onenet.one.domain + 1 PTR onehost.one.domain + ; through + 15 PTR lasthost.one.domain + +And similar for the two.1.1.192.in-addr.arpa delegated domain. + +There is additional documentation and a perl script that may be used for +this purpose available for anonymous ftp from: + +ftp.vix.com : /pub/bind/contrib/gencidrzone + +----------------------------------------------------------------------------- + +Question 5.5. Recommended format/style of DNS files + +Date: Sun Nov 27 23:32:41 EST 1994 + +This answer is quoted from an article posted by Paul Vixie: + + I've gone back and forth on the question of whether the BOG should + include a section on this topic. I know what I myself prefer, but + I'm wary of ramming my own stylistic preferences down the throat of + every BOG reader. But since you ask :-)... + + Create /var/named. If your system is too old to have a /var, either + create one or use /usr/local/adm/named instead. Put your named.boot + in it, and make /etc/named.boot a symlink to it. If your system + doesn't have symlinks, you're S-O-L (but you knew that). In + named.boot, put a "directory" directive that specifies your actual + BIND working directory: + + directory /var/named + + All relative pathnames used in "primary", "secondary", and "cache" + directives will be evaluated relative to this directory. Create two + subdirectories, /var/named/pri and /var/named/sec. Whenever you add + a "primary" directive to your named.boot, use "pri/WHATEVER" as the + path name. And then put the primary zone file into "pri/WHATEVER". + Likewise when you add "secondary" directives, use "sec/WHATEVER" and + BIND (really named-xfer) will create the files in that + subdirectory. + + (Variations: (1) make a midlevel directory "zones" and put "pri" and + "sec" into it; (2) if you tend to pick up a lot of secondaries from + a few hosts, group them together in their own subdirectories -- + something like /var/named/zones/uucp if you're a UUCP Project name + server.) + + For your forward files, name them after the zone. dec.com becomes + "/var/named/zones/pri/dec.com". For your reverse files, name them + after the network number. 0.1.16.in-addr.arpa becomes + "/var/named/zones/pri/16.1.0". + + When creating or maintaining primary zone files, try to use the same + SOA values everywhere, except for the serial number which varies per + zone. Put a $ORIGIN directive at the top of the primary zone file, + not because its needed (it's not since the default origin is the + zone named in the "primary" directive) but because it make it easier + to remember what you're working on when you have a lot of primary + zones. Put some comments up there indicating contact information + for the real owner if you're proxying. Use RCS and put the "Id" + in a ";" comment near the top of the zone file. + + The SOA and other top level information should all be listed + together. But don't put IN on every line, it defaults nicely. For + example: + +============== +@ IN SOA gw.home.vix.com. postmaster.vix.com. ( + 1994082501 ; serial + 3600 ; refresh (1 hour) + 1800 ; retry (30 mins) + 604800 ; expire (7 days) + 3600 ) ; minimum (1 hour) + + NS gw.home.vix.com. + NS ns.uu.net. + NS uucp-gw-1.pa.dec.com. + NS uucp-gw-2.pa.dec.com. + + MX 10 gw.home.vix.com. + MX 20 uucp-gw-1.pa.dec.com. + MX 20 uucp-gw-1.pa.dec.com. +============== + + I don't necessarily recommend those SOA values. Not every zone is + as volatile as the example shown. I do recommend that serial number + format; it's in date format with a 2-digit per-day revision number. + This format will last us until 2147 A.D. at which point I expect a + better solution will have been found :-). (Note that it would last + until 4294 A.D. except that there are some old BINDs out there that + use a signed quantity for representing serial number interally; I + suppose that as long as none of these are still running after 2047 + A.D., that we can use the above serial number format until 4294 + A.D., at which point a better solution will HAVE to be found.) + + You'll note that I use a tab stop for "IN" even though I never again + specify it. This leaves room for names longer than 7 bytes without + messing up the columns. You might also note that I've put the MX + priority and destination in the same tab stop; this is because both + are part of the RRdata and both are very different from MX which is + an RRtype. Some folks seem to prefer to group "MX" and the priority + together in one tab stop. While this looks neat it's very confusing + to newcomers and for them it violates the law of least + astonishment. + + If you have a multi-level zone (one which contains names that have + dots in them), you can use additional $ORIGIN statements but I + recommend against it since there is no "back" operator. That is, + given the above example you can add: + +============= +$ORIGIN home +gw A 192.5.5.1 +============= + + The problem with this is that subsequent RR's had better be + somewhere under the "home.vix.com" name or else the $ORIGIN that + introduces them will have to use a fully qualified name. FQDN + $ORIGIN's aren't bad and I won't be mad if you use them. + Unqualified ones as shown above are real trouble. I usually stay + away from them and just put the whole name in: + +============= +gw.home A 192.5.5.1 +============= + + In your reverse zones, you're usually in some good luck because the + owner name is usually a single short token or sometimes two. + +============= +$ORIGIN 5.5.192.in-addr.arpa. +@ IN SOA ... + NS ... +1 PTR gw.home.vix.com. +========================================= +$ORIGIN 1.16.in-addr.arpa. +@ IN SOA ... + NS ... +2.0 PTR gatekeeper.dec.com. +============= + + It is usually pretty hard to keep your forward and reverse zones in + synch. You can avoid that whole problem by just using "h2n" (see + the ORA book, DNS and BIND, and its sample toolkit, included in the + BIND distribution or on ftp.uu.net (use the QUOTE SITE EXEC INDEX + command there to find this -- I never can remember where it's at). + "h2n" and many tools like it can just read your old /etc/hosts file + and churn it into DNS zone files. (May I recommend + contrib/decwrl/mkdb.pl from the BIND distribution?) However, if you + (like me) prefer to edit these things by hand, you need to follow + the simple convention of making all of your holes consistent. If + you use 192.5.5.1 and 192.5.5.3 but not (yet) 192.5.5.2, then in + your forward file you will have something like + +============= +... +gw.home A 192.5.5.1 +;avail A 192.5.5.2 +pc.home A 192.5.5.3 +============= + + and in your reverse file you will have something like + +============= +... +1 PTR gw.home.vix.com. +;2 PTR avail +3 PTR pc.home.vix.com. +============= + + This convention will allow you to keep your sanity and make fewer + errors. Any kind of automation (h2n, mkdb, or your own + perl/tcl/awk/python tools) will help you maintain a consistent + universe even if it's also a complex one. Editing by hand doesn't + have to be deadly but you MUST take care. + +----------------------------------------------------------------------------- + +Question 5.6. DNS on a system not connected to the Internet + +Date: Sun Nov 27 23:32:41 EST 1994 + +You need to create your own root domain name server until you connect to +the internet. Your roots need to delegate to mydomain.com and any +in-addr.arpa subdomains you might have, and that's about it. As soon as +you're connected, rip out the fake roots and use the real ones. + +It does not actually have to be another server pretending to be the root. +You can set up the name server so that it is primary for each domain above +you and leave them empty (i.e. you are foo.bar.com - claim to be primary +for bar.com and com) + +If you connect intermittently and want DNS to work when you are connected, +and "fail" when you are not, you can point the resolver at the name server +at the remote site and if the connection (SLIP/PPP) isn't up, the resolver +doesn't have a route to the remote server and since there's only one name +server in resolv.conf, the resolver quickly backs off the using +/etc/hosts. No problem. You could do the same with multiple name server +and a resolver that did configurable /etc/hosts fallback. + +----------------------------------------------------------------------------- + +Question 5.7. Multiple Domain configuration + +Date: Fri Dec 2 15:40:49 EST 1994 + +If you want to have multiple domain names pointing to the same +destination, such as: + + ftp ftp.biff.com connects user to -> ftp.biff.com + ftp ftp.fred.com connects user to -> ftp.biff.com + ftp ftp.bowser.com connects user to -> ftp.biff.com + +You may do this by using CNAMEs: + + ftp.bowser.com. IN CNAME ftp.biff.com. + +You can also do the same thing with multiple A records. + +----------------------------------------------------------------------------- + +Question 5.8. wildcard MX records + +Date: Sun Nov 27 23:32:41 EST 1994 + +Does BIND not understand wildcard MX records such as the following? + + *.foo.com MX 0 mail.foo.com. + +No. It just doesn't work. + +Explicit RR's at one level of specificity will, by design, "block" a +wildcard at a lesser level of specificity. I suspect that you have an RR +(an A RR, perhaps?) for "bar.foo.com" which is blocking the application of +your "*.foo.com" wildcard. The initial MX query is thus failing (NOERROR +but an answer count of 0), and the backup query finds the A RR for +"bar.foo.com" and uses it to deliver the mail directly (which is what you +DIDN'T want it to do). Adding an explicit MX RR for the host is therefore +the right way to handle this situation. + +See RFC 1034, Section 4.3.3 ("Wildcards") for more information on this +"blocking" behavior, along with an illustrative example. See also RFC 974 +for an explanation of standard mailer behavior in the face of an "empty" +response to one's MX query. + +Basically, what it boils down to is, there is no point in trying to use a +wildcard MX for a host which is otherwise listed in the DNS. + +It just doesn't work. + +----------------------------------------------------------------------------- + +Question 5.9. How do you identify a wildcard MX record ? + +Date: Thu Dec 1 11:10:39 EST 1994 + +You don't really need to "identify" a wildcard MX RR. The precedence for +u@dom is: + + exact match MX + exact match A + wildcard MX + +One way to implement this is to query for ("dom",IN,MX) and if the answer +name that comes back is "*." something, you know it's a wildcard, +therefore you know there is no exact match MX, and you therefore query for +("dom",IN,A) and if you get something, use it. if you don't, use the +previous wildcard response. + +RFC 974 explains this pretty well. + +----------------------------------------------------------------------------- + +Question 5.10. Why are fully qualified domain names recommended ? + +Date: Sun Nov 27 23:32:41 EST 1994 + +The documentation for BIND 4.9.2 says that the hostname should be set to +the full domain style name (i.e host.our.domain rather than host). What +advantages are there in this, and are there any adverse consequences if we +don't? + +Paul Vixie likes to do it :-) He lists a few reasons - + +* Sendmail can be configured to just use Dj$w rather than Dj$w.mumble + where "mumble" is something you have to edit in by hand. Granted, most + people use "mumble" elsewhere in their config files ("tack on local + domain", etc) but why should it be a requirement ? +* The real reason is that not doing it violates a very useful invariant: + gethostbyname(gethostname) == gethostbyaddr(primary_interface_address) + + If you take an address and go "backwards" through the PTR's with it, + you'll get a FQDN, and if you push that back through the A RR's, you get + the same address. Or you should. Many multi-homed hosts violate this + uncaringly. + + If you take a non-FQDN hostname and push it "forwards" through the A + RR's, you get an address which, if you push it through the PTR's, comes + back as a FQDN which is not the same as the hostname you started with. + Consider the fact that, absent NIS/YP, there is no "domainname" command + analogous to the "hostname" command. (NIS/YP's doesn't count, of + course, since it's sometimes-but-only-rarely the same as the Internet + domain or subdomain above a given host's name.) The "domain" keyword in + resolv.conf doesn't specify the parent domain of the current host; it + specifies the default domain of queries initiated on the current host, + which can be a very different thing. (As of RFC 1535 and BIND 4.9.2's + compliance with it, most people use "search" in resolv.conf, which + overrides "domain", anyway.) + + What this means is that there is NO authoritative way to + programmatically discover your host's FQDN unless it is set in the + hostname, or unless every application is willing to grovel the "netstat + -in" tables, find what it hopes is the primary address, and do a PTR + query on it. + + FQDN /bin/hostnames are, intuitively or not, the simplest way to go. + +----------------------------------------------------------------------------- + +Question 5.11. Distributing load using named + +Date: Wed Mar 1 11:04:43 EST 1995 + +When you attempt to distribute the load on a system using named, the first +response be cached, and then later queries use the cached value (This +would be for requests that come through the same server). Therefore, it +can be useful to use a lower TTL on records where this is important. You +can use values like 300 or 500 seconds. + +If your local caching server has ROUND_ROBIN, it does not matter what the +authoritative servers have -- every response from the cache is rotated. + +But if it doesn't, and the authoritative server site is depending on this +feature (or the old "shuffle-A") to do load balancing, then if one doesn't +use small TTLs, one could conceivably end up with a really nasty +situation, e.g., hundreds of workstations at a branch campus pounding on +the same front end at the authoritative server's site during class +registration. + +Not nice. + +Paul Vixie has an example of the ROUND_ROBIN code in action. Here is +something that he wrote regarding his example: + + >I want users to be distributed evenly among those 3 hosts. + + Believe it or not :-), BIND offers an ugly way to do this. I offer + for your collective amusement the following snippet from the + ugly.vix.com zone file: + + hydra cname hydra1 + cname hydra2 + cname hydra3 + hydra1 a 10.1.0.1 + a 10.1.0.2 + a 10.1.0.3 + hydra2 a 10.2.0.1 + a 10.2.0.2 + a 10.2.0.3 + hydra3 a 10.3.0.1 + a 10.3.0.2 + a 10.3.0.3 + + Note that having multiple CNAME RR's at a given name is + meaningless according to the DNS RFCs but BIND doesn't mind (in + fact it doesn't even complain). If you call + gethostbyname("hydra.ugly.vix.com") (try it!) you will get + results like the following. Note that there are two round robin + rotations going on: one at ("hydra",CNAME) and one at each + ("hydra1",A) et al. I used a layer of CNAME's above the layer of + A's to keep the response size down. If you don't have nine + addresses you probably don't care and would just use a pile of + CNAME's pointing directly at real host names. + + {hydra.ugly.vix.com + name: hydra2.ugly.vix.com + aliases: hydra.ugly.vix.com + addresses: 10.2.0.2 10.2.0.3 10.2.0.1 + + {hydra.ugly.vix.com + name: hydra3.ugly.vix.com + aliases: hydra.ugly.vix.com + addresses: 10.3.0.2 10.3.0.3 10.3.0.1 + + {hydra.ugly.vix.com + name: hydra1.ugly.vix.com + aliases: hydra.ugly.vix.com + addresses: 10.1.0.2 10.1.0.3 10.1.0.1 + + {hydra.ugly.vix.com + name: hydra2.ugly.vix.com + aliases: hydra.ugly.vix.com + addresses: 10.2.0.3 10.2.0.1 10.2.0.2 + + {hydra.ugly.vix.com + name: hydra3.ugly.vix.com + aliases: hydra.ugly.vix.com + addresses: 10.3.0.3 10.3.0.1 10.3.0.2 + +----------------------------------------------------------------------------- + +Question 5.12. Order of returned records + +Sorting, is the *resolver's* responsibility. RFC 1123: + + + 6.1.3.4 Multihomed Hosts + + When the host name-to-address function encounters a host + with multiple addresses, it SHOULD rank or sort the + addresses using knowledge of the immediately connected + network number(s) and any other applicable performance or + history information. + + DISCUSSION: + The different addresses of a multihomed host generally + imply different Internet paths, and some paths may be + preferable to others in performance, reliability, or + administrative restrictions. There is no general way + for the domain system to determine the best path. A + recommended approach is to base this decision on local + configuration information set by the system + administrator. + +In BIND 4.9.x's resolver code, the "sortlist" directive in resolv.conf +can be used to configure this. + +----------------------------------------------------------------------------- + +Question 5.13. resolv.conf + +Date: Fri Feb 10 15:46:17 EST 1995 + +The question was asked one time, "Why should I use 'real' IP addresses in +/etc/resolv.conf and not 0.0.0.0 or 127.0.0.1" ? + +Paul Vixie writes on the issue of the contents of resolv.conf: + + It's historical. Some kernels can't unbind a UDP socket's source + address, and some resolver versions (notably not including BIND + 4.9.2 or 4.9.3's) try to do this. The result can be wide area + network traffic with 127.0.0.1 as the source address. Rather than + giving out a long and detailed map of version/vendor combinations of + kernels/BINDs that have/don't this problem, I just tell folks not to + use 127.0.0.1 at all. + + 0.0.0.0 is just an alias for the first interface address assigned + after a system boot, and if that interface is a up-and-down point to + point link (PPP, SLIP, whatever), there's no guarantee that you'll + be able to reach yourself via 0.0.0.0 during the entire lifetime of + any system instance. On most kernels you can finesse this by adding + static routes to 127.0.0.1 for each of your interface addresses, but + some kernels don't like that trick and rather than give a detailed + map of which ones work and which ones don't, I just globally + recommend against 0.0.0.0. + + If you know enough to know that 127.0.0.1 or 0.0.0.0 is safe on your + kernel and resolver, then feel free to use them. If you don't know + for sure that it is safe, don't use them. I never use them (except + on my laptop, whose hostname is "localhost" and whose 0.0.0.0 is + 127.0.0.1 since I ifconfig my lo0 before any other interface). The + operational advantage to using a real IP address rather than an + wormhole like 0.0.0.0 or 127.0.0.1, is that you can then "rdist" or + otherwise share identical copies of your resolv.conf on all the + systems on any given subnet, not all of which will be servers. + +The problem was with older versions of the resolver (4.8.X). If you +listed 127.0.0.1 as the first entry in resolv.conf, and for whatever +reason the local name server wasn't running and the resolver fell back to +the second name server listed, it would send queries to the name server +with the source IP address set to 127.0.0.1 (as it was set when the +resolver was trying to send to 127.0.0.1--you use the loopback address to +send to the loopback address). + +----------------------------------------------------------------------------- + +Question 5.14. How do I delegate authority for sub-domains ? + +Date: Sat Dec 7 02:04:17 EST 1996 + +When you start having a very big domain that can be broken into logical +and separate entities that can look after their own DNS information, you +will probably want to do this. Maintain a central area for the things +that everyone needs to see and delegate the authority for the other parts +of the organization so that they can manage themselves. + +Another essential piece of information is that every domain that exists +must have it NS records associated with it. These NS records denote the +name servers that are queried for information about that zone. For your +zone to be recognized by the outside world, the server responsible for the +zone above you must have created a NS record for your your new servers +(NOTE that the new servers DO NOT have to be in the new domain). For +example, putting the computer club onto the network and giving them +control over their own part of the domain space we have the following. + +The machine authorative for gu.uwa.edu.au is mackerel and the machine +authorative for ucc.gu.uwa.edu.au is marlin. + +in mackerel's data for gu.uwa.edu.au we have the following + + @ IN SOA ... + IN A 130.95.100.3 + IN MX mackerel.gu.uwa.edu.au. + IN MX uniwa.uwa.edu.au. + + marlin IN A 130.95.100.4 + + ucc IN NS marlin.gu.uwa.edu.au. + IN NS mackerel.gu.uwa.edu.au. + +Marlin is also given an IP in our domain as a convenience. If they blow +up their name serving there is less that can go wrong because people can +still see that machine which is a start. You could place "marlin.ucc" in +the first column and leave the machine totally inside the ucc domain as +well. + +The second NS line is because mackerel will be acting as secondary name +server for the ucc.gu domain. Do not include this line if you are not +authorative for the information included in the sub-domain. + +----------------------------------------------------------------------------- + +Question 5.15. DNS instead of NIS on a Sun OS 4.1.x system + +Date: Sat Dec 7 01:14:17 EST 1996 + +Comments relating to running bind 4.9.x on a Sun OS 4.1.x system and the +effect on sendmail, ftp, telnet and other TCP/IP services bypassing NIS +and directly using named is documented quite well in the +comp.sys.sun.admin FAQ in questions one and two. You can get them from: + +* ftp.ece.uc.edu : /pub/sun-faq/FAQs/sun-faq.general +* http://www.cis.ohio-state.edu/hypertext/faq/usenet/comp-sys-sun-faq + +as well as from rtfm.mit.edu in the usual place, etc. + +----------------------------------------------------------------------------- + +Question 5.16. Patches to add functionality to BIND + +Date: Tue Nov 5 23:53:47 EST 1996 + +There are others, but these are listed here: + +* When using the round robin DNS and assigning 3 IPs to a host (for + example), a process to guarantee that all 3 IPs are reachable may be + found at + http://www-leland.stanford.edu/~schemers/docs/lbnamed/lbnamed.html + +* Patches for 4.9.3-REL that will support the IPv6 AAAA record format may + be found at ftp.inria.fr : /network/ipv6/ + +* A patch for 4.9.3-REL that will allow you to turn off forwarding of + information from my server may be found at ftp.vix.com : + /pub/bind/release/4.9.3/contrib/noforward.tar.gz + +* How do I tell a server to listen to a particular interface to listen and + respond to DNS queries on ? + + Mark Andrews has a patch that will tell a 4.9.4 server to listen to a + particular interface and respond to DNS queries. It may be found at an + unofficial location: http://www.ultra.net/~jzp/andrews.patch.txt + +----------------------------------------------------------------------------- + +Question 5.17. How to serve multiple domains from one server + +Date: Tue Nov 5 23:44:02 EST 1996 + +Most name server implementations allow information about multiple domains +to be kept on one server, and questions about those domains to be +answered by that one server. For instance, there are many large servers +on the Internet that each serve information about more than 1000 +different domains. + +To be completely accurate, a server contains information about zones, +which are parts of domains that are kept as a single unit. [Ed note: for +a definition of zones and domains, see Section 2: The Name Service in the +"Name Server Operations Guide" included with the BIND 4.9.5 distribution.] + +In the configuration of the name server, the additional zones need to be +specified. An important consideration is whether a particular server is +primary or secondary for any specific zone--a secondary server maintains +only a copy of the zone, periodically refreshing its copy from another, +specified, server. In BIND, to set up a server as a secondary server for +the x.y.z zone, to the configuration file /etc/named.boot add the line + + secondary x.y.z 10.0.0.1 db.x.y.z + +where 10.0.0.1 is the IP address of the server that the zone will be +copied from, and db.x.y.z is a local filename that will contain the copy +of the zone. + +If this is a question related to how to set up multiple IP numbers on one +system, which you do not need to do to act as a domain server for +multiple domains, see + +http://www.thesphere.com/%7Edlp/TwoServers/. + +=============================================================================== + +Section 6. PROBLEMS + + Q6.1 No address for root server + Q6.2 Error - No Root Nameservers for Class XX + Q6.3 Bind 4.9.x and MX querying? + Q6.4 Do I need to define an A record for localhost ? + Q6.5 MX records, CNAMES and A records for MX targets + Q6.6 Can an NS record point to a CNAME ? + Q6.7 Nameserver forgets own A record + Q6.8 General problems (core dumps !) + Q6.9 malloc and DECstations + Q6.10 Can't resolve names without a "." + Q6.11 Err/TO errors being reported + Q6.12 Why does swapping kill BIND ? + +----------------------------------------------------------------------------- + +Question 6.1. No address for root server + +Date: Mon Jan 2 13:49:43 EST 1995 + +Q: I've been getting the following messages lately from bind-4.9.2.. + ns_req: no address for root server + +We are behind a firewall and have the following for our named.cache file - + + ; list of servers + . 99999999 IN NS POBOX.FOOBAR.COM. + 99999999 IN NS FOOHOST.FOOBAR.COM. + foobar.com. 99999999 IN NS pobox.foobar.com. +You can't do that. Your nameserver contacts POBOX.FOOBAR.COM, gets the +correct list of root servers from it, then tries again and fails because +of your firewall. + +You will need a 'forwarder' definition, to ensure that all requests are +forwarded to a host which can penetrate the firewall. And it is unwise to +put phony data into 'named.cache'. + +----------------------------------------------------------------------------- + +Question 6.2. Error - No Root Nameservers for Class XX + +Date: Sun Nov 27 23:32:41 EST 1994 + +Q: I've received errors before about "No root nameservers for class XX" + but they've been because of network connectivity problems. + I believe that Class 1 is Internet Class data. + And I think I heard someone say that Class 4 is Hesiod?? + Does anyone know what the various Class numbers are? +From RFC 1700: + + DOMAIN NAME SYSTEM PARAMETERS + The Internet Domain Naming System (DOMAIN) includes several + parameters. These are documented in [RFC1034] and [RFC1035]. The + CLASS parameter is listed here. The per CLASS parameters are + defined in separate RFCs as indicated. + + Domain System Parameters: + + Decimal Name References + -------- ---- ---------- + 0 Reserved [PM1] + 1 Internet (IN) [RFC1034,PM1] + 2 Unassigned [PM1] + 3 Chaos (CH) [PM1] + 4 Hesoid (HS) [PM1] + 5-65534 Unassigned [PM1] + 65535 Reserved [PM1] + +DNS information for RFC 1700 was taken from +ftp.isi.edu : /in-notes/iana/assignments/dns-parameters + +Hesiod is class 4, and there are no official root nameservers for class 4, +so you can safely declare yourself one if you like. You might want to +put up a packet filter so that no one outside your network is capable of +making Hesiod queries of your machines, if you define yourself to be a +root nameserver for class 4. + +----------------------------------------------------------------------------- + +Question 6.3. Bind 4.9.x and MX querying? + +Date: Sun Nov 27 23:32:41 EST 1994 + +If you query a 4.9.x DNS server for MX records, a list of the MX records +as well as a list of the authorative nameservers is returned. This +happens because bind 4.9.2 returns the list of nameserver that are +authorative for a domain in the response packet, along with their IP +addresses in the additional section. + +----------------------------------------------------------------------------- + +Question 6.4. Do I need to define an A record for localhost ? + +Date: Sat Sep 9 00:36:01 EDT 1995 + +Somewhere deep in the BOG (BIND Operations Guide) that came with 4.9.3 +(section 5.4.3), it says that you define this yourself (if need be) in +the same zone files as your "real" IP addresses for your domain. Quoting +the BOG: + + + ... As implied by this PTR + record, there should be a ``localhost.my.dom.ain'' + A record (with address 127.0.0.1) in every domain + that contains hosts. ``localhost.'' will lose its + trailing dot when 1.0.0.127.in-addr.arpa is queried + for;... + +The sample files in the BIND distribution show you what needs to be done +(see the BOG). + +Some HP boxen (especially those running HP OpenView) will also need +"loopback" defined with this IP address. You may set it as a CNAME +record pointing to the "localhost." record. + +----------------------------------------------------------------------------- + +Question 6.5. MX records, CNAMES and A records for MX targets + +Date: Sun Nov 27 23:32:41 EST 1994 + +The O'Reilly "DNS and Bind" book warns against using non-canonical names +in MX records, however, this warning is given in the context of mail hubs +that MX to each other for backup purposes. How does this apply to mail +spokes. RFC 974 has a similar warning, but where is it specifically +prohibited to us an alias in an MX record ? + +Without the restrictions in the RFC, a MTA must request the A records for +every MX listed to determine if it is in the MX list then reduce the list. +This introduces many more lookups than would other wise be required. If +you are behind a 1200 bps link YOU DON'T WANT TO DO THIS. The addresses +associated with CNAMES are not passed as additional data so you will force +additional traffic to result even if you are running a caching server +locally. + +There is also the problem of how does the MTA find all of it's IP +addresses. This is not straight forward. You have to be able to do this is +you allow CNAMEs (or extra A's) as MX targets. + +The letter of the law is that an MX record should point to an A record. + +There is no "real" reason to use CNAMEs for MX targets or separate As for +nameservers any more. CNAMEs for services other than mail should be used +because there is no specified method for locating the desired server yet. + +People don't care what the names of MX targets are. They're invisible to +the process anyway. If you have mail for "mary" redirected to "sue" is +totally irrelevant. Having CNAMEs as the targets of MX's just needlessly +complicates things, and is more work for the resolver. + +Having separate A's for nameservers like "ns.your.domain" is pointless +too, since again nobody cares what the name of your nameserver is, since +that too is invisible to the process. If you move your nameserver from +"mary.your.domain" to "sue.your.domain" nobody need care except you and +your parent domain administrator (and the InterNIC). Even less so for +mail servers, since only you are affected. + +Q: Given the example - + + hello in cname realname + mailx in mx 0 hello + + Now, while reading the operating manual of bind it clearly states + that this is *not* valid. These two statements clearly contradict + each other. Is there some later rfc than 974 that overrides what is + said in there with respect to MX and CNAMEs? Anyone have the + reference handy? + +A: This isn't what the BOG says at all. See below. You can have a CNAME + that points to some other RR type; in fact, all CNAMEs have to point + to other names (Canonical ones, hence the C in CNAME). What you + can't have is an MX that points to a CNAME. MX RR's that point to + names which have only CNAME RR's will not work in many cases, and + RFC 974 intimates that it's a bad idea: + + Note that the algorithm to delete irrelevant RRs breaks if LOCAL has + a alias and the alias is listed in the MX records for REMOTE. (E.g. + REMOTE has an MX of ALIAS, where ALIAS has a CNAME of LOCAL). This + can be avoided if aliases are never used in the data section of MX + RRs. + + Here's the relevant BOG snippet: + + aliases {ttl addr-class CNAME Canonical name + ucbmonet IN CNAME monet + + The Canonical Name resource record, CNAME, speci- + fies an alias or nickname for the official, or + canonical, host name. This record should be the + only one associated with the alias name. All other + resource records should be associated with the + canonical name, not with the nickname. Any + resource records that include a domain name as + their value (e.g., NS or MX) must list the canoni- + cal name, not the nickname. + +----------------------------------------------------------------------------- + +Question 6.6. Can an NS record point to a CNAME ? + +Date: Wed Mar 1 11:14:10 EST 1995 + +Can I do this ? Is it legal ? + + + @ SOA (.........) + NS ns.host.this.domain. + NS second.host.another.domain. + ns CNAME third + third IN A xxx.xxx.xxx.xxx + +No. Only one RR type is allowed to refer, in its data field, to a CNAME, +and that's CNAME itself. So CNAMEs can refer to CNAMEs but NSs and MXs +cannot. + +BIND 4.9.3 (Beta11 and later) explicitly syslogs this case rather than +simply failing as pre-4.9 servers did. Here's a current example: + + Dec 7 00:52:18 gw named[17561]: "foobar.com IN NS" \ + points to a CNAME (foobar.foobar.com) + +Here is the reason why: + +Nameservers are not required to include CNAME records in the Additional +Info section returned after a query. It's partly an implementation +decision and partly a part of the spec. The algorithm described in RFC +1034 (pp24,25; info also in RFC 1035, section 3.3.11, p 18) says 'Put +whatever addresses are available into the additional section, using glue +RRs [if necessary]'. Since NS records are speced to contain only primary +names of hosts, not CNAMEs, then there's no reason for algorithm to +mention them. If, on the other hand, it's decided to allow CNAMEs in NS +records (and indeed in other records) then there's no reason that CNAME +records might not be included along with A records. The Additional Info +section is intended for any information that might be useful but which +isn't strictly the answer to the DNS query processed. It's an +implementation decision in as much as some servers used to follow CNAMEs +in NS references. + +----------------------------------------------------------------------------- + +Question 6.7. Nameserver forgets own A record + +Date: Fri Dec 2 16:17:31 EST 1994 + +Q: Lately, I've been having trouble with named 4.9.2 and 4.9.3. + Periodically, the nameserver will seem to "forget" its own A record, + although the other information stays intact. One theory I had was + that somehow a site that the nameserver was secondary for was + "corrupting" the A record somehow. + +A: This is invariably due to not removing ALL of the cached zones + when you moved to 4.9.X. Remove ALL cached zones and restart + your nameservers. + + You get "ignoreds" because the primaries for the relevant zones are + running old versions of BIND which pass out more glue than is + required. named-xfer trims off this extra glue. + +----------------------------------------------------------------------------- + +Question 6.8. General problems (core dumps !) + +Date: Sun Dec 4 22:21:22 EST 1994 + +Paul Vixie says: + + I'm always interested in hearing about cases where BIND dumps core. + However, I need a stack trace. Compile with -g and not -O (unless + you are using gcc and know what you are doing) and then when it + dumps core, get into dbx or gdb using the executable and the core + file and use "bt" to get a stack trace. Send it to me + <paul@vix.com> along with specific circumstances leading to or + surrounding the crash (test data, tail of the debug log, tail of the + syslog... whatever matters) and ideally you should save your core + dump for a day or so in case I have questions you can answer via + gdb/dbx. + +----------------------------------------------------------------------------- + +Question 6.9. malloc and DECstations + +Date: Mon Jan 2 14:19:22 EST 1995 + +We have replaced malloc on our DECstations with a malloc that is more +compact in memory usage, and this helped the operation of bind a lot. The +source is now available for anonymous ftp from + +ftp.cs.wisc.edu : /pub/misc/malloc.tar.gz + +----------------------------------------------------------------------------- + +Question 6.10. Can't resolve names without a "." + +(Answer written by Mark Andrews) You are not using a RFC 1535 aware +resolver. Depending upon the age of your resolver you could try adding a +search directive to resolv.conf. + + e.g. + domain <domain> + search <domain> [<domain2> ...] + +If that doesn't work you can configure you server to serve the parent and +grandparent domains as this is the default search list. + +"domain langley.af.mil" has an implicit "search langley.af.mil af.mil mil" +in the old resolvers, and you are timing out trying to resolve the +address with one of these domains tacked on. + +When resolving internic.net the following will be tried in order. + internic.net.langley.af.mil + internic.net.af.mil + internic.net.mil + internic.net. + +RFC 1535 aware resolvers try qualified address first. + + internic.net. + internic.net.langley.af.mil + internic.net.af.mil + internic.net.mil +RFC 1535 documents the problems associated with the old search +algorithim, including security issues, and how to alleviate some of the +problems. + +----------------------------------------------------------------------------- + +Question 6.11. Err/TO errors being reported + +Date: Sun May 5 23:46:32 EDT 1996 + +Why are errors like + + Apr 2 20:41:58 nameserver named[25846]: Err/TO getting serial# for + "foobar.domain1.com" + Apr 2 20:41:59 nameserver named[25846]: Err/TO getting serial# for + "foobar.domain2.com" + +reported ? These generally indicate that there is one of the following +problems: + +* A network problem between you and the primary, +* A bad IP address in named.boot, +* The primary is Lame for the zone. + +An external check to see if you can retrieve the SOA is the best way to +work out which it is. + +----------------------------------------------------------------------------- + +Question 6.12. Why does swapping kill BIND ? + +Date: Thu Jul 4 23:20:20 EDT 1996 + +The question was: + + I've been diagnosing a problem with BIND 4.9.x (where x is usually 3BETA9 + or 3REL) for several months now. I finally tracked it down to swap space + utilization on the unix boxes. + + This happens under (at least) under Linux 1.2.9 & 1.2.13, SunOS 4.1.3U1, + 4.1.1, and Solaris 2.5. The symptom is that if these machines get into + swap at all bind quits resolving most, if not all queries. Mind you that + these machines are not "swapping hard", but rather we're talking about a + several hundred K TEMPORARY deficiency. I have noticed while digging + through various archives that there is some referral to "bind thrashing + itself to death". Is this what is happening ? + +And the answer is: + + Yes it is. Bind can't tolerate having even a few pages swapped out. + The time required to send responses climbs to several seconds/request, + and the request queue fills and overflows. + + It's possible to shrink memory consumption a lot by undefining STATS + and XSTATS, and recompiling. You could nuke DEBUG too, which will + cut the code size down some, but probably not the data size. If that + doesn't do the job then it sounds like you'll need to move DNS onto a + separate box. + + BIND tends to touch all of its resident pages all of the time with + normal activity... if you look at the RSS verses the total process + size, you will always see the RSS within, usually, 90% of the total + size of the process. This means that *any* paging of named-owned + pages will stall named. Thus, a machine running a heavily accessed + named process cannot afford to swap *at all*. + + (Paul Vixie continues on this subject): + I plan to try to get BIND to exhibit slightly better locality of + reference in some future release. Of course, I can only do this if + the query names also exhibit some kind of hot spots. If someone + queries all your names often, BIND will have to touch all of its VM + pool that often. (Right now, BIND touches everything pretty often + even if you're just hammering on some hot spots -- that's the part + I'd like to fix. Malloc isn't cooperating.) + +=============================================================================== + +Section 7. ACKNOWLEDGEMENTS + + Q7.1 How is this FAQ generated ? + Q7.2 What formats are available ? + Q7.3 Contributors + +----------------------------------------------------------------------------- + +Question 7.1. How is this FAQ generated ? + +Date: Fri Dec 6 16:51:31 EST 1996 + +This FAQ is maintained in BFNN (Bizzarre Format with No Name). This +allows me to create ASCII, HTML, and GNU info (postscript coming soon) +from one source file. + +The perl script "bfnnconv.pl" that is available with the linux FAQ is used +to generate the various output files from the BFNN source. + +----------------------------------------------------------------------------- + +Question 7.2. What formats are available ? + +Date: Fri Dec 6 16:51:31 EST 1996 + +You may obtain one of the following formats for this document: + +* ASCII: http://www.users.pfmc.net/~cdp/cptd-faq/cptd-faq.ascii +* BFNN: http://www.users.pfmc.net/~cdp/cptd-faq/cptd-faq.bfnn +* GNU info: http://www.users.pfmc.net/~cdp/cptd-faq/cptd-faq.info +* HTML: http://www.users.pfmc.net/~cdp/cptd-faq/index.html + +----------------------------------------------------------------------------- + +Question 7.3. Contributors + +Date: Sat Dec 7 01:29:29 EST 1996 + +Many people have helped put this list together. Listed in e-mail address +alphabetical order, the following people have contributed to this FAQ: + +* <Benoit.Grange@inria.fr> (Benoit.Grange) +* <D.T.Shield@csc.liv.ac.uk> (Dave Shield) +* <Todd.Aven@BankersTrust.Com> +* <adam@comptech.demon.co.uk> (Adam Goodfellow) +* <andras@is.co.za> (Andras Salamon) +* <barmar@nic.near.net> (Barry Margolin) +* <barr@pop.psu.edu> (David Barr) +* <bj@herbison.com> (B.J. Herbison) +* <bje@cbr.fidonet.org> (Ben Elliston) +* <brad@birch.ims.disa.mil> (Brad Knowles) +* <ckd@kei.com> (Christopher Davis) +* <cdp2582@hertz.njit.edu> (Chris Peckham) +* <cricket@hp.com> (Cricket Liu) +* <cudep@csv.warwick.ac.uk> (Ian 'Vato' Dickinson [ID17]) +* <dillon@best.com> (Matthew Dillon) +* <dparter@cs.wisc.edu> (David Parter) +* <e07@nikhef.nl> (Eric Wassenaar) +* <fitz@think.com> (Tom Fitzgerald) +* <fwp@CC.MsState.Edu> (Frank Peters) +* <gah@cco.caltech.edu> (Glen A. Herrmannsfeldt) +* <glenn@popco.com> (Glenn Fleishman) +* <harvey@indyvax.iupui.edu> (James Harvey) +* <hubert@cac.washington.edu> (Steve Hubert) +* <ivanl@pacific.net.sg> (Ivan Leong) +* <jhawk@panix.com> (John Hawkinson) +* <jmalcolm@uunet.uu.net> (Joseph Malcolm) +* <jprovo@augustus.ultra.net> (Joe Provo) +* <kevin@cfc.com> (Kevin Darcy) +* <lamont@abstractsoft.com> (Sean T. Lamont) +* <lavondes@tidtest.total.fr> (Michel Lavondes) +* <mark@ucsalf.ac.uk> (Mark Powell) +* <marka@syd.dms.CSIRO.AU> (Mark Andrews) +* <mathias@unicorn.swi.com.sg> (Mathias Koerber) +* <mjo@iao.ford.com> (Mike O'Connor) +* <nick@flapjack.ieunet.ie> (Nick Hilliard) +* <oppedahl@popserver.panix.com> (Carl Oppedahl) +* <patrick@oes.amdahl.com> (Patrick J. Horgan) +* <paul@software.com> (Paul Wren) +* <pb@fasterix.frmug.fr.net> (Pierre Beyssac) +* <ph10@cus.cam.ac.uk> (Philip Hazel) +* <phil@netpart.com> (Phil Trubey) +* <rocky@panix.com> (R. Bernstein) +* <rv@seins.Informatik.Uni-Dortmund.DE> (Ruediger Volk) +* <shields@tembel.org> (Michael Shields) +* <tanner@george.arc.nasa.gov> (Rob Tanner) +* <vixie@vix.com> (Paul A Vixie) +* <wag@swl.msd.ray.com> (William Gianopoulos {84718) +* <whg@inel.gov> (Bill Gray) +* <wolf@pasteur.fr> (Christophe Wolfhugel) + +Thank you ! + diff --git a/usr.sbin/named/doc/misc/IPv6 b/usr.sbin/named/doc/misc/IPv6 new file mode 100644 index 00000000000..49fc3f5ec37 --- /dev/null +++ b/usr.sbin/named/doc/misc/IPv6 @@ -0,0 +1,72 @@ +IPv6 notes for BIND 4.9.3 Patch 2 Candidate 5 (and later?) +Paul Vixie, May 20, 1996 +doc/misc/IPv6 + + *** Introduction *** + +The IPv6 support in this release is latent, in that its presence is not +documented. The support is not optional, since its presence ought not to +affect anyone who does not go looking for it. The support includes: + + inet_ntop() new function. + inet_pton() new function. + RES_USE_INET6 causes gethostby*() to return either real IPv6 + addresses (if available) or mapped (::FFFF:a.b.c.d) + addresses if only IPv4 address records are found. + gethostbyname() can search for T_AAAA in preference to T_A. + gethostbyaddr() can search in IP6.INT for PTR RR's. + named can load, transfer, cache, and dump T_AAAA RRs. + + *** Some notes on the new functions *** + +The inet_pton() and inet_ntop() functions differ from the current (as of +this writing) IPv6 BSD API draft. Discussions were held, primarily between +myself and Rich Stevens, on the ipng@sunroof.eng.sun.com mailing list, and +the BIND definitions of these functions are likely to go into the next draft. +(If not, and BIND has to change its definitions of these functions, then you +will know why I chose not to document them yet!) + +These functions can return error values, and as such the process of porting +code that used inet_aton() to use inet_pton() is not just syntactic. Not all +nonzero values indicate success; consider "-1". Likewise, inet_ntoa() is not +just smaller than inet_ntop() -- it's a whole new approach. Inet_ntop() does +not return a static pointer, the caller has to supply a sized buffer. Also, +inet_ntop() can return NULL, so you should only printf() the result if you +have verified that your arguments will be seen as error free. + +The inet_pton() function is much pickier about its input format than the old +inet_aton() function has been. You can't abbreviate 10.0.0.53 as 10.53 any +more. Hexadecimal isn't accepted. You have to supply four decimal numeric +strings, each of whose value is within the range from 0 to 255. No spaces +are allowed either before, after, or within an address. If you need the older +functionality with all the shortcuts and exceptions, continue using inet_aton() +for your IPv4 address parsing needs. + + *** Some notes on RES_USE_INET6 *** + +You can set this by modifying _res.options after calling res_init(), or you +can turn it on globally by setting "options inet6" in /etc/resolv.conf. This +latter option ought to be used carefully, since _all_ applications will then +receive IPv6 style h_addr_list's from their gethostby*() calls. Once you know +that every application on your system can cope with IPv6 addressing, it is safe +and reasonable to turn on the global option. Otherwise, don't do it. + + *** Some notes on mapped IPv4 addresses *** + +There are two IPv6 prefixes set aside for IPv4 address encapsulation. See +RFC 1884 for a detailed explaination. The ::a.b.c.d form is used for +tunnelling, which means wrapping an IPv4 header around IPv6 packets and using +the existing IPv4 routing infrastructure to reach what are actually IPv6 +endpoints. The ::FFFF:a.b.c.d form can be used on dual-stack (IPv4 and IPv6) +hosts to signal a predominantly IPv6 stack that it should use ``native'' IPv4 +to reach a given destination, even though the socket's address family is +AF_INET6. + +BIND supports both of these address forms, to the extent that inet_pton() will +parse them, inet_ntop() will generate them, gethostby*() will map IPv4 into +IPv6 if the RES_USE_INET6 option is set, and gethostbyaddr() will search the +IN-ADDR.ARPA domain rather than the IP6.INT domain when it needs a PTR RR. +This last bit of behaviour is still under discussion and it's not clear that +tunnelled addresses should be mapped using IN-ADDR.ARPA. In other words, this +bit of behaviour may change in a subsequent BIND release. So now you know +another reason why none of this stuff is ``officially'' documented. diff --git a/usr.sbin/named/doc/misc/dns-setup b/usr.sbin/named/doc/misc/dns-setup new file mode 100644 index 00000000000..19f0197f7e8 --- /dev/null +++ b/usr.sbin/named/doc/misc/dns-setup @@ -0,0 +1,1081 @@ + Setting up a basic DNS server for a domain + Revision 1.1.1 + + Craig Richmond + craig@ecel.uwa.edu.au + 15th August 1993 + + +About this document + +I have written this file because it seems that the same questions seem to +pop up time and time again and when I had to install DNS from scratch the +first time, we found very little to help us. + +This document covers setting up a Domain Name Server with authority over +your domain and using a few of the more useful but less well known +(hopefully this document will take care of that) features of nslookup to +get information about the DNS and to work out why yours isn't working. + +If you are using a Sun Workstation and you want to make NIS interact with +the DNS, then this is not the FAQ for you (but it may well be when you try +to set up the DNS). Mark J. McIntosh <Mark.McIntosh@engr.UVic.CA> points +out that it is included in the comp.sys.sun.admin FAQ and for the benefit +of those of you who can't get that (it is posted in comp.sys.sun.admin, +comp.sys.sun.misc, comp.unix.solaris, comp.answers and news.answers) I have +included the relevant parts at the bottom in appendix C. + +Contents: + + Contents + An Overview of the DNS + Installing the DNS + *The Boot File + *The Cache File + *The Forward Mapping File + *The Reverse Mapping File + Delegating authority for domains within your domain + Troubleshooting your named + *Named doesn't work! What is wrong? + *I changed my named database and my local machine has noticed, + but nobody else has the new information? + *My local machine knows about all the name server information, + but no other sites know about me? + *My forward domain names work, but the backward names do not? + How to get useful information from nslookup + *Getting number to name mappings. + *Finding where mail goes when a machine has no IP number. + *Getting a list of machines in a domain from nslookup. + Appendicies + *Appendix A sample root.cache file + *Appendix B Excerpt from RFC 1340 - Assigned Numbers - July 1992 + *Appendix C Installing DNS on a Sun when running NIS + + +An Overview of the DNS: + +The Domain Name System is the software that lets you have name to number +mappings on your computers. The name decel.ecel.uwa.edu.au is the number +130.95.4.2 and vice versa. This is achieved through the DNS. The DNS is a +heirarchy. There are a small number of root domain name servers that are +responsible for tracking the top level domains and who is under them. The +root domain servers between them know about all the people who have name +servers that are authoritive for domains under the root. + +Being authoritive means that if a server is asked about something in that +domain, it can say with no ambiguity whether or not a given piece of +information is true. For example. We have domains x.z and y.z. There are +by definition authoritive name servers for both of these domains and we +shall assume that the name server in both of these cases is a machine +called nic.x.z and nic.y.z but that really makes no difference. + +If someone asks nic.x.z whether there is a machine called a.x.z, then +nic.x.z can authoritively say, yes or no because it is the authoritive name +server for that domain. If someone asks nic.x.z whether there is a machine +called a.y.z then nic.x.z asks nic.y.z whether such a machine exists (and +caches this for future requests). It asks nic.y.z because nic.y.z is the +authoritive name server for the domain y.z. The information about +authoritive name servers is stored in the DNS itself and as long as you +have a pointer to a name server who is more knowledgable than yourself then +you are set. + +When a change is made, it propogates slowly out through the internet to +eventually reach all machines. The following was supplied by Mark Andrews +Mark.Andrews@syd.dms.csiro.au. + + If both the primary and all secondaries are up and talking when + a zone update occurs and for the refresh period after the + update the old data will live for max(refresh + mininum) + average (refresh/2 +mininum) for the zone. New information will + be available from all servers after refresh. + +So with a refresh of 3 hours and a minimum of a day, you can expect +everything to be working a day after it is changed. If you have a longer +minimum, it may take a couple of days before things return to normal. + +There is also a difference between a zone and a domain. The domain is the +entire set of machines that are contained within an organisational domain +name. For example, the domain uwa.edu.au contains all the machines at the +University of Western Australia. A Zone is the area of the DNS for which a +server is responsible. The University of Western Australia is a large +organisation and trying to track all changes to machines at a central +location would be difficult. The authoritive name server for the zone +uwa.edu.au delegates the authority for the zone ecel.uwa.edu.au to +decel.ecel.uwa.edu.au. Machine foo.ecel.uwa.edu.au is in the zone that +decel is authoritive for. Machine bar.uwa.edu.au is in the zone that +uniwa.uwa.edu.au is authoritive for. + +Installing the DNS: + +First I'll assume you already have a copy of the Domain Name Server +software. It is probably called named or in.named depending on your +flavour of unix. I never had to get a copy, but if anyone thinks that +information should be here then by all means tell me and I'll put it in. +If you intend on using the package called Bind, then you should be sure +that you get version 4.9, which is the most recent version at this point in +time. + +The Boot File: + +First step is to create the file named.boot. This describes to named +(we'll dispense with the in.named. Take them to be the same) where the +information that it requires can be found. This file is normally found in +/etc/named.boot and I personally tend to leave it there because then I know +where to find it. If you don't want to leave it there but place it in a +directory with the rest of your named files, then there is usually an +option on named to specify the location of the boot file. + +Your typical boot file will look like this if you are an unimportant leaf +node and there are other name servers at your site. + +directory /etc/namedfiles + +cache . root.cache +primary ecel.uwa.edu.au ecel.uwa.domain +primary 0.0.127.in-addr.arpa 0.0.127.domain +primary 4.95.130.in-addr.arpa 4.95.130.domain +forwarders 130.95.128.1 + +Here is an alternative layout used by Christophe Wolfhugel +<Christophe.Wolfhugel@grasp.insa-lyon.fr> He finds this easier because of +the large number of domains he has. The structure is essentially the same, +but the file names use the domain name rather than the IP subnet to +describe the contents. + +directory /usr/local/etc/bind +cache . p/root +; +; Primary servers +; +primary fr.net p/fr.net +primary frmug.fr.net p/frmug.fr.net +primary 127.in-addr.arpa p/127 +; +; Secondary servers +; +secondary ensta.fr 147.250.1.1 s/ensta.fr +secondary gatelink.fr.net 134.214.100.1 s/gatelink.fr.net +secondary insa-lyon.fr 134.214.100.1 s/insa-lyon.fr +secondary loesje.org 145.18.226.21 s/loesje.org +secondary nl.loesje.org 145.18.226.21 s/nl.loesje.org +secondary pcl.ac.uk 161.74.160.5 s/pcl.ac.uk +secondary univ-lyon1.fr 134.214.100.1 s/univ-lyon1.fr +secondary wmin.ac.uk 161.74.160.5 s/wmin.ac.uk +secondary westminster.ac.uk 161.74.160.5 s/westminster.ac.uk +; +; +; Secondary for addresses +; +secondary 74.161.in-addr.arpa 161.74.160.5 s/161.74 +secondary 214.134.in-addr.arpa 134.214.100.1 s/134.214 +secondary 250.147.in-addr.arpa 147.250.1.1 s/147.250 +; +; Classes C +; +secondary 56.44.192.in-addr.arpa 147.250.1.1 s/192.44.56 +secondary 57.44.192.in-addr.arpa 147.250.1.1 s/192.44.57 + +The lines in the named.boot file have the following meanings. + +directory + +This is the path that named will place in front of all file names +referenced from here on. If no directory is specified, it looks for files +relative to /etc. + +cache + +This is the information that named uses to get started. Named must know +the IP number of some other name servers at least to get started. +Information in the cache is treated differently depending on your version +of named. Some versions of named use the information included in the cache +permenantly and others retain but ignore the cache information once up and +running. + +primary + +This is one of the domains for which this machine is authorative for. You +put the entire domain name in. You need forwards and reverse lookups. The +first value is the domain to append to every name included in that file. +(There are some exceptions, but they will be explained later) The name at +the end of the line is the name of the file (relative to /etc of the +directory if you specified one). The filename can have slashes in it to +refer to subdirectories so if you have a lot of domains you may want to +split it up. + +BE VERY CAREFUL TO PUT THE NUMBERS BACK TO FRONT FOR THE REVERSE LOOK UP +FILE. The example given above is for the subnet ecel.uwa.edu.au whose IP +address is 130.95.4.*. The reverse name must be 4.95.130.in-addr.arpa. +It must be backwards and it must end with .in-addr.arpa. If your reverse +name lookups don't work, check this. If they still don't work, check this +again. + +forwarders + +This is a list of IP numbers for forward requests for sites about which we +are unsure. A good choice here is the name server which is authoritive for +the zone above you. + +secondary (This line is not in the example, but is worth mentioning.) + +A secondary line indicates that you wish to be a secondary name server for +this domain. You do not need to do this usually. All it does is help make +the DNS more robust. You should have at least one secondary server for +your site, but you do not need to be a secondary server for anyone else. +You can by all means, but you don't need to be. If you want to be a +secondary server for another domain, then place the line + +secondary gu.uwa.edu.au 130.95.100.3 130.95.128.1 + +in your named.boot. This will make your named try the servers on both of +the machines specified to see if it can obtain the information about those +domains. You can specify a number of IP addresses for the machines to +query that probably depends on your machine. Your copy of named will upon +startup go and query all the information it can get about the domain in +question and remember it and act as though it were authoritive for that +domain. + +Next you will want to start creating the data files that contain the name +definitions. + +The cache file: + +You can get a copy of the cache file from FTP.RS.INTERNIC.NET. The current +copy can be found in Appendix A. + +The Forward Mapping file: +The file ecel.uwa.edu.au. will be used for the example with a couple of +machines left in for the purpose of the exercise. Here is a copy of what +the file looks like with explanations following. + +; Authoritative data for ecel.uwa.edu.au +; +@ IN SOA decel.ecel.uwa.edu.au. postmaster.ecel.uwa.edu.au. ( + 93071200 ; Serial (yymmddxx) + 10800 ; Refresh 3 hours + 3600 ; Retry 1 hour + 3600000 ; Expire 1000 hours + 86400 ) ; Minimum 24 hours + IN A 130.95.4.2 + IN MX 100 decel + IN MX 150 uniwa.uwa.edu.au. + IN MX 200 relay1.uu.net. + IN MX 200 relay2.uu.net. + +localhost IN A 127.0.0.1 + +decel IN A 130.95.4.2 + IN HINFO SUN4/110 UNIX + IN MX 100 decel + IN MX 150 uniwa.uwa.edu.au. + IN MX 200 relay1.uu.net + IN MX 200 relay2.uu.net + +gopher IN CNAME decel.ecel.uwa.edu.au. + +accfin IN A 130.95.4.3 + IN HINFO SUN4/110 UNIX + IN MX 100 decel + IN MX 150 uniwa.uwa.edu.au. + IN MX 200 relay1.uu.net + IN MX 200 relay2.uu.net + +chris-mac IN A 130.95.4.5 + IN HINFO MAC-II MACOS + +The comment character is ';' so the first two lines are just comments +indicating the contents of the file. + +All values from here on have IN in them. This indicates that the value is +an InterNet record. There are a couple of other types, but all you need +concern yourself with is internet ones. + +The SOA record is the Start Of Authority record. It contains the +information that other nameservers will learn about this domain and how to +treat the information they are given about it. The '@' as the first +character in the line indicates that you wish to define things about the +domain for which this file is responsible. The domain name is found in the +named.boot file in the corresponding line to this filename. All +information listed refers to the most recent machine/domain name so all +records from the '@' until 'localhost' refer to the '@'. The SOA record +has 5 magic numbers. First magic number is the serial number. If you +change the file, change the serial number. If you don't, no other name +servers will update their information. The old information will sit around +for a very long time. + +Refresh is the time between refreshing information about the SOA (correct +me if I am wrong). Retry is the frequency of retrying if an authorative +server cannot be contacted. Expire is how long a secondary name server +will keep information about a zone without successfully updating it or +confirming that the data is up to date. This is to help the information +withstand fairly lengthy downtimes of machines or connections in the +network without having to recollect all the information. Minimum is the +default time to live value handed out by a nameserver for all records in +a zone without an explicit TTL value. This is how long the data will live +after being handed out. The two pieces of information before the 5 magic +numbers are the machine that is considered the origin of all of this +information. Generally the machine that is running your named is a good +one for here. The second is an email address for someone who can fix any +problems that may occur with the DNS. Good ones here are postmaster, +hostmaster or root. NOTE: You use dots and not '@' for the email address. + +eg root.decel.ecel.uwa.edu.au is correct + and + root@decel.ecel.uwa.edu.au is incorrect. + +We now have an address to map ecel.uwa.edu.au to. The address is +130.95.4.2 which happens to be decel, our main machine. If you try to find +an IP number for the domain ecel.uwa.edu.au it will get you the machine +decel.ecel.uwa.edu.au's IP number. This is a nicety which means that +people who have non-MX record mailers can still mail fred@ecel.uwa.edu.au +and don't have to find the name of a machine name under the domain to mail. + +Now we have a couple of MX records for the domain itself. The MX records +specify where to send mail destined for the machine/domain that the MX +record is for. In this case we would prefer if all mail for +fred@ecel.uwa.edu.au is sent to decel.ecel.uwa.edu.au. If that does not +work, we would like it to go to uniwa.uwa.edu.au because there are a number +of machines that might have no idea how to get to us, but may be able to get +to uniwa. And failing that, try the site relay1.uu.net. A small number +indicates that this site should be tried first. The larget the number the +further down the list of sites to try the site is. NOTE: Not all machines +have mailers that pay attention to MX records. Some only pay attention to +IP numbers, which is really stupid. All machines are required to have +MX-capable Mail Transfer Agents (MTA) as there are many addresses that can +only be reached via this means. + +There is an entry for localhost now. Note that this is somewhat of a +kludge and should probably be handled far more elegantly. By placing +localhost here, a machine comes into existance called +localhost.ecel.uwa.edu.au. If you finger it, or telnet to it, you get your +own machine, because the name lookup returns 127.0.0.1 which is the special +case for your own machine. I have used a couple of different DNS packages. +The old BSD one let you put things into the cache which would always work, +but would not be exported to other nameservers. In the newer Sun one, they +are left in the cache and are mostly ignored once named is up and running. +This isn't a bad solution, its just not a good one. + +Decel is the main machine in our domain. It has the IP number 130.95.4.2 +and that is what this next line shows. It also has a HINFO entry. HINFO +is Host Info which is meant to be some sort of an indication of what the +machine is and what it runs. The values are two white space seperated +values. First being the hardware and second being the software. HINFO is +not compulsory, its just nice to have sometimes. We also have some MX +records so that mail destined for decel has some other avenues before it +bounces back to the sender if undeliverable. + +It is a good idea to give all machines capable of handling mail an MX +record because this can be cached on remote machines and will help to +reduce the load on the network. + +gopher.ecel.uwa.edu.au is the gopher server in our division. Now because +we are cheapskates and don't want to go and splurge on a seperate machine +just for handling gopher requests we have made it a CNAME to our main +machine. While it may seem pointless it does have one main advantage. +When we discover that our placing terrabytes of popular quicktime movies +on our gopher server (no we haven't and we don't intend to) causes an +unbearable load on our main machine, we can quickly move the CNAME to +point at a new machine by changing the name mentioned in the CNAME. Then +the slime of the world can continue to get their essential movies with a +minimal interuption to the network. Other good CNAMEs to maintain are +things like ftp, mailhost, netfind, archie, whois, and even dns (though the +most obvious use for this fails). It also makes it easier for people to +find these services in your domain. + +We should probably start using WKS records for things like gopher and whois +rather than making DNS names for them. The tools are not in wide +circulation for this to work though. (Plus all those comments in many DNS +implementation of "Not implemented" next to the WKS record) + +Finally we have a macintosh which belongs to my boss. All it needs is an +IP number, and we have included the HINFO so that you can see that it is in +fact a macII running a Mac System. To get the list of preferred values, +you should get a copy of RFC 1340. It lists lots of useful information +such as /etc/services values, ethernet manufacturer hardware addresses, +HINFO defualts and many others. I will include the list as it stands at +the moment, but if any RFC superceeds 1340, then it will have a more +complete list. See Appendix B for that list. + +NOTE: If Chris had a very high profile and wanted his mac to appear like a +fully connected unix machine as far as internet services were concerned, he +could simply place an MX record such as + + IN MX 100 decel + +after his machine and any mail sent to chris@chris-mac.ecel.uwa.edu.au +would be automatically rerouted to decel. + +The Reverse Mapping File + +The reverse name lookup is handled in a most bizarre fashion. Well it all +makes sense, but it is not immediately obvious. + +All of the reverse name lookups are done by finding the PTR record +associated with the name w.x.y.z.in-addr.arpa. So to find the name +associated with the IP number 1.2.3.4, we look for information stored in +the DNS under the name 4.3.2.1.in-addr.arpa. They are organised this way +so that when you are allocated a B class subnet for example, you get all of +the IP numbers in the domain 130.95. Now to turn that into a reverse name +lookup domain, you have to invert the numbers or your registered domains +will be spread all over the place. It is a mess and you need not understand +the finer points of it all. All you need to know is that you put the +reverse name lookup files back to front. + +Here is the sample reverse name lookup files to go with our example. + +0.0.127.in-addr.arpa +-- +; Reverse mapping of domain names 0.0.127.in-addr.arpa +; Nobody pays attention to this, it is only so 127.0.0.1 -> localhost. +@ IN SOA decel.ecel.uwa.edu.au. postmaster.ecel.uwa.edu.au. ( + 91061801 ; Serial (yymmddxx) + 10800 ; Refresh 3 hours + 3600 ; Retry 1 hour + 3600000 ; Expire 1000 hours + 86400 ) ; Minimum 24 hours +; +1 IN PTR localhost.ecel.uwa.edu.au. +-- + +4.95.130.in-addr.arpa +-- +; reverse mapping of domain names 4.95.130.in-addr.arpa +; +@ IN SOA decel.ecel.uwa.edu.au. postmaster.ecel.uwa.edu.au. ( + 92050300 ; Serial (yymmddxx format) + 10800 ; Refresh 3hHours + 3600 ; Retry 1 hour + 3600000 ; Expire 1000 hours + 86400 ) ; Minimum 24 hours +2 IN PTR decel.ecel.uwa.edu.au. +3 IN PTR accfin.ecel.uwa.edu.au. +5 IN PTR chris-mac.ecel.uwa.edu.au. +-- + +It is important to remember that you must have a second start of authority +record for the reverse name lookups. Each reverse name lookup file must +have its own SOA record. The reverse name lookup on the 127 domain is +debatable seeing as there is likely to be only one number in the file and +it is blatantly obvious what it is going to map to. + +The SOA details are the same as in the forward mapping. + +Each of the numbers listed down the left hand side indicates that the line +contains information for that number of the subnet. Each of the subnets +must be the more significant digits. eg the 130.95.4 of an IP number +130.95.4.2 is implicit for all numbers mentioned in the file. + +The PTR must point to a machine that can be found in the DNS. If the name +is not in the DNS, some versions of named just bomb out at this point. + +Reverse name lookups are not compulsory, but nice to have. It means that +when people log into machines, they get names indicating where they are +logged in from. It makes it easier for you to spot things that are wrong +and it is far less cryptic than having lots of numbers everywhere. Also if +you do not have a name for your machine, some brain dead protocols such as +talk will not allow you to connect. + +Since I had this I had one suggestion of an alternative way to do the +localhost entry. I think it is a matter of personal opinion so I'll +include it here in case anyone things that this is a more appropriate +method. + +The following is courtesy of jep@convex.nl (JEP de Bie) + + The way I did it was: + + 1) add in /etc/named.boot: + + primary . localhost + primary 127.in-addr.ARPA. IP127 + +(Craig: It has been suggested by Mark Andrews that this is a bad practice + particularly if you have upgraded to Bind 4.9. You also run the risk of + polluting the root name servers. This comes down to a battle of idealogy + and practicality. Think twice before declaring yourself authorative for + the root domain.) + + So I not only declare myself (falsely? - probably, but nobody is going to + listen anyway most likely [CPR]:-) athorative in the 127.in-addr.ARPA domain + but also in the . (root) domain. + + 2) the file localhost has: + + $ORIGIN . + localhost IN A 127.0.0.1 + + 3) and the file IP127: + + $ORIGIN 127.in-addr.ARPA. + 1.0.0 IN PTR localhost. + + 4) and I have in my own domain file (convex.nl) the line: + + $ORIGIN convex.nl. + localhost IN CNAME localhost. + + The advantage (elegancy?) is that a query (A) of localhost. gives the + reverse of the query of 1.0.0.127.in-addr.ARPA. And it also shows that + localhost.convex.nl is only a nickname to something more absolute. + (While the notion of localhost is of course relative :-)). + + And I also think there is a subtle difference between the lines + + primary 127.in-addr.ARPA. IP127 + and + primary 0.0.127.in-addr.ARPA. 4.95.130.domain + ============= + JEP de Bie + jep@convex.nl + ============= + + + +Delegating authority for domains within your domain: + +When you start having a very big domain that can be broken into logical and +seperate entities that can look after their own DNS information, you will +probably want to do this. Maintain a central area for the things that +everyone needs to see and delegate the authority for the other parts of the +organisation so that they can manage themselves. + +Another essential piece of information is that every domain that exists +must have it NS records associated with it. These NS records denote the +name servers that are queried for information about that zone. For your +zone to be recognised by the outside world, the server responsible for the +zone above you must have created a NS record for your machine in your +domain. For example, putting the computer club onto the network and giving +them control over their own part of the domain space we have the following. + +The machine authorative for gu.uwa.edu.au is mackerel and the machine +authorative for ucc.gu.uwa.edu.au is marlin. + +in mackerel's data for gu.uwa.edu.au we have the following + +@ IN SOA ... + IN A 130.95.100.3 + IN MX mackerel.gu.uwa.edu.au. + IN MX uniwa.uwa.edu.au. + +marlin IN A 130.95.100.4 + +ucc IN NS marlin.gu.uwa.edu.au. + IN NS mackerel.gu.uwa.edu.au. + +Marlin is also given an IP in our domain as a convenience. If they blow up +their name serving there is less that can go wrong because people can still +see that machine which is a start. You could place "marlin.ucc" in the +first column and leave the machine totally inside the ucc domain as well. + +The second NS line is because mackerel will be acting as secondary name +server for the ucc.gu domain. Do not include this line if you are not +authorative for the information included in the sub-domain. + + +Troubleshooting your named: + +Named doesn't work! What is wrong? + +Step 1: Run nslookup and see what nameserver it tries to connect you to. +If nslookup connects you to the wrong nameserver, create a /etc/resolv.conf +file that points your machine at the correct nameserver. If there is no +resolv.conf file, the the resolver uses the nameserver on the local +machine. + +Step 2: Make sure that named is actually running. + +Step 3: Restart named and see if you get any error messages on the +console and in also check /usr/adm/messages. + +Step 4: If named is running, nslookup connects to the appropriate +nameserver and nslookup can answer simple questions, but other programs +such as 'ping' do not work with names, then you need to install resolv+ +most likely. + + +I changed my named database and my local machine has noticed, but nobody +else has the new information? + +Change the serial number in the SOA for any domains that you modified and +restart named. Wait an hour and check again. The information propogates +out. It won't change immediately. + + +My local machine knows about all the name server information, but no other +sites know about me? + +Find an upstream nameserver (one that has an SOA for something in your +domain) and ask them to be a secondary name server for you. eg if you are +ecel.uwa.edu.au, ask someone who has an SOA for the domain uwa.edu.au. +Get NS records (and glue) added to your parent zone for your zone. This is +called delegating. It should be done formally like this or you will get +inconsistant answers out of the DNS. ALL NAMSERVERS FOR YOUR ZONE SHOULD +BE LISTED IN THIS MANNER. + + +My forward domain names work, but the backward names do not? + +Make sure the numbers are back to front and have the in-addr.arpa on the +end. +Make sure you reverse zone is registered. For Class C nets this can be done +by mailing to hostmaster@internic.net. For class A & B nets make sure that +you are registeres with the primary for your net and that the net itself +is registered with hostmaster@internic.net. + + +How to get useful information from nslookup: + +Nslookup is a very useful program but I'm sure there are less than 20 +people worldwide who know how to use it to its full usefulness. I'm most +certainly not one of them. If you don't like using nslookup, there is at +least one other program called dig, that has most/all(?) of the +functionality of nslookup and is a hell of a lot easier to use. + +I won't go into dig much here except to say that it is a lot easier to get +this information out of. I won't bother because nslookup ships with almost +all machines that come with network software. + +To run nslookup, you usually just type nslookup. It will tell you the +server it connects to. You can specify a different server if you want. +This is useful when you want to tell if your named information is +consistent with other servers. + +Getting name to number mappings. + +Type the name of the machine. Typing 'decel' is enough if the machine is +local. + +(Once you have run nslookup successfully) +> decel +Server: ecel.uwa.edu.au +Address: 130.95.4.2 + +Name: decel.ecel.uwa.edu.au +Address: 130.95.4.2 + +> + +One curious quirk of some name resolvers is that if you type a +machine name, they will try a number of permutations. For example if my +machine is in the domain ecel.uwa.edu.au and I try to find a machine +called fred, the resolver will try the following. + + fred.ecel.uwa.edu.au. + fred.uwa.edu.au. + fred.edu.au. + fred.au. + fred. + +This can be useful, but more often than not, you would simply prefer a good +way to make aliases for machines that are commonly referenced. If you are +running resolv+, you should just be able to put common machines into the +host file. + +DIG: dig <machine name> + +Getting number to name mappings. + +Nslookup defaults to finding you the Address of the name specified. For +reverse lookups you already have the address and you want to find the +name that goes with it. If you read and understood the bit above where it +describes how to create the number to name mapping file, you would guess +that you need to find the PTR record instead of the A record. So you do +the following. + +> set type=ptr +> 2.4.95.130.in-addr.arpa +Server: decel.ecel.uwa.edu.au +Address: 130.95.4.2 + +2.4.95.130.in-addr.arpa host name = decel.ecel.uwa.edu.au +> + +nslookup tells you that the ptr for the machine name +2.4.95.130.in-addr.arpa points to the host decel.ecel.uwa.edu.au. + +DIG: dig -x <machine number> + +Finding where mail goes when a machine has no IP number. + +When a machine is not IP connected, it needs to specify to the world, where +to send the mail so that it can dial up and collect it every now and then. +This is accomplished by setting up an MX record for the site and not giving +it an IP number. To get the information out of nslookup as to where the +mail goes, do the following. + +> set type=mx +> dialix.oz.au +Server: decel.ecel.uwa.oz.au +Address: 130.95.4.2 + +Non-authoritative answer: +dialix.oz.au preference = 100, mail exchanger = uniwa.uwa.OZ.AU +dialix.oz.au preference = 200, mail exchanger = munnari.OZ.AU +Authoritative answers can be found from: +uniwa.uwa.OZ.AU inet address = 130.95.128.1 +munnari.OZ.AU inet address = 128.250.1.21 +munnari.OZ.AU inet address = 192.43.207.1 +mulga.cs.mu.OZ.AU inet address = 128.250.35.21 +mulga.cs.mu.OZ.AU inet address = 192.43.207.2 +dmssyd.syd.dms.CSIRO.AU inet address = 130.155.16.1 +ns.UU.NET inet address = 137.39.1.3 + +You tell nslookup that you want to search for mx records and then you give +it the name of the machine. It tells you the preference for the mail +(small means more preferable), and who the mail should be sent to. It also +includes sites that are authorative (have this name in their named database +files) for this MX record. There are multiple sites as a backup. As can +be seen, our local public internet access company dialix would like all of +their mail to be sent to uniwa, where they collect it from. If uniwa is +not up, send it to munnari and munnari will get it to uniwa eventually. + +NOTE: For historical reasons Australia used to be .oz which was changed to +.oz.au to move to the ISO standard extensions upon the advent of IP. We +are now moving to a more normal heirarchy which is where the .edu.au comes +from. Pity, I liked having oz. + +DIG: dig <zone> mx + +Getting a list of machines in a domain from nslookup. + +Find a server that is authorative for the domain or just generally all +knowing. To find a good server, find all the soa records for a given +domain. To do this, you set type=soa and enter the domain just like in the +two previous examples. + +Once you have a server type + +> ls gu.uwa.edu.au. +[uniwa.uwa.edu.au] +Host or domain name Internet address + gu server = mackerel.gu.uwa.edu.au + gu server = uniwa.uwa.edu.au + gu 130.95.100.3 + snuffle-upagus 130.95.100.131 + mullet 130.95.100.2 + mackerel 130.95.100.3 + marlin 130.95.100.4 + gugate 130.95.100.1 + gugate 130.95.100.129 + helpdesk 130.95.100.180 + lan 130.95.100.0 + big-bird 130.95.100.130 + +To get a list of all the machines in the domain. + +If you wanted to find a list of all of the MX records for the domain, you +can put a -m flag in the ls command. + +> ls -m gu.uwa.edu.au. +[uniwa.uwa.edu.au] +Host or domain name Metric Host + gu 100 mackerel.gu.uwa.edu.au + gu 200 uniwa.uwa.edu.au + +This only works for a limited selection of the different types. + +DIG: dig axfr <zone> @<server> + + + +Appendix A + + +; +; This file holds the information on root name servers needed to +; initialize cache of Internet domain name servers +; (e.g. reference this file in the "cache . <file>" +; configuration file of BIND domain name servers). +; +; This file is made available by InterNIC registration services +; under anonymous FTP as +; file /domain/named.root +; on server FTP.RS.INTERNIC.NET +; -OR- under Gopher at RS.INTERNIC.NET +; under menu InterNIC Registration Services (NSI) +; submenu InterNIC Registration Archives +; file named.root +; +; last update: April 21, 1993 +; related version of root zone: 930421 +; +. 99999999 IN NS NS.INTERNIC.NET. +NS.INTERNIC.NET. 99999999 A 198.41.0.4 +. 99999999 NS KAVA.NISC.SRI.COM. +KAVA.NISC.SRI.COM. 99999999 A 192.33.33.24 +. 99999999 NS C.NYSER.NET. +C.NYSER.NET. 99999999 A 192.33.4.12 +. 99999999 NS TERP.UMD.EDU. +TERP.UMD.EDU. 99999999 A 128.8.10.90 +. 99999999 NS NS.NASA.GOV. +NS.NASA.GOV. 99999999 A 128.102.16.10 + 99999999 A 192.52.195.10 +. 99999999 NS NS.NIC.DDN.MIL. +NS.NIC.DDN.MIL. 99999999 A 192.112.36.4 +. 99999999 NS AOS.ARL.ARMY.MIL. +AOS.ARL.ARMY.MIL. 99999999 A 128.63.4.82 + 99999999 A 192.5.25.82 +. 99999999 NS NIC.NORDU.NET. +NIC.NORDU.NET. 99999999 A 192.36.148.17 +; End of File + + +Appendix B + +An Excerpt from +RFC 1340 Assigned Numbers July 1992 + + + MACHINE NAMES + + These are the Official Machine Names as they appear in the Domain Name + System HINFO records and the NIC Host Table. Their use is described in + RFC-952 [53]. + + A machine name or CPU type may be up to 40 characters taken from the + set of uppercase letters, digits, and the two punctuation characters + hyphen and slash. It must start with a letter, and end with a letter + or digit. + + ALTO DEC-1080 + ALTOS-6800 DEC-1090 + AMDAHL-V7 DEC-1090B + APOLLO DEC-1090T + ATARI-104ST DEC-2020T + ATT-3B1 DEC-2040 + ATT-3B2 DEC-2040T + ATT-3B20 DEC-2050T + ATT-7300 DEC-2060 + BBN-C/60 DEC-2060T + BURROUGHS-B/29 DEC-2065 + BURROUGHS-B/4800 DEC-FALCON + BUTTERFLY DEC-KS10 + C/30 DEC-VAX-11730 + C/70 DORADO + CADLINC DPS8/70M + CADR ELXSI-6400 + CDC-170 EVEREX-386 + CDC-170/750 FOONLY-F2 + CDC-173 FOONLY-F3 + CELERITY-1200 FOONLY-F4 + CLUB-386 GOULD + COMPAQ-386/20 GOULD-6050 + COMTEN-3690 GOULD-6080 + CP8040 GOULD-9050 + CRAY-1 GOULD-9080 + CRAY-X/MP H-316 + CRAY-2 H-60/68 + CTIWS-117 H-68 + DANDELION H-68/80 + DEC-10 H-89 + DEC-1050 HONEYWELL-DPS-6 + DEC-1077 HONEYWELL-DPS-8/70 + HP3000 ONYX-Z8000 + HP3000/64 PDP-11 + IBM-158 PDP-11/3 + IBM-360/67 PDP-11/23 + IBM-370/3033 PDP-11/24 + IBM-3081 PDP-11/34 + IBM-3084QX PDP-11/40 + IBM-3101 PDP-11/44 + IBM-4331 PDP-11/45 + IBM-4341 PDP-11/50 + IBM-4361 PDP-11/70 + IBM-4381 PDP-11/73 + IBM-4956 PE-7/32 + IBM-6152 PE-3205 + IBM-PC PERQ + IBM-PC/AT PLEXUS-P/60 + IBM-PC/RT PLI + IBM-PC/XT PLURIBUS + IBM-SERIES/1 PRIME-2350 + IMAGEN PRIME-2450 + IMAGEN-8/300 PRIME-2755 + IMSAI PRIME-9655 + INTEGRATED-SOLUTIONS PRIME-9755 + INTEGRATED-SOLUTIONS-68K PRIME-9955II + INTEGRATED-SOLUTIONS-CREATOR PRIME-2250 + INTEGRATED-SOLUTIONS-CREATOR-8 PRIME-2655 + INTEL-386 PRIME-9955 + INTEL-IPSC PRIME-9950 + IS-1 PRIME-9650 + IS-68010 PRIME-9750 + LMI PRIME-2250 + LSI-11 PRIME-750 + LSI-11/2 PRIME-850 + LSI-11/23 PRIME-550II + LSI-11/73 PYRAMID-90 + M68000 PYRAMID-90MX + MAC-II PYRAMID-90X + MASSCOMP RIDGE + MC500 RIDGE-32 + MC68000 RIDGE-32C + MICROPORT ROLM-1666 + MICROVAX S1-MKIIA + MICROVAX-I SMI + MV/8000 SEQUENT-BALANCE-8000 + NAS3-5 SIEMENS + NCR-COMTEN-3690 SILICON-GRAPHICS + NEXT/N1000-316 SILICON-GRAPHICS-IRIS + NOW SGI-IRIS-2400 + SGI-IRIS-2500 SUN-3/50 + SGI-IRIS-3010 SUN-3/60 + SGI-IRIS-3020 SUN-3/75 + SGI-IRIS-3030 SUN-3/80 + SGI-IRIS-3110 SUN-3/110 + SGI-IRIS-3115 SUN-3/140 + SGI-IRIS-3120 SUN-3/150 + SGI-IRIS-3130 SUN-3/160 + SGI-IRIS-4D/20 SUN-3/180 + SGI-IRIS-4D/20G SUN-3/200 + SGI-IRIS-4D/25 SUN-3/260 + SGI-IRIS-4D/25G SUN-3/280 + SGI-IRIS-4D/25S SUN-3/470 + SGI-IRIS-4D/50 SUN-3/480 + SGI-IRIS-4D/50G SUN-4/60 + SGI-IRIS-4D/50GT SUN-4/110 + SGI-IRIS-4D/60 SUN-4/150 + SGI-IRIS-4D/60G SUN-4/200 + SGI-IRIS-4D/60T SUN-4/260 + SGI-IRIS-4D/60GT SUN-4/280 + SGI-IRIS-4D/70 SUN-4/330 + SGI-IRIS-4D/70G SUN-4/370 + SGI-IRIS-4D/70GT SUN-4/390 + SGI-IRIS-4D/80GT SUN-50 + SGI-IRIS-4D/80S SUN-100 + SGI-IRIS-4D/120GTX SUN-120 + SGI-IRIS-4D/120S SUN-130 + SGI-IRIS-4D/210GTX SUN-150 + SGI-IRIS-4D/210S SUN-170 + SGI-IRIS-4D/220GTX SUN-386i/250 + SGI-IRIS-4D/220S SUN-68000 + SGI-IRIS-4D/240GTX SYMBOLICS-3600 + SGI-IRIS-4D/240S SYMBOLICS-3670 + SGI-IRIS-4D/280GTX SYMMETRIC-375 + SGI-IRIS-4D/280S SYMULT + SGI-IRIS-CS/12 TANDEM-TXP + SGI-IRIS-4SERVER-8 TANDY-6000 + SPERRY-DCP/10 TEK-6130 + SUN TI-EXPLORER + SUN-2 TP-4000 + SUN-2/50 TRS-80 + SUN-2/100 UNIVAC-1100 + SUN-2/120 UNIVAC-1100/60 + SUN-2/130 UNIVAC-1100/62 + SUN-2/140 UNIVAC-1100/63 + SUN-2/150 UNIVAC-1100/64 + SUN-2/160 UNIVAC-1100/70 + SUN-2/170 UNIVAC-1160 + UNKNOWN + VAX-11/725 + VAX-11/730 + VAX-11/750 + VAX-11/780 + VAX-11/785 + VAX-11/790 + VAX-11/8600 + VAX-8600 + WANG-PC002 + WANG-VS100 + WANG-VS400 + WYSE-386 + XEROX-1108 + XEROX-8010 + ZENITH-148 + + SYSTEM NAMES + + These are the Official System Names as they appear in the Domain Name + System HINFO records and the NIC Host Table. Their use is described + in RFC-952 [53]. + + A system name may be up to 40 characters taken from the set of upper- + case letters, digits, and the three punctuation characters hyphen, + period, and slash. It must start with a letter, and end with a + letter or digit. + + AEGIS LISP SUN OS 3.5 + APOLLO LISPM SUN OS 4.0 + AIX/370 LOCUS SWIFT + AIX-PS/2 MACOS TAC + BS-2000 MINOS TANDEM + CEDAR MOS TENEX + CGW MPE5 TOPS10 + CHORUS MSDOS TOPS20 + CHRYSALIS MULTICS TOS + CMOS MUSIC TP3010 + CMS MUSIC/SP TRSDOS + COS MVS ULTRIX + CPIX MVS/SP UNIX + CTOS NEXUS UNIX-BSD + CTSS NMS UNIX-V1AT + DCN NONSTOP UNIX-V + DDNOS NOS-2 UNIX-V.1 + DOMAIN NTOS UNIX-V.2 + DOS OS/DDP UNIX-V.3 + EDX OS/2 UNIX-PC + ELF OS4 UNKNOWN + EMBOS OS86 UT2D + EMMOS OSX V + EPOS PCDOS VM + FOONEX PERQ/OS VM/370 + FUZZ PLI VM/CMS + GCOS PSDOS/MIT VM/SP + GPOS PRIMOS VMS + HDOS RMX/RDOS VMS/EUNICE + IMAGEN ROS VRTX + INTERCOM RSX11M WAITS + IMPRESS RTE-A WANG + INTERLISP SATOPS WIN32 + IOS SCO-XENIX/386 X11R3 + IRIX SCS XDE + ISI-68020 SIMP XENIX + ITS SUN + + + +Appendix C Installing DNS on a Sun when running NIS + +==================== + 2) How to get DNS to be used when running NIS ? + + First setup the appropriate /etc/resolv.conf file. + Something like this should do the "trick". + + ; + ; Data file for a client. + ; + domain local domain + nameserver address of primary domain nameserver + nameserver address of secondary domain nameserver + + where: "local domain" is the domain part of the hostnames. + For example, if your hostname is "thor.ece.uc.edu" + your "local domain" is "ece.uc.edu". + + You will need to put a copy of this resolv.conf on + all NIS(YP) servers including slaves. + + Under SunOS 4.1 and greater, change the "B=" at the top + of the /var/yp/Makefile to "B=-b" and setup NIS in the + usual fashion. + + You will need reboot or restart ypserv for these changes + to take affect. + + Under 4.0.x, edit the Makefile or apply the following "diff": + +*** Makefile.orig Wed Jan 10 13:22:11 1990 +--- Makefile Wed Jan 10 13:22:01 1990 +*************** +*** 63 **** +! | $(MAKEDBM) - $(YPDBDIR)/$(DOM)/hosts.byname; \ +--- 63 ---- +! | $(MAKEDBM) -b - $(YPDBDIR)/$(DOM)/hosts.byname; \ +*************** +*** 66 **** +! | $(MAKEDBM) - $(YPDBDIR)/$(DOM)/hosts.byaddr; \ +--- 66 ---- +! | $(MAKEDBM) -b - $(YPDBDIR)/$(DOM)/hosts.byaddr; \ +==================== + diff --git a/usr.sbin/named/doc/misc/domain.ps b/usr.sbin/named/doc/misc/domain.ps new file mode 100644 index 00000000000..61064a7cf82 --- /dev/null +++ b/usr.sbin/named/doc/misc/domain.ps @@ -0,0 +1,701 @@ +%!PS-Adobe-3.0 +%%Creator: groff version 1.05 +%%DocumentNeededResources: font Times-Bold +%%+ font Times-Italic +%%+ font Times-Roman +%%DocumentSuppliedResources: procset grops 1.05 0 +%%Pages: 5 +%%PageOrder: Ascend +%%Orientation: Portrait +%%EndComments +%%BeginProlog +%%BeginResource: procset grops 1.05 0 + +/setpacking where { + pop + currentpacking + true setpacking +} if + +/grops 120 dict dup begin + +% The ASCII code of the space character. +/SC 32 def + +/A /show load def +/B { 0 SC 3 -1 roll widthshow } bind def +/C { 0 exch ashow } bind def +/D { 0 exch 0 SC 5 2 roll awidthshow } bind def +/E { 0 rmoveto show } bind def +/F { 0 rmoveto 0 SC 3 -1 roll widthshow } bind def +/G { 0 rmoveto 0 exch ashow } bind def +/H { 0 rmoveto 0 exch 0 SC 5 2 roll awidthshow } bind def +/I { 0 exch rmoveto show } bind def +/J { 0 exch rmoveto 0 SC 3 -1 roll widthshow } bind def +/K { 0 exch rmoveto 0 exch ashow } bind def +/L { 0 exch rmoveto 0 exch 0 SC 5 2 roll awidthshow } bind def +/M { rmoveto show } bind def +/N { rmoveto 0 SC 3 -1 roll widthshow } bind def +/O { rmoveto 0 exch ashow } bind def +/P { rmoveto 0 exch 0 SC 5 2 roll awidthshow } bind def +/Q { moveto show } bind def +/R { moveto 0 SC 3 -1 roll widthshow } bind def +/S { moveto 0 exch ashow } bind def +/T { moveto 0 exch 0 SC 5 2 roll awidthshow } bind def + +% name size font SF - + +/SF { + findfont exch + [ exch dup 0 exch 0 exch neg 0 0 ] makefont + dup setfont + [ exch /setfont cvx ] cvx bind def +} bind def + +% name a c d font MF - + +/MF { + findfont + [ 5 2 roll + 0 3 1 roll % b + neg 0 0 ] makefont + dup setfont + [ exch /setfont cvx ] cvx bind def +} bind def + +/level0 0 def +/RES 0 def +/PL 0 def +/LS 0 def + +% BP - + +/BP { + /level0 save def + 1 setlinecap + 1 setlinejoin + 72 RES div dup scale + LS { + 90 rotate + } { + 0 PL translate + } ifelse + 1 -1 scale +} bind def + +/EP { + level0 restore + showpage +} bind def + + +% centerx centery radius startangle endangle DA - + +/DA { + newpath arcn stroke +} bind def + +% x y SN - x' y' +% round a position to nearest (pixel + (.25,.25)) + +/SN { + transform + .25 sub exch .25 sub exch + round .25 add exch round .25 add exch + itransform +} bind def + +% endx endy startx starty DL - +% we round the endpoints of the line, so that parallel horizontal +% and vertical lines will appear even + +/DL { + SN + moveto + SN + lineto stroke +} bind def + +% centerx centery radius DC - + +/DC { + newpath 0 360 arc closepath +} bind def + + +/TM matrix def + +% width height centerx centery DE - + +/DE { + TM currentmatrix pop + translate scale newpath 0 0 .5 0 360 arc closepath + TM setmatrix +} bind def + +% these are for splines + +/RC /rcurveto load def +/RL /rlineto load def +/ST /stroke load def +/MT /moveto load def +/CL /closepath load def + +% fill the last path + +% amount FL - + +/FL { + currentgray exch setgray fill setgray +} bind def + +% fill with the ``current color'' + +/BL /fill load def + +/LW /setlinewidth load def +% new_font_name encoding_vector old_font_name RE - + +/RE { + findfont + dup maxlength dict begin + { + 1 index /FID ne { def } { pop pop } ifelse + } forall + /Encoding exch def + dup /FontName exch def + currentdict end definefont pop +} bind def + +/DEFS 0 def + +% hpos vpos EBEGIN - + +/EBEGIN { + moveto + DEFS begin +} bind def + +/EEND /end load def + +/CNT 0 def +/level1 0 def + +% llx lly newwid wid newht ht newllx newlly PBEGIN - + +/PBEGIN { + /level1 save def + translate + div 3 1 roll div exch scale + neg exch neg exch translate + % set the graphics state to default values + 0 setgray + 0 setlinecap + 1 setlinewidth + 0 setlinejoin + 10 setmiterlimit + [] 0 setdash + /setstrokeadjust where { + pop + false setstrokeadjust + } if + /setoverprint where { + pop + false setoverprint + } if + newpath + /CNT countdictstack def + userdict begin + /showpage {} def +} bind def + +/PEND { + clear + countdictstack CNT sub { end } repeat + level1 restore +} bind def + +end def + +/setpacking where { + pop + setpacking +} if +%%EndResource +%%IncludeResource: font Times-Bold +%%IncludeResource: font Times-Italic +%%IncludeResource: font Times-Roman +grops begin/DEFS 1 dict def DEFS begin/u{.001 mul}bind def end/RES 72 def/PL +792 def/LS false def/ENC0[/asciicircum/asciitilde/Scaron/Zcaron/scaron/zcaron +/Ydieresis/trademark/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef +/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef +/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/space/exclam +/quotedbl/numbersign/dollar/percent/ampersand/quoteright/parenleft/parenright +/asterisk/plus/comma/hyphen/period/slash/zero/one/two/three/four/five/six/seven +/eight/nine/colon/semicolon/less/equal/greater/question/at/A/B/C/D/E/F/G/H/I/J +/K/L/M/N/O/P/Q/R/S/T/U/V/W/X/Y/Z/bracketleft/backslash/bracketright/circumflex +/underscore/quoteleft/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y/z +/braceleft/bar/braceright/tilde/.notdef/quotesinglbase/guillemotleft +/guillemotright/bullet/florin/fraction/perthousand/dagger/daggerdbl/endash +/emdash/ff/fi/fl/ffi/ffl/dotlessi/dotlessj/grave/hungarumlaut/dotaccent/breve +/caron/ring/ogonek/quotedblleft/quotedblright/oe/lslash/quotedblbase/OE/Lslash +/.notdef/exclamdown/cent/sterling/currency/yen/brokenbar/section/dieresis +/copyright/ordfeminine/guilsinglleft/logicalnot/minus/registered/macron/degree +/plusminus/twosuperior/threesuperior/acute/mu/paragraph/periodcentered/cedilla +/onesuperior/ordmasculine/guilsinglright/onequarter/onehalf/threequarters +/questiondown/Agrave/Aacute/Acircumflex/Atilde/Adieresis/Aring/AE/Ccedilla +/Egrave/Eacute/Ecircumflex/Edieresis/Igrave/Iacute/Icircumflex/Idieresis/Eth +/Ntilde/Ograve/Oacute/Ocircumflex/Otilde/Odieresis/multiply/Oslash/Ugrave +/Uacute/Ucircumflex/Udieresis/Yacute/Thorn/germandbls/agrave/aacute/acircumflex +/atilde/adieresis/aring/ae/ccedilla/egrave/eacute/ecircumflex/edieresis/igrave +/iacute/icircumflex/idieresis/eth/ntilde/ograve/oacute/ocircumflex/otilde +/odieresis/divide/oslash/ugrave/uacute/ucircumflex/udieresis/yacute/thorn +/ydieresis]def/Times-Roman@0 ENC0/Times-Roman RE/Times-Italic@0 ENC0 +/Times-Italic RE/Times-Bold@0 ENC0/Times-Bold RE +%%EndProlog +%%Page: 1 1 +%%BeginPageSetup +BP +%%EndPageSetup +/F0 12/Times-Bold@0 SF -.5(What is a Domain?)239.58 82.031 R/F1 10 +/Times-Italic@0 SF(Mark R. Horton)255.92 100.031 Q(ABSTRACT)264.385 154.031 Q +/F2 10/Times-Roman@0 SF 1.689(In the past, electronic mail has used many dif) +122 190.031 R 1.688(ferent kinds of syntax, naming a)-.18 F .036 +(computer and a login name on that computer)122 202.031 R 5.036(.A)-.55 G .036 +(new system, called `)318.134 202.031 R(`domains')-.74 E .037(', is)-.74 F +1.905(becoming widely used, based on a heirarchical naming scheme.)122 214.031 +R 1.904(This paper is)6.904 F 1.256 +(intended as a quick introduction to domains.)122 226.031 R 1.257 +(For more details, you should read)6.257 F +(some of the documents referenced at the end.)122 238.031 Q F1 2.5(1. Intr)72 +286.031 R(oduction)-.37 E F2 .139(What exactly are domains?)72 304.031 R +(Basically)5.139 E 2.639(,t)-.65 G .138 +(hey are a way of looking at the world as a heirarchy \(tree structure\).) +230.625 304.031 R -1(Yo)72 316.031 S 1.079(u're already used to using two tree\ + world models that work pretty well: the telephone system and the)1 F(post of) +72 328.031 Q 2.5(\214ce. Domains)-.18 F +(form a similar heirarchy for the electronic mail community)2.5 E(.)-.65 E .232 +(The post of)72 346.031 R .232(\214ce divides the world up geographically)-.18 +F 2.732<2c8c>-.65 G .232 +(rst into countries, then each country divides itself up,)289.946 346.031 R +.598(those units subdivide, and so on.)72 358.031 R .598(One such country)5.598 +F 3.098(,t)-.65 G .598(he USA, divides into states, which divide into coun-) +290.332 358.031 R .211(ties \(except for certain states, like Louisiana, which\ + divide into things like parishes\), the counties subdivide)72 370.031 R 2.189 +(into cities, towns, and townships, which typically divide into streets, the s\ +treets divide into lots with)72 382.031 R .265(addresses, possibly containing \ +room and apartment numbers, the then individual people at that address.)72 +394.031 R(So)5.265 E(you have an address like)72 406.031 Q(Mark Horton)108 +424.031 Q(Room 2C-249)108 436.031 Q(6200 E. Broad St.)108 448.031 Q +(Columbus, Ohio, USA)108 460.031 Q 1.167(\(I'm ignoring the name `)72 478.031 R +(`A)-.74 E 1.168(T&T Bell Laboratories')-1.11 F 3.668('a)-.74 G 1.168 +(nd the zip code, which are redundant information.\))292.814 478.031 R +(Other countries may subdivide dif)72 490.031 Q(ferently)-.18 E 2.5(,f)-.65 G +(or example many small countries do not have states.)247.25 490.031 Q .554 +(The telephone system is similar)72 508.031 R 5.554(.Y)-.55 G .553 +(our full phone number might look like 1-614-860-1234 x234 This con-)214.6 +508.031 R 1.24(tains, from left to right, your country code \(Surprise!)72 +520.031 R 1.24(The USA has country code `)6.24 F(`1')-.74 E 1.24 +('!\), area code 614)-.74 F 1.012 +(\(Central Ohio\), 860 \(a pre\214x in the Reynoldsbur)72 532.031 R 3.512(gC) +-.18 G 1.012(.O.\), 1234 \(individual phone number\), and extension)287.398 +532.031 R 2.69(234. Some)72 544.031 R .191(phone numbers do not have extension\ +s, but the phone system in the USA has standardized on a)2.69 F 3.782(3d)72 +556.031 S 1.281(igit area code, 3 digit pre\214x, and 4 digit phone number) +85.782 556.031 R 6.281(.O)-.55 G 1.281(ther countries don')332.354 556.031 R +3.781(tu)-.18 G 1.281(se this standard, for)421.837 556.031 R 1.424(example, i\ +n the Netherlands a number might be +46 8 7821234 \(country code 46, city code\ + 8, number)72 568.031 R .294(7821234\), in Germany +49 231 7551234, in Sweden \ ++31 80 551234, in Britain +44 227 61234 or +44 506)72 580.031 R(41)72 592.031 Q +3.237(1234. Note)-.37 F .737(that the country and city codes and telephone num\ +bers are not all the same length, and the)3.237 F .812(punctuation is dif)72 +604.031 R .812(ferent from our North American notation.)-.18 F -.4(Wi)5.812 G +.812(thin a country).4 F 3.312(,t)-.65 G .812(he length of the telephone) +396.882 604.031 R .25(number might depend on the city code.)72 616.031 R .251 +(Even within the USA, the length of extensions is not standardized:)5.25 F .005 +(some places use the last 4 digits of the telephone number for the extension, \ +some use 2 or 3 or 4 digit exten-)72 628.031 R .649 +(sions you must ask an operator for)72 640.031 R 5.649(.E)-.55 G .649 +(ach country has established local conventions.)227.363 640.031 R .65 +(But the numbers are)5.65 F .197(unambigous when dialed from left-to-right, so\ + as long as there is a way to indicate when you are done dial-)72 652.031 R +(ing, there is no problem.)72 664.031 Q 3.092(Ak)72 682.031 S .592(ey dif) +87.312 682.031 R .593(ference in philosophy between the two systems is evident\ + from the way addresses and telephone)-.18 F 1.497(numbers are written.)72 +694.031 R -.4(Wi)6.497 G 1.497(th an address, the most speci\214c information \ +comes \214rst, the least speci\214c last.).4 F .573(\(The `)72 706.031 R .573 +(`root of the tree')-.74 F 3.073('i)-.74 G 3.073(sa)172.515 706.031 S 3.074(tt) +183.918 706.031 S .574(he right.\))192.552 706.031 R -.4(Wi)5.574 G .574 +(th telephones, the least speci\214c information \(root\) is at the left.).4 F +.299(The telephone system was designed for machinery that looks at the \214rst\ + few digits, does something with it,)72 718.031 R .773 +(and passes the remainder through to the next level.)72 730.031 R .773 +(Thus, in ef)5.773 F .774(fect, you are routing your call through the)-.18 F +.255(telephone network.)72 742.031 R .255(Of course, the exact sequence you di\ +al depends on where you are dialing from - some-)5.255 F .259(times you must d\ +ial 9 or 8 \214rst, to get an international dialtone you must dial 01)72 +754.031 R .259(1, if you are calling locally)-.37 F EP +%%Page: 2 2 +%%BeginPageSetup +BP +%%EndPageSetup +/F0 10/Times-Roman@0 SF .31(you can \(and sometimes must\) leave of)72 96 R +2.81(ft)-.18 G .31(he 1 and the area code.)239.24 96 R .31 +(\(This makes life very interesting for peo-)5.31 F .463 +(ple who must design a box to call their home of)72 108 R .463 +(\214ce from any phone in the world.\))-.18 F .464(This type of address is) +5.464 F(called a `)72 120 Q(`relative address')-.74 E +(', since the actual address used depends on the location of the sender)-.74 E +(.)-.55 E .547(The postal system, on the other hand, allows you to write the s\ +ame address no matter where the sender is.)72 138 R .851(The address above wil\ +l get to me from anywhere in the world, even private company mail systems.)72 +150 R -1(Ye)5.851 G(t,)1 E .195 +(some optional abbreviations are possible - I can leave of)72 162 R 2.695(ft) +-.18 G .195(he USA if I'm mailing within the USA; if I'm in)307.61 162 R .552 +(the same city as the address, I can usually just say `)72 174 R(`city')-.74 E +3.053('i)-.74 G 3.053(np)312.94 174 S .553(lace of the last line.)325.993 174 R +.553(This type of address is)5.553 F(called an `)72 186 Q(`absolute address') +-.74 E +(', since the unabbreviated form does not depend on the location of the sender) +-.74 E(.)-.55 E .674(The ARP)72 204 R .674 +(ANET has evolved with a system of absolute addresses: `)-.92 F(`user@host') +-.74 E 3.173('w)-.74 G .673(orks from any machine.)407.001 204 R .269 +(The UUCP network has evolved with a system of relative addresses: `)72 216 R +-2.13(`host!user ')-.74 F 2.769('w)-.74 G .269(orks from any machine)410.713 +216 R .566(with a direct link to `)72 228 R(`host')-.74 E .565(', and you have\ + to route your mail through the network to \214nd such a machine.)-.74 F .451 +(In fact, the `)72 240 R(`user@host')-.74 E 2.951('s)-.74 G .452(yntax has bec\ +ome so popular that many sites run mail software that accepts this)180.114 240 +R .502(syntax, looks up `)72 252 R(`host')-.74 E 3.002('i)-.74 G 3.002(nat) +175.578 252 S .501(able, and sends it to the appropriate network for `)193.802 +252 R(`host')-.74 E 3.001('. This)-.74 F .501(is a very nice)3.001 F .693 +(user interface, but it only works well in a small network.)72 264 R .693 +(Once the set of allowed hosts grows past about)5.693 F +(1000 hosts, you run into all sorts of administrative problems.)72 276 Q .357(\ +One problem is that it becomes nearly impossible to keep a table of host names\ + up to date.)72 294 R .356(New machines)5.356 F 1.123 +(are being added somewhere in the world every day)72 306 R 3.623(,a)-.65 G +1.123(nd nobody tells you about them.)294.727 306 R 1.124(When you try to)6.124 +F .951(send mail to a host that isn')72 318 R 3.451(ti)-.18 G 3.451(ny)196.537 +318 S .951 +(our table \(replying to mail you just got from a new host\), your mailing) +209.988 318 R 1.057(software might try to route it to a smarter machine, but w\ +ithout knowing which network to send it to, it)72 330 R(can')72 342 Q 2.78(tg) +-.18 G .28(uess which smarter machine to forward to.)99.59 342 R .28 +(Another problem is name space collision - there is noth-)5.28 F 1.293(ing to \ +prevent a host on one network from choosing the same name as a host on another\ + network.)72 354 R(For)6.293 E .944(example, DEC')72 366 R 3.444(sE)-.55 G .944 +(NET has a `)148.048 366 R(`vortex')-.74 E 3.444('m)-.74 G .944 +(achine, there is also one on UUCP)244.204 366 R 5.943(.B)-1.11 G .943 +(oth had their names long)401.348 366 R .13 +(before the two networks could talk to each other)72 378 R 2.63(,a)-.4 G .131 +(nd neither had to ask the other network for permission to)275.5 378 R 1.268 +(use the name.)72 390 R 1.268(The problem is compounded when you consider how \ +many computer centers name their)6.268 F(machines `)72 402 Q(`A)-.74 E -.74('') +-1.11 G 2.5(,`).74 G(`B')137.81 402 Q(', `)-.74 E(`C')-.74 E(', and so on.)-.74 +E 1.123(In recognition of this problem, ARP)72 420 R 3.623(Ah)-.92 G 1.123 +(as established a new way to name computers based on domains.)236.978 420 R +1.423(The ARP)72 432 R 1.423(ANET is pioneering the domain convention, and man\ +y other computer networks are falling in)-.92 F .575(line, since it is the \ +\214rst naming convention that looks like it really stands a chance of working\ +.)72 444 R .576(The MIL-)5.576 F .626(NET portion of ARP)72 456 R .626 +(ANET has a domain, CSNET has one, and it appears that Digital, A)-.92 F(T&T) +-1.11 E 3.125(,a)-.74 G .625(nd UUCP)464.205 456 R .661 +(will be using domains as well.)72 468 R .661 +(Domains look a lot like postal addresses, with a simple syntax that \214ts on) +5.661 F .876(one line, is easy to type, and is easy for computers to handle.)72 +480 R 2.276 -.7(To i)5.876 H .875(llustrate, an old routed UUCP address).7 F +7.093(might read `)72 492 R(`sdcsvax!ucbvax!allegra!cbosgd!mark')-.74 E 9.593 +('. The)-.74 F 7.094(domain version of this might read)9.593 F -.74(``)72 504 S +(mark@d.osg.cb.att.uucp').74 E 4.443('. The)-.74 F 1.942 +(machine is named d.osg.cb.att.uucp \(UUCP domain, A)4.443 F 1.942(T&T company) +-1.11 F(,)-.65 E 1.183 +(Columbus site, Operating System Group project, fourth machine.\))72 516 R +1.183(Of course, this example is somewhat)6.183 F .877(verbose and contrived; \ +it illustrates the heirarchy well, but most people would rather type something\ + like)72 528 R -.74(``)72 540 S(cbosgd.att.uucp').74 E 2.791('o)-.74 G 2.791 +(re)154.401 540 S .292(ven `)164.962 540 R(`cbosgd.uucp')-.74 E .292 +(', and actual domains are usually set up so that you don')-.74 F 2.792(th)-.18 +G .292(ave to)479.548 540 R(type very much.)72 552 Q -1(Yo)72 570 S 5.307(um)1 +G 2.806(ay wonder why the single @ sign is present, that is, why the above add\ +ress does not read)101.307 570 R -.74(``)72 582 S(mark.d.osg.cb.att.uucp').74 E +3.736('. In)-.74 F 1.236 +(fact, it was originally proposed in this form, and some of the examples in) +3.736 F .961(RFC819 do not contain an @ sign.)72 594 R .961 +(The @ sign is present because some ARP)5.961 F .961 +(ANET sites felt the strong)-.92 F .317(need for a divider between the domain,\ + which names one or more computers, and the left hand side, which)72 606 R 1.73 +(is subject to whatever interpretation the domain chooses.)72 618 R 1.729 +(For example, if the A)6.729 F 1.729(TT domain chooses to)-1.11 F .185 +(address people by full name rather than by their login, an address like `)72 +630 R(`Mark.Horton@A)-.74 E(TT)-1.11 E(.UUCP')-.74 E 2.685('m)-.74 G(akes) +486.23 630 Q .16(it clear that some machine in the A)72 642 R .159 +(TT domain should interpret the string `)-1.11 F(`Mark.Horton')-.74 E .159 +(', but if the address)-.74 F 2.657(were `)72 654 R(`Mark.Horton.A)-.74 E(TT) +-1.11 E(.UUCP')-.74 E 2.657 +(', routing software might try to \214nd a machine named `)-.74 F(`Horton')-.74 +E 5.158('o)-.74 G(r)500.67 654 Q -.74(``)72 666 S(Mark.Horton').74 E 2.613 +('. \(By)-.74 F .113(the way)2.613 F 2.613(,c)-.65 G .113 +(ase is ignored in domains, so that `)201.952 666 R(`A)-.74 E(TT)-1.11 E +(.UUCP')-.74 E 2.612('i)-.74 G 2.612(st)402.282 666 S .112(he same as `)411.564 +666 R(`att.uucp')-.74 E('.)-.74 E 1.58 -.7(To t)72 678 T .181 +(he left of the @ sign, however).7 F 2.681(,ad)-.4 G .181 +(omain can interpret the text any way it wants; case can be ignored or)226.987 +678 R(it can be signi\214cant.\))72 690 Q 1.202(It is important to note that)72 +708 R/F1 10/Times-Bold@0 SF 1.202(domains ar)3.702 F 3.702(en)-.18 G 1.202 +(ot r)248.666 708 R(outes)-.18 E F0 6.202(.S)C 1.202 +(ome people look at the number of !')301.44 708 R 3.702(si)-.55 G 3.702(nt) +463.816 708 S 1.202(he \214rst)475.298 708 R .679(example and the number of .') +72 720 R 3.179(si)-.55 G 3.179(nt)202.444 720 S .68 +(he second, and assume the latter is being routed from a machine called)213.403 +720 R -.74(``)72 732 S(uucp').74 E 2.548('t)-.74 G 2.548(oa)108.608 732 S .048 +(nother called `)120.596 732 R(`att')-.74 E 2.548('t)-.74 G 2.548(oa)202.29 732 +S .048(nother called `)214.278 732 R(`cb')-.74 E 2.548('a)-.74 G .048 +(nd so on.)297.072 732 R .048(While it is possible to set up mail routing)5.048 +F .547(software to do this, and indeed in the worst case, even without a reaso\ +nable set of tables, this method will)72 744 R EP +%%Page: 3 3 +%%BeginPageSetup +BP +%%EndPageSetup +/F0 10/Times-Roman@0 SF .077(always work, the intent is that `)72 96 R +(`d.osg.cb.att.uucp')-.74 E 2.577('i)-.74 G 2.577(st)279.919 96 S .077 +(he name of a machine, not a path to get there.)289.166 96 R .077(In par)5.077 +F(-)-.2 E(ticular)72 108 Q 2.534(,d)-.4 G .035(omains are absolute addresses, \ +while routes depend on the location of the sender)107.184 108 R 5.035(.S)-.55 G +.035(ome subroutine)442.025 108 R 1.067(is char)72 120 R 1.067(ged with \214gu\ +ring out, given a domain based machine name, what to do with it.)-.18 F 1.066 +(In a high quality)6.067 F .148(environment like the ARP)72 132 R 2.648(AI)-.92 +G .148(nternet, it can query a table or a name server)189.442 132 R 2.648(,c) +-.4 G .148(ome up with a 32 bit host num-)377.682 132 R(ber)72 144 Q 2.555(,a) +-.4 G .055(nd connect you directly to that machine.)93.865 144 R .055 +(In the UUCP environment, we don')5.055 F 2.555(th)-.18 G .055 +(ave the concept of two)413.25 144 R .785 +(processes on arbitrary machines talking directly)72 156 R 3.286(,s)-.65 G +3.286(ow)276.302 156 S 3.286(ef)291.808 156 S .786 +(orward mail one hop at a time until it gets to the)302.864 156 R .096 +(appropriate destination.)72 168 R .096(In this case, the subroutine decides i\ +f the name represents the local machine, and if)5.096 F +(not, decides which of its neighbors to forward the message to.)72 180 Q/F1 10 +/Times-Italic@0 SF 2.5(2. What)72 204 R(is a Domain?)2.5 E F0 .084 +(So, after all this background, we still haven')72 222 R 2.584(ts)-.18 G .084 +(aid what a domain is.)258.582 222 R .085(The answer \(I hope it')5.085 F 2.585 +(sb)-.55 G .085(een worth the)449.4 222 R .439 +(wait\) is that a domain is a subtree of the world tree.)72 234 R .439 +(For example, `)5.439 F(`uucp')-.74 E 2.939('i)-.74 G 2.939(sat)380.937 234 S +.439(op level domain \(that is, a)397.925 234 R .127(subtree of the `)72 246 R +(`root')-.74 E .127 +('.\) and represents all names and machines beneath it in the tree.)-.74 F -.74 +(``)5.128 G(att.uucp').74 E 2.628('i)-.74 G 2.628(sas)463.194 246 S(ubdo-) +480.67 246 Q .04(main of `)72 258 R(`uucp')-.74 E .04 +(', representing all names, machines, and subdomains beneath `)-.74 F(`att') +-.74 E 2.54('i)-.74 G 2.54(nt)407.74 258 S .04(he tree.)418.06 258 R .04 +(Similarly for)5.04 F -.74(``)72 270 S(cb.att.uucp').74 E .812(', `)-.74 F +(`osg.cb.att.uucp')-.74 E .812(', and even `)-.74 F(`d.osg.cb.att.uucp')-.74 E +3.312('\()-.74 G .812(although `)337.65 270 R(`d.osg.cb.att.uucp')-.74 E 3.312 +('i)-.74 G 3.313(sa`)461.664 270 S -1.95(`leaf ')479.21 270 R(')-.74 E +(domain, representing only the one machine\).)72 282 Q 2.664(Ad)72 300 S .164 +(omain has certain properties.)86.884 300 R .164 +(The key property is that it has a `)5.164 F(`registry')-.74 E 2.663('. That) +-.74 F .163(is, the domain has a list)2.663 F .429(of the names of all immedia\ +te subdomains, plus information about how to get to each one.)72 312 R .43 +(There is also a)5.43 F .601(contact person for the domain.)72 324 R .601 +(This person is responsible for the domain, keeping the registry up-to-date,) +5.601 F .007(serving as a point of contact for outside queries, and setting po\ +licy requirements for subdomains.)72 336 R .008(Each sub-)5.008 F .839(domain \ +can decide who it will allow to have subdomains, and establish requirements th\ +at all subdomains)72 348 R .062(must meet to be included in the registry)72 360 +R 5.062(.F)-.65 G .062(or example, the `)243.506 360 R(`cb')-.74 E 2.562('d) +-.74 G .063(omain might require all subdomains to be)336.964 360 R +(physically located in the A)72 372 Q(T&T building in Columbus.)-1.11 E(ARP)72 +390 Q 3.564(Ah)-.92 G 1.064 +(as established certain requirements for top level domains.)106.314 390 R 1.064 +(These requirements specify that there)6.064 F .371(must be a list of all subd\ +omains and contact persons for them, a responsible person who is an authority \ +for)72 402 R .685(the domain \(so that if some site does something bad, it can\ + be made to stop\), a minimum size \(to prevent)72 414 R 1.051(small domains f\ +rom being top level\), and a pair of nameservers \(for redundancy\) to provide\ + a directory-)72 426 R .367(assistance facility)72 438 R 5.367(.D)-.65 G .367(\ +omains can be more lax about the requirements they place on their subdomains, \ +mak-)157.624 438 R .139 +(ing it harder to be a top level domain than somewhere lower in the tree.)72 +450 R .139(Of course, if you are a subdomain,)5.139 F +(your parent is responsible for you.)72 462 Q 1.005 +(One requirement that is NOT present is for unique parents.)72 480 R 1.004 +(That is, a machine \(or an entire subdomain\))6.005 F .724 +(need not appear in only one place in the tree.)72 492 R .725(Thus, `)5.724 F +(`cb')-.74 E 3.225('m)-.74 G .725(ight appear both in the `)321.65 492 R(`att') +-.74 E 3.225('d)-.74 G .725(omain, and in)447.83 492 R 1.253(the `)72 504 R +(`ohio')-.74 E 3.753('d)-.74 G 3.753(omain. This)126.346 504 R 1.253(allows do\ +mains to be structured more \215exibly than just the simple geography)3.753 F +.297(used by the postal service and the telephone company; or)72 516 R .298 +(ganizations or topography can be used in parallel.)-.18 F(\(Actually)72 528 Q +2.761(,t)-.65 G .261(here are a few instances where this is done in the postal\ + service [overseas military mail] and the)117.161 528 R .528(telephone system \ +[pre\214xes can appear in more than one area code, e.g. near W)72 540 R .529 +(ashington D.C., and Silicon)-.8 F -1.11(Va)72 552 S 4.068(lley].\) It)1.11 F +1.567(also allows domains to split or join up, while remaining upward compatib\ +le with their old)4.068 F(addresses.)72 564 Q 1.958 +(Do all domains represent speci\214c machines?)72 582 R 1.958(Not necessarily) +6.958 F 6.958(.I)-.65 G(t')342.794 582 Q 4.458(sp)-.55 G 1.958 +(retty obvious that a full path like)361.702 582 R -.74(``)72 594 S +(d.cbosg.att.uucp').74 E 3.546('r)-.74 G 1.046(efers to exactly one machine.) +155.986 594 R 1.046(The OSG domain might decide that `)6.046 F +(`cbosg.att.uucp')-.74 E(')-.74 E .385 +(represents a particular gateway machine.)72 606 R .385 +(Or it might decide that it represents a set of machines, several of)5.385 F +1.763(which might be gateways.)72 618 R 1.763(The `)6.763 F(`att.uucp')-.74 E +4.263('d)-.74 G 1.762(omain might decide that several machines, `)261.338 618 R +(`ihnp4.uucp')-.74 E(',)-.74 E -.74(``)72 630 S(whgwj.uucp').74 E .482 +(', and `)-.74 F(`hogtw)-.74 E(.uucp')-.65 E 2.982('a)-.74 G .482 +(re all entry points into `)221.456 630 R(`att.uucp')-.74 E 2.983('. Or)-.74 F +.483(it might decide that it just rep-)2.983 F .045 +(resents a spot in the name space, not a machine.)72 642 R .044 +(For example, there is no machine corresponding to `)5.044 F(`arpa')-.74 E(') +-.74 E .336(or `)72 654 R(`uucp')-.74 E .336(', or to the root.)-.74 F .337 +(Each domain decides for itself.)5.336 F .337 +(The naming space and the algorithm for getting)5.337 F .977(mail from one mac\ +hine to another are not closely linked - routing is up to the mail system to \ +\214gure out,)72 666 R(with or without help from the structure of the names.)72 +678 Q .286(The domain syntax does allow explicit routes, in case you want to e\ +xercise a particular route or some gate-)72 696 R 9.168(way is balking.)72 708 +R 9.167(The syntax is `)165.334 708 R(`@dom)-.74 E(1)281.576 713 Q(,@dom) +286.576 708 Q(2)316.066 713 Q(,...,@dom)321.066 708 Q(n)360.556 713 Q +(:user@domain')365.556 708 Q 9.167(', for example,)-.74 F(@ihnp4.UUCP)72 720 Q +(,@ucbvax.UUCP)-1.11 E(,:joe@NIC.ARP)-1.11 E .946 +(A, forcing it to be routed through dom)-.92 F(1)425.602 725 Q 3.446(,d)430.602 +720 S(om)441.548 720 Q(2)454.328 725 Q 3.446(,.)459.328 720 S .946(.., dom) +467.774 720 R(n)496.5 725 Q(,)501.5 720 Q .406 +(and from domn sent to the \214nal address.)72 732 R .406 +(This behaves exactly like the UUCP ! routing syntax, although it)5.406 F +(is somewhat more verbose.)72 744 Q EP +%%Page: 4 4 +%%BeginPageSetup +BP +%%EndPageSetup +/F0 10/Times-Roman@0 SF 2.218(By the way)72 96 R 4.718(,y)-.65 G 2.219(ou've n\ +o doubt noticed that some forms of electronic addresses read from left-to-righ\ +t)133.554 96 R .545 +(\(cbosgd!mark\), others read from right-to-left \(mark@Berkeley\).)72 108 R +.545(Which is better?)5.545 F .544(The real answer here is)5.544 F .891 +(that it')72 120 R 3.391(sar)-.55 G .891(eligious issue, and it doesn')117.173 +120 R 3.391(tm)-.18 G .891(ake much dif)245.338 120 R 3.391 +(ference. left-to-right)-.18 F .891(is probably a bit easier for a)3.391 F +1.413(computer to deal with because it can understand something on the left an\ +d ignore the remainder of the)72 132 R 2.507(address. \(While)72 144 R(it') +2.507 E 2.507(sa)-.55 G .008(lmost as easy for the program to read from right-\ +to-left, the ease of going from left-to-)158.951 144 R(right was probably in t\ +he backs of the minds of the designers who invented host:user and host!user)72 +156 Q(.\))-.55 E .779(On the other hand, I claim that user@host is easier for \ +humans to read, since people tend to start reading)72 174 R .811(from the left\ + and quit as soon as they recognize the login name of the person.)72 186 R .812 +(Also, a mail program that)5.812 F 1.53 +(prints a table of headers may have to truncate the sender)72 198 R 2.629 -.55 +('s a).37 H 1.529(ddress to make it \214t in a \214xed number of).55 F +(columns, and it')72 210 Q 2.5(sp)-.55 G(robably more useful to read `)147.56 +210 Q(`mark@d.osg.a')-.74 E 2.5('t)-.74 G(han `)335.8 210 Q(`ucbvax!sdcsv')-.74 +E('.)-.74 E .841(These are pretty minor issues, after all, humans can adapt to\ + skip to the end of an address, and programs)72 228 R .393 +(can truncate on the left.)72 240 R .392(But the real problem is that if the w\ +orld contains BOTH left-to-right and right-to-)5.392 F .82 +(left syntax, you have ambiguous addresses like x!y@z to consider)72 252 R 5.82 +(.T)-.55 G .82(his single problem turns out to be a)357.43 252 R(killer)72 264 +Q 2.5(,a)-.4 G +(nd is the best single reason to try to stamp out one in favor of the other) +102.15 264 Q(.)-.55 E/F1 10/Times-Italic@0 SF 2.5(3. So)72 288 R(why ar)2.5 E +2.5(ew)-.37 G 2.5(ed)137.74 288 S(oing this, anyway?)149.68 288 Q F0 .938 +(The current world is full of lots of interesting kinds of mail syntax.)72 306 +R .938(The old ARP)5.938 F 3.437(A`)-.92 G(`user@host')423.656 306 Q 3.437('i) +-.74 G 3.437(ss)481.663 306 S(till)492.88 306 Q 1.156(used on the ARP)72 318 R +1.156(ANET by many systems.)-.92 F 1.156 +(Explicit routing can sometimes by done with an address like)6.156 F -.74(``)72 +330 S(user@host2@host1').74 E 3.856('w)-.74 G 1.356 +(hich sends the mail to host1 and lets host1 interpret `)173.336 330 R +(`user@host2')-.74 E 3.855('. Addresses)-.74 F .704 +(with more than one @ were made illegal a few years ago, but many ARP)72 342 R +.704(ANET hosts depended on them,)-.92 F 1.899 +(and the syntax is still being used.)72 354 R 1.899(UUCP uses `)6.899 F -2.13 +(`h1!h2!h3!user ')-.74 F 1.898(', requiring the user to route the mail.)-.74 F +(Berknets use `)72 366 Q -2.13(`host:user ')-.74 F 2.5('a)-.74 G +(nd do not allow explicit routing.)181.14 366 Q 4.804 -.7(To g)72 384 T 3.404 +(et mail from one host to another).7 F 5.904(,i)-.4 G 5.904(th)252.842 384 S +3.404(ad to be routed through gateways.)266.526 384 R 3.405(Thus, the address) +8.404 F -.74(``)72 396 S(csvax:mark@Berkeley').74 E 2.744('f)-.74 G .244 +(rom the ARP)181.324 396 R .244(ANET would send the mail to Berkeley)-.92 F +2.743(,w)-.65 G .243(hich would forward it to)405.818 396 R 2.948 +(the Berknet address csvax:mark.)72 408 R 4.348 -.7(To s)7.948 H 2.949 +(end mail to the ARP).7 F 2.949(ANET from UUCP)-.92 F 5.449(,a)-1.11 G 5.449 +(na)426.003 408 S 2.949(ddress such as)440.892 408 R -.74(``)72 420 S +(ihnp4!ucbvax!sam@foo-unix').74 E 7.46('w)-.74 G 4.96 +(ould route it through ihnp4 to ucbvax, which would interpret)216.6 420 R -.74 +(``)72 432 S(sam@foo-unix').74 E 4.422('a)-.74 G 4.422(sa)152.462 432 S 4.422 +(nA)165.214 432 S(RP)181.856 432 Q 1.922(ANET address and pass it along.)-.92 F +1.923(When the Berknet-UUCP gateway and)6.922 F(Berknet-ARP)72 444 Q 16.197 +(ANET gateway were on dif)-.92 F 16.196(ferent machines, addresses such as)-.18 +F -.74(``)72 456 S(csvax:ihnp4!ihnss!warren@Berkeley').74 E 2.5('w)-.74 G +(ere common.)242.18 456 Q .986(As you can see, the combination of left-to-righ\ +t UUCP syntax and right-to-left ARP)72 474 R .986(ANET syntax makes)-.92 F +1.681(things pretty complex.)72 486 R 1.681(Berknets are gone now)6.681 F 4.181 +(,b)-.65 G 1.68(ut there are lots of gateways between UUCP and the)279.757 486 +R(ARP)72 498 Q 1.301(ANET and ARP)-.92 F(ANET)-.92 E 1.301 +(-like mail networks.)-.92 F 1.301 +(Sending mail to an address for which you only know a)6.301 F 5.618 +(path from the ARP)72 510 R 5.618 +(ANET onto UUCP is even harder \255 suppose the address you have is)-.92 F +(ihnp4!ihnss!warren@Berkeley)72 522 Q 3.51(,a)-.65 G 1.011 +(nd you are on host rlgvax which uses seismo as an ARP)204.87 522 R 1.011 +(ANET gateway)-.92 F(.)-.65 E -1(Yo)72 534 S 3.535(um)1 G 1.035 +(ust send to seismo!ihnp4!ihnss!warren@Berkeley)99.535 534 R 3.535(,w)-.65 G +1.035(hich is not only pretty hard to read, but when)314.705 534 R 1.43 +(the recipient tries to reply)72 546 R 3.93(,i)-.65 G 3.93(tw)189.04 546 S 1.43 +(ill have no idea where the break in the address between the two UUCP)202.97 +546 R .608(pieces occurs.)72 558 R .608(An ARP)5.608 F .608 +(ANET site routing across the UUCP world to somebody')-.92 F 3.108(sE)-.55 G +.607(thernet using domains)414.456 558 R 2.224 +(locally will have to send an address something like `)72 570 R(`xxx@Berkeley) +-.74 E(.ARP)-.65 E -1.02 -1.11(A' ')-.92 H 2.225(to get it to UUCP)5.835 F +4.725(,t)-1.11 G(hen)489.56 570 Q -.74(``)72 582 S(ihnp4!decvax!island!yyy').74 +E 4.039('t)-.74 G 4.039(og)190.639 582 S 1.539 +(et it to the other ethernet, then `)204.678 582 R(`sam@csvax.ISLAND')-.74 E +4.038('t)-.74 G 4.038(og)444.116 582 S 1.538(et it across)458.154 582 R 31.285 +(their ethernet.)72 594 R 31.286(The single address would therefore be)195.11 +594 R(ihnp4!decvax!island!sam@csvax.ISLAND@Berkeley)72 606 Q(.ARP)-.65 E 2.801 +(A, which is too much to ask any person or)-.92 F 5.863(mailer to understand.) +72 618 R(It')179.299 618 Q 8.363(se)-.55 G 5.863 +(ven worse: gateways have to deal with ambiguous names like)204.882 618 R +(ihnp4!mark@Berkeley)72 630 Q 4.833(,w)-.65 G 2.333 +(hich can be parsed either `)177.873 630 R(`\(ihnp4!mark\)@Berkeley')-.74 E +4.833('i)-.74 G 4.833(na)409.531 630 S 2.333(ccordance with the)423.804 630 R +(ARP)72 642 Q(ANET conventions, or `)-.92 E(`ihnp4!\(mark@Berkeley\)')-.74 E +2.5('a)-.74 G 2.5(st)301.26 642 S(he old UUCP would.)310.43 642 Q .415(Another\ + very important reason for using domains is that your mailing address becomes \ +absolute instead of)72 660 R 3.03(relative. It)72 672 R .53(becomes possible t\ +o put your electronic address on your business card or in your signature \214l\ +e)3.03 F .185(without worrying about writing six dif)72 684 R .185 +(ferent forms and \214fteen hosts that know how to get to yours.)-.18 F .185 +(It dras-)5.185 F .468(tically simpli\214es the job of the reply command in yo\ +ur mail program, and automatic reply code in the net-)72 696 R(news software.) +72 708 Q EP +%%Page: 5 5 +%%BeginPageSetup +BP +%%EndPageSetup +/F0 10/Times-Italic@0 SF 2.5(4. Further)72 96 R(Information)2.5 E/F1 10 +/Times-Roman@0 SF .794(For further information, some of the basic ARP)72 114 R +.794(ANET reference documents are in order)-.92 F 5.794(.T)-.55 G .794 +(hese can often)445.212 114 R .65 +(be found posted to Usenet, or available nearby)72 126 R 5.65(.T)-.65 G .65 +(hey are all available on the ARP)276.23 126 R .65(ANET on host NIC via)-.92 F +.371(FTP with login ANONYMOUS, if you have an ARP)72 138 R .371(ANET login.) +-.92 F .371(They can also be ordered from the Net-)5.371 F +(work Information Center)72 150 Q 2.5(,S)-.4 G +(RI International, Menlo Park, California, 94025.)182.14 150 Q 2.5(RFC819 The) +72 168 R(Domain Naming Convention for Internet User Applications)2.5 E 2.5 +(RFC821 Simple)72 180 R(Mail T)2.5 E(ransfer Protocol)-.35 E 2.5 +(RFC822 Standard)72 192 R(for the Format of ARP)2.5 E(ANET T)-.92 E +(ext Messages)-.7 E 2.5(RFC881 The)72 204 R(Domain Names Plan and Schedule)2.5 +E(#)72 222 Q 2.5(#@)72 234 S 29.07(\(#\)domain.mm 2.1)88.71 234 R +(smail 12/14/86)2.5 E(#)72 246 Q EP +%%Trailer +end +%%EOF diff --git a/usr.sbin/named/doc/misc/purdue-paper.ps b/usr.sbin/named/doc/misc/purdue-paper.ps new file mode 100644 index 00000000000..d8e7db37bc9 --- /dev/null +++ b/usr.sbin/named/doc/misc/purdue-paper.ps @@ -0,0 +1,3424 @@ +%!PS-Adobe-2.0 +%%Creator: dvips 5.485 Copyright 1986-92 Radical Eye Software +%%Title: main.dvi +%%Pages: 21 1 +%%BoundingBox: 0 0 612 792 +%%EndComments +%DVIPSCommandLine: /usr/local/tex/dvips main.dvi +%%BeginProcSet: tex.pro +/TeXDict 250 dict def TeXDict begin /N{def}def /B{bind def}N /S{exch}N /X{S N} +B /TR{translate}N /isls false N /vsize 11 72 mul N /@rigin{isls{[0 -1 1 0 0 0] +concat}if 72 Resolution div 72 VResolution div neg scale isls{Resolution hsize +-72 div mul 0 TR}if Resolution VResolution vsize -72 div 1 add mul TR matrix +currentmatrix dup dup 4 get round 4 exch put dup dup 5 get round 5 exch put +setmatrix}N /@landscape{/isls true N}B /@manualfeed{statusdict /manualfeed +true put}B /@copies{/#copies X}B /FMat[1 0 0 -1 0 0]N /FBB[0 0 0 0]N /nn 0 N +/IE 0 N /ctr 0 N /df-tail{/nn 8 dict N nn begin /FontType 3 N /FontMatrix +fntrx N /FontBBox FBB N string /base X array /BitMaps X /BuildChar{ +CharBuilder}N /Encoding IE N end dup{/foo setfont}2 array copy cvx N load 0 nn +put /ctr 0 N[}B /df{/sf 1 N /fntrx FMat N df-tail}B /dfs{div /sf X /fntrx[sf 0 +0 sf neg 0 0]N df-tail}B /E{pop nn dup definefont setfont}B /ch-width{ch-data +dup length 5 sub get}B /ch-height{ch-data dup length 4 sub get}B /ch-xoff{128 +ch-data dup length 3 sub get sub}B /ch-yoff{ch-data dup length 2 sub get 127 +sub}B /ch-dx{ch-data dup length 1 sub get}B /ch-image{ch-data dup type +/stringtype ne{ctr get /ctr ctr 1 add N}if}B /id 0 N /rw 0 N /rc 0 N /gp 0 N +/cp 0 N /G 0 N /sf 0 N /CharBuilder{save 3 1 roll S dup /base get 2 index get +S /BitMaps get S get /ch-data X pop /ctr 0 N ch-dx 0 ch-xoff ch-yoff ch-height +sub ch-xoff ch-width add ch-yoff setcachedevice ch-width ch-height true[1 0 0 +-1 -.1 ch-xoff sub ch-yoff .1 add]{ch-image}imagemask restore}B /D{/cc X dup +type /stringtype ne{]}if nn /base get cc ctr put nn /BitMaps get S ctr S sf 1 +ne{dup dup length 1 sub dup 2 index S get sf div put}if put /ctr ctr 1 add N} +B /I{cc 1 add D}B /bop{userdict /bop-hook known{bop-hook}if /SI save N @rigin +0 0 moveto pop}N /eop{SI restore showpage userdict /eop-hook known{eop-hook} +if}N /@start{userdict /start-hook known{start-hook}if /VResolution X +/Resolution X 1000 div /DVImag X /IE 256 array N 0 1 255{IE S 1 string dup 0 3 +index put cvn put}for 65781.76 div /vsize X 65781.76 div /hsize X}N /p{show}N +/RMat[1 0 0 -1 0 0]N /BDot 260 string N /rulex 0 N /ruley 0 N /v{/ruley X +/rulex X V}B /V statusdict begin /product where{pop product dup length 7 ge{0 +7 getinterval(Display)eq}{pop false}ifelse}{false}ifelse end{{gsave TR -.1 -.1 +TR 1 1 scale rulex ruley false RMat{BDot}imagemask grestore}}{{gsave TR -.1 +-.1 TR rulex ruley scale 1 1 false RMat{BDot}imagemask grestore}}ifelse B /a{ +moveto}B /delta 0 N /tail{dup /delta X 0 rmoveto}B /M{S p delta add tail}B /b{ +S p tail}B /c{-4 M}B /d{-3 M}B /e{-2 M}B /f{-1 M}B /g{0 M}B /h{1 M}B /i{2 M}B +/j{3 M}B /k{4 M}B /w{0 rmoveto}B /l{p -4 w}B /m{p -3 w}B /n{p -2 w}B /o{p -1 w +}B /q{p 1 w}B /r{p 2 w}B /s{p 3 w}B /t{p 4 w}B /x{0 S rmoveto}B /y{3 2 roll p +a}B /bos{/SS save N}B /eos{SS restore}B end +%%EndProcSet +%%BeginProcSet: special.pro +TeXDict begin /SDict 200 dict N SDict begin /@SpecialDefaults{/hs 612 N /vs +792 N /ho 0 N /vo 0 N /hsc 1 N /vsc 1 N /ang 0 N /CLIP 0 N /rwiSeen false N +/rhiSeen false N /letter{}N /note{}N /a4{}N /legal{}N}B /@scaleunit 100 N +/@hscale{@scaleunit div /hsc X}B /@vscale{@scaleunit div /vsc X}B /@hsize{/hs +X /CLIP 1 N}B /@vsize{/vs X /CLIP 1 N}B /@clip{/CLIP 2 N}B /@hoffset{/ho X}B +/@voffset{/vo X}B /@angle{/ang X}B /@rwi{10 div /rwi X /rwiSeen true N}B /@rhi +{10 div /rhi X /rhiSeen true N}B /@llx{/llx X}B /@lly{/lly X}B /@urx{/urx X}B +/@ury{/ury X}B /magscale true def end /@MacSetUp{userdict /md known{userdict +/md get type /dicttype eq{userdict begin md length 10 add md maxlength ge{/md +md dup length 20 add dict copy def}if end md begin /letter{}N /note{}N /legal{ +}N /od{txpose 1 0 mtx defaultmatrix dtransform S atan/pa X newpath clippath +mark{transform{itransform moveto}}{transform{itransform lineto}}{6 -2 roll +transform 6 -2 roll transform 6 -2 roll transform{itransform 6 2 roll +itransform 6 2 roll itransform 6 2 roll curveto}}{{closepath}}pathforall +newpath counttomark array astore /gc xdf pop ct 39 0 put 10 fz 0 fs 2 +F/|______Courier fnt invertflag{PaintBlack}if}N /txpose{pxs pys scale ppr +aload pop por{noflips{pop S neg S TR pop 1 -1 scale}if xflip yflip and{pop S +neg S TR 180 rotate 1 -1 scale ppr 3 get ppr 1 get neg sub neg ppr 2 get ppr 0 +get neg sub neg TR}if xflip yflip not and{pop S neg S TR pop 180 rotate ppr 3 +get ppr 1 get neg sub neg 0 TR}if yflip xflip not and{ppr 1 get neg ppr 0 get +neg TR}if}{noflips{TR pop pop 270 rotate 1 -1 scale}if xflip yflip and{TR pop +pop 90 rotate 1 -1 scale ppr 3 get ppr 1 get neg sub neg ppr 2 get ppr 0 get +neg sub neg TR}if xflip yflip not and{TR pop pop 90 rotate ppr 3 get ppr 1 get +neg sub neg 0 TR}if yflip xflip not and{TR pop pop 270 rotate ppr 2 get ppr 0 +get neg sub neg 0 S TR}if}ifelse scaleby96{ppr aload pop 4 -1 roll add 2 div 3 +1 roll add 2 div 2 copy TR .96 dup scale neg S neg S TR}if}N /cp{pop pop +showpage pm restore}N end}if}if}N /normalscale{Resolution 72 div VResolution +72 div neg scale magscale{DVImag dup scale}if 0 setgray}N /psfts{S 65781.76 +div N}N /startTexFig{/psf$SavedState save N userdict maxlength dict begin +/magscale false def normalscale currentpoint TR /psf$ury psfts /psf$urx psfts +/psf$lly psfts /psf$llx psfts /psf$y psfts /psf$x psfts currentpoint /psf$cy X +/psf$cx X /psf$sx psf$x psf$urx psf$llx sub div N /psf$sy psf$y psf$ury +psf$lly sub div N psf$sx psf$sy scale psf$cx psf$sx div psf$llx sub psf$cy +psf$sy div psf$ury sub TR /showpage{}N /erasepage{}N /copypage{}N /p 3 def +@MacSetUp}N /doclip{psf$llx psf$lly psf$urx psf$ury currentpoint 6 2 roll +newpath 4 copy 4 2 roll moveto 6 -1 roll S lineto S lineto S lineto closepath +clip newpath moveto}N /endTexFig{end psf$SavedState restore}N /@beginspecial{ +SDict begin /SpecialSave save N gsave normalscale currentpoint TR +@SpecialDefaults count /ocount X /dcount countdictstack N}N /@setspecial{CLIP +1 eq{newpath 0 0 moveto hs 0 rlineto 0 vs rlineto hs neg 0 rlineto closepath +clip}if ho vo TR hsc vsc scale ang rotate rwiSeen{rwi urx llx sub div rhiSeen{ +rhi ury lly sub div}{dup}ifelse scale llx neg lly neg TR}{rhiSeen{rhi ury lly +sub div dup scale llx neg lly neg TR}if}ifelse CLIP 2 eq{newpath llx lly +moveto urx lly lineto urx ury lineto llx ury lineto closepath clip}if +/showpage{}N /erasepage{}N /copypage{}N newpath}N /@endspecial{count ocount +sub{pop}repeat countdictstack dcount sub{end}repeat grestore SpecialSave +restore end}N /@defspecial{SDict begin}N /@fedspecial{end}B /li{lineto}B /rl{ +rlineto}B /rc{rcurveto}B /np{/SaveX currentpoint /SaveY X N 1 setlinecap +newpath}N /st{stroke SaveX SaveY moveto}N /fil{fill SaveX SaveY moveto}N +/ellipse{/endangle X /startangle X /yrad X /xrad X /savematrix matrix +currentmatrix N TR xrad yrad scale 0 0 1 startangle endangle arc savematrix +setmatrix}N end +%%EndProcSet +TeXDict begin 40258431 52099146 1000 300 300 @start /Fa 1 49 +df<060F0F0E1E1E1C3C383830707060E0C04008117F910A>48 D E /Fb +6 119 df<780018001800300030003000370078C0604060606060C0C0C0C0C0C0418063003C00 +0B117E900E>98 D<040C0000000000705898983030606464683006127E910B>105 +D<1C70278C2604260606060C0C0C0C0C0C0C181E3019C01800180030003000FC000F10808A10> +112 D<73C09C209860980018003000300030003000600060000B0B7E8A0E>114 +D<381048308C309830183030603060306430E431E80E380E0B7E8A12>117 +D<386048608C2098201820304030403040308011000E000B0B7E8A10>I +E /Fc 12 119 df<07FE03F800E001C000E0010000E0020000E0080001C0100001C0200001C080 +0001C1000003830000038F00000393800003A380000781C0000701C0000700E0000700E0000E00 +70000E0070000E0038000E0038001C003C00FF80FF001D177F961E>75 D<071018F03070607060 +60C060C060C06080C080C480C4C1C446C838700E0E7E8D13>97 D<7C0018001800180018003000 +300030003000678068C070406060C060C060C060C06080C080C08180C10046003C000B177E960F +>I<07C00C20107020706000C000C000C00080008000C010C02060C03F000C0E7E8D0F>I<07C01C +20301060106020FFC0C000C000C000C000C010402060C01F000C0E7E8D10>101 +D<0300038003000000000000000000000000001C002400460046008C000C001800180018003100 +3100320032001C0009177F960C>105 D<3E0C0C0C0C181818183030303060606060C0C8C8C8D0 +7007177E960B>108 D<1C3C22462382230346030603060306030C060C060C0C0C081A3019E018 +001800300030003000FC001014808D12>112 D<38F04518463846308C000C000C000C00180018 +0018001800300030000D0E7F8D10>114 D<030003000600060006000600FFC00C000C000C0018 +00180018001800300030803080310031001E000A147F930D>116 D<1C02002606004606004606 +00860C000C0C000C0C000C0C001818001818801818801838800C5900078E00110E7F8D14>I<1C +04260E4606460686040C040C040C0418081808181018100C6007800F0E7F8D11>I +E /Fd 3 116 df<007FFC01FF0007800078000780006000078000C0000F000180000F00020000 +0F000400000F000800001E001000001E004000001E008000001E010000003C020000003C040000 +003C1E0000003C3E000000785F000000788F0000007A0F0000007C07800000F807800000F007C0 +0000F003C00000F003C00001E001E00001E001E00001E001E00001E000F00003C000F00003C000 +F80003C000780003C000780007C000FC00FFFC07FF8028227EA129>75 D<3C07E01F0046183061 +8047201880C087401D00E087801E00E087801C00E087001C00E00E003801C00E003801C00E0038 +01C00E003801C01C007003801C007003801C007007001C007007043800E007083800E00E083800 +E00E083800E006107001C006203000C003C026157E942B>109 D<007E00008100030080020180 +06038006030006000007000007F80003FE0001FF00003F00000780000380700380F00300F00300 +E002004004003018000FE00011157E9417>115 D E /Fe 47 124 df<387CFEFFFF7F3B030307 +06060C1C18702008117C8610>44 D<387CFEFEFE7C3807077C8610>46 D<00180000780001F800 +FFF800FFF80001F80001F80001F80001F80001F80001F80001F80001F80001F80001F80001F800 +01F80001F80001F80001F80001F80001F80001F80001F80001F80001F80001F80001F80001F800 +01F8007FFFE07FFFE013207C9F1C>49 D<03FC000FFF003C1FC07007E07C07F0FE03F0FE03F8FE +03F8FE01F87C01F83803F80003F80003F00003F00007E00007C0000F80001F00003E0000380000 +700000E01801C0180380180700180E00380FFFF01FFFF03FFFF07FFFF0FFFFF0FFFFF015207D9F +1C>I<00FE0007FFC00F07E01E03F03F03F03F81F83F81F83F81F81F03F81F03F00003F00003E0 +0007C0001F8001FE0001FF000007C00001F00001F80000FC0000FC3C00FE7E00FEFF00FEFF00FE +FF00FEFF00FC7E01FC7801F81E07F00FFFC001FE0017207E9F1C>I<0000E00001E00003E00003 +E00007E0000FE0001FE0001FE00037E00077E000E7E001C7E00187E00307E00707E00E07E00C07 +E01807E03807E07007E0E007E0FFFFFEFFFFFE0007E00007E00007E00007E00007E00007E00007 +E000FFFE00FFFE17207E9F1C>I<1000201E01E01FFFC01FFF801FFF001FFE001FF8001BC00018 +000018000018000018000019FC001FFF001E0FC01807E01803E00003F00003F00003F80003F838 +03F87C03F8FE03F8FE03F8FC03F0FC03F07007E03007C01C1F800FFF0003F80015207D9F1C>I< +001F8000FFE003F07007C0F00F01F81F01F83E01F83E01F87E00F07C00007C0000FC0800FC7FC0 +FCFFE0FD80F0FF00F8FE007CFE007CFC007EFC007EFC007EFC007E7C007E7C007E7C007E3C007C +3E007C1E00F80F00F00783E003FFC000FF0017207E9F1C>I<6000007800007FFFFE7FFFFE7FFF +FC7FFFF87FFFF87FFFF0E00060E000C0C00180C00300C00300000600000C00001C000018000038 +0000780000780000F00000F00000F00001F00001F00001F00003F00003F00003F00003F00003F0 +0003F00003F00001E00017227DA11C>I<000070000000007000000000F800000000F800000000 +F800000001FC00000001FC00000003FE00000003FE00000003FE00000006FF000000067F000000 +0E7F8000000C3F8000000C3F800000183FC00000181FC00000381FE00000300FE00000300FE000 +00600FF000006007F00000E007F80000FFFFF80000FFFFF800018001FC00018001FC00038001FE +00030000FE00030000FE000600007F000600007F00FFE00FFFF8FFE00FFFF825227EA12A>65 +D<FFFFFF8000FFFFFFE00007F001F80007F000FC0007F0007E0007F0007E0007F0007F0007F000 +7F0007F0007F0007F0007F0007F0007F0007F0007E0007F000FE0007F000FC0007F003F80007FF +FFF00007FFFFF00007F001FC0007F0007E0007F0003F0007F0003F8007F0001F8007F0001FC007 +F0001FC007F0001FC007F0001FC007F0001FC007F0001FC007F0003F8007F0003F8007F0007F00 +07F001FE00FFFFFFF800FFFFFFC00022227EA128>I<0003FE0080001FFF818000FF01E38001F8 +003F8003E0001F8007C0000F800F800007801F800007803F000003803F000003807F000001807E +000001807E00000180FE00000000FE00000000FE00000000FE00000000FE00000000FE00000000 +FE00000000FE000000007E000000007E000001807F000001803F000001803F000003801F800003 +000F8000030007C000060003F0000C0001F800380000FF00F000001FFFC0000003FE000021227D +A128>I<FFFFFF8000FFFFFFF00007F003FC0007F0007E0007F0003F0007F0001F8007F0000FC0 +07F00007E007F00007E007F00007F007F00003F007F00003F007F00003F007F00003F807F00003 +F807F00003F807F00003F807F00003F807F00003F807F00003F807F00003F807F00003F807F000 +03F007F00003F007F00003F007F00007E007F00007E007F0000FC007F0001F8007F0003F0007F0 +007E0007F003FC00FFFFFFF000FFFFFF800025227EA12B>I<FFFFFFF8FFFFFFF807F001F807F0 +007807F0003807F0001807F0001C07F0001C07F0000C07F0000C07F0180C07F0180C07F0180007 +F0180007F0380007F0780007FFF80007FFF80007F0780007F0380007F0180007F0180007F01800 +07F0180007F0000007F0000007F0000007F0000007F0000007F0000007F0000007F00000FFFFE0 +00FFFFE0001E227EA123>70 D<0003FE0040001FFFC0C0007F00F1C001F8003FC003F0000FC007 +C00007C00FC00003C01F800003C03F000001C03F000001C07F000000C07E000000C07E000000C0 +FE00000000FE00000000FE00000000FE00000000FE00000000FE00000000FE00000000FE000FFF +FC7E000FFFFC7F00001FC07F00001FC03F00001FC03F00001FC01F80001FC00FC0001FC007E000 +1FC003F0001FC001FC003FC0007F80E7C0001FFFC3C00003FF00C026227DA12C>I<FFFF83FFFE +FFFF83FFFE07F0001FC007F0001FC007F0001FC007F0001FC007F0001FC007F0001FC007F0001F +C007F0001FC007F0001FC007F0001FC007F0001FC007F0001FC007F0001FC007FFFFFFC007FFFF +FFC007F0001FC007F0001FC007F0001FC007F0001FC007F0001FC007F0001FC007F0001FC007F0 +001FC007F0001FC007F0001FC007F0001FC007F0001FC007F0001FC007F0001FC007F0001FC0FF +FF83FFFEFFFF83FFFE27227EA12C>I<FFFFE0FFFFE003F80003F80003F80003F80003F80003F8 +0003F80003F80003F80003F80003F80003F80003F80003F80003F80003F80003F80003F80003F8 +0003F80003F80003F80003F80003F80003F80003F80003F80003F80003F80003F800FFFFE0FFFF +E013227FA115>I<FFFF803FFCFFFF803FFC07F000038007F000070007F0000E0007F000180007 +F000300007F000E00007F001C00007F003800007F007000007F00E000007F018000007F0380000 +07F0FC000007F1FE000007F3FE000007F77F000007FE7F800007F83F800007F01FC00007F01FE0 +0007F00FE00007F007F00007F007F80007F003F80007F001FC0007F001FE0007F000FF0007F000 +7F0007F0007F8007F0003FC0FFFF83FFFCFFFF83FFFC26227EA12C>75 D<FFF8001FFEFFFC001F +FE07FC0000C007FE0000C006FF0000C0067F8000C0063FC000C0061FE000C0060FE000C0060FF0 +00C00607F800C00603FC00C00601FE00C00600FE00C00600FF00C006007F80C006003FC0C00600 +1FE0C006000FF0C0060007F0C0060007F8C0060003FCC0060001FEC0060000FFC00600007FC006 +00007FC00600003FC00600001FC00600000FC006000007C006000003C006000003C0FFF00001C0 +FFF00000C027227EA12C>78 D<0007FC0000003FFF800000FC07E00003F001F80007E000FC000F +C0007E001F80003F001F80003F003F00001F803F00001F807F00001FC07E00000FC07E00000FC0 +FE00000FE0FE00000FE0FE00000FE0FE00000FE0FE00000FE0FE00000FE0FE00000FE0FE00000F +E0FE00000FE07E00000FC07F00001FC07F00001FC03F00001F803F80003F801F80003F000FC000 +7E0007E000FC0003F001F80000FC07E000003FFF80000007FC000023227DA12A>I<FFFFFF00FF +FFFFE007F007F007F001FC07F000FC07F0007E07F0007E07F0007F07F0007F07F0007F07F0007F +07F0007F07F0007E07F0007E07F000FC07F001FC07F007F007FFFFE007FFFF0007F0000007F000 +0007F0000007F0000007F0000007F0000007F0000007F0000007F0000007F0000007F0000007F0 +000007F00000FFFF8000FFFF800020227EA126>I<01FC0407FF8C1F03FC3C007C7C003C78001C +78001CF8000CF8000CFC000CFC0000FF0000FFE0007FFF007FFFC03FFFF01FFFF80FFFFC03FFFE +003FFE0003FF00007F00003F00003FC0001FC0001FC0001FE0001EE0001EF0003CFC003CFF00F8 +C7FFE080FF8018227DA11F>83 D<7FFFFFFF807FFFFFFF807E03F80F807803F807807003F80380 +6003F80180E003F801C0E003F801C0C003F800C0C003F800C0C003F800C0C003F800C00003F800 +000003F800000003F800000003F800000003F800000003F800000003F800000003F800000003F8 +00000003F800000003F800000003F800000003F800000003F800000003F800000003F800000003 +F800000003F800000003F800000003F8000003FFFFF80003FFFFF80022227EA127>I<FFFF803F +FCFFFF803FFC07F000018007F000018007F000018007F000018007F000018007F000018007F000 +018007F000018007F000018007F000018007F000018007F000018007F000018007F000018007F0 +00018007F000018007F000018007F000018007F000018007F000018007F000018007F000018007 +F000018007F000018003F000030003F800030001F800060000FC000E00007E001C00003F80F800 +000FFFE0000001FF000026227EA12B>I<07FC001FFF803F07C03F03E03F01E03F01F01E01F000 +01F00001F0003FF003FDF01FC1F03F01F07E01F0FC01F0FC01F0FC01F0FC01F07E02F07E0CF81F +F87F07E03F18167E951B>97 D<00FF8007FFE00F83F01F03F03E03F07E03F07C01E07C0000FC00 +00FC0000FC0000FC0000FC0000FC00007C00007E00007E00003E00301F00600FC0E007FF8000FE +0014167E9519>99 D<0001FE000001FE0000003E0000003E0000003E0000003E0000003E000000 +3E0000003E0000003E0000003E0000003E0000003E0001FC3E0007FFBE000F81FE001F007E003E +003E007E003E007C003E00FC003E00FC003E00FC003E00FC003E00FC003E00FC003E00FC003E00 +FC003E007C003E007C003E003E007E001E00FE000F83BE0007FF3FC001FC3FC01A237EA21F>I< +00FE0007FF800F87C01E01E03E01F07C00F07C00F8FC00F8FC00F8FFFFF8FFFFF8FC0000FC0000 +FC00007C00007C00007E00003E00181F00300FC07003FFC000FF0015167E951A>I<003F8000FF +C001E3E003C7E007C7E00F87E00F83C00F80000F80000F80000F80000F80000F8000FFFC00FFFC +000F80000F80000F80000F80000F80000F80000F80000F80000F80000F80000F80000F80000F80 +000F80000F80000F80000F80000F80007FF8007FF80013237FA211>I<03FC1E0FFF7F1F0F8F3E +07CF3C03C07C03E07C03E07C03E07C03E07C03E03C03C03E07C01F0F801FFF0013FC0030000030 +00003800003FFF801FFFF00FFFF81FFFFC3800FC70003EF0001EF0001EF0001EF0001E78003C7C +007C3F01F80FFFE001FF0018217E951C>I<FF000000FF0000001F0000001F0000001F0000001F +0000001F0000001F0000001F0000001F0000001F0000001F0000001F0000001F07E0001F1FF800 +1F307C001F403C001F803E001F803E001F003E001F003E001F003E001F003E001F003E001F003E +001F003E001F003E001F003E001F003E001F003E001F003E001F003E001F003E00FFE1FFC0FFE1 +FFC01A237EA21F>I<1C003F007F007F007F003F001C000000000000000000000000000000FF00 +FF001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F00FF +E0FFE00B247EA310>I<FF000000FF0000001F0000001F0000001F0000001F0000001F0000001F +0000001F0000001F0000001F0000001F0000001F0000001F00FF801F00FF801F0038001F006000 +1F01C0001F0380001F0700001F0E00001F1C00001F7E00001FFF00001FCF00001F0F80001F07C0 +001F03E0001F01E0001F01F0001F00F8001F007C001F003C00FFE0FFC0FFE0FFC01A237EA21E> +107 D<FF00FF001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F00 +1F001F001F001F001F001F001F001F001F001F001F001F001F001F001F00FFE0FFE00B237EA210 +>I<FF07F007F000FF1FFC1FFC001F303E303E001F403E403E001F801F801F001F801F801F001F +001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F00 +1F001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F +001F001F00FFE0FFE0FFE0FFE0FFE0FFE02B167E9530>I<FF07E000FF1FF8001F307C001F403C +001F803E001F803E001F003E001F003E001F003E001F003E001F003E001F003E001F003E001F00 +3E001F003E001F003E001F003E001F003E001F003E001F003E00FFE1FFC0FFE1FFC01A167E951F +>I<00FE0007FFC00F83E01E00F03E00F87C007C7C007C7C007CFC007EFC007EFC007EFC007EFC +007EFC007EFC007E7C007C7C007C3E00F81F01F00F83E007FFC000FE0017167E951C>I<FF0FE0 +00FF3FF8001FF07C001F803E001F001F001F001F801F001F801F000FC01F000FC01F000FC01F00 +0FC01F000FC01F000FC01F000FC01F000FC01F001F801F001F801F803F001FC03E001FE0FC001F +3FF8001F0FC0001F0000001F0000001F0000001F0000001F0000001F0000001F0000001F000000 +FFE00000FFE000001A207E951F>I<FE1F00FE3FC01E67E01EC7E01E87E01E87E01F83C01F0000 +1F00001F00001F00001F00001F00001F00001F00001F00001F00001F00001F00001F0000FFF000 +FFF00013167E9517>114 D<0FF3003FFF00781F00600700E00300E00300F00300FC00007FE000 +7FF8003FFE000FFF0001FF00000F80C00780C00380E00380E00380F00700FC0E00EFFC00C7F000 +11167E9516>I<0180000180000180000180000380000380000780000780000F80003F8000FFFF +00FFFF000F80000F80000F80000F80000F80000F80000F80000F80000F80000F80000F80000F81 +800F81800F81800F81800F81800F830007C30003FE0000F80011207F9F16>I<FF01FE00FF01FE +001F003E001F003E001F003E001F003E001F003E001F003E001F003E001F003E001F003E001F00 +3E001F003E001F003E001F003E001F003E001F003E001F007E001F00FE000F81BE0007FF3FC001 +FC3FC01A167E951F>I<FFE01FE0FFE01FE00F8006000F8006000FC00E0007C00C0007E01C0003 +E0180003E0180001F0300001F0300000F8600000F86000007CC000007CC000007FC000003F8000 +003F8000001F0000001F0000000E0000000E00001B167F951E>I<FFE7FF07F8FFE7FF07F81F00 +7800C00F807801800F807C01800F807C018007C07E030007C0DE030007E0DE070003E0DF060003 +E18F060001F18F0C0001F38F8C0001FB079C0000FB07D80000FE03D800007E03F000007E03F000 +007C01F000003C01E000003800E000001800C00025167F9528>I<FFE07FC0FFE07FC00F801C00 +07C0380003E0700003F0600001F8C00000F98000007F8000003F0000001F0000001F8000003FC0 +000037C0000063E00000C1F00001C0F8000380FC0007007E000E003E00FF80FFE0FF80FFE01B16 +7F951E>I<FFE01FE0FFE01FE00F8006000F8006000FC00E0007C00C0007E01C0003E0180003E0 +180001F0300001F0300000F8600000F86000007CC000007CC000007FC000003F8000003F800000 +1F0000001F0000000E0000000E0000000C0000000C00000018000078180000FC380000FC300000 +FC60000069C000007F8000001F0000001B207F951E>I<FFFFFFE0FFFFFFE01B02808E1C>123 +D E /Ff 30 121 df<7FFFC0FFFFE0FFFFE07FFFC013047D901A>45 D<3078FCFC783006067685 +1A>I<00C001C001C003C007C00FC07FC0FDC071C001C001C001C001C001C001C001C001C001C0 +01C001C001C001C001C001C001C001C001C07FFF7FFF7FFF101E7B9D1A>49 +D<03F0000FFC001FFF003C0F807803C07001C0E000E0F000E0F000E06000E00000E00000E00001 +C00001C0000380000780000F00000E00003C00007C0000F00001E00003C0000780000F00001E00 +E03C00E07FFFE0FFFFE07FFFE0131E7D9D1A>I<01FC0007FF001FFF801E03C03C01C03C00E03C +00E00000E00000E00001C00003C000078001FF0001FF0001FFC00003E00000F000007000007800 +0038000038600038F00038F00078E000707000F07E03E03FFFC00FFF0001FC00151E7E9D1A>I< +000F80001F80003B80003B8000738000F38000E38001C38003C3800383800783800F03800E0380 +1E03803C0380380380780380F00380FFFFFEFFFFFEFFFFFE000380000380000380000380000380 +000380003FF8007FFC003FF8171E7F9D1A>I<003E0001FF8003FFC007C1E00F00E01E0F703C3F +F0387FF07070F870E07870E078E1C038E1C038E1C038E1C038E1C038E1C038E1C038E1C03870E0 +7070E0707070E0387FE03C3FC01E0F000F003807C0F803FFF001FFE0003F00151E7E9D1A>64 +D<003800007C00007C00006C0000EE0000EE0000EE0000C60000C60001C70001C70001C70001C7 +000383800383800383800383800701C00701C007FFC007FFC00FFFE00E00E00E00E00E00E00E00 +E01C00707F01FCFF83FE7F01FC171E7F9D1A>I<1FF0003FFC007FFE00780F0030070000038000 +0380007F8007FF801FFF803F8380780380700380E00380E00380E00380700780780F803FFFFC1F +FDFC07F0FC16157D941A>97 D<FE0000FE0000FE00000E00000E00000E00000E00000E00000E00 +000E3E000EFF800FFFE00FC1F00F80700F00380E00380E001C0E001C0E001C0E001C0E001C0E00 +1C0E001C0F00380F00780F80F00FC1E00FFFC00EFF80063E00161E7F9D1A>I<00FF8003FFC00F +FFE01F01E03C00C0780000700000700000E00000E00000E00000E00000E0000070000070000078 +00703C00701F01F00FFFE003FFC000FE0014157D941A>I<001FC0001FC0001FC00001C00001C0 +0001C00001C00001C00001C001F1C007FDC00FFFC01E0FC03C07C07803C07001C0E001C0E001C0 +E001C0E001C0E001C0E001C0E001C07003C07003C03807C03E0FC01FFFFC07FDFC01F1FC161E7E +9D1A>I<01F80007FF000FFF801E07C03C01C07800E07000E0E00070E00070FFFFF0FFFFF0FFFF +F0E000007000007000007800703C00701F01F00FFFE003FFC000FE0014157D941A>I<0007E000 +1FF0003FF800787800F03000E00000E00000E00000E0007FFFF0FFFFF0FFFFF000E00000E00000 +E00000E00000E00000E00000E00000E00000E00000E00000E00000E00000E00000E00000E0003F +FF807FFFC03FFF80151E7F9D1A>I<01F87C07FFFE0FFFFE1E078C1C03803801C03801C03801C0 +3801C03801C01C03801E07801FFF001FFE0039F8003800003800001C00001FFF801FFFE03FFFF8 +78007C70001CE0000EE0000EE0000EE0000E70001C78003C3E00F81FFFF007FFC001FF0017217F +941A>I<FE0000FE0000FE00000E00000E00000E00000E00000E00000E00000E3E000EFF800FFF +C00FC1C00F80E00F00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00 +E00E00E00E00E0FFE3FEFFE7FEFFE3FE171E7F9D1A>I<00C00001E00001E00000C00000000000 +00000000000000000000000000007FE0007FE0007FE00000E00000E00000E00000E00000E00000 +E00000E00000E00000E00000E00000E00000E00000E00000E00000E0007FFF80FFFFC07FFF8012 +1F7C9E1A>I<FE0000FE0000FE00000E00000E00000E00000E00000E00000E00000E0FFC0E1FFE +0E0FFC0E03C00E07800E0F000E1E000E3C000E78000EFC000FFC000FDE000F8F000E07800E0380 +0E01C00E01E00E00F0FFE3FEFFE3FFFFE3FE181E7F9D1A>107 D<FFE000FFE000FFE00000E000 +00E00000E00000E00000E00000E00000E00000E00000E00000E00000E00000E00000E00000E000 +00E00000E00000E00000E00000E00000E00000E00000E00000E00000E000FFFFE0FFFFE0FFFFE0 +131E7D9D1A>I<7CE0E000FFFBF8007FFFF8001F1F1C001E1E1C001E1E1C001C1C1C001C1C1C00 +1C1C1C001C1C1C001C1C1C001C1C1C001C1C1C001C1C1C001C1C1C001C1C1C001C1C1C001C1C1C +007F1F1F00FF9F9F807F1F1F00191580941A>I<FE3E00FEFF80FFFFC00FC1C00F80E00F00E00E +00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E0FFE3FEFF +E7FEFFE3FE17157F941A>I<01F00007FC001FFF003E0F803C07807803C07001C0E000E0E000E0 +E000E0E000E0E000E0E000E0F001E07001C07803C03C07803E0F801FFF0007FC0001F00013157D +941A>I<FE3E00FEFF80FFFFE00FC1F00F80700F00380E00380E001C0E001C0E001C0E001C0E00 +1C0E001C0E001C0F00380F00780F80F00FC1E00FFFC00EFF800E3E000E00000E00000E00000E00 +000E00000E00000E00000E0000FFE000FFE000FFE00016207F941A>I<7F83F0FF8FF87FBFFC03 +FC3C03F01803E00003C00003C00003800003800003800003800003800003800003800003800003 +80000380007FFF00FFFF007FFF0016157E941A>114 D<07FB801FFF807FFF80780780E00380E0 +0380E003807800007FC0003FFC0007FE00003F800007806001C0E001C0E001C0F003C0FC0780FF +FF00EFFE00E3F80012157C941A>I<00C00001C00001C00001C00001C00001C00001C0007FFFE0 +FFFFE0FFFFE001C00001C00001C00001C00001C00001C00001C00001C00001C00001C00001C070 +01C07001C07001C07000E0E000FFE0007FC0001F00141C7F9B1A>I<FE0FE0FE0FE0FE0FE00E00 +E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E01 +E00F03E007FFFE03FFFE00FCFE17157F941A>I<7F83FCFFC7FE7F83FC0E00E00E00E00E00E007 +01C00701C00701C003838003838003838001C70001C70001C70000EE0000EE0000EE00007C0000 +7C0000380017157F941A>I<FF83FEFFC7FEFF83FE3800383800381C00701C00701C00701C3870 +1C7C701C7C700E6CE00E6CE00EEEE00EEEE00EEEE00EC6E006C6C007C7C007C7C003838017157F +941A>I<7FC7F87FCFFC7FC7F80703C003838003C70001EF0000FE00007C00007800003800007C +0000EE0001EE0001C7000383800783C00F01C07FC7FCFFC7FE7FC7FC17157F941A>I +E /Fg 46 122 df<1C003E007F00FF80FF80FF807F003E001C0009097B8813>46 +D<000E00001E00007E0007FE00FFFE00FFFE00F8FE0000FE0000FE0000FE0000FE0000FE0000FE +0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE +0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE007FFFFE7FFFFE7FFF +FE17277BA622>49 D<00FF800003FFF0000FFFFC001F03FE003800FF007C007F80FE003FC0FF00 +3FC0FF003FE0FF001FE0FF001FE07E001FE03C003FE000003FE000003FC000003FC000007F8000 +007F000000FE000000FC000001F8000003F0000003E00000078000000F0000001E0000003C00E0 +007000E000E000E001C001C0038001C0070001C00FFFFFC01FFFFFC03FFFFFC07FFFFFC0FFFFFF +80FFFFFF80FFFFFF801B277DA622>I<007F800003FFF00007FFFC000F81FE001F00FF003F80FF +003F807F803F807F803F807F801F807F800F007F800000FF000000FF000000FE000001FC000001 +F8000007F00000FFC00000FFF0000001FC0000007E0000007F0000007F8000003FC000003FC000 +003FE000003FE03C003FE07E003FE0FF003FE0FF003FE0FF003FC0FF007FC07E007F807C007F00 +3F01FE001FFFFC0007FFF00000FF80001B277DA622>I<00000E0000001E0000003E0000007E00 +0000FE000000FE000001FE000003FE0000077E00000E7E00000E7E00001C7E0000387E0000707E +0000E07E0000E07E0001C07E0003807E0007007E000E007E000E007E001C007E0038007E007000 +7E00E0007E00FFFFFFF8FFFFFFF8FFFFFFF80000FE000000FE000000FE000000FE000000FE0000 +00FE000000FE000000FE00007FFFF8007FFFF8007FFFF81D277EA622>I<0C0003000F803F000F +FFFE000FFFFC000FFFF8000FFFF0000FFFE0000FFFC0000FFE00000E0000000E0000000E000000 +0E0000000E0000000E0000000E7FC0000FFFF8000F80FC000E003E000C003F0000001F8000001F +C000001FC000001FE000001FE018001FE07C001FE0FE001FE0FE001FE0FE001FE0FE001FC0FC00 +1FC078003F8078003F803C007F001F01FE000FFFF80003FFF00000FF80001B277DA622>I<0007 +F000003FFC0000FFFE0001FC0F0003F01F8007E03F800FC03F801FC03F801F803F803F801F003F +8000007F0000007F0000007F000000FF000000FF0FC000FF3FF800FF707C00FFC03E00FFC03F00 +FF801F80FF801FC0FF001FC0FF001FE0FF001FE0FF001FE07F001FE07F001FE07F001FE07F001F +E03F001FE03F001FC01F801FC01F803F800FC03F0007E07E0003FFFC0000FFF000003FC0001B27 +7DA622>I<380000003E0000003FFFFFF03FFFFFF03FFFFFF07FFFFFE07FFFFFC07FFFFF807FFF +FF0070000E0070000E0070001C00E0003800E0007000E000E0000000E0000001C0000003800000 +07800000078000000F0000000F0000001F0000001F0000003F0000003E0000003E0000007E0000 +007E0000007E0000007E000000FE000000FE000000FE000000FE000000FE000000FE000000FE00 +0000FE0000007C0000003800001C297CA822>I<000003800000000007C00000000007C0000000 +000FE0000000000FE0000000000FE0000000001FF0000000001FF0000000003FF8000000003FF8 +000000003FF80000000073FC0000000073FC00000000F3FE00000000E1FE00000000E1FE000000 +01C0FF00000001C0FF00000003C0FF80000003807F80000007807FC0000007003FC0000007003F +C000000E003FE000000E001FE000001E001FF000001C000FF000001FFFFFF000003FFFFFF80000 +3FFFFFF80000780007FC0000700003FC0000700003FC0000E00001FE0000E00001FE0001E00001 +FF0001C00000FF0001C00000FF00FFFE001FFFFEFFFE001FFFFEFFFE001FFFFE2F297EA834>65 +D<FFFFFFF80000FFFFFFFF8000FFFFFFFFC00003F8001FF00003F8000FF80003F80007FC0003F8 +0003FC0003F80003FC0003F80003FE0003F80001FE0003F80001FE0003F80001FE0003F80003FE +0003F80003FC0003F80003FC0003F80007F80003F8000FF00003F8001FE00003F800FFC00003FF +FFFE000003FFFFFFE00003F80007F00003F80003FC0003F80001FE0003F80001FE0003F80000FF +0003F80000FF0003F80000FF8003F80000FF8003F80000FF8003F80000FF8003F80000FF8003F8 +0000FF8003F80000FF0003F80001FF0003F80003FE0003F80007FC0003F8001FF800FFFFFFFFF0 +00FFFFFFFFC000FFFFFFFE000029297DA831>I<00003FF001800003FFFE0380000FFFFF878000 +3FF007DF8000FF8001FF8001FE00007F8003FC00003F8007F000001F800FF000000F801FE00000 +07801FE0000007803FC0000007803FC0000003807FC0000003807F80000003807F8000000000FF +8000000000FF8000000000FF8000000000FF8000000000FF8000000000FF8000000000FF800000 +0000FF8000000000FF80000000007F80000000007F80000000007FC0000003803FC0000003803F +C0000003801FE0000003801FE0000007000FF00000070007F000000E0003FC00001E0001FE0000 +3C0000FF8000F800003FF007E000000FFFFFC0000003FFFF000000003FF8000029297CA832>I< +FFFFFFF80000FFFFFFFF8000FFFFFFFFE00003FC001FF80003FC0007FC0003FC0001FE0003FC00 +00FF0003FC00007F8003FC00003FC003FC00001FC003FC00001FE003FC00001FE003FC00000FF0 +03FC00000FF003FC00000FF003FC00000FF003FC00000FF803FC00000FF803FC00000FF803FC00 +000FF803FC00000FF803FC00000FF803FC00000FF803FC00000FF803FC00000FF803FC00000FF8 +03FC00000FF003FC00000FF003FC00000FF003FC00001FE003FC00001FE003FC00001FC003FC00 +003FC003FC00007F8003FC00007F0003FC0001FE0003FC0003FC0003FC001FF800FFFFFFFFE000 +FFFFFFFF8000FFFFFFFC00002D297DA835>I<FFFFFFFFE0FFFFFFFFE0FFFFFFFFE003FC001FE0 +03FC0007F003FC0001F003FC0001F003FC0000F003FC00007003FC00007003FC00007003FC01C0 +7803FC01C03803FC01C03803FC01C03803FC03C00003FC03C00003FC0FC00003FFFFC00003FFFF +C00003FFFFC00003FC0FC00003FC03C00003FC03C00003FC01C00E03FC01C00E03FC01C00E03FC +01C01C03FC00001C03FC00001C03FC00001C03FC00003C03FC00003803FC00007803FC0000F803 +FC0001F803FC0003F803FC001FF8FFFFFFFFF0FFFFFFFFF0FFFFFFFFF027297DA82D>I<FFFFF0 +1FFFFEFFFFF01FFFFEFFFFF01FFFFE03FC00007F8003FC00007F8003FC00007F8003FC00007F80 +03FC00007F8003FC00007F8003FC00007F8003FC00007F8003FC00007F8003FC00007F8003FC00 +007F8003FC00007F8003FC00007F8003FC00007F8003FC00007F8003FFFFFFFF8003FFFFFFFF80 +03FFFFFFFF8003FC00007F8003FC00007F8003FC00007F8003FC00007F8003FC00007F8003FC00 +007F8003FC00007F8003FC00007F8003FC00007F8003FC00007F8003FC00007F8003FC00007F80 +03FC00007F8003FC00007F8003FC00007F8003FC00007F8003FC00007F80FFFFF01FFFFEFFFFF0 +1FFFFEFFFFF01FFFFE2F297DA836>72 D<FFFFFCFFFFFCFFFFFC01FE0001FE0001FE0001FE0001 +FE0001FE0001FE0001FE0001FE0001FE0001FE0001FE0001FE0001FE0001FE0001FE0001FE0001 +FE0001FE0001FE0001FE0001FE0001FE0001FE0001FE0001FE0001FE0001FE0001FE0001FE0001 +FE0001FE0001FE0001FE0001FE00FFFFFCFFFFFCFFFFFC16297EA81A>I<FFFE0000001FFFC0FF +FE0000001FFFC0FFFF0000003FFFC003FF0000003FF00003FF0000003FF00003BF80000077F000 +03BF80000077F000039FC00000E7F000039FC00000E7F000038FE00001C7F000038FE00001C7F0 +000387F0000387F0000387F0000387F0000387F0000387F0000383F8000707F0000383F8000707 +F0000381FC000E07F0000381FC000E07F0000380FE001C07F0000380FE001C07F0000380FF0038 +07F00003807F003807F00003807F003807F00003803F807007F00003803F807007F00003801FC0 +E007F00003801FC0E007F00003800FE1C007F00003800FE1C007F00003800FE1C007F000038007 +F38007F000038007F38007F000038003FF0007F000038003FF0007F000038001FE0007F0000380 +01FE0007F000038000FC0007F000038000FC0007F000FFFE00FC01FFFFC0FFFE007801FFFFC0FF +FE007801FFFFC03A297DA841>77 D<FFFC0000FFFEFFFE0000FFFEFFFF0000FFFE03FF80000380 +03FF8000038003BFC0000380039FE0000380039FF0000380038FF80003800387F80003800383FC +0003800381FE0003800381FF0003800380FF80038003807FC0038003803FC0038003801FE00380 +03800FF0038003800FF80380038007FC0380038003FC0380038001FE0380038000FF0380038000 +FF83800380007FC3800380003FE3800380001FE3800380000FF38003800007FB8003800007FF80 +03800003FF8003800001FF8003800000FF80038000007F80038000007F80038000003F80038000 +001F80038000000F80FFFE00000780FFFE00000380FFFE000003802F297DA836>I<FFFFFFF800 +FFFFFFFF00FFFFFFFFC003FC003FE003FC000FF003FC0007F803FC0007FC03FC0003FC03FC0003 +FE03FC0003FE03FC0003FE03FC0003FE03FC0003FE03FC0003FE03FC0003FE03FC0003FC03FC00 +07FC03FC0007F803FC000FF003FC003FE003FFFFFF8003FFFFFE0003FC00000003FC00000003FC +00000003FC00000003FC00000003FC00000003FC00000003FC00000003FC00000003FC00000003 +FC00000003FC00000003FC00000003FC00000003FC00000003FC000000FFFFF00000FFFFF00000 +FFFFF0000027297DA82F>80 D<FFFFFFE00000FFFFFFFE0000FFFFFFFF800003FC007FE00003FC +000FF00003FC0007F80003FC0007FC0003FC0003FC0003FC0003FE0003FC0003FE0003FC0003FE +0003FC0003FE0003FC0003FE0003FC0003FE0003FC0003FC0003FC0007F80003FC0007F80003FC +001FE00003FC007FC00003FFFFFE000003FFFFF0000003FC00FC000003FC007F000003FC003F80 +0003FC003F800003FC001FC00003FC001FE00003FC001FE00003FC001FE00003FC001FE00003FC +001FE00003FC001FF00003FC001FF00003FC001FF00003FC001FF00703FC001FF80703FC000FF8 +0703FC0007F80EFFFFF003FE1CFFFFF001FFF8FFFFF0003FF030297DA834>82 +D<007F806003FFF0E007FFF9E00F807FE01F001FE03E0007E07C0003E07C0001E0FC0001E0FC00 +01E0FC0000E0FE0000E0FE0000E0FF000000FFC000007FFE00007FFFE0003FFFFC001FFFFE000F +FFFF8007FFFFC003FFFFE000FFFFE00007FFF000007FF000000FF8000007F8000003F8600001F8 +E00001F8E00001F8E00001F8F00001F0F00001F0F80003F0FC0003E0FF0007C0FFE01F80F3FFFF +00E0FFFE00C01FF0001D297CA826>I<7FFFFFFFFFC07FFFFFFFFFC07FFFFFFFFFC07F803FC03F +C07E003FC007C078003FC003C078003FC003C070003FC001C0F0003FC001E0F0003FC001E0E000 +3FC000E0E0003FC000E0E0003FC000E0E0003FC000E0E0003FC000E000003FC0000000003FC000 +0000003FC0000000003FC0000000003FC0000000003FC0000000003FC0000000003FC000000000 +3FC0000000003FC0000000003FC0000000003FC0000000003FC0000000003FC0000000003FC000 +0000003FC0000000003FC0000000003FC0000000003FC0000000003FC0000000003FC000000000 +3FC00000007FFFFFE000007FFFFFE000007FFFFFE0002B287EA730>I<FFFFF001FFFCFFFFF001 +FFFCFFFFF001FFFC03FC0000070003FC0000070003FC0000070003FC0000070003FC0000070003 +FC0000070003FC0000070003FC0000070003FC0000070003FC0000070003FC0000070003FC0000 +070003FC0000070003FC0000070003FC0000070003FC0000070003FC0000070003FC0000070003 +FC0000070003FC0000070003FC0000070003FC0000070003FC0000070003FC0000070003FC0000 +070003FC0000070003FC0000070003FC0000070001FC00000E0001FE00000E0000FE00001C0000 +7E00001C00007F00003800003FC000F000000FF007E0000007FFFFC0000001FFFF000000001FF8 +00002E297DA835>I<FFFFE07FFFF007FFF0FFFFE07FFFF007FFF0FFFFE07FFFF007FFF003FC00 +01FE00001C0003FC0001FE00001C0001FE0001FF0000380001FE0000FF0000380001FF0000FF00 +00780000FF0000FF8000700000FF0000FF8000700000FF8000FF8000F000007F8001FFC000E000 +007F8001FFC000E000003FC003FFE001C000003FC0039FE001C000003FE0039FE003C000001FE0 +070FF0038000001FE0070FF0038000001FF00F0FF0078000000FF00E07F8070000000FF00E07F8 +0700000007F81E07FC0E00000007F81C03FC0E00000007FC1C03FC1E00000003FC3801FE1C0000 +0003FC3801FE1C00000001FE7801FF3800000001FE7000FF3800000001FE7000FF3800000000FF +F000FFF000000000FFE0007FF000000000FFE0007FF0000000007FC0003FE0000000007FC0003F +E0000000003FC0003FC0000000003F80001FC0000000003F80001FC0000000001F80001F800000 +00001F00000F80000000001F00000F80000000000E00000700000044297FA847>87 +D<01FF800007FFF0000F81F8001FC07E001FC07E001FC03F000F803F8007003F8000003F800000 +3F8000003F80000FFF8000FFFF8007FC3F800FE03F803F803F803F003F807F003F80FE003F80FE +003F80FE003F80FE003F807E007F807F00DF803F839FFC0FFF0FFC01FC03FC1E1B7E9A21>97 +D<FFE0000000FFE0000000FFE00000000FE00000000FE00000000FE00000000FE00000000FE000 +00000FE00000000FE00000000FE00000000FE00000000FE00000000FE00000000FE00000000FE1 +FE00000FE7FF80000FFE07E0000FF801F0000FF000F8000FE000FC000FE000FE000FE0007F000F +E0007F000FE0007F000FE0007F800FE0007F800FE0007F800FE0007F800FE0007F800FE0007F80 +0FE0007F800FE0007F000FE0007F000FE0007F000FE000FE000FE000FC000FF001F8000FF803F0 +000F9E07E0000F07FF80000E01FC0000212A7EA926>I<001FF80000FFFE0003F01F0007E03F80 +0FC03F801F803F803F801F007F800E007F0000007F000000FF000000FF000000FF000000FF0000 +00FF000000FF000000FF0000007F0000007F0000007F8000003F8001C01F8001C00FC0038007E0 +070003F01E0000FFFC00001FE0001A1B7E9A1F>I<00003FF80000003FF80000003FF800000003 +F800000003F800000003F800000003F800000003F800000003F800000003F800000003F8000000 +03F800000003F800000003F800000003F800001FE3F80000FFFBF80003F03FF80007E00FF8000F +C007F8001F8003F8003F8003F8007F0003F8007F0003F8007F0003F800FF0003F800FF0003F800 +FF0003F800FF0003F800FF0003F800FF0003F800FF0003F8007F0003F8007F0003F8007F0003F8 +003F8003F8001F8003F8000F8007F80007C00FF80003F03BFF8000FFF3FF80003FC3FF80212A7E +A926>I<003FE00001FFF80003F07E0007C01F000F801F801F800F803F800FC07F000FC07F0007 +C07F0007E0FF0007E0FF0007E0FFFFFFE0FFFFFFE0FF000000FF000000FF0000007F0000007F00 +00007F0000003F8000E01F8000E00FC001C007E0038003F81F0000FFFE00001FF0001B1B7E9A20 +>I<0007F0003FFC00FE3E01F87F03F87F03F07F07F07F07F03E07F00007F00007F00007F00007 +F00007F00007F000FFFFC0FFFFC0FFFFC007F00007F00007F00007F00007F00007F00007F00007 +F00007F00007F00007F00007F00007F00007F00007F00007F00007F00007F00007F00007F00007 +F0007FFF807FFF807FFF80182A7EA915>I<00FF81F003FFE7F80FC1FE7C1F80FC7C1F007C383F +007E107F007F007F007F007F007F007F007F007F007F007F007F003F007E001F007C001F80FC00 +0FC1F8001FFFE00018FF800038000000380000003C0000003E0000003FFFF8001FFFFF001FFFFF +800FFFFFC007FFFFE01FFFFFF03E0007F07C0001F8F80000F8F80000F8F80000F8F80000F87C00 +01F03C0001E01F0007C00FC01F8003FFFE00007FF0001E287E9A22>I<FFE0000000FFE0000000 +FFE00000000FE00000000FE00000000FE00000000FE00000000FE00000000FE00000000FE00000 +000FE00000000FE00000000FE00000000FE00000000FE00000000FE07F00000FE1FFC0000FE787 +E0000FEE03F0000FF803F0000FF803F8000FF003F8000FF003F8000FE003F8000FE003F8000FE0 +03F8000FE003F8000FE003F8000FE003F8000FE003F8000FE003F8000FE003F8000FE003F8000F +E003F8000FE003F8000FE003F8000FE003F8000FE003F8000FE003F800FFFE3FFF80FFFE3FFF80 +FFFE3FFF80212A7DA926>I<07000FC01FE03FE03FE03FE01FE00FC00700000000000000000000 +0000000000FFE0FFE0FFE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE0 +0FE00FE00FE00FE00FE00FE00FE0FFFEFFFEFFFE0F2B7DAA14>I<000700000F80001FC0003FE0 +003FE0003FE0001FC0000F8000070000000000000000000000000000000000000000000001FFE0 +01FFE001FFE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0 +000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0 +000FE0000FE0000FE0000FE07C0FE0FE0FE0FE0FC0FE1F80FE1F007C3E003FFC000FF000133784 +AA15>I<FFE00000FFE00000FFE000000FE000000FE000000FE000000FE000000FE000000FE000 +000FE000000FE000000FE000000FE000000FE000000FE000000FE01FFC0FE01FFC0FE01FFC0FE0 +07800FE00F000FE01E000FE03C000FE078000FE0E0000FE3C0000FE7C0000FEFE0000FFFE0000F +FFF0000FF3F8000FE3F8000FC1FC000FC0FE000FC07F000FC07F000FC03F800FC01FC00FC00FC0 +0FC00FE0FFFC3FFEFFFC3FFEFFFC3FFE1F2A7EA924>I<FFE0FFE0FFE00FE00FE00FE00FE00FE0 +0FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00F +E00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE0FFFEFFFEFFFE0F2A7DA914>I<FFC07F +800FF000FFC1FFE03FFC00FFC383F0707E000FC603F8C07F000FCC01F9803F000FD801FF003F80 +0FF001FE003F800FF001FE003F800FE001FC003F800FE001FC003F800FE001FC003F800FE001FC +003F800FE001FC003F800FE001FC003F800FE001FC003F800FE001FC003F800FE001FC003F800F +E001FC003F800FE001FC003F800FE001FC003F800FE001FC003F800FE001FC003F800FE001FC00 +3F800FE001FC003F80FFFE1FFFC3FFF8FFFE1FFFC3FFF8FFFE1FFFC3FFF8351B7D9A3A>I<FFC0 +7F0000FFC1FFC000FFC787E0000FCE03F0000FD803F0000FD803F8000FF003F8000FF003F8000F +E003F8000FE003F8000FE003F8000FE003F8000FE003F8000FE003F8000FE003F8000FE003F800 +0FE003F8000FE003F8000FE003F8000FE003F8000FE003F8000FE003F8000FE003F8000FE003F8 +00FFFE3FFF80FFFE3FFF80FFFE3FFF80211B7D9A26>I<003FE00001FFFC0003F07E000FC01F80 +1F800FC03F800FE03F0007E07F0007F07F0007F07F0007F0FF0007F8FF0007F8FF0007F8FF0007 +F8FF0007F8FF0007F8FF0007F8FF0007F87F0007F07F0007F03F800FE03F800FE01F800FC00FC0 +1F8007F07F0001FFFC00003FE0001D1B7E9A22>I<FFE1FE0000FFE7FF8000FFFE07E0000FF803 +F0000FF001F8000FE000FC000FE000FE000FE000FF000FE0007F000FE0007F000FE0007F800FE0 +007F800FE0007F800FE0007F800FE0007F800FE0007F800FE0007F800FE0007F000FE000FF000F +E000FF000FE000FE000FE001FC000FF001F8000FF803F0000FFE0FE0000FE7FF80000FE1FC0000 +0FE00000000FE00000000FE00000000FE00000000FE00000000FE00000000FE00000000FE00000 +000FE0000000FFFE000000FFFE000000FFFE00000021277E9A26>I<FFC1F0FFC7FCFFCE3E0FD8 +7F0FD87F0FF07F0FF03E0FF01C0FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0 +000FE0000FE0000FE0000FE0000FE0000FE0000FE000FFFF00FFFF00FFFF00181B7E9A1C>114 +D<03FE300FFFF01E03F03800F0700070F00070F00070F80070FC0000FFE0007FFE007FFF803FFF +E01FFFF007FFF800FFF80003FC0000FC60007CE0003CF0003CF00038F80038FC0070FF01E0F7FF +C0C1FF00161B7E9A1B>I<00700000700000700000700000F00000F00000F00001F00003F00003 +F00007F0001FFFF0FFFFF0FFFFF007F00007F00007F00007F00007F00007F00007F00007F00007 +F00007F00007F00007F00007F00007F03807F03807F03807F03807F03807F03803F03803F87001 +F86000FFC0001F8015267FA51B>I<FFE03FF800FFE03FF800FFE03FF8000FE003F8000FE003F8 +000FE003F8000FE003F8000FE003F8000FE003F8000FE003F8000FE003F8000FE003F8000FE003 +F8000FE003F8000FE003F8000FE003F8000FE003F8000FE003F8000FE003F8000FE003F8000FE0 +03F8000FE007F80007E007F80007E00FF80003F03BFF8001FFF3FF80003FC3FF80211B7D9A26> +I<FFFE03FF80FFFE03FF80FFFE03FF8007F000700007F000700007F800F00003F800E00003FC01 +E00001FC01C00001FC01C00000FE03800000FE038000007F070000007F070000007F8F0000003F +8E0000003FDE0000001FDC0000001FDC0000000FF80000000FF80000000FF800000007F0000000 +07F000000003E000000003E000000001C00000211B7F9A24>I<FFFC0FFF00FFFC0FFF00FFFC0F +FF0007F003C00003F807800001FC07800000FE0F000000FF1E0000007F3C0000003FF80000001F +F00000000FF00000000FF000000007F000000007F80000000FFC0000001FFE0000001EFE000000 +3C7F000000783F800000F01FC00001E01FE00001C00FE00003C007F000FFF01FFF80FFF01FFF80 +FFF01FFF80211B7F9A24>120 D<FFFE03FF80FFFE03FF80FFFE03FF8007F000700007F0007000 +07F800F00003F800E00003FC01E00001FC01C00001FC01C00000FE03800000FE038000007F0700 +00007F070000007F8F0000003F8E0000003FDE0000001FDC0000001FDC0000000FF80000000FF8 +0000000FF800000007F000000007F000000003E000000003E000000001C000000001C000000003 +800000000380000038078000007C07000000FE0F000000FE0E000000FE1E000000FE3C0000007C +780000003FE00000000FC000000021277F9A24>I E /Fh 36 124 df<0000FC0000038300000E +0080001C03800038078000700780007003000070000000E0000000E0000000E0000000E0000000 +E0000000E000003FFFFE0001C00E0001C00E0001C00E0001C00E0001C00E0003801C0003801C00 +03801C0003801C0003801C0003801C000700380007003800070038000700380007003800070038 +000E0070000F007800FFC3FF0019237FA21B>12 D<0000FE03F00003818E0C000E00B802001C01 +F00E003803E01E007003C01E007001C00C007001C00000E003800000E003800000E003800000E0 +03800000E003800000E00380003FFFFFFFF801C007003801C007003801C007003801C007003801 +C007003803800E007003800E007003800E007003800E007003800E007003800E007007001C00E0 +07001C00E007001C00E007001C00E007001C00E007001C00E00E003801C00F003C01E0FFE3FF9F +FC27237FA229>14 D<1C3E7E7E3A02020404080810204080070F7D840E>44 +D<FFE0FFE00B027D8B10>I<3078F8787005057C840E>I<0000040000000006000000000E000000 +001E000000001E000000003E000000003F000000004F000000004F000000008F000000008F0000 +00010F000000010780000002078000000207800000040780000004078000000807C000000803C0 +00001003C000001003C000002003C000003FFFE000004001E000004001E000008001E000008001 +E000010001E000010000F000020000F000060000F000040000F0000C0000F0003E0001F800FF80 +0FFF8021237EA225>65 D<03FFE0FFF8003E000F80003C000F00003C000F00003C000F00003C00 +0F00003C000F000078001E000078001E000078001E000078001E000078001E000078001E0000F0 +003C0000F0003C0000F0003C0000FFFFFC0000F0003C0000F0003C0001E000780001E000780001 +E000780001E000780001E000780001E000780003C000F00003C000F00003C000F00003C000F000 +03C000F00003C000F000078001E00007C001F000FFFC3FFF0025227EA125>72 +D<03FFF0003E00003C00003C00003C00003C00003C000078000078000078000078000078000078 +0000F00000F00000F00000F00000F00000F00001E00001E00001E00001E00001E00001E00003C0 +0003C00003C00003C00003C00003C00007800007C000FFFC0014227EA112>I<03FFFFC0003E00 +F0003C0078003C003C003C003E003C001E003C003E0078003E0078003E0078003E0078003E0078 +003C0078007C00F0007800F000F000F001E000F0078000FFFE0000F0000001E0000001E0000001 +E0000001E0000001E0000001E0000003C0000003C0000003C0000003C0000003C0000003C00000 +0780000007C00000FFFC00001F227EA121>80 D<03FFFF0000003E01E000003C007800003C003C +00003C003C00003C003E00003C003E000078003E000078003E000078003E000078003E00007800 +7C00007800780000F000F00000F001E00000F007800000FFFC000000F00C000000F007000001E0 +07000001E003800001E003800001E003C00001E003C00001E003C00003C007C00003C007C00003 +C007C00003C007C00003C007C04003C007C080078007C08007C003E100FFFC01E3000000007C00 +22237EA124>82 D<000FC0800030318000C00B0001800700038007000300030007000300070003 +000E0002000E0002000F0002000F0000000F0000000F80000007E0000007FE000003FFC00001FF +E000007FF000000FF8000000F8000000780000003C0000003C0000003C0020003C004000380040 +00380040003800600030006000700060006000F000C000E8018000C607000081FC000019247DA2 +1B>I<03FC000606000F03000F03800601800001C0000380000380007F8003E3800F03801C0380 +380700780700F00708F00708F00F08F00F08F017107867A01F83C015157D9418>97 +D<0780003F80000700000700000700000700000700000700000E00000E00000E00000E00000E00 +000E00001C3F001CC1801D00C01E00601C00701C00703800783800783800783800783800783800 +787000F07000F07000E07001E07001C0700380E80700C61C0081F00015237BA21B>I<00FF0003 +81C00603C00C03C01C0180380000780000700000F00000F00000F00000F00000F00000E00000F0 +0000F000807001007001003806001C180007E00012157C9416>I<00001E0000FE00001C00001C +00001C00001C00001C00001C00003800003800003800003800003800003800FC700383700700F0 +0C00F01C00703800707800E07000E0F000E0F000E0F000E0F000E0E001C0E001C0E001C0E001C0 +7003C07003C0380F801C33C007C3F817237CA21B>I<00FE000383800701C00C00E01C00E03800 +E07800E07000E0FFFFE0F00000F00000F00000F00000E00000E00000F000407000803000801803 +000E0C0003F00013157D9416>I<0003E0000E30001C700038F000307000700000700000700000 +E00000E00000E00000E00000E00000E0003FFE0001C00001C00001C00001C00001C00003800003 +80000380000380000380000380000700000700000700000700000700000700000E00000F0000FF +F00014237FA20F>I<00000780001F88800070D18000E0E18001C0700003C0700003C070000780 +F0000780F0000780F0000780E0000381E0000181C00002C30000027E0000040000000400000004 +0000000600000007FF800007FFE00007FFF0001C007800300018006000180060001800C0001800 +C0001800C0003000600060003000C0001C07800003FC00001921809518>I<00780003F8000070 +0000700000700000700000700000700000E00000E00000E00000E00000E00000E00001C3F001CC +1801D00C01E00E01E00E01C00E03C01C03801C03801C03801C03801C03801C0700380700380700 +380700380700380700380E00700F0078FFE7FF18237FA21B>I<007000F001F000F000E0000000 +0000000000000000000000000001C00FC001C001C001C001C00380038003800380038003800700 +070007000700070007000E000F00FFE00C227FA10E>I<007803F8007000700070007000700070 +00E000E000E000E000E000E001C001C001C001C001C001C0038003800380038003800380070007 +0007000700070007000E000F00FFE00D237FA20E>108 D<01C1F807E01FC60C183001D80E6038 +01E007801C01E007801C01C007001C03C00F003803800E003803800E003803800E003803800E00 +3803800E003807001C007007001C007007001C007007001C007007001C007007001C00700E0038 +00E00F003C00F0FFE3FF8FFE27157F942A>I<01C3F01FCC1801D00C01E00E01E00E01C00E03C0 +1C03801C03801C03801C03801C03801C0700380700380700380700380700380700380E00700F00 +78FFE7FF18157F941B>I<007E000383800600C00C00E01C0070380070780078700078F00078F0 +0078F00078F00078E000F0E000F0E000E0F001E07001C07003803807001C1C0007F00015157D94 +18>I<00E1F8000FE60C0000E8060000F0070000E0038000E0038001C003C001C003C001C003C0 +01C003C001C003C001C003C003800780038007800380070003800F0003801E0003801C00074038 +000730E000070F80000700000007000000070000000E0000000E0000000E0000000E0000000E00 +00001E000000FFC000001A1F80941B>I<00FC100382100701300E00F01C00F03800F07800E078 +00E0F000E0F000E0F000E0F000E0F001C0F001C0F001C0F001C07003C07005C0380B801C338007 +C380000380000380000380000700000700000700000700000700000F00007FE0141F7C941A>I< +01C7C01FC8E001D1E001E1E001E0C001C00003C000038000038000038000038000038000070000 +0700000700000700000700000700000E00000F0000FFF00013157F9413>I<01F906070C031803 +1801180118021C001FE00FF807FC007E000E4006400640066006600CE008D83087C010157E9413 +>I<008000800080018001000300030007000F001F00FFF80E000E000E000E000E001C001C001C +001C001C001C0038103810381038103810382038201C4007800D1F7C9E13>I<0E0070FE07F00E +00F00E00700E00700E00701C00E01C00E01C00E01C00E01C00E01C00E03801C03801C03801C038 +01C03803C03805C0380B801C13C007E3F815157C941B>I<FFC0FE1E00780E00300E00200E0040 +0E004007008007008007010007030007820003840003840003880003C80001D00001D00001E000 +01C00000C00000800017157C941A>I<FFC7FC7F801E01E03E001C00C018001C01C010000E01E0 +10000E02E020000E02E020000E04E040000E046040000E08608000070870800007107100000710 +71000007207200000720320000074034000003C03C000003803800000380380000030030000003 +0010000021157C9423>I<1FF83FC003E01E0001C0180000E0100000E020000070400000788000 +00390000001E0000001C0000000E0000001F0000003700000063800000C380000181C0000101E0 +000200E0000E00F0003E00F800FF03FF001A157F941A>I<0FFC0FE001E0078000E0030000E002 +0000E0040000E00400007008000070080000701000007030000078200000384000003840000038 +8000003C8000001D0000001D0000001E0000001C0000000C000000080000000800000010000000 +1000000020000000400000F0400000F0800000F1000000C20000003C0000001B1F80941A>I<07 +FFF80780380600700C00E00801C0080380080700100E00001C0000380000700000E00001C02003 +C0200380200700600E00401C00C03801C0700380FFFF8015157F9416>I<FFFFFE17017E8C18>I +E /Fi 54 122 df<00000FE0000030180000E01C0001C03C0001803C0003803800038000000380 +000007000000070000000700000007000000070000000E000000FFFFE0000E00E0000E00E0000E +01C0001C01C0001C01C0001C01C0001C0380001C03800038038000380380003807000038070000 +3807000070070800700E1000700E1000700E1000700E2000E0062000E003C000E0000000E00000 +00C0000001C0000001C0000071800000F1800000F3000000620000003C0000001E2D82A21B>12 +D<0007800000001C6003800030100780006010078000E010038000C010010001C07001000380F0 +02000380F002000380600400070000080007000010000700006000073C00A00007E20310000781 +041000070108080007011008000F022008001F842008001C782C08003C003E080038003E080078 +001C0800780000080078000008007000001000F000001000700000200070000020007800004000 +380000800038000100001C000200000E000C00000380700000007F80000021257BA325>38 +D<FFF0FFF0FFE00C037C8B11>45 D<70F8F8F0E005057A840F>I<000000080000001800000030 +0000003000000060000000C0000000C0000001800000018000000300000006000000060000000C +0000000C0000001800000030000000300000006000000060000000C00000018000000180000003 +0000000300000006000000060000000C0000001800000018000000300000003000000060000000 +C0000000C0000001800000018000000300000006000000060000000C0000000C00000018000000 +30000000300000006000000060000000C0000000C0000000800000001D317FA419>I<000F8000 +30C000E06001C0700380700300700700700F00700E00701E00701E00701C00F03C00F03C00F03C +00F07801E07801E07801E07801E0F003C0F003C0F003C0F00380E00780E00780E00700E00F00E0 +0E00E01C00E01C00E0380060700030E0001F000014227AA019>I<0001000300030006001E002E +03CE001C001C001C001C0038003800380038007000700070007000E000E000E000E001C001C001 +C001C003800380038003800780FFFC10217AA019>I<000FC000106000603800801800801C0100 +1C02201E02101E04101E04101E04101E08203C08203C0840380840780880F00700E00001C00003 +0000060000180000200000C0000100000200000400100800301000202000605F80C063FFC040FF +80807F00801E0017227CA019>I<000FC000307000C01801001C02001C04000C04401C08201C08 +201C08201C08403808C0380700700000600001C000070000FC000007000003800003800001C000 +01C00001C00003C06003C0F003C0F00380E00780800700800E00801C0040380020F0001F800016 +227BA019>I<0000180000380000380000700000700000700000E00000E00000E00000C00001C0 +000180000380000300000300000600000600000C00000C000018000010000031800061C0004380 +0083800183800303800207000407000807003FC700403E00800FF0000E00000E00001C00001C00 +001C00001C00003800003800003800003000152B7EA019>I<00400400703800FFF000FFE000BF +80008000010000010000010000010000020000020000023E0002C3000501800601C00401C00001 +E00001E00001E00001E00001E00001E07003C0F003C0F003C0E00780800700800F00800E00401C +0040380030E0000F800016227BA019>I<07000F800F800F000E00000000000000000000000000 +000000000000000000007000F800F800F000E00009157A940F>58 D<0000030000000300000007 +000000070000000F0000000F0000001F0000002F0000002F0000004F0000004F80000087800000 +878000010780000207800002078000040780000407800008078000080780001007800030078000 +200780007FFF80004007C0008007C0008003C0010003C0030003C0020003C0040003C0040003C0 +0C0003C03C0007C0FF003FFC1E237DA224>65 D<00FFFFE0000F0038000F001C000F001E001E00 +0E001E000F001E000F001E000F003C000E003C001E003C001E003C003C00780078007800F00078 +01E00078078000FFFF8000F001E000F000F000F0007801E0007801E0003801E0003C01E0003C03 +C0007803C0007803C0007803C000F0078000F0078001E0078003C0078007000F801E00FFFFF000 +20227DA122>I<00007F00800003808100000E00630000380027000070001F0000E0000E0001C0 +000E000380000E000700000E000F000004000E000004001E000004003C000004003C0000080078 +0000000078000000007800000000F000000000F000000000F000000000F000000000F000000000 +E000000000E000002000E000002000E000004000E000004000F000008000700000800070000100 +00380002000018000400001C0008000006003000000381C0000000FE000000212479A223>I<00 +FFFFF000000F003C00000F000E00000F000700001E000380001E000380001E0001C0001E0001C0 +003C0001C0003C0001E0003C0001E0003C0001E000780001E000780001E000780001E000780001 +E000F00003C000F00003C000F00003C000F00003C001E000078001E000078001E000070001E000 +0F0003C0000E0003C0001C0003C0003C0003C00038000780007000078000E000078001C0000780 +0700000F801C0000FFFFF0000023227DA125>I<00FFFFFF80000F000780000F000180000F0001 +80001E000180001E000180001E000100001E000100003C000100003C000100003C010100003C01 +000000780200000078020000007806000000780E000000FFFC000000F00C000000F00C000000F0 +0C000001E008000001E008000001E008040001E000080003C000080003C000080003C000100003 +C000100007800020000780006000078000C000078001C0000F8007C000FFFFFF800021227DA121 +>I<00FFFFFF000F000F000F0003000F0003001E0003001E0003001E0002001E0002003C000200 +3C0002003C0102003C010000780200007802000078060000780E0000FFFC0000F00C0000F00C00 +00F00C0001E0080001E0080001E0080001E0000003C0000003C0000003C0000003C00000078000 +000780000007800000078000000F800000FFFC000020227DA120>I<00FFF87FFC000F00078000 +0F000780000F000780001E000F00001E000F00001E000F00001E000F00003C001E00003C001E00 +003C001E00003C001E000078003C000078003C000078003C000078003C0000FFFFF80000F00078 +0000F000780000F000780001E000F00001E000F00001E000F00001E000F00003C001E00003C001 +E00003C001E00003C001E000078003C000078003C000078003C000078003C0000F8007C000FFF8 +7FFC0026227DA124>72 D<00FFF8000F00000F00000F00001E00001E00001E00001E00003C0000 +3C00003C00003C0000780000780000780000780000F00000F00000F00000F00001E00001E00001 +E00001E00003C00003C00003C00003C0000780000780000780000780000F8000FFF80015227DA1 +13>I<00FFF807FC000F0001E0000F0001C0000F000100001E000200001E000400001E00100000 +1E002000003C004000003C008000003C010000003C040000007808000000781800000078380000 +00787C000000F0BC000000F23C000000F41E000000F81E000001F01F000001E00F000001E00F00 +0001E00F800003C007800003C007800003C003C00003C003C000078003C000078001E000078001 +E000078001E0000F8001F000FFF80FFE0026227DA125>75 D<00FFFC00000F8000000F0000000F +0000001E0000001E0000001E0000001E0000003C0000003C0000003C0000003C00000078000000 +780000007800000078000000F0000000F0000000F0000000F0000001E0000001E0000001E00020 +01E0002003C0004003C0004003C0008003C0008007800180078001000780030007800F000F803E +00FFFFFE001B227DA11F>I<00FF800007FC000F80000F80000F80001780000F80001780001780 +002F000013C0002F000013C0004F000013C0008F000023C0009E000023C0011E000023C0011E00 +0023C0021E000043C0043C000043C0043C000043C0083C000041E0083C000081E01078000081E0 +2078000081E02078000081E04078000101E040F0000101E080F0000101E100F0000101E100F000 +0200F201E0000200F201E0000200F401E0000200F801E0000400F803C0000400F003C0000400F0 +03C0000C00E003C0001E00C007C000FFC0C07FFC002E227DA12C>I<00FF000FFC000F8001E000 +0F800180000FC000800013C001000013C001000011E001000011E001000021E002000020F00200 +0020F002000020F0020000407804000040780400004078040000403C040000803C080000803E08 +0000801E080000801E080001001F100001000F100001000F10000100079000020007A000020007 +A000020003E000020003E000040003C000040001C000040001C0000C0001C0001E00008000FFC0 +00800026227DA124>I<0000FE0000078380000C00E0003800700070003800E0003801C0001C03 +80001C0700001C0F00001E1E00001E1C00001E3C00001E3C00001E7800001E7800001E7800001E +F000003CF000003CF000003CF0000078F0000078E0000078E00000F0E00000F0E00001E0E00001 +C0F00003C0F00007807000070078000E0038001C001C0038000E00E0000703800001FC00001F24 +79A225>I<00FFFFE0000F0038000F001E000F000E001E0007001E0007001E0007001E0007003C +000F003C000F003C000F003C001E0078001E0078003C00780078007800E000F003C000FFFE0000 +F0000000F0000001E0000001E0000001E0000001E0000003C0000003C0000003C0000003C00000 +078000000780000007800000078000000F800000FFF8000020227DA121>I<00FFFFC0000F0070 +000F003C000F001C001E000E001E000E001E000F001E000F003C001E003C001E003C001E003C00 +3C0078003800780070007801E00078078000FFFC0000F00E0000F0070000F0038001E003C001E0 +03C001E003C001E003C003C0078003C0078003C0078003C0078007800F0007800F0107800F0107 +8007020F800702FFF8038C000000F020237DA124>82 D<0001F020000E0C40001802C0003001C0 +006001C000E0018000C0018001C0018001C0018003C0010003C0010003C0000003C0000003E000 +0001F8000001FF000000FFE000007FF000001FF8000003FC0000007C0000003C0000001E000000 +1E0000001E0020001C0020001C0020001C00200018006000380060003000700060007000C000C8 +018000C607000081FC00001B247DA21B>I<1FFFFFF81E03C0381803C0183003C0182007801820 +0780184007801040078010400F0010800F0010800F0010000F0000001E0000001E0000001E0000 +001E0000003C0000003C0000003C0000003C00000078000000780000007800000078000000F000 +0000F0000000F0000000F0000001E0000001E0000001E0000001E0000003E00000FFFF00001D22 +77A123>I<3FFE03FF03C0007803C0006003C00020078000400780004007800040078000400F00 +00800F0000800F0000800F0000801E0001001E0001001E0001001E0001003C0002003C0002003C +0002003C0002007800040078000400780004007800040070000800F0000800F000100070001000 +70002000700040003000400038018000180200000E0C000003F00000202377A124>I<007FF81F +F8000FC007C000078003000007C002000003C004000003C008000003E010000001E030000001E0 +20000001F040000000F080000000F100000000FA000000007C000000007C000000007C00000000 +3C000000003C000000007E000000009E000000011E000000031F000000060F000000040F000000 +080F80000010078000002007C000004007C00000C003C000018003E000010001E000070001E000 +1F0003F000FFC01FFE0025227EA124>88 D<00F8C00185C00705C00E03800E03801C03803C0380 +380700780700780700780700F00E00F00E00F00E00F00E10F01C20701C20703C20305C40308C40 +0F078014157B9419>97 D<03C03F8003800380038007000700070007000E000E000E000E001C00 +1CF81D0C1E0E3C0638073807380F700F700F700F700FE01EE01EE01EE03CE038E038607060E031 +C01F0010237BA216>I<007E0001C1000301800703800E07801C07803C00003800007800007800 +00780000F00000F00000F00000F00000F00100700100700200300C001830000FC00011157B9416 +>I<00003C0003F80000380000380000380000700000700000700000700000E00000E00000E000 +00E00001C000F9C00185C00705C00E03800E03801C03803C0380380700780700780700780700F0 +0E00F00E00F00E00F00E10F01C20701C20703C20305C40308C400F078016237BA219>I<00F803 +840E021C023C0238027804F018FFE0F000F000E000E000E000E000E002E0026004701830600F80 +0F157A9416>I<00003E0000470000CF00018F0001860003800003800003800007000007000007 +00000700000700000E0000FFF0000E00000E00000E00001C00001C00001C00001C00001C000038 +0000380000380000380000380000700000700000700000700000700000E00000E00000E00000E0 +0000C00001C00001C000718000F18000F300006200003C0000182D82A20F>I<001F180030B800 +E0B801C07001C0700380700780700700E00F00E00F00E00F00E01E01C01E01C01E01C01E01C01E +03800E03800E0780060B8006170001E700000700000700000E00000E00000E00701C00F01800F0 +300060E0003F8000151F7E9416>I<00F0000FE00000E00000E00000E00001C00001C00001C000 +01C000038000038000038000038000070000071F0007218007C0C00F00E00F00E00E00E00E00E0 +1C01C01C01C01C01C01C01C0380380380380380380380704700708700E08700E10700610E00620 +6003C016237DA219>I<00C001E001C001C0000000000000000000000000000000001C00230043 +0043008700870087000E000E001C001C001C00380038003840708070807080710032001C000B21 +7BA00F>I<00F0000FE00000E00000E00000E00001C00001C00001C00001C00003800003800003 +80000380000700000701E0070210070C700E10F00E10F00E20600E40001D80001E00001FC0001C +7000383800383800381C00381C20703840703840703840701880E01880600F0014237DA216> +107 D<01E01FC001C001C001C0038003800380038007000700070007000E000E000E000E001C00 +1C001C001C0038003800380038007000700070007100E200E200E200E200640038000B237CA20C +>I<1C0F80F8002610C10C00476066060087807807008780780700870070070087007007000E00 +E00E000E00E00E000E00E00E000E00E00E001C01C01C001C01C01C001C01C01C001C01C0382038 +0380384038038070403803807080380380308070070031003003001E0023157B9428>I<1C0F00 +2631C04740C08780E08780E08700E08700E00E01C00E01C00E01C00E01C01C03801C03801C0380 +1C0704380708380E08380E103806107006203003C016157B941B>I<007E0001C3000381800701 +C00E01C01C01E03C01E03801E07801E07801E07801E0F003C0F003C0F00380F00780700700700E +00700C0030180018700007C00013157B9419>I<01C1F002621804741C08780C08700E08700E08 +701E00E01E00E01E00E01E00E01E01C03C01C03C01C03C01C07803807003807003C0E003C1C007 +2380071E000700000700000E00000E00000E00000E00001C00001C00001C0000FFC000171F7F94 +19>I<00F8400184C00705C00E03800E03801C03803C0380380700780700780700780700F00E00 +F00E00F00E00F00E00F01C00701C00703C00305C0030B8000F3800003800003800007000007000 +00700000700000E00000E00000E0000FFE00121F7B9416>I<1C1F002620804741C08783C08703 +C08701808700000E00000E00000E00000E00001C00001C00001C00001C00003800003800003800 +0038000070000030000012157B9415>I<00FC000183000200800401800C03800C03000C00000F +00000FF00007FC0003FE00003E00000F00000700700700F00600F00600E004004008002030001F +C00011157D9414>I<00C001C001C001C001C003800380038003800700FFF8070007000E000E00 +0E000E001C001C001C001C003800380038003810702070207040708031001E000D1F7C9E10>I< +1E00602300E04380E04381C08381C08701C08701C00703800E03800E03800E03801C07001C0700 +1C07001C07081C0E10180E101C0E101C1E200C262007C3C015157B941A>I<1E03802307C04387 +C04383C08381C08700C08700C00700800E00800E00800E00801C01001C01001C01001C02001C02 +001C04001C08001C08000C300003C00012157B9416>I<1E0060E02300E1F04380E1F04381C0F0 +8381C0708701C0308701C030070380200E0380200E0380200E0380201C0700401C0700401C0700 +401C0700801C0700801C0701001C0F01000C0F020006138C0003E0F0001C157B9420>I<1E0030 +2300704380704380E08380E08700E08700E00701C00E01C00E01C00E01C01C03801C03801C0380 +1C03801C07001C07001C07001C0F000C3E0003CE00000E00000E00001C00601C00F03800F03000 +E0600080C0004380003E0000141F7B9418>121 D E /Fj 3 53 df<0F8030E040708030C038E0 +384038003800700070006000C00180030006000C08080810183FF07FF0FFF00D157E9412>50 +D<0FE030306018701C701C001C00180038006007E000300018000C000E000EE00EE00EC00C4018 +30300FE00F157F9412>I<00300030007000F001F001700270047008701870107020704070C070 +FFFE0070007000700070007003FE0F157F9412>I E /Fk 19 122 df<0007F010001C0C300070 +026000C001E0038000E0070000E00E0000600E0000601C0000403C000040380000407800000078 +00000078000000F0000000F0000000F0000000F0000000F0000000F0000080F000010070000100 +7000010038000200380004001C0004000C001800060020000380C000007F00001C1E7C9C1E>67 +D<0FFFFC0000F80F0000F0038000F003C000F001C000F001C000F001C001E003C001E003C001E0 +03C001E0038001E0070001E00E0003C03C0003FFE00003C0000003C0000003C0000003C0000007 +80000007800000078000000780000007800000078000000F0000000F800000FFF000001A1C7E9B +1C>80 D<0FFFF80000F80E0000F0078000F003C000F001C000F001E000F001E001E003C001E003 +C001E0038001E0070001E00E0001E03C0003FFE00003C0700003C0380003C03C0003C01C0003C0 +1E0007803C0007803C0007803C0007803C0007803C0007803C080F003C100F801C10FFF01C2000 +0007C01D1D7E9B1F>82 D<1FFFFFF03C07C0F03007803020078020600780204007802040078020 +400F0020800F0020000F0000000F0000000F0000000F0000001E0000001E0000001E0000001E00 +00001E0000001E0000003C0000003C0000003C0000003C0000003C0000003C000000780000007C +00001FFFE0001C1C7C9B1E>84 D<07F0001C18001E0C001C0E00180E00000E00000E0001FE000F +0E001C1C00301C00701C00E01C40E01C40E03C40E05C80709D803F0E0012127D9115>97 +D<01F8071C0C1E181C38183000700070007000E000E000E000600060047008301018200FC00F12 +7D9112>99 D<01F8070C0C061C073803300370037FFF7000E000E000E00060006002300430081C +3007C010127E9112>101 D<000F800039C00061C000E3C001C18001C00001C00001C000038000 +0380000380003FF8000380000380000700000700000700000700000700000700000E00000E0000 +0E00000E00000E00000E00001C00001E0000FFC000121D7F9C0D>I<07E00001E00001C00001C0 +0001C00001C00001C00001C000038000038000038000038F8003B0C003C0E00780E00780E00700 +E00700E00700E00700E00E01C00E01C00E01C00E01C00E01C00E01C01C03801E03C0FF9FF0141D +7F9C17>104 D<00C001C001C0018000000000000000000000000000001F800780038007000700 +07000700070007000E000E000E000E000E000E001C001E00FF800A1D7F9C0C>I<07E001E001C0 +01C001C001C001C001C00380038003800380038003800700070007000700070007000E000E000E +000E000E000E001C001E00FF800B1D7F9C0C>108 D<1F8FC0FC00079061060003E07607000780 +780700078078070007007007000700700700070070070007007007000E00E00E000E00E00E000E +00E00E000E00E00E000E00E00E000E00E00E001C01C01C001E01E01E00FF8FF8FF8021127F9124 +>I<1F8F8007B0C003C0E00780E00780E00700E00700E00700E00700E00E01C00E01C00E01C00E +01C00E01C00E01C01C03801E03C0FF9FF014127F9117>I<00FC000307000E01801C01C03800C0 +3000C07000E07000E07000E0E001C0E001C0E001C0600180600380700700380E001C180007E000 +13127E9115>I<1F9C07EE03CF078E078C07000700070007000E000E000E000E000E000E001C00 +1E00FFC010127F9110>114 D<03F20C0E18061004300438043E001FE00FF007F8003C401C400C +400C6018E010D0608FC00F127F9110>I<020002000200060006000C001C003C00FFE01C001C00 +380038003800380038003800700070407040704070407080708031001E000B1A7C9910>I<FC1F +803C07801C0380380700380700380700380700380700380700700E00700E00700E00700E00701E +00701E00703C00305E001F9F8011127C9117>I<0FF0FE03C03801C03001C02001C06001C04001 +E08000E08000E10000E10000E200007200007400007C0000780000700000300000200000200000 +4000004000708000F10000F10000E60000780000171A809116>121 D E +/Fl 42 124 df<6060F0F0F8F86868080808080808101010102020404080800D0C7F9C15>34 +D<FFE0FFE00B0280890E>45 D<00010003000600060006000C000C000C00180018001800300030 +00300060006000C000C000C0018001800180030003000300060006000C000C000C001800180018 +00300030003000600060006000C000C00010297E9E15>47 D<030007003F00C700070007000700 +07000700070007000700070007000700070007000700070007000700070007000700070007000F +80FFF80D1C7C9B15>49 D<07C01830201C400C400EF00FF80FF807F8077007000F000E000E001C +001C00380070006000C00180030006010C01180110023FFE7FFEFFFE101C7E9B15>I<07E01830 +201C201C781E780E781E381E001C001C00180030006007E00030001C001C000E000F000F700FF8 +0FF80FF80FF00E401C201C183007E0101D7E9B15>I<03C00C301818300C700C600EE006E006E0 +07E007E007E007E0076007700F300F18170C2707C700060006000E300C780C78187010203030C0 +0F80101D7E9B15>57 D<000600000006000000060000000F0000000F0000000F00000017800000 +178000001780000023C0000023C0000023C0000041E0000041E0000041E0000080F0000080F000 +0180F8000100780001FFF80003007C0002003C0002003C0006003E0004001E0004001E000C001F +001E001F00FF80FFF01C1D7F9C1F>65 D<001F808000E0618001801980070007800E0003801C00 +03801C00018038000180780000807800008070000080F0000000F0000000F0000000F0000000F0 +000000F0000000F0000000F0000000700000807800008078000080380000801C0001001C000100 +0E000200070004000180080000E03000001FC000191E7E9C1E>67 D<FFF00F000F000F000F000F +000F000F000F000F000F000F000F000F000F000F000F000F000F000F000F000F000F000F000F00 +0F000F00FFF00C1C7F9B0F>73 D<FF007FC00F800E000F8004000BC0040009E0040009E0040008 +F0040008F8040008780400083C0400083C0400081E0400080F0400080F0400080784000807C400 +0803C4000801E4000801E4000800F40008007C0008007C0008003C0008003C0008001C0008000C +001C000C00FF8004001A1C7E9B1F>78 D<FFFF800F00E00F00780F003C0F001C0F001E0F001E0F +001E0F001E0F001E0F001C0F003C0F00780F00E00FFF800F00000F00000F00000F00000F00000F +00000F00000F00000F00000F00000F00000F0000FFF000171C7E9B1C>80 +D<FFFF00000F01E0000F0078000F003C000F001C000F001E000F001E000F001E000F001E000F00 +1C000F003C000F0078000F01E0000FFF00000F03C0000F00E0000F00F0000F0078000F0078000F +0078000F0078000F0078000F0078000F0078100F0078100F0038100F003C20FFF01C20000007C0 +1C1D7E9B1F>82 D<7FFFFFC0700F01C0600F00C0400F0040400F0040C00F0020800F0020800F00 +20800F0020000F0000000F0000000F0000000F0000000F0000000F0000000F0000000F0000000F +0000000F0000000F0000000F0000000F0000000F0000000F0000000F0000000F0000001F800003 +FFFC001B1C7F9B1E>84 D<FFF07FC00F000E000F0004000F0004000F0004000F0004000F000400 +0F0004000F0004000F0004000F0004000F0004000F0004000F0004000F0004000F0004000F0004 +000F0004000F0004000F0004000F0004000F0004000700080007800800038010000180100000C0 +20000070C000001F00001A1D7E9B1F>I<7FF0FFC00FC03E000780180003C0180003E0100001E0 +200001F0600000F0400000788000007D8000003D0000001E0000001F0000000F0000000F800000 +0F80000013C0000023E0000021E0000041F00000C0F8000080780001007C0003003C0002001E00 +06001F001F003F80FFC0FFF01C1C7F9B1F>88 D<FEFEC0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0 +C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0FEFE07297C9E0C>91 D<080810102020404040 +40808080808080B0B0F8F8787830300D0C7A9C15>I<FEFE060606060606060606060606060606 +06060606060606060606060606060606060606060606FEFE0729809E0C>I<1FC0003070007838 +00781C00301C00001C00001C0001FC000F1C00381C00701C00601C00E01C40E01C40E01C40603C +40304E801F870012127E9115>97 D<FC00001C00001C00001C00001C00001C00001C00001C0000 +1C00001C00001C00001C7C001D86001E03001C01801C01C01C00C01C00E01C00E01C00E01C00E0 +1C00E01C00E01C00C01C01C01C01801E030019060010F800131D7F9C17>I<07E00C3018783078 +70306000E000E000E000E000E000E00060007004300418080C3007C00E127E9112>I<003F0000 +070000070000070000070000070000070000070000070000070000070003E7000C1700180F0030 +0700700700600700E00700E00700E00700E00700E00700E00700600700700700300700180F000C +370007C7E0131D7E9C17>I<03E00C301818300C700E6006E006FFFEE000E000E000E000600070 +02300218040C1803E00F127F9112>I<00F8018C071E061E0E0C0E000E000E000E000E000E00FF +E00E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E007FE00F1D809C +0D>I<00038003C4C00C38C01C3880181800381C00381C00381C00381C001818001C38000C3000 +13C0001000003000001800001FF8001FFF001FFF803003806001C0C000C0C000C0C000C0600180 +3003001C0E0007F800121C7F9215>I<FC00001C00001C00001C00001C00001C00001C00001C00 +001C00001C00001C00001C7C001C87001D03001E03801C03801C03801C03801C03801C03801C03 +801C03801C03801C03801C03801C03801C03801C0380FF9FF0141D7F9C17>I<18003C003C0018 +000000000000000000000000000000FC001C001C001C001C001C001C001C001C001C001C001C00 +1C001C001C001C001C00FF80091D7F9C0C>I<FC00001C00001C00001C00001C00001C00001C00 +001C00001C00001C00001C00001C3FC01C0F001C0C001C08001C10001C20001C40001CE0001DE0 +001E70001C78001C38001C3C001C1C001C0E001C0F001C0F80FF9FE0131D7F9C16>107 +D<FC001C001C001C001C001C001C001C001C001C001C001C001C001C001C001C001C001C001C00 +1C001C001C001C001C001C001C001C001C00FF80091D7F9C0C>I<FC7E07E0001C838838001D01 +9018001E01E01C001C01C01C001C01C01C001C01C01C001C01C01C001C01C01C001C01C01C001C +01C01C001C01C01C001C01C01C001C01C01C001C01C01C001C01C01C001C01C01C00FF8FF8FF80 +21127F9124>I<FC7C001C87001D03001E03801C03801C03801C03801C03801C03801C03801C03 +801C03801C03801C03801C03801C03801C0380FF9FF014127F9117>I<03F0000E1C0018060030 +0300700380600180E001C0E001C0E001C0E001C0E001C0E001C06001807003803003001806000E +1C0003F00012127F9115>I<FC7C001D86001E03001C01801C01C01C00C01C00E01C00E01C00E0 +1C00E01C00E01C00E01C01C01C01C01C01801E03001D06001CF8001C00001C00001C00001C0000 +1C00001C00001C0000FF8000131A7F9117>I<FCE01D301E781E781C301C001C001C001C001C00 +1C001C001C001C001C001C001C00FFC00D127F9110>114 D<1F9030704030C010C010E010F800 +7F803FE00FF000F880388018C018C018E010D0608FC00D127F9110>I<04000400040004000C00 +0C001C003C00FFE01C001C001C001C001C001C001C001C001C001C101C101C101C101C100C100E +2003C00C1A7F9910>I<FC1F801C03801C03801C03801C03801C03801C03801C03801C03801C03 +801C03801C03801C03801C03801C07800C07800E1B8003E3F014127F9117>I<FF07E03C03801C +01001C01000E02000E020007040007040007040003880003880003D80001D00001D00000E00000 +E00000E00000400013127F9116>I<FF3FCFE03C0F03801C0701801C0701001C0B01000E0B8200 +0E0B82000E1182000711C4000711C4000720C40003A0E80003A0E80003C0680001C0700001C070 +0001803000008020001B127F911E>I<FF07E03C03801C01001C01000E02000E02000704000704 +0007040003880003880003D80001D00001D00000E00000E00000E0000040000040000080000080 +00F08000F10000F300006600003C0000131A7F9116>121 D<FFFFF01401808B15>123 +D E /Fm 4 53 df<0C001C00EC000C000C000C000C000C000C000C000C000C000C000C000C000C +000C000C00FFC00A137D9211>49 D<1F0060C06060F070F030603000700070006000C001C00180 +020004000810101020207FE0FFE00C137E9211>I<0FC030707038703870380038003000E00FC0 +007000380018001C601CF01CF018E03860701FC00E137F9211>I<006000E000E0016002600660 +0C600860106020606060C060FFFC0060006000600060006003FC0E137F9211>I +E /Fn 47 124 df<001F83E000F06E3001C078780380F8780300F0300700700007007000070070 +0007007000070070000700700007007000FFFFFF80070070000700700007007000070070000700 +700007007000070070000700700007007000070070000700700007007000070070000700700007 +0070000700700007007000070070007FE3FF001D20809F1B>11 D<003F0000E0C001C0C00381E0 +0701E00701E0070000070000070000070000070000070000FFFFE00700E00700E00700E00700E0 +0700E00700E00700E00700E00700E00700E00700E00700E00700E00700E00700E00700E00700E0 +0700E07FC3FE1720809F19>I<001F81F80000F04F040001C07C06000380F80F000300F00F0007 +00F00F00070070000007007000000700700000070070000007007000000700700000FFFFFFFF00 +070070070007007007000700700700070070070007007007000700700700070070070007007007 +000700700700070070070007007007000700700700070070070007007007000700700700070070 +0700070070070007007007007FE3FE3FF02420809F26>14 D<7038F87CFC7EFC7E743A04020402 +04020804080410081008201040200F0E7E9F17>34 D<0020004000800100020006000C000C0018 +0018003000300030007000600060006000E000E000E000E000E000E000E000E000E000E000E000 +E0006000600060007000300030003000180018000C000C000600020001000080004000200B2E7D +A112>40 D<800040002000100008000C00060006000300030001800180018001C000C000C000C0 +00E000E000E000E000E000E000E000E000E000E000E000E000C000C000C001C001800180018003 +000300060006000C00080010002000400080000B2E7DA112>I<70F8FCFC740404040808101020 +40060E7C840D>44 D<FFC0FFC00A027F8A0F>I<70F8F8F87005057C840D>I<70F8F8F870000000 +0000000000000070F8F8F87005147C930D>58 D<000100000003800000038000000380000007C0 +000007C0000007C0000009E0000009E0000009E0000010F0000010F0000010F000002078000020 +78000020780000403C0000403C0000403C0000801E0000801E0000FFFE0001000F0001000F0001 +000F00020007800200078002000780040003C00E0003C01F0007E0FFC03FFE1F207F9F22>65 +D<FFFFE0000F80380007801E0007801F0007800F0007800F8007800F8007800F8007800F800780 +0F8007800F0007801F0007801E0007803C0007FFF00007803C0007801E0007800F0007800F8007 +800780078007C0078007C0078007C0078007C0078007C00780078007800F8007800F0007801F00 +0F803C00FFFFF0001A1F7E9E20>I<FFFFE0000F803C0007801E000780070007800380078003C0 +078001E0078001E0078001F0078000F0078000F0078000F8078000F8078000F8078000F8078000 +F8078000F8078000F8078000F8078000F8078000F0078000F0078000F0078001E0078001E00780 +03C0078003800780070007800E000F803C00FFFFE0001D1F7E9E23>68 D<FFFFFF000F800F0007 +800300078003000780010007800180078000800780008007800080078080800780800007808000 +078080000781800007FF8000078180000780800007808000078080000780800007800020078000 +2007800020078000400780004007800040078000C0078000C0078001800F800F80FFFFFF801B1F +7E9E1F>I<FFFC0FC0078007800780078007800780078007800780078007800780078007800780 +0780078007800780078007800780078007800780078007800FC0FFFC0E1F7F9E10>73 +D<FF803FF807C007C007C0038005E0010005E0010004F001000478010004780100043C0100043C +0100041E0100040F0100040F010004078100040781000403C1000401E1000401E1000400F10004 +00F1000400790004003D0004003D0004001F0004001F0004000F0004000700040007000E000300 +1F000300FFE001001D1F7E9E22>78 D<07E0800C1980100780300380600180600180E00180E000 +80E00080E00080F00000F000007800007F00003FF0001FFC000FFE0003FF00001F800007800003 +C00003C00001C08001C08001C08001C08001C0C00180C00380E00300F00600CE0C0081F8001221 +7D9F19>83 D<7FFFFFE0780F01E0600F0060400F0020400F0020C00F0030800F0010800F001080 +0F0010800F0010000F0000000F0000000F0000000F0000000F0000000F0000000F0000000F0000 +000F0000000F0000000F0000000F0000000F0000000F0000000F0000000F0000000F0000000F00 +00000F0000001F800007FFFE001C1F7E9E21>I<FFF07FF81FF01F800FC007C00F00078003800F +00078001000F0007C00100078007C00200078007C00200078007C0020003C009E0040003C009E0 +040003C009E0040003E010F00C0001E010F0080001E010F0080001F02078080000F02078100000 +F02078100000F0403C10000078403C20000078403C20000078C03E2000003C801E4000003C801E +4000003C801E4000001F000F8000001F000F8000001F000F8000001E00078000000E0007000000 +0E00070000000C000300000004000200002C207F9E2F>87 D<0804100820102010402040208040 +80408040B85CFC7EFC7E7C3E381C0F0E7B9F17>92 D<1FE000303000781800781C00300E00000E +00000E00000E0000FE00078E001E0E00380E00780E00F00E10F00E10F00E10F01E10781E103867 +200F83C014147E9317>97 D<0E0000FE00000E00000E00000E00000E00000E00000E00000E0000 +0E00000E00000E00000E3E000EC3800F01C00F00E00E00E00E00700E00700E00780E00780E0078 +0E00780E00780E00780E00700E00700E00E00F00E00D01C00CC300083E0015207F9F19>I<03F8 +0E0C1C1E381E380C70007000F000F000F000F000F000F00070007000380138011C020E0C03F010 +147E9314>I<000380003F80000380000380000380000380000380000380000380000380000380 +00038003E380061B801C0780380380380380700380700380F00380F00380F00380F00380F00380 +F003807003807003803803803807801C07800E1B8003E3F815207E9F19>I<03F0000E1C001C0E +00380700380700700700700380F00380F00380FFFF80F00000F00000F000007000007000003800 +801800800C010007060001F80011147F9314>I<007C00C6018F038F0706070007000700070007 +0007000700FFF00700070007000700070007000700070007000700070007000700070007000700 +070007007FF01020809F0E>I<0000E003E3300E3C301C1C30380E00780F00780F00780F00780F +00780F00380E001C1C001E380033E0002000002000003000003000003FFE001FFF800FFFC03001 +E0600070C00030C00030C00030C000306000603000C01C038003FC00141F7F9417>I<0E0000FE +00000E00000E00000E00000E00000E00000E00000E00000E00000E00000E00000E3E000E43000E +81800F01C00F01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E +01C00E01C00E01C00E01C0FFE7FC16207F9F19>I<1C001E003E001E001C000000000000000000 +000000000E007E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E +000E00FFC00A1F809E0C>I<00E001F001F001F000E0000000000000000000000000007007F000 +F00070007000700070007000700070007000700070007000700070007000700070007000700070 +007000706070F060F0C061803F000C28829E0E>I<0E0000FE00000E00000E00000E00000E0000 +0E00000E00000E00000E00000E00000E00000E0FF00E03C00E03000E02000E04000E08000E1000 +0E30000E70000EF8000F38000E1C000E1E000E0E000E07000E07800E03800E03C00E03E0FFCFF8 +15207F9F18>I<0E00FE000E000E000E000E000E000E000E000E000E000E000E000E000E000E00 +0E000E000E000E000E000E000E000E000E000E000E000E000E000E000E00FFE00B20809F0C>I< +0E1F01F000FE618618000E81C81C000F00F00E000F00F00E000E00E00E000E00E00E000E00E00E +000E00E00E000E00E00E000E00E00E000E00E00E000E00E00E000E00E00E000E00E00E000E00E0 +0E000E00E00E000E00E00E000E00E00E00FFE7FE7FE023147F9326>I<0E3E00FE43000E81800F +01C00F01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E +01C00E01C00E01C0FFE7FC16147F9319>I<01F800070E001C03803801C03801C07000E07000E0 +F000F0F000F0F000F0F000F0F000F0F000F07000E07000E03801C03801C01C0380070E0001F800 +14147F9317>I<0E3E00FEC3800F01C00F00E00E00E00E00F00E00700E00780E00780E00780E00 +780E00780E00780E00700E00F00E00E00F01E00F01C00EC3000E3E000E00000E00000E00000E00 +000E00000E00000E00000E0000FFE000151D7F9319>I<03E0800619801C05803C078038038078 +0380700380F00380F00380F00380F00380F00380F003807003807803803803803807801C0B800E +138003E380000380000380000380000380000380000380000380000380003FF8151D7E9318>I< +0E78FE8C0F1E0F1E0F0C0E000E000E000E000E000E000E000E000E000E000E000E000E000E00FF +E00F147F9312>I<1F9030704030C010C010C010E00078007F803FE00FF00070803880188018C0 +18C018E030D0608F800D147E9312>I<020002000200060006000E000E003E00FFF80E000E000E +000E000E000E000E000E000E000E000E000E080E080E080E080E080610031001E00D1C7F9B12> +I<0E01C0FE1FC00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01 +C00E01C00E01C00E01C00E03C00603C0030DC001F1FC16147F9319>I<FF83F81E01E01C00C00E +00800E00800E008007010007010003820003820003820001C40001C40001EC0000E80000E80000 +700000700000700000200015147F9318>I<FF9FE1FC3C0780701C0300601C0380200E0380400E +0380400E03C0400707C0800704C0800704E080038861000388710003C8730001D0320001D03A00 +00F03C0000E01C0000E01C0000601800004008001E147F9321>I<7FC3FC0F01E00701C0070180 +03810001C20000E40000EC00007800003800003C00007C00004E000087000107000303800201C0 +0601E01E01E0FF07FE1714809318>I<FF83F81E01E01C00C00E00800E00800E00800701000701 +0003820003820003820001C40001C40001EC0000E80000E8000070000070000070000020000020 +00004000004000004000F08000F08000F100006200003C0000151D7F9318>I<3FFF380E200E20 +1C40384078407000E001E001C00380078007010E011E011C0338027006700EFFFE10147F9314> +I<FFFFFC1601808C17>I E /Fo 7 117 df<0000E000000000E000000001F000000001F0000000 +01F000000003F800000003F800000006FC00000006FC0000000EFE0000000C7E0000000C7E0000 +00183F000000183F000000303F800000301F800000701FC00000600FC00000600FC00000C007E0 +0000FFFFE00001FFFFF000018003F000018003F000030001F800030001F800060001FC00060000 +FC000E0000FE00FFE00FFFE0FFE00FFFE0231F7E9E28>65 D<07FC001FFF003F0F803F07C03F03 +E03F03E00C03E00003E0007FE007FBE01F03E03C03E07C03E0F803E0F803E0F803E0FC05E07E0D +E03FF8FE0FE07E17147F9319>97 D<FF0000FF00001F00001F00001F00001F00001F00001F0000 +1F00001F00001F00001F00001F1FC01F7FF01FE0F81F807C1F007E1F003E1F003E1F003F1F003F +1F003F1F003F1F003F1F003F1F003E1F003E1F007C1F807C1EC1F81C7FE0181F8018207E9F1D> +I<01FE0007FF801F0FC03E0FC03E0FC07C0FC07C0300FC0000FC0000FC0000FC0000FC0000FC00 +007C00007E00003E00603F00C01F81C007FF0001FC0013147E9317>I<FE3E00FE7F801ECFC01E +8FC01E8FC01F8FC01F03001F00001F00001F00001F00001F00001F00001F00001F00001F00001F +00001F0000FFF000FFF00012147E9316>114 D<0FE63FFE701E600EE006E006F800FFC07FF83F +FC1FFE03FE001FC007C007E007F006F81EFFFCC7F010147E9315>I<0180018001800380038003 +8007800F803F80FFFCFFFC0F800F800F800F800F800F800F800F800F800F800F860F860F860F86 +0F8607CC03F801F00F1D7F9C14>I E /Fp 14 118 df<F8F8F8F8F8383070706060E0050C7A84 +11>44 D<F8F8F8F8F805057A8411>46 D<0000FF00000007FFC000001FFFE000007FFFF00000FF +01F80001FC00FC0003F0007E0007E0003E000FC01FBE001F807FFF001F00FFFF003E01FFFF003E +03F0FF007C07E07F807C07C03F807C0F801F80FC0F801F80F81F000F80F81F000F80F81F000F80 +F81F000F80F81F000F80F81F000F80F81F000F80F81F000F80FC0F801F007C0F801F007C07C03E +007C07E07E003E03F0FC003E01FFF8001F00FFF0001F807FE0000FC01F800007E000000003F000 +000001FC000F8000FF007F00007FFFFE00001FFFF8000007FFE0000000FF0000212A7DA928>64 +D<01FE000FFF803FFFC03FFFE03C03F03001F00001F80000F80000F80000F80000F80000F8007F +F807FFF81FFFF83FE0F87F00F8FC00F8F800F8F800F8F800F8FC01F87E07F87FFFF83FFFF81FFC +F80FE0F8151B7E9A1D>97 D<F80000F80000F80000F80000F80000F80000F80000F80000F80000 +F80000F80000F80000F80000F80000F80000F83F00F9FFC0FBFFE0FFFFF0FF07F0FC01F8F800FC +F8007CF8007CF8007EF8003EF8003EF8003EF8003EF8003EF8003EF8003EF8007CF8007CF8007C +FC00F8FC01F8FF07F0FFFFE0FBFFC0F9FF80F87E00172A7BA91F>I<007FC001FFF007FFFC0FFF +FC1FC07C1F00083E00007C00007C00007C0000F80000F80000F80000F80000F80000F80000F800 +007C00007C00007E00003E00001F000C1FC07C0FFFFC07FFFC01FFF0007F80161B7E9A1B>I<00 +003E00003E00003E00003E00003E00003E00003E00003E00003E00003E00003E00003E00003E00 +003E00003E00FC3E03FF3E07FFFE0FFFFE1FC1FE3F007E3E003E7C003E7C003EFC003EF8003EF8 +003EF8003EF8003EF8003EF8003EF8003EFC003E7C003E7C003E3E007E3F00FE1FC1FE0FFFFE07 +FFBE03FF3E00FC3E172A7EA91F>I<007E0003FF8007FFC00FFFE01F83F03F00F03E00787C0078 +7C003878003CFFFFFCFFFFFCFFFFFCFFFFFCF80000F80000F800007800007C00007C00003E0000 +3F000C1FC07C0FFFFC07FFFC01FFF0007F80161B7E9A1B>I<001FC0007FC000FFC001FFC003F0 +0003E00007C00007C00007C00007C00007C00007C00007C00007C00007C000FFFE00FFFE00FFFE +0007C00007C00007C00007C00007C00007C00007C00007C00007C00007C00007C00007C00007C0 +0007C00007C00007C00007C00007C00007C00007C00007C00007C00007C00007C000122A7FA912 +>I<F80000F80000F80000F80000F80000F80000F80000F80000F80000F80000F80000F80000F8 +0000F80000F80000F83F00F8FF80FBFFC0FFFFE0FF07E0FE03F0FC01F0FC01F0FC01F0F801F0F8 +01F0F801F0F801F0F801F0F801F0F801F0F801F0F801F0F801F0F801F0F801F0F801F0F801F0F8 +01F0F801F0F801F0F801F0142A7BA91F>104 D<F83F00F9FFC0FBFFE0FFFFF0FF07F0FC01F8F8 +00FCF800FCF8007CF8007EF8003EF8003EF8003EF8003EF8003EF8003EF8003EF8007CF8007CF8 +00FCFC00F8FC03F8FF07F0FFFFE0FBFFC0F9FF80F87E00F80000F80000F80000F80000F80000F8 +0000F80000F80000F80000F80000F80000F8000017277B9A1F>112 D<F838F8F8F9F8FBF8FFC0 +FF00FE00FE00FC00FC00F800F800F800F800F800F800F800F800F800F800F800F800F800F800F8 +00F800F8000D1B7B9A14>114 D<03FC001FFF803FFFC07FFFC07C07C0F80080F80000F80000F8 +0000FC00007F80007FF8003FFE001FFF0007FF8000FFC0000FE00007E00003E00003E04003E0E0 +07E0FC0FC0FFFFC07FFF801FFE0003F800131B7E9A17>I<F801F0F801F0F801F0F801F0F801F0 +F801F0F801F0F801F0F801F0F801F0F801F0F801F0F801F0F801F0F801F0F801F0F801F0F801F0 +F801F0F801F0F803F0F803F0FC0FF0FFFFF07FFDF03FF9F01FC1F0141B7B9A1F>117 +D E /Fq 2 104 df<0000F80003C0000F00001E00003C00007800007800007800007800007800 +007800007800007800007800007800007800007800007800007800007800007800007800007800 +00780000780000F00000F00001E000078000FE0000FE000007800001E00000F00000F000007800 +007800007800007800007800007800007800007800007800007800007800007800007800007800 +007800007800007800007800007800007800003C00001E00000F000003C00000F8153C7CAC1E> +102 D<F800000F000003C00001E00000F000007800007800007800007800007800007800007800 +007800007800007800007800007800007800007800007800007800007800007800007800007800 +003C00003C00001E000007000001F80001F8000700001E00003C00003C00007800007800007800 +007800007800007800007800007800007800007800007800007800007800007800007800007800 +00780000780000780000780000F00001E00003C0000F0000F80000153C7CAC1E>I +E /Fr 38 122 df<78FCFCFEFE7A02020202040404081010204007127B8511>44 +D<FFFEFFFEFFFE0F037F8E14>I<007F000001C1C0000780F0000F0078000E0038001C001C003C +001E003C001E003C001E0078000F0078000F0078000F0078000F00F8000F80F8000F80F8000F80 +F8000F80F8000F80F8000F80F8000F80F8000F80F8000F80F8000F80F8000F80F8000F80F8000F +80F8000F80F8000F8078000F0078000F0078000F0078000F003C001E003C001E003C001E001C00 +1C000E0038000F0078000780F00001C1C000007F000019297EA71E>48 D<00100000700001F000 +0FF000FEF000F0F00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F000 +00F00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F000 +00F00000F00000F00000F00000F00000F00000F00000F00001F8007FFFE07FFFE013287BA71E> +I<007F000003FFC0000701F0000C00F80010007C001C007C003E007E003E003E003E003E001E00 +3E000C007E0000007C0000007C00000078000000F0000000E0000001C0000007000000FF000000 +01E0000000F0000000780000003C0000003E0000001F0000001F0000001F8000001F8030001F80 +78001F80FC001F80FC001F80FC001F00F8001F0040003F0040003E0030007C001800F8000F01F0 +0003FFC000007F000019297EA71E>51 D<00006000000060000000E0000001E0000001E0000003 +E0000003E0000005E0000009E0000009E0000011E0000021E0000021E0000041E0000081E00000 +81E0000101E0000201E0000201E0000401E0000801E0000801E0001001E0003001E0002001E000 +4001E000C001E000FFFFFF80FFFFFF800001E0000001E0000001E0000001E0000001E0000001E0 +000001E0000001E0000003F000007FFF80007FFF8019287EA71E>I<20000000380000003FFFFF +803FFFFF803FFFFF007FFFFF006000020040000400400004004000080080001000800020000000 +20000000400000008000000080000001000000030000000200000006000000060000000C000000 +0C0000001C0000001C0000001C0000003800000038000000380000007800000078000000780000 +0078000000F8000000F8000000F8000000F8000000F8000000F8000000F8000000F80000007000 +00192A7DA81E>55 D<007F000001FFC0000381F000060078000C003C001C001C0018000E003800 +0E0038000E0038000E003C000E003C000E003E001C001F8018001FC038000FF0600007F8C00003 +FF800001FF0000007FC00000FFE000030FF8000603FC001C01FE0038007E0030003F0070000F00 +70000780E0000780E0000380E0000380E0000380E0000380F0000300700007007800060038000C +001E0038000F80F00003FFE000007F000019297EA71E>I<007F000001FFC00007C1E0000F0070 +001E0038001C003C003C001C0078001E0078001E00F8000F00F8000F00F8000F00F8000F00F800 +0F80F8000F80F8000F80F8000F8078000F8078001F803C001F803C001F801C002F800E004F8007 +00CF8003810F80007E0F8000000F0000000F0000000F0000001E0000001E0000001E0000003C00 +1C003C003E0078003E0070003C00E0001801C0001C0780000FFE000003F8000019297EA71E>I< +00001800000000180000000018000000003C000000003C000000003C000000007E000000007E00 +000000FF000000009F000000009F000000011F800000010F800000010F8000000207C000000207 +C000000207C000000403E000000403E000000403E000000801F000000801F000001801F8000010 +00F800001000F800002000FC000020007C00003FFFFC00007FFFFE000040003E000040003E0000 +80001F000080001F000080001F000100000F800100000F800100000F8002000007C007000007C0 +1F80000FE0FFF000FFFFFFF000FFFF282A7EA92D>65 D<0000FF00100007FFE030001FC0783000 +3E000C7000F80006F001F00003F003E00001F007C00000F00F800000700F800000701F00000030 +3F000000303E000000303E000000107E000000107E000000107C00000000FC00000000FC000000 +00FC00000000FC00000000FC00000000FC00000000FC00000000FC00000000FC000000007C0000 +00007E000000007E000000103E000000103E000000103F000000101F000000200F800000200F80 +00006007C000004003E000008001F000018000F8000300003E000E00001FC038000007FFE00000 +00FF8000242B7DA92B>67 D<FFFFFFC000FFFFFFF80007E000FC0003E0003F0003E0000F8003E0 +0007C003E00003E003E00001F003E00000F003E00000F803E000007C03E000007C03E000007C03 +E000003E03E000003E03E000003E03E000003F03E000003F03E000003F03E000003F03E000003F +03E000003F03E000003F03E000003F03E000003F03E000003F03E000003E03E000003E03E00000 +7E03E000007C03E000007C03E00000F803E00000F803E00001F003E00003E003E00007C003E000 +0F8003E0001F0007E000FE00FFFFFFF800FFFFFFC00028297EA82E>I<FFFF80FFFF8007F00003 +E00003E00003E00003E00003E00003E00003E00003E00003E00003E00003E00003E00003E00003 +E00003E00003E00003E00003E00003E00003E00003E00003E00003E00003E00003E00003E00003 +E00003E00003E00003E00003E00003E00003E00003E00003E00007F000FFFF80FFFF8011297EA8 +16>73 D<FFFFE000FFFFE00007F0000003E0000003E0000003E0000003E0000003E0000003E000 +0003E0000003E0000003E0000003E0000003E0000003E0000003E0000003E0000003E0000003E0 +000003E0000003E0000003E0000003E0000003E0000003E0000003E0000103E0000103E0000103 +E0000103E0000203E0000203E0000203E0000203E0000603E0000603E0000E03E0001E03E0007C +07E001FCFFFFFFFCFFFFFFFC20297EA825>76 D<FFE0001FFFFFF0001FFF03F80001F002F80000 +E0027C000040027E000040023E000040021F000040021F800040020F8000400207C000400207E0 +00400203E000400201F000400201F800400200F8004002007C004002007E004002003E00400200 +1F004002001F804002000F8040020007C040020003E040020003E040020001F040020000F84002 +0000F8400200007C400200003E400200003E400200001F400200000FC00200000FC002000007C0 +02000003C002000003C007000001C00F800000C0FFF80000C0FFF800004028297EA82D>78 +D<0001FF0000000F01E000003C0078000078003C0000E0000E0001E0000F0003C0000780078000 +03C00F800003E01F000001F01F000001F03E000000F83E000000F87E000000FC7E000000FC7C00 +00007C7C0000007CFC0000007EFC0000007EFC0000007EFC0000007EFC0000007EFC0000007EFC +0000007EFC0000007EFC0000007E7C0000007C7E000000FC7E000000FC7E000000FC3E000000F8 +3F000001F81F000001F01F000001F00F800003E007800003C007C00007C003E0000F8000F0001E +000078003C00003C007800000F01E0000001FF0000272B7DA92E>I<FFFFFF8000FFFFFFF00007 +E000FC0003E0003E0003E0001F0003E0000F8003E0000FC003E00007C003E00007E003E00007E0 +03E00007E003E00007E003E00007E003E00007E003E00007C003E0000FC003E0000F8003E0001F +0003E0003E0003E001F80003FFFFE00003E000000003E000000003E000000003E000000003E000 +000003E000000003E000000003E000000003E000000003E000000003E000000003E000000003E0 +00000003E000000003E000000003E000000003E000000007F0000000FFFF800000FFFF80000023 +297EA829>I<00FE010003FF83000F81E3001E0037003C001F0038000F007800070070000700F0 +000300F0000300F0000300F0000100F8000100F8000100FC0000007C0000007F0000003FE00000 +1FFF00000FFFE00007FFF80003FFFC00007FFE000007FF0000007F0000001F8000000F80000007 +C0000007C0800003C0800003C0800003C0800003C0C00003C0C0000380C0000380E0000780F000 +0700F8000E00EE001C00C3C07800C1FFF000803FC0001A2B7DA921>83 D<7FFFFFFFF87FFFFFFF +F87C007C00F870007C003860007C001840007C000840007C0008C0007C000CC0007C000C80007C +000480007C000480007C000480007C000480007C000400007C000000007C000000007C00000000 +7C000000007C000000007C000000007C000000007C000000007C000000007C000000007C000000 +007C000000007C000000007C000000007C000000007C000000007C000000007C000000007C0000 +00007C000000007C000000007C000000007C000000007C00000000FE000000FFFFFE0000FFFFFE +0026297EA82B>I<FFFF801FFFFFFF801FFF07F00001F003E00000E003E000004003E000004003 +E000004003E000004003E000004003E000004003E000004003E000004003E000004003E0000040 +03E000004003E000004003E000004003E000004003E000004003E000004003E000004003E00000 +4003E000004003E000004003E000004003E000004003E000004003E000004003E000004003E000 +004003E000004001E000008001F000008001F000008000F000010000780003000078000200003C +000C00001F0018000007C070000001FFE00000007F0000282A7EA82D>I<FFFE03FFF803FFC0FF +FE03FFF803FFC00FE0003F80007E0007C0001F0000180003E0001F0000180003E0000F80001000 +03E0000F8000100001F0000F8000200001F0000FC000200001F0000FC000200000F8000FC00040 +0000F80013E000400000F80013E000400000FC0013E000C000007C0033F0008000007C0021F000 +8000007E0021F0008000003E0021F8010000003E0040F8010000003E0040F8010000001F0040F8 +020000001F00807C020000001F00807C020000000F80807C040000000F81003E040000000F8100 +3E0400000007C1003E0800000007C2001F0800000007C2001F0800000003E2001F1000000003E4 +000F9000000003E4000F9000000001F4000FA000000001F80007E000000001F80007E000000000 +F80007C000000000F00003C000000000F00003C000000000700003800000000060000180000000 +0060000180000000006000018000003A2A7FA83D>87 D<01FC00000E0780001001C0003C00E000 +3E00F0003E0078001C00780008007800000078000000780000007800007FF80003E078000F8078 +001F0078003E0078007C00780078007820F8007820F8007820F8007820F800F8207C00F8203C01 +3C401F063FC007F80F001B1A7E991E>97 D<07800000FF800000FF8000000F8000000780000007 +800000078000000780000007800000078000000780000007800000078000000780000007800000 +078000000783F000078C1C0007B0070007A0038007C003C0078001E0078001E0078000F0078000 +F0078000F8078000F8078000F8078000F8078000F8078000F8078000F8078000F0078000F00780 +01F0078001E0078001C007C003C00740078007200E0006181C000407E0001D2A7FA921>I<007F +8001C0700780080F003C1E007C3C007C3C00387C0010780000F80000F80000F80000F80000F800 +00F80000F80000F800007800007C00003C00043C00041E00080F001007802001C0C0007F00161A +7E991B>I<00000F000001FF000001FF0000001F0000000F0000000F0000000F0000000F000000 +0F0000000F0000000F0000000F0000000F0000000F0000000F0000000F00003F0F0001C0CF0003 +802F000F001F001E001F001C000F003C000F007C000F0078000F0078000F00F8000F00F8000F00 +F8000F00F8000F00F8000F00F8000F00F8000F0078000F0078000F003C000F003C000F001E001F +000E002F0007004F8001C18FF8007E0FF81D2A7EA921>I<007E0003C3800700E00E00F01C0070 +3C00783C003878003C78003CF8003CF8003CFFFFFCF80000F80000F80000F80000F80000780000 +7C00003C00043C00041E00080E001007002001C0C0007F00161A7E991B>I<001F000070C000E1 +E001C3E003C3E00381C00780800780000780000780000780000780000780000780000780000780 +00FFFE00FFFE000780000780000780000780000780000780000780000780000780000780000780 +0007800007800007800007800007800007800007800007800007800007800007C000FFFE00FFFE +00132A7FA912>I<07000F801F801F800F80070000000000000000000000000000000000000007 +807F807F800F800780078007800780078007800780078007800780078007800780078007800780 +0780078007800780FFF8FFF80D297FA811>105 D<0781F800FC00FF860E030700FF98070C0380 +0FA0079003C007A003D001E007C003E001E007C003E001E0078003C001E0078003C001E0078003 +C001E0078003C001E0078003C001E0078003C001E0078003C001E0078003C001E0078003C001E0 +078003C001E0078003C001E0078003C001E0078003C001E0078003C001E0078003C001E0078003 +C001E0078003C001E0FFFC7FFE3FFFFFFC7FFE3FFF301A7F9933>109 D<0783F800FF8C1C00FF +900E000FA0070007A0078007C0078007C007800780078007800780078007800780078007800780 +078007800780078007800780078007800780078007800780078007800780078007800780078007 +800780078007800780FFFCFFFCFFFCFFFC1E1A7F9921>I<007F000001C1C000070070000E0038 +001C001C003C001E003C001E0078000F0078000F00F8000F80F8000F80F8000F80F8000F80F800 +0F80F8000F80F8000F80F8000F8078000F0078000F003C001E003C001E001E003C000E00380007 +00700001C1C000007F0000191A7E991E>I<0783F000FF8C1C00FFB00F0007A0078007C003C007 +8003E0078001E0078001F0078001F0078000F8078000F8078000F8078000F8078000F8078000F8 +078000F8078000F0078001F0078001F0078001E0078003C007C003C007C0078007A00E0007983C +000787E00007800000078000000780000007800000078000000780000007800000078000000780 +000007800000FFFC0000FFFC00001D267F9921>I<0787C0FF98E0FF91F00FA1F007C1F007C0E0 +07C000078000078000078000078000078000078000078000078000078000078000078000078000 +07800007800007800007800007C000FFFE00FFFE00141A7F9917>114 D<07F8401C06C03001C0 +6000C06000C0E00040E00040F00040F800007E00007FF0003FFE000FFF0003FF80003FC00007C0 +8001E08001E0C000E0C000E0C000E0E000C0F001C0F80180C4070083F800131A7E9918>I<0080 +000080000080000080000180000180000180000380000380000780000F80001FFF80FFFF800780 +000780000780000780000780000780000780000780000780000780000780000780000780000780 +4007804007804007804007804007804007804003C08001C08000E100003E0012257FA417>I<07 +800780FF80FF80FF80FF800F800F80078007800780078007800780078007800780078007800780 +078007800780078007800780078007800780078007800780078007800780078007800780078007 +8007800F8007800F800380178001C027C000E047FC003F87FC1E1A7F9921>I<FFF00FF8FFF00F +F80F8003C0078003800780010003C0020003C0020003E0020001E0040001E0040000F0080000F0 +080000F818000078100000781000003C2000003C2000003E6000001E4000001E4000000F800000 +0F8000000700000007000000070000000200001D1A7F9920>I<FFF00FF8FFF00FF80F8003C007 +8003800780010003C0020003C0020003E0020001E0040001E0040000F0080000F0080000F81800 +0078100000781000003C2000003C2000003E6000001E4000001E4000000F8000000F8000000700 +00000700000007000000020000000200000004000000040000000400000008000070080000F810 +0000F8100000F8200000F0400000608000001F0000001D267F9920>121 +D E /Fs 24 124 df<00000FF03F000000780CE0800001E00FC3C00003801F87C00007003F07C0 +000F003F03C0001E001E0100001E001E0000001E001E0000003C003C0000003C003C0000003C00 +3C0000003C003C0000003C003C0000003C003C00000078007800000FFFFFFFF0000FFFFFFFF000 +00780078000000780078000000780078000000F000F0000000F000F0000000F000F0000000F000 +F0000000F000F0000000F000F0000001E001E0000001E001E0000001E001E0000001E001E00000 +01E001E0000001E001E0000003C003C0000003C003C0000003C003C0000003C003C0000003C003 +C0000003C003C0000007C007C000007FF87FFE0000FFF87FFE00002A2A7FA923>11 +D<387C7EFC7C3807067B8511>46 D<00000FF00100007FFE030001FC07070007E0018E001F8000 +5E003E00003E007C00003E00F800001E01F000001E03E000000C07C000000C07C000000C0F8000 +000C1F8000000C1F0000000C3F000000083F000000007E000000007E000000007E000000007E00 +000000FC00000000FC00000000FC00000000FC00000000FC00000000FC00000000FC00000000FC +000000207C000000207C000000207C000000403E000000403E000000801E000000801F00000100 +0F8000020007C000040003E000180001F0003000007E01E000003FFF80000007FC0000282B7AA9 +2B>67 D<01FFFFFFFF03FFFFFFFF000FC0007F000F80000F000F800007000F800007000F800003 +000F800003001F000003001F000003001F000001001F000001001F000801001F000801003E0010 +00003E001000003E001000003E003000003E00F000003FFFF000007FFFE000007C00E000007C00 +6000007C006000007C002000007C00200200F800400400F800400400F800000400F800000800F8 +00000800F800001801F000001001F000003001F000003001F000007001F00000E001F00003E003 +F0000FE0FFFFFFFFC0FFFFFFFFC028297EA829>69 D<01FFFF03FFFE03FFFF07FFFE000FC0001F +80000F80001F00000F80001F00000F80001F00000F80001F00000F80001F00001F00003E00001F +00003E00001F00003E00001F00003E00001F00003E00001F00003E00003E00007C00003E00007C +00003E00007C00003E00007C00003E00007C00003FFFFFFC00007FFFFFF800007C0000F800007C +0000F800007C0000F800007C0000F800007C0000F80000F80001F00000F80001F00000F80001F0 +0000F80001F00000F80001F00000F80001F00001F00003E00001F00003E00001F00003E00001F0 +0003E00001F00003E00001F00003E00003F00007E000FFFF81FFFF00FFFF81FFFF002F297EA82D +>72 D<01FFFF800003FFFF8000000FC00000000F800000000F800000000F800000000F80000000 +0F800000001F000000001F000000001F000000001F000000001F000000001F000000003E000000 +003E000000003E000000003E000000003E000000003E000000007C000000007C000000007C0000 +00007C000000007C000000007C00002000F800004000F800004000F800004000F800008000F800 +008000F800018001F000018001F000030001F000030001F000070001F0000E0001F0003E0003F0 +01FE00FFFFFFFC00FFFFFFFC0023297EA825>76 D<0001FC020007FF06001E038E003800DC0070 +007C00E0003C01E0001C03C0001C03C0001C0380000807800008078000080780000807C0000807 +C0000007E0000003F0000003FE000001FFE00001FFFE0000FFFF00003FFF80000FFFC00000FFE0 +00000FE0000003F0000001F0000001F0000001F0200000F0200000F0200000F0200000E0600001 +E0600001E0700001C0700003C0780007807C000700E6001E00E3C07C00C1FFF000803FC0001F2B +7DA921>83 D<003FC00001C0F0000200380007803C0007C01E000F801E0007801E0002001E0000 +001E0000001E0000001E00001FFC0001F83C0007C03C000F803C001E003C003E003C007C007820 +F8007820F8007820F8007820F800F820F80178407C0278403E0C3F8007F01E001B1A7D991E>97 +D<01E000003FE000003FE0000003C0000003C0000003C0000003C0000003C0000003C000000780 +000007800000078000000780000007800000078000000F0000000F07E0000F1838000F600E000F +800F000F0007001F0007801E0007C01E0003C01E0003C01E0003C01E0003C03C0007C03C0007C0 +3C0007C03C0007C03C0007803C000F8078000F8078000F0078001E0078001C0078003800740070 +00E200E000C103800080FE00001A2A7AA921>I<001FF000700C01E00203801E07001F0F003E1E +001E3E00083C00007C00007C0000780000F80000F80000F80000F80000F80000F80000F8000078 +00087800083C00101C00200E004007038001FC00181A7C991B>I<0000007800000FF800000FF8 +000000F0000000F0000000F0000000F0000000F0000000F0000001E0000001E0000001E0000001 +E0000001E0000001E0000003C0000FC3C0007833C001E00BC003800BC0070007C00F0007801E00 +07803E0007803C0007807C0007807C00078078000F00F8000F00F8000F00F8000F00F8000F00F8 +000F00F8001E00F8001E0078001E0078001E0038003E001C005E000E01BE0007063FE001F83FE0 +1D2A7CA921>I<001F8000F0E001C03003803807003C0E001C1E001C3E001E3C001E7C001E7C00 +1EFFFFFCF80000F80000F80000F80000F80000F80000F800007800087800083800101C00200E00 +C007030001FC00171A7C991B>I<0000003C0007E0C2003C390E00701E0E00E01E0401E01E0003 +E01F0003C01F0007C01F0007C01F0007C01F0007C01E0007C03E0007C03C0003C0780001C07000 +02E1E000063F000004000000040000000C0000000C0000000E00000007FFF00003FFFC0003FFFE +000E001F0018000780380003807000038070000380E0000380E0000380E0000380E00007007000 +0E0030001C001C0038000F01E00001FF00001F287F9A1E>103 D<000F000001FF000001FF0000 +001E0000001E0000001E0000001E0000001E0000001E0000003C0000003C0000003C0000003C00 +00003C0000003C00000078000000783F800078C1C0007900E0007A00F0007C00F000F800F000F8 +00F000F000F000F000F000F000F000F000F001E001E001E001E001E001E001E001E001E001E001 +E001E003C003C003C003C003C003C003C003C003C003C003C003C007C007C07FFC7FFCFFFCFFFC +1E2A7FA921>I<001C003E003E007E003E001C0000000000000000000000000000000000000078 +07F807F800F800F800F000F000F000F000F000F001E001E001E001E001E001E003C003C003C003 +C003C003C007C07FF8FFF80F297FA811>I<00781FC00FE00FF860E030700FF98070C03800FA00 +79003C00FC007A003C00F4007A003C00F8007C003C00F00078003C00F00078003C00F00078003C +00F00078003C01E000F0007801E000F0007801E000F0007801E000F0007801E000F0007801E000 +F0007803C001E000F003C001E000F003C001E000F003C001E000F003C001E000F003C001E000F0 +07C003E001F07FFC3FFE1FFFFFFC7FFE3FFF301A7F9933>109 D<00783F800FF8C1C00FF900E0 +00FA00F000FC00F000F800F000F800F000F000F000F000F000F000F000F000F001E001E001E001 +E001E001E001E001E001E001E001E001E003C003C003C003C003C003C003C003C003C003C003C0 +03C007C007C07FFC7FFCFFFCFFFC1E1A7F9921>I<001FC0000070700001C01C0003800E000700 +0E000E000F001E0007803C0007803C0007807C0007807C00078078000F80F8000F80F8000F80F8 +000F80F8000F80F8001F00F8001F00F8001E0078003C0078003C00380078001C00F0000E01C000 +0707800001FC0000191A7C991E>I<001E0FC00003FE30700003FEC03C00003F001E00001E001E +00003E000F00003C000F80003C000F80003C000F80003C000F80003C000F800078000F80007800 +0F800078000F800078000F800078000F000078001F0000F0001F0000F0003E0000F0003C0000F0 +00780000F000F00000F800E00001E403C00001E207000001E1FC000001E000000001E000000001 +E000000003C000000003C000000003C000000003C000000003C000000003C000000007C0000000 +7FFC000000FFFC0000002126819921>I<00787C0FF98E0FFA1F00FA1F00FC1E00F81E00F80000 +F80000F00000F00000F00001E00001E00001E00001E00001E00001E00003C00003C00003C00003 +C00003C00003C00007C0007FFE00FFFE00181A7F9917>114 D<003F8401C06C03001C06000C0E +000C0C00081C00081E00081F00001FC0000FFE0007FF8003FFC000FFE0000FF00001F02000F060 +00706000706000706000707000607000C0E80180C6070081FC00161A7E9918>I<002000002000 +00200000600000400000C00000C00001C00001C00003C0000780001FFF80FFFF80078000078000 +0780000F00000F00000F00000F00000F00000F00001E00001E00001E00001E00001E01001E0100 +3C02003C02003C02003C02003C04001C04001C08000E100003E00011257BA417>I<07800780FF +80FF80FF80FF800F800F800F800F800F000F000F000F000F000F000F000F000F000F000F000F00 +1E001E001E001E001E001E001E001E001E001E001E001E003C003C003C003C003C003C003C007C +003C007C003C00BC001C017C000E067FC003F87FC01A1A7B9921>I<FFFFFFF81D017D901E>123 +D E /Ft 80 125 df<001F83E000706E3000C07C780180F8780380F07807007000070070000700 +7000070070000700700007007000070070000700700007007000FFFFFFC0070070000700700007 +007000070070000700700007007000070070000700700007007000070070000700700007007000 +070070000700700007007000070070000700700007007000070078007FE3FF801D2380A21C>11 +D<001FC0000070200000C010000180380003807800070078000700300007000000070000000700 +000007000000070000000700000007000000FFFFF8000700780007003800070038000700380007 +003800070038000700380007003800070038000700380007003800070038000700380007003800 +07003800070038000700380007003800070038007FE1FF80192380A21B>I<001FD80000703800 +00C078000180780003807800070038000700380007003800070038000700380007003800070038 +000700380007003800FFFFF8000700380007003800070038000700380007003800070038000700 +380007003800070038000700380007003800070038000700380007003800070038000700380007 +00380007003800070038007FF3FF80192380A21B>I<000FC07F00007031C08000E00B00400180 +1E00E003803E01E007003C01E007001C00C007001C000007001C000007001C000007001C000007 +001C000007001C000007001C0000FFFFFFFFE007001C01E007001C00E007001C00E007001C00E0 +07001C00E007001C00E007001C00E007001C00E007001C00E007001C00E007001C00E007001C00 +E007001C00E007001C00E007001C00E007001C00E007001C00E007001C00E007001C00E07FF1FF +CFFE272380A229>I<000FE07F60007011C0E000E01B01E001803E01E003803E01E007001C00E0 +07001C00E007001C00E007001C00E007001C00E007001C00E007001C00E007001C00E007001C00 +E0FFFFFFFFE007001C00E007001C00E007001C00E007001C00E007001C00E007001C00E007001C +00E007001C00E007001C00E007001C00E007001C00E007001C00E007001C00E007001C00E00700 +1C00E007001C00E007001C00E007001C00E007001C00E07FF1FFCFFE272380A229>I<003C0000 +00006200000000C200000001810000000181000000038100000003810000000381000000038100 +0000038200000003820000000384000000038800000001C800000001D000000001E003FF8001C0 +007C0000E000380001E000300001F0002000027000400004700040000838008000183C00800030 +1C010000701E020000700E020000F007040000F007880000F003880000F001D00100F000E00100 +78007003003800B802003C031C04000E0C0E0C0003F003F00021257EA326>38 +D<70F8FCFC7404040404080810102040060F7CA20E>I<00200040008001000300060004000C00 +0C00180018003000300030007000600060006000E000E000E000E000E000E000E000E000E000E0 +00E000E000E000E0006000600060007000300030003000180018000C000C000400060003000100 +0080004000200B327CA413>I<800040002000100018000C000400060006000300030001800180 +018001C000C000C000C000E000E000E000E000E000E000E000E000E000E000E000E000E000E000 +C000C000C001C0018001800180030003000600060004000C00180010002000400080000B327DA4 +13>I<70F8FCFC7404040404080810102040060F7C840E>44 D<FFE0FFE00B027F8B10>I<70F8F8 +F87005057C840E>I<000080000180000180000300000300000300000600000600000600000C00 +000C00000C0000180000180000180000300000300000300000600000600000600000C00000C000 +00C0000180000180000180000180000300000300000300000600000600000600000C00000C0000 +0C0000180000180000180000300000300000300000600000600000600000C00000C00000C00000 +11317DA418>I<01F000071C000C06001803003803803803807001C07001C07001C07001C0F001 +E0F001E0F001E0F001E0F001E0F001E0F001E0F001E0F001E0F001E0F001E0F001E0F001E0F001 +E07001C07001C07001C07803C03803803803801C07000C0600071C0001F00013227EA018>I<00 +8003800F80F3800380038003800380038003800380038003800380038003800380038003800380 +0380038003800380038003800380038003800380038007C0FFFE0F217CA018>I<03F0000C1C00 +1007002007804003C04003C08003E0F003E0F801E0F801E0F801E02003E00003E00003C00003C0 +000780000700000E00001C0000180000300000600000C000018000010000020020040020080020 +1800603000403FFFC07FFFC0FFFFC013217EA018>I<03F8000C1E001007002007804007C07807 +C07803C07807C03807C0000780000780000700000F00000E0000380003F000001C00000F000007 +800007800003C00003C00003E02003E07003E0F803E0F803E0F003C04003C0400780200780100F +000C1C0003F00013227EA018>I<000200000600000E00000E00001E00001E00002E00004E0000 +4E00008E00008E00010E00020E00020E00040E00040E00080E00100E00100E00200E00200E0040 +0E00800E00FFFFF8000E00000E00000E00000E00000E00000E00000E00001F0001FFF015217FA0 +18>I<1000801E07001FFF001FFE001FF80013E000100000100000100000100000100000100000 +10F800130E001407001803801003800001C00001C00001E00001E00001E00001E07001E0F001E0 +F001E0E001C08001C04003C04003802007001006000C1C0003F00013227EA018>I<007E0001C1 +000300800601C00E03C01C03C0180180380000380000780000700000700000F0F800F30C00F406 +00F40300F80380F801C0F001C0F001E0F001E0F001E0F001E0F001E07001E07001E07001E03801 +C03801C01803801C03000C0600070C0001F00013227EA018>I<4000006000007FFFE07FFFC07F +FFC0400080C0010080010080020080020000040000080000080000100000300000200000600000 +600000600000E00000C00000C00001C00001C00001C00001C00003C00003C00003C00003C00003 +C00003C00003C00003C00001800013237DA118>I<01F800060E000803001001802001802000C0 +6000C06000C06000C07000C07801803E01003F02001FC4000FF80003F80003FC00067F00083F80 +100F803007C06001C06000E0C000E0C00060C00060C00060C000606000406000C0300080180300 +0E0E0003F00013227EA018>I<01F000060C000C0600180700380380700380700380F001C0F001 +C0F001C0F001E0F001E0F001E0F001E0F001E07001E07003E03803E01805E00C05E00619E003E1 +E00001C00001C00001C0000380000380300300780700780600700C002018001030000FC0001322 +7EA018>I<70F8F8F870000000000000000000000070F8F8F87005157C940E>I<70F8F8F8700000 +00000000000000000070F8F8F87808080808101010204040051F7C940E>I<07E01838201C400E +800FF00FF00FF00F000F000E001C00380030006000C000C0008000800180010001000100010001 +00010000000000000000000000038007C007C007C0038010237DA217>63 +D<0001800000018000000180000003C0000003C0000003C0000005E0000005E000000DF0000008 +F0000008F0000010F800001078000010780000203C0000203C0000203C0000401E0000401E0000 +401E0000800F0000800F0000FFFF000100078001000780030007C0020003C0020003C0040003E0 +040001E0040001E00C0000F00C0000F03E0001F8FF800FFF20237EA225>65 +D<FFFFF8000F800E0007800780078003C0078003E0078001E0078001F0078001F0078001F00780 +01F0078001F0078001E0078003E0078007C007800F8007803E0007FFFE0007800780078003C007 +8001E0078001F0078000F0078000F8078000F8078000F8078000F8078000F8078000F8078001F0 +078001F0078003E0078007C00F800F00FFFFFC001D227EA123>I<0007E0100038183000E00630 +01C00170038000F0070000F00E0000701E0000701C0000303C0000303C0000307C000010780000 +1078000010F8000000F8000000F8000000F8000000F8000000F8000000F8000000F80000007800 +0000780000107C0000103C0000103C0000101C0000201E0000200E000040070000400380008001 +C0010000E0020000381C000007E0001C247DA223>I<FFFFF0000F801E0007800700078003C007 +8001C0078000E0078000F007800078078000780780007C0780003C0780003C0780003C0780003E +0780003E0780003E0780003E0780003E0780003E0780003E0780003E0780003E0780003C078000 +3C0780007C0780007807800078078000F0078000E0078001E0078003C0078007000F801E00FFFF +F8001F227EA125>I<FFFFFFC00F8007C0078001C0078000C00780004007800040078000600780 +0020078000200780002007802020078020000780200007802000078060000780E00007FFE00007 +80E000078060000780200007802000078020000780200807800008078000080780001007800010 +07800010078000300780003007800070078000E00F8003E0FFFFFFE01D227EA121>I<FFFFFFC0 +0F8007C0078001C0078000C0078000400780004007800060078000200780002007800020078020 +20078020000780200007802000078060000780E00007FFE0000780E00007806000078020000780 +200007802000078020000780000007800000078000000780000007800000078000000780000007 +800000078000000FC00000FFFE00001B227EA120>I<0007F008003C0C1800E0021801C001B803 +8000F8070000780F0000381E0000381E0000183C0000183C0000187C0000087800000878000008 +F8000000F8000000F8000000F8000000F8000000F8000000F8000000F8001FFF780000F8780000 +787C0000783C0000783C0000781E0000781E0000780F00007807000078038000B801C000B800E0 +0318003C0C080007F00020247DA226>I<FFFC3FFF0FC003F0078001E0078001E0078001E00780 +01E0078001E0078001E0078001E0078001E0078001E0078001E0078001E0078001E0078001E007 +8001E007FFFFE0078001E0078001E0078001E0078001E0078001E0078001E0078001E0078001E0 +078001E0078001E0078001E0078001E0078001E0078001E0078001E00FC003F0FFFC3FFF20227E +A125>I<FFFC0FC007800780078007800780078007800780078007800780078007800780078007 +80078007800780078007800780078007800780078007800780078007800FC0FFFC0E227EA112> +I<03FFF0001F00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F +00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F +00700F00F80F00F80F00F80E00F01E00401C0020380018700007C00014237EA119>I<FFFC03FF +000FC000F800078000600007800040000780008000078001000007800200000780040000078008 +0000078010000007802000000780400000078080000007818000000783C000000787E000000789 +E000000788F000000790F0000007A078000007C03C000007803C000007801E000007800F000007 +800F00000780078000078007C000078003C000078001E000078001E000078000F000078000F800 +0FC000FC00FFFC07FF8021227EA126>I<FFFE00000FC000000780000007800000078000000780 +000007800000078000000780000007800000078000000780000007800000078000000780000007 +800000078000000780000007800000078000000780000007800000078000800780008007800080 +07800080078001800780018007800100078003000780030007800F000F803F00FFFFFF0019227E +A11E>I<FFC00003FF0FC00003F007C00003E005E00005E005E00005E004F00009E004F00009E0 +04F00009E004780011E004780011E004780011E0043C0021E0043C0021E0043C0021E0041E0041 +E0041E0041E0040F0081E0040F0081E0040F0081E004078101E004078101E004078101E00403C2 +01E00403C201E00401E401E00401E401E00401E401E00400F801E00400F801E00400F801E00400 +7001E00E007001E01F007003F0FFE0203FFF28227EA12D>I<FF8007FF07C000F807C0007005E0 +002004F0002004F0002004780020047C0020043C0020041E0020041F0020040F00200407802004 +0780200403C0200401E0200401E0200400F0200400F8200400782004003C2004003E2004001E20 +04000F2004000F20040007A0040003E0040003E0040001E0040001E0040000E00E0000601F0000 +60FFE0002020227EA125>I<000FE00000783C0000E00E0003C00780078003C00F0001E00E0000 +E01E0000F03C0000783C0000787C00007C7C00007C7800003C7800003CF800003EF800003EF800 +003EF800003EF800003EF800003EF800003EF800003EF800003E7800003C7C00007C7C00007C3C +0000783E0000F81E0000F00F0001E00F0001E0078003C003C0078000E00E0000783C00000FE000 +1F247DA226>I<FFFFF0000F803C0007800F0007800780078007C0078003C0078003E0078003E0 +078003E0078003E0078003E0078003E0078003C0078007C00780078007800F0007803C0007FFF0 +000780000007800000078000000780000007800000078000000780000007800000078000000780 +0000078000000780000007800000078000000FC00000FFFC00001B227EA121>I<000FE0000078 +3C0000E00E0003C00780078003C00F0001E00E0000E01E0000F03E0000F83C0000787C00007C7C +00007C7800003C7800003CF800003EF800003EF800003EF800003EF800003EF800003EF800003E +F800003EF800003E7800003C7C00007C7C00007C3C0000783C0000781E0380F00E0420E00F0801 +E0078813C003C8178000E80E00007C3C02000FEC0200000C0200000C0200000E0600000F0E0000 +07FC000007FC000007F8000003F8000001E01F2D7DA226>I<FFFFE000000F803C000007800E00 +000780078000078007C000078003C000078003E000078003E000078003E000078003E000078003 +E000078003C000078007C000078007800007800E000007803C000007FFE0000007807000000780 +38000007801C000007801E000007800E000007800F000007800F000007800F000007800F000007 +800F800007800F800007800F800007800F808007800FC080078007C0800FC003C100FFFC01E200 +0000007C0021237EA124>I<03F0200C0C601802603001E07000E0600060E00060E00060E00020 +E00020E00020F00000F000007800007F00003FF0001FFE000FFF0003FF80003FC00007E00001E0 +0000F00000F0000070800070800070800070800070C00060C00060E000C0F000C0C80180C60700 +81FC0014247DA21B>I<7FFFFFF87807807860078018400780084007800840078008C007800C80 +078004800780048007800480078004000780000007800000078000000780000007800000078000 +000780000007800000078000000780000007800000078000000780000007800000078000000780 +000007800000078000000780000007800000078000000FC00003FFFF001E227EA123>I<FFFC07 +FF0FC000F807800070078000200780002007800020078000200780002007800020078000200780 +002007800020078000200780002007800020078000200780002007800020078000200780002007 +80002007800020078000200780002007800020078000200380004003C0004003C0004001C00080 +00E000800060010000300600001C08000003F00020237EA125>I<FFF0007FC01F80001F000F00 +000C000780000C000780000800078000080003C000100003C000100003E000300001E000200001 +E000200000F000400000F000400000F000400000780080000078008000007C018000003C010000 +003C010000001E020000001E020000001F020000000F040000000F040000000F8C000000078800 +0000078800000003D000000003D000000003F000000001E000000001E000000000C000000000C0 +00000000C0000022237FA125>I<FFF03FFC03FE1F8007E000F80F0003C000700F0003C000200F +0003C00020078001E00040078001E00040078001E0004003C002F0008003C002F0008003C002F0 +008001E00478010001E00478010001E00478010000F0083C020000F0083C020000F0083C020000 +F8183E06000078101E04000078101E0400007C101E0400003C200F0800003C200F0800003C200F +0800001E40079000001E40079000001E40079000000F8003E000000F8003E000000F8003E00000 +070001C00000070001C00000070001C0000003000180000002000080002F237FA132>I<7FF807 +FF0007E001F80003C000E00003E000C00001E000800000F001000000F80300000078020000007C +040000003E0C0000001E080000001F100000000FB000000007A000000007C000000003E0000000 +01E000000001F000000003F80000000278000000047C0000000C3E000000081E000000101F0000 +00300F80000020078000004007C00000C003E000008001E000010001F000030000F000070000F8 +001F8001FC00FFE007FFC022227FA125>I<FEFEC0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0 +C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0FEFE07317BA40E>91 +D<FEFE060606060606060606060606060606060606060606060606060606060606060606060606 +060606060606060606FEFE07317FA40E>93 D<0FE0001838003C0C003C0E001807000007000007 +0000070000FF0007C7001E07003C0700780700700700F00708F00708F00708F00F087817083C23 +900FC1E015157E9418>97 D<0E0000FE00001E00000E00000E00000E00000E00000E00000E0000 +0E00000E00000E00000E00000E00000E1F000E61C00E80600F00300E00380E003C0E001C0E001E +0E001E0E001E0E001E0E001E0E001E0E001E0E001C0E003C0E00380F00700C80600C41C0083F00 +17237FA21B>I<01FE000703000C07801C0780380300780000700000F00000F00000F00000F000 +00F00000F00000F000007000007800403800401C00800C010007060001F80012157E9416>I<00 +00E0000FE00001E00000E00000E00000E00000E00000E00000E00000E00000E00000E00000E000 +00E001F8E00704E00C02E01C01E03800E07800E07000E0F000E0F000E0F000E0F000E0F000E0F0 +00E0F000E07000E07800E03800E01801E00C02E0070CF001F0FE17237EA21B>I<01FC00070700 +0C03801C01C03801C07801E07000E0F000E0FFFFE0F00000F00000F00000F00000F00000700000 +7800203800201C00400E008007030000FC0013157F9416>I<003C00C6018F038F030F07000700 +0700070007000700070007000700FFF80700070007000700070007000700070007000700070007 +0007000700070007000700070007807FF8102380A20F>I<00007001F198071E180E0E181C0700 +1C07003C07803C07803C07803C07801C07001C07000E0E000F1C0019F000100000100000180000 +1800001FFE000FFFC00FFFE03800F0600030400018C00018C00018C000186000306000303800E0 +0E038003FE0015217F9518>I<0E0000FE00001E00000E00000E00000E00000E00000E00000E00 +000E00000E00000E00000E00000E00000E1F800E60C00E80E00F00700F00700E00700E00700E00 +700E00700E00700E00700E00700E00700E00700E00700E00700E00700E00700E00700E0070FFE7 +FF18237FA21B>I<1C001E003E001E001C00000000000000000000000000000000000E00FE001E +000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E00FFC00A22 +7FA10E>I<01C003E003E003E001C00000000000000000000000000000000001E00FE001E000E0 +00E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000 +E000E000E060E0F0C0F18061803E000B2C82A10F>I<0E0000FE00001E00000E00000E00000E00 +000E00000E00000E00000E00000E00000E00000E00000E00000E03FC0E01F00E01C00E01800E02 +000E04000E08000E10000E38000EF8000F1C000E1E000E0E000E07000E07800E03C00E01C00E01 +E00E00F00E00F8FFE3FE17237FA21A>I<0E00FE001E000E000E000E000E000E000E000E000E00 +0E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E +000E000E000E00FFE00B237FA20E>I<0E1FC07F00FE60E183801E807201C00F003C00E00F003C +00E00E003800E00E003800E00E003800E00E003800E00E003800E00E003800E00E003800E00E00 +3800E00E003800E00E003800E00E003800E00E003800E00E003800E00E003800E00E003800E0FF +E3FF8FFE27157F942A>I<0E1F80FE60C01E80E00F00700F00700E00700E00700E00700E00700E +00700E00700E00700E00700E00700E00700E00700E00700E00700E00700E0070FFE7FF18157F94 +1B>I<01FC000707000C01801800C03800E0700070700070F00078F00078F00078F00078F00078 +F00078F000787000707800F03800E01C01C00E038007070001FC0015157F9418>I<0E1F00FE61 +C00E80600F00700E00380E003C0E001C0E001E0E001E0E001E0E001E0E001E0E001E0E001E0E00 +3C0E003C0E00380F00700E80E00E41C00E3F000E00000E00000E00000E00000E00000E00000E00 +000E00000E0000FFE000171F7F941B>I<01F8200704600E02601C01603801E07800E07800E0F0 +00E0F000E0F000E0F000E0F000E0F000E0F000E07000E07800E03801E01C01E00C02E0070CE001 +F0E00000E00000E00000E00000E00000E00000E00000E00000E00000E0000FFE171F7E941A>I< +0E3CFE461E8F0F0F0F060F000E000E000E000E000E000E000E000E000E000E000E000E000E000F +00FFF010157F9413>I<0F8830786018C018C008C008E008F0007F803FE00FF001F8003C801C80 +0C800CC00CC008E018D0308FC00E157E9413>I<02000200020002000600060006000E001E003E +00FFF80E000E000E000E000E000E000E000E000E000E000E000E040E040E040E040E040E040708 +030801F00E1F7F9E13>I<0E0070FE07F01E00F00E00700E00700E00700E00700E00700E00700E +00700E00700E00700E00700E00700E00700E00700E00F00E00F006017003827800FC7F18157F94 +1B>I<FFC1FE1E00780E00300E00200E002007004007004003808003808003808001C10001C100 +00E20000E20000E20000740000740000380000380000380000100017157F941A>I<FF8FF8FF1E +01E03C1C01C0180E01C0180E01E0100E01E0100702602007027020070270200384304003843840 +0384384001C8188001C81C8001C81C8000F00D0000F00F0000F00F000060060000600600006006 +0020157F9423>I<FF83FE1F01F00E00C007008003810003830001C20000E40000780000780000 +3800003C00004E00008E000187000103800201C00401E00C00E03E01F0FF03FE17157F941A>I< +FFC1FE1E00780E00300E00200E002007004007004003808003808003808001C10001C10000E200 +00E20000E200007400007400003800003800003800001000001000002000002000002000004000 +F04000F08000F180004300003C0000171F7F941A>I<3FFFC0380380300780200700600E00401C +00403C0040380000700000E00001E00001C0000380400700400F00400E00C01C00803800807801 +80700780FFFF8012157F9416>I<FFFFFE1701808C18>I<FFFFFFFFFFFF3001808C31>I +E /Fu 35 124 df<0001E0000003E000000FE000007FE0001FFFE000FFFFE000FFBFE000E03FE0 +00003FE000003FE000003FE000003FE000003FE000003FE000003FE000003FE000003FE000003F +E000003FE000003FE000003FE000003FE000003FE000003FE000003FE000003FE000003FE00000 +3FE000003FE000003FE000003FE000003FE000003FE000003FE000003FE000003FE000003FE000 +003FE000003FE000003FE000003FE000003FE000003FE0007FFFFFF07FFFFFF07FFFFFF01C2E7A +AD29>49 D<003FF00001FFFE0007FFFF800FC07FE01E001FF03C000FF87F0007FC7F8007FEFFC0 +07FEFFC003FEFFC003FFFFC003FF7F8003FF7F8003FF3F0003FF000003FF000003FE000003FE00 +0007FC000007FC00000FF800000FF000001FE000001FC000003F8000007F000000FE000001F800 +0001F0000003E00000078007000F0007001E0007003C000F0078000E00F0000E01C0001E03FFFF +FE07FFFFFE0FFFFFFE1FFFFFFE3FFFFFFE7FFFFFFCFFFFFFFCFFFFFFFCFFFFFFFC202E7CAD29> +I<000FFC0000007FFF800001F01FE00003C00FF000070007F8000FE007FC000FF007FC001FF007 +FE001FF807FE001FF807FE001FF807FE001FF807FE000FF007FC0007E007FC00018007FC000000 +0FF80000000FF00000001FE00000001FC00000007F8000001FFE0000001FFC0000001FFF800000 +001FF000000007F800000003FC00000003FE00000003FF00000001FF80000001FF800E0001FFC0 +3F8001FFC07FC001FFC07FC001FFC0FFE001FFC0FFE001FFC0FFE001FF80FFE001FF80FFC003FF +007F8003FF003F0003FE001F0007FC000FE01FF80007FFFFE00001FFFF8000001FFC0000222E7D +AD29>I<0000007800000000F800000001F800000003F800000007F800000007F80000000FF800 +00001FF80000003FF80000007FF800000077F8000000F7F8000001E7F8000003C7F800000787F8 +00000707F800000F07F800001E07F800003C07F800007807F800007007F80000F007F80001E007 +F80003C007F800078007F8000F0007F8000F0007F8001E0007F8003C0007F800780007F800F000 +07F800FFFFFFFFF0FFFFFFFFF0FFFFFFFFF000000FF80000000FF80000000FF80000000FF80000 +000FF80000000FF80000000FF80000000FF80000000FF800000FFFFFF0000FFFFFF0000FFFFFF0 +242E7EAD29>I<0000007C0000000000007C000000000000FE000000000000FE000000000000FE +000000000001FF000000000001FF000000000003FF800000000003FF800000000007FFC0000000 +0007FFC00000000007FFC0000000000FFFE0000000000F7FE0000000001F7FF0000000001E3FF0 +000000001E3FF0000000003E3FF8000000003C1FF8000000007C1FFC00000000780FFC00000000 +780FFC00000000F80FFE00000000F007FE00000001F007FF00000001E003FF00000001E003FF00 +000003E003FF80000003C001FF80000007C001FFC00000078000FFC00000078000FFC000000FFF +FFFFE000000FFFFFFFE000001FFFFFFFF000001E00003FF000001E00003FF000003C00003FF800 +003C00001FF800007C00001FFC00007800000FFC00007800000FFC0000F0000007FE0000F00000 +07FE0001F0000007FF0003F8000003FF00FFFFC001FFFFFEFFFFC001FFFFFEFFFFC001FFFFFE37 +317DB03E>65 D<FFFFFFFFF80000FFFFFFFFFF0000FFFFFFFFFFE00000FF80003FF00000FF8000 +0FF80000FF800007FC0000FF800007FE0000FF800003FF0000FF800003FF0000FF800001FF8000 +FF800001FF8000FF800001FF8000FF800001FF8000FF800001FF8000FF800001FF8000FF800003 +FF0000FF800003FF0000FF800007FF0000FF800007FE0000FF80000FFC0000FF80001FF80000FF +8000FFE00000FFFFFFFF800000FFFFFFFF000000FFFFFFFFE00000FF80001FF80000FF800007FC +0000FF800003FF0000FF800001FF0000FF800001FF8000FF800000FFC000FF800000FFC000FF80 +0000FFE000FF800000FFE000FF800000FFE000FF800000FFE000FF800000FFE000FF800000FFE0 +00FF800000FFE000FF800000FFC000FF800001FFC000FF800001FF8000FF800003FF8000FF8000 +07FF0000FF80000FFE0000FF80003FFC00FFFFFFFFFFF000FFFFFFFFFFC000FFFFFFFFFE000033 +317EB03B>I<000003FF80018000003FFFF003800001FFFFFC0F800007FF007F1F80001FF8000F +BF80003FE00003FF8000FF800000FF8001FF0000007F8003FE0000003F8007FC0000003F8007FC +0000001F800FF80000001F801FF80000000F801FF00000000F803FF000000007803FF000000007 +807FF000000007807FE000000007807FE000000000007FE00000000000FFE00000000000FFE000 +00000000FFE00000000000FFE00000000000FFE00000000000FFE00000000000FFE00000000000 +FFE00000000000FFE000000000007FE000000000007FE000000000007FE000000000007FF00000 +0003803FF000000003803FF000000003801FF000000003801FF800000007800FF8000000070007 +FC000000070007FC0000000E0003FE0000001E0001FF0000003C0000FF8000007800003FE00000 +F000001FF80003E0000007FF003F80000001FFFFFE000000003FFFF80000000003FF8000003131 +7BB03C>I<FFFFFFC0FFFFFFC0FFFFFFC000FFC00000FFC00000FFC00000FFC00000FFC00000FF +C00000FFC00000FFC00000FFC00000FFC00000FFC00000FFC00000FFC00000FFC00000FFC00000 +FFC00000FFC00000FFC00000FFC00000FFC00000FFC00000FFC00000FFC00000FFC00000FFC000 +00FFC00000FFC00000FFC00000FFC00000FFC00000FFC00000FFC00000FFC00000FFC00000FFC0 +0000FFC00000FFC00000FFC00000FFC00000FFC00000FFC00000FFC00000FFC000FFFFFFC0FFFF +FFC0FFFFFFC01A317EB01F>73 D<FFFF8000000001FFFF80FFFFC000000003FFFF80FFFFE00000 +0007FFFF8000FFE000000007FF800000EFF00000000EFF800000EFF00000000EFF800000EFF000 +00000EFF800000E7F80000001CFF800000E7F80000001CFF800000E3FC00000038FF800000E3FC +00000038FF800000E1FE00000070FF800000E1FE00000070FF800000E0FF000000E0FF800000E0 +FF000000E0FF800000E07F800001C0FF800000E07F800001C0FF800000E03FC0000380FF800000 +E03FC0000380FF800000E03FC0000380FF800000E01FE0000700FF800000E01FE0000700FF8000 +00E00FF0000E00FF800000E00FF0000E00FF800000E007F8001C00FF800000E007F8001C00FF80 +0000E003FC003800FF800000E003FC003800FF800000E001FE007000FF800000E001FE007000FF +800000E000FF00E000FF800000E000FF00E000FF800000E000FF00E000FF800000E0007F81C000 +FF800000E0007F81C000FF800000E0003FC38000FF800000E0003FC38000FF800000E0001FE700 +00FF800000E0001FE70000FF800000E0000FFE0000FF800000E0000FFE0000FF800000E00007FC +0000FF800000E00007FC0000FF800000E00007FC0000FF800000E00003F80000FF800001F00003 +F80000FF8000FFFFE001F000FFFFFF80FFFFE001F000FFFFFF80FFFFE000E000FFFFFF8049317E +B04E>77 D<FFFFC000007FFFF0FFFFE000007FFFF0FFFFF000007FFFF000FFF8000000F80000FF +FC000000700000FFFE000000700000EFFF000000700000E7FF800000700000E3FF800000700000 +E1FFC00000700000E0FFE00000700000E07FF00000700000E07FF80000700000E03FFC00007000 +00E01FFE0000700000E00FFF0000700000E007FF8000700000E003FF8000700000E001FFC00070 +0000E000FFE000700000E0007FF000700000E0007FF800700000E0003FFC00700000E0001FFE00 +700000E0000FFF00700000E00007FF80700000E00003FF80700000E00001FFC0700000E00000FF +E0700000E000007FF0700000E000007FF8700000E000003FFC700000E000001FFE700000E00000 +0FFF700000E0000007FFF00000E0000003FFF00000E0000001FFF00000E0000000FFF00000E000 +00007FF00000E00000007FF00000E00000003FF00000E00000001FF00000E00000000FF00000E0 +00000007F00000E000000003F00001F000000001F000FFFFE0000000F000FFFFE00000007000FF +FFE000000070003C317EB041>I<00000FFE0000000000FFFFE000000007FFFFFC0000001FFC07 +FF0000003FE000FF800000FF80003FE00001FF00001FF00003FE00000FF80007FC000007FC0007 +FC000007FC000FF8000003FE001FF8000003FF001FF0000001FF003FF0000001FF803FF0000001 +FF803FF0000001FF807FE0000000FFC07FE0000000FFC07FE0000000FFC0FFE0000000FFE0FFE0 +000000FFE0FFE0000000FFE0FFE0000000FFE0FFE0000000FFE0FFE0000000FFE0FFE0000000FF +E0FFE0000000FFE0FFE0000000FFE0FFE0000000FFE0FFE0000000FFE07FE0000000FFC07FE000 +0000FFC07FF0000001FFC07FF0000001FFC03FF0000001FF803FF0000001FF801FF8000003FF00 +1FF8000003FF000FFC000007FE000FFC000007FE0007FE00000FFC0003FF00001FF80001FF8000 +3FF00000FFC0007FE000003FE000FF8000001FFC07FF00000007FFFFFC00000000FFFFE0000000 +000FFE00000033317BB03E>I<FFFFFFFFE000FFFFFFFFFE00FFFFFFFFFF8000FFC001FFE000FF +C0003FF000FFC0001FF800FFC0000FFC00FFC0000FFC00FFC00007FE00FFC00007FE00FFC00007 +FF00FFC00007FF00FFC00007FF00FFC00007FF00FFC00007FF00FFC00007FF00FFC00007FF00FF +C00007FE00FFC00007FE00FFC0000FFC00FFC0000FFC00FFC0001FF800FFC0003FF000FFC001FF +E000FFFFFFFF8000FFFFFFFE0000FFFFFFE00000FFC000000000FFC000000000FFC000000000FF +C000000000FFC000000000FFC000000000FFC000000000FFC000000000FFC000000000FFC00000 +0000FFC000000000FFC000000000FFC000000000FFC000000000FFC000000000FFC000000000FF +C000000000FFC000000000FFC0000000FFFFFFC00000FFFFFFC00000FFFFFFC0000030317EB038 +>I<FFFFFFFFC0000000FFFFFFFFFC000000FFFFFFFFFF80000000FFC001FFE0000000FFC0003F +F0000000FFC0000FFC000000FFC00007FC000000FFC00007FE000000FFC00003FF000000FFC000 +03FF000000FFC00003FF800000FFC00003FF800000FFC00003FF800000FFC00003FF800000FFC0 +0003FF800000FFC00003FF800000FFC00003FF000000FFC00003FF000000FFC00007FE000000FF +C00007FC000000FFC0000FFC000000FFC0003FF0000000FFC001FFE0000000FFFFFFFF80000000 +FFFFFFFC00000000FFFFFFFE00000000FFC003FF00000000FFC000FFC0000000FFC0007FE00000 +00FFC0003FE0000000FFC0003FF0000000FFC0001FF0000000FFC0001FF8000000FFC0001FF800 +0000FFC0001FF8000000FFC0001FF8000000FFC0001FF8000000FFC0001FFC000000FFC0001FFC +000000FFC0001FFC000000FFC0001FFC004000FFC0001FFC00E000FFC0001FFE00E000FFC0000F +FE00E000FFC0000FFF01C000FFC00007FF83C0FFFFFFC003FFFF80FFFFFFC000FFFF00FFFFFFC0 +000FFC003B317EB03E>82 D<001FF0018000FFFF038003FFFFC78007F00FFF800F8001FF801F00 +007F803F00001F803E00000F807E00000F807E00000780FE00000780FE00000780FE00000380FF +00000380FF00000380FF80000000FFE00000007FFC0000007FFFE000007FFFFE00003FFFFFC000 +1FFFFFF0001FFFFFF8000FFFFFFC0003FFFFFE0001FFFFFF00007FFFFF80001FFFFF800000FFFF +C0000007FFC0000000FFE00000003FE00000003FE00000001FE06000001FE0E000000FE0E00000 +0FE0E000000FE0E000000FC0F000000FC0F000000FC0F800001F80FC00001F80FF00003F00FFC0 +007E00FFFC01FC00F1FFFFF800E03FFFE000C007FF000023317BB02E>I<3FFFFFFFFFFF003FFF +FFFFFFFF003FFFFFFFFFFF003FE00FFC01FF007F000FFC003F807E000FFC001F807C000FFC000F +8078000FFC00078078000FFC00078070000FFC00038070000FFC00038070000FFC00038070000F +FC000380E0000FFC0001C0E0000FFC0001C0E0000FFC0001C0E0000FFC0001C000000FFC000000 +00000FFC00000000000FFC00000000000FFC00000000000FFC00000000000FFC00000000000FFC +00000000000FFC00000000000FFC00000000000FFC00000000000FFC00000000000FFC00000000 +000FFC00000000000FFC00000000000FFC00000000000FFC00000000000FFC00000000000FFC00 +000000000FFC00000000000FFC00000000000FFC00000000000FFC00000000000FFC0000000000 +0FFC00000000000FFC00000000000FFC00000000000FFC00000000000FFC000000007FFFFFFF80 +00007FFFFFFF8000007FFFFFFF800032307DAF39>I<007FF8000003FFFF000007FFFFC0000FE0 +1FE0001FF007F0001FF003F8001FF003FC001FF001FE000FE001FE0007C001FE00010001FE0000 +0001FE00000001FE000001FFFE00003FFFFE0001FFF1FE0007FE01FE000FF001FE001FC001FE00 +3F8001FE007F8001FE00FF0001FE00FF0001FE00FF0001FE00FF0001FE00FF0003FE007F8003FE +007FC00EFE003FF03CFF000FFFF87FF807FFF03FF800FF800FF825207E9F28>97 +D<01F8000000FFF8000000FFF8000000FFF80000000FF800000007F800000007F800000007F800 +000007F800000007F800000007F800000007F800000007F800000007F800000007F800000007F8 +00000007F800000007F800000007F80FF00007F87FFE0007F9FFFF8007FFE03FC007FF000FE007 +FE0007F007F80003F807F80003FC07F80003FC07F80001FE07F80001FE07F80001FE07F80001FF +07F80001FF07F80001FF07F80001FF07F80001FF07F80001FF07F80001FF07F80001FF07F80001 +FE07F80001FE07F80001FE07F80003FC07F80003FC07FC0007F807FE0007F007F7001FE007E3E0 +7FC007C1FFFF0007807FFE0007001FE00028327EB12E>I<0007FF00007FFFE000FFFFF003FC03 +F807F007FC0FE007FC1FE007FC3FC007FC3FC003F87FC001F07F8000407F800000FF800000FF80 +0000FF800000FF800000FF800000FF800000FF800000FF8000007F8000007FC000007FC000003F +C0000E3FE0000E1FE0001C0FF0001C07F8007803FF01F000FFFFE0007FFF800007FC001F207D9F +25>I<00000007E0000003FFE0000003FFE0000003FFE00000003FE00000001FE00000001FE000 +00001FE00000001FE00000001FE00000001FE00000001FE00000001FE00000001FE00000001FE0 +0000001FE00000001FE00000001FE0000FF81FE0007FFF1FE001FFFFDFE003FE03FFE007F800FF +E00FE0003FE01FE0001FE03FC0001FE03FC0001FE07F80001FE07F80001FE07F80001FE0FF8000 +1FE0FF80001FE0FF80001FE0FF80001FE0FF80001FE0FF80001FE0FF80001FE0FF80001FE07F80 +001FE07F80001FE07F80001FE03FC0001FE03FC0001FE01FC0003FE00FE0007FE007F001FFE003 +FC07DFF001FFFF9FFF007FFE1FFF000FF01FFF28327DB12E>I<0007FC0000003FFF800000FFFF +E00003FC07F00007F801F8000FE000FC001FE0007E003FC0007E003FC0003F007FC0003F007F80 +003F007F80003F80FF80003F80FF80003F80FFFFFFFF80FFFFFFFF80FFFFFFFF80FF80000000FF +80000000FF800000007F800000007F800000003FC00000003FC00003801FC00003801FE0000780 +0FF0000F0007F8001E0003FE00FC0000FFFFF800003FFFE0000003FF000021207E9F26>I<0000 +FF000007FFC0001FFFE0003FC7F0007F0FF800FE0FF801FE0FF801FC0FF803FC07F003FC03E003 +FC01C003FC000003FC000003FC000003FC000003FC000003FC000003FC0000FFFFF800FFFFF800 +FFFFF80003FC000003FC000003FC000003FC000003FC000003FC000003FC000003FC000003FC00 +0003FC000003FC000003FC000003FC000003FC000003FC000003FC000003FC000003FC000003FC +000003FC000003FC000003FC000003FC000003FC000003FC000003FC00007FFFF0007FFFF0007F +FFF0001D327EB119>I<001FF007E000FFFE3FF001FFFF7FF807F83FF1F80FE00FE1F80FE00FE0 +F01FC007F0601FC007F0003FC007F8003FC007F8003FC007F8003FC007F8003FC007F8001FC007 +F0001FC007F0000FE00FE0000FE00FE00007F83FC00007FFFF000006FFFE00000E1FF000000E00 +0000001E000000001E000000001F000000001F800000001FFFFFC0000FFFFFF8000FFFFFFE0007 +FFFFFF0003FFFFFF8007FFFFFFC01FFFFFFFE03F00007FE07E00000FF0FC000007F0FC000003F0 +FC000003F0FC000003F0FC000003F07E000007E03F00000FC01FC0003F800FF801FF0007FFFFFE +0000FFFFF000001FFF8000252F7E9F29>I<01F800000000FFF800000000FFF800000000FFF800 +0000000FF80000000007F80000000007F80000000007F80000000007F80000000007F800000000 +07F80000000007F80000000007F80000000007F80000000007F80000000007F80000000007F800 +00000007F80000000007F807F8000007F83FFF000007F87FFF800007F8F03FC00007F9C01FE000 +07FB000FE00007FE000FF00007FE000FF00007FC000FF00007FC000FF00007F8000FF00007F800 +0FF00007F8000FF00007F8000FF00007F8000FF00007F8000FF00007F8000FF00007F8000FF000 +07F8000FF00007F8000FF00007F8000FF00007F8000FF00007F8000FF00007F8000FF00007F800 +0FF00007F8000FF00007F8000FF00007F8000FF00007F8000FF000FFFFC1FFFF80FFFFC1FFFF80 +FFFFC1FFFF8029327DB12E>I<03C0000FF0000FF0001FF8001FF8001FFC001FF8001FF8000FF0 +000FF00003C00000000000000000000000000000000000000000000000000001F800FFF800FFF8 +00FFF8000FF80007F80007F80007F80007F80007F80007F80007F80007F80007F80007F80007F8 +0007F80007F80007F80007F80007F80007F80007F80007F80007F80007F80007F80007F80007F8 +00FFFF80FFFF80FFFF8011337DB217>I<01F8000000FFF8000000FFF8000000FFF80000000FF8 +00000007F800000007F800000007F800000007F800000007F800000007F800000007F800000007 +F800000007F800000007F800000007F800000007F800000007F800000007F8007FFC07F8007FFC +07F8007FFC07F8001FC007F8001F0007F8003E0007F800780007F801F00007F803E00007F80780 +0007F81F000007F83E000007F87C000007F9FE000007FBFF000007FFFF800007FF7FC00007FE3F +E00007F81FE00007F01FF00007F00FF80007F007FC0007F003FE0007F001FF0007F000FF0007F0 +00FF8007F0007FC007F0003FE007F0003FF0FFFF80FFFFFFFF80FFFFFFFF80FFFF28327EB12C> +107 D<01F800FFF800FFF800FFF8000FF80007F80007F80007F80007F80007F80007F80007F800 +07F80007F80007F80007F80007F80007F80007F80007F80007F80007F80007F80007F80007F800 +07F80007F80007F80007F80007F80007F80007F80007F80007F80007F80007F80007F80007F800 +07F80007F80007F80007F80007F80007F80007F80007F80007F800FFFFC0FFFFC0FFFFC012327D +B117>I<03F007F8000FF000FFF03FFF007FFE00FFF07FFF80FFFF00FFF0F03FC1E07F800FF1C0 +1FE3803FC007F3000FE6001FC007F6000FFC001FE007FE000FFC001FE007FC000FF8001FE007FC +000FF8001FE007F8000FF0001FE007F8000FF0001FE007F8000FF0001FE007F8000FF0001FE007 +F8000FF0001FE007F8000FF0001FE007F8000FF0001FE007F8000FF0001FE007F8000FF0001FE0 +07F8000FF0001FE007F8000FF0001FE007F8000FF0001FE007F8000FF0001FE007F8000FF0001F +E007F8000FF0001FE007F8000FF0001FE007F8000FF0001FE007F8000FF0001FE007F8000FF000 +1FE0FFFFC1FFFF83FFFFFFFFC1FFFF83FFFFFFFFC1FFFF83FFFF40207D9F45>I<03F007F80000 +FFF03FFF0000FFF07FFF8000FFF0F03FC0000FF1C01FE00007F3000FE00007F6000FF00007FE00 +0FF00007FC000FF00007FC000FF00007F8000FF00007F8000FF00007F8000FF00007F8000FF000 +07F8000FF00007F8000FF00007F8000FF00007F8000FF00007F8000FF00007F8000FF00007F800 +0FF00007F8000FF00007F8000FF00007F8000FF00007F8000FF00007F8000FF00007F8000FF000 +07F8000FF00007F8000FF000FFFFC1FFFF80FFFFC1FFFF80FFFFC1FFFF8029207D9F2E>I<0007 +FE0000003FFFC00000FFFFF00003FC03FC0007F000FE000FE0007F001FC0003F803FC0003FC03F +C0003FC07F80001FE07F80001FE07F80001FE0FF80001FF0FF80001FF0FF80001FF0FF80001FF0 +FF80001FF0FF80001FF0FF80001FF0FF80001FF07F80001FE07F80001FE07F80001FE03FC0003F +C03FC0003FC01FE0007F800FE0007F0007F801FE0003FE07FC0001FFFFF800003FFFC0000007FE +000024207E9F29>I<03F03F00FFF07FC0FFF1FFE0FFF3C7F00FF38FF807F70FF807F60FF807FE +0FF807FC07F007FC03E007FC008007F8000007F8000007F8000007F8000007F8000007F8000007 +F8000007F8000007F8000007F8000007F8000007F8000007F8000007F8000007F8000007F80000 +07F8000007F80000FFFFE000FFFFE000FFFFE0001D207E9F22>114 D<00FF870007FFEF001FFF +FF003F007F003C001F0078000F00F8000700F8000700F8000700FC000700FF000000FFF800007F +FFC0003FFFF0003FFFFC000FFFFE0007FFFF0001FFFF80001FFF800000FFC000001FC060000FC0 +E00007C0E00007C0F00007C0F8000780F8000F80FE000F00FF803E00FFFFFC00F3FFF800C07FC0 +001A207D9F21>I<00380000380000380000380000380000780000780000780000F80000F80001 +F80003F80007F8001FF800FFFFFEFFFFFEFFFFFE07F80007F80007F80007F80007F80007F80007 +F80007F80007F80007F80007F80007F80007F80007F80007F80007F80007F80707F80707F80707 +F80707F80707F80707F80703F80E03FC0E01FE1C00FFF8007FF0000FE0182E7EAD20>I<01F800 +03F000FFF801FFF000FFF801FFF000FFF801FFF0000FF8001FF00007F8000FF00007F8000FF000 +07F8000FF00007F8000FF00007F8000FF00007F8000FF00007F8000FF00007F8000FF00007F800 +0FF00007F8000FF00007F8000FF00007F8000FF00007F8000FF00007F8000FF00007F8000FF000 +07F8000FF00007F8000FF00007F8000FF00007F8000FF00007F8001FF00007F8001FF00003F800 +3FF00003F8006FF00001FE03CFF80000FFFF8FFF80007FFF0FFF80000FFC0FFF8029207D9F2E> +I<FFFF0FFFF01FFEFFFF0FFFF01FFEFFFF0FFFF01FFE0FF0007E0001F00FF8007F0001E007F800 +7F0001C007F8003F8003C003FC003F80038003FC007FC0038003FE007FC0078001FE00FFC00700 +01FF00EFE00F0000FF00EFE00E0000FF01C7F00E00007F81C7F01C00007F83C7F01C00007FC383 +F83C00003FC383F83800003FC701FC3800001FE701FC7000001FEF01FC7000001FFE00FEF00000 +0FFE00FEE000000FFC007FE0000007FC007FC0000007FC007FC0000007F8003FC0000003F8003F +80000003F0001F80000001F0001F00000001E0000F00000000E0000E000037207E9F3C>119 +D<FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2803809429>123 D E end +%%EndProlog +%%BeginSetup +TeXDict begin + +%%EndSetup +%%Page: 1 1 +0 bop 367 90 a Fu(Coun)n(tering)26 b(Abuse)h(of)h(Name{Based)691 +182 y(Authen)n(tication)1260 156 y Ft(1)397 349 y Fs(Christoph)20 +b(L.)g(Sc)n(h)n(uba)h(and)f(Eugene)f(H.)h(Spa\013ord)728 475 +y Fr(CO)n(AST)h(Lab)r(oratory)541 550 y(Departmen)n(t)e(of)h(Computer)f +(Sciences)750 625 y(Purdue)h(Univ)n(ersit)n(y)587 700 y(W)-5 +b(est)19 b(Lafa)n(y)n(ette,)h(IN)f(47907-1398)624 774 y Fq(f)p +Fp(schuba,spaf)p Fq(g)p Fp(@cs.purdue.)o(edu)889 959 y Fo(Abstract)279 +1044 y Fn(Authen)o(tication)f(for)f(access)h(con)o(trol)f(pro)q(cedures)h(is) +g(usually)g(based)g(on)f(the)h(iden-)211 1100 y(tit)o(y)f(of)h(participating) +h(en)o(tities.)28 b(In)18 b(some)g(comm)o(unications)g(systems,)g(iden)o +(tities)h(are)211 1157 y(partially)13 b(or)e(wholly)h(resolv)o(ed)h(using)f +(hostnames)f(or)g(mac)o(hine)i(addresses)f(in)g(the)g(under-)211 +1213 y(lying)17 b(proto)q(col)f(suite.)23 b(Access)17 b(con)o(trol)e(lists)i +(and)f(rev)o(o)q(cation)g(lists)h(are)f(often)g(de\014ned)211 +1269 y(on)g(the)h(basis)f(of)g(hostnames,)g(whereb)o(y)g(the)h(comm)o +(unication)g(subsystem)f(at)g(run)o(time)211 1326 y(utilizes)h(mac)o(hine)f +(addresses.)279 1382 y(After)d(comm)o(unications)i(b)q(et)o(w)o(een)f(t)o(w)o +(o)e(mac)o(hines)j(are)e(established,)j(hosts)d(iden)o(tify)211 +1439 y(eac)o(h)19 b(other)g(b)o(y)h(their)f(proto)q(col)h(addresses.)32 +b(T)l(o)19 b(map)g(this)h(address)f(to)g(a)g(high{lev)o(el)211 +1495 y(name,)f(whic)o(h)h(can)f(then)h(b)q(e)f(compared)g(with)h(access)f +(con)o(trol)f(or)h(rev)o(o)q(cation)g(lists)h(to)211 1552 y(gran)o(t)f(or)g +(den)o(y)i(access,)f(a)g(resolution)h(pro)q(cess)f(is)g(initiated.)33 +b(The)19 b(abstraction)g(from)211 1608 y(proto)q(col)d(addresses)h(to)e +(high{lev)o(el)j(hostnames)e(is)h(necessary)f(to)g(hide)i(details)f(of)f +(het-)211 1665 y(erogeneous)d(comm)o(unication)h(subsystems,)e(and)i(of)e +(dynamic)i(net)o(w)o(ork)e(con\014gurations)211 1721 y(from)18 +b(the)g(application)i(la)o(y)o(er)f(where)g(a)f(uniform,)h(high{lev)o(el)i +(naming)e(sc)o(heme)f(is)h(de-)211 1778 y(sired.)279 1834 y(If)f +(cryptographic)f(capabilities)j(are)e(used)g(that)e(iden)o(tify)j(sub)s +(ject{ob)s(ject)e(in)o(terac-)211 1890 y(tions,)j(authen)o(tication)h +(usually)g(do)q(es)f(not)f(dep)q(end)i(on)f(host)f(iden)o(ti\014cation.)35 +b(Where)211 1947 y(host)17 b(iden)o(ti\014cation)j(is)e(part)f(of)g(the)h +(authen)o(tication,)g(a)g(crucial)h(link)g(in)f(the)g(c)o(hain)g(of)211 +2003 y(authen)o(tication)h(is)g(the)f(asso)q(ciation)h(b)q(et)o(w)o(een)g +(hostnames)f(and)g(their)h(resp)q(ectiv)o(e)h(ad-)211 2060 +y(dresses.)g(The)15 b(v)m(alidit)o(y)i(of)e(the)g(authen)o(tication)h(can)f +(b)q(e)h(trusted)f(only)h(as)f(m)o(uc)o(h)g(as)g(the)211 2116 +y(binding)i(pro)q(cess)f(itself.)279 2173 y(In)i(the)f(In)o(ternet)h(this)g +(name)f(resolution)h(is)g(pro)o(vided)g(b)o(y)f(a)g(widely{implemen)o(ted)211 +2229 y(distributed)f(database)e(system:)19 b(the)c(Domain)f(Name)h(System)f +(\(DNS\).)g(Dynamic)h(con-)211 2286 y(\014guration)g(b)q(eha)o(vior,)h +(system)f(e\016ciency)l(,)i(and)e(v)o(olume)h(of)f(binding)i(requests)e +(demand)211 2342 y(late)i(binding)i(b)q(et)o(w)o(een)f(hostnames)f(and)g +(addresses,)g(and)h(cac)o(hing)g(of)e(the)i(mappings.)211 2399 +y(Therefore,)c(bindings)i(are)d(established)j(\\just)e(in)h(time")f(on)g(a)g +(need)h(basis)f(and)g(are)g(k)o(ept)211 2455 y(v)m(alid)j(for)d(a)h(limited)i +(p)q(erio)q(d)g(of)e(time.)p 89 2536 720 2 v 145 2567 a Fm(1)164 +2582 y Fl(submitted)e(to)h(the)g(t)o(w)o(en)o(t)o(y-second)h(ann)o(ual)e +Fk(T)m(elecomm)o(unicatio)o(ns)f(P)o(olicy)h(Researc)o(h)i(Conference)p +eop +%%Page: 2 2 +1 bop 279 82 a Fn(This)15 b(pap)q(er)g(describ)q(es)g(problems)g(of)f +(name{based)h(authen)o(tication)f(requiring)i(late)211 139 +y(binding)21 b(suc)o(h)e(as)f(that)h(pro)o(vided)g(b)o(y)g(the)g(DNS)g(for)f +(hostname{to{address)g(asso)q(cia-)211 195 y(tions.)23 b(Because)16 +b(forw)o(ard)f(mappings)i(\(where)f(the)g(address)g(is)h(a)f(relation)g(of)g +(the)g(host-)211 252 y(name\))c(and)h(rev)o(erse)f(mappings)i(are)e(main)o +(tained)h(in)h(unrelated)f(parts)f(of)g(the)h(database,)211 +308 y(three)k(lev)o(els)h(of)f(mo)q(di\014cation)h(are)f(p)q(ossible:)25 +b(mo)q(di\014ed)18 b(forw)o(ard)e(mapping,)i(mo)q(di\014ed)211 +364 y(bac)o(kw)o(ard)10 b(mapping,)i(or)e(b)q(oth.)18 b(The)11 +b(mo)q(di\014cation)h(of)e(asso)q(ciations)h(enables)h(the)f(sp)q(o)q(of-)211 +421 y(ing)16 b(of)e(hostnames)h(in)h(sessions)g(that)e(dep)q(end)j(on)e(the)h +(DNS.)279 477 y(W)l(e)j(state)f(the)g(problem)h(in)h(an)e(abstract)g(w)o(a)o +(y)f(and)i(in)h(the)e(concrete)h(case)g(of)f(the)211 534 y(DNS.)c(W)l(e)g +(analyze)h(the)f(conditions)i(that)d(facilitate)j(the)e(exploitation)h(of)f +(the)g(problem)211 590 y(and)h(explain)i(the)e(w)o(eaknesses)g(that)g(are)g +(presen)o(t)g(in)h(the)f(DNS.)279 647 y(W)l(e)h(then)h(explore)f(some)g(p)q +(ossible)i(solutions)f(to)e(the)h(problem.)23 b(All)18 b(our)e(prop)q(osed) +211 703 y(solutions)k(are)e(ev)m(aluated)j(b)o(y)e(a)f(n)o(um)o(b)q(er)i(of)f +(criteria)g(to)g(compare)g(e\013ects)f(of)h(the)g(so-)211 760 +y(lutions.)36 b(Eac)o(h)19 b(of)h(the)g(solutions)h(will)h(either)f(consist)f +(of)g(mec)o(hanisms)g(that)g(enable)211 816 y(arbitrarily)g(c)o(hosen)g(p)q +(olicies,)j(or)c(it)h(will)h(require)f(the)g(implemen)o(tation)h(of)e(a)h +(certain)211 873 y(p)q(olicy)l(.)k(W)l(e)16 b(emphasize)i(the)e(solutions)h +(to)e(impro)o(v)o(e)h(existing)h(name)f(serv)o(ers)g(b)o(y)g(mo)q(d-)211 +929 y(ifying)i(them)g(in)g(a)f(w)o(a)o(y)g(that)f(they)i(rely)g(on)f(less)h +(trust,)f(and)h(to)f(em)o(b)q(ed)h(crytographic)211 985 y(metho)q(ds)d(in)o +(to)g(the)h(name)f(resolution)h(pro)q(cess.)89 1152 y Fu(1)83 +b(In)n(tro)r(duction)89 1261 y Ft(The)19 b(In)o(ternet)f(is)h(a)h(widespread) +f(conglomeration)g(of)g(h)o(undreds)h(of)f(thousands)i(of)f(in)o(tercon-)89 +1322 y(nected)e(heterogeneous)h(net)o(w)o(orks)f(and)h(hosts.)29 +b(The)18 b(design)h(of)g(the)f(In)o(ternet)f(is)i(based)g(on)g(a)89 +1382 y(proto)q(col)e(hierarc)o(h)o(y)l(.)j(There)c(exist)f(m)o(ultiple)e +(implem)o(en)o(tati)o(ons)h(of)j(these)f(proto)q(cols.)162 +1442 y(Computers)21 b(comm)o(uni)o(cate)e(with)i(eac)o(h)f(other)i(on)g(the)f +(basis)h(of)f(di\013eren)o(t)g(t)o(yp)q(es)g(of)g(ad-)89 1502 +y(dresses;)27 b(on)d(the)f(ph)o(ysical)f(la)o(y)o(er)g(using)i(lo)o(w{lev)o +(el)d(ph)o(ysical)i(addresses)h(according)f(to)h(the)89 1562 +y(hardw)o(are)15 b(devices)f(used,)h(on)g(the)f(data)i(link)e(to)h(presen)o +(tation)g(la)o(y)o(er)e(on)i(a)h(\014rst{lev)o(el)d(abstrac-)89 +1623 y(tion)20 b(using)h(host)g(addresses)g(suc)o(h)f(as)h(IP)f(addresses) +1101 1604 y Fj(2)1121 1623 y Ft(,)h(and)g(on)g(the)f(application)g(la)o(y)o +(er)f(on)i(a)89 1683 y(second{lev)o(el)15 b(abstraction)i(using)f(high{lev)o +(el,)e(pronounceable)j(hostnames.)162 1743 y(The)22 b(task)g(of)g(naming)f +(hosts)h(and)h(net)o(w)o(ork)e(domains)g(is)g(addressed)h(b)o(y)g(creating)f +(a)h(hi-)89 1803 y(erarc)o(hical)15 b(relation)i(b)q(et)o(w)o(een)e(domains,) +h(with)h(hosts)h(as)f(the)f(furthest)h(descendan)o(ts)g(from)e(an)89 +1863 y(arti\014cial)d(ro)q(ot)i(domain.)19 b(By)12 b(app)q(ending)i(the)e +(domain)g(lab)q(els)h(one)g(after)f(the)h(other)g(to)g(the)f(host)89 +1923 y(lab)q(els)i(on)i(the)e(path)h(up)g(to)g(the)f(ro)q(ot)i(in)e(the)g +(hierarc)o(hical)f(tree,)h(a)h(unique,)f(memoriz)o(able,)d(and)89 +1984 y(usually)18 b(pronounceable)h(iden)o(ti\014er)e(is)i(created:)26 +b(the)18 b(hostname.)28 b(One)19 b(of)g(the)f(managemen)o(t)89 +2044 y(tasks)f(in)f(the)g(In)o(ternet)f(is)h(the)g(mapping)f(of)i(lo)o(w)o +(er{lev)o(el)c(addresses)k(to)g(these)f(hostnames.)162 2104 +y(The)g(mapping,)f(or)h(binding,)g(of)g(IP)f(addresses)i(to)f(hostnames)g(b)q +(ecame)e(a)j(ma)s(jor)e(problem)89 2164 y(in)f(the)f(rapidly)h(gro)o(wing)g +(In)o(ternet.)19 b(Note)14 b(that)g(this)g(pap)q(er)h(do)q(es)f(not)h(deal)e +(with)h(the)g(mapping)89 2224 y(b)q(et)o(w)o(een)f(addresses)h(on)h(the)e(ph) +o(ysical)g(la)o(y)o(er)g(and)h(transp)q(ort)i(la)o(y)o(er,)c(whic)o(h)h(is)h +(solv)o(ed)f(b)o(y)h(ARP)1870 2206 y Fj(3)89 2285 y Ft(in)20 +b(the)g(TCP/IP)h(In)o(ternet)e(Proto)q(col)i(Suite,)g(but)f(with)g(the)g +(mapping)g(b)q(et)o(w)o(een)f(hostnames)89 2345 y(and)e(IP)f(addresses.)p +89 2417 720 2 v 145 2448 a Fm(2)164 2463 y Fl(\\32-bit)c(addresses)k +(assigned)f(to)e(hosts)i(that)f(w)o(an)o(t)f(to)h(participate)g(in)f(a)h +(TCP/IP)g(in)o(ternet")h([Com91)m(])145 2497 y Fm(3)164 2513 +y Fl(\\Address)f(Resolution)e(Proto)q(col)g({)h(used)g(to)g(dynamically)c +(bind)k(a)f(high{lev)o(el)g(IP)h(address)g(to)g(a)f(lo)o(w{lev)o(el)89 +2562 y(ph)o(ysical)h(hardw)o(are)i(address")g([Com91)m(])977 +2715 y Ft(2)p eop +%%Page: 3 3 +2 bop 162 82 a Ft(This)18 b(higher{lev)o(el)d(binding)j(e\013ort)f(w)o(en)o +(t)g(through)i(di\013eren)o(t)d(stages)j(of)e(dev)o(elopmen)o(t)e(up)89 +142 y(to)f(the)f(curren)o(tly)e(used)j(Domain)e(Name)g(System)f(\(DNS\).)i +(The)g(DNS)h(is)f(a)g(distributed)g(naming)89 203 y(resolution)g(system)f +(used)h(b)o(y)g(most)g(net)o(w)o(ork)f(services)g(a)o(v)m(ailable)h +(throughout)h(the)f(In)o(ternet.)19 b(It)89 263 y(w)o(orks)d(transparen)o +(tly)g(for)g(the)f(user)h(who)h(sends)f(email,)d(accesses)j(another)h(host)f +(via)g Fi(telnet)i Ft(or)89 323 y Fi(rlo)n(gin)p Ft(,)d(or)g(transfers)h +(some)e(\014les)h(via)g Fi(ftp)g Ft(b)q(et)o(w)o(een)f(hosts.)22 +b(The)15 b(DNS)g(pro)o(vides)f(name)g(binding)89 383 y(in)19 +b(b)q(oth)i(directions:)27 b(giv)o(en)19 b(a)h(hostname,)g(it)f(returns)h +(the)g(appropriate)g(IP)g(addresses,)g(and)89 443 y(vice)15 +b(v)o(ersa.)162 504 y(Before)c(hosts)i(gran)o(t)f(net)o(w)o(ork)g(services)e +(to)j(users,)f(an)g(authen)o(tication)g(pro)q(cess)g(tak)o(es)g(place,)89 +564 y(where)19 b(the)g(users')g(access)g(righ)o(ts,)g(and)g(the)g(iden)o(tit) +o(y)e(of)j(connecting)f(hosts)h(get)f(scrutinized,)89 624 y(according)f(to)g +(pro)o(vider)f(p)q(olicies.)24 b(There)18 b(are)f(man)o(y)f(notions)j(on)f +(ho)o(w)g(access)f(righ)o(ts)h(can)g(b)q(e)89 684 y(sp)q(eci\014ed.)i +(Examinations)13 b(can)i(b)q(e)f(based)h(on)g(iden)o(ti\014cation)e(b)o(y)g +(hostname,)h(login)g(name,)f(and)89 744 y(login)20 b(passw)o(ord.)34 +b(In)20 b(some)f(cases)h(it)f(su\016ces)h(to)g(pro)o(vide)g(the)f(righ)o(t)h +(names,)g(and)g(access)g(is)89 804 y(gran)o(ted)c(without)h(sp)q(ecifying)f +(an)o(y)g(passw)o(ord)h(at)g(all.)162 865 y(Some)j(Berk)o(eley)f +Fh(r{commands)h Ft(\(see)h([Ste90,)h(c)o(hapter)f(14]\))g(o\013er)h(net)o(w)o +(ork)f(services)f(for)89 925 y(whic)o(h)j(it)h(is)g(su\016cien)o(t)f(to)h(v)o +(erify)e(user)j(name)d(and)j(hostname)f(to)g(gain)h(complete)d(access.)89 +985 y(As)f(the)g(remote)e(user)i(name)f(is)g(sp)q(eci\014ed)h(b)o(y)f(the)h +(connecting)g(site,)g(the)g(authen)o(tication)f(is)89 1045 +y(additionally)c(based)h(up)q(on)g(the)f(name)f(of)i(the)f(connecting)g(mac)o +(hine.)j(A)d(mac)o(hine)e(that)j(o\013ers)89 1105 y(services)d(can)h(acquire) +f(information)g(ab)q(out)j(the)d Fi(so)n(cket)i Ft(that)g(is)f(used)g(b)o(y)f +(the)h(connecting)g(site.)89 1166 y(A)20 b(so)q(c)o(k)o(et)f(is)h(an)g +(abstraction)h(for)f(a)g(net)o(w)o(ork)g(service)e(access)i(p)q(oin)o(t)g +(\(NSAP\):)f(in)h(UNIX)1827 1148 y Fj(4)1865 1166 y Ft(a)89 +1226 y(tuple)c(consisting)h(of)g(IP)g(address,)g(p)q(ort,)g(and)g(proto)q +(col)h(used)f(b)o(y)f(the)g(remote)f(site.)22 b(T)l(o)c(v)o(erify)89 +1286 y(the)e(hostname,)f(it)h(is)g(the)g(task)h(of)f(the)g(DNS)g(to)h(map)e +(the)h(IP)g(address)h(to)g(the)f(hostname.)162 1346 y(Because)23 +b(the)g(DNS)h(is)f(distributed)g(among)g(man)o(y)f(thousands)j(of)f(hosts,)i +(it)d(can)h(b)q(e)g(a)89 1406 y(critical)13 b(mistak)o(e)f(to)j(blindly)e +(trust)i(the)g(resolv)o(ed)e(binding.)21 b(This)14 b(pap)q(er)i(in)o(v)o +(estigates)d(p)q(olicies)89 1467 y(and)j(mec)o(hanism)o(s)d(to)i(solv)o(e)g +(the)g(problem)e(of)j(trust)f(in)g(the)g(Domain)f(Name)f(System.)20 +b(Some)14 b(of)89 1527 y(these)j(p)q(olicies)f(and)i(mec)o(hanisms)d(migh)o +(t)g(b)q(e)j(abstractable)f(to)h(distributed)f(naming)f(services)89 +1587 y(in)g(general.)162 1647 y(Although)d(this)f(problem)f(has)i(b)q(een)g +(kno)o(wn)g(for)f(some)g(y)o(ears)g(no)o(w,)h(not)g(man)o(y)e(publications)89 +1707 y(deal)18 b(with)g(it.)26 b([Bel90)o(])17 b(and)i([Sc)o(h93])e(are)h +(the)g(principal)f(accoun)o(ts)h(that)h(w)o(e)e(can)h(men)o(tion)e(as)89 +1768 y(related)g(w)o(ork.)22 b([Bel90)o(])17 b(demonstrates)f(the)g(sub)o(v)o +(ersion)g(of)h(system)e(securit)o(y)h(using)h(the)f(DNS)89 +1828 y(and)k(discusses)g(p)q(ossible)f(defenses)h(against)g(the)f(attac)o(k)h +(and)g(limitations)d(on)j(their)f(applica-)89 1888 y(bilit)o(y)l(.)24 +b(The)18 b(pap)q(er)h(follo)o(ws)f(suggestions)h(from)e(P)o(aul)h(V.)f(Mo)q +(c)o(k)m(ap)q(etris,)h(the)f(designer)h(of)g(the)89 1948 y(DNS.)g(In)g([Sc)o +(h93])g(the)g(details)g(of)h(the)f(exploitation)g(of)h(the)f(w)o(eakness)h +(are)f(w)o(ork)o(ed)g(out)h(and)89 2008 y(sev)o(eral)c(approac)o(hes)h(to)g +(solv)o(e)f(the)h(w)o(eakness)f(in)h(the)f(DNS)h(are)g(discussed)f(with)h +(emphasis)e(on)89 2068 y(hardening)20 b(the)g(name)f(serv)o(er)g(impleme)o(n) +o(tations)f(and)i(the)g(usage)h(of)g(strong)g(cryptographic)89 +2129 y(metho)q(ds)16 b(for)g(authen)o(tication.)p 89 2201 720 +2 v 145 2232 a Fm(4)164 2247 y Fl(UNIX)e(is)g(a)f(trademark)g(of)h(No)o(v)o +(ell)977 2715 y Ft(3)p eop +%%Page: 4 4 +3 bop 89 90 a Fu(2)83 b(The)27 b(Problem)89 215 y Fg(2.1)70 +b(Statemen)n(t)21 b(of)i(the)f(Problem)89 307 y Ft(Authen)o(ticit)o(y)16 +b(is)k(based)f(on)h(the)f(iden)o(tit)o(y)e(of)j(some)e(en)o(tit)o(y)l(.)29 +b(This)19 b(en)o(tit)o(y)e(has)j(to)g(pro)o(v)o(e)f(that)89 +367 y(it)g(is)g(gen)o(uine.)30 b(In)19 b(man)o(y)e(net)o(w)o(ork)i +(applications)g(the)h(iden)o(tit)o(y)d(of)i(participating)g(en)o(tities)f(is) +89 427 y(simply)e(determined)g(b)o(y)i(their)f(names)h(or)g(addresses.)28 +b(High{lev)o(el)16 b(applications)j(use)f(mainly)89 487 y(names)f(for)g +(authen)o(tication)h(purp)q(oses,)g(b)q(ecause)g(address)g(lists)f(are)h(m)o +(uc)o(h)d(harder)j(to)g(create,)89 548 y(understand,)f(and)f(main)o(tain)f +(than)i(name)e(lists.)162 608 y(Assuming)f(an)j(en)o(tit)o(y)c(w)o(an)o(ts)j +(to)g(sp)q(o)q(of)h(the)f(iden)o(tit)o(y)d(of)j(some)e(other)i(en)o(tit)o(y)l +(,)d(it)j(is)f(in)g(some)89 668 y(cases)h(enough)g(to)g(c)o(hange)g(the)f +(mapping)g(b)q(et)o(w)o(een)g(its)g(lo)o(w{lev)o(el)f(address)i(and)g(its)g +(high{lev)o(el)89 728 y(name.)k(That)d(means)e(that)h(an)h(attac)o(k)o(er)e +(can)h(fak)o(e)g(the)f(name)g(of)i(someone)e(b)o(y)g(mo)q(difying)g(the)89 +788 y(asso)q(ciation)j(of)g(his)f(address)h(from)e(his)h(o)o(wn)h(name)e(to)h +(the)g(name)f(he)h(w)o(an)o(ts)h(to)f(imp)q(ersonate.)89 849 +y(Once)f(an)h(attac)o(k)o(er)f(has)h(done)g(that,)f(an)i(authen)o(ticator)e +(can)h(no)g(longer)f(distinguish)h(b)q(et)o(w)o(een)89 909 +y(the)e(true)g(and)h(the)g(fak)o(ed)f(en)o(tit)o(y)l(.)k(This)c(describ)q(es) +g(the)h(fundamen)o(tal)e(problem)f(on)j(whic)o(h)f(this)89 +969 y(pap)q(er)e(is)g(based:)20 b Fh(If)12 b(the)g(binding)h(pro)q(cess)g(b)q +(et)o(w)o(een)f(names)f(and)j(addresses)f(cannot)g(b)q(e)g(trusted)89 +1029 y(fully)l(,)i(no)h(one)h(can)f(rely)f(on)i(an)g(authen)o(tication)f(pro) +q(cess)h(on)f(a)h(high{lev)o(el.)89 1174 y Fg(2.2)70 b(The)22 +b(Problem)g(in)g(the)g(DNS)89 1266 y Ft(T)l(o)h(understand)h(the)e(metho)q(d) +g(ho)o(w)i(to)f(deceiv)o(e)d(the)j(DNS)g(w)o(e)f(\014rst)h(giv)o(e)f(an)h +(example)e(for)89 1326 y(a)i(v)m(alid)g(name)f(resolution)h(in)g(the)f(DNS.)h +(The)g(resolution)g(is)g(based)g(on)h(the)e(clien)o(t{serv)o(er)89 +1386 y(paradigm.)e(An)o(y)14 b(pro)q(cess)h(that)h(accepts)e(a)h(connection)g +(from)e(another)j(host)f(receiv)o(es)e(from)g(its)89 1447 y(lo)o(w)o(er)h +(proto)q(col)h(la)o(y)o(er)e(the)i(connecting)f(host's)h(IP)g(address.)21 +b(The)15 b(pro)q(cess)g(then)g(calls)f(its)g(lo)q(cal)89 1507 +y(resolv)o(er)j(with)h(this)g(IP)g(address)h(as)g(an)g(argumen)o(t)e(and)i +(requests)e(the)h(according)h(hostname.)89 1567 y(The)14 b(resolv)o(er)e +(forms)h(a)h(query)f(for)h(the)f(giv)o(en)g(IP)h(address)g(and)g(w)o(aits)g +(to)g(retriev)o(e)e(the)h(resp)q(onse)89 1627 y(con)o(taining)18 +b(the)h(answ)o(er)f(to)h(its)g(query)f(from)f(the)h(default)h(name)e(serv)o +(er.)27 b(This)19 b(name)e(serv)o(er)89 1687 y(could)g(b)q(e)g(running)g(on)g +(the)f(same)g(host)i(with)e(the)h(resolv)o(er)f(soft)o(w)o(are,)g(on)h(a)h +(host)f(in)g(the)f(lo)q(cal)89 1747 y(domain)e(of)i(the)e(resolv)o(er,)g(or)i +(on)f(a)h(host)f(outside)g(the)g(lo)q(cal)g(domain.)20 b(The)15 +b(selection)f(of)i(whic)o(h)89 1808 y(name)e(serv)o(er)h(to)h(con)o(tact)g +(dep)q(ends)g(on)g(the)f(name)g(or)h(address)g(to)g(b)q(e)g(resolv)o(ed.)k +(The)c(decision)89 1868 y(pro)q(cess)h(ab)q(out)g(this)g(c)o(hoice)d(is)j(sp) +q(eci\014ed)e(in)h([Mo)q(c87)q(,)f(sections)i(4.3.2,)f(5.3.3].)162 +1928 y(Queries)g(to)h(name)f(serv)o(ers)g(from)f(a)j(resolv)o(er)d(come)g(in) +i(t)o(w)o(o)f(\015a)o(v)o(ors:)23 b Fh(recursiv)o(e)15 b Ft(and)i +Fh(itera-)89 1988 y(tiv)o(e)p Ft(.)i(In)14 b(recursiv)o(e)f(resolution,)i(a)f +(resolv)o(er)g(sends)h(a)g(recursiv)o(e)d(query)i(to)h(a)g(name)e(serv)o(er.) +20 b(The)89 2048 y(queried)12 b(name)h(serv)o(er)f(then)i(has)g(the)g +(obligation)g(to)f(resp)q(ond)i(with)e(the)h(answ)o(er)g(to)g(that)g(query)89 +2109 y(or)h(an)f(error)h(co)q(de.)20 b(If)14 b(a)h(name)e(serv)o(er)g(cannot) +i(resolv)o(e)e(the)h(query)f(lo)q(cally)l(,)h(it)f(calls)h(its)g(resolv)o(er) +89 2169 y(and)h(queries)e(recursiv)o(ely)f(another)j(name)e(serv)o(er.)20 +b(This)15 b(is)f(rep)q(eated)g(un)o(til)f(one)i(queried)e(name)89 +2229 y(serv)o(er)20 b(supplies)g(the)h(answ)o(er)g(or)g(an)g(error)g(co)q(de) +g(that)g(then)f(tra)o(v)o(els)g(the)h(rev)o(erse)e(path.)35 +b(In)89 2289 y(iterativ)o(e)13 b(resolution,)j(the)f(con)o(tacted)g(name)f +(serv)o(er)g(returns)i(an)f(answ)o(er)h(to)g(the)f(query)f(to)i(the)89 +2349 y(requesting)i(resolv)o(er.)27 b(This)19 b(is)g(a)g(referral)e(to)i +(another)h(name)d(serv)o(er)h(that)h(is)f(more)g(lik)o(ely)e(to)89 +2410 y(kno)o(w)h(the)g(answ)o(er,)g(or)g(an)h(error)f(co)q(de)g(to)h(signal)f +(the)g(o)q(ccurrence)f(of)i(an)f(exception)f(or)h(error.)89 +2470 y(The)f(rep)q(eated)g(resolution)h(attempts)e(are)h(p)q(erformed)f(b)o +(y)h(the)g(lo)q(cal)g(resolv)o(er.)162 2530 y(Man)o(y)g(securit)o(y)g +(problems)f(of)i(the)f(TCP/IP)i(proto)q(col)f(suite)f(build)h(on)g(the)f +(abilit)o(y)f(of)i(the)89 2590 y(attac)o(k)o(er)i(to)h(sp)q(o)q(of)i(the)e +(IP)f(address)i(of)f(a)h(trusted)f(mac)o(hine,)e(as)i(describ)q(ed)g(in)f +([Bel89)o(].)32 b(As)977 2715 y(4)p eop +%%Page: 5 5 +4 bop 201 1145 a @beginspecial 0 @llx 0 @lly 378 @urx 252 @ury +3780 @rwi @setspecial +%%BeginDocument: setup.eps +/$F2psDict 200 dict def +$F2psDict begin +$F2psDict /mtrx matrix put +/l {lineto} bind def +/m {moveto} bind def +/s {stroke} bind def +/n {newpath} bind def +/gs {gsave} bind def +/gr {grestore} bind def +/clp {closepath} bind def +/graycol {dup dup currentrgbcolor 4 -2 roll mul 4 -2 roll mul +4 -2 roll mul setrgbcolor} bind def +/col-1 {} def +/col0 {0 0 0 setrgbcolor} bind def +/col1 {0 0 1 setrgbcolor} bind def +/col2 {0 1 0 setrgbcolor} bind def +/col3 {0 1 1 setrgbcolor} bind def +/col4 {1 0 0 setrgbcolor} bind def +/col5 {1 0 1 setrgbcolor} bind def +/col6 {1 1 0 setrgbcolor} bind def +/col7 {1 1 1 setrgbcolor} bind def + end +/$F2psBegin {$F2psDict begin /$F2psEnteredState save def} def +/$F2psEnd {$F2psEnteredState restore end} def + +$F2psBegin +0 setlinecap 0 setlinejoin +-9.0 270.0 translate 0.900 -0.900 scale +1.000 setlinewidth +n 99 19 m 99 39 l gs col-1 s gr +n 99 279 m 99 299 l gs col-1 s gr +n 339 19 m 339 39 l gs col-1 s gr +n 339 279 m 339 299 l gs col-1 s gr +0.500 setlinewidth +n 159 59 m 279 59 l gs col-1 s gr +n 271.000 57.000 m 279.000 59.000 l 271.000 61.000 l gs 2 setlinejoin col-1 s gr +1.000 setlinewidth + [6.000000] 0 setdash +n 379 19 m 419 19 l gs col-1 s gr + [] 0 setdash + [6.000000] 0 setdash +n 59 19 m 14 19 l gs col-1 s gr + [] 0 setdash + [6.000000] 0 setdash +n 379 299 m 419 299 l gs col-1 s gr + [] 0 setdash + [6.000000] 0 setdash +n 59 299 m 14 299 l gs col-1 s gr + [] 0 setdash +n 59 19 m 139 19 l gs col-1 s gr +n 299 19 m 379 19 l gs col-1 s gr +n 59 299 m 139 299 l gs col-1 s gr +n 299 299 m 379 299 l gs col-1 s gr + [6.000000] 0 setdash +n 259 299 m 299 299 l gs col-1 s gr + [] 0 setdash + [6.000000] 0 setdash +n 139 299 m 179 299 l gs col-1 s gr + [] 0 setdash + [6.000000] 0 setdash +n 259 19 m 299 19 l gs col-1 s gr + [] 0 setdash + [6.000000] 0 setdash +n 139 19 m 179 19 l gs col-1 s gr + [] 0 setdash +0.500 setlinewidth +n 46 39 m 39 39 39 72 7 arcto 4 {pop} repeat 39 79 152 79 7 arcto 4 {pop} repeat 159 79 159 46 7 arcto 4 {pop} repeat 159 39 46 39 7 arcto 4 {pop} repeat clp gs 0.95 setgray fill gr +gs col-1 s gr +n 286 39 m 279 39 279 72 7 arcto 4 {pop} repeat 279 79 392 79 7 arcto 4 {pop} repeat 399 79 399 46 7 arcto 4 {pop} repeat 399 39 286 39 7 arcto 4 {pop} repeat clp gs 0.95 setgray fill gr +gs col-1 s gr +n 46 239 m 39 239 39 272 7 arcto 4 {pop} repeat 39 279 152 279 7 arcto 4 {pop} repeat 159 279 159 246 7 arcto 4 {pop} repeat 159 239 46 239 7 arcto 4 {pop} repeat clp gs 0.95 setgray fill gr +gs col-1 s gr +n 286 239 m 279 239 279 272 7 arcto 4 {pop} repeat 279 279 392 279 7 arcto 4 {pop} repeat 399 279 399 246 7 arcto 4 {pop} repeat 399 239 286 239 7 arcto 4 {pop} repeat clp gs 0.95 setgray fill gr +gs col-1 s gr +n 77.000 87.000 m 79.000 79.000 l 81.000 87.000 l gs 2 setlinejoin col-1 s gr +n 79 79 m 79 239 l gs col-1 s gr +n 81.000 231.000 m 79.000 239.000 l 77.000 231.000 l gs 2 setlinejoin col-1 s gr + 1 setlinecap [1 3.000000] 3.000000 setdash +n 9 189 m 429 189 l gs col-1 s gr + [] 0 setdash 0 setlinecap +n 319 239 m + 323.644 205.212 323.644 190.212 319 179 curveto + 316.081 171.953 306.047 161.919 299 159 curveto + 259.136 142.488 178.864 175.512 139 159 curveto + 131.953 156.081 121.919 146.047 119 139 curveto + 114.356 127.788 114.356 112.788 119 79 curveto +gs col-1 s gr +n 115.929 86.653 m 119.000 79.000 l 119.892 87.198 l gs 2 setlinejoin col-1 s gr +/Courier-Bold findfont 12.00 scalefont setfont +314 74 m +gs 1 -1 scale (boromir) col-1 show gr +/Courier-Bold findfont 12.00 scalefont setfont +74 74 m +gs 1 -1 scale (aragorn) col-1 show gr +/Courier-Bold findfont 12.00 scalefont setfont +349 209 m +gs 1 -1 scale (attack.dom) col-1 show gr +/Courier-Bold findfont 12.00 scalefont setfont +349 179 m +gs 1 -1 scale (defend.dom) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +44 54 m +gs 1 -1 scale (user:) col-1 show gr +/Courier-Bold findfont 12.00 scalefont setfont +74 54 m +gs 1 -1 scale (alice) col-1 show gr +/Courier-Bold findfont 12.00 scalefont setfont +314 54 m +gs 1 -1 scale (bob) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +144 149 m +gs 1 -1 scale (Hi! I am) col-1 show gr +/Courier-Bold findfont 12.00 scalefont setfont +189 149 m +gs 1 -1 scale (bob@boromir.defend.dom) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +284 54 m +gs 1 -1 scale (user:) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +284 74 m +gs 1 -1 scale (host:) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +44 74 m +gs 1 -1 scale (ns:) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +84 214 m +gs 1 -1 scale (exchange of DNS packets) col-1 show gr +/Courier-Bold findfont 12.00 scalefont setfont +149 99 m +gs 1 -1 scale (alice@aragorn) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +244 99 m +gs 1 -1 scale (trusts) col-1 show gr +/Courier-Bold findfont 12.00 scalefont setfont +279 99 m +gs 1 -1 scale (bob@boromir) col-1 show gr +/Courier-Bold findfont 12.00 scalefont setfont +69 264 m +gs 1 -1 scale (caradhras) col-1 show gr +/Courier-Bold findfont 12.00 scalefont setfont +314 264 m +gs 1 -1 scale (dwimmerlaik) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +284 264 m +gs 1 -1 scale (host:) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +44 264 m +gs 1 -1 scale (ns:) col-1 show gr +$F2psEnd +%%EndDocument + @endspecial 556 1300 a Ft(Figure)16 b(1:)21 b(Example)15 b(top)q(ology)i(of) +g(mac)o(hines)89 1435 y(hosts)j(trust)f(eac)o(h)g(other,)g(usually)f(on)i +(the)f(basis)g(of)g(hostnames,)g(an)h(attac)o(k)o(er)e(can)h(tak)o(e)f(the)89 +1495 y(easier)i(approac)o(h)h(and)g(sp)q(o)q(of)h(a)f(host's)g(name)e +(instead)h(of)h(its)f(IP)g(address.)35 b(The)20 b(pro)q(cess)h(is)89 +1555 y(depicted)15 b(in)h(\014gure)g(1.)162 1615 y(Assume)11 +b(that)i(user)f Ff(alice@arag)o(orn)o(.de)o(fen)o(d.)o(dom)d +Ft(trusts)k(user)f Ff(bob@boromi)o(r.d)o(ef)o(end)o(.)89 1675 +y(dom)18 b Ft(via)g(the)h Fh(.rhosts)g Ft(mec)o(hanism)o(.)26 +b(If)18 b(a)h(host)h(named)e Ff(boromir.d)o(ef)o(end)o(.do)o(m)e +Ft(accesses)i(an-)89 1735 y(other)j(host)g(named)e Ff(aragorn.de)o(fen)o(d.d) +o(om)p Ft(,)f(host)j Ff(aragorn)d Ft(accepts)i(the)g(connection)g(and)89 +1796 y(retriev)o(es)i(address)j(information)d(ab)q(out)j(the)f(connecting)g +(host)g Ff(boromir)p Ft(.)42 b(Host)24 b Ff(aragorn)89 1856 +y Ft(reads)c(host)g Ff(boromir)p Ft('s)d(IP)j(address)g(and)h(con)o(v)o(erts) +d(it)i(in)o(to)f(a)h(regular)g(hostname.)31 b(T)l(o)20 b(bind)89 +1916 y(the)f(righ)o(t)h(name)e(to)i(the)f(IP)h(address,)h(host)f +Ff(aragorn)d Ft(starts)j(a)g(DNS)g(query)f(in)g(the)g(rev)o(erse)89 +1976 y(lo)q(okup)c(tree,)f(the)h(database)h(p)q(ortion)g(that)f(con)o(tains)g +(the)g(IP)f(address)i(to)f(hostname)g(mapping)89 2036 y(information.)162 +2097 y(F)l(or)23 b(a)g(pair)g(of)g(mac)o(hines)d Ff(caradhras.a)o(tta)o(ck.)o +(do)o(m)g Ft(and)j Ff(dwimmerlai)o(k.a)o(tta)o(ck)o(.do)o(m)89 +2157 y Ft(under)17 b(the)g(p)q(o)o(w)o(er)h(of)g(an)f(attac)o(k)o(er,)g(with) +g Ff(caradhras)d Ft(running)k(a)f(primary)f(name)g(serv)o(er)h(for)89 +2217 y(a)e(certain)f(zone,)g(and)i Ff(dwimmerla)o(ik)11 b Ft(trying)k(to)g +(fak)o(e)f Ff(boromir)p Ft('s)e(iden)o(tit)o(y)l(,)g(it)j(is)f(easy)h(to)g +(mak)o(e)89 2277 y Ff(aragorn)f Ft(b)q(eliev)o(e)h Ff(dwimmerlai)o(k)f +Ft(w)o(as)j Ff(boromir)p Ft(.)k Ff(dwimmerla)o(ik)13 b Ft(connects)k(to)g +Ff(aragorn)d Ft(and)89 2337 y(claims)e(to)i(b)q(e)g Ff(boromir)p +Ft(,)d Ff(aragorn)g Ft(retriev)o(es)h Ff(dwimmerlai)o(k)p Ft('s)f(IP)i +(address)i Ff(111.22.33)o(.4)10 b Ft(and)89 2398 y(queries)i(the)i(name)e +Ff(4.33.22.11)o(1.i)o(n-)o(add)o(r.a)o(rpa)e Ft(from)i(the)h(DNS.)g(One)g +(single)g(en)o(try)g(in)g(the)89 2458 y(authoritativ)o(e)18 +b(data)h(for)g(the)g(rev)o(erse)e(lo)q(okup)i(tree)f(for)h +Ff(caradhras)p Ft(')o(s)d(zone)j(sp)q(eci\014es)f(the)g(IP)89 +2518 y(address{to{name)h(mapping)e(b)q(et)o(w)o(een)g Ff(4.33.22.111)o(.in)o +(-ad)o(dr)o(.ar)o(pa)e Ft(and)j Ff(dwimmerlaik)o Ft(.)89 2578 +y(If)d(the)h(attac)o(k)o(er)e(replaces)h(this)h(line)f(b)o(y)g(a)h(mapping)f +(b)q(et)o(w)o(een)g Ff(4.33.22.1)o(11.)o(in-)o(add)o(r.)o(arp)o(a)977 +2715 y Ft(5)p eop +%%Page: 6 6 +5 bop 89 82 a Ft(and)17 b Ff(boromir)p Ft(,)c Ff(aragorn)p +Ft('s)h(resolution)i(attempt)f(will)g(\014nally)h(gran)o(t)h +Ff(dwimmerlai)o(k)c Ft(access)k(to)89 142 y Ff(aragorn)p Ft(.)162 +203 y(This)e(sho)o(ws)g(the)g(simplicit)n(y)d(of)j(an)g(attac)o(k)f(that)h +(is)g(based)g(up)q(on)g(trust)g(placed)f(in)h(the)f(data)89 +263 y(pro)o(vided)h(b)o(y)h(DNS.)f(It)g(is)h(based)g(on)h(a)f(w)o(eakness)g +(in)g(the)f(DNS,)h(not)g(an)g(easily)f(\014xable)h(bug)g(in)89 +323 y(the)g(implem)o(en)o(tati)o(on)e(of)j(a)f(particular)g(net)o(w)o(ork)g +(service.)162 383 y(One)c(widely)f(accepted)g(w)o(a)o(y)g(of)i(dealing)e +(with)h(this)g(problem)e(is)i(adding)h(an)f(additional)g(DNS)89 +443 y(query)i(of)i(the)f(determined)e(hostname)i(to)g(the)g(serv)o(er)f(co)q +(de)i(and)g(comparing)e(the)h(returned)g(IP)89 504 y(addresses)22 +b(against)h(the)e(original)h(IP)f(address)h(for)g(a)g(matc)o(h.)36 +b(This)22 b(only)f(adds)i(marginally)89 564 y(to)f(the)f(qualit)o(y)f(of)h +(securit)o(y;)h(it)f(do)q(es)h(not)g(pro)o(vide)e(complete)g(securit)o(y)l(.) +34 b(An)21 b(attac)o(k)o(er)g(can)89 624 y(piggybac)o(k)16 +b(additional)h(resource)f(records)g(to)h(the)f(answ)o(er)h(pac)o(k)o(et)e(to) +i(the)g(\014rst)f(query)l(.)21 b(Doing)89 684 y(so,)26 b(the)f(attac)o(k)o +(er)e(p)q(oisons)j(the)e(victim')o(s)e(cac)o(he)h(with)i(false)f +(information,)g(suc)o(h)g(that)h(the)89 744 y(forw)o(ard)17 +b(lo)q(okup)g(w)o(ould)f(not)h(disclose)e(the)h(attac)o(k.)89 +889 y Fg(2.3)70 b(W)-6 b(eaknesses)89 981 y Ft(In)21 b(this)f(paragraph)j(w)o +(e)e(describ)q(e)f(the)h(conditions)g(that)g(facilitate)f(a)h(break{in.)35 +b(The)21 b(DNS)89 1041 y(is)e(w)o(eak)h(in)f(sev)o(eral)g(places.)31 +b(W)l(e)19 b(examine)e(the)j(problems)e(of)i(name{based)f(authen)o(tication) +89 1101 y(pro)q(cesses,)26 b(trusting)e(information)f(that)i(comes)d(from)h +(an)i(un)o(trust)o(w)o(orth)o(y)e(authorit)o(y)l(,)i(and)89 +1162 y(accepting)14 b(additional,)h(p)q(ossibly)g(incorrect)f(information)g +(that)i(w)o(as)f(not)h(requested,)d(but)j(that)89 1222 y(seems)f(to)h(pro)o +(vide)g(adv)m(an)o(tages)h(for)g(run)o(time)d(p)q(erformance.)89 +1352 y Fe(2.3.1)55 b(Assumptions)18 b(to)g(F)-5 b(acilitate)18 +b(Break{ins)89 1444 y Ft(In)g(our)g(setup)g(w)o(e)g(assume)f(that)i(the)f +(attac)o(k)o(er)f(has)h(complete)e(con)o(trol)i(o)o(v)o(er)f(mac)o(hine)f +Ff(cara-)89 1504 y(dhras.atta)o(ck.)o(do)o(m)e Ft(running)j(a)h(legitimate)c +(primary)h(name)h(serv)o(er)g(for)h(a)h(DNS)f(zone.)23 b(This)89 +1564 y(strong)18 b(assumption)f(do)q(es)h(not)f(alw)o(a)o(ys)g(need)g(to)h(b) +q(e)f(satis\014ed.)24 b(It)17 b(is)g(simply)e(the)h(easiest)h(w)o(a)o(y)89 +1625 y(for)h(an)h(attac)o(k)o(er)e(if)h(he)g(con)o(trols)g(a)h(primary)d +(name)h(serv)o(er,)h(b)q(ecause)g(of)g(its)g(capabilities)f(and)89 +1685 y(the)f(fact)g(that)h(other)f(mac)o(hines)e(b)q(eliev)o(e)h(name)g(serv) +o(ers.)162 1745 y(Dep)q(ending)g(on)h(the)f(top)q(ology)h(of)f(a)h(real)e +(net)o(w)o(ork)h(it)f(is)h(su\016cien)o(t)f(if)g(an)i(attac)o(k)o(er)e(con)o +(trols)89 1805 y(one)i(of)g(the)f(authoritativ)o(e)g(name)f(serv)o(ers)h(for) +h(the)f(particular)g(zone:)21 b(the)15 b(one)h(that)g(is)f(queried)89 +1865 y(\014rst)k(b)o(y)f(the)h(remote)e(resolv)o(er.)27 b(It)18 +b(is)h(not)g(m)o(uc)o(h)d(more)i(di\016cult)f(for)i(an)g(attac)o(k)o(er)f(to) +h(satisfy)89 1926 y(this)d(second)h(assumption)e(than)i(the)f(\014rst)h(one.) +162 1986 y(The)k(con)o(trol)g(m)o(ust)f(include)f(the)i(abilit)o(y)f(to)h(up) +q(date)h(the)e(asso)q(ciated)i(in)o(v)o(erse)e(mapping)89 2046 +y(tree.)g(The)13 b(attac)o(k)o(er)g(migh)o(t)f(ha)o(v)o(e)h(successfully)g +(sub)o(v)o(erted)f(suc)o(h)i(a)g(mac)o(hine)e(or)i(simply)d(b)q(e)j(the)89 +2106 y(legitimate)i(o)o(wner)i(of)h(it.)27 b(In)19 b(the)f(follo)o(wing)g +(discussion)h(w)o(e)f(will)f(assume)h(that)h(the)f(attac)o(k)o(er)89 +2166 y(has)f(suc)o(h)f(access)g(to)h(a)f(primary)f(name)g(serv)o(er.)89 +2296 y Fe(2.3.2)55 b(Authen)n(tication)18 b(via)g(Hostnames)89 +2389 y Ft(W)l(e)c(explained)f(in)h(the)g(in)o(tro)q(duction)g(that)g(users)h +(need)e(to)i(b)q(e)f(authorized)g(b)o(y)g(net)o(w)o(ork)f(service)89 +2449 y(pro)o(viders)20 b(b)q(efore)g(they)g(can)h(use)f(the)g(service.)33 +b(This)20 b(authen)o(tication)g(is)g(usually)h(based)f(on)89 +2509 y(the)d(v)o(eri\014cation)e(of)j(the)e(user's)h(login)g(name)e(along)j +(with)f(the)g(asso)q(ciated)h(passw)o(ord)g(and)f(the)89 2569 +y(hostname)j(of)g(the)g(mac)o(hine)e(on)j(whic)o(h)e(the)h(user)g(starts)h +(his)g(requests.)32 b(Net)o(w)o(orks)20 b(\(as)g(w)o(ell)977 +2715 y(6)p eop +%%Page: 7 7 +6 bop 89 82 a Ft(as)20 b(systems)e(in)h(general\))g(ma)o(y)f(b)q(e)i +(classi\014ed)f(in)o(to)g(di\013eren)o(t)f(partitions:)28 b(Closed)19 +b(Net)o(w)o(orks,)89 142 y(Op)q(en)d(Net)o(w)o(orks,)f(and)i(T)l(rusted)g +(Net)o(w)o(orks)e([PL91)q(].)162 203 y(Closed)22 b(Net)o(w)o(orks)f(can)h(b)q +(e)f(accessed)h(only)f(within)g(certain)g(b)q(oundaries.)39 +b(Sessions)22 b(are)89 263 y(con)o(trolled)h(and)h(secured)f(in)h(accordance) +f(with)h(the)g(rules)f(implied)e(b)o(y)i(an)h(organization's)89 +323 y(p)q(olicy)l(.)19 b(In)10 b(a)h(Closed)g(Net)o(w)o(ork,)g(the)f(lo)q +(cations)i(of)f(all)f(resources)h(are)g(w)o(ell)e(kno)o(wn)j(and)f(sp)q +(eci\014ed.)162 383 y(Op)q(en)k(Net)o(w)o(orks)g(are)g(regions)h(separated)f +(b)o(y)g(b)q(oundaries)h(from)e(their)h(surroundings,)h(but)89 +443 y(the)h(transfer)h(of)g(information)f(across)h(these)g(b)q(oundaries)g +(is)g(allo)o(w)o(ed.)24 b(They)18 b(are)f(augmen)o(ted)89 504 +y(b)o(y)e(publicly)f(accessible)g(parts)i(or)g(connections)f(to)h(net)o(w)o +(orks)f(o)o(wned)g(b)o(y)g(other)g(companies)g(or)89 564 y(organizations.)21 +b(These)14 b(t)o(w)o(o)f(extensions)h(mak)o(e)d(this)j(t)o(yp)q(e)f(of)h(net) +o(w)o(ork)f(vulnerable)f(to)i(external)89 624 y(threats.)162 +684 y(T)l(rusted)k(Net)o(w)o(orks)f(in)o(tro)q(duce)g(the)g(concept)g(that)h +(net)o(w)o(ork)f(access)g(is)h(con)o(trolled)e(at)i(the)89 +744 y(en)o(try)j(no)q(de.)41 b(In)22 b(the)g(case)g(of)h(large)g(in)o +(ternational)e(net)o(w)o(orks,)i(main)o(tainabilit)o(y)d(and)j(con-)89 +804 y(trollabilit)o(y)16 b(are)j(imp)q(ortan)o(t)e(issues.)28 +b(Adopting)18 b(the)g(T)l(rusted)h(Net)o(w)o(ork)e(concept)h(allo)o(ws)g(the) +89 865 y(decomp)q(osition)12 b(of)i(a)g(large)f(net)o(w)o(ork,)g(gro)o(wing)h +(to)o(w)o(ards)g(an)f(unmanageable)g(complexit)o(y)l(,)d(in)o(to)89 +925 y(relativ)o(ely)i(small)g(national)j(or)g(regional)f(net)o(w)o(orks,)g +(eac)o(h)f(supp)q(orted)j(b)o(y)d(lo)q(cal)h(sta\013,)i(and)e(eac)o(h)89 +985 y(pro)o(vided)h(with)h(its)g(o)o(wn)h(net)o(w)o(ork)f(access)g(con)o +(trol.)21 b(The)16 b(adv)m(an)o(tages)h(are)f(increased)g(con)o(trol-)89 +1045 y(labilit)o(y)l(,)d(main)o(tainabilit)o(y)l(,)g(manageabilit)o(y)l(,)g +(and)k(simpli\014cation)d(of)i(c)o(hange)g(managemen)o(t.)i(A)89 +1105 y(T)l(rusted)12 b(Net)o(w)o(ork)f(can)h(b)q(e)g(regarded)g(globally)f +(as)i(a)f(single)f(Closed)h(Net)o(w)o(ork,)f(but)h(from)f(a)h(lo)q(cal)89 +1166 y(p)q(oin)o(t)k(of)g(view,)f(the)g(in)o(terconnected)f(net)o(w)o(orks)i +(stand)g(widely)f(op)q(en)h(with)g(all)f(the)h(applicable)89 +1226 y(securit)o(y)f(threats.)162 1286 y(The)g(In)o(ternet)e(is)h(a)h(system) +e(of)i(T)l(rusted)g(Net)o(w)o(orks)f(within)g(Op)q(en)h(Net)o(w)o(orks.)k +(This)c(allo)o(ws)89 1346 y(the)d(danger)g(that)h(once)f(someone)f(has)i +(falsely)e(gained)h(access)g(to)h(one)f(mac)o(hine,)e(it)i(is)f(m)o(uc)o(h)f +(sim-)89 1406 y(pler)k(to)h(sub)o(v)o(ert)f(others.)21 b(The)14 +b(term)f Fh(net{sur\014ng)j Ft(describ)q(es)e(the)h(journey)f(through)i(a)f +(n)o(um)o(b)q(er)89 1467 y(of)20 b(sub)o(v)o(erted)e(systems)g(with)h(the)g +(goal)h(of)g(sub)o(v)o(erting)f(others.)31 b(Within)18 b(T)l(rusted)i(Net)o +(w)o(orks)89 1527 y(users)h(are)g(authen)o(ticated)f(solely)g(b)o(y)g(their)g +(login)h(name)f(and)h(connecting)g(hostname.)34 b(The)89 1587 +y(login)21 b(name)f(is)h(sp)q(eci\014ed)g(b)o(y)f(the)h(connecting)g(site,)g +(and)h(therefore)e(can)i(b)q(e)f(falsi\014ed,)g(suc)o(h)89 +1647 y(that)g(the)f(only)g(reliable)f(information)g(left)h(for)h(the)f +(addressed)h(mac)o(hine)d(is)i(the)g(connecting)89 1707 y(mac)o(hine's)13 +b(IP)j(address.)21 b(The)16 b(addressed)g(mac)o(hine)e(then)h(maps)g(the)h +(IP)f(address)i(in)o(to)e(a)h(host-)89 1768 y(name)i(using)h(the)g(DNS.)g(If) +f(an)i(attac)o(k)o(er)e(manages)h(to)g(sub)o(v)o(ert)f(this)h(name)f(binding) +h(call,)f(he)89 1828 y(can)e(falsify)f(the)h(name)f(of)h(a)g(mac)o(hine)e +(within)h(the)h(T)l(rusted)g(Net)o(w)o(ork)f(and)i(therefore)e(succeed)89 +1888 y(in)h(his)g(attac)o(k.)89 2018 y Fe(2.3.3)55 b(T)-5 b(rusting)19 +b(a)g(Not)f(T)-5 b(rust)n(w)n(orth)n(y)20 b(Source)89 2110 +y Ft(Using)f(the)h(DNS)f(to)h(map)f(the)g(IP)g(address)i(pro)o(vided)e(b)o(y) +g(lo)o(w)o(er{lev)o(el)e(proto)q(col)j(la)o(y)o(ers)e(in)o(to)89 +2170 y(the)i(applicable)g(hostname,)h(the)g(addressed)g(host)g(blindly)f +(trusts)h(the)f(information)g(that)h(is)89 2231 y(pro)o(vided)f(b)o(y)h(the)f +(DNS.)h(Information)e(that)j(comes)d(from)h(sources)h(outside)g(of)g(the)g +(trusted)89 2291 y(area)g(is)f(trusted.)34 b(That)21 b(is)f(a)h(sev)o(ere)e +(violation)h(of)g(the)g(partitioning)h(concept.)33 b(Only)20 +b(truly)89 2351 y(authoritativ)o(e)c(information)f(should)i(b)q(e)f(trusted.) +977 2715 y(7)p eop +%%Page: 8 8 +7 bop 89 82 a Fe(2.3.4)55 b(Believing)16 b(Additional,)i(Not)g(Authoritativ)n +(e)g(Information)89 175 y Ft(E\016ciency)e(is)i(one)g(of)h(the)e(stated)i +(goals)g(of)f(the)g(DNS.)f(The)h(DNS)g(proto)q(col)h(pac)o(k)o(ets)e(con)o +(tain)89 235 y(an)h(additional)g(answ)o(er)g(section.)24 b(Using)18 +b(this,)f(name)f(serv)o(ers)h(can)h(pro)o(vide)f(resource)g(records)89 +295 y(con)o(taining)22 b(information)f(that)i(could)f(b)q(e)h(useful)f(in)g +(future)g(requests,)h(but)f(that)h(w)o(ere)f(not)89 355 y(explicitly)15 +b(requested.)24 b(There)17 b(are)g(situations)h(where)g(these)f(additional)g +(records)h(aid)f(system)89 415 y(e\016ciency)l(.)40 b(If)22 +b(the)h(answ)o(er)h(to)f(a)h(query)e(is)h(a)h(referral)e(to)h(another)h(name) +e(serv)o(er,)h(then)g(it)89 475 y(is)g(b)q(ene\014cial)f(to)h(add)h(that)f +(name)f(serv)o(er's)f(IP)i(addresses)h(to)f(the)g(resp)q(onse.)42 +b(That)23 b(sa)o(v)o(es)89 536 y(the)g(lo)q(okup)h(of)f(the)g(name)f(serv)o +(er's)g(asso)q(ciated)j(IP)e(addresses,)i(once)e(its)g(name)f(is)h(found.)89 +596 y(Additional)15 b(resource)h(records)h(are)f(cac)o(hed)g(for)g(future)g +(use.)162 656 y(As)j(w)o(e)g(rely)g(on)h(the)f(correctness)g(of)h(these)f +(additional)g(records)h(once)f(w)o(e)g(use)g(them,)f(w)o(e)89 +716 y(trust)k(information)f(that)i(comes)d(from)h(a)i(source)f(p)q(ossibly)g +(outside)g(of)g(the)g(trusted)g(scop)q(e.)89 776 y(That)17 +b(is)f(another)h(violation)f(of)g(the)g(partitioning)g(concept.)89 +943 y Fu(3)83 b(P)n(olicies)26 b(and)i(Mec)n(hanisms)d(as)i(Solutions)89 +1052 y Ft(W)l(e)16 b(iden)o(tify)f(p)q(olicies)h(and)h(mec)o(hanisms)d(that)j +(serv)o(e)f(as)h(solutions)g(or)g(that)h(simply)c(augmen)o(t)89 +1113 y(the)j(lev)o(el)f(of)i(securit)o(y)e(of)i(the)g(authen)o(tication)f +(pro)q(cess.)26 b(Because)17 b(man)o(y)g(factors)h(con)o(tribute)89 +1173 y(to)j(the)f(securit)o(y)f(breac)o(h)h(encoun)o(tered)g(in)g(this)g(pap) +q(er)h(and)g(all)f(of)h(them)e(are)i(necessary)f(for)89 1233 +y(the)d(w)o(eakness)g(to)h(exist,)e(it)g(is)h(su\016cien)o(t)f(to)i +(eliminate)c(at)k(least)f(one)g(of)h(them.)k(That)c(sounds)89 +1293 y(easy)e(to)g(accomplish,)e(but)i(is)g(a)h(di\016cult)d(task)j(in)e +(practice,)g(b)q(ecause)h(eliminating)e(an)o(y)i(one)g(of)89 +1353 y(the)j(factors)i(brings)f(with)f(it)g(a)h(disadv)m(an)o(tageous)i +(trade{o\013)f(with)e(functionalit)o(y)l(,)g(e\016ciency)l(,)89 +1414 y(or)e(con)o(v)o(enience.)162 1474 y(W)l(e)k(describ)q(e)g(ev)m +(aluation)h(criteria)e(and)i(presen)o(t)f(for)h(eac)o(h)f(of)g(our)h +(solutions)g(necessary)89 1534 y(additional)h(bac)o(kground,)h(follo)o(w)o +(ed)e(b)o(y)h(a)g(description)f(of)h(the)g(idea)f(of)h(the)g(solution.)41 +b(W)l(e)89 1594 y(mak)o(e)13 b(the)i(distinction)f(b)q(et)o(w)o(een)g(mec)o +(hanisms)e(that)j(enable)g(the)g(implem)o(e)o(n)o(tation)e(of)i(p)q(olicies) +89 1654 y(and)23 b(solutions)h(that)f(consist)g(solely)f(of)h(the)f(implem)o +(en)o(tation)e(of)j(a)g(certain)f(p)q(olicy)l(.)40 b(Eac)o(h)89 +1714 y(solution)17 b(is)f(examined)e(and)j(discussed)f(using)g(applicable)g +(ev)m(aluation)g(criteria.)162 1775 y(It)21 b(is)f(imp)q(ortan)o(t)g(not)h +(to)h(view)e(these)g(solutions)h(as)h(stand{alone.)36 b(In)21 +b(di\013eren)o(t)f(com)o(bi-)89 1835 y(nations)i(they)e(ac)o(hiev)o(e)g(sev)o +(eral)g(degrees)h(of)g(securit)o(y)l(.)34 b(It)21 b(is)g(a)g(go)q(o)q(d)j +(idea)c(to)i(implem)o(en)n(t)d(a)89 1895 y(com)o(bination)c(of)i(the)f +(presen)o(ted)f(solutions,)i(to)g(obtain)g(a)g(greater)f(lev)o(el)e(of)j +(con\014dence)f(in)g(the)89 1955 y(securit)o(y)f(of)h(the)g(DNS.)89 +2100 y Fg(3.1)70 b(Ev)l(aluation)23 b(Criteria)89 2192 y Ft(In)13 +b(solving)g(the)f(problem)g(w)o(e)g(are)h(striving)g(for)g +Fh(compatibilit)o(y)d(with)j(the)g(original)f(design)h(goals)p +Ft(.)89 2252 y(In)i(the)g(case)g(of)g(the)g(DNS)g(these)g(goals)h(are)f +Fh(data)h(consistency)f Ft(\(to)g(pro)o(vide)g(a)g(consisten)o(t)g(view)89 +2312 y(of)g(the)f(name)g(space)g(to)h(b)q(e)g(used)f(to)h(refer)f(to)h +(resources\),)f Fh(e\016ciency)f Ft(\(to)i(handle)f(the)g(immense)89 +2373 y(v)o(olume)9 b(of)j(data)h(and)f(resolution)f(requests\),)h(a)g +Fh(distributed)f(c)o(haracter)g Ft(of)h(the)f(implem)o(en)o(tati)o(on)89 +2433 y(\(to)i(pro)o(vide)f(fault)h(tolerance)g(and)g(distributed)g(authorit)o +(y)f(and)i(main)o(tenance\),)d Fh(generalit)o(y)h Ft(\(to)89 +2493 y(pro)o(vide)g(a)h(general)f(usefulness)g(that)h(satis\014es)g +(pragmatic)f(reasons)h(lik)o(e)e(implem)o(en)o(tati)o(on)f(costs)89 +2553 y(and)15 b(administrativ)o(e)c(e\013ort\),)k(and)f Fh(indep)q(endence)f +Ft(\(to)i(pro)o(vide)e(a)i(p)q(ortable)f(system)f(that)h(do)q(es)977 +2715 y(8)p eop +%%Page: 9 9 +8 bop 89 82 a Ft(not)22 b(dep)q(end)f(on)g(underlying)g(hardw)o(are)g(or)h +(comm)o(uni)o(cation)d(tec)o(hnology)l(.\))35 b(Eac)o(h)21 +b(of)g(these)89 142 y(goals)f(represen)o(ts)e(a)h(criterion)e(in)i(itself.)27 +b(Indeed,)18 b(the)h(ultimate)d(goal)k(is)e(to)h(guaran)o(tee)g(data)89 +203 y(consistency)l(,)13 b(but)h(not)h(only)e(in)h(the)g(data)g(base)h(but)f +(also)g(during)g(the)g(mapping)f(pro)q(cess.)21 b(That)89 263 +y(means)11 b(that)i(w)o(e)f(w)o(an)o(t)g(to)h(prev)o(en)o(t)d(the)i(p)q +(ossibilit)o(y)g(of)g(malicious)e(soft)o(w)o(are)j(in)o(tro)q(ducing)f(wrong) +89 323 y(asso)q(ciations)20 b(without)e(the)g(data)h(base)g(ev)o(er)d(seeing) +i(c)o(hanges.)27 b(The)19 b(correctness)e(of)i(this)f(run)89 +383 y(time)c(b)q(eha)o(vior)i(is)g(m)o(uc)o(h)e(harder)j(to)f(ensure)g(than)h +(the)f(in)o(tegrit)o(y)f(of)h(the)g(data)h(base.)162 443 y(W)l(e)j(consider)f +(the)g Fh(qualit)o(y)g(of)h(a)g(solution)g Ft(to)g(b)q(e)f(a)h(measuremen)o +(t)d(of)j(the)f(radius)h(of)g(ap-)89 504 y(plicabilit)o(y)g(of)j(the)g +(solution.)41 b(The)22 b Fh(feasibilit)o(y)f(of)i(an)g(implem)o(en)o(tation)d +Ft(of)j(a)g(solution)g(de-)89 564 y(termines)17 b(ho)o(w)i(m)o(uc)o(h)e +(e\013ort)j(is)f(needed)f(to)i(apply)f(the)g(solution)g(to)h(an)f(unmo)q +(di\014ed)g(v)o(ersion)89 624 y(of)g(a)f(state{of{the{art)i(name)d(serv)o +(er.)27 b(The)18 b Fh(complexit)o(y)d(of)k(its)f(implem)o(en)n(tation)e +Ft(denotes)j(if)89 684 y(mo)q(di\014cations)h(in)g(di\013eren)o(t)f(areas)i +(are)g(in)o(v)o(olv)o(ed)d(and)j(ho)o(w)f(complicated)e(their)i(in)o +(teraction)89 744 y(is.)h(Solutions)16 b(migh)o(t)d(not)j(b)q(e)g(suitable)f +(in)g(ev)o(ery)f(organizational)i(en)o(vironmen)o(t.)i(W)l(e)d(call)g(this)89 +804 y(criterion)i Fh(applicabilit)o(y)f(in)h(an)i(organization)p +Ft(.)27 b(The)18 b Fh(transparency)g(of)g(the)g(solution)g +Ft(in)o(v)o(olv)o(es)89 865 y(the)e(soft)o(w)o(are)g(in)o(terface)f(and)i +(the)f(user)g(in)o(terface)f(to)h(the)g(system.)k(A)15 b(solution)i(that)g +(do)q(es)g(not)89 925 y(require)e(c)o(hanges)i(to)g(the)g(DNS)f(proto)q(col)i +(is)e(preferable)g(o)o(v)o(er)f(one)i(that)g(do)q(es.)23 b(User)16 +b(appro)o(v)m(al)89 985 y(of)h(an)o(y)h(mo)q(di\014cation)e(that)i(is)f(not)g +(transparen)o(t)h(is)f(a)h(crucial)e(p)q(oin)o(t.)24 b(W)l(e)17 +b(com)o(bine)e(these)i(as-)89 1045 y(p)q(ects)g(in)g(the)g(term)e +Fh(acceptabilit)o(y)g(b)o(y)i(the)g(user)p Ft(.)24 b(An)17 +b(imp)q(ortan)o(t)f(p)q(oin)o(t)h(in)g(the)g(in)o(tro)q(duction)89 +1105 y(of)22 b(c)o(hanges)g(to)g(systems)e(is)i(the)f Fh(transition)h(pro)q +(cess)g Ft(from)f(the)g(original)h(state)g(\(b)q(efore)f(the)89 +1166 y(solution)c(is)f(applied\))f(to)i(the)f(new)g(state.)89 +1310 y Fg(3.2)70 b(The)22 b(Berk)n(eley)f(P)n(atc)n(h)89 1402 +y Ft(W)l(e)d(brie\015y)f(explained)h(the)g(Berk)o(eley)d(soft)o(w)o(are)k +(patc)o(h)f(in)g(section)g(1)g(without)h(calling)e(it)h(the)89 +1462 y(Berk)o(eley)10 b(patc)o(h.)20 b(This)13 b(\014rst)g(attempted)f +(defense,)g(dev)o(elop)q(ed)g(at)h(the)g(Univ)o(ersit)o(y)d(of)j(Berk)o(eley) +l(,)89 1523 y(CA)h(,)f(consists)h(of)g(mo)q(di\014cations)g(of)g(the)f +(r-command)f(daemons.)20 b(The)14 b(idea)g(is)g(to)g(v)m(alidate)f(the)89 +1583 y(in)o(v)o(erse)j(mapping)g(tree)h(b)o(y)f(lo)q(oking)i(at)g(the)f +(corresp)q(onding)h(no)q(de)g(on)g(the)f(forw)o(ard)h(mapping)89 +1643 y(tree.)i(S.)c(Bello)o(vin)e(describ)q(es)i(the)g(metho)q(d)g(used)g(b)o +(y)g(the)g(patc)o(h)g(in)g([Bel92)o(])g(as)h(follo)o(ws:)284 +1756 y(T)l(o)e(detect)e(this,)h(w)o(e)g(p)q(erform)f(a)h(cross{c)o(hec)o(k;)g +(using)g(the)g(returned)g(name,)e(w)o(e)211 1816 y(do)17 b(a)h(forw)o(ard)f +(c)o(hec)o(k)e(to)j(learn)e(the)h(legal)f(address)i(for)f(that)g(host.)24 +b(If)17 b(that)g(name)211 1876 y(is)f(not)g(listed,)f(or)h(if)g(the)f +(addresses)i(do)g(not)f(matc)o(h,)e(alarms,)h(gongs,)i(and)g(to)q(csins)211 +1936 y(are)f(sounded.)162 2049 y(The)c(\014x)g(is)h(easily)e(installed)g(and) +i(not)g(v)o(ery)e(complex.)18 b(Its)12 b(compatibilit)o(y)d(with)j(the)g +(existing)89 2109 y(DNS)17 b(proto)q(col)h(is)e(another)i(adv)m(an)o(tage.)24 +b(The)17 b(transition)g(pro)q(cess)h(to)f(mo)o(v)o(e)e(to)i(services)f(that) +89 2169 y(con)o(tain)i(the)g(patc)o(h)g(is)g(not)h(di\016cult,)e(but)h +(requires)g(some)f(w)o(ork.)27 b(Although)19 b(w)o(e)e(regard)i(this)89 +2230 y(patc)o(h)h(as)h(an)g(obligatory)f(mo)q(di\014cation)g(to)h(daemons)e +(lik)o(e)g Fi(rlo)n(gind)h Ft(and)h Fi(rshd)p Ft(,)f(it)g(is)g(limited)89 +2290 y(in)d(its)g(scop)q(e.)25 b(The)17 b(cac)o(he)g(of)g(a)h(running)g(name) +e(serv)o(er)g(can)h(still)g(b)q(e)g(p)q(oisoned)h(b)o(y)f(supplying)89 +2350 y(additional)j(unrequested)f(records)g(as)h(the)g(exp)q(erimen)o(ts)d +(describ)q(ed)i(in)g([Sc)o(h93,)h(section)f(3.5])89 2410 y(pro)o(v)o(e.)162 +2470 y(The)f(Berk)o(eley)d(patc)o(h)j(utilizes)e(a)i(principle)e(that)i(can)g +(b)q(e)g(applied)f(outside)h(of)g(the)g(UNIX)89 2530 y(domain.)h(The)13 +b(idea)g(is)f(to)h(p)q(erform)f(a)h(cross-c)o(hec)o(k)f(of)h(the)g(\014rst)g +(mapping)f(in)g(the)h(rev)o(erse)e(order.)89 2591 y(In)k(a)h(consisten)o(t)f +(state,)h(forw)o(ard)g(and)g(bac)o(kw)o(ard)f(mapping)g(data)h(are)g(managed) +f(b)o(y)g(the)g(same)977 2715 y(9)p eop +%%Page: 10 10 +9 bop 89 82 a Ft(authorit)o(y)l(.)32 b(Th)o(us)20 b(tamp)q(ering)f(with)h +(only)g(one)g(of)g(the)g(t)o(w)o(o)g(directions)f(of)h(mapping)g(can)g(b)q(e) +89 142 y(detected.)162 203 y(The)d(patc)o(h)f(is)g(a)h(solution)g(if)f(trust) +h(can)f(b)q(e)h(extended)f(only)g(within)g(the)g(scop)q(e)h(of)g(author-)89 +263 y(itativ)o(e)e(data,)j(and)f(if)f(the)h(attac)o(k)o(er)f(do)q(es)i(not)f +(use)g(the)f(more)g(sophisticated)h(attac)o(k)f(metho)q(d.)89 +323 y(If)g(the)h(attac)o(k)o(er)f(supplies)h(the)g(additional)g(address)h +(record)e(with)h(the)g(answ)o(er)g(to)h(the)e(rev)o(erse)89 +383 y(lo)q(okup,)h(it)f(means)f(that)i(he)g(con)o(trols)f(b)q(oth)h(lo)q +(okup)h(directions,)d(and)i(that)g(trust)g(is)f(extended)89 +443 y(to)h(p)q(ossibly)f(un)o(trust)o(w)o(orth)o(y)g(sources.)89 +588 y Fg(3.3)70 b(Examining)22 b(Berk)n(eley)f Fs(r{Commands)89 +680 y Ft(In)16 b(this)f(paragraph)j(w)o(e)e(discuss)g(the)g(UNIX{sp)q +(eci\014c)e(w)o(a)o(y)h(of)h(impleme)o(n)o(ting)d(a)j(T)l(rusted)h(Net-)89 +740 y(w)o(ork.)j(The)14 b(Berk)o(eley)c(r{commands)i(extensiv)o(ely)f(use)i +(the)g Fi(.rhosts)g Ft(and)h Fi(/etc/hosts.e)n(quiv)g Ft(\014les)89 +800 y(to)j(increase)g(con)o(v)o(enien)o(t)d(net)o(w)o(ork)j(access.)23 +b(In)17 b(paragraph)i(2.3.2,)e(w)o(e)f(discussed)h(the)g(T)l(rusted)89 +861 y(Net)o(w)o(ork)e(concept.)22 b(R{commands)15 b(suc)o(h)h(as)h(remote)e +(login)h(and)h(remote)e(shell)g(o\013er)i(the)g(p)q(os-)89 +921 y(sibilit)o(y)12 b(to)i(extend)f(trust)i(to)f(other)g(mac)o(hines.)k +(Users)c(and)h(system)d(administrators)h(can)i(build)89 981 +y(individual)j(net)o(w)o(orks)g(of)i(trust.)30 b(This)19 b(pro)o(v)o(es)f +(dangerous)j(in)e(some)f(cases.)29 b([GS91)q(,)19 b(c)o(hapter)89 +1041 y(11])e(discusses)f(securit)o(y)f(problems)g(with)h(the)g(UNIX)e(trust)j +(mec)o(hanism)o(.)162 1101 y(The)e(existence)e(of)j(these)e(structures)h(of)h +(trust)f(is)g(necessary)f(for)i(the)e(break{in)h(to)h(happ)q(en.)89 +1162 y(Ob)o(viously)l(,)23 b(the)g(break{in)h(is)f(prev)o(en)o(ted)e(if)i(w)o +(e)g(prohibit)g(the)g(usage)h(of)f(trusted)g(hosts)i(or)89 +1222 y(trusted)e(users)h(completely)l(.)39 b(It)23 b(is)g(tec)o(hnically)e(p) +q(ossible)i(to)h(disallo)o(w)f(the)g(usage)h(of)g Fh(trust)89 +1282 y Ft(in)19 b(Berk)o(eley)e(r{commands.)30 b(The)19 b(c)o(hoice)g(can)g +(b)q(e)h(made)e(b)o(y)h(the)h(system)e(administrator)h(at)89 +1342 y(compile)10 b(time.)18 b(Ho)o(w)o(ev)o(er,)11 b(b)q(eing)i(able)f(to)h +(access)g(other)g(mac)o(hines)d(without)j(passw)o(ords)i(mak)o(es)89 +1402 y(the)j(w)o(ork)h(in)f(a)h(net)o(w)o(orking)f(en)o(vironmen)o(t)e +(easier.)28 b(Once)18 b(used)h(to)g(the)g(comfort,)e(not)i(man)o(y)89 +1463 y(users)h(agree)g(to)g(sacri\014ce)f(their)g(con)o(v)o(enience)f(for)i +(the)f(prev)o(en)o(tion)g(of)h Fi(hyp)n(othetic)n(al)f Ft(securit)o(y)89 +1523 y(concerns.)32 b(The)20 b(trade{o\013)h(hereb)o(y)e(w)o(ould)h(con)o +(tain)f(the)h(loss)g(of)g(con)o(v)o(enien)o(t,)e(and)j(in)e(man)o(y)89 +1583 y(cases,)13 b(necessary)g(to)q(ols)h(for)f(trouble)g(free)f(connection)h +(to)g(hosts)h(that)g(are)f(accessed)f(frequen)o(tly)l(.)162 +1643 y(A)23 b(less)f(safe)h(solution)h(w)o(ould)e(b)q(e)i(to)f(limit)d(trust) +j(to)g(lo)q(cally)g(administered)d(zones,)25 b(i.e.)89 1703 +y(authoritativ)o(e)20 b(zones,)h(where)g(the)f(Berk)o(eley)e(patc)o(h)j(w)o +(orks)g(reliably)l(.)33 b(As)20 b(w)o(e)g(disco)o(v)o(ered)f(in)89 +1764 y(paragraph)h(3.2,)f(limiting)d(trust)j(to)g(certain)f(zones)h(\014xes)f +(the)h(\015a)o(w.)28 b(An)19 b(organization)g(could)89 1824 +y(issue)g(the)g(p)q(olicy)g(that)h(only)f(lo)q(cal)g(trust)h(is)f(allo)o(w)o +(ed.)30 b(In)19 b(some)g(organizations)h(this)f(can)h(b)q(e)89 +1884 y(considered)d(a)h(reasonable)g(approac)o(h)h(if)e(hardly)g(an)o(y)h +(remote)e(accesses)h(that)i(are)e(directed)g(to)89 1944 y(hosts)j(in)g(the)f +(lo)q(cal)h(zone)f(are)h(originated)f(outside)h(of)g(the)f(lo)q(cal)h(zone.) +31 b(Additional)19 b(mec)o(ha-)89 2004 y(nisms)f(w)o(ould)g(b)q(e)h +(necessary)g(to)g(enforce)f(the)h(p)q(olicy)l(,)f(suc)o(h)g(as)i(p)q(erio)q +(dical)e(c)o(hec)o(ks)g(of)h Fi(.rhosts)89 2065 y Ft(or)g(a)g(mo)q(di\014ed)e +(r{command)g(implem)o(en)n(tation)f(where)i(users)h(cannot)g(directly)e(mo)q +(dify)g(their)89 2125 y(database)22 b(of)f(trusted)f(mac)o(hines,)g(but)g(ha) +o(v)o(e)g(to)h(use)g(a)g(sp)q(ecial)f(program.)34 b(The)21 +b(trust)f(asso-)89 2185 y(ciations)f(m)o(ust)f(then)h(b)q(e)h(k)o(ept)e(in)h +(a)h(protected)f(data)h(area)g(of)g(the)f(op)q(erating)h(system.)29 +b(This)89 2245 y(program)13 b(could)g(\014lter)g(out{of{zone)h(en)o(tries)e +(at)i(the)f(time)e(the)i(user)g(w)o(an)o(ted)g(to)h(en)o(ter)e(them.)18 +b(It)89 2305 y(w)o(ould)d(also)h(con)o(tain)f(the)f(p)q(ossibilit)o(y)h(of)g +(managing)g(setup)g(c)o(hanges)g(cen)o(trally)l(.)k(This)d(solution)89 +2365 y(actually)g(prop)q(oses)h(an)g(automatized)e(pro)q(cedure)h(to)h +(implem)o(en)o(t)c(an)k(organization's)f(p)q(olicy)l(.)162 +2426 y(If)d(the)g(nature)h(of)f(connections)g(allo)o(ws)h(a)f(p)q(olicy)g +(suc)o(h)g(as)h(describ)q(ed)f(ab)q(o)o(v)o(e,)g(impleme)o(n)o(ti)o(ng)89 +2486 y(it)k(is)g(a)h(ma)s(jor)e(e\013ort.)25 b(Some)16 b(system)g(scripts)h +(ha)o(v)o(e)f(to)i(b)q(e)f(written)g(to)h(ensure)f(prop)q(er)h(usage,)89 +2546 y(op)q(erating)i(system)e(co)q(de)h(and)h(r{command)d(co)q(de)j(m)o(ust) +e(b)q(e)h(mo)q(di\014ed,)f(and)i(a)g(new)f(user)g(in-)965 2715 +y(10)p eop +%%Page: 11 11 +10 bop 89 82 a Ft(terface)17 b(has)h(to)h(b)q(e)f(dev)o(elop)q(ed.)24 +b(Users)18 b(ha)o(v)o(e)f(to)h(b)q(e)g(trained)f(on)h(ho)o(w)h(to)f(apply)f +(the)h(c)o(hanged)89 142 y(facilit)o(y)13 b(and)i(ha)o(v)o(e)f(to)h(b)q(e)g +(made)f(familiar)f(with)i(the)f(new)h(p)q(olicy)f(and)i(the)e(new)h(user)g +(in)o(terface.)89 203 y(Adv)m(an)o(tages)k(of)h(this)f(new)g(approac)o(h)g +(are)h(compatibilit)o(y)15 b(with)k(the)g(existing)f(DNS)h(proto)q(col)89 +263 y(and)e(additional)f(b)q(ene\014ts)h(in)f(further)f(securit)o(y)g +(related)h(issues.)162 323 y(Although)i(w)o(e)g(concen)o(trate)f(on)i(the)f +(Berk)o(eley)d(r{commands)i(in)h(this)g(paragraph,)i(w)o(e)d(do)89 +383 y(not)j(forget)f(that)h(there)f(are)g(other)g(w)o(a)o(ys)g(to)h(exploit)e +(the)h(\015a)o(w.)31 b(F)l(or)19 b(example,)f(in)o(tercepting)89 +443 y(electronic)12 b(mail)h(is)g(a)i(target)f(of)h(attac)o(k)o(ers;)e(esp)q +(ecially)g(electronic)f(mail)h(that)h(is)g(exc)o(hanged)f(b)o(y)89 +504 y(securit)o(y)i(agencies)i(and)h(securit)o(y)d(related)h(organizations.) +25 b(Electronic)15 b(mail)h(dep)q(ends)h(on)g(the)89 564 y(DNS.)162 +624 y(The)c(Massac)o(h)o(usetts)h(Institute)e(of)i(T)l(ec)o(hnology)l(,)f +(together)g(with)g(IBM)f(and)i(Digital)f(Equip-)89 684 y(men)o(t)18 +b(Corp)q(oration)k(dev)o(elop)q(ed)c(in)i(1983)h(Kerb)q(eros,)g(an)g(authen)o +(tication)e(system)f(that)j(uses)89 744 y(Data)14 b(Encryption)f(Standard)i +(\(see)e([NBS77)o(]\))g(cryptograph)o(y)g(to)h(transmit)e(sensitiv)o(e)g +(informa-)89 804 y(tion)18 b(on)h(a)g(net)o(w)o(ork,)f(suc)o(h)g(as)h +(clear-text)f(passw)o(ords.)29 b(Although)19 b(Kerb)q(eros)g(is)f(an)h +(excellen)o(t)89 865 y(solution)e(to)g(sev)o(eral)e(di\016cult)h(problems,)f +(it)h(has)h(shortcomings)f(that)i(limit)13 b(its)k(usefulness)f(in)89 +925 y(resp)q(ect)g(to)h(our)f(problem.)k(A)c(discussion)g(of)h(its)f +(shortcomings)g(can)g(b)q(e)g(found)h(in)f([GS91)q(].)162 985 +y(Ov)o(erall,)c(a)h(v)o(ery)f(w)o(eak)h(p)q(oin)o(t)g(in)g(Berk)o(eley)d +(deriv)o(ed)i(UNIX)f(systems)h(is)h(the)g(usage)h(of)f(trust.)89 +1045 y(This)18 b(pap)q(er)g(exploits)f(only)g(one)h(of)g(sev)o(eral)f(kno)o +(wn)h(\015a)o(ws)g(based)g(up)q(on)h(trust.)26 b(Using)17 b(trust{)89 +1105 y(based)h(mec)o(hanism)o(s)c(requires)i(thinking)h(ab)q(out)h(a)g(c)o +(hange)f(in)g(individual)e(p)q(olicies)i(in)f(dealing)89 1166 +y(with)g(gran)o(ting)h(trust)f(to)h(others.)k(W)l(e)16 b(can)h(conclude,)e(b) +o(y)h(citing)f(S.)h(Bello)o(vin)e(\([Bel90)o(]\):)284 1267 +y(If)f(a)h(host)g(trusts)g(another)f(host)h(not)g(named)f(in)g(a)g(lo)q(cal)h +(zone,)f(its)g(name)f(serv)o(er)211 1328 y(cannot)17 b(protect)f(it.)89 +1472 y Fg(3.4)70 b(Restricti)o(ng)21 b(Public)g(Information)i(Access)89 +1564 y Ft(What)13 b(mak)o(es)e(the)h(break{in)g(p)q(ossible)h(in)f(the)g +(\014rst)h(place)f(is)g(gathering)h(necessary)f(information)89 +1624 y(ab)q(out)19 b(hostnames)e(of)h(trusting)g(mac)o(hines)d(and)k(user)e +(names)g(on)h(di\013eren)o(t)e(systems)h(trusting)89 1685 y(eac)o(h)f(other.) +162 1745 y(W)l(e)11 b(are)h(not)g(discussing)f(random)h(patterns)f(of)h +(trust)g(that)g(migh)o(t)e(exist)g(b)q(et)o(w)o(een)h(hosts,)i(but)89 +1805 y(common)d(patterns)j(using)g(a)g(systematic)e(approac)o(h.)21 +b(In)12 b(a)h(cluster)f(of)h(time{sharing)e(mac)o(hines,)89 +1865 y(eac)o(h)18 b(mac)o(hine)f(is)i(lik)o(ely)d(to)j(extend)f(trust)h(to)g +(all)g(its)f(p)q(eers.)29 b(This)19 b(pattern)g(is)g(not)g(common)89 +1925 y(to)24 b(the)f(general)g(user)h(p)q(opulation,)i(but)d(it)g(is)h +(applicable)e(to)i(systems)e(programming)g(and)89 1986 y(op)q(erational)c +(sta\013.)25 b(Another)17 b(t)o(ypical)f(pattern)i(is)f(the)g(o)q(ccurrence)f +(of)i(\014le)f(serv)o(ers)f(that)i(trust)89 2046 y(their)10 +b(clien)o(ts,)g(who)i(serv)o(e)e(as)h(a)h(source)f(of)g(extra)g(CPU)g +(cycles.)18 b(Dataless)12 b(clien)o(ts)d(will)h(frequen)o(tly)89 +2106 y(trust)i(administrativ)o(e)e(mac)o(hines)g(to)j(p)q(ermit)d(soft)o(w)o +(are)i(main)o(tenance.)18 b(Some)11 b(systems)g(still)g(use)89 +2166 y(the)i(same)g Fi(/etc/hosts.e)n(quiv)i Ft(\014les)e(on)h(man)o(y)e +(hosts)i(just)g(to)g(simplify)c(systems)j(administration.)162 +2226 y(Generally)23 b(accessable)h(programs)g(can)g(aid)h(in)e(disco)o(v)o +(ering)g(the)h(desired)f(information:)89 2287 y(there)12 b(are)i(net)o(w)o +(ork)e(monitoring)g(and)i(information)e(to)q(ols)i(\(suc)o(h)f(as)g +Fi(snmptnetstat)p Ft(,)i Fi(tr)n(ac)n(er)n(oute)p Ft(,)89 2347 +y(or)j(the)g(DNS)g(itself)s(\),)g(user)g(information)f(services)g(\(suc)o(h)g +(as)i Fi(\014nger)p Ft(\),)g(and)g(UNIX)d(services)h(in)89 +2407 y(general)i(\(suc)o(h)g(as)h Fi(ftp)p Ft(,)g Fi(smtp)p +Ft(,)f(or)h Fi(rp)n(cinfo)p Ft(.\))30 b(Other)19 b(sources)h(of)f +(information)g(migh)o(t)e(include)89 2467 y(published)k(material)e +(describing)i(net)o(w)o(ork)g(top)q(ology)i(that)e(is)h(a)o(v)m(ailable)e +(for)i(example)d(from)89 2527 y(some)c(academic)g(departmen)o(ts.)162 +2588 y(The)23 b(men)o(tioned)f(collection)f(of)j(to)q(ols)g(sho)o(ws)g(that)g +(it)f(is)g(a)g(di\016cult)f(task)i(to)g(limit)c(in-)965 2715 +y(11)p eop +%%Page: 12 12 +11 bop 89 82 a Ft(formation)22 b(access)h(without)h(sacri\014cing)f(the)f +(legitimate)f(utilization)h(of)h(net)o(w)o(ork)g(services.)89 +142 y(Prev)o(en)o(ting)15 b(someone)h(from)f(gathering)i(information)f(is)g +(nearly)g(imp)q(ossible.)k(T)l(o)q(o)e(man)o(y)d(ser-)89 203 +y(vices)j(rely)g(on)i(address)g(information,)e(and)i(w)o(e)e(conjecture)h +(that)g(most)g(users)g(w)o(ould)g(not)h(b)q(e)89 263 y(happ)o(y)f(if)f(they)g +(w)o(ere)g(depriv)o(ed)f(of)i(useful)f(to)q(ols)h(suc)o(h)g(as)g(electronic)e +(mail)g(or)i(news)f(readers.)89 323 y(The)i(idea)f(of)h(op)q(en)h(systems)d +(requires)h(op)q(en)i(access)e(to)i(information)d(services)h(and)h(address)89 +383 y(information.)29 b(Therefore,)19 b(most)f(system)g(administrators)h(ha)o +(v)o(e)f(decided)g(that)i(the)f(b)q(ene\014ts)89 443 y(of)e(these)e +(utilities)g(out)o(w)o(eigh)h(the)g(risks.)89 588 y Fg(3.5)70 +b(Adjusting)22 b(DNS)h(Up)r(date)g(In)n(terv)l(als)89 680 y +Ft(Some)c(sites)h(ha)o(v)o(e)g(connections)g(c)o(hie\015y)f(with)h(mac)o +(hines)e(outside)j(of)f(their)g(zones)g(that)h(sta)o(y)89 740 +y(stable)14 b(in)f(the)h(sense)f(that)h(hostname)g(to)g(IP)f(address)i +(mapping)e(will)f(sta)o(y)i(the)g(same)e(for)i(a)h(long)89 +800 y(time.)24 b(The)18 b(idea)f(is)h(to)g(en)o(ter)f(long)h(time{to{liv)o(e) +d(v)m(alues)j(in)o(to)f(the)h(resource)f(records,)h(v)m(alues)89 +861 y(that)13 b(exceed)f(the)h(curren)o(tly)e(impleme)o(n)o(ted)f(threshold)j +(of)g(1)h(w)o(eek.)19 b(Limits)11 b(could)i(b)q(e)h(increased)89 +921 y(up)g(to)g(6,)h(12)f(mon)o(ths,)f(or)i(ev)o(en)e(longer,)h(dep)q(ending) +g(on)g(the)g(situation.)20 b(If)14 b(this)g(data)g(is)g(en)o(tered)89 +981 y(with)20 b(great)h(care)g(to)g(ensure)f(correctness)g(of)h(the)g +(mappings,)g(the)f(DNS)g(based)i(break{in)e(is)89 1041 y(prev)o(en)o(ted.)162 +1101 y(This)i(approac)o(h)g(is)f(limited)d(b)o(y)j(its)g(scop)q(e)h(of)f +(applicabilit)o(y)l(,)f(but)i(it)f(is)g(a)h(solution)f(with)89 +1162 y(man)o(y)d(adv)m(an)o(tages.)32 b(It)18 b(go)q(es)j(with)e(the)g +(curren)o(t)f(DNS)i(proto)q(col)g(and)g(can)f(b)q(e)h(implem)o(e)o(n)o(ted)89 +1222 y(without)f(m)o(uc)o(h)e(e\013ort)j(b)o(y)e(simply)f(c)o(hanging)j(the)e +(constan)o(t)i(in)f(the)f(name)g(serv)o(er)g(co)q(de)i(that)89 +1282 y(determines)14 b(the)i(maxim)o(um)c(time{to{liv)o(e)i(for)j(cac)o(he)e +(en)o(tries)h(and)h(recompiling)d(the)i(system.)89 1342 y(As)j(all)f +(necessary)h(en)o(tries)f(are)h(k)o(ept)f(in)h(the)g(lo)q(cal)g(cac)o(he,)f +(the)h(system)e(pro)o(vides)i(v)o(ery)f(quic)o(k)89 1402 y(replies)d(to)i +(queries.)k(It)16 b(hardly)h(ev)o(er)e(uses)i(the)f(net)o(w)o(ork)g(and)h +(therefore)f(sa)o(v)o(es)g(bandwidth)h(on)89 1463 y(the)f(medium)d(for)j +(other)h(tasks.)162 1523 y(This)k(approac)o(h)h(has)f(the)g(problem)e(of)i(v) +m(alidating)g(mappings)f(b)q(efore)h(they)f(are)h(cac)o(hed.)89 +1583 y(Ho)o(w)e(can)h(it)e(b)q(e)i(ensured)f(that)h(the)f(mappings)g(are)g +(correct)g(in)f(the)i(\014rst)f(place?)30 b(Certainly)l(,)89 +1643 y(a)18 b(false)f(en)o(try)f(w)o(ould)i(sta)o(y)f(for)h(a)f(long)h(time,) +d(and)j(the)f(attac)o(k)o(er's)g(address)h(w)o(ould)f(b)q(e)h(\014nally)89 +1703 y(noted.)23 b(But)17 b(do)q(es)h(that)f(really)f(help,)g(once)h(misc)o +(hief)d(is)i(done?)25 b(It)16 b(migh)o(t)f(aid)i(in)g(prosecution)89 +1764 y(e\013orts,)f(but)h(only)f(little)e(in)i(prev)o(en)o(tion.)162 +1824 y(Extending)i(TTL)i(v)m(alues)e(to)h(a)g(long)g(p)q(erio)q(d)g(of)g +(time)d(is)i(a)h(safe)g(and)g(feasible)f(metho)q(d)f(in)89 +1884 y(en)o(vironmen)o(ts)12 b(where)i(the)g(additional)g(condition)g(of)h +(static)f(mappings)g(with)g(long)h(lifetimes)c(is)89 1944 y(giv)o(en.)22 +b(Ho)o(w)o(ev)o(er,)15 b(in)i(this)g(scenario)g(the)f(DNS)h(seems)f(not)h(to) +h(b)q(e)f(the)f(righ)o(t)h(approac)o(h,)g(but)h(a)89 2004 y(lo)q(cally)d(w)o +(ell{administered)f(static)i(mapping)f(mec)o(hanism.)162 2065 +y(One)21 b(of)g(the)g(original)g(reasons)h(to)g(in)o(tro)q(duce)e(the)h(DNS)g +(w)o(as)h(to)f(manage)g(the)g(dynamic)89 2125 y(b)q(eha)o(vior)c(of)h(c)o +(hanges)g(in)f(the)g(data)h(base.)25 b(This)18 b(approac)o(h)g(\014xes)f +(mappings)g(for)h(a)f(long)h(time)89 2185 y(and)e(uses)g(a)g(p)q(o)o(w)o +(erful)e(distributed)h(database)i(system)d(for)i(an)g(infrequen)o(tly)d(o)q +(ccuring)i(up)q(date)89 2245 y(pro)q(cess.)33 b(Although)20 +b(w)o(e)f(are)h(not)g(talking)g(ab)q(out)h(a)f(static)g(mapping)f(in)h(this)f +(paragraph,)k(a)89 2305 y(w)o(ell{main)o(tained)12 b Fi(HOSTS.TXT)k +Ft(\014le)f(or)g(a)g(h)o(ybrid)g(approac)o(h)g(w)o(ould)g(ha)o(v)o(e)g(the)f +(functionalit)o(y)89 2365 y(required)h(with)h(less)g(o)o(v)o(erhead.)162 +2426 y(It)23 b(could)h(b)q(e)f(suggested)i(to)f(abandon)h(the)e(DNS)h(and)g +(either)f(return)g(to)h(the)f(previous)89 2486 y(system)c(with)i(a)g(static)g +(host)g(table,)h(or)f(mo)o(v)o(e)e(on)i(to)g(another)h(system)d(that)i(has)h +(y)o(et)e(to)h(b)q(e)89 2546 y(dev)o(elop)q(ed.)f(W)l(e)14 +b(are)g(not)h(going)h(to)f(discuss)f(p)q(ossible)h(future)f(dev)o(elopmen)o +(t)e(of)i(the)h(DNS)f(here,)965 2715 y(12)p eop +%%Page: 13 13 +12 bop 89 82 a Ft(but)16 b(returning)g(to)h(the)f(previous)g(system.)162 +142 y(In)c(this)f(approac)o(h,)i(mappings)f(can)g(c)o(hange)f(frequen)o(tly)l +(,)g(but)h(c)o(hanges)g(ha)o(v)o(e)f(to)h(b)q(e)g(rep)q(orted)89 +203 y(to)21 b(a)g(cen)o(tral)f(authorit)o(y)g(that)h(manages)f(the)h(whole)f +(DNS)h(space)g(in)f(con)o(trast)h(to)g(the)f(DNS)89 263 y(approac)o(h)k(of)f +(managing)f(zones)h(through)h(delegated)e(lo)q(cal)h(authorities.)41 +b(This)23 b(w)o(ould)g(not)89 323 y(solv)o(e)17 b(the)g(problem,)e(b)q +(ecause)j(the)f(problem)f(is)h(not)h(the)f(DNS,)g(but)h(inadequate)f(metho)q +(ds)g(of)89 383 y(host)i(authen)o(tication.)28 b(IP)18 b(addresses)h(of)g +(trusted)g(mac)o(hines)d(could)j(still)e(b)q(e)i(imitated.)26 +b(This)89 443 y(is)16 b(a)h(somewhat)f(harder)g(task,)g(but)h(the)f(tec)o +(hniques)f(ha)o(v)o(e)g(b)q(een)h(kno)o(wn)h(for)g(quite)e(some)g(time)89 +504 y(\(see)h([Mor85]\).)162 564 y(W)l(ould)e(it)f(b)q(e)g(safer)h(to)f +(transmit)g(up)q(dates)h(to)g(a)f(cen)o(tral)g(site?)20 b(Electronic)12 +b(mail,)g(telephone)89 624 y(calls,)h(or)h(con)o(v)o(en)o(tional)e(pap)q(er)h +(are)h(not)g(necessarily)e(a)i(reliable)d(w)o(a)o(y)j(to)f(transmit)f +(mapping)h(in-)89 684 y(formation)h(up)q(dates.)22 b(The)14 +b(long)h(time)e(dela)o(y)h(un)o(til)f(cen)o(trally)g(made)h(c)o(hanges)h(are) +g(propagated)89 744 y(through)g(the)g(net)o(w)o(ork)e(w)o(ould)i(condemn)e +(the)h(database)i(to)f(b)q(e)f(in)g(an)h(inheren)o(tly)e(inconsisten)o(t)89 +804 y(state.)22 b(The)17 b(system)e(w)o(ould)h(again)h(con)o(tain)g(all)e +(the)i(disadv)m(an)o(tages)g(whic)o(h)f(w)o(ere)g(the)g(reasons)89 +865 y(for)g(dev)o(eloping)g(the)g(curren)o(t)f(DNS.)162 925 +y(But)d(b)q(esides)g(these)g(ob)o(vious,)h(tec)o(hnical,)e(and)i(w)o(ell{kno) +o(wn)e(reasons,)j(there)e(is)g(a)g(signi\014can)o(t)89 985 +y(argumen)o(t)h(wh)o(y)g(no)h(one)g(can)g(p)q(ossibly)g(b)q(e)g(in)f(fa)o(v)o +(or)g(of)h(reinstalling)f(the)g(previous)h(system:)k(the)89 +1045 y(sheer)h(size)f(of)h(the)g(In)o(ternet.)29 b Fi(HOSTS.TXT)20 +b Ft(w)o(as)g(abandoned)g(b)q(ecause)f(200,000)i(hosts)f(w)o(as)89 +1105 y(to)q(o)13 b(m)o(uc)o(h)d(to)i(b)q(e)h(managed.)19 b(Are)11 +b(curren)o(tly)g(o)o(v)o(er)g(2.2)h(million)e(\(see)h([Lot94)q(]\))h(easier)g +(to)g(handle?)89 1166 y(Certainly)j(not.)162 1226 y(Abandoning)f(the)f(DNS)h +(w)o(ould)f(drag)h(the)f(name)f(resolution)h(task)h(in)f(the)g(In)o(ternet)f +(out)i(of)g(a)89 1286 y(functioning)f(state)h(with)f(a)h(not)g(easily)e +(exploitable)g(securit)o(y)g(breac)o(h,)h(in)o(to)g(an)h(unmanageable,)89 +1346 y(not)k(w)o(orking)g(state)g(of)g(prehistoric)e(system)h(design.)25 +b(W)l(e)18 b(think)f(that)h(w)o(ould)f(do)i(more)d(harm)89 +1406 y(than)h(ignoring)f(the)g(problem.)89 1551 y Fg(3.6)70 +b(Hardening)23 b(Name)e(Serv)n(ers)89 1643 y Fe(3.6.1)55 b(Keeping)18 +b(Additional)g(Information)89 1736 y Ft(A)i(\014rst)g(idea)g(is)g(to)g +(extensiv)o(ely)e(log)i(remote)e(login)j(attempts)e(with)h(all)f(asso)q +(ciated)i(address)89 1796 y(and)g(name)d(information.)32 b(Or)19 +b(ev)o(en)g(more:)28 b(to)20 b(tag)h(cac)o(he)e(en)o(tries)g(with)g(their)h +(origin.)32 b(The)89 1856 y(latter)19 b(is)g(an)i(easily)d(ac)o(hiev)o(ed)g +(mo)q(di\014cation)h(that)h(costs)g(additional)g(memory)c(space)k(in)f(the)89 +1916 y(cac)o(he.)h(This)c(metho)q(d)f(mak)o(es)g(it)g(easier)g(to)h(trac)o(k) +g(false)f(database)i(en)o(tries)e(for)h(the)g(purp)q(ose)h(of)89 +1976 y(debugging)g(wrong)g(zone)f(data)i(or)e(in)o(v)o(estigating)f(a)i(DNS)f +(based)h(break{in.)89 2106 y Fe(3.6.2)55 b(Prev)n(en)n(tion)18 +b(of)h(Cac)n(he)h(P)n(oisoning)89 2199 y Ft(Prev)o(en)o(ting)14 +b(the)h(cac)o(he)f(from)h(con)o(tamination)f(is)h(not)h(feasible)e(from)g +(within)h(the)g(name)f(serv)o(er)89 2259 y(co)q(de,)24 b(as)f(there)f(is)h +(no)g(w)o(a)o(y)f(of)h(a)g(priori)f(determining)f(if)h(an)o(y)g(giv)o(en)g +(additional)h(record)f(is)89 2319 y(trust)o(w)o(orth)o(y)14 +b(or)h(not.)21 b(W)l(e)14 b(could)g(start)h(treating)f(sp)q(ecial)g(cases)h +(of)f(when)h(to)g(allo)o(w)f(or)g(disallo)o(w)89 2379 y(additional)i +(information.)162 2439 y(The)h(default)g(safe)g(b)q(eha)o(vior)h(w)o(ould)f +(b)q(e)g(to)h(disallo)o(w)e(the)h(cac)o(hing)g(of)g(unrequested)g(infor-)89 +2500 y(mation,)i(and)i(to)f(allo)o(w)g(it)f(only)h(in)f(cases)h(where)g(the)f +(information)g(is)h(necessary)l(,)g(and)g(then)89 2560 y(only)c(for)h(the)f +(curren)o(t)f(resolution.)965 2715 y(13)p eop +%%Page: 14 14 +13 bop 89 82 a Fe(3.6.3)55 b(Con)n(text)19 b(Cac)n(he)89 175 +y Ft(There)11 b(are)h(other,)h(more)d(sophisticated)i(approac)o(hes)g(p)q +(ossible:)20 b(if)11 b(some)g(additional)h(or)g(author-)89 +235 y(itativ)o(e)g(records)h(are)g(returned)g(together)g(with)g(a)h(resource) +f(record,)g(they)f(could)h(b)q(e)h(in)o(terpreted)89 295 y(only)k(in)f(the)h +(con)o(text)f(of)h(that)g(resource)g(record.)26 b(The)18 b(di\013erence)f(b)q +(et)o(w)o(een)g(the)g(default)h(safe)89 355 y(b)q(eha)o(vior)13 +b(approac)o(h)h(and)g(this)f(one)g(is)g(that)h(in)f(the)g(former,)e(resource) +i(records)h(are)f(only)g(cac)o(hed)89 415 y(when)k(they)f(w)o(ere)g +(requested)g(or)h(necessary)g(additional)g(information,)e(whereas)i(in)g(the) +f(latter)89 475 y(approac)o(h)g(the)f(new)g(en)o(tries)f(get)i(cac)o(hed,)e +(but)h(can)h(b)q(e)f(retriev)o(ed)f(from)g(the)h(cac)o(he)f(only)h(in)g(the) +89 536 y(same)k(con)o(text)h(in)g(whic)o(h)g(they)g(w)o(ere)g(en)o(tered.)33 +b(F)l(or)21 b(example,)e(an)i Ff(address)d Ft(record)i(in)g(the)89 +596 y(additional)f(section)g(of)g(a)g(resp)q(onse)h(to)g(a)f +Ff(mail)24 b(exchange)16 b Ft(record)j(request)g(should)g(only)g(b)q(e)89 +656 y(used)c(for)h(deliv)o(ering)d(mail.)19 b(The)c(information)f(w)o(ould)h +(not)g(b)q(e)g(acceptable)g(for)g(a)h(remote)d(login)89 716 +y(to)h(another)h(host,)g(or)g(generally)e(usable)h(for)g(other)h(services.)k +(A)14 b(glue)g Ff(address)d Ft(record)j(coming)89 776 y(along)k(with)e(a)i +Ff(name)24 b(server)15 b Ft(record)h(w)o(ould)h(only)g(b)q(e)g(used)g(for)g +(follo)o(w{up)g(queries,)f(b)q(ecause)89 837 y(that)k(is)g(the)f(con)o(text)g +(in)h(whic)o(h)f(it)g(w)o(as)h(supplied.)31 b Ff(Address)18 +b Ft(records)h(along)i(with)f Ff(pointer)89 897 y Ft(records)c(should)h(nev)o +(er)d(b)q(e)j(cac)o(hed,)d(b)q(ecause)j(there)e(is)h(no)g(legal)g(con)o(text) +f(in)h(whic)o(h)f(they)h(ha)o(v)o(e)89 957 y(to)h(b)q(e)f(returned)g(in)g(a)g +(single)g(resp)q(onse.)162 1017 y(This)24 b(whole)f(approac)o(h)h(leads)f(to) +h(the)f(question)g(of)h(whether)f(w)o(e)f(still)h(need)g(the)g(addi-)89 +1077 y(tional)18 b(section)f(at)i(all.)25 b(If)18 b(only)g(certain)f(com)o +(binations)f(of)j(resource)e(records)h(are)g(allo)o(w)o(ed)f(as)89 +1138 y(a)22 b(resp)q(onse)g(to)g(a)g(query)l(,)f(wh)o(y)g(not)h(consequen)o +(tly)e(eliminate)f(the)i(idea)g(of)h(additional,)h(un-)89 1198 +y(requested)17 b(information)g(completely)l(,)e(and)k(adapt)g(the)f(proto)q +(col)h(to)g(accommo)q(date)d(the)i(new)89 1258 y(ideas,)e(namely)e(a)j +(certain)e(limited)f(n)o(um)o(b)q(er)g(of)j(t)o(yp)q(es)f(of)g(asso)q +(ciations?)162 1318 y(First)i(of)h(all,)g(that)g(w)o(ould)g(require)e(a)i +(proto)q(col)h(c)o(hange,)f(whic)o(h)f(is)g(something)g(w)o(e)g(try)h(to)89 +1378 y(a)o(v)o(oid.)41 b(Some)21 b(of)i(the)g(original)g(design)g(goals)h(of) +f(the)f(DNS)h(also)h(imply)c(that)k(elimi)o(nating)89 1439 +y(the)18 b(additional)h(section)f(w)o(ould)g(not)h(b)q(e)g(a)g(go)q(o)q(d)h +(approac)o(h.)29 b(The)18 b(system)f(w)o(ould)i(lose)f(some)89 +1499 y(of)i(its)f(generalit)o(y)l(,)f(b)q(ecause)h(the)h(additional)f +(section)g(migh)o(t)e(b)q(ecome)h(v)o(ery)g(useful)h(in)g(future)89 +1559 y(applications)e(of)g(the)f(DNS)h(without)g(con)o(taining)g(an)o(y)f +(securit)o(y)g(threats.)23 b(The)17 b(system)e(w)o(ould)89 +1619 y(certainly)10 b(lose)i(e\016ciency)l(.)17 b(Here)10 b(w)o(e)h(see)h +(again)g(an)g(imp)q(ortan)o(t)f(trade-o\013)h(that)g(w)o(e)f(ha)o(v)o(e)g +(already)89 1679 y(men)o(tioned)e(in)i(previous)g(sections:)19 +b(an)12 b(increase)e(in)h(systems)f(securit)o(y)g(and)i(a)g(decline)d(in)i +(system)89 1740 y(p)q(erformance)k(vs.)21 b(go)q(o)q(d)e(system)14 +b(p)q(erformance)h(and)i(a)g(p)q(ossible)f(lac)o(k)g(of)g(securit)o(y)l(.)162 +1800 y(It)k(is)f(therefore)h(justi\014able)f(to)h(tak)o(e)g(the)f(approac)o +(h)i(of)f(hardening)g(the)g(name)f(serv)o(er)f(b)o(y)89 1860 +y(treating)j(more)f(sp)q(ecial)h(cases,)h(and)g(b)o(y)f(increasing)g(the)g +(complexit)o(y)d(of)k(the)f(in)o(ternal)f(data)89 1920 y(bases,)k(instead)e +(of)g(hardening)h(it)e(b)o(y)h(implem)o(en)o(t)o(ing)e(the)h(same)h(ideas)g +(accepting)f(proto)q(col)89 1980 y(c)o(hanges.)89 2110 y Fe(3.6.4)55 +b(Authorit)n(y)19 b(Cac)n(he)89 2203 y Ft(A)c(further)g(approac)o(h)h(w)o +(ould)g(b)q(e)f(to)h(cac)o(he)e(data)j(only)e(if)g(the)g(source)g(of)h(a)g +(record)f(is)g(kno)o(wn)h(to)89 2263 y(b)q(e)i(authoritativ)o(e)f(for)h(that) +g(zone.)25 b(W)l(e)18 b(giv)o(e)e(an)i(example)e(for)i(that:)24 +b(If)17 b(a)h(name)f(serv)o(er)f Ff(ara-)89 2323 y(gorn.defen)o(d.d)o(om)8 +b Ft(receiv)o(es)i(a)i Ff(pointer)e Ft(record)h(from)g(some)g(host)i +Ff(caradhras)o(.at)o(tac)o(k.d)o(om)o Ft(,)89 2383 y(and)j(the)f(DNS)g +(message)g(also)h(con)o(tains)f(an)h Ff(address)d Ft(record)i(in)g(its)g +(additional)g(section,)g(then)89 2443 y(the)h(name)g(serv)o(er)f +Ff(aragorn)f Ft(w)o(ould)j(b)q(eliev)o(e)d(and)j(cac)o(he)f(this)g +(information)g(only)g(if)g(it)g(already)89 2503 y(kno)o(ws)e(that)g(the)f +(source)h(name)e(serv)o(er)h Ff(caradhras)d Ft(is)k(authoritativ)o(e)f(for)g +(the)h(according)g(zone.)89 2564 y(A)g(name)e(serv)o(er)h(follo)o(wing)h +(this)g(strategy)g(w)o(ould)g(create)g(its)g(o)o(wn)g(tree)f(of)i +(authoritativ)o(e)e(name)965 2715 y(14)p eop +%%Page: 15 15 +14 bop 89 82 a Ft(serv)o(ers.)39 b(This)23 b(tree)f(w)o(ould)g(ha)o(v)o(e)g +(to)h(lose)f(subtrees)h(according)f(to)h(the)f(expiration)g(of)h(the)89 +142 y(lifetime)13 b(of)j(some)g(no)q(de)g(\(name)f(serv)o(er\).)162 +203 y(This)20 b(approac)o(h)g(ho)o(w)o(ev)o(er)e(has)i(a)g(serious)g(\015a)o +(w)g(in)f(it.)30 b(Serv)o(ers)19 b(determine)e(if)i(DNS)g(mes-)89 +263 y(sages)g(are)f(gen)o(uine)f(b)o(y)h(c)o(hec)o(king)e(a)i(certain)f +(\015ag)i(in)f(the)g(header)f(of)i(the)e(DNS)h(message:)24 +b(the)89 323 y Ff(authoritat)o(ive)e(answer)11 b Ft(bit.)20 +b(This)14 b(\015ag)g(is)f(only)g(v)m(alid)h(in)f(resp)q(onses)h(and)g(sp)q +(eci\014es)f(that)h(the)89 383 y(resp)q(onding)20 b(name)f(serv)o(er)f(is)i +(an)g(authorit)o(y)f(for)h(the)f(domain)g(name)f(in)h(question.)31 +b(Nothing)89 443 y(prev)o(en)o(ts)11 b(an)o(y)i(attac)o(k)o(er)e(who)j +(supplies)e(sp)q(eci\014cally)f(man)o(ufactured)g(pac)o(k)o(ets)h(in)g(the)h +(\014rst)g(place)89 504 y(from)i(setting)h(this)g(bit)g(regardless)h(of)f +(its)g(v)m(alidit)o(y)l(.)89 633 y Fe(3.6.5)55 b(Conditional)19 +b(Cac)n(he)g(Use)89 726 y Ft(The)d(Berk)o(eley)d(patc)o(h)j(\(see)g +(paragraph)i(3.2\))e(can)g(fail)f(in)h(the)g(case)g(that)g(the)g(cac)o(he)f +(is)h(already)89 786 y(p)q(oisoned.)29 b(An)19 b(idea)f(to)h(strengthen)g +(the)g(Berk)o(eley)d(patc)o(h)i(is)h(to)g(pro)o(vide)e(the)i(p)q(ossibilit)o +(y)f(to)89 846 y(resolv)o(e)e(queries)h(without)h(using)g(the)f(cac)o(he.)25 +b(That)18 b(could)g(b)q(e)f(used)h(b)o(y)f(the)h(Berk)o(eley)d(patc)o(h.)89 +906 y(The)f(system)e(call)h(executing)f(the)h(forw)o(ard)i(lo)q(okup)f(w)o +(ould)g(for)f(example)f(set)h(a)h(\015ag)h(to)f(indicate)89 +967 y(that)h(the)g(cac)o(he)g(con)o(ten)o(ts)f(should)i(not)f(b)q(e)h(used)f +(for)g(the)g(follo)o(wing)g(resolution.)21 b(This)15 b(metho)q(d)89 +1027 y(again)20 b(decreases)f(the)g(e\016ciency)e(of)j(the)f(system,)f(but)h +(it)g(prev)o(en)o(ts)f(the)h(exploitation)g(of)g(the)89 1087 +y(w)o(eakness.)h(One)12 b(could)h(also)g(think)g(of)g(a)g(system)e(call)h(to) +h(\015ush)g(the)g(cac)o(he)f(follo)o(w)o(ed)g(b)o(y)g(a)h(reload)89 +1147 y(of)j(the)g(database,)h(similar)d(to)i(the)g(signal)g(SIGHUP)f(that)i +(a)f(system)f(administrator)g(can)h(send)89 1207 y(to)h(the)f(BIND)f(implem)o +(en)n(tation)f(of)j(the)f(name)f(serv)o(er)g(to)h(ac)o(hiev)o(e)f(the)h +(same.)89 1337 y Fe(3.6.6)55 b(Discussion)89 1430 y Ft(A)18 +b(v)o(ery)f(thorough)j(analysis)f(of)g(the)f(proto)q(col)h(is)g(needed)f(to)h +(determine)c(the)k(cases)f(in)h(whic)o(h)89 1490 y(additional)g(resource)f +(records)g(are)h(legal)f(and)h(cannot)g(do)g(an)o(y)g(harm,)e(or)i(ha)o(v)o +(e)f(to)h(b)q(e)g(stored)89 1550 y(in)d(di\013eren)o(t)f(con)o(texts.)162 +1610 y(One)20 b(of)h(the)g(design)f(goals)i(of)f(the)f(DNS)g(is)h(hereb)o(y)e +(in)h(danger:)31 b(generalit)o(y)l(.)h(The)21 b(DNS)89 1670 +y(should)14 b(not)h(con)o(tain)e(an)o(y)h(unnecessary)g(restrictions)f +(regarding)h(its)g(purp)q(ose)g(or)g(applications.)89 1731 +y(If)g(the)f(impleme)o(n)o(tor)e(of)k(the)f(DNS)g(w)o(ere)f(to)i(decide)d +(whic)o(h)i(com)o(binations)f(of)h(resource)g(records)89 1791 +y(w)o(ould)i(b)q(e)h(allo)o(w)o(ed,)d(the)i(DNS)h(migh)o(t)d(b)q(e)i +(constrained)h(in)f(a)g(w)o(a)o(y)g(that)h(it)e(is)h(no)h(longer)f(useful)89 +1851 y(for)h(certain)e(applications.)22 b(A)16 b(decline)f(in)h(system)f(p)q +(erformance)g(w)o(ould)i(result)f(from)f(the)h(fact)89 1911 +y(that)g(name)f(serv)o(ers)g(w)o(ould)i(b)q(eliev)o(e)d(and)i(therefore)g +(cac)o(he)f(less)g(data)i(|)f(data)h(that)g(migh)o(t)d(b)q(e)89 +1971 y(needed)i(later.)162 2031 y(Hardening)h(name)e(serv)o(ers)i(consists)g +(of)g(sev)o(eral)f(p)q(ossible)h(mo)q(di\014cations,)f(some)g(of)h(whic)o(h) +89 2092 y(seem)i(promising,)i(ev)o(en)f(though)i(their)e(application)h +(decreases)f(the)h(system's)e(p)q(erformance)89 2152 y(and)e(increases)f(its) +g(complexit)o(y)-5 b(.)89 2296 y Fg(3.7)70 b(Cryptographic)23 +b(Metho)r(ds)g(for)h(Authen)n(tication)89 2389 y Ft(In)19 b(this)g(paragraph) +i(w)o(e)e(describ)q(e)g(the)g(arc)o(hitecture)e(of)j(an)g(authen)o(tication)f +(system)f(em)o(b)q(ed-)89 2449 y(ded)f(in)o(to)f(the)h(DNS.)f(Note)g(that)i +(the)e(algorithms)g(and)i(metho)q(ds)e(describ)q(ed)g(in)h(the)f(follo)o +(wing)89 2509 y(paragraphs)g(yield)d(as)i(m)o(uc)o(h)d(securit)o(y)h(as)i(p)q +(ossible.)21 b(Ho)o(w)o(ev)o(er)12 b(they)i(are)g(not)h(p)q(erfect.)20 +b(Most)15 b(of)89 2569 y(the)j(algorithms)f(rely)g(at)i(some)e(p)q(oin)o(t)h +(on)h(conjectures)e(in)h(n)o(um)o(b)q(er)e(theory)i(that)h(are)f(neither)965 +2715 y(15)p eop +%%Page: 16 16 +15 bop 89 82 a Ft(pro)o(v)o(en)16 b(nor)h(con)o(tradicted,)e(or)i(on)h(the)e +(fact)g(that)h(brute)g(force)f(attac)o(ks)h(are)f(computationally)89 +142 y(infeasible.)k(F)l(or)c(a)h(discussion)f(of)h(this)f(see)g([Den82].)162 +203 y(W)l(e)j(ha)o(v)o(e)f(to)i(meet)d(the)h(requiremen)o(ts)e(of)k(data)g +(in)o(tegrit)o(y)d(of)i(the)g(message)f(and)i(of)f(orig-)89 +263 y(inator)g(authen)o(tication.)27 b(In)18 b(the)g(follo)o(wing)g(w)o(e)g +(will)f(elab)q(orate)i(on)g(these)f(t)o(w)o(o)g(requiremen)o(ts)89 +323 y(and)g(presen)o(t)e(tec)o(hniques)f(for)j(their)e(p)q(ossible)h(implem)o +(en)o(tation.)j(The)d(algorithms)g(and)g(cryp-)89 383 y(tosystems)c(that)i(w) +o(e)f(c)o(hose)g(are)g(t)o(ypical)f(represen)o(tativ)o(es)f(of)j(the)f(class) +g(of)h(algorithms)e(that)i(are)89 443 y(applicable.)20 b(They)c(are)h(b)o(y)e +(far)i(not)g(the)f(only)g(p)q(ossible)g(c)o(hoice.)89 573 y +Fe(3.7.1)55 b(Data)19 b(In)n(tegrit)n(y)89 666 y Ft(Data)f(in)o(tegrit)o(y)d +(in)i(a)h(comm)o(uni)o(cation)c(system)i(prev)o(en)o(ts)g(against)i(activ)o +(e)e(wiretapping,)h(that)89 726 y(means)10 b(a)i(recipien)o(t)d(is)i(pro)o +(vided)f(with)h(the)g(assurance)h(that)g(the)f(con)o(ten)o(t)f(of)h(a)h +(receiv)o(ed)d(message)89 786 y(is)16 b(iden)o(tical)e(to)j(the)f(con)o(ten)o +(t)g(of)g(the)g(message)g(sen)o(t)f(b)o(y)h(its)g(originator.)162 +846 y(W)l(e)h(w)o(an)o(t)g(to)g(ensure)g(the)g(in)o(tegrit)o(y)e(of)i +(transmitted)f(DNS)h(messages)f(along)i(with)f(a)g(time)89 +906 y(stamp)i(to)h(protect)f(against)h(repla)o(y)f(attac)o(ks.)31 +b(W)l(e)19 b(concen)o(trate)f(on)i(a)g(certain)f(tec)o(hnique)f(to)89 +967 y(detect)d(unauthorized)i(message)e(alteration)h(that)h(is)f(e\016cien)o +(t)e(and)j(considerably)f(secure.)162 1027 y(In)k(case)g(of)g(alteration)g +(detection,)f(reco)o(v)o(ery)f(actions)j(could)e(b)q(e)h(to)h(ignore)f(the)f +(receiv)o(ed)89 1087 y(DNS)k(message)g(and)h(issue)f(an)h(additional)g(query) +l(.)42 b(Our)23 b(approac)o(h)i(is)e(based)h(on)g(message)89 +1147 y(digest)19 b(algorithms.)28 b(Message)19 b(digests,)h(or)f(synon)o +(ymously)e(\014ngerprin)o(ts)i(or)g(signatures,)h(are)89 1207 +y(the)d(result)g(of)h(the)f(application)g(of)g(a)h(one-w)o(a)o(y)g(hash)g +(functions)f(that)h(computes)e(a)i(c)o(hec)o(ksum)89 1267 y(of)f(its)f(input) +g(data.)162 1328 y(MD5)k(and)f(the)g(Snefru)g(algorithm)g(are)g(examples)e +(for)i(message)g(digest)g(algorithms)f(\(see)89 1388 y([Riv92)o(,)c +(Mer89].\))20 b(Message)14 b(digest)f(algorithms)g(are)h(easy)g(to)g +(compute,)e(are)i(only)f(a)h(few)g(b)o(ytes)89 1448 y(p)q(er)h(message,)f +(are)h(computationally)e(hard)j(to)f(in)o(v)o(ert,)e(and)j(usually)e(require) +g(a)h(certain)g(size)f(of)89 1508 y(input)i(data.)162 1568 +y(An)g(originator)h(w)o(ould)g(calculate)e(the)h(message)g(digest)g(of)h(a)g +(DNS)f(message)f(immediatel)o(y)89 1629 y(b)q(efore)f(it)g(is)g(sen)o(t)g +(out.)21 b(The)15 b(recipien)o(t)d(w)o(ould)i(recalculate)f(the)h(message)g +(digest)g(and)h(compare)89 1689 y(the)h(resulting)g(v)m(alue)g(with)g(the)g +(one)g(calculated)g(b)o(y)f(the)h(originator.)22 b(In)16 b(case)g(of)h(a)g +(mismatc)n(h,)89 1749 y(the)k(receiv)o(er)e(w)o(ould)j(conclude)e(that)i(he)f +(receiv)o(ed)f(a)h(mo)q(di\014ed)g(DNS)g(message.)36 b(He)21 +b(w)o(ould)89 1809 y(discard)16 b(it.)162 1869 y(But)i(ho)o(w)h(do)q(es)f +(the)g(message)g(digest)g(calculated)f(b)o(y)h(the)g(originator)h(reac)o(h)e +(the)h(receiv)o(er)89 1930 y(without)h(mo)q(di\014cation?)29 +b(The)19 b(message)f(digest)g(algorithms)g(are)h(publicly)e(kno)o(wn)i(and)h +(an)o(y-)89 1990 y(one)k(tamp)q(ering)e(with)i(a)g(message)e(could)i(easily)e +(mo)q(dify)h(the)g(asso)q(ciated)h(message)f(digest)89 2050 +y(accordingly)l(.)i(T)l(o)18 b(sho)o(w)g(ho)o(w)g(this)g(can)g(b)q(e)f(prev)o +(en)o(ted)f(w)o(e)i(discuss)f(a)i(metho)q(d)d(for)i(originator)89 +2110 y(authen)o(tication)f(in)g(the)g(follo)o(wing)g(paragraph.)27 +b(Message)18 b(digests)f(together)h(with)f(originator)89 2170 +y(authen)o(tication)12 b(giv)o(e)f(a)h(v)o(ery)f(strong)i(guaran)o(tee)f(for) +g(the)g(detectabilit)o(y)d(of)k(activ)o(e)d(wiretapping.)89 +2300 y Fe(3.7.2)55 b(Originator)18 b(Authen)n(tication)162 +2393 y Ft(Originator)c(authen)o(tication)f(p)q(ermits)f(the)i(recipien)o(t)d +(of)j(a)g(message)f(to)h(reliably)f(determine)89 2453 y(if)j(the)g +(originator)h(of)f(a)h(message)e(is)h(who)h(he)f(claims)f(to)h(b)q(e.)162 +2513 y(W)l(e)d(explain)f(brie\015y)g(a)h(pro)q(cedure)g(that)h(guaran)o(tees) +f(the)g(originator's)h(authen)o(ticit)o(y)l(.)k(In)12 b(an)89 +2573 y(asymmetric)c(cryptosystem)i(a)i(pair)f(of)h(distinct)f(but)h +(mathematical)o(ly)c(related)j(k)o(eys)g(is)g(used)h(for)965 +2715 y(16)p eop +%%Page: 17 17 +16 bop 241 899 a @beginspecial 0 @llx 0 @lly 359 @urx 206 @ury +3590 @rwi @setspecial +%%BeginDocument: dig_sig_val.eps +/$F2psDict 200 dict def +$F2psDict begin +$F2psDict /mtrx matrix put +/l {lineto} bind def +/m {moveto} bind def +/s {stroke} bind def +/n {newpath} bind def +/gs {gsave} bind def +/gr {grestore} bind def +/clp {closepath} bind def +/graycol {dup dup currentrgbcolor 4 -2 roll mul 4 -2 roll mul +4 -2 roll mul setrgbcolor} bind def +/col-1 {} def +/col0 {0 0 0 setrgbcolor} bind def +/col1 {0 0 1 setrgbcolor} bind def +/col2 {0 1 0 setrgbcolor} bind def +/col3 {0 1 1 setrgbcolor} bind def +/col4 {1 0 0 setrgbcolor} bind def +/col5 {1 0 1 setrgbcolor} bind def +/col6 {1 1 0 setrgbcolor} bind def +/col7 {1 1 1 setrgbcolor} bind def + end +/$F2psBegin {$F2psDict begin /$F2psEnteredState save def} def +/$F2psEnd {$F2psEnteredState restore end} def + +$F2psBegin +0 setlinecap 0 setlinejoin +-4.0 211.0 translate 0.900 -0.900 scale +1.000 setlinewidth +n 319 39 m 319 59 l gs col-1 s gr +n 321.000 51.000 m 319.000 59.000 l 317.000 51.000 l gs 2 setlinejoin col-1 s gr +n 319 79 m 319 99 l gs col-1 s gr +n 321.000 91.000 m 319.000 99.000 l 317.000 91.000 l gs 2 setlinejoin col-1 s gr +n 319 179 m 319 159 l gs col-1 s gr +n 317.000 167.000 m 319.000 159.000 l 321.000 167.000 l gs 2 setlinejoin col-1 s gr +n 319 219 m 319 199 l gs col-1 s gr +n 317.000 207.000 m 319.000 199.000 l 321.000 207.000 l gs 2 setlinejoin col-1 s gr +n 79 39 m 79 59 l gs col-1 s gr +n 81.000 51.000 m 79.000 59.000 l 77.000 51.000 l gs 2 setlinejoin col-1 s gr +n 79 79 m 79 99 l gs col-1 s gr +n 81.000 91.000 m 79.000 99.000 l 77.000 91.000 l gs 2 setlinejoin col-1 s gr +n 79 119 m 79 179 l gs col-1 s gr +n 81.000 171.000 m 79.000 179.000 l 77.000 171.000 l gs 2 setlinejoin col-1 s gr +n 79 199 m 79 219 l gs col-1 s gr +n 81.000 211.000 m 79.000 219.000 l 77.000 211.000 l gs 2 setlinejoin col-1 s gr +n 279 19 m 359 19 l gs col-1 s gr +n 39 19 m 119 19 l gs col-1 s gr +0.500 setlinewidth +n 21 179 m 14 179 14 192 7 arcto 4 {pop} repeat 14 199 137 199 7 arcto 4 {pop} repeat 144 199 144 186 7 arcto 4 {pop} repeat 144 179 21 179 7 arcto 4 {pop} repeat clp gs col-1 s gr +n 108 154 m 98 179 l gs col-1 s gr +n 102.828 172.315 m 98.000 179.000 l 99.114 170.829 l gs 2 setlinejoin col-1 s gr +n 274 154 m 284 179 l gs col-1 s gr +n 282.886 170.829 m 284.000 179.000 l 279.172 172.315 l gs 2 setlinejoin col-1 s gr +n 261 179 m 254 179 254 192 7 arcto 4 {pop} repeat 254 199 377 199 7 arcto 4 {pop} repeat 384 199 384 186 7 arcto 4 {pop} repeat 384 179 261 179 7 arcto 4 {pop} repeat clp gs col-1 s gr + [4.000000] 0 setdash +n 164 229 m 234 229 l gs col-1 s gr + [] 0 setdash +n 226.000 227.000 m 234.000 229.000 l 226.000 231.000 l gs 2 setlinejoin col-1 s gr + [4.000000] 0 setdash +n 164 29 m 234 29 l gs col-1 s gr + [] 0 setdash +n 226.000 27.000 m 234.000 29.000 l 226.000 31.000 l gs 2 setlinejoin col-1 s gr +n 11 59 m 4 59 4 72 7 arcto 4 {pop} repeat 4 79 147 79 7 arcto 4 {pop} repeat 154 79 154 66 7 arcto 4 {pop} repeat 154 59 11 59 7 arcto 4 {pop} repeat clp gs col-1 s gr +n 251 59 m 244 59 244 72 7 arcto 4 {pop} repeat 244 79 387 79 7 arcto 4 {pop} repeat 394 79 394 66 7 arcto 4 {pop} repeat 394 59 251 59 7 arcto 4 {pop} repeat clp gs col-1 s gr +/Times-Bold findfont 12.00 scalefont setfont +59 14 m +gs 1 -1 scale (Sender:) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +294 14 m +gs 1 -1 scale (Receiver:) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +294 154 m +gs 1 -1 scale (hash value) col-1 show gr +/Times-Bold findfont 24.00 scalefont setfont +309 139 m +gs 1 -1 scale (=?) col-1 show gr +/Times-BoldItalic findfont 12.00 scalefont setfont +359 154 m +gs 1 -1 scale (s'') col-1 show gr +/Times-BoldItalic findfont 12.00 scalefont setfont +119 159 m +gs 1 -1 scale (K) col-1 show gr +/Times-BoldItalic findfont 12.00 scalefont setfont +129 164 m +gs 1 -1 scale (priv) col-1 show gr +/Times-BoldItalic findfont 12.00 scalefont setfont +239 159 m +gs 1 -1 scale (K) col-1 show gr +/Times-BoldItalic findfont 12.00 scalefont setfont +249 164 m +gs 1 -1 scale (pub) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +19 194 m +gs 1 -1 scale (asymmetric encryption) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +259 194 m +gs 1 -1 scale (asymmetric decryption) col-1 show gr +/Times-BoldItalic findfont 12.00 scalefont setfont +194 219 m +gs 1 -1 scale (s') col-1 show gr +/Times-BoldItalic findfont 12.00 scalefont setfont +194 19 m +gs 1 -1 scale (m) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +54 34 m +gs 1 -1 scale (message) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +274 34 m +gs 1 -1 scale (received message) col-1 show gr +/Times-BoldItalic findfont 12.00 scalefont setfont +109 34 m +gs 1 -1 scale (m) col-1 show gr +/Times-BoldItalic findfont 12.00 scalefont setfont +394 234 m +gs 1 -1 scale (s') col-1 show gr +/Times-BoldItalic findfont 12.00 scalefont setfont +379 34 m +gs 1 -1 scale (m) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +4 234 m +gs 1 -1 scale (encrypted message digest) col-1 show gr +/Times-BoldItalic findfont 12.00 scalefont setfont +149 234 m +gs 1 -1 scale (s') col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +249 234 m +gs 1 -1 scale (received encrypted digest) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +39 114 m +gs 1 -1 scale (message digest) col-1 show gr +/Times-BoldItalic findfont 12.00 scalefont setfont +129 114 m +gs 1 -1 scale (s) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +279 114 m +gs 1 -1 scale (message digest) col-1 show gr +/Times-BoldItalic findfont 12.00 scalefont setfont +369 114 m +gs 1 -1 scale (s) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +14 74 m +gs 1 -1 scale (message digest algorithm) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +254 74 m +gs 1 -1 scale (message digest algorithm) col-1 show gr +$F2psEnd +%%EndDocument + @endspecial 424 1055 a Ft(Figure)16 b(2:)21 b(Digital)16 b(signature)h +(generation)f(and)h(v)m(alidation)89 1189 y(encryption)11 b(and)i +(decryption.)19 b(One)11 b(k)o(ey)g(is)h(priv)m(ate)f(and)i(k)o(ept)e(secret) +g(b)o(y)g(the)h(sender,)g(the)g(other)89 1249 y(one)k(is)h(publicly)d(kno)o +(wn.)22 b(Data)17 b(encrypted)e(with)h(a)h(sender's)f(priv)m(ate)g(k)o(ey)f +(can)i(b)q(e)f(decrypted)89 1309 y(using)j(his)g(public)g(k)o(ey)l(,)f(and)h +(vice)f(v)o(ersa.)30 b(These)19 b(k)o(eys)f(are)h(usually)g(large)g(in)o +(teger)f(n)o(um)o(b)q(ers,)89 1369 y(sev)o(eral)h(h)o(undred)h(decimal)d +(digits)j(long)h(with)e(sp)q(ecial,)h(mathematical)d(prop)q(erties.)33 +b Fh(P)o(ohlig-)89 1430 y(Hellman)14 b Ft(and)j Fh(RSA)e Ft(are)i(examples)d +(of)i(asymmetric)d(cryptosystems)i(\(see)h([PH78,)g(RSA78]\).)162 +1490 y(Figure)i(2)g(depicts)f(digital)h(signature)g(generation)g(and)h(v)m +(alidation;)f(a)h(more)d(detailed)h(ex-)89 1550 y(planation)j(can)g(b)q(e)g +(found)g(in)f([Sc)o(h94,)h(section)f(17.6].)32 b(The)20 b(sender)f(digitally) +g(signs)h(data)g Fd(m)89 1610 y Ft(b)o(y)g(encrypting)g(the)h(hash)g(v)m +(alue)f Fd(s)h Ft(of)g(the)g(data)g(using)g(his)g(priv)m(ate)f(k)o(ey)g(comp) +q(onen)o(t)f Fd(K)1821 1617 y Fc(pr)q(iv)89 1670 y Ft(and)e(sends)h(\(E)368 +1677 y Fc(K)398 1682 y Fb(pr)q(iv)460 1670 y Ft(\()p Fd(s)p +Ft(\),)p Fd(m)p Ft(\).)k(The)17 b(receiv)o(er)e(v)m(alidates)h(the)h(data)h +(in)e(a)h(three)f(step)h(pro)q(cess.)24 b(He)89 1731 y(computes)14 +b(the)h(hash)h(v)m(alue)f Fd(s)g Ft(of)h(the)f(data)h Fd(m)p +Ft(,)f(decrypts)g(the)g(hash)h Fd(s)1399 1713 y Fa(0)1426 1731 +y Ft(that)f(arriv)o(ed)g(using)g(the)89 1791 y(signer's)h(public)f(k)o(ey)g +Fd(K)538 1798 y Fc(pub)610 1791 y Ft(and)i(compares)f(the)g(results)g(D)1196 +1798 y Fc(K)1226 1804 y Fb(pub)1278 1791 y Ft(\()p Fd(s)1320 +1773 y Fa(0)1331 1791 y Ft(\))h(and)f Fd(s)p Ft(.)162 1851 +y(Wh)o(y)21 b(do)g(w)o(e)f(calculate)g(a)i(message)e(digest)g(at)i(all)e(and) +i(not)f(simply)e(encrypt)h(and)h(then)89 1911 y(transmit)h(the)i(whole)f +(message?)43 b(The)23 b(main)f(p)q(oin)o(t)i(here)f(is)g(the)g(di\013erence)g +(b)q(et)o(w)o(een)f(the)89 1971 y(run)o(time)16 b(costs)i(of)g(creating)g(a)g +(message)f(digest)h(and)h(encrypting)e(a)h(message,)f(dep)q(ending)h(on)89 +2032 y(the)e(length)g(of)h(the)f(original)g(message.)162 2092 +y(Run)o(time)h(costs)i(for)g(public)f(k)o(ey)g(encryption)g(are)h(rather)g +(high.)30 b(Man)o(y)18 b(CPU)h(cycles)f(are)89 2152 y(needed.)37 +b(Therefore)21 b(w)o(e)g(w)o(an)o(t)h(to)f(reduce)g(the)h(size)e(of)i(the)g +(data)g(p)q(ortion)h(that)f(has)g(to)g(b)q(e)89 2212 y(encrypted:)e(in)c(our) +h(case)f(the)g(output)h(of)f(the)g(message)g(digest)g(algorithm.)162 +2272 y(Run)o(time)c(costs)j(for)f(the)g(hash)h(functions)g(are)f(rather)g +(small)f(compared)g(to)i(those)f(of)h(public)89 2333 y(k)o(ey)c(encryption.) +19 b(It)12 b(is)g(therefore)f(imp)q(ortan)o(t)g(to)i(note)f(that)g(it)g(is)g +(more)f(e\016cien)o(t)f(to)i(pad)h(a)f(short)89 2393 y(DNS)i(message,)g +(calculate)g(its)g(\014ngerprin)o(t,)g(and)h(then)g(encrypt)f(the)g +(\014ngerprin)o(t,)g(than)h(simply)89 2453 y(to)e(encrypt)g(the)g(whole)g +(DNS)g(message.)19 b(Message)14 b(digest)f(lengths)g(are)g(generally)f +(shorter)h(than)89 2513 y(t)o(ypical)i(DNS)h(messages.)965 +2715 y(17)p eop +%%Page: 18 18 +17 bop 89 82 a Fe(3.7.3)55 b(P)n(assing)20 b(Creden)n(tials)e(to)g(Pro)n(v)n +(e)h(Authorit)n(y)89 175 y Ft(The)14 b(crucial)g(p)q(oin)o(t)g(in)g(the)g +(previously)g(describ)q(ed)f(proto)q(col)j(is)e(the)g(imp)q(ortance)f(of)i +(the)f(public)89 235 y(k)o(ey)e(of)i(the)f(sender.)20 b(If)13 +b(an)h(attac)o(k)o(er)e(can)i(con)o(vince)e(the)h(receiv)o(er)e(to)i(use)h(k) +o(ey)e Fd(K)1581 217 y Fa(0)1577 247 y Fc(public)1684 235 y +Ft(instead)i(of)89 295 y Fd(K)130 302 y Fc(public)224 295 y +Ft(,)j(whereb)o(y)f(the)h(attac)o(k)o(er)g(p)q(ossesses)h(the)f(related)g +Fd(K)1226 277 y Fa(0)1222 307 y Fc(pr)q(iv)q(ate)1337 295 y +Ft(,)g(the)g(attac)o(k)o(er)g(can)g(sub)o(v)o(ert)89 355 y(the)k(proto)q(col) +i(suc)o(h)e(that)h(the)f(receiv)o(er)f(will)g(b)q(e)i(fo)q(oled)g(in)o(to)f +(accepting)g(the)h(in)o(tegrit)o(y)d(and)89 415 y(origin)i(of)h(the)f +(message.)36 b(This)21 b(demonstrates)g(that)g(it)g(is)g(imp)q(ortan)o(t)g +(to)g(devise)g(a)g(sc)o(heme)89 475 y(that)c(protects)g(against)h(this)f +(threat.)23 b(W)l(e)17 b(solv)o(e)f(this)h(problem)e(b)o(y)i(the)f(impleme)o +(n)o(tation)e(of)k(a)89 536 y(distributed)e(sc)o(heme)d(for)k(the)f(v)m +(alidation)g(of)h(public)e(k)o(ey)g(comp)q(onen)o(t)g(certi\014cates.)162 +596 y(The)e(name)f(serv)o(er)g(sending)h(the)g(DNS)g(message)f(has)i(to)g +(pro)o(vide)e(creden)o(tials)g(signed)h(b)o(y)f(its)89 656 +y(paren)o(t)18 b(domain,)f(to)h(con)o(vince)f(the)g(recipien)o(t)f(of)i(its)g +(authorit)o(y)g(o)o(v)o(er)f(the)g(domain)g(for)i(whic)o(h)89 +716 y(it)d(just)g(resolv)o(ed)f(a)i(mapping.)162 776 y(The)d(use)g(of)h(suc)o +(h)f(a)g(certi\014cate)f(transforms)h(the)g(problem)f(of)h(establishing)g +(the)g(credibilit)o(y)89 837 y(of)23 b(one)g(en)o(tit)o(y)e(in)o(to)h(the)h +(problem)e(of)i(establishing)f(the)h(credibilit)o(y)c(of)k(the)g(en)o(tit)o +(y)e(issuing)89 897 y(the)f(certi\014cate.)32 b(This)21 b(problem)e(is)h(v)o +(ery)f(closely)g(related)h(to)h(the)f(problem)f(of)h(distributing)89 +957 y(public)14 b(k)o(ey)f(certi\014cates.)20 b(The)14 b(CCITT)i(recomme)o +(ndation)c(X.509)j(sho)o(ws)h(a)f(w)o(a)o(y)f(to)h(solv)o(e)f(this)89 +1017 y(problem.)19 b(In)c(X.509,)g(a)h(certi\014cate)e(binds)h(a)g(public)g +(k)o(ey)e(to)j(a)g(directory)e(name)g(and)h(iden)o(ti\014es)89 +1077 y(a)i(part)o(y)f(that)g(v)o(ouc)o(hes)g(for)g(the)g(binding.)162 +1138 y(W)l(e)g(can)g(adopt)h(this)f(mec)o(hanism)o(,)d(suc)o(h)j(that)g(a)g +(certi\014cate)f(binds)h(all)g(name)e(serv)o(ers)i(that)89 +1198 y(are)i(authoritativ)o(e)f(for)h(a)h(certain)e(zone)h(to)g(this)g(zone)g +(of)g(authorit)o(y)f(and)i(iden)o(ti\014es)d(the)i(zone)89 +1258 y(that)13 b(v)o(ouc)o(hes)f(for)h(the)f(binding.)20 b(X.509)13 +b(imp)q(oses)f(no)h(constrain)o(ts)g(on)g(the)f(seman)o(tic)f(or)i(syn)o +(tac-)89 1318 y(tic)h(relationship)h(b)q(et)o(w)o(een)g(a)g(certi\014cate)f +(issuer)h(and)h(a)g(sub)s(ject.)k(Ho)o(w)o(ev)o(er,)13 b(in)i(our)h(approac)o +(h,)89 1378 y(the)g(certi\014cation)g(system)g(tak)o(es)g(the)h(form)e(of)i +(a)h(single)e(ro)q(oted)h(tree.)23 b(Eac)o(h)16 b(no)q(de)i(represen)o(ts)89 +1439 y(a)f(zone.)22 b(Sev)o(eral)15 b(name)g(serv)o(ers)h(serv)o(e)f(as)i +(certi\014cation)f(authorities)g(for)h(eac)o(h)f(zone,)g(b)q(ecause)89 +1499 y(all)f(serv)o(ers)g(that)h(w)o(ere)f(in)o(tro)q(duced)g(to)h(increase)f +(the)h(reliabilit)o(y)c(of)k(the)g(database)h(system)d(are)89 +1559 y(capable)i(of)h(v)m(alid)f(and)g(authoritativ)o(e)g(referrals.)162 +1619 y(A)h(certi\014cate)f(for)i(a)g(zone)f(consists)h(of)g(all)f(IP)g +(addresses)h(of)g(authoritativ)o(e)f(name)f(serv)o(ers)89 1679 +y(for)g(that)f(zone,)g(signed)h(with)f(the)g(priv)m(ate)g(k)o(ey)f(of)i(the)f +(name)f(serv)o(ers)g(for)i(the)f(paren)o(t)g(domain.)89 1740 +y(An)o(y)f(resolv)o(er)g(that)i(receiv)o(es)d(a)j(DNS)f(message)g(receiv)o +(es)e(as)j(part)g(of)f(it)g(this)g(certi\014cate.)20 b(After)89 +1800 y(obtaining)14 b(the)f(public)g(k)o(ey)f(for)i(the)f(paren)o(t)g(zone)g +(of)h(the)f(queried)g(zone,)g(the)g(resolv)o(er)g(can)g(then)89 +1860 y(v)o(erify)i(the)h(v)m(alidit)o(y)f(of)h(the)h(referral.)j(But)c(to)h +(v)o(erify)e(the)h(authorit)o(y)g(of)h(the)f(paren)o(t)g(zone,)g(the)89 +1920 y(resolv)o(er)f(has)i(to)g(ask)f(this)g(zone)h(for)f(creden)o(tials.)162 +1980 y(This)j(v)m(alidation)g(pro)q(cess)h(for)f(certi\014cates)f(is)h(done)g +(recursiv)o(ely)e(up)i(the)g(zone)g(hierarc)o(h)o(y)89 2040 +y(tree)e(that)h(coincides)f(with)h(the)f(certi\014cation)g(hierarc)o(h)o(y)l +(,)f(starting)j(at)f(the)f(name)g(serv)o(er)g(that)89 2101 +y(pro)o(vides)h(the)g(queried)g(mapping.)27 b(The)19 b(recursion)f(will)g +(stop)h(at)g(some)f(p)q(oin)o(t,)h(either)e(at)i(the)89 2161 +y(ro)q(ot,)f(or)f(at)h(some)e(in)o(termediate)e(no)q(de)k(that)f(w)o(as)h +(certi\014ed)e(b)q(efore.)24 b(The)17 b(certi\014cates)f(that)i(a)89 +2221 y(name)d(serv)o(er)g(holds)h(are)g(sub)s(ject)g(to)g(timeouts,)e(just)i +(lik)o(e)f(the)g(resource)h(records)g(that)h(sp)q(ecify)89 +2281 y(bindings)c(of)f(this)h(name)e(serv)o(er.)19 b(The)12 +b(certi\014cate)f(for)i(the)f(ro)q(ot)i(m)o(ust)d(b)q(e)h(transmitted)f(b)o +(y)h(some)89 2341 y(trusted,)i(out-of-band)i(mec)o(hanism)o(.)i(F)l(or)c +(example,)e(the)h(ro)q(ot)i(certi\014cate)e(could)g(b)q(e)h(published)89 +2402 y(in)i(an)h(in)o(ternational)e(newspap)q(er.)162 2462 +y(Ev)o(en)k(if)f(an)i(attac)o(k)o(er)e(manages)h(to)g(get)g(a)h(v)m(alid)f +(certi\014cate)e(of)j(a)f(name)f(serv)o(er)g(it)h(w)o(an)o(ts)89 +2522 y(to)d(imp)q(ersonate,)e(and)i(has)g(the)f(capabilit)o(y)f(to)i(also)g +(sp)q(o)q(of)h(this)e(name)f(serv)o(er's)g(IP)i(address,)f(it)89 +2582 y(is)j(still)g(not)h(p)q(ossible)f(for)h(the)f(attac)o(k)o(er)g(to)h +(imp)q(ersonate)e(another)i(host.)29 b(As)18 b(w)o(e)g(sa)o(w)h(in)f(the)965 +2715 y(18)p eop +%%Page: 19 19 +18 bop 89 82 a Ft(previous)14 b(paragraph)i(3.7.2,)e(a)h(DNS)f(message)f(is)h +(encrypted)f(with)i(the)e(name)g(serv)o(er's)g(priv)m(ate)89 +142 y(k)o(ey)k(b)q(efore)i(it)f(is)g(sen)o(t)g(out.)29 b(The)18 +b(creden)o(tials)g(are)g(part)h(of)g(the)f(message)g(and)h(are)g(therefore)89 +203 y(also)11 b(encrypted.)19 b(An)10 b(attac)o(k)o(er)g(cannot)i(construct)f +(the)f(correctly)g(encrypted)g(message)g(without)89 263 y(breaking)16 +b(the)g(asymmetric)d(cryptosystem)i(used.)89 393 y Fe(3.7.4)55 +b(Discussion)89 485 y Ft(The)16 b(v)m(alidation)g(of)h(in)o(tegrit)o(y)d(and) +j(originator)g(of)f(the)g(message,)f(and)i(its)e(underlying)h(pattern)89 +545 y(of)i(certi\014cations)g(stating)g(trust,)g(are)g(the)g(features)g(that) +g(mak)o(e)f(this)g(approac)o(h)i(secure.)26 b(The)89 605 y(follo)o(wing)21 +b(discussion)g(sho)o(ws)i(its)e(disadv)m(an)o(tages.)37 b(Some)20 +b(of)i(them)e(are)h(serious)h(enough)g(to)89 666 y(restrain)16 +b(from)f(an)i(implem)o(en)o(tati)o(on)d(of)j(this)f(approac)o(h)h(at)f(the)g +(curren)o(t)g(time.)162 726 y(The)24 b(whole)g(pro)q(cedure)f(is)h(time)d +(and)k(space)f(consuming.)43 b(Man)o(y)23 b(rather)h(long)g(public)89 +786 y(k)o(eys)16 b(ha)o(v)o(e)g(to)h(b)q(e)g(stored)g(\(at)g(least)g(200)h +(decimal)c(digits)j(long)g(eac)o(h)g(to)g(mak)o(e)e(the)h(public)g(k)o(ey)89 +846 y(encryption)21 b(reasonably)h(strong.\))37 b(Obtaining)22 +b(memory)c(for)k(them,)f(as)h(w)o(ell)e(as)i(additional)89 +906 y(cac)o(he)17 b(memory)e(for)i(larger)h(resource)f(records,)h(is)f(not)i +(a)f(problem)e(in)h(curren)o(t)g(arc)o(hitectures.)89 967 y(The)j(k)o(eys)f +(m)o(ust)f(b)q(e)i(obtained)g(b)q(efore)g(they)g(can)g(b)q(e)g(used.)32 +b(S.)19 b(Ken)o(t)g(describ)q(es)h(in)f([Ken93])89 1027 y(certi\014cate)c +(based)i(k)o(ey)e(managemen)o(t)f(for)i(usage)h(in)f(Priv)m(acy)g(Enhanced)g +(Mail)g(\(PEM\).)162 1087 y(W)l(e)f(will)f(not)h(go)h(in)o(to)f(more)e +(detail)i(regarding)g(the)g(k)o(ey)f(distribution)g(pro)q(cess.)22 +b(The)15 b(regis-)89 1147 y(tration)e(pro)q(cess)g(that)f(has)i(to)e(o)q +(ccur)h(out{of{band)h(is)f(rather)f(cum)o(b)q(ersome.)17 b(The)12 +b(calculations)89 1207 y(to)18 b(encrypt)g(and)g(decrypt)f(message)h(digests) +g(ma)o(y)e(tak)o(e)h(to)q(o)j(long)e(to)g(supp)q(ort)h(the)f(e\016ciency)89 +1267 y(goal)f(of)g(the)g(DNS.)f(The)h(additional)g(data)g(that)g(has)h(to)f +(b)q(e)g(transmitted)e(w)o(ould)i(not)g(degrade)89 1328 y(p)q(erformance)c +(to)q(o)j(badly)l(,)e(esp)q(ecially)f(if)g(faster)i(transmission)f(media)e(b) +q(ecomes)i(broadly)g(a)o(v)m(ail-)89 1388 y(able,)22 b(but)g(the)f +(calculation)g(o)o(v)o(erhead)g(for)h(encryption)f(and)h(decryption)f(cannot) +h(easily)f(b)q(e)89 1448 y(amortized.)f(Ho)o(w)o(ev)o(er,)14 +b(the)i Fh(RSA)g Ft(cryptosystem)e(is)i(a)o(v)m(ailable)g(in)g(hardw)o(are)h +(and)g(a)f(dramatic)89 1508 y(p)q(erformance)g(increase)h(can)h(b)q(e)g +(observ)o(ed,)f(compared)f(with)i(a)g(soft)o(w)o(are)f(implem)o(en)o(tation)e +(of)89 1568 y(the)h(same)f(algorithms.)162 1629 y(The)21 b(implem)o(en)o +(tation)d(of)k(suc)o(h)f(a)g(solution)h(is)e(a)i(ma)s(jor)e(e\013ort.)36 +b(The)22 b(whole)f(k)o(ey)f(man-)89 1689 y(agemen)o(t)i(problem)g(is)h +(complex)f(and)i(it)f(also)h(requires)e(additional)i(administrativ)o(e)d +(e\013ort.)89 1749 y(Resolv)o(er)14 b(routines)h(and)h(name)e(serv)o(er)g +(routines)h(ha)o(v)o(e)f(to)i(b)q(e)f(mo)q(di\014ed,)f(along)i(with)f(the)g +(DNS)89 1809 y(proto)q(col.)21 b(The)14 b(impleme)o(n)o(tation)e(is)i +(feasible,)f(though)i(v)o(ery)e(complex.)18 b(Another)c(dra)o(wbac)o(k)g(is) +89 1869 y(the)h(transition)g(phase)g(that)h(is)f(necessary)f(b)q(ecause)i(of) +f(proto)q(col)h(c)o(hanges.)21 b(Decreased)14 b(p)q(erfor-)89 +1930 y(mance)e(b)q(ecause)i(of)h(calculations)e(necessary)h(to)g(sign,)g +(encrypt)f(and)i(decrypt)e(messages)g(w)o(ould)89 1990 y(b)q(e)j(noticeable)g +(b)o(y)f(users)i(and)g(real-time)d(applications.)162 2050 y(Curren)o(tly)l(,) +i(the)h(metho)q(d)g(seems)f(to)i(b)q(e)f(infeasible,)f(b)q(ecause)i(of)f(its) +g(large)h(computational)89 2110 y(o)o(v)o(erhead.)i(F)l(urther)c(dra)o(wbac)o +(ks)g(are)h(the)f(necessary)f(proto)q(col)i(c)o(hanges)g(and)f(the)g +(complexit)o(y)89 2170 y(of)11 b(prop)q(er)h(k)o(ey)e(and)h(certi\014cate)f +(managemen)o(t.)17 b(Ho)o(w)o(ev)o(er)9 b(with)i(further)g(adv)m(ances)g(in)g +(pro)q(cessor)89 2231 y(sp)q(eed)24 b(and)g(some)f(reasonable)h(relaxation)g +(on)g(requiremen)o(ts)d(for)j(strong)h(encryption)e(\(i.e.)89 +2291 y(shorter)d(k)o(eys)f(increase)g(p)q(erformance)g(of)h +Fh(RSA)g Ft(dramatically\))e(this)i(approac)o(h)g(can)g(b)q(ecome)89 +2351 y(v)o(ery)15 b(attractiv)o(e)g(in)h(the)g(near)g(future.)965 +2715 y(19)p eop +%%Page: 20 20 +19 bop 89 90 a Fu(4)83 b(Conclusions)25 b(and)j(Outlo)r(ok)89 +200 y Ft(Where)19 b(host)h(iden)o(ti\014cation)f(is)g(part)h(of)g(the)f +(authen)o(tication)g(b)q(et)o(w)o(een)g(comm)o(uni)o(cating)e(en-)89 +260 y(tities)h(the)g(v)m(alidit)o(y)g(of)h(the)g(authen)o(tication)f(pro)q +(cess)i(can)f(only)f(b)q(e)i(trusted)e(as)i(m)o(uc)o(h)d(as)i(the)89 +320 y(resolution)c(pro)q(cess)h(that)f(supplies)g(the)g(bindings)g(b)q(et)o +(w)o(een)g(high{lev)o(el)e(hostnames)i(and)h(lo)o(w{)89 381 +y(lev)o(el)e(host)j(addresses.)162 441 y(This)f(is)g(a)h(signi\014can)o(t)f +(problem,)e(b)q(ecause)j(it)e(exp)q(oses)i(probably)g(h)o(undreds)f(of)g +(thousands)89 501 y(of)h(hosts)g(that)f(are)h(curren)o(tly)d(connected)i(to)h +(the)f(In)o(ternet)f(to)h(the)g(threat)g(of)h(break-ins.)162 +561 y(W)l(e)g(discussed)g(solutions)g(to)h(the)f(problem)e(with)i(the)g +(concrete)f(instance)h(of)g(the)g(Domain)89 621 y(Name)g(System.)26 +b(W)l(e)18 b(stressed)h(hardening)g(curren)o(t)f(implem)o(e)o(n)o(tations)e +(of)j(the)f(name)g(serv)o(ers)89 682 y(and)k(put)f(emphasis)g(on)g(the)g(dev) +o(elopmen)o(t)e(of)i(a)h(future)f(sc)o(heme)e(that)i(uses)h(cryptographic)89 +742 y(metho)q(ds)16 b(to)g(giv)o(e)g(a)g(strong)i(guaran)o(tee)e(for)h +(detection)e(of)h(sp)q(o)q(ofed)i(bindings.)89 908 y Fu(Ac)n(kno)n(wledgemen) +n(ts)89 1018 y Ft(W)l(e)g(w)o(ould)g(lik)o(e)e(to)j(thank)f(CO)o(AST)g(sp)q +(onsors)i(BNR,)d(T)l(riden)o(t)g(Data)i(Systems,)e(and)h(the)g(US)89 +1078 y(Air)e(F)l(orce,)h(and)g(the)g(F)l(ulbrigh)o(t)f(Commission)f(for)j +(supp)q(ort)g(that)g(aided,)e(in)h(part,)g(this)g(w)o(ork.)89 +1138 y(Thanks)d(to)f(Stev)o(en)f(Bello)o(vin)f(whose)j(v)m(aluable)f(commen)n +(ts)e(are)i(most)f(appreciated,)h(Dan)h(T)l(rin-)89 1198 y(kle)d(who)h(sho)o +(w)o(ed)g(us)g(ho)o(w)g(to)g(master)e(some)h(of)h(the)f(subtle)g +(di\016culties)f(of)i(the)f(DNS,)g(and)h(J.R.R.)89 1258 y(T)l(olkien)j(whose) +i(fan)o(tasy)g(pro)o(vided)e(the)h(hostnames.)89 1425 y Fu(References)119 +1534 y Ft([Bel89])23 b(Stev)o(en)11 b(M.)g(Bello)o(vin.)g Fi(Se)n(curity)j +(Pr)n(oblems)f(in)h(the)f(TCP/IP)g(Pr)n(oto)n(c)n(ol)f(Suite)p +Ft(.)j(A)l(T&T)289 1594 y(Bell)g(Lab)q(oratories,)j(Murra)o(y)d(Hill,)f(New)i +(Jersey)l(,)f(April)g(1989.)119 1696 y([Bel90])23 b(Stev)o(en)e(M.)h(Bello)o +(vin.)35 b Fi(Using)24 b(the)f(Domain)g(Name)g(System)g(for)f(System)h(Br)n +(e)n(ak-)289 1756 y(ins)p Ft(.)d(A)l(T&T)15 b(Bell)e(Lab)q(oratories,)k +(Murra)o(y)e(Hill,)e(New)h(Jersey)l(,)g(1990.)21 b(\(unpublished)289 +1817 y(tec)o(hnical)15 b(rep)q(ort\).)119 1918 y([Bel92])23 +b(Stev)o(en)18 b(M.)f(Bello)o(vin.)25 b(There)18 b(Be)g(Dragons.)29 +b(In)18 b Fi(UNIX)i(Se)n(curity)f(Symp)n(osium)g(III)289 1978 +y(Pr)n(o)n(c)n(e)n(e)n(dings)p Ft(,)c(pages)i(1{16,)h(Baltimore,)13 +b(MD,)j(1992.)89 2080 y([Com91])23 b(Douglas)13 b(E.)d(Comer.)i +Fi(Internetworking)i(with)f(TCP/IP)p Ft(.)f(Pren)o(tice-Hall,)e(Englew)o(o)q +(o)q(d)289 2140 y(Cli\013s,)16 b(New)g(Jersey)l(,)f(second)i(edition,)e +(1991.)103 2242 y([Den82])24 b(Doroth)o(y)g(E.)f(Denning.)41 +b Fi(Crypto)n(gr)n(aphy)21 b(and)j(Data)f(Se)n(curity)p Ft(.)42 +b(Addison-W)l(esley)289 2302 y(Publishing)17 b(Compan)o(y)l(,)e(Inc.,)f +(1982.)124 2404 y([GS91])24 b(Simson)14 b(Gar\014nk)o(el)g(and)g(Gene)g +(Spa\013ord.)20 b Fi(Pr)n(actic)n(al)15 b(UNIX)h(Se)n(curity)p +Ft(.)j(O'Reilley)11 b(&)289 2464 y(Asso)q(ciates,)17 b(Inc.)e(Sebastop)q(ol,) +i(CA.,)e(1991.)965 2715 y(20)p eop +%%Page: 21 21 +20 bop 103 82 a Ft([Ken93])23 b(Stephen)29 b(T.)f(Ken)o(t.)57 +b Fi(RF)o(C-1422)28 b(Privacy)h(Enhanc)n(ement)h(for)f(Internet)h(Ele)n(c-) +289 142 y(tr)n(onic)16 b(Mail:)21 b(Part)15 b(II:)f(Certi\014c)n(ate-Base)n +(d)j(Key)e(Management)p Ft(.)k(Net)o(w)o(ork)13 b(W)l(orking)289 +203 y(Group,)k(F)l(ebruary)f(1993.)115 304 y([Lot94])25 b(Mark)18 +b(Lottor.)25 b(In)o(ternet)17 b(Domain)f(Surv)o(ey)h(Jan)h(94.)25 +b(SRI)17 b(In)o(ternational,)g(Jan)o(uary)289 364 y(1994.)104 +466 y([Mer89])23 b(Ralph)17 b(C.)f(Merkle.)j(Snefru.)i(Xero)o(x)16 +b(Corp)q(oration,)h(P)o(alo)g(Alto,)e(CA,)g(1989.)97 568 y([Mo)q(c87])24 +b(P)o(aul)g(Mo)q(c)o(k)m(ap)q(etris.)42 b Fi(RF)o(C-1034)23 +b(Domain)h(Names)g(-)h(Conc)n(epts)f(and)g(F)l(acilities)p +Ft(.)289 628 y(Net)o(w)o(ork)16 b(W)l(orking)g(Group,)h(No)o(v)o(em)o(b)q(er) +c(1987.)101 730 y([Mor85])24 b(R.)18 b(T.)g(Morris.)27 b(A)17 +b(W)l(eakness)h(in)g(the)g(4.2BSD)g(UNIX)f(TCP/IP)i(Soft)o(w)o(are.)26 +b(Com-)289 790 y(puting)15 b(Science)e(T)l(ec)o(hnical)h(Rep)q(ort)h(No.)f +(117,)i(A)l(T&T)e(Bell)f(Lab)q(oratories,)j(Murra)o(y)289 850 +y(Hill,)f(New)g(Jersey)l(,)g(F)l(ebruary)h(1985.)91 952 y([NBS77])23 +b(NBS.)d(Data)c(Encryption)g(Standard.)21 b(National)15 b(Bureau)g(of)h +(Standards,)h(W)l(ashing-)289 1012 y(ton)g(D.C.,)f(Jan.)g(1977.)23 +b(FIPS)16 b(PUB)f(46.)119 1114 y([PH78])24 b(S.)19 b(P)o(ohlig)f(and)i(M.)e +(Hellman.)26 b(An)18 b(Impro)o(v)o(ed)e(Algorithm)h(for)i(Computing)f(Loga-) +289 1174 y(rithms)d(o)o(v)o(er)h Fe(GF)p Ft(\(p\))g(and)h(its)g +(Cryptographic)g(Signi\014cance.)j Fi(IEEE)e(T)l(r)n(ansactions)289 +1234 y(on)g(Information)f(The)n(ory)p Ft(,)e(IT-24\(1\):106{10,)k(Jan)o(uary) +e(1978.)126 1336 y([PL91])24 b(R.)14 b(P)o(aans)g(and)g(H.)f(de)g(Lange.)18 +b(Auditing)13 b(the)g(SNA/SNI)g(En)o(vironmen)o(t.)h Fi(Computer)289 +1396 y(&)k(Se)n(curity)p Ft(,)e(10\(3\):251{61,)j(Ma)o(y)d(1991.)114 +1498 y([Riv92])23 b(Ronald)14 b(L.)g(Riv)o(est.)h Fi(RF)o(C-1321)f(The)h(MD5) +g(Message-Digest)h(A)o(lgorithm)p Ft(.)h(Net)o(w)o(ork)289 +1558 y(W)l(orking)g(Group,)g(April)e(1992.)90 1660 y([RSA78])23 +b(R.)d(Riv)o(est,)g(A.)g(Shamir,)f(and)i(L.)g(Adleman.)31 b(A)20 +b(Metho)q(d)h(for)g(Obtaining)f(Digital)289 1720 y(Signatures)g(and)f(Public) +e(Key)h(Cryptosystems.)28 b Fi(Communic)n(ations)19 b(of)h(the)g(A)o(CM)p +Ft(,)289 1780 y(21\(2\):120{6,)f(F)l(ebruary)d(1978.)115 1882 +y([Sc)o(h93])23 b(Christoph)17 b(L.)e(Sc)o(h)o(uba.)20 b(Addressing)c(W)l +(eaknesses)f(in)g(the)h(Domain)f(Name)f(System)289 1942 y(Proto)q(col.)32 +b(Master's)19 b(thesis,)g(Purdue)h(Univ)o(ersit)o(y)l(,)d(W)l(est)i(Lafa)o(y) +o(ette,)h(IN,)e(August)289 2002 y(1993.)115 2104 y([Sc)o(h94])23 +b(Bruce)16 b(Sc)o(hneier.)j Fi(Applie)n(d)f(Crypto)n(gr)n(aphy)p +Ft(.)h(John)e(Wiley)d(&)j(Sons,)f(Inc.,)f(1994.)121 2205 y([Ste90])24 +b(Ric)o(hard)c(W.)f(Stev)o(ens.)31 b Fi(UNIX)21 b(Network)h(Pr)n(o)n(gr)n +(amming)p Ft(.)30 b(Pren)o(tice-Hall,)18 b(Engle-)289 2266 +y(w)o(o)q(o)q(d)g(Cli\013s,)e(New)g(Jersey)l(,)f(1990.)120 +2367 y([T)l(ol65])24 b(John)g(R.)e(R.)g(T)l(olkien.)39 b Fi(The)23 +b(L)n(or)n(d)f(of)h(the)g(R)o(ings)p Ft(.)40 b(Hough)o(ton)24 +b(Mi\017in,)e(Boston,)289 2428 y(second)17 b(edition,)e(1965.)965 +2715 y(21)p eop +%%Trailer +end +userdict /end-hook known{end-hook}if +%%EOF diff --git a/usr.sbin/named/doc/misc/purdue-thesis.ps b/usr.sbin/named/doc/misc/purdue-thesis.ps new file mode 100644 index 00000000000..b3268efa6d2 --- /dev/null +++ b/usr.sbin/named/doc/misc/purdue-thesis.ps @@ -0,0 +1,7129 @@ +%!PS-Adobe-2.0 +%%Creator: dvips 5.485 Copyright 1986-92 Radical Eye Software +%%Title: 94-028.dvi +%%Pages: 97 1 +%%BoundingBox: 0 0 612 792 +%%EndComments +%DVIPSCommandLine: /usr/local/tex/dvips 94-028.dvi +%%BeginProcSet: tex.pro +/TeXDict 250 dict def TeXDict begin /N{def}def /B{bind def}N /S{exch}N /X{S N} +B /TR{translate}N /isls false N /vsize 11 72 mul N /@rigin{isls{[0 -1 1 0 0 0] +concat}if 72 Resolution div 72 VResolution div neg scale isls{Resolution hsize +-72 div mul 0 TR}if Resolution VResolution vsize -72 div 1 add mul TR matrix +currentmatrix dup dup 4 get round 4 exch put dup dup 5 get round 5 exch put +setmatrix}N /@landscape{/isls true N}B /@manualfeed{statusdict /manualfeed +true put}B /@copies{/#copies X}B /FMat[1 0 0 -1 0 0]N /FBB[0 0 0 0]N /nn 0 N +/IE 0 N /ctr 0 N /df-tail{/nn 8 dict N nn begin /FontType 3 N /FontMatrix +fntrx N /FontBBox FBB N string /base X array /BitMaps X /BuildChar{ +CharBuilder}N /Encoding IE N end dup{/foo setfont}2 array copy cvx N load 0 nn +put /ctr 0 N[}B /df{/sf 1 N /fntrx FMat N df-tail}B /dfs{div /sf X /fntrx[sf 0 +0 sf neg 0 0]N df-tail}B /E{pop nn dup definefont setfont}B /ch-width{ch-data +dup length 5 sub get}B /ch-height{ch-data dup length 4 sub get}B /ch-xoff{128 +ch-data dup length 3 sub get sub}B /ch-yoff{ch-data dup length 2 sub get 127 +sub}B /ch-dx{ch-data dup length 1 sub get}B /ch-image{ch-data dup type +/stringtype ne{ctr get /ctr ctr 1 add N}if}B /id 0 N /rw 0 N /rc 0 N /gp 0 N +/cp 0 N /G 0 N /sf 0 N /CharBuilder{save 3 1 roll S dup /base get 2 index get +S /BitMaps get S get /ch-data X pop /ctr 0 N ch-dx 0 ch-xoff ch-yoff ch-height +sub ch-xoff ch-width add ch-yoff setcachedevice ch-width ch-height true[1 0 0 +-1 -.1 ch-xoff sub ch-yoff .1 add]{ch-image}imagemask restore}B /D{/cc X dup +type /stringtype ne{]}if nn /base get cc ctr put nn /BitMaps get S ctr S sf 1 +ne{dup dup length 1 sub dup 2 index S get sf div put}if put /ctr ctr 1 add N} +B /I{cc 1 add D}B /bop{userdict /bop-hook known{bop-hook}if /SI save N @rigin +0 0 moveto pop}N /eop{SI restore showpage userdict /eop-hook known{eop-hook} +if}N /@start{userdict /start-hook known{start-hook}if /VResolution X +/Resolution X 1000 div /DVImag X /IE 256 array N 0 1 255{IE S 1 string dup 0 3 +index put cvn put}for 65781.76 div /vsize X 65781.76 div /hsize X}N /p{show}N +/RMat[1 0 0 -1 0 0]N /BDot 260 string N /rulex 0 N /ruley 0 N /v{/ruley X +/rulex X V}B /V statusdict begin /product where{pop product dup length 7 ge{0 +7 getinterval(Display)eq}{pop false}ifelse}{false}ifelse end{{gsave TR -.1 -.1 +TR 1 1 scale rulex ruley false RMat{BDot}imagemask grestore}}{{gsave TR -.1 +-.1 TR rulex ruley scale 1 1 false RMat{BDot}imagemask grestore}}ifelse B /a{ +moveto}B /delta 0 N /tail{dup /delta X 0 rmoveto}B /M{S p delta add tail}B /b{ +S p tail}B /c{-4 M}B /d{-3 M}B /e{-2 M}B /f{-1 M}B /g{0 M}B /h{1 M}B /i{2 M}B +/j{3 M}B /k{4 M}B /w{0 rmoveto}B /l{p -4 w}B /m{p -3 w}B /n{p -2 w}B /o{p -1 w +}B /q{p 1 w}B /r{p 2 w}B /s{p 3 w}B /t{p 4 w}B /x{0 S rmoveto}B /y{3 2 roll p +a}B /bos{/SS save N}B /eos{SS restore}B end +%%EndProcSet +%%BeginProcSet: special.pro +TeXDict begin /SDict 200 dict N SDict begin /@SpecialDefaults{/hs 612 N /vs +792 N /ho 0 N /vo 0 N /hsc 1 N /vsc 1 N /ang 0 N /CLIP 0 N /rwiSeen false N +/rhiSeen false N /letter{}N /note{}N /a4{}N /legal{}N}B /@scaleunit 100 N +/@hscale{@scaleunit div /hsc X}B /@vscale{@scaleunit div /vsc X}B /@hsize{/hs +X /CLIP 1 N}B /@vsize{/vs X /CLIP 1 N}B /@clip{/CLIP 2 N}B /@hoffset{/ho X}B +/@voffset{/vo X}B /@angle{/ang X}B /@rwi{10 div /rwi X /rwiSeen true N}B /@rhi +{10 div /rhi X /rhiSeen true N}B /@llx{/llx X}B /@lly{/lly X}B /@urx{/urx X}B +/@ury{/ury X}B /magscale true def end /@MacSetUp{userdict /md known{userdict +/md get type /dicttype eq{userdict begin md length 10 add md maxlength ge{/md +md dup length 20 add dict copy def}if end md begin /letter{}N /note{}N /legal{ +}N /od{txpose 1 0 mtx defaultmatrix dtransform S atan/pa X newpath clippath +mark{transform{itransform moveto}}{transform{itransform lineto}}{6 -2 roll +transform 6 -2 roll transform 6 -2 roll transform{itransform 6 2 roll +itransform 6 2 roll itransform 6 2 roll curveto}}{{closepath}}pathforall +newpath counttomark array astore /gc xdf pop ct 39 0 put 10 fz 0 fs 2 +F/|______Courier fnt invertflag{PaintBlack}if}N /txpose{pxs pys scale ppr +aload pop por{noflips{pop S neg S TR pop 1 -1 scale}if xflip yflip and{pop S +neg S TR 180 rotate 1 -1 scale ppr 3 get ppr 1 get neg sub neg ppr 2 get ppr 0 +get neg sub neg TR}if xflip yflip not and{pop S neg S TR pop 180 rotate ppr 3 +get ppr 1 get neg sub neg 0 TR}if yflip xflip not and{ppr 1 get neg ppr 0 get +neg TR}if}{noflips{TR pop pop 270 rotate 1 -1 scale}if xflip yflip and{TR pop +pop 90 rotate 1 -1 scale ppr 3 get ppr 1 get neg sub neg ppr 2 get ppr 0 get +neg sub neg TR}if xflip yflip not and{TR pop pop 90 rotate ppr 3 get ppr 1 get +neg sub neg 0 TR}if yflip xflip not and{TR pop pop 270 rotate ppr 2 get ppr 0 +get neg sub neg 0 S TR}if}ifelse scaleby96{ppr aload pop 4 -1 roll add 2 div 3 +1 roll add 2 div 2 copy TR .96 dup scale neg S neg S TR}if}N /cp{pop pop +showpage pm restore}N end}if}if}N /normalscale{Resolution 72 div VResolution +72 div neg scale magscale{DVImag dup scale}if 0 setgray}N /psfts{S 65781.76 +div N}N /startTexFig{/psf$SavedState save N userdict maxlength dict begin +/magscale false def normalscale currentpoint TR /psf$ury psfts /psf$urx psfts +/psf$lly psfts /psf$llx psfts /psf$y psfts /psf$x psfts currentpoint /psf$cy X +/psf$cx X /psf$sx psf$x psf$urx psf$llx sub div N /psf$sy psf$y psf$ury +psf$lly sub div N psf$sx psf$sy scale psf$cx psf$sx div psf$llx sub psf$cy +psf$sy div psf$ury sub TR /showpage{}N /erasepage{}N /copypage{}N /p 3 def +@MacSetUp}N /doclip{psf$llx psf$lly psf$urx psf$ury currentpoint 6 2 roll +newpath 4 copy 4 2 roll moveto 6 -1 roll S lineto S lineto S lineto closepath +clip newpath moveto}N /endTexFig{end psf$SavedState restore}N /@beginspecial{ +SDict begin /SpecialSave save N gsave normalscale currentpoint TR +@SpecialDefaults count /ocount X /dcount countdictstack N}N /@setspecial{CLIP +1 eq{newpath 0 0 moveto hs 0 rlineto 0 vs rlineto hs neg 0 rlineto closepath +clip}if ho vo TR hsc vsc scale ang rotate rwiSeen{rwi urx llx sub div rhiSeen{ +rhi ury lly sub div}{dup}ifelse scale llx neg lly neg TR}{rhiSeen{rhi ury lly +sub div dup scale llx neg lly neg TR}if}ifelse CLIP 2 eq{newpath llx lly +moveto urx lly lineto urx ury lineto llx ury lineto closepath clip}if +/showpage{}N /erasepage{}N /copypage{}N newpath}N /@endspecial{count ocount +sub{pop}repeat countdictstack dcount sub{end}repeat grestore SpecialSave +restore end}N /@defspecial{SDict begin}N /@fedspecial{end}B /li{lineto}B /rl{ +rlineto}B /rc{rcurveto}B /np{/SaveX currentpoint /SaveY X N 1 setlinecap +newpath}N /st{stroke SaveX SaveY moveto}N /fil{fill SaveX SaveY moveto}N +/ellipse{/endangle X /startangle X /yrad X /xrad X /savematrix matrix +currentmatrix N TR xrad yrad scale 0 0 1 startangle endangle arc savematrix +setmatrix}N end +%%EndProcSet +TeXDict begin 40258431 52099146 1000 300 300 @start /Fa 61 +124 df<00000FE0000030180000E01C0001C03C0001803C000380380003800000038000000700 +0000070000000700000007000000070000000E000000FFFFE0000E00E0000E00E0000E01C0001C +01C0001C01C0001C01C0001C0380001C0380003803800038038000380700003807000038070000 +70070800700E1000700E1000700E1000700E2000E0062000E003C000E0000000E0000000C00000 +01C0000001C0000071800000F1800000F3000000620000003C0000001E2D82A21B>12 +D<0007800000001C6003800030100780006010078000E010038000C010010001C07001000380F0 +02000380F002000380600400070000080007000010000700006000073C00A00007E20310000781 +041000070108080007011008000F022008001F842008001C782C08003C003E080038003E080078 +001C0800780000080078000008007000001000F000001000700000200070000020007800004000 +380000800038000100001C000200000E000C00000380700000007F80000021257BA325>38 +D<0C1E3F3F1D02020204040810204080080F75A20F>I<0E1E1E1E1E0202040408081020408007 +0F7D840F>44 D<FFF0FFF0FFE00C037C8B11>I<70F8F8F0E005057A840F>I<0000000800000018 +000000300000003000000060000000C0000000C000000180000001800000030000000600000006 +0000000C0000000C0000001800000030000000300000006000000060000000C000000180000001 +800000030000000300000006000000060000000C00000018000000180000003000000030000000 +60000000C0000000C0000001800000018000000300000006000000060000000C0000000C000000 +1800000030000000300000006000000060000000C0000000C0000000800000001D317FA419>I< +000F800030C000E06001C0700380700300700700700F00700E00701E00701E00701C00F03C00F0 +3C00F03C00F07801E07801E07801E07801E0F003C0F003C0F003C0F00380E00780E00780E00700 +E00F00E00E00E01C00E01C00E0380060700030E0001F000014227AA019>I<0001000300030006 +001E002E03CE001C001C001C001C0038003800380038007000700070007000E000E000E000E001 +C001C001C001C003800380038003800780FFFC10217AA019>I<000FC000106000603800801800 +801C01001C02201E02101E04101E04101E04101E08203C08203C0840380840780880F00700E000 +01C000030000060000180000200000C0000100000200000400100800301000202000605F80C063 +FFC040FF80807F00801E0017227CA019>I<000FC000307000C01801001C02001C04000C04401C +08201C08201C08201C08403808C0380700700000600001C000070000FC00000700000380000380 +0001C00001C00001C00003C06003C0F003C0F00380E00780800700800E00801C0040380020F000 +1F800016227BA019>I<0000180000380000380000700000700000700000E00000E00000E00000 +C00001C0000180000380000300000300000600000600000C00000C000018000010000031800061 +C00043800083800183800303800207000407000807003FC700403E00800FF0000E00000E00001C +00001C00001C00001C00003800003800003800003000152B7EA019>I<00400400703800FFF000 +FFE000BF80008000010000010000010000010000020000020000023E0002C3000501800601C004 +01C00001E00001E00001E00001E00001E00001E07003C0F003C0F003C0E00780800700800F0080 +0E00401C0040380030E0000F800016227BA019>I<000FC000306000401000801801000803000C +03000C06001807001807001007003007C06007E0C003F18001FE0000FC0000FE00033F00061F80 +0C07C01803C03001C06001C06000C0C000C0C000C0C00080C00180C00100C00200C00600600800 +3030000FC00016227BA019>56 D<000FC000386000703000E03001C0380380380780380700380F +00380F00380F00381E00781E00781E00781E00F81E00F01C00F00E01F00E02F00605E00309E001 +F1E00003C00003C0000380000700000700600E00F00C00F01800E0300080600041C0003F000015 +227BA019>I<07000F800F800F000E000000000000000000000000000000000000000000000070 +00F800F800F000E00009157A940F>I<0000030000000300000007000000070000000F0000000F +0000001F0000002F0000002F0000004F0000004F80000087800000878000010780000207800002 +078000040780000407800008078000080780001007800030078000200780007FFF80004007C000 +8007C0008003C0010003C0030003C0020003C0040003C0040003C00C0003C03C0007C0FF003FFC +1E237DA224>65 D<00FFFFE0000F0038000F001C000F001E001E000E001E000F001E000F001E00 +0F003C000E003C001E003C001E003C003C00780078007800F0007801E00078078000FFFF8000F0 +01E000F000F000F0007801E0007801E0003801E0003C01E0003C03C0007803C0007803C0007803 +C000F0078000F0078001E0078003C0078007000F801E00FFFFF00020227DA122>I<00007F0080 +0003808100000E00630000380027000070001F0000E0000E0001C0000E000380000E000700000E +000F000004000E000004001E000004003C000004003C0000080078000000007800000000780000 +0000F000000000F000000000F000000000F000000000F000000000E000000000E000002000E000 +002000E000004000E000004000F00000800070000080007000010000380002000018000400001C +0008000006003000000381C0000000FE000000212479A223>I<00FFFFF000000F003C00000F00 +0E00000F000700001E000380001E000380001E0001C0001E0001C0003C0001C0003C0001E0003C +0001E0003C0001E000780001E000780001E000780001E000780001E000F00003C000F00003C000 +F00003C000F00003C001E000078001E000078001E000070001E0000F0003C0000E0003C0001C00 +03C0003C0003C00038000780007000078000E000078001C00007800700000F801C0000FFFFF000 +0023227DA125>I<00FFFFFF80000F000780000F000180000F000180001E000180001E00018000 +1E000100001E000100003C000100003C000100003C010100003C01000000780200000078020000 +007806000000780E000000FFFC000000F00C000000F00C000000F00C000001E008000001E00800 +0001E008040001E000080003C000080003C000080003C000100003C00010000780002000078000 +6000078000C000078001C0000F8007C000FFFFFF800021227DA121>I<00FFFFFF000F000F000F +0003000F0003001E0003001E0003001E0002001E0002003C0002003C0002003C0102003C010000 +780200007802000078060000780E0000FFFC0000F00C0000F00C0000F00C0001E0080001E00800 +01E0080001E0000003C0000003C0000003C0000003C00000078000000780000007800000078000 +000F800000FFFC000020227DA120>I<00007F00800003808100000E0063000038002700007000 +1F0000E0000E0001C0000E000380000E000700000E000F000004000E000004001E000004003C00 +0004003C00000800780000000078000000007800000000F000000000F000000000F000000000F0 +00000000F0003FFC00E00001E000E00001E000E00001E000E00003C000E00003C000F00003C000 +700003C0007000078000380007800018000F80001C0013800006002300000381C1000000FE0000 +00212479A226>I<00FFF87FFC000F000780000F000780000F000780001E000F00001E000F0000 +1E000F00001E000F00003C001E00003C001E00003C001E00003C001E000078003C000078003C00 +0078003C000078003C0000FFFFF80000F000780000F000780000F000780001E000F00001E000F0 +0001E000F00001E000F00003C001E00003C001E00003C001E00003C001E000078003C000078003 +C000078003C000078003C0000F8007C000FFF87FFC0026227DA124>I<00FFF8000F00000F0000 +0F00001E00001E00001E00001E00003C00003C00003C00003C0000780000780000780000780000 +F00000F00000F00000F00001E00001E00001E00001E00003C00003C00003C00003C00007800007 +80000780000780000F8000FFF80015227DA113>I<00FFF807FC000F0001E0000F0001C0000F00 +0100001E000200001E000400001E001000001E002000003C004000003C008000003C010000003C +04000000780800000078180000007838000000787C000000F0BC000000F23C000000F41E000000 +F81E000001F01F000001E00F000001E00F000001E00F800003C007800003C007800003C003C000 +03C003C000078003C000078001E000078001E000078001E0000F8001F000FFF80FFE0026227DA1 +25>75 D<00FF800007FC000F80000F80000F80001780000F80001780001780002F000013C0002F +000013C0004F000013C0008F000023C0009E000023C0011E000023C0011E000023C0021E000043 +C0043C000043C0043C000043C0083C000041E0083C000081E01078000081E02078000081E02078 +000081E04078000101E040F0000101E080F0000101E100F0000101E100F0000200F201E0000200 +F201E0000200F401E0000200F801E0000400F803C0000400F003C0000400F003C0000C00E003C0 +001E00C007C000FFC0C07FFC002E227DA12C>77 D<00FF000FFC000F8001E0000F800180000FC0 +00800013C001000013C001000011E001000011E001000021E002000020F002000020F002000020 +F0020000407804000040780400004078040000403C040000803C080000803E080000801E080000 +801E080001001F100001000F100001000F10000100079000020007A000020007A000020003E000 +020003E000040003C000040001C000040001C0000C0001C0001E00008000FFC000800026227DA1 +24>I<0000FE0000078380000C00E0003800700070003800E0003801C0001C0380001C0700001C +0F00001E1E00001E1C00001E3C00001E3C00001E7800001E7800001E7800001EF000003CF00000 +3CF000003CF0000078F0000078E0000078E00000F0E00000F0E00001E0E00001C0F00003C0F000 +07807000070078000E0038001C001C0038000E00E0000703800001FC00001F2479A225>I<00FF +FFE0000F0038000F001E000F000E001E0007001E0007001E0007001E0007003C000F003C000F00 +3C000F003C001E0078001E0078003C00780078007800E000F003C000FFFE0000F0000000F00000 +01E0000001E0000001E0000001E0000003C0000003C0000003C0000003C0000007800000078000 +0007800000078000000F800000FFF8000020227DA121>I<00FFFFC0000F0070000F003C000F00 +1C001E000E001E000E001E000F001E000F003C001E003C001E003C001E003C003C007800380078 +0070007801E00078078000FFFC0000F00E0000F0070000F0038001E003C001E003C001E003C001 +E003C003C0078003C0078003C0078003C0078007800F0007800F0107800F01078007020F800702 +FFF8038C000000F020237DA124>82 D<0001F020000E0C40001802C0003001C0006001C000E001 +8000C0018001C0018001C0018003C0010003C0010003C0000003C0000003E0000001F8000001FF +000000FFE000007FF000001FF8000003FC0000007C0000003C0000001E0000001E0000001E0020 +001C0020001C0020001C00200018006000380060003000700060007000C000C8018000C6070000 +81FC00001B247DA21B>I<1FFFFFF81E03C0381803C0183003C018200780182007801840078010 +40078010400F0010800F0010800F0010000F0000001E0000001E0000001E0000001E0000003C00 +00003C0000003C0000003C00000078000000780000007800000078000000F0000000F0000000F0 +000000F0000001E0000001E0000001E0000001E0000003E00000FFFF00001D2277A123>I<3FFE +03FF03C0007803C0006003C00020078000400780004007800040078000400F0000800F0000800F +0000800F0000801E0001001E0001001E0001001E0001003C0002003C0002003C0002003C000200 +7800040078000400780004007800040070000800F0000800F00010007000100070002000700040 +003000400038018000180200000E0C000003F00000202377A124>I<FFF03FF80FF81F0007C003 +C01E00078001801E00078001001E00078002001E000F8002001E000F8004001F00178004001F00 +178008000F00278008000F00278010000F00478010000F00C78020000F00878020000F01078040 +000F010780C0000F02078080000F02078100000F04078100000F0407C200000F0807C200000F08 +03C400000F1003C400000F1003C800000F2003C800000F2003D000000F4003D000000FC003E000 +000F8003E000000F0003C000000F00038000000E00038000000E00030000000C00030000000C00 +020000002D2376A131>87 D<007FF81FF8000FC007C000078003000007C002000003C004000003 +C008000003E010000001E030000001E020000001F040000000F080000000F100000000FA000000 +007C000000007C000000007C000000003C000000003C000000007E000000009E000000011E0000 +00031F000000060F000000040F000000080F80000010078000002007C000004007C00000C003C0 +00018003E000010001E000070001E0001F0003F000FFC01FFE0025227EA124>I<00F8C00185C0 +0705C00E03800E03801C03803C0380380700780700780700780700F00E00F00E00F00E00F00E10 +F01C20701C20703C20305C40308C400F078014157B9419>97 D<03C03F80038003800380070007 +00070007000E000E000E000E001C001CF81D0C1E0E3C0638073807380F700F700F700F700FE01E +E01EE01EE03CE038E038607060E031C01F0010237BA216>I<007E0001C1000301800703800E07 +801C07803C0000380000780000780000780000F00000F00000F00000F00000F001007001007002 +00300C001830000FC00011157B9416>I<00003C0003F800003800003800003800007000007000 +00700000700000E00000E00000E00000E00001C000F9C00185C00705C00E03800E03801C03803C +0380380700780700780700780700F00E00F00E00F00E00F00E10F01C20701C20703C20305C4030 +8C400F078016237BA219>I<00F803840E021C023C0238027804F018FFE0F000F000E000E000E0 +00E000E002E0026004701830600F800F157A9416>I<00003E0000470000CF00018F0001860003 +80000380000380000700000700000700000700000700000E0000FFF0000E00000E00000E00001C +00001C00001C00001C00001C000038000038000038000038000038000070000070000070000070 +0000700000E00000E00000E00000E00000C00001C00001C000718000F18000F300006200003C00 +00182D82A20F>I<001F180030B800E0B801C07001C0700380700780700700E00F00E00F00E00F +00E01E01C01E01C01E01C01E01C01E03800E03800E0780060B8006170001E70000070000070000 +0E00000E00000E00701C00F01800F0300060E0003F8000151F7E9416>I<00F0000FE00000E000 +00E00000E00001C00001C00001C00001C000038000038000038000038000070000071F00072180 +07C0C00F00E00F00E00E00E00E00E01C01C01C01C01C01C01C01C0380380380380380380380704 +700708700E08700E10700610E006206003C016237DA219>I<00C001E001C001C0000000000000 +000000000000000000001C002300430043008700870087000E000E001C001C001C003800380038 +40708070807080710032001C000B217BA00F>I<00F0000FE00000E00000E00000E00001C00001 +C00001C00001C0000380000380000380000380000700000701E0070210070C700E10F00E10F00E +20600E40001D80001E00001FC0001C7000383800383800381C00381C2070384070384070384070 +1880E01880600F0014237DA216>107 D<01E01FC001C001C001C0038003800380038007000700 +070007000E000E000E000E001C001C001C001C0038003800380038007000700070007100E200E2 +00E200E200640038000B237CA20C>I<1C0F80F8002610C10C0047606606008780780700878078 +0700870070070087007007000E00E00E000E00E00E000E00E00E000E00E00E001C01C01C001C01 +C01C001C01C01C001C01C038203803803840380380704038038070803803803080700700310030 +03001E0023157B9428>I<1C0F002631C04740C08780E08780E08700E08700E00E01C00E01C00E +01C00E01C01C03801C03801C03801C0704380708380E08380E103806107006203003C016157B94 +1B>I<007E0001C3000381800701C00E01C01C01E03C01E03801E07801E07801E07801E0F003C0 +F003C0F00380F00780700700700E00700C0030180018700007C00013157B9419>I<01C1F00262 +1804741C08780C08700E08700E08701E00E01E00E01E00E01E00E01E01C03C01C03C01C03C01C0 +7803807003807003C0E003C1C0072380071E000700000700000E00000E00000E00000E00001C00 +001C00001C0000FFC000171F7F9419>I<00F8400184C00705C00E03800E03801C03803C038038 +0700780700780700780700F00E00F00E00F00E00F00E00F01C00701C00703C00305C0030B8000F +380000380000380000700000700000700000700000E00000E00000E0000FFE00121F7B9416>I< +1C1F002620804741C08783C08703C08701808700000E00000E00000E00000E00001C00001C0000 +1C00001C000038000038000038000038000070000030000012157B9415>I<00FC000183000200 +800401800C03800C03000C00000F00000FF00007FC0003FE00003E00000F00000700700700F006 +00F00600E004004008002030001FC00011157D9414>I<00C001C001C001C001C0038003800380 +03800700FFF8070007000E000E000E000E001C001C001C001C0038003800380038107020702070 +40708031001E000D1F7C9E10>I<1E00602300E04380E04381C08381C08701C08701C00703800E +03800E03800E03801C07001C07001C07001C07081C0E10180E101C0E101C1E200C262007C3C015 +157B941A>I<1E03802307C04387C04383C08381C08700C08700C00700800E00800E00800E0080 +1C01001C01001C01001C02001C02001C04001C08001C08000C300003C00012157B9416>I<1E00 +60E02300E1F04380E1F04381C0F08381C0708701C0308701C030070380200E0380200E0380200E +0380201C0700401C0700401C0700401C0700801C0700801C0701001C0F01000C0F020006138C00 +03E0F0001C157B9420>I<1E00302300704380704380E08380E08700E08700E00701C00E01C00E +01C00E01C01C03801C03801C03801C03801C07001C07001C07001C0F000C3E0003CE00000E0000 +0E00001C00601C00F03800F03000E0600080C0004380003E0000141F7B9418>121 +D<01E02003F06007F8C0041F800801000802000004000008000010000020000040000080000100 +000200000400800801001003003F060061FC0040F80080700013157D9414>I<FFFFFC16017C8C +19>I E /Fb 15 119 df<40E04003037D8209>58 D<01F90607080310021002100018000F8003 +F0003800080008400840084010E0609F8010117D9013>83 D<072018E0306060606060C0C0C0C0 +C0C841C862D03C700D0B7E8A11>97 D<780018001800300030003000370078C0604060606060C0 +C0C0C0C0C0418063003C000B117E900E>I<007800180018003000300030073018E03060606060 +60C0C0C0C0C0C841C862D03C700D117E9010>100 D<07801840304060407F80C000C000C00040 +2020C01F000B0B7E8A0F>I<040C0000000000705898983030606464683006127E910B>105 +D<71F1F09A1A189C1C18981818181818303030303030303032303062606064606038170B7E8A1B +>109 D<71F09A189C18981818183030303030323062606460380F0B7E8A13>I<07C01820303060 +106018C030C030C020406021801F000D0B7E8A0F>I<1C70278C2604260606060C0C0C0C0C0C0C +181E3019C01800180030003000FC000F10808A10>I<73C09C2098609800180030003000300030 +00600060000B0B7E8A0E>114 D<0F001080218020003E001F0001808080C00083007C00090B7D +8A0F>I<381048308C309830183030603060306430E431E80E380E0B7E8A12>117 +D<386048608C2098201820304030403040308011000E000B0B7E8A10>I +E /Fc 1 49 df<060F0F0E1E1E1C3C383830707060E0C04008117F910A>48 +D E /Fd 17 120 df<60F0F06004047D830A>58 D<0008001800300030003000600060006000C0 +00C000C0018001800180030003000600060006000C000C000C0018001800180030003000300060 +0060006000C000C0000D217E9812>61 D<07FE03F800E001C000E0010000E0020000E0080001C0 +100001C0200001C0800001C1000003830000038F00000393800003A380000781C0000701C00007 +00E0000700E0000E0070000E0070000E0038000E0038001C003C00FF80FF001D177F961E>75 +D<003E1000C1A00100E00200600600600C00400C00400E00000F000007E00007FC0001FE00003F +00000780000380000380200180400300400300600600600400D8180087E00014177E9615>83 +D<7C0018001800180018003000300030003000678068C070406060C060C060C060C06080C080C0 +8180C10046003C000B177E960F>98 D<003E000C000C000C000C0018001800180018073018F030 +7060706060C060C060C06080C080C480C4C1C446C838700F177E9612>100 +D<07C01C20301060106020FFC0C000C000C000C000C010402060C01F000C0E7E8D10>I<1F0006 +000600060006000C000C000C000C0018F01B181C08180838183018301830306030603160616062 +C022C03C10177E9614>104 D<0300038003000000000000000000000000001C00240046004600 +8C000C0018001800180031003100320032001C0009177F960C>I<383C0044C600470200460200 +8E06000C06000C06000C0C00180C00180C40181840181880300880300F00120E7F8D15>110 +D<07C00C20101020186018C018C018C01880308030C060C0C061803E000D0E7E8D11>I<1C3C22 +462382230346030603060306030C060C060C0C0C081A3019E018001800300030003000FC001014 +808D12>I<38F04518463846308C000C000C000C001800180018001800300030000D0E7F8D10> +114 D<030003000600060006000600FFC00C000C000C0018001800180018003000308030803100 +31001E000A147F930D>116 D<1C0200260600460600460600860C000C0C000C0C000C0C001818 +001818801818801838800C5900078E00110E7F8D14>I<1C04260E4606460686040C040C040C04 +18081808181018100C6007800F0E7F8D11>I<1C020426060E460606460606860C040C0C040C0C +040C0C041818081818081818100818100C2C2003C7C0170E7F8D19>I E +/Fe 3 67 df<1F00618040C08060C0600060006000C00180030006000C00102020207FC0FFC00B +107F8F0F>50 D<00C00000C00000C000016000016000023000023000023000041800041800080C +000FFC00080C00100600100600300700FC1FC012117F9016>65 D<FFF8180C1806180318031803 +1806181C1FFC180618031803180318031806180EFFF810117F9015>I E +/Ff 17 122 df<0038007800F001E003C007800F000E001C001C0038003800700070007000E000 +E000E000E000E000E000E000E000E000E000700070007000380038001C001C000E000F00078003 +C001E000F8007800380D2878A21A>40 D<6000F00078003C001E000F000780038001C001C000E0 +00E0007000700070003800380038003800380038003800380038003800700070007000E000E001 +C001C0038007800F001E003C007800F00060000D287CA21A>I<FFFE00FFFF80FFFFC01C03E01C +00E01C00F01C00701C00701C00701C00701C00E01C01E01C07C01FFF801FFF801FFFC01C01E01C +00F01C00701C00381C00381C00381C00381C00381C00781C00F01C01F0FFFFE0FFFFC0FFFF0015 +1E7E9D1A>66 D<1FF0003FFC007FFE00780F00300700000380000380007F8007FF801FFF803F83 +80780380700380E00380E00380E00380700780780F803FFFFC1FFDFC07F0FC16157D941A>97 +D<FE0000FE0000FE00000E00000E00000E00000E00000E00000E00000E3E000EFF800FFFE00FC1 +F00F80700F00380E00380E001C0E001C0E001C0E001C0E001C0E001C0E001C0F00380F00780F80 +F00FC1E00FFFC00EFF80063E00161E7F9D1A>I<001FC0001FC0001FC00001C00001C00001C000 +01C00001C00001C001F1C007FDC00FFFC01E0FC03C07C07803C07001C0E001C0E001C0E001C0E0 +01C0E001C0E001C0E001C07003C07003C03807C03E0FC01FFFFC07FDFC01F1FC161E7E9D1A> +100 D<01F80007FF000FFF801E07C03C01C07800E07000E0E00070E00070FFFFF0FFFFF0FFFFF0 +E000007000007000007800703C00701F01F00FFFE003FFC000FE0014157D941A>I<01F87C07FF +FE0FFFFE1E078C1C03803801C03801C03801C03801C03801C01C03801E07801FFF001FFE0039F8 +003800003800001C00001FFF801FFFE03FFFF878007C70001CE0000EE0000EE0000EE0000E7000 +1C78003C3E00F81FFFF007FFC001FF0017217F941A>103 D<FE0000FE0000FE00000E00000E00 +000E00000E00000E00000E00000E3E000EFF800FFFC00FC1C00F80E00F00E00E00E00E00E00E00 +E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E0FFE3FEFFE7FEFFE3FE171E +7F9D1A>I<7CE0E000FFFBF8007FFFF8001F1F1C001E1E1C001E1E1C001C1C1C001C1C1C001C1C +1C001C1C1C001C1C1C001C1C1C001C1C1C001C1C1C001C1C1C001C1C1C001C1C1C001C1C1C007F +1F1F00FF9F9F807F1F1F00191580941A>109 D<FE3E00FEFF80FFFFC00FC1C00F80E00F00E00E +00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E0FFE3FEFF +E7FEFFE3FE17157F941A>I<01F00007FC001FFF003E0F803C07807803C07001C0E000E0E000E0 +E000E0E000E0E000E0E000E0F001E07001C07803C03C07803E0F801FFF0007FC0001F00013157D +941A>I<FE3E00FEFF80FFFFE00FC1F00F80700F00380E00380E001C0E001C0E001C0E001C0E00 +1C0E001C0E001C0F00380F00780F80F00FC1E00FFFC00EFF800E3E000E00000E00000E00000E00 +000E00000E00000E00000E0000FFE000FFE000FFE00016207F941A>I<7F83F0FF8FF87FBFFC03 +FC3C03F01803E00003C00003C00003800003800003800003800003800003800003800003800003 +80000380007FFF00FFFF007FFF0016157E941A>114 D<07FB801FFF807FFF80780780E00380E0 +0380E003807800007FC0003FFC0007FE00003F800007806001C0E001C0E001C0F003C0FC0780FF +FF00EFFE00E3F80012157C941A>I<00C00001C00001C00001C00001C00001C00001C0007FFFE0 +FFFFE0FFFFE001C00001C00001C00001C00001C00001C00001C00001C00001C00001C00001C070 +01C07001C07001C07000E0E000FFE0007FC0001F00141C7F9B1A>I<7FC3FCFFC7FE7FC3FC0E00 +E00E00E00700E00701C00781C00381C003838003C38001C38001C70000E70000E70000E6000066 +00006E00003C00003C00003C0000380000380000380000700000700030700078E00071E0007FC0 +003F80001E000017207F941A>121 D E /Fg 10 115 df<FFE0FFE00B027D8B10>45 +D<0000040000000006000000000E000000001E000000001E000000003E000000003F000000004F +000000004F000000008F000000008F000000010F00000001078000000207800000020780000004 +0780000004078000000807C000000803C000001003C000001003C000002003C000003FFFE00000 +4001E000004001E000008001E000008001E000010001E000010000F000020000F000060000F000 +040000F0000C0000F0003E0001F800FF800FFF8021237EA225>65 D<00FF000381C00603C00C03 +C01C0180380000780000700000F00000F00000F00000F00000F00000E00000F00000F000807001 +007001003806001C180007E00012157C9416>99 D<00FE000383800701C00C00E01C00E03800E0 +7800E07000E0FFFFE0F00000F00000F00000F00000E00000E00000F00040700080300080180300 +0E0C0003F00013157D9416>101 D<00000780001F88800070D18000E0E18001C0700003C07000 +03C070000780F0000780F0000780F0000780E0000381E0000181C00002C30000027E0000040000 +0004000000040000000600000007FF800007FFE00007FFF0001C00780030001800600018006000 +1800C0001800C0001800C0003000600060003000C0001C07800003FC00001921809518>103 +D<007000F001F000F000E00000000000000000000000000000000001C00FC001C001C001C001C0 +0380038003800380038003800700070007000700070007000E000F00FFE00C227FA10E>105 +D<007803F800700070007000700070007000E000E000E000E000E000E001C001C001C001C001C0 +01C00380038003800380038003800700070007000700070007000E000F00FFE00D237FA20E> +108 D<01C3F01FCC1801D00C01E00E01E00E01C00E03C01C03801C03801C03801C03801C03801C +0700380700380700380700380700380700380E00700F0078FFE7FF18157F941B>110 +D<007E000383800600C00C00E01C0070380070780078700078F00078F00078F00078F00078E000 +F0E000F0E000E0F001E07001C07003803807001C1C0007F00015157D9418>I<01C7C01FC8E001 +D1E001E1E001E0C001C00003C00003800003800003800003800003800007000007000007000007 +00000700000700000E00000F0000FFF00013157F9413>114 D E /Fh 16 +127 df<F0F0F0F004047B830E>46 D<0000800001800001800003000003000003000006000006 +00000600000C00000C00000C000018000018000018000030000030000030000060000060000060 +0000C00000C00000C0000180000180000180000180000300000300000300000600000600000600 +000C00000C00000C0000180000180000180000300000300000300000600000600000600000C000 +00C00000C0000011317DA418>I<001F0000001F0000003F8000003F8000003B8000007BC00000 +73C0000071C00000F1E00000F1E00000E0E00001E0F00001E0F00001C0F00003C0780003C07800 +0380780007803C0007803C0007003C000F001E000F001E000FFFFE001FFFFF001FFFFF001C000F +003C0007803C00078038000780780003C0780003C0700003C0F00001E0F00001E0E00001E01B23 +7EA220>65 D<01FC0007FF000FFF801F03803C0180780000780000700000F00000F00000F00000 +F00000F00000F000007800007800007800003C00401F03C00FFFC007FF8001FC0012167E9516> +99 D<0003C00003C00003C00003C00003C00003C00003C00003C00003C00003C00003C00003C0 +0003C003E3C00FFBC01FFFC03F0FC03C07C07803C07803C0F003C0F003C0F003C0F003C0F003C0 +F003C0F003C0F003C07803C07803C03C07C03E0FC01FFFC00FFBC003E3C012237EA219>I<03F0 +0007FC001FFE003E0F003C0780780380780380F001C0FFFFC0FFFFC0FFFFC0F00000F00000F000 +007000007800007800003C00801F07800FFF8007FF0001F80012167E9516>I<01F07807FFF80F +FFF81F1F001E0F003C07803C07803C07803C07803C07801E0F001F1F000FFE001FFC0019F00038 +00003800003C00001FFE001FFFC01FFFE03FFFF07801F07800F8F00078F00078F00078F0007878 +00F03E03E01FFFC00FFF8001FC0015217F9518>103 D<F000F000F000F000F000F000F000F000 +F000F000F000F000F000F1F8F3FCF7FEFE1EF80FF80FF00FF00FF00FF00FF00FF00FF00FF00FF0 +0FF00FF00FF00FF00FF00FF00FF00F10237CA219>I<F0F0F0F0000000000000000000F0F0F0F0 +F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F004237DA20B>I<F0F0F0F0F0F0F0F0F0F0F0F0F0F0 +F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F004237DA20B>108 D<F1F8F3FCF7FEFE1EF8 +0FF80FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00F10167C95 +19>110 D<01FC0007FF000FFF801F07C03C01E07800F07800F0700070F00078F00078F00078F0 +0078F00078F000787800F07800F07C01F03E03E01F07C00FFF8007FF0001FC0015167F9518>I< +F0E0F3E0F7E0FF00FE00FC00F800F800F000F000F000F000F000F000F000F000F000F000F000F0 +00F000F0000B167C9511>114 D<07F01FFC3FFE3C0E7806780078007C003F003FF01FF80FFC01 +FE001F000F000F000FC00FF81EFFFE3FFC0FF010167F9513>I<0F000F000F000F000F000F00FF +F8FFF8FFF80F000F000F000F000F000F000F000F000F000F000F000F000F000F000F080F1C07FC +07F803E00E1C7F9B12>I<1C0E3F0E7F8EE3FCE1F8E0700F067CA118>126 +D E /Fi 1 124 df<FFFFFFE0FFFFFFE01B02808E1C>123 D E /Fj 4 107 +df<03F0000FFC001FFE003FFF007FFF807FFF80FFFFC0FFFFC0FFFFC0FFFFC0FFFFC0FFFFC0FF +FFC0FFFFC07FFF807FFF803FFF001FFE000FFC0003F00012147D9519>15 +D<000000006000000000003000000000003000000000001800000000001800000000000C000000 +00000600000000000380FFFFFFFFFFE0FFFFFFFFFFC0000000000380000000000600000000000C +000000000018000000000018000000000030000000000030000000000060002B127D9432>33 +D<001FFF007FFF01E0000380000600000C0000180000300000300000600000600000600000C000 +00C00000FFFFFFFFFFFFC00000C000006000006000006000003000003000001800000C00000600 +0003800001E000007FFF001FFF181E7C9A21>50 D<C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0 +C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C002317AA40E>106 +D E /Fk 68 124 df<007E0001C1800301800703C00E03C00E01800E00000E00000E00000E0000 +0E0000FFFFC00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C0 +0E01C00E01C00E01C00E01C00E01C07F87F8151D809C17>12 D<6060F0F0F8F868680808080808 +08101010102020404080800D0C7F9C15>34 D<00E0000001900000030800000308000007080000 +0708000007080000070800000710000007100000072000000740000003C03FE003800F00038006 +000380040005C0040009C0080010E0100030E010006070200060702000E0384000E03C4000E01C +8000E00F0020E0070020700780403009C0401830E18007C03E001B1F7E9D20>38 +D<004000800100020006000C000C0018001800300030007000600060006000E000E000E000E000 +E000E000E000E000E000E000E000E000600060006000700030003000180018000C000C00060002 +000100008000400A2A7D9E10>40 D<800040002000100018000C000C0006000600030003000380 +01800180018001C001C001C001C001C001C001C001C001C001C001C001C0018001800180038003 +000300060006000C000C00180010002000400080000A2A7E9E10>I<01800180018001804182F1 +8F399C0FF003C003C00FF0399CF18F4182018001800180018010127E9E15>I<60F0F070101010 +1020204080040C7C830C>44 D<FFE0FFE00B0280890E>I<60F0F06004047C830C>I<0001000300 +0600060006000C000C000C0018001800180030003000300060006000C000C000C0018001800180 +030003000300060006000C000C000C00180018001800300030003000600060006000C000C00010 +297E9E15>I<03C00C301818300C300C700E60066006E007E007E007E007E007E007E007E007E0 +07E007E007E007E00760066006700E300C300C18180C3007E0101D7E9B15>I<030007003F00C7 +000700070007000700070007000700070007000700070007000700070007000700070007000700 +0700070007000F80FFF80D1C7C9B15>I<07C01830201C400C400EF00FF80FF807F8077007000F +000E000E001C001C00380070006000C00180030006010C01180110023FFE7FFEFFFE101C7E9B15 +>I<07E01830201C201C781E780E781E381E001C001C00180030006007E00030001C001C000E00 +0F000F700FF80FF80FF80FF00E401C201C183007E0101D7E9B15>I<000C00000C00001C00003C +00003C00005C0000DC00009C00011C00031C00021C00041C000C1C00081C00101C00301C00201C +00401C00C01C00FFFFC0001C00001C00001C00001C00001C00001C00001C0001FFC0121C7F9B15 +>I<300C3FF83FF03FC020002000200020002000200023E024302818301C200E000E000F000F00 +0F600FF00FF00FF00F800E401E401C2038187007C0101D7E9B15>I<00F0030C06040C0E181E30 +1E300C700070006000E3E0E430E818F00CF00EE006E007E007E007E007E007600760077006300E +300C18180C3003E0101D7E9B15>I<4000007FFF807FFF007FFF00400200800400800400800800 +00100000100000200000600000400000C00000C00001C000018000018000038000038000038000 +038000078000078000078000078000078000078000030000111D7E9B15>I<03E00C301008200C +20066006600660067006780C3E083FB01FE007F007F818FC307E601E600FC007C003C003C003C0 +0360026004300C1C1007E0101D7E9B15>I<03C00C301818300C700C600EE006E006E007E007E0 +07E007E0076007700F300F18170C2707C700060006000E300C780C78187010203030C00F80101D +7E9B15>I<7FFFFFC0FFFFFFE00000000000000000000000000000000000000000000000000000 +000000000000FFFFFFE07FFFFFC01B0C7E8F20>61 D<000600000006000000060000000F000000 +0F0000000F00000017800000178000001780000023C0000023C0000023C0000041E0000041E000 +0041E0000080F0000080F0000180F8000100780001FFF80003007C0002003C0002003C0006003E +0004001E0004001E000C001F001E001F00FF80FFF01C1D7F9C1F>65 D<FFFFC00F00F00F00380F +003C0F001C0F001E0F001E0F001E0F001E0F001C0F003C0F00780F01F00FFFE00F00780F003C0F +001E0F000E0F000F0F000F0F000F0F000F0F000F0F001E0F001E0F003C0F0078FFFFE0181C7E9B +1D>I<001F808000E0618001801980070007800E0003801C0003801C0001803800018078000080 +7800008070000080F0000000F0000000F0000000F0000000F0000000F0000000F0000000F00000 +00700000807800008078000080380000801C0001001C0001000E000200070004000180080000E0 +3000001FC000191E7E9C1E>I<FFFFC0000F00F0000F003C000F000E000F0007000F0007000F00 +03800F0003C00F0001C00F0001C00F0001E00F0001E00F0001E00F0001E00F0001E00F0001E00F +0001E00F0001E00F0001C00F0001C00F0003C00F0003800F0007800F0007000F000E000F001C00 +0F007000FFFFC0001B1C7E9B20>I<FFFFFC0F003C0F000C0F00040F00040F00060F00020F0002 +0F02020F02000F02000F02000F06000FFE000F06000F02000F02000F02000F02010F00010F0002 +0F00020F00020F00060F00060F000C0F003CFFFFFC181C7E9B1C>I<FFFFF80F00780F00180F00 +080F00080F000C0F00040F00040F02040F02000F02000F02000F06000FFE000F06000F02000F02 +000F02000F02000F00000F00000F00000F00000F00000F00000F00000F8000FFF800161C7E9B1B +>I<FFF00F000F000F000F000F000F000F000F000F000F000F000F000F000F000F000F000F000F +000F000F000F000F000F000F000F000F00FFF00C1C7F9B0F>73 D<FFF8000F80000F00000F0000 +0F00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F0000 +0F00000F00080F00080F00080F00180F00180F00100F00300F00700F01F0FFFFF0151C7E9B1A> +76 D<FF8000FF800F8000F8000F8000F8000BC00178000BC00178000BC001780009E002780009 +E002780008F004780008F004780008F0047800087808780008780878000878087800083C107800 +083C107800083C107800081E207800081E207800081E207800080F407800080F40780008078078 +000807807800080780780008030078001C03007800FF8307FF80211C7E9B26>I<FF007FC00F80 +0E000F8004000BC0040009E0040009E0040008F0040008F8040008780400083C0400083C040008 +1E0400080F0400080F0400080784000807C4000803C4000801E4000801E4000800F40008007C00 +08007C0008003C0008003C0008001C0008000C001C000C00FF8004001A1C7E9B1F>I<003F8000 +00E0E0000380380007001C000E000E001C0007003C00078038000380780003C0780003C0700001 +C0F00001E0F00001E0F00001E0F00001E0F00001E0F00001E0F00001E0F00001E0700001C07800 +03C0780003C0380003803C0007801C0007000E000E0007001C000380380000E0E000003F80001B +1E7E9C20>I<FFFF800F00E00F00780F003C0F001C0F001E0F001E0F001E0F001E0F001E0F001C +0F003C0F00780F00E00FFF800F00000F00000F00000F00000F00000F00000F00000F00000F0000 +0F00000F00000F0000FFF000171C7E9B1C>I<FFFF00000F01E0000F0078000F003C000F001C00 +0F001E000F001E000F001E000F001E000F001C000F003C000F0078000F01E0000FFF00000F03C0 +000F00E0000F00F0000F0078000F0078000F0078000F0078000F0078000F0078000F0078100F00 +78100F0038100F003C20FFF01C20000007C01C1D7E9B1F>82 D<07E0801C198030058070038060 +0180E00180E00080E00080E00080F00000F800007C00007FC0003FF8001FFE0007FF0000FF8000 +0F800007C00003C00001C08001C08001C08001C0C00180C00180E00300D00200CC0C0083F80012 +1E7E9C17>I<7FFFFFC0700F01C0600F00C0400F0040400F0040C00F0020800F0020800F002080 +0F0020000F0000000F0000000F0000000F0000000F0000000F0000000F0000000F0000000F0000 +000F0000000F0000000F0000000F0000000F0000000F0000000F0000000F0000001F800003FFFC +001B1C7F9B1E>I<FFF07FC00F000E000F0004000F0004000F0004000F0004000F0004000F0004 +000F0004000F0004000F0004000F0004000F0004000F0004000F0004000F0004000F0004000F00 +04000F0004000F0004000F0004000F0004000700080007800800038010000180100000C0200000 +70C000001F00001A1D7E9B1F>I<FFE0FFE0FF1F001F003C1E001E00180F001F00100F001F0010 +0F001F001007801F00200780278020078027802003C027804003C043C04003C043C04003E043C0 +4001E081E08001E081E08001E081E08000F100F10000F100F10000F100F100007900FA00007A00 +7A00007A007A00003E007C00003C003C00003C003C00003C003C00001800180000180018000018 +001800281D7F9B2B>87 D<7FF0FFC00FC03E000780180003C0180003E0100001E0200001F06000 +00F0400000788000007D8000003D0000001E0000001F0000000F0000000F8000000F80000013C0 +000023E0000021E0000041F00000C0F8000080780001007C0003003C0002001E0006001F001F00 +3F80FFC0FFF01C1C7F9B1F>I<FEFEC0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0 +C0C0C0C0C0C0C0C0C0C0C0C0C0FEFE07297C9E0C>91 D<08081010202040404040808080808080 +B0B0F8F8787830300D0C7A9C15>I<FEFE06060606060606060606060606060606060606060606 +060606060606060606060606060606FEFE0729809E0C>I<1FC000307000783800781C00301C00 +001C00001C0001FC000F1C00381C00701C00601C00E01C40E01C40E01C40603C40304E801F8700 +12127E9115>97 D<FC00001C00001C00001C00001C00001C00001C00001C00001C00001C00001C +00001C7C001D86001E03001C01801C01C01C00C01C00E01C00E01C00E01C00E01C00E01C00E01C +00C01C01C01C01801E030019060010F800131D7F9C17>I<07E00C301878307870306000E000E0 +00E000E000E000E00060007004300418080C3007C00E127E9112>I<003F000007000007000007 +0000070000070000070000070000070000070000070003E7000C1700180F003007007007006007 +00E00700E00700E00700E00700E00700E00700600700700700300700180F000C370007C7E0131D +7E9C17>I<03E00C301818300C700E6006E006FFFEE000E000E000E00060007002300218040C18 +03E00F127F9112>I<00F8018C071E061E0E0C0E000E000E000E000E000E00FFE00E000E000E00 +0E000E000E000E000E000E000E000E000E000E000E000E000E007FE00F1D809C0D>I<00038003 +C4C00C38C01C3880181800381C00381C00381C00381C001818001C38000C300013C00010000030 +00001800001FF8001FFF001FFF803003806001C0C000C0C000C0C000C06001803003001C0E0007 +F800121C7F9215>I<FC00001C00001C00001C00001C00001C00001C00001C00001C00001C0000 +1C00001C7C001C87001D03001E03801C03801C03801C03801C03801C03801C03801C03801C0380 +1C03801C03801C03801C03801C0380FF9FF0141D7F9C17>I<18003C003C001800000000000000 +0000000000000000FC001C001C001C001C001C001C001C001C001C001C001C001C001C001C001C +001C00FF80091D7F9C0C>I<00C001E001E000C000000000000000000000000000000FE000E000 +E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E060E0 +F0C0F1C061803E000B25839C0D>I<FC00001C00001C00001C00001C00001C00001C00001C0000 +1C00001C00001C00001C3FC01C0F001C0C001C08001C10001C20001C40001CE0001DE0001E7000 +1C78001C38001C3C001C1C001C0E001C0F001C0F80FF9FE0131D7F9C16>I<FC001C001C001C00 +1C001C001C001C001C001C001C001C001C001C001C001C001C001C001C001C001C001C001C001C +001C001C001C001C00FF80091D7F9C0C>I<FC7E07E0001C838838001D019018001E01E01C001C +01C01C001C01C01C001C01C01C001C01C01C001C01C01C001C01C01C001C01C01C001C01C01C00 +1C01C01C001C01C01C001C01C01C001C01C01C001C01C01C00FF8FF8FF8021127F9124>I<FC7C +001C87001D03001E03801C03801C03801C03801C03801C03801C03801C03801C03801C03801C03 +801C03801C03801C0380FF9FF014127F9117>I<03F0000E1C00180600300300700380600180E0 +01C0E001C0E001C0E001C0E001C0E001C06001807003803003001806000E1C0003F00012127F91 +15>I<FC7C001D86001E03001C01801C01C01C00C01C00E01C00E01C00E01C00E01C00E01C00E0 +1C01C01C01C01C01801E03001D06001CF8001C00001C00001C00001C00001C00001C00001C0000 +FF8000131A7F9117>I<03C1000C3300180B00300F00700700700700E00700E00700E00700E007 +00E00700E00700600700700700300F00180F000C370007C7000007000007000007000007000007 +00000700000700003FE0131A7E9116>I<FCE01D301E781E781C301C001C001C001C001C001C00 +1C001C001C001C001C001C00FFC00D127F9110>I<1F9030704030C010C010E010F8007F803FE0 +0FF000F880388018C018C018E010D0608FC00D127F9110>I<04000400040004000C000C001C00 +3C00FFE01C001C001C001C001C001C001C001C001C001C101C101C101C101C100C100E2003C00C +1A7F9910>I<FC1F801C03801C03801C03801C03801C03801C03801C03801C03801C03801C0380 +1C03801C03801C03801C07800C07800E1B8003E3F014127F9117>I<FF07E03C03801C01001C01 +000E02000E020007040007040007040003880003880003D80001D00001D00000E00000E00000E0 +0000400013127F9116>I<FF3FCFE03C0F03801C0701801C0701001C0B01000E0B82000E0B8200 +0E1182000711C4000711C4000720C40003A0E80003A0E80003C0680001C0700001C07000018030 +00008020001B127F911E>I<7F8FF00F03800F030007020003840001C80001D80000F000007000 +00780000F800009C00010E00020E000607000403801E07C0FF0FF81512809116>I<FF07E03C03 +801C01001C01000E02000E020007040007040007040003880003880003D80001D00001D00000E0 +0000E00000E000004000004000008000008000F08000F10000F300006600003C0000131A7F9116 +>I<FFFFF01401808B15>123 D E /Fl 7 56 df<0C001C00EC000C000C000C000C000C000C000C +000C000C000C000C000C000C000C000C00FFC00A137D9211>49 D<1F0060C06060F070F0306030 +00700070006000C001C00180020004000810101020207FE0FFE00C137E9211>I<0FC030707038 +703870380038003000E00FC0007000380018001C601CF01CF018E03860701FC00E137F9211>I< +006000E000E00160026006600C600860106020606060C060FFFC0060006000600060006003FC0E +137F9211>I<60607FC07F8044004000400040004F0070C040E0006000700070E070E070E06040 +E021C01F000C137E9211>I<07C00C201070207060006000C000CF00D0C0E060C020C030C030C0 +3040306020206010C00F000C137E9211>I<40007FFC7FF8401080108020004000800100010003 +000200060006000E000E000E000E000E0004000E147E9311>I E /Fm 19 +117 df<03000700FF000700070007000700070007000700070007000700070007000700070007 +00070007007FF00C157E9412>49 D<0F8030E040708030C038E0384038003800700070006000C0 +0180030006000C08080810183FF07FF0FFF00D157E9412>I<0FE030306018701C701C001C0018 +0038006007E000300018000C000E000EE00EE00EC00C401830300FE00F157F9412>I<00300030 +007000F001F001700270047008701870107020704070C070FFFE0070007000700070007003FE0F +157F9412>I<20303FE03FC0240020002000200020002F8030E020700030003800384038E038E0 +388030406020C01F000D157E9412>I<01F00608080C181C301C70006000E000E3E0EC30F018F0 +0CE00EE00EE00E600E600E300C3018183007C00F157F9412>I<40007FFE7FFC7FF8C008801080 +200040008000800100010003000200060006000E000E000E000E000E0004000F167E9512>I<00 +1000003800003800003800005C00005C00005C00008E00008E00008E0001070001070003078002 +038002038007FFC00401C00401C00800E00800E01800E03800F0FE03FE17177F961A>65 +D<FFFE001C03801C00E01C00601C00701C00701C00701C00701C00E01C01C01FFF801FFFC01C00 +E01C00701C00301C00381C00381C00381C00381C00701C00E01C01C0FFFF0015177F9619>I<FF +83FE1C00701C00701C00701C00701C00701C00701C00701C00701C00701C00701FFFF01C00701C +00701C00701C00701C00701C00701C00701C00701C00701C0070FF83FE17177F961A>72 +D<1FC0386038301038003803F81E3830387038E039E039E07970FF1F1E100E7F8D12>97 +D<007E00000E00000E00000E00000E00000E00000E00000E00000E0007CE001C3E00300E00700E +00600E00E00E00E00E00E00E00E00E00600E00700E00301E00182E0007CFC012177F9614>100 +D<FC00001C00001C00001C00001C00001C00001C00001C00001C00001C7C001D8E001E07001C07 +001C07001C07001C07001C07001C07001C07001C07001C07001C0700FF9FE01317809614>104 +D<183C3C1800000000007C1C1C1C1C1C1C1C1C1C1C1C1CFF081780960A>I<FC7C1F001D8E6380 +1E0781C01C0701C01C0701C01C0701C01C0701C01C0701C01C0701C01C0701C01C0701C01C0701 +C01C0701C0FF9FE7F81D0E808D1E>109 D<FC7C001D8E001E07001C07001C07001C07001C0700 +1C07001C07001C07001C07001C07001C0700FF9FE0130E808D14>I<07C018303018600C600CE0 +0EE00EE00EE00EE00E701C3018183007C00F0E7F8D12>I<1F4060C0C040C040E000FF007F801F +C001E080608060C060E0C09F000B0E7F8D0E>115 D<080008000800180018003800FF80380038 +003800380038003800380038403840384038401C800F000A147F930E>I +E /Fn 14 116 df<70F8F8F87005057C840E>58 D<70F8FCFC7404040404080810102040060F7C +840E>I<0000001800000078000001E00000078000001E00000078000003E000000F8000003C00 +0000F0000003C000000F0000003C000000F0000000F00000003C0000000F00000003C0000000F0 +0000003C0000000F80000003E0000000780000001E0000000780000001E000000078000000181D +1C7C9926>I<C0000000F00000003C0000000F00000003C0000000F00000003E0000000F800000 +01E0000000780000001E0000000780000001E00000007800000078000001E00000078000001E00 +000078000001E000000F8000003E000000F0000003C000000F0000003C000000F0000000C00000 +001D1C7C9926>62 D<007FFFF8000007801E0000078007000007800380000F0001C0000F0001C0 +000F0000E0000F0000E0001E0000E0001E0000F0001E0000F0001E0000F0003C0000F0003C0000 +F0003C0000F0003C0000F000780001E000780001E000780001E000780001E000F00003C000F000 +03C000F000038000F000078001E000070001E0000E0001E0001E0001E0001C0003C000380003C0 +00700003C000E00003C003800007C00E0000FFFFF8000024227EA128>68 +D<007FFFFFC000078003C000078000C000078000C0000F0000C0000F0000C0000F000080000F00 +0080001E000080001E000080001E008080001E008000003C010000003C010000003C030000003C +070000007FFE000000780600000078060000007806000000F004000000F004000000F004010000 +F000020001E000020001E000020001E000040001E0000C0003C000080003C000180003C0003000 +03C000700007C003F000FFFFFFE00022227EA124>I<007FFC01FF000780007800078000600007 +8000C0000F000180000F000200000F000400000F000800001E001000001E004000001E00800000 +1E010000003C020000003C040000003C1E0000003C3E000000785F000000788F0000007A0F0000 +007C07800000F807800000F007C00000F003C00000F003C00001E001E00001E001E00001E001E0 +0001E000F00003C000F00003C000F80003C000780003C000780007C000FC00FFFC07FF8028227E +A129>75 D<007FFE000007C0000007800000078000000F0000000F0000000F0000000F0000001E +0000001E0000001E0000001E0000003C0000003C0000003C0000003C0000007800000078000000 +7800000078000000F0000000F0000000F0001000F0001001E0002001E0002001E0004001E00040 +03C000C003C0008003C0018003C0078007C01F00FFFFFF001C227EA121>I<007FC00001FF0007 +C00003E00007C00005E00007C00005E00009E0000BC00009E0000BC00009E00013C00009E00023 +C00011E00027800011E00047800011E00047800011E00087800021E0010F000020F0010F000020 +F0020F000020F0040F000040F0041E000040F0081E000040F0081E000040F0101E000080F0203C +00008078203C00008078403C00008078803C000100788078000100790078000100790078000100 +7A00780002007C00F00002007C00F00002003800F00006003800F0000F003001F000FFE0203FFF +0030227EA12F>I<00786001C4E00302E00601C00E01C01C01C03C01C038038078038078038078 +0380F00700F00700F00700F00708F00E10700E10701E1030262018C6200F01C015157E941A>97 +D<003F0000E0800380C00701C00E03C01C03C03C00003C0000780000780000780000F00000F000 +00F00000F000007000407000403001803802001C1C0007E00012157E9415>99 +D<00F0000FE00000E00000E00000E00001C00001C00001C00001C0000380000380000380000380 +00070000071F0007218007C0C00F00E00F00E00E00E00E00E01C01C01C01C01C01C01C01C03803 +80380380380700380704700708700E08700E08700610E006206003C016237DA21C>104 +D<3C07E01F00461830618047201880C087401D00E087801E00E087801C00E087001C00E00E0038 +01C00E003801C00E003801C00E003801C01C007003801C007003801C007007001C007007043800 +E007083800E00E083800E00E083800E006107001C006203000C003C026157E942B>109 +D<007E0000810003008002018006038006030006000007000007F80003FE0001FF00003F000007 +80000380700380F00300F00300E002004004003018000FE00011157E9417>115 +D E /Fo 89 128 df<001F83E000706E3000C07C780180F8780380F07807007000070070000700 +7000070070000700700007007000070070000700700007007000FFFFFFC0070070000700700007 +007000070070000700700007007000070070000700700007007000070070000700700007007000 +070070000700700007007000070070000700700007007000070078007FE3FF801D2380A21C>11 +D<001FC0000070200000C010000180380003807800070078000700300007000000070000000700 +000007000000070000000700000007000000FFFFF8000700780007003800070038000700380007 +003800070038000700380007003800070038000700380007003800070038000700380007003800 +07003800070038000700380007003800070038007FE1FF80192380A21B>I<001FD80000703800 +00C078000180780003807800070038000700380007003800070038000700380007003800070038 +000700380007003800FFFFF8000700380007003800070038000700380007003800070038000700 +380007003800070038000700380007003800070038000700380007003800070038000700380007 +00380007003800070038007FF3FF80192380A21B>I<000FC07F00007031C08000E00B00400180 +1E00E003803E01E007003C01E007001C00C007001C000007001C000007001C000007001C000007 +001C000007001C000007001C0000FFFFFFFFE007001C01E007001C00E007001C00E007001C00E0 +07001C00E007001C00E007001C00E007001C00E007001C00E007001C00E007001C00E007001C00 +E007001C00E007001C00E007001C00E007001C00E007001C00E007001C00E007001C00E07FF1FF +CFFE272380A229>I<00004000008000008000010000010001F200060E001C0700380780300980 +7009C06010C0E030E0E020E0E060E0E040E0E0C0E0E080E0E180E06100C07201C03201803C0380 +1C07000E0C0009F000100000100000200000200000400000131F7E9918>28 +D<70F8F8F8F8F8F8F8707070707070707070707070202020202020000000000070F8F8F8700524 +7CA30E>33 D<7038F87CFC7EFC7E743A04020402040204020804080410081008201040200F0F7E +A218>I<003C000000006200000000C20000000181000000018100000003810000000381000000 +03810000000381000000038200000003820000000384000000038800000001C800000001D00000 +0001E003FF8001C0007C0000E000380001E000300001F000200002700040000470004000083800 +8000183C008000301C010000701E020000700E020000F007040000F007880000F003880000F001 +D00100F000E0010078007003003800B802003C031C04000E0C0E0C0003F003F00021257EA326> +38 D<70F8FCFC7404040404080810102040060F7CA20E>I<00200040008001000300060004000C +000C00180018003000300030007000600060006000E000E000E000E000E000E000E000E000E000 +E000E000E000E000E0006000600060007000300030003000180018000C000C0004000600030001 +000080004000200B327CA413>I<800040002000100018000C0004000600060003000300018001 +80018001C000C000C000C000E000E000E000E000E000E000E000E000E000E000E000E000E000E0 +00C000C000C001C0018001800180030003000600060004000C00180010002000400080000B327D +A413>I<70F8FCFC7404040404080810102040060F7C840E>44 D<FFE0FFE00B027F8B10>I<70F8 +F8F87005057C840E>I<000080000180000180000300000300000300000600000600000600000C +00000C00000C0000180000180000180000300000300000300000600000600000600000C00000C0 +0000C0000180000180000180000180000300000300000300000600000600000600000C00000C00 +000C0000180000180000180000300000300000300000600000600000600000C00000C00000C000 +0011317DA418>I<01F000071C000C06001803003803803803807001C07001C07001C07001C0F0 +01E0F001E0F001E0F001E0F001E0F001E0F001E0F001E0F001E0F001E0F001E0F001E0F001E0F0 +01E07001C07001C07001C07803C03803803803801C07000C0600071C0001F00013227EA018>I< +008003800F80F38003800380038003800380038003800380038003800380038003800380038003 +800380038003800380038003800380038003800380038007C0FFFE0F217CA018>I<03F0000C1C +001007002007804003C04003C08003E0F003E0F801E0F801E0F801E02003E00003E00003C00003 +C0000780000700000E00001C0000180000300000600000C0000180000100000200200400200800 +201800603000403FFFC07FFFC0FFFFC013217EA018>I<03F8000C1E001007002007804007C078 +07C07803C07807C03807C0000780000780000700000F00000E0000380003F000001C00000F0000 +07800007800003C00003C00003E02003E07003E0F803E0F803E0F003C04003C040078020078010 +0F000C1C0003F00013227EA018>I<000200000600000E00000E00001E00001E00002E00004E00 +004E00008E00008E00010E00020E00020E00040E00040E00080E00100E00100E00200E00200E00 +400E00800E00FFFFF8000E00000E00000E00000E00000E00000E00000E00001F0001FFF015217F +A018>I<1000801E07001FFF001FFE001FF80013E0001000001000001000001000001000001000 +0010F800130E001407001803801003800001C00001C00001E00001E00001E00001E07001E0F001 +E0F001E0E001C08001C04003C04003802007001006000C1C0003F00013227EA018>I<007E0001 +C1000300800601C00E03C01C03C0180180380000380000780000700000700000F0F800F30C00F4 +0600F40300F80380F801C0F001C0F001E0F001E0F001E0F001E0F001E07001E07001E07001E038 +01C03801C01803801C03000C0600070C0001F00013227EA018>I<4000006000007FFFE07FFFC0 +7FFFC0400080C00100800100800200800200000400000800000800001000003000002000006000 +00600000600000E00000C00000C00001C00001C00001C00001C00003C00003C00003C00003C000 +03C00003C00003C00003C00001800013237DA118>I<01F800060E000803001001802001802000 +C06000C06000C06000C07000C07801803E01003F02001FC4000FF80003F80003FC00067F00083F +80100F803007C06001C06000E0C000E0C00060C00060C00060C000606000406000C03000801803 +000E0E0003F00013227EA018>I<01F000060C000C0600180700380380700380700380F001C0F0 +01C0F001C0F001E0F001E0F001E0F001E0F001E07001E07003E03803E01805E00C05E00619E003 +E1E00001C00001C00001C0000380000380300300780700780600700C002018001030000FC00013 +227EA018>I<70F8F8F870000000000000000000000070F8F8F87005157C940E>I<70F8F8F87000 +0000000000000000000070F8F8F87808080808101010204040051F7C940E>I<70F8F8F8700000 +000000202020202020707070707070707070707070F8F8F8F8F8F8F87005247C980E>I<FFFFFF +FEFFFFFFFE0000000000000000000000000000000000000000000000000000000000000000FFFF +FFFEFFFFFFFE1F0C7D9126>I<07E01838201C400E800FF00FF00FF00F000F000E001C00380030 +006000C000C000800080018001000100010001000100010000000000000000000000038007C007 +C007C0038010237DA217>63 D<000FE00000701C00008002000300018004000040080000200800 +00201007C01020183008203008084060040440C0078441C0038481C00382838003828380038283 +8003828380038283800382838003828380038281C0038241C0038240C007824060078420300B84 +201831881007C0F00800000008000000040000000300000E00800078007007C0000FFC001F237D +A226>I<0001800000018000000180000003C0000003C0000003C0000005E0000005E000000DF0 +000008F0000008F0000010F800001078000010780000203C0000203C0000203C0000401E000040 +1E0000401E0000800F0000800F0000FFFF000100078001000780030007C0020003C0020003C004 +0003E0040001E0040001E00C0000F00C0000F03E0001F8FF800FFF20237EA225>I<FFFFF8000F +800E0007800780078003C0078003E0078001E0078001F0078001F0078001F0078001F0078001F0 +078001E0078003E0078007C007800F8007803E0007FFFE0007800780078003C0078001E0078001 +F0078000F0078000F8078000F8078000F8078000F8078000F8078000F8078001F0078001F00780 +03E0078007C00F800F00FFFFFC001D227EA123>I<0007E0100038183000E0063001C001700380 +00F0070000F00E0000701E0000701C0000303C0000303C0000307C0000107800001078000010F8 +000000F8000000F8000000F8000000F8000000F8000000F8000000F80000007800000078000010 +7C0000103C0000103C0000101C0000201E0000200E000040070000400380008001C0010000E002 +0000381C000007E0001C247DA223>I<FFFFF0000F801E0007800700078003C0078001C0078000 +E0078000F007800078078000780780007C0780003C0780003C0780003C0780003E0780003E0780 +003E0780003E0780003E0780003E0780003E0780003E0780003E0780003C0780003C0780007C07 +80007807800078078000F0078000E0078001E0078003C0078007000F801E00FFFFF8001F227EA1 +25>I<FFFFFFC00F8007C0078001C0078000C00780004007800040078000600780002007800020 +0780002007802020078020000780200007802000078060000780E00007FFE0000780E000078060 +000780200007802000078020000780200807800008078000080780001007800010078000100780 +00300780003007800070078000E00F8003E0FFFFFFE01D227EA121>I<FFFFFFC00F8007C00780 +01C0078000C0078000400780004007800060078000200780002007800020078020200780200007 +80200007802000078060000780E00007FFE0000780E00007806000078020000780200007802000 +078020000780000007800000078000000780000007800000078000000780000007800000078000 +000FC00000FFFE00001B227EA120>I<0007F008003C0C1800E0021801C001B8038000F8070000 +780F0000381E0000381E0000183C0000183C0000187C0000087800000878000008F8000000F800 +0000F8000000F8000000F8000000F8000000F8000000F8001FFF780000F8780000787C0000783C +0000783C0000781E0000781E0000780F00007807000078038000B801C000B800E00318003C0C08 +0007F00020247DA226>I<FFFC3FFF0FC003F0078001E0078001E0078001E0078001E0078001E0 +078001E0078001E0078001E0078001E0078001E0078001E0078001E0078001E0078001E007FFFF +E0078001E0078001E0078001E0078001E0078001E0078001E0078001E0078001E0078001E00780 +01E0078001E0078001E0078001E0078001E0078001E00FC003F0FFFC3FFF20227EA125>I<FFFC +0FC007800780078007800780078007800780078007800780078007800780078007800780078007 +80078007800780078007800780078007800780078007800FC0FFFC0E227EA112>I<03FFF0001F +00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F +00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F00700F00F80F +00F80F00F80E00F01E00401C0020380018700007C00014237EA119>I<FFFC03FF000FC000F800 +078000600007800040000780008000078001000007800200000780040000078008000007801000 +0007802000000780400000078080000007818000000783C000000787E000000789E000000788F0 +00000790F0000007A078000007C03C000007803C000007801E000007800F000007800F00000780 +078000078007C000078003C000078001E000078001E000078000F000078000F8000FC000FC00FF +FC07FF8021227EA126>I<FFFE00000FC000000780000007800000078000000780000007800000 +078000000780000007800000078000000780000007800000078000000780000007800000078000 +000780000007800000078000000780000007800000078000800780008007800080078000800780 +01800780018007800100078003000780030007800F000F803F00FFFFFF0019227EA11E>I<FFC0 +0003FF0FC00003F007C00003E005E00005E005E00005E004F00009E004F00009E004F00009E004 +780011E004780011E004780011E0043C0021E0043C0021E0043C0021E0041E0041E0041E0041E0 +040F0081E0040F0081E0040F0081E004078101E004078101E004078101E00403C201E00403C201 +E00401E401E00401E401E00401E401E00400F801E00400F801E00400F801E004007001E00E0070 +01E01F007003F0FFE0203FFF28227EA12D>I<FF8007FF07C000F807C0007005E0002004F00020 +04F0002004780020047C0020043C0020041E0020041F0020040F002004078020040780200403C0 +200401E0200401E0200400F0200400F8200400782004003C2004003E2004001E2004000F200400 +0F20040007A0040003E0040003E0040001E0040001E0040000E00E0000601F000060FFE0002020 +227EA125>I<000FE00000783C0000E00E0003C00780078003C00F0001E00E0000E01E0000F03C +0000783C0000787C00007C7C00007C7800003C7800003CF800003EF800003EF800003EF800003E +F800003EF800003EF800003EF800003EF800003E7800003C7C00007C7C00007C3C0000783E0000 +F81E0000F00F0001E00F0001E0078003C003C0078000E00E0000783C00000FE0001F247DA226> +I<FFFFF0000F803C0007800F0007800780078007C0078003C0078003E0078003E0078003E00780 +03E0078003E0078003E0078003C0078007C00780078007800F0007803C0007FFF0000780000007 +800000078000000780000007800000078000000780000007800000078000000780000007800000 +0780000007800000078000000FC00000FFFC00001B227EA121>I<000FE00000783C0000E00E00 +03C00780078003C00F0001E00E0000E01E0000F03E0000F83C0000787C00007C7C00007C780000 +3C7800003CF800003EF800003EF800003EF800003EF800003EF800003EF800003EF800003EF800 +003E7800003C7C00007C7C00007C3C0000783C0000781E0380F00E0420E00F0801E0078813C003 +C8178000E80E00007C3C02000FEC0200000C0200000C0200000E0600000F0E000007FC000007FC +000007F8000003F8000001E01F2D7DA226>I<FFFFE000000F803C000007800E00000780078000 +078007C000078003C000078003E000078003E000078003E000078003E000078003E000078003C0 +00078007C000078007800007800E000007803C000007FFE000000780700000078038000007801C +000007801E000007800E000007800F000007800F000007800F000007800F000007800F80000780 +0F800007800F800007800F808007800FC080078007C0800FC003C100FFFC01E2000000007C0021 +237EA124>I<03F0200C0C601802603001E07000E0600060E00060E00060E00020E00020E00020 +F00000F000007800007F00003FF0001FFE000FFF0003FF80003FC00007E00001E00000F00000F0 +000070800070800070800070800070C00060C00060E000C0F000C0C80180C6070081FC0014247D +A21B>I<7FFFFFF87807807860078018400780084007800840078008C007800C80078004800780 +048007800480078004000780000007800000078000000780000007800000078000000780000007 +800000078000000780000007800000078000000780000007800000078000000780000007800000 +078000000780000007800000078000000FC00003FFFF001E227EA123>I<FFFC07FF0FC000F807 +800070078000200780002007800020078000200780002007800020078000200780002007800020 +078000200780002007800020078000200780002007800020078000200780002007800020078000 +20078000200780002007800020078000200380004003C0004003C0004001C0008000E000800060 +010000300600001C08000003F00020237EA125>I<FFF0007FC01F80001F000F00000C00078000 +0C000780000800078000080003C000100003C000100003E000300001E000200001E000200000F0 +00400000F000400000F000400000780080000078008000007C018000003C010000003C01000000 +1E020000001E020000001F020000000F040000000F040000000F8C000000078800000007880000 +0003D000000003D000000003F000000001E000000001E000000000C000000000C000000000C000 +0022237FA125>I<FFF03FFC03FE1F8007E000F80F0003C000700F0003C000200F0003C0002007 +8001E00040078001E00040078001E0004003C002F0008003C002F0008003C002F0008001E00478 +010001E00478010001E00478010000F0083C020000F0083C020000F0083C020000F8183E060000 +78101E04000078101E0400007C101E0400003C200F0800003C200F0800003C200F0800001E4007 +9000001E40079000001E40079000000F8003E000000F8003E000000F8003E00000070001C00000 +070001C00000070001C0000003000180000002000080002F237FA132>I<7FF807FF0007E001F8 +0003C000E00003E000C00001E000800000F001000000F80300000078020000007C040000003E0C +0000001E080000001F100000000FB000000007A000000007C000000003E000000001E000000001 +F000000003F80000000278000000047C0000000C3E000000081E000000101F000000300F800000 +20078000004007C00000C003E000008001E000010001F000030000F000070000F8001F8001FC00 +FFE007FFC022227FA125>I<FFF0007FC01F80001F000F80000C00078000080007C000180003E0 +00100001E000200001F000200000F000400000F800C000007C008000003C010000003E01000000 +1E020000001F040000000F84000000078800000007D800000003D000000003E000000001E00000 +0001E000000001E000000001E000000001E000000001E000000001E000000001E000000001E000 +000001E000000001E000000001E000000003E00000003FFF000022227FA125>I<7FFFFE7E003E +78003C7000786000784000F0C000F0C001E08003C08003C0800780000780000F00001F00001E00 +003C00003C0000780000780000F00001F00001E00103C00103C0010780010780030F00031E0002 +1E00023C00063C000E78001EF8007EFFFFFE18227DA11E>I<FEFEC0C0C0C0C0C0C0C0C0C0C0C0 +C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0FEFE07317BA4 +0E>I<0804100820102010402040208040804080408040B85CFC7EFC7E7C3E381C0F0F7AA218>I< +FEFE06060606060606060606060606060606060606060606060606060606060606060606060606 +0606060606060606FEFE07317FA40E>I<0FE0001838003C0C003C0E0018070000070000070000 +070000FF0007C7001E07003C0700780700700700F00708F00708F00708F00F087817083C23900F +C1E015157E9418>97 D<0E0000FE00001E00000E00000E00000E00000E00000E00000E00000E00 +000E00000E00000E00000E00000E1F000E61C00E80600F00300E00380E003C0E001C0E001E0E00 +1E0E001E0E001E0E001E0E001E0E001E0E001C0E003C0E00380F00700C80600C41C0083F001723 +7FA21B>I<01FE000703000C07801C0780380300780000700000F00000F00000F00000F00000F0 +0000F00000F000007000007800403800401C00800C010007060001F80012157E9416>I<0000E0 +000FE00001E00000E00000E00000E00000E00000E00000E00000E00000E00000E00000E00000E0 +01F8E00704E00C02E01C01E03800E07800E07000E0F000E0F000E0F000E0F000E0F000E0F000E0 +F000E07000E07800E03800E01801E00C02E0070CF001F0FE17237EA21B>I<01FC000707000C03 +801C01C03801C07801E07000E0F000E0FFFFE0F00000F00000F00000F00000F000007000007800 +203800201C00400E008007030000FC0013157F9416>I<003C00C6018F038F030F070007000700 +070007000700070007000700FFF807000700070007000700070007000700070007000700070007 +000700070007000700070007807FF8102380A20F>I<00007001F198071E180E0E181C07001C07 +003C07803C07803C07803C07801C07001C07000E0E000F1C0019F0001000001000001800001800 +001FFE000FFFC00FFFE03800F0600030400018C00018C00018C000186000306000303800E00E03 +8003FE0015217F9518>I<0E0000FE00001E00000E00000E00000E00000E00000E00000E00000E +00000E00000E00000E00000E00000E1F800E60C00E80E00F00700F00700E00700E00700E00700E +00700E00700E00700E00700E00700E00700E00700E00700E00700E00700E00700E0070FFE7FF18 +237FA21B>I<1C001E003E001E001C00000000000000000000000000000000000E00FE001E000E +000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E00FFC00A227FA1 +0E>I<01C003E003E003E001C00000000000000000000000000000000001E00FE001E000E000E0 +00E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000 +E000E060E0F0C0F18061803E000B2C82A10F>I<0E0000FE00001E00000E00000E00000E00000E +00000E00000E00000E00000E00000E00000E00000E00000E03FC0E01F00E01C00E01800E02000E +04000E08000E10000E38000EF8000F1C000E1E000E0E000E07000E07800E03C00E01C00E01E00E +00F00E00F8FFE3FE17237FA21A>I<0E00FE001E000E000E000E000E000E000E000E000E000E00 +0E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E +000E000E00FFE00B237FA20E>I<0E1FC07F00FE60E183801E807201C00F003C00E00F003C00E0 +0E003800E00E003800E00E003800E00E003800E00E003800E00E003800E00E003800E00E003800 +E00E003800E00E003800E00E003800E00E003800E00E003800E00E003800E00E003800E0FFE3FF +8FFE27157F942A>I<0E1F80FE60C01E80E00F00700F00700E00700E00700E00700E00700E0070 +0E00700E00700E00700E00700E00700E00700E00700E00700E00700E0070FFE7FF18157F941B> +I<01FC000707000C01801800C03800E0700070700070F00078F00078F00078F00078F00078F000 +78F000787000707800F03800E01C01C00E038007070001FC0015157F9418>I<0E1F00FE61C00E +80600F00700E00380E003C0E001C0E001E0E001E0E001E0E001E0E001E0E001E0E001E0E003C0E +003C0E00380F00700E80E00E41C00E3F000E00000E00000E00000E00000E00000E00000E00000E +00000E0000FFE000171F7F941B>I<01F8200704600E02601C01603801E07800E07800E0F000E0 +F000E0F000E0F000E0F000E0F000E0F000E07000E07800E03801E01C01E00C02E0070CE001F0E0 +0000E00000E00000E00000E00000E00000E00000E00000E00000E0000FFE171F7E941A>I<0E3C +FE461E8F0F0F0F060F000E000E000E000E000E000E000E000E000E000E000E000E000E000F00FF +F010157F9413>I<0F8830786018C018C008C008E008F0007F803FE00FF001F8003C801C800C80 +0CC00CC008E018D0308FC00E157E9413>I<02000200020002000600060006000E001E003E00FF +F80E000E000E000E000E000E000E000E000E000E000E000E040E040E040E040E040E0407080308 +01F00E1F7F9E13>I<0E0070FE07F01E00F00E00700E00700E00700E00700E00700E00700E0070 +0E00700E00700E00700E00700E00700E00700E00F00E00F006017003827800FC7F18157F941B> +I<FFC1FE1E00780E00300E00200E002007004007004003808003808003808001C10001C10000E2 +0000E20000E20000740000740000380000380000380000100017157F941A>I<FF8FF8FF1E01E0 +3C1C01C0180E01C0180E01E0100E01E01007026020070270200702702003843040038438400384 +384001C8188001C81C8001C81C8000F00D0000F00F0000F00F0000600600006006000060060020 +157F9423>I<FF83FE1F01F00E00C007008003810003830001C20000E400007800007800003800 +003C00004E00008E000187000103800201C00401E00C00E03E01F0FF03FE17157F941A>I<FFC1 +FE1E00780E00300E00200E002007004007004003808003808003808001C10001C10000E20000E2 +0000E200007400007400003800003800003800001000001000002000002000002000004000F040 +00F08000F180004300003C0000171F7F941A>I<3FFFC0380380300780200700600E00401C0040 +3C0040380000700000E00001E00001C0000380400700400F00400E00C01C008038008078018070 +0780FFFF8012157F9416>I<FFFFFE1701808C18>I<FFFFFFFFFFFF3001808C31>I<7070F8F8F8 +F8F8F870700D057BA118>127 D E /Fp 14 118 df<F8F8F8F8F8383070706060E0050C7A8411> +44 D<F8F8F8F8F805057A8411>46 D<0000FF00000007FFC000001FFFE000007FFFF00000FF01 +F80001FC00FC0003F0007E0007E0003E000FC01FBE001F807FFF001F00FFFF003E01FFFF003E03 +F0FF007C07E07F807C07C03F807C0F801F80FC0F801F80F81F000F80F81F000F80F81F000F80F8 +1F000F80F81F000F80F81F000F80F81F000F80F81F000F80FC0F801F007C0F801F007C07C03E00 +7C07E07E003E03F0FC003E01FFF8001F00FFF0001F807FE0000FC01F800007E000000003F00000 +0001FC000F8000FF007F00007FFFFE00001FFFF8000007FFE0000000FF0000212A7DA928>64 +D<01FE000FFF803FFFC03FFFE03C03F03001F00001F80000F80000F80000F80000F80000F8007F +F807FFF81FFFF83FE0F87F00F8FC00F8F800F8F800F8F800F8FC01F87E07F87FFFF83FFFF81FFC +F80FE0F8151B7E9A1D>97 D<F80000F80000F80000F80000F80000F80000F80000F80000F80000 +F80000F80000F80000F80000F80000F80000F83F00F9FFC0FBFFE0FFFFF0FF07F0FC01F8F800FC +F8007CF8007CF8007EF8003EF8003EF8003EF8003EF8003EF8003EF8003EF8007CF8007CF8007C +FC00F8FC01F8FF07F0FFFFE0FBFFC0F9FF80F87E00172A7BA91F>I<007FC001FFF007FFFC0FFF +FC1FC07C1F00083E00007C00007C00007C0000F80000F80000F80000F80000F80000F80000F800 +007C00007C00007E00003E00001F000C1FC07C0FFFFC07FFFC01FFF0007F80161B7E9A1B>I<00 +003E00003E00003E00003E00003E00003E00003E00003E00003E00003E00003E00003E00003E00 +003E00003E00FC3E03FF3E07FFFE0FFFFE1FC1FE3F007E3E003E7C003E7C003EFC003EF8003EF8 +003EF8003EF8003EF8003EF8003EF8003EFC003E7C003E7C003E3E007E3F00FE1FC1FE0FFFFE07 +FFBE03FF3E00FC3E172A7EA91F>I<007E0003FF8007FFC00FFFE01F83F03F00F03E00787C0078 +7C003878003CFFFFFCFFFFFCFFFFFCFFFFFCF80000F80000F800007800007C00007C00003E0000 +3F000C1FC07C0FFFFC07FFFC01FFF0007F80161B7E9A1B>I<001FC0007FC000FFC001FFC003F0 +0003E00007C00007C00007C00007C00007C00007C00007C00007C00007C000FFFE00FFFE00FFFE +0007C00007C00007C00007C00007C00007C00007C00007C00007C00007C00007C00007C00007C0 +0007C00007C00007C00007C00007C00007C00007C00007C00007C00007C00007C000122A7FA912 +>I<F80000F80000F80000F80000F80000F80000F80000F80000F80000F80000F80000F80000F8 +0000F80000F80000F83F00F8FF80FBFFC0FFFFE0FF07E0FE03F0FC01F0FC01F0FC01F0F801F0F8 +01F0F801F0F801F0F801F0F801F0F801F0F801F0F801F0F801F0F801F0F801F0F801F0F801F0F8 +01F0F801F0F801F0F801F0142A7BA91F>104 D<F83F00F9FFC0FBFFE0FFFFF0FF07F0FC01F8F8 +00FCF800FCF8007CF8007EF8003EF8003EF8003EF8003EF8003EF8003EF8003EF8007CF8007CF8 +00FCFC00F8FC03F8FF07F0FFFFE0FBFFC0F9FF80F87E00F80000F80000F80000F80000F80000F8 +0000F80000F80000F80000F80000F80000F8000017277B9A1F>112 D<F838F8F8F9F8FBF8FFC0 +FF00FE00FE00FC00FC00F800F800F800F800F800F800F800F800F800F800F800F800F800F800F8 +00F800F8000D1B7B9A14>114 D<03FC001FFF803FFFC07FFFC07C07C0F80080F80000F80000F8 +0000FC00007F80007FF8003FFE001FFF0007FF8000FFC0000FE00007E00003E00003E04003E0E0 +07E0FC0FC0FFFFC07FFF801FFE0003F800131B7E9A17>I<F801F0F801F0F801F0F801F0F801F0 +F801F0F801F0F801F0F801F0F801F0F801F0F801F0F801F0F801F0F801F0F801F0F801F0F801F0 +F801F0F801F0F803F0F803F0FC0FF0FFFFF07FFDF03FF9F01FC1F0141B7B9A1F>117 +D E /Fq 3 104 df<00380000380000380000380000380000380060380CF8103E7C107C1F11F0 +0793C001D700007C00007C0001D7000793C01F11F07C107CF8103E60380C003800003800003800 +003800003800003800171A7D9B1E>3 D<0000F80003C0000F00001E00003C0000780000780000 +780000780000780000780000780000780000780000780000780000780000780000780000780000 +780000780000780000780000780000F00000F00001E000078000FE0000FE000007800001E00000 +F00000F00000780000780000780000780000780000780000780000780000780000780000780000 +7800007800007800007800007800007800007800007800007800003C00001E00000F000003C000 +00F8153C7CAC1E>102 D<F800000F000003C00001E00000F00000780000780000780000780000 +780000780000780000780000780000780000780000780000780000780000780000780000780000 +7800007800007800003C00003C00001E000007000001F80001F8000700001E00003C00003C0000 +780000780000780000780000780000780000780000780000780000780000780000780000780000 +780000780000780000780000780000780000780000F00001E00003C0000F0000F80000153C7CAC +1E>I E /Fr 38 122 df<78FCFCFEFE7A02020202040404081010204007127B8511>44 +D<FFFEFFFEFFFE0F037F8E14>I<007F000001C1C0000780F0000F0078000E0038001C001C003C +001E003C001E003C001E0078000F0078000F0078000F0078000F00F8000F80F8000F80F8000F80 +F8000F80F8000F80F8000F80F8000F80F8000F80F8000F80F8000F80F8000F80F8000F80F8000F +80F8000F80F8000F8078000F0078000F0078000F0078000F003C001E003C001E003C001E001C00 +1C000E0038000F0078000780F00001C1C000007F000019297EA71E>48 D<00100000700001F000 +0FF000FEF000F0F00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F000 +00F00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F000 +00F00000F00000F00000F00000F00000F00000F00000F00001F8007FFFE07FFFE013287BA71E> +I<007F000003FFC0000701F0000C00F80010007C001C007C003E007E003E003E003E003E001E00 +3E000C007E0000007C0000007C00000078000000F0000000E0000001C0000007000000FF000000 +01E0000000F0000000780000003C0000003E0000001F0000001F0000001F8000001F8030001F80 +78001F80FC001F80FC001F80FC001F00F8001F0040003F0040003E0030007C001800F8000F01F0 +0003FFC000007F000019297EA71E>51 D<00006000000060000000E0000001E0000001E0000003 +E0000003E0000005E0000009E0000009E0000011E0000021E0000021E0000041E0000081E00000 +81E0000101E0000201E0000201E0000401E0000801E0000801E0001001E0003001E0002001E000 +4001E000C001E000FFFFFF80FFFFFF800001E0000001E0000001E0000001E0000001E0000001E0 +000001E0000001E0000003F000007FFF80007FFF8019287EA71E>I<20000000380000003FFFFF +803FFFFF803FFFFF007FFFFF006000020040000400400004004000080080001000800020000000 +20000000400000008000000080000001000000030000000200000006000000060000000C000000 +0C0000001C0000001C0000001C0000003800000038000000380000007800000078000000780000 +0078000000F8000000F8000000F8000000F8000000F8000000F8000000F8000000F80000007000 +00192A7DA81E>55 D<007F000001FFC0000381F000060078000C003C001C001C0018000E003800 +0E0038000E0038000E003C000E003C000E003E001C001F8018001FC038000FF0600007F8C00003 +FF800001FF0000007FC00000FFE000030FF8000603FC001C01FE0038007E0030003F0070000F00 +70000780E0000780E0000380E0000380E0000380E0000380F0000300700007007800060038000C +001E0038000F80F00003FFE000007F000019297EA71E>I<007F000001FFC00007C1E0000F0070 +001E0038001C003C003C001C0078001E0078001E00F8000F00F8000F00F8000F00F8000F00F800 +0F80F8000F80F8000F80F8000F8078000F8078001F803C001F803C001F801C002F800E004F8007 +00CF8003810F80007E0F8000000F0000000F0000000F0000001E0000001E0000001E0000003C00 +1C003C003E0078003E0070003C00E0001801C0001C0780000FFE000003F8000019297EA71E>I< +00001800000000180000000018000000003C000000003C000000003C000000007E000000007E00 +000000FF000000009F000000009F000000011F800000010F800000010F8000000207C000000207 +C000000207C000000403E000000403E000000403E000000801F000000801F000001801F8000010 +00F800001000F800002000FC000020007C00003FFFFC00007FFFFE000040003E000040003E0000 +80001F000080001F000080001F000100000F800100000F800100000F8002000007C007000007C0 +1F80000FE0FFF000FFFFFFF000FFFF282A7EA92D>65 D<0000FF00100007FFE030001FC0783000 +3E000C7000F80006F001F00003F003E00001F007C00000F00F800000700F800000701F00000030 +3F000000303E000000303E000000107E000000107E000000107C00000000FC00000000FC000000 +00FC00000000FC00000000FC00000000FC00000000FC00000000FC00000000FC000000007C0000 +00007E000000007E000000103E000000103E000000103F000000101F000000200F800000200F80 +00006007C000004003E000008001F000018000F8000300003E000E00001FC038000007FFE00000 +00FF8000242B7DA92B>67 D<FFFFFFC000FFFFFFF80007E000FC0003E0003F0003E0000F8003E0 +0007C003E00003E003E00001F003E00000F003E00000F803E000007C03E000007C03E000007C03 +E000003E03E000003E03E000003E03E000003F03E000003F03E000003F03E000003F03E000003F +03E000003F03E000003F03E000003F03E000003F03E000003F03E000003E03E000003E03E00000 +7E03E000007C03E000007C03E00000F803E00000F803E00001F003E00003E003E00007C003E000 +0F8003E0001F0007E000FE00FFFFFFF800FFFFFFC00028297EA82E>I<FFFF80FFFF8007F00003 +E00003E00003E00003E00003E00003E00003E00003E00003E00003E00003E00003E00003E00003 +E00003E00003E00003E00003E00003E00003E00003E00003E00003E00003E00003E00003E00003 +E00003E00003E00003E00003E00003E00003E00003E00003E00007F000FFFF80FFFF8011297EA8 +16>73 D<FFFFE000FFFFE00007F0000003E0000003E0000003E0000003E0000003E0000003E000 +0003E0000003E0000003E0000003E0000003E0000003E0000003E0000003E0000003E0000003E0 +000003E0000003E0000003E0000003E0000003E0000003E0000003E0000103E0000103E0000103 +E0000103E0000203E0000203E0000203E0000203E0000603E0000603E0000E03E0001E03E0007C +07E001FCFFFFFFFCFFFFFFFC20297EA825>76 D<FFE0001FFFFFF0001FFF03F80001F002F80000 +E0027C000040027E000040023E000040021F000040021F800040020F8000400207C000400207E0 +00400203E000400201F000400201F800400200F8004002007C004002007E004002003E00400200 +1F004002001F804002000F8040020007C040020003E040020003E040020001F040020000F84002 +0000F8400200007C400200003E400200003E400200001F400200000FC00200000FC002000007C0 +02000003C002000003C007000001C00F800000C0FFF80000C0FFF800004028297EA82D>78 +D<0001FF0000000F01E000003C0078000078003C0000E0000E0001E0000F0003C0000780078000 +03C00F800003E01F000001F01F000001F03E000000F83E000000F87E000000FC7E000000FC7C00 +00007C7C0000007CFC0000007EFC0000007EFC0000007EFC0000007EFC0000007EFC0000007EFC +0000007EFC0000007EFC0000007E7C0000007C7E000000FC7E000000FC7E000000FC3E000000F8 +3F000001F81F000001F01F000001F00F800003E007800003C007C00007C003E0000F8000F0001E +000078003C00003C007800000F01E0000001FF0000272B7DA92E>I<FFFFFF8000FFFFFFF00007 +E000FC0003E0003E0003E0001F0003E0000F8003E0000FC003E00007C003E00007E003E00007E0 +03E00007E003E00007E003E00007E003E00007E003E00007C003E0000FC003E0000F8003E0001F +0003E0003E0003E001F80003FFFFE00003E000000003E000000003E000000003E000000003E000 +000003E000000003E000000003E000000003E000000003E000000003E000000003E000000003E0 +00000003E000000003E000000003E000000003E000000007F0000000FFFF800000FFFF80000023 +297EA829>I<00FE010003FF83000F81E3001E0037003C001F0038000F007800070070000700F0 +000300F0000300F0000300F0000100F8000100F8000100FC0000007C0000007F0000003FE00000 +1FFF00000FFFE00007FFF80003FFFC00007FFE000007FF0000007F0000001F8000000F80000007 +C0000007C0800003C0800003C0800003C0800003C0C00003C0C0000380C0000380E0000780F000 +0700F8000E00EE001C00C3C07800C1FFF000803FC0001A2B7DA921>83 D<7FFFFFFFF87FFFFFFF +F87C007C00F870007C003860007C001840007C000840007C0008C0007C000CC0007C000C80007C +000480007C000480007C000480007C000480007C000400007C000000007C000000007C00000000 +7C000000007C000000007C000000007C000000007C000000007C000000007C000000007C000000 +007C000000007C000000007C000000007C000000007C000000007C000000007C000000007C0000 +00007C000000007C000000007C000000007C000000007C00000000FE000000FFFFFE0000FFFFFE +0026297EA82B>I<FFFF801FFFFFFF801FFF07F00001F003E00000E003E000004003E000004003 +E000004003E000004003E000004003E000004003E000004003E000004003E000004003E0000040 +03E000004003E000004003E000004003E000004003E000004003E000004003E000004003E00000 +4003E000004003E000004003E000004003E000004003E000004003E000004003E000004003E000 +004003E000004001E000008001F000008001F000008000F000010000780003000078000200003C +000C00001F0018000007C070000001FFE00000007F0000282A7EA82D>I<FFFE03FFF803FFC0FF +FE03FFF803FFC00FE0003F80007E0007C0001F0000180003E0001F0000180003E0000F80001000 +03E0000F8000100001F0000F8000200001F0000FC000200001F0000FC000200000F8000FC00040 +0000F80013E000400000F80013E000400000FC0013E000C000007C0033F0008000007C0021F000 +8000007E0021F0008000003E0021F8010000003E0040F8010000003E0040F8010000001F0040F8 +020000001F00807C020000001F00807C020000000F80807C040000000F81003E040000000F8100 +3E0400000007C1003E0800000007C2001F0800000007C2001F0800000003E2001F1000000003E4 +000F9000000003E4000F9000000001F4000FA000000001F80007E000000001F80007E000000000 +F80007C000000000F00003C000000000F00003C000000000700003800000000060000180000000 +0060000180000000006000018000003A2A7FA83D>87 D<01FC00000E0780001001C0003C00E000 +3E00F0003E0078001C00780008007800000078000000780000007800007FF80003E078000F8078 +001F0078003E0078007C00780078007820F8007820F8007820F8007820F800F8207C00F8203C01 +3C401F063FC007F80F001B1A7E991E>97 D<07800000FF800000FF8000000F8000000780000007 +800000078000000780000007800000078000000780000007800000078000000780000007800000 +078000000783F000078C1C0007B0070007A0038007C003C0078001E0078001E0078000F0078000 +F0078000F8078000F8078000F8078000F8078000F8078000F8078000F8078000F0078000F00780 +01F0078001E0078001C007C003C00740078007200E0006181C000407E0001D2A7FA921>I<007F +8001C0700780080F003C1E007C3C007C3C00387C0010780000F80000F80000F80000F80000F800 +00F80000F80000F800007800007C00003C00043C00041E00080F001007802001C0C0007F00161A +7E991B>I<00000F000001FF000001FF0000001F0000000F0000000F0000000F0000000F000000 +0F0000000F0000000F0000000F0000000F0000000F0000000F0000000F00003F0F0001C0CF0003 +802F000F001F001E001F001C000F003C000F007C000F0078000F0078000F00F8000F00F8000F00 +F8000F00F8000F00F8000F00F8000F00F8000F0078000F0078000F003C000F003C000F001E001F +000E002F0007004F8001C18FF8007E0FF81D2A7EA921>I<007E0003C3800700E00E00F01C0070 +3C00783C003878003C78003CF8003CF8003CFFFFFCF80000F80000F80000F80000F80000780000 +7C00003C00043C00041E00080E001007002001C0C0007F00161A7E991B>I<001F000070C000E1 +E001C3E003C3E00381C00780800780000780000780000780000780000780000780000780000780 +00FFFE00FFFE000780000780000780000780000780000780000780000780000780000780000780 +0007800007800007800007800007800007800007800007800007800007800007C000FFFE00FFFE +00132A7FA912>I<07000F801F801F800F80070000000000000000000000000000000000000007 +807F807F800F800780078007800780078007800780078007800780078007800780078007800780 +0780078007800780FFF8FFF80D297FA811>105 D<0781F800FC00FF860E030700FF98070C0380 +0FA0079003C007A003D001E007C003E001E007C003E001E0078003C001E0078003C001E0078003 +C001E0078003C001E0078003C001E0078003C001E0078003C001E0078003C001E0078003C001E0 +078003C001E0078003C001E0078003C001E0078003C001E0078003C001E0078003C001E0078003 +C001E0078003C001E0FFFC7FFE3FFFFFFC7FFE3FFF301A7F9933>109 D<0783F800FF8C1C00FF +900E000FA0070007A0078007C0078007C007800780078007800780078007800780078007800780 +078007800780078007800780078007800780078007800780078007800780078007800780078007 +800780078007800780FFFCFFFCFFFCFFFC1E1A7F9921>I<007F000001C1C000070070000E0038 +001C001C003C001E003C001E0078000F0078000F00F8000F80F8000F80F8000F80F8000F80F800 +0F80F8000F80F8000F80F8000F8078000F0078000F003C001E003C001E001E003C000E00380007 +00700001C1C000007F0000191A7E991E>I<0783F000FF8C1C00FFB00F0007A0078007C003C007 +8003E0078001E0078001F0078001F0078000F8078000F8078000F8078000F8078000F8078000F8 +078000F8078000F0078001F0078001F0078001E0078003C007C003C007C0078007A00E0007983C +000787E00007800000078000000780000007800000078000000780000007800000078000000780 +000007800000FFFC0000FFFC00001D267F9921>I<0787C0FF98E0FF91F00FA1F007C1F007C0E0 +07C000078000078000078000078000078000078000078000078000078000078000078000078000 +07800007800007800007800007C000FFFE00FFFE00141A7F9917>114 D<07F8401C06C03001C0 +6000C06000C0E00040E00040F00040F800007E00007FF0003FFE000FFF0003FF80003FC00007C0 +8001E08001E0C000E0C000E0C000E0E000C0F001C0F80180C4070083F800131A7E9918>I<0080 +000080000080000080000180000180000180000380000380000780000F80001FFF80FFFF800780 +000780000780000780000780000780000780000780000780000780000780000780000780000780 +4007804007804007804007804007804007804003C08001C08000E100003E0012257FA417>I<07 +800780FF80FF80FF80FF800F800F80078007800780078007800780078007800780078007800780 +078007800780078007800780078007800780078007800780078007800780078007800780078007 +8007800F8007800F800380178001C027C000E047FC003F87FC1E1A7F9921>I<FFF00FF8FFF00F +F80F8003C0078003800780010003C0020003C0020003E0020001E0040001E0040000F0080000F0 +080000F818000078100000781000003C2000003C2000003E6000001E4000001E4000000F800000 +0F8000000700000007000000070000000200001D1A7F9920>I<FFF00FF8FFF00FF80F8003C007 +8003800780010003C0020003C0020003E0020001E0040001E0040000F0080000F0080000F81800 +0078100000781000003C2000003C2000003E6000001E4000001E4000000F8000000F8000000700 +00000700000007000000020000000200000004000000040000000400000008000070080000F810 +0000F8100000F8200000F0400000608000001F0000001D267F9920>121 +D E /Fs 22 118 df<00000FF03F000000780CE0800001E00FC3C00003801F87C00007003F07C0 +000F003F03C0001E001E0100001E001E0000001E001E0000003C003C0000003C003C0000003C00 +3C0000003C003C0000003C003C0000003C003C00000078007800000FFFFFFFF0000FFFFFFFF000 +00780078000000780078000000780078000000F000F0000000F000F0000000F000F0000000F000 +F0000000F000F0000000F000F0000001E001E0000001E001E0000001E001E0000001E001E00000 +01E001E0000001E001E0000003C003C0000003C003C0000003C003C0000003C003C0000003C003 +C0000003C003C0000007C007C000007FF87FFE0000FFF87FFE00002A2A7FA923>11 +D<387C7EFC7C3807067B8511>46 D<00000FF00100007FFE030001FC07070007E0018E001F8000 +5E003E00003E007C00003E00F800001E01F000001E03E000000C07C000000C07C000000C0F8000 +000C1F8000000C1F0000000C3F000000083F000000007E000000007E000000007E000000007E00 +000000FC00000000FC00000000FC00000000FC00000000FC00000000FC00000000FC00000000FC +000000207C000000207C000000207C000000403E000000403E000000801E000000801F00000100 +0F8000020007C000040003E000180001F0003000007E01E000003FFF80000007FC0000282B7AA9 +2B>67 D<01FFFFFFFF03FFFFFFFF000FC0007F000F80000F000F800007000F800007000F800003 +000F800003001F000003001F000003001F000001001F000001001F000801001F000801003E0010 +00003E001000003E001000003E003000003E00F000003FFFF000007FFFE000007C00E000007C00 +6000007C006000007C002000007C00200200F800400400F800400400F800000400F800000800F8 +00000800F800001801F000001001F000003001F000003001F000007001F00000E001F00003E003 +F0000FE0FFFFFFFFC0FFFFFFFFC028297EA829>69 D<01FFFF03FFFE03FFFF07FFFE000FC0001F +80000F80001F00000F80001F00000F80001F00000F80001F00000F80001F00001F00003E00001F +00003E00001F00003E00001F00003E00001F00003E00001F00003E00003E00007C00003E00007C +00003E00007C00003E00007C00003E00007C00003FFFFFFC00007FFFFFF800007C0000F800007C +0000F800007C0000F800007C0000F800007C0000F80000F80001F00000F80001F00000F80001F0 +0000F80001F00000F80001F00000F80001F00001F00003E00001F00003E00001F00003E00001F0 +0003E00001F00003E00001F00003E00003F00007E000FFFF81FFFF00FFFF81FFFF002F297EA82D +>72 D<01FFFF800003FFFF8000000FC00000000F800000000F800000000F800000000F80000000 +0F800000001F000000001F000000001F000000001F000000001F000000001F000000003E000000 +003E000000003E000000003E000000003E000000003E000000007C000000007C000000007C0000 +00007C000000007C000000007C00002000F800004000F800004000F800004000F800008000F800 +008000F800018001F000018001F000030001F000030001F000070001F0000E0001F0003E0003F0 +01FE00FFFFFFFC00FFFFFFFC0023297EA825>76 D<0001FC020007FF06001E038E003800DC0070 +007C00E0003C01E0001C03C0001C03C0001C0380000807800008078000080780000807C0000807 +C0000007E0000003F0000003FE000001FFE00001FFFE0000FFFF00003FFF80000FFFC00000FFE0 +00000FE0000003F0000001F0000001F0000001F0200000F0200000F0200000F0200000E0600001 +E0600001E0700001C0700003C0780007807C000700E6001E00E3C07C00C1FFF000803FC0001F2B +7DA921>83 D<003FC00001C0F0000200380007803C0007C01E000F801E0007801E0002001E0000 +001E0000001E0000001E00001FFC0001F83C0007C03C000F803C001E003C003E003C007C007820 +F8007820F8007820F8007820F800F820F80178407C0278403E0C3F8007F01E001B1A7D991E>97 +D<01E000003FE000003FE0000003C0000003C0000003C0000003C0000003C0000003C000000780 +000007800000078000000780000007800000078000000F0000000F07E0000F1838000F600E000F +800F000F0007001F0007801E0007C01E0003C01E0003C01E0003C01E0003C03C0007C03C0007C0 +3C0007C03C0007C03C0007803C000F8078000F8078000F0078001E0078001C0078003800740070 +00E200E000C103800080FE00001A2A7AA921>I<001FF000700C01E00203801E07001F0F003E1E +001E3E00083C00007C00007C0000780000F80000F80000F80000F80000F80000F80000F8000078 +00087800083C00101C00200E004007038001FC00181A7C991B>I<0000007800000FF800000FF8 +000000F0000000F0000000F0000000F0000000F0000000F0000001E0000001E0000001E0000001 +E0000001E0000001E0000003C0000FC3C0007833C001E00BC003800BC0070007C00F0007801E00 +07803E0007803C0007807C0007807C00078078000F00F8000F00F8000F00F8000F00F8000F00F8 +000F00F8001E00F8001E0078001E0078001E0038003E001C005E000E01BE0007063FE001F83FE0 +1D2A7CA921>I<001F8000F0E001C03003803807003C0E001C1E001C3E001E3C001E7C001E7C00 +1EFFFFFCF80000F80000F80000F80000F80000F80000F800007800087800083800101C00200E00 +C007030001FC00171A7C991B>I<0000003C0007E0C2003C390E00701E0E00E01E0401E01E0003 +E01F0003C01F0007C01F0007C01F0007C01F0007C01E0007C03E0007C03C0003C0780001C07000 +02E1E000063F000004000000040000000C0000000C0000000E00000007FFF00003FFFC0003FFFE +000E001F0018000780380003807000038070000380E0000380E0000380E0000380E00007007000 +0E0030001C001C0038000F01E00001FF00001F287F9A1E>103 D<000F000001FF000001FF0000 +001E0000001E0000001E0000001E0000001E0000001E0000003C0000003C0000003C0000003C00 +00003C0000003C00000078000000783F800078C1C0007900E0007A00F0007C00F000F800F000F8 +00F000F000F000F000F000F000F000F000F001E001E001E001E001E001E001E001E001E001E001 +E001E003C003C003C003C003C003C003C003C003C003C003C003C007C007C07FFC7FFCFFFCFFFC +1E2A7FA921>I<001C003E003E007E003E001C0000000000000000000000000000000000000078 +07F807F800F800F800F000F000F000F000F000F001E001E001E001E001E001E003C003C003C003 +C003C003C007C07FF8FFF80F297FA811>I<00783F800FF8C1C00FF900E000FA00F000FC00F000 +F800F000F800F000F000F000F000F000F000F000F000F001E001E001E001E001E001E001E001E0 +01E001E001E001E003C003C003C003C003C003C003C003C003C003C003C003C007C007C07FFC7F +FCFFFCFFFC1E1A7F9921>110 D<001FC0000070700001C01C0003800E0007000E000E000F001E +0007803C0007803C0007807C0007807C00078078000F80F8000F80F8000F80F8000F80F8000F80 +F8001F00F8001F00F8001E0078003C0078003C00380078001C00F0000E01C0000707800001FC00 +00191A7C991E>I<001E0FC00003FE30700003FEC03C00003F001E00001E001E00003E000F0000 +3C000F80003C000F80003C000F80003C000F80003C000F800078000F800078000F800078000F80 +0078000F800078000F000078001F0000F0001F0000F0003E0000F0003C0000F000780000F000F0 +0000F800E00001E403C00001E207000001E1FC000001E000000001E000000001E000000003C000 +000003C000000003C000000003C000000003C000000003C000000007C00000007FFC000000FFFC +0000002126819921>I<00787C0FF98E0FFA1F00FA1F00FC1E00F81E00F80000F80000F00000F0 +0000F00001E00001E00001E00001E00001E00001E00003C00003C00003C00003C00003C00003C0 +0007C0007FFE00FFFE00181A7F9917>114 D<003F8401C06C03001C06000C0E000C0C00081C00 +081E00081F00001FC0000FFE0007FF8003FFC000FFE0000FF00001F02000F06000706000706000 +706000707000607000C0E80180C6070081FC00161A7E9918>I<00200000200000200000600000 +400000C00000C00001C00001C00003C0000780001FFF80FFFF800780000780000780000F00000F +00000F00000F00000F00000F00001E00001E00001E00001E00001E01001E01003C02003C02003C +02003C02003C04001C04001C08000E100003E00011257BA417>I<07800780FF80FF80FF80FF80 +0F800F800F800F800F000F000F000F000F000F000F000F000F000F000F000F001E001E001E001E +001E001E001E001E001E001E001E001E003C003C003C003C003C003C003C007C003C007C003C00 +BC001C017C000E067FC003F87FC01A1A7B9921>I E /Ft 22 122 df<0000007C000000000000 +7C000000000000FE000000000000FE000000000000FE000000000001FF000000000001FF000000 +000003FF800000000003FF800000000007FFC00000000007FFC00000000007FFC0000000000FFF +E0000000000F7FE0000000001F7FF0000000001E3FF0000000001E3FF0000000003E3FF8000000 +003C1FF8000000007C1FFC00000000780FFC00000000780FFC00000000F80FFE00000000F007FE +00000001F007FF00000001E003FF00000001E003FF00000003E003FF80000003C001FF80000007 +C001FFC00000078000FFC00000078000FFC000000FFFFFFFE000000FFFFFFFE000001FFFFFFFF0 +00001E00003FF000001E00003FF000003C00003FF800003C00001FF800007C00001FFC00007800 +000FFC00007800000FFC0000F0000007FE0000F0000007FE0001F0000007FF0003F8000003FF00 +FFFFC001FFFFFEFFFFC001FFFFFEFFFFC001FFFFFE37317DB03E>65 D<FFFFFFFFF00000FFFFFF +FFFF0000FFFFFFFFFFC00000FFC000FFF00000FFC0000FFC0000FFC00007FE0000FFC00001FF00 +00FFC00000FF8000FFC000007FC000FFC000003FE000FFC000003FE000FFC000001FF000FFC000 +001FF000FFC000001FF800FFC000000FF800FFC000000FFC00FFC000000FFC00FFC000000FFC00 +FFC000000FFC00FFC000000FFE00FFC000000FFE00FFC000000FFE00FFC000000FFE00FFC00000 +0FFE00FFC000000FFE00FFC000000FFE00FFC000000FFE00FFC000000FFE00FFC000000FFE00FF +C000000FFE00FFC000000FFC00FFC000000FFC00FFC000000FFC00FFC000000FFC00FFC000000F +F800FFC000001FF800FFC000001FF800FFC000001FF000FFC000003FE000FFC000003FE000FFC0 +00007FC000FFC00000FF8000FFC00001FF0000FFC00003FE0000FFC0000FFC0000FFC0007FF000 +FFFFFFFFFFE000FFFFFFFFFF0000FFFFFFFFF0000037317EB03F>68 D<FFFFC000007FFFF0FFFF +E000007FFFF0FFFFF000007FFFF000FFF8000000F80000FFFC000000700000FFFE000000700000 +EFFF000000700000E7FF800000700000E3FF800000700000E1FFC00000700000E0FFE000007000 +00E07FF00000700000E07FF80000700000E03FFC0000700000E01FFE0000700000E00FFF000070 +0000E007FF8000700000E003FF8000700000E001FFC000700000E000FFE000700000E0007FF000 +700000E0007FF800700000E0003FFC00700000E0001FFE00700000E0000FFF00700000E00007FF +80700000E00003FF80700000E00001FFC0700000E00000FFE0700000E000007FF0700000E00000 +7FF8700000E000003FFC700000E000001FFE700000E000000FFF700000E0000007FFF00000E000 +0003FFF00000E0000001FFF00000E0000000FFF00000E00000007FF00000E00000007FF00000E0 +0000003FF00000E00000001FF00000E00000000FF00000E000000007F00000E000000003F00001 +F000000001F000FFFFE0000000F000FFFFE00000007000FFFFE000000070003C317EB041>78 +D<FFFFFFFFE000FFFFFFFFFE00FFFFFFFFFF8000FFC001FFE000FFC0003FF000FFC0001FF800FF +C0000FFC00FFC0000FFC00FFC00007FE00FFC00007FE00FFC00007FF00FFC00007FF00FFC00007 +FF00FFC00007FF00FFC00007FF00FFC00007FF00FFC00007FF00FFC00007FE00FFC00007FE00FF +C0000FFC00FFC0000FFC00FFC0001FF800FFC0003FF000FFC001FFE000FFFFFFFF8000FFFFFFFE +0000FFFFFFE00000FFC000000000FFC000000000FFC000000000FFC000000000FFC000000000FF +C000000000FFC000000000FFC000000000FFC000000000FFC000000000FFC000000000FFC00000 +0000FFC000000000FFC000000000FFC000000000FFC000000000FFC000000000FFC000000000FF +C0000000FFFFFFC00000FFFFFFC00000FFFFFFC0000030317EB038>80 D<001FF0018000FFFF03 +8003FFFFC78007F00FFF800F8001FF801F00007F803F00001F803E00000F807E00000F807E0000 +0780FE00000780FE00000780FE00000380FF00000380FF00000380FF80000000FFE00000007FFC +0000007FFFE000007FFFFE00003FFFFFC0001FFFFFF0001FFFFFF8000FFFFFFC0003FFFFFE0001 +FFFFFF00007FFFFF80001FFFFF800000FFFFC0000007FFC0000000FFE00000003FE00000003FE0 +0000001FE06000001FE0E000000FE0E000000FE0E000000FE0E000000FC0F000000FC0F000000F +C0F800001F80FC00001F80FF00003F00FFC0007E00FFFC01FC00F1FFFFF800E03FFFE000C007FF +000023317BB02E>83 D<FFFFFE07FFFFF801FFFFFFFFFE07FFFFF801FFFFFFFFFE07FFFFF801FF +FF03FF00000FFC000007E003FF80000FFC000003C001FF80000FFE0000038001FF800007FE0000 +038001FFC00007FE0000078000FFC00007FF0000070000FFE00003FF00000700007FE00003FF80 +000E00007FE00003FF80000E00007FF00003FF80001E00003FF00007FFC0001C00003FF80007FF +C0001C00001FF80007FFE0003800001FF8000E7FE0003800001FFC000E7FE0007800000FFC001E +7FF0007000000FFC001C3FF00070000007FE001C3FF000E0000007FE00381FF800E0000007FF00 +381FF801E0000003FF00781FFC01C0000003FF00700FFC01C0000003FF80700FFC03C0000001FF +80F00FFE0380000001FFC0E007FE0380000000FFC0E007FF0700000000FFC1C003FF0700000000 +FFE1C003FF0F000000007FE3C003FF8E000000007FE38001FF8E000000003FF38001FF9C000000 +003FF70000FFDC000000003FFF0000FFFC000000001FFF0000FFF8000000001FFE00007FF80000 +00000FFE00007FF0000000000FFC00003FF0000000000FFC00003FF00000000007FC00003FE000 +00000007F800001FE00000000007F800001FE00000000003F800001FC00000000003F000000FC0 +0000000001F000000F800000000001E0000007800000000000E000000700000050317EB055>87 +D<007FF8000003FFFF000007FFFFC0000FE01FE0001FF007F0001FF003F8001FF003FC001FF001 +FE000FE001FE0007C001FE00010001FE00000001FE00000001FE000001FFFE00003FFFFE0001FF +F1FE0007FE01FE000FF001FE001FC001FE003F8001FE007F8001FE00FF0001FE00FF0001FE00FF +0001FE00FF0001FE00FF0003FE007F8003FE007FC00EFE003FF03CFF000FFFF87FF807FFF03FF8 +00FF800FF825207E9F28>97 D<0007FF00007FFFE000FFFFF003FC03F807F007FC0FE007FC1FE0 +07FC3FC007FC3FC003F87FC001F07F8000407F800000FF800000FF800000FF800000FF800000FF +800000FF800000FF800000FF8000007F8000007FC000007FC000003FC0000E3FE0000E1FE0001C +0FF0001C07F8007803FF01F000FFFFE0007FFF800007FC001F207D9F25>99 +D<00000007E0000003FFE0000003FFE0000003FFE00000003FE00000001FE00000001FE0000000 +1FE00000001FE00000001FE00000001FE00000001FE00000001FE00000001FE00000001FE00000 +001FE00000001FE00000001FE0000FF81FE0007FFF1FE001FFFFDFE003FE03FFE007F800FFE00F +E0003FE01FE0001FE03FC0001FE03FC0001FE07F80001FE07F80001FE07F80001FE0FF80001FE0 +FF80001FE0FF80001FE0FF80001FE0FF80001FE0FF80001FE0FF80001FE0FF80001FE07F80001F +E07F80001FE07F80001FE03FC0001FE03FC0001FE01FC0003FE00FE0007FE007F001FFE003FC07 +DFF001FFFF9FFF007FFE1FFF000FF01FFF28327DB12E>I<0007FC0000003FFF800000FFFFE000 +03FC07F00007F801F8000FE000FC001FE0007E003FC0007E003FC0003F007FC0003F007F80003F +007F80003F80FF80003F80FF80003F80FFFFFFFF80FFFFFFFF80FFFFFFFF80FF80000000FF8000 +0000FF800000007F800000007F800000003FC00000003FC00003801FC00003801FE00007800FF0 +000F0007F8001E0003FE00FC0000FFFFF800003FFFE0000003FF000021207E9F26>I<001FF007 +E000FFFE3FF001FFFF7FF807F83FF1F80FE00FE1F80FE00FE0F01FC007F0601FC007F0003FC007 +F8003FC007F8003FC007F8003FC007F8003FC007F8001FC007F0001FC007F0000FE00FE0000FE0 +0FE00007F83FC00007FFFF000006FFFE00000E1FF000000E000000001E000000001E000000001F +000000001F800000001FFFFFC0000FFFFFF8000FFFFFFE0007FFFFFF0003FFFFFF8007FFFFFFC0 +1FFFFFFFE03F00007FE07E00000FF0FC000007F0FC000003F0FC000003F0FC000003F0FC000003 +F07E000007E03F00000FC01FC0003F800FF801FF0007FFFFFE0000FFFFF000001FFF8000252F7E +9F29>103 D<01F800000000FFF800000000FFF800000000FFF8000000000FF80000000007F800 +00000007F80000000007F80000000007F80000000007F80000000007F80000000007F800000000 +07F80000000007F80000000007F80000000007F80000000007F80000000007F80000000007F807 +F8000007F83FFF000007F87FFF800007F8F03FC00007F9C01FE00007FB000FE00007FE000FF000 +07FE000FF00007FC000FF00007FC000FF00007F8000FF00007F8000FF00007F8000FF00007F800 +0FF00007F8000FF00007F8000FF00007F8000FF00007F8000FF00007F8000FF00007F8000FF000 +07F8000FF00007F8000FF00007F8000FF00007F8000FF00007F8000FF00007F8000FF00007F800 +0FF00007F8000FF00007F8000FF000FFFFC1FFFF80FFFFC1FFFF80FFFFC1FFFF8029327DB12E> +I<03C0000FF0000FF0001FF8001FF8001FFC001FF8001FF8000FF0000FF00003C0000000000000 +0000000000000000000000000000000000000001F800FFF800FFF800FFF8000FF80007F80007F8 +0007F80007F80007F80007F80007F80007F80007F80007F80007F80007F80007F80007F80007F8 +0007F80007F80007F80007F80007F80007F80007F80007F80007F800FFFF80FFFF80FFFF801133 +7DB217>I<01F8000000FFF8000000FFF8000000FFF80000000FF800000007F800000007F80000 +0007F800000007F800000007F800000007F800000007F800000007F800000007F800000007F800 +000007F800000007F800000007F800000007F8007FFC07F8007FFC07F8007FFC07F8001FC007F8 +001F0007F8003E0007F800780007F801F00007F803E00007F807800007F81F000007F83E000007 +F87C000007F9FE000007FBFF000007FFFF800007FF7FC00007FE3FE00007F81FE00007F01FF000 +07F00FF80007F007FC0007F003FE0007F001FF0007F000FF0007F000FF8007F0007FC007F0003F +E007F0003FF0FFFF80FFFFFFFF80FFFFFFFF80FFFF28327EB12C>107 D<01F800FFF800FFF800 +FFF8000FF80007F80007F80007F80007F80007F80007F80007F80007F80007F80007F80007F800 +07F80007F80007F80007F80007F80007F80007F80007F80007F80007F80007F80007F80007F800 +07F80007F80007F80007F80007F80007F80007F80007F80007F80007F80007F80007F80007F800 +07F80007F80007F80007F80007F800FFFFC0FFFFC0FFFFC012327DB117>I<03F007F8000FF000 +FFF03FFF007FFE00FFF07FFF80FFFF00FFF0F03FC1E07F800FF1C01FE3803FC007F3000FE6001F +C007F6000FFC001FE007FE000FFC001FE007FC000FF8001FE007FC000FF8001FE007F8000FF000 +1FE007F8000FF0001FE007F8000FF0001FE007F8000FF0001FE007F8000FF0001FE007F8000FF0 +001FE007F8000FF0001FE007F8000FF0001FE007F8000FF0001FE007F8000FF0001FE007F8000F +F0001FE007F8000FF0001FE007F8000FF0001FE007F8000FF0001FE007F8000FF0001FE007F800 +0FF0001FE007F8000FF0001FE007F8000FF0001FE007F8000FF0001FE0FFFFC1FFFF83FFFFFFFF +C1FFFF83FFFFFFFFC1FFFF83FFFF40207D9F45>I<03F007F80000FFF03FFF0000FFF07FFF8000 +FFF0F03FC0000FF1C01FE00007F3000FE00007F6000FF00007FE000FF00007FC000FF00007FC00 +0FF00007F8000FF00007F8000FF00007F8000FF00007F8000FF00007F8000FF00007F8000FF000 +07F8000FF00007F8000FF00007F8000FF00007F8000FF00007F8000FF00007F8000FF00007F800 +0FF00007F8000FF00007F8000FF00007F8000FF00007F8000FF00007F8000FF00007F8000FF000 +FFFFC1FFFF80FFFFC1FFFF80FFFFC1FFFF8029207D9F2E>I<0007FE0000003FFFC00000FFFFF0 +0003FC03FC0007F000FE000FE0007F001FC0003F803FC0003FC03FC0003FC07F80001FE07F8000 +1FE07F80001FE0FF80001FF0FF80001FF0FF80001FF0FF80001FF0FF80001FF0FF80001FF0FF80 +001FF0FF80001FF07F80001FE07F80001FE07F80001FE03FC0003FC03FC0003FC01FE0007F800F +E0007F0007F801FE0003FE07FC0001FFFFF800003FFFC0000007FE000024207E9F29>I<03F03F +00FFF07FC0FFF1FFE0FFF3C7F00FF38FF807F70FF807F60FF807FE0FF807FC07F007FC03E007FC +008007F8000007F8000007F8000007F8000007F8000007F8000007F8000007F8000007F8000007 +F8000007F8000007F8000007F8000007F8000007F8000007F8000007F8000007F80000FFFFE000 +FFFFE000FFFFE0001D207E9F22>114 D<00FF870007FFEF001FFFFF003F007F003C001F007800 +0F00F8000700F8000700F8000700FC000700FF000000FFF800007FFFC0003FFFF0003FFFFC000F +FFFE0007FFFF0001FFFF80001FFF800000FFC000001FC060000FC0E00007C0E00007C0F00007C0 +F8000780F8000F80FE000F00FF803E00FFFFFC00F3FFF800C07FC0001A207D9F21>I<00380000 +380000380000380000380000780000780000780000F80000F80001F80003F80007F8001FF800FF +FFFEFFFFFEFFFFFE07F80007F80007F80007F80007F80007F80007F80007F80007F80007F80007 +F80007F80007F80007F80007F80007F80007F80707F80707F80707F80707F80707F80707F80703 +F80E03FC0E01FE1C00FFF8007FF0000FE0182E7EAD20>I<FFFF801FFEFFFF801FFEFFFF801FFE +07F80003E007F80001C007FC0003C003FC00038003FE00078001FE00070001FF000F0000FF000E +0000FF801E00007F801C00007FC03C00003FC03800003FE03800001FE07000001FE07000000FF0 +E000000FF0E000000FF9E0000007F9C0000007FFC0000003FF80000003FF80000001FF00000001 +FF00000000FE00000000FE000000007C000000007C000000003800000000380000000070000000 +007000000000F000003C00E000007E01E00000FF01C00000FF03800000FF07800000FF0F000000 +7A3E0000007FFC0000003FF80000000FC0000000272E7E9F2C>121 D E +end +%%EndProlog +%%BeginSetup +TeXDict begin + +%%EndSetup +%%Page: 1 1 +0 bop 232 75 a Ft(Addressing)26 b(W)-7 b(eaknesses)26 b(in)h(the)g(Domain)h +(Name)751 212 y(System)e(Proto)r(col)457 416 y Fs(Christoph)21 +b(L.)f(Sc)n(h)n(uba)g(and)h(Eugene)e(H.)g(Spa\013ord)788 580 +y Fr(CO)n(AST)i(Lab)r(oratory)601 692 y(Departmen)n(t)e(of)h(Computer)g +(Sciences)810 804 y(Purdue)h(Univ)n(ersit)n(y)647 916 y(W)-5 +b(est)20 b(Lafa)n(y)n(ette,)g(IN)f(47907-1398)685 1028 y Fq(f)p +Fp(schuba,spaf)p Fq(g)p Fp(@cs.pu)o(rdue.e)o(du)p eop +%%Page: 2 2 +1 bop 1922 -100 a Fo(ii)912 344 y(ABSTRA)o(CT)149 555 y(Sc)o(h)o(uba,)19 +b(Christoph.)28 b(M.S.,)18 b(Purdue)g(Univ)o(ersit)o(y)l(,)e(August)j(1993.) +29 b(Addressing)18 b(W)l(eaknesses)149 615 y(in)e(the)g(Domain)g(Name)e +(System)h(Proto)q(col.)22 b(Ma)s(jor)16 b(Professor:)23 b(Eugene)16 +b(H.)f(Spa\013ord.)223 766 y(The)i(Domain)g(Name)e(System)h(\(DNS\))h(is)g(a) +h(widely)e(implem)o(en)o(t)o(ed)f(distributed)h(database)149 +856 y(system)e(used)h(throughout)i(the)e(In)o(ternet,)e(pro)o(viding)i(name)f +(resolution)h(b)q(et)o(w)o(een)f(host)h(names)149 946 y(and)i(In)o(ternet)e +(Proto)q(col)i(addresses.)223 1037 y(This)e(thesis)g(describ)q(es)f(problems) +g(with)h(the)g(DNS)g(and)g(one)h(of)f(its)g(implem)o(en)n(tations)e(that)149 +1127 y(allo)o(w)21 b(the)g(abuse)g(of)g(name)f(based)i(authen)o(tication.)34 +b(This)22 b(leads)e(to)i(situations)f(where)g(the)149 1217 +y(name)16 b(resolution)g(pro)q(cess)h(cannot)f(b)q(e)h(trusted,)f(and)h +(securit)o(y)d(ma)o(y)h(b)q(e)h(compromised.)223 1307 y(This)h(thesis)f +(outlines)g(the)h(curren)o(t)f(design)h(and)g(implem)o(en)o(tati)o(on)e(of)i +(the)f(DNS.)h(It)f(states)149 1398 y(the)f(main)f(problem)f(b)q(oth)j(on)g(a) +f(high)h(lev)o(el)c(and)k(as)g(applied)e(to)i(the)e(DNS)h(in)g(a)h(more)d +(concrete)149 1488 y(fashion.)24 b(W)l(e)17 b(examine)d(the)j(w)o(eaknesses)g +(in)f(the)h(DNS)g(and)g(exploit)f(a)h(metho)q(d)f(to)h(abuse)h(the)149 +1578 y(DNS)f(for)f(system)f(break{ins.)223 1669 y(W)l(e)21 +b(demonstrate)g(these)g(w)o(eaknesses)h(b)o(y)f(describing)h(the)f(necessary) +h(mo)q(di\014cations)f(in)149 1759 y(authoritativ)o(e)16 b(DNS)g(data)h(and)g +(Domain)e(Name)g(System)f(co)q(de.)21 b(W)l(e)16 b(list)g(exp)q(eriences)e +(gained)149 1849 y(during)j(exp)q(erimen)o(ts)d(with)j(sev)o(eral)e(setups)i +(of)g(name)f(serv)o(ers)f(and)j(trusting)f(hosts)g(in)f(a)i(lo)q(cal)149 +1939 y(area)f(net)o(w)o(ork.)223 2030 y(T)l(o)q(o)j(w)o(eak)f(assumptions)h +(during)f(the)h(authen)o(tication)e(pro)q(cesses)i(cause)g(man)o(y)e(securit) +o(y)149 2120 y(breac)o(hes.)28 b(W)l(e)18 b(state)h(the)f(securit)o(y)g +(considerations)g(in)h(the)f(o\016cial)g(design)g(do)q(cumen)o(ts)g(and)149 +2210 y(analyze)12 b(the)g(algorithms)g(used)g(in)g(the)g(DNS)g(proto)q(col)h +(lo)q(oking)g(for)g(w)o(eak)f(assumptions.)20 b(Using)149 2301 +y(a)g(wide)f(v)m(ariet)o(y)g(of)g(criteria,)g(w)o(e)g(discuss)h(sev)o(eral)e +(approac)o(hes)i(to)g(solv)o(e)f(the)g(main)f(problem)149 2391 +y(in)g(the)g(Domain)f(Name)f(System)g(proto)q(col.)27 b(Tw)o(o)19 +b(of)f(these)f(solutions,)i(hardening)f(the)g(name)149 2481 +y(serv)o(er)g(and)i(using)f(cryptographic)g(metho)q(ds)f(for)h(strong)h +(authen)o(tication,)f(receiv)o(e)d(more)i(at-)149 2571 y(ten)o(tion)e(than)h +(the)f(other)g(solutions.)p eop +%%Page: 2 3 +2 bop 794 1170 a Fo(DISCARD)16 b(THIS)f(P)l(A)o(GE)p eop +%%Page: 3 4 +3 bop 1893 -100 a Fo(iii)777 342 y(T)l(ABLE)16 b(OF)g(CONTENTS)1847 +516 y(P)o(age)149 687 y(ABSTRA)o(CT)45 b Fn(:)24 b(:)g(:)h(:)f(:)h(:)f(:)h(:) +f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h +(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)93 b Fo(ii)149 845 y(LIST)17 +b(OF)f(T)l(ABLES)30 b Fn(:)24 b(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f +(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f +(:)g(:)81 b Fo(vi)149 1002 y(LIST)17 b(OF)f(FIGURES)40 b Fn(:)25 +b(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g +(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)68 b Fo(vii)149 +1160 y(1.)36 b(INTR)o(ODUCTION)j Fn(:)24 b(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:) +f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f +(:)g(:)96 b Fo(1)149 1318 y(2.)36 b(THE)16 b(DOMAIN)f(NAME)g(SYSTEM)27 +b Fn(:)e(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h +(:)f(:)h(:)f(:)g(:)96 b Fo(5)223 1427 y(2.1)50 b(In)o(tro)q(duction)21 +b Fn(:)k(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h +(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)96 b +Fo(5)335 1487 y(2.1.1)56 b(The)16 b(TCP/IP)h(Proto)q(col)g(Suite)31 +b Fn(:)25 b(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f +(:)g(:)96 b Fo(6)335 1547 y(2.1.2)56 b(In)o(ternet)15 b(Services)44 +b Fn(:)24 b(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f +(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)96 b Fo(6)335 1608 y(2.1.3)56 +b(P)o(ac)o(k)o(et)15 b(Routing)34 b Fn(:)25 b(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f +(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)96 +b Fo(7)335 1668 y(2.1.4)56 b(Name)14 b(Resolution)37 b Fn(:)24 +b(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h +(:)f(:)h(:)f(:)g(:)96 b Fo(7)223 1728 y(2.2)50 b(Historical)15 +b(Dev)o(elopmen)o(t)j Fn(:)25 b(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h +(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)96 b +Fo(8)223 1788 y(2.3)50 b(Design)16 b(Goals)49 b Fn(:)24 b(:)h(:)f(:)h(:)f(:)h +(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f +(:)h(:)f(:)h(:)f(:)g(:)96 b Fo(9)335 1848 y(2.3.1)56 b(Data)17 +b(Consistency)27 b Fn(:)d(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h +(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(10)335 1908 +y(2.3.2)56 b(E\016ciency)41 b Fn(:)24 b(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f +(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 +b Fo(10)335 1969 y(2.3.3)56 b(Distributed)16 b(Character)46 +b Fn(:)24 b(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h +(:)f(:)h(:)f(:)g(:)72 b Fo(11)335 2029 y(2.3.4)56 b(Generalit)o(y)24 +b Fn(:)g(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h +(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(11)335 2089 +y(2.3.5)56 b(Indep)q(endence)34 b Fn(:)24 b(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h +(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 +b Fo(11)223 2149 y(2.4)50 b(DNS)16 b(En)o(tities)44 b Fn(:)24 +b(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h +(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(12)335 2209 +y(2.4.1)56 b(Domain)15 b(Name)g(Space)33 b Fn(:)25 b(:)f(:)h(:)f(:)h(:)f(:)h +(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 +b Fo(12)335 2270 y(2.4.2)56 b(DNS)16 b(Messages)e Fn(:)24 b(:)h(:)f(:)g(:)h +(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h +(:)f(:)g(:)72 b Fo(14)335 2330 y(2.4.3)56 b(Resource)16 b(Records)26 +b Fn(:)e(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h +(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(17)335 2390 y(2.4.4)56 b(Name)14 +b(Serv)o(ers)33 b Fn(:)24 b(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h +(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b +Fo(18)335 2450 y(2.4.5)56 b(Resolv)o(ers)48 b Fn(:)24 b(:)h(:)f(:)h(:)f(:)g +(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f +(:)h(:)f(:)g(:)72 b Fo(19)223 2510 y(2.5)50 b(F)l(orw)o(ard)16 +b(and)h(In)o(v)o(erse)e(Mapping)h(T)l(ree)38 b Fn(:)25 b(:)f(:)h(:)f(:)h(:)f +(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(20)223 +2571 y(2.6)50 b(Recursion)16 b(and)g(Iteration)d Fn(:)25 b(:)f(:)g(:)h(:)f(:) +h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g +(:)72 b Fo(22)223 2631 y(2.7)50 b(Filling)15 b(in)g(the)h(Blanks)42 +b Fn(:)24 b(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f +(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(22)p eop +%%Page: 4 5 +4 bop 1899 -100 a Fo(iv)1836 64 y(P)o(age)335 178 y(2.7.1)56 +b(Role)16 b(of)g(Cac)o(hes)48 b Fn(:)25 b(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h +(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 +b Fo(23)335 239 y(2.7.2)56 b(Role)16 b(of)g(Authorities)32 +b Fn(:)24 b(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h +(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(23)335 299 y(2.7.3)56 b(Occurrence)15 +b(of)h(Errors)35 b Fn(:)25 b(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f +(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(24)223 359 y(2.8)50 +b(Example:)19 b(Name)c(Resolution)47 b Fn(:)25 b(:)f(:)h(:)f(:)h(:)f(:)h(:)f +(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 +b Fo(24)223 419 y(2.9)50 b(The)16 b(Domain)g(Name)e(System)h(Proto)q(col)g +Fn(:)25 b(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g +(:)72 b Fo(26)335 479 y(2.9.1)56 b(Data)17 b(Structures)22 +b Fn(:)j(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f +(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(26)335 540 y(2.9.2)56 +b(Name)14 b(Serv)o(er)h(Algorithm)47 b Fn(:)25 b(:)f(:)h(:)f(:)h(:)f(:)h(:)f +(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(27)335 +600 y(2.9.3)56 b(Resolv)o(er)15 b(Algorithm)24 b Fn(:)g(:)h(:)f(:)h(:)f(:)h +(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 +b Fo(30)223 660 y(2.10)26 b(In)o(teraction)15 b(of)i(Name)d(Serv)o(er)h(and)i +(Resolv)o(er)35 b Fn(:)24 b(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h +(:)f(:)g(:)72 b Fo(31)335 720 y(2.10.1)32 b(Data)17 b(Flo)o(w)23 +b Fn(:)h(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h +(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(32)335 780 +y(2.10.2)32 b(Shared)16 b(Information)25 b Fn(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h +(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 +b Fo(33)149 889 y(3.)36 b(DESCRIPTION)16 b(AND)f(DEMONSTRA)l(TION)g(OF)h +(WEAKNESSES)j Fn(:)25 b(:)f(:)h(:)f(:)g(:)72 b Fo(35)223 998 +y(3.1)50 b(Statemen)o(t)14 b(of)j(the)f(Problem)41 b Fn(:)24 +b(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f +(:)h(:)f(:)g(:)72 b Fo(35)223 1059 y(3.2)50 b(The)16 b(Problem)f(in)h(the)g +(DNS)k Fn(:)k(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f +(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(36)223 1119 y(3.3)50 +b(W)l(eaknesses)42 b Fn(:)25 b(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:) +f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:) +72 b Fo(38)335 1179 y(3.3.1)56 b(Assumptions)15 b(to)i(F)l(acilitate)e +(Break{ins)d Fn(:)25 b(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:) +72 b Fo(38)335 1239 y(3.3.2)56 b(Authen)o(tication)15 b(via)h(Host)g(Names)34 +b Fn(:)25 b(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 +b Fo(39)335 1299 y(3.3.3)56 b(T)l(rusting)17 b(a)f(Not)g(T)l(rust)o(w)o(orth) +o(y)g(Source)34 b Fn(:)25 b(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f +(:)g(:)72 b Fo(40)335 1359 y(3.3.4)56 b(Believing)14 b(Additional,)h(Not)h +(Authoritativ)o(e)f(Information)49 b Fn(:)24 b(:)h(:)f(:)g(:)72 +b Fo(40)223 1420 y(3.4)50 b(Exploiting)16 b(the)g(Fla)o(ws)36 +b Fn(:)24 b(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f +(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(41)335 1480 +y(3.4.1)56 b(Regular)16 b(Access)40 b Fn(:)25 b(:)f(:)g(:)h(:)f(:)h(:)f(:)h +(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 +b Fo(41)335 1540 y(3.4.2)56 b(The)16 b(\\Database)i(Mo)q(di\014cation")f +(Approac)o(h)48 b Fn(:)25 b(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 +b Fo(42)335 1600 y(3.4.3)56 b(The)16 b(\\Cac)o(he)g(P)o(oisoning")i(Approac)o +(h)26 b Fn(:)e(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 +b Fo(42)335 1660 y(3.4.4)56 b(The)16 b(\\Ask)g(Me!")21 b(Approac)o(h)40 +b Fn(:)24 b(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h +(:)f(:)g(:)72 b Fo(43)223 1721 y(3.5)50 b(Implem)o(en)n(tation)14 +b(and)j(Exp)q(erimen)o(ts)33 b Fn(:)24 b(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f +(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(45)335 1781 +y(3.5.1)56 b(Domain)15 b(and)i(Zone)g(Setup)35 b Fn(:)25 b(:)f(:)h(:)f(:)h(:) +f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 +b Fo(45)335 1841 y(3.5.2)56 b(Name)14 b(Serv)o(er)h(and)i(Resolv)o(er)e +(Setup)47 b Fn(:)24 b(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g +(:)72 b Fo(45)335 1901 y(3.5.3)56 b(T)l(rusting)17 b(Hosts)48 +b Fn(:)25 b(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h +(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(46)335 1961 y(3.5.4)56 +b(Authen)o(tication)15 b(in)h(Berk)o(eley)d(\\r{Commands")18 +b Fn(:)24 b(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(47)335 +2022 y(3.5.5)56 b(Rev)o(erse)15 b(Lo)q(okup)i(T)l(ree)f(Manipulation)34 +b Fn(:)25 b(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 +b Fo(48)335 2082 y(3.5.6)56 b(Cac)o(he)16 b(Corruption)22 b +Fn(:)i(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:) +f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(48)223 2142 y(3.6)50 b(Exp)q(eriences)15 +b(Gained)21 b Fn(:)k(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f +(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(50)335 +2202 y(3.6.1)56 b(Acquiring)15 b(Information)39 b Fn(:)24 b(:)h(:)f(:)h(:)f +(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 +b Fo(51)335 2262 y(3.6.2)56 b(Complexit)o(y)13 b(of)k(Mo)q(di\014cations)28 +b Fn(:)d(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g +(:)72 b Fo(52)335 2323 y(3.6.3)56 b(Detecting)15 b(a)i(DNS)f(based)h +(Break{in)42 b Fn(:)24 b(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f +(:)g(:)72 b Fo(53)149 2432 y(4.)36 b(SECURITY)15 b(ANAL)l(YSIS)g(AND)h +(SOLUTIONS)29 b Fn(:)c(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:) +f(:)g(:)72 b Fo(55)223 2540 y(4.1)50 b(Securit)o(y)14 b(Considerations)k(in)d +(the)h(RF)o(C)g(1035)29 b Fn(:)24 b(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h +(:)f(:)h(:)f(:)g(:)72 b Fo(55)223 2601 y(4.2)50 b(Analysis)15 +b(of)i(the)f(Name)e(Serv)o(er)i(Algorithm)21 b Fn(:)k(:)f(:)h(:)f(:)g(:)h(:)f +(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(57)p eop +%%Page: 5 6 +5 bop 1913 -100 a Fo(v)1836 64 y(P)o(age)223 178 y(4.3)50 b(Analysis)15 +b(of)i(the)f(Resolv)o(er)f(Algorithm)37 b Fn(:)25 b(:)f(:)h(:)f(:)h(:)f(:)g +(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(58)223 +239 y(4.4)50 b(Ev)m(aluation)17 b(Criteria)30 b Fn(:)25 b(:)f(:)h(:)f(:)g(:)h +(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h +(:)f(:)g(:)72 b Fo(60)223 299 y(4.5)50 b(The)16 b(Berk)o(eley)e(P)o(atc)o(h) +20 b Fn(:)25 b(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:) +h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(61)223 +359 y(4.6)50 b(Examining)15 b(Berk)o(eley)e(\\r{Commands")g +Fn(:)25 b(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g +(:)72 b Fo(62)223 419 y(4.7)50 b(Restricting)15 b(Public)g(Information)h +(Access)f Fn(:)24 b(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h +(:)f(:)g(:)72 b Fo(64)223 479 y(4.8)50 b(Adjusting)16 b(DNS)g(Up)q(date)h(In) +o(terv)m(als)11 b Fn(:)25 b(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f +(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(66)223 540 y(4.9)50 +b(Abandoning)17 b(the)f(Domain)f(Name)g(System)28 b Fn(:)d(:)f(:)h(:)f(:)g(:) +h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(67)223 +600 y(4.10)26 b(Hardening)16 b(Name)e(Serv)o(ers)29 b Fn(:)24 +b(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h +(:)f(:)h(:)f(:)g(:)72 b Fo(68)335 660 y(4.10.1)32 b(Problems)15 +b(Not)h(Exploiting)g(Cac)o(he)g(P)o(oisoning)41 b Fn(:)24 b(:)h(:)f(:)h(:)f +(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(68)335 720 y(4.10.2)32 b(Problems)15 +b(Exploiting)h(Cac)o(he)g(P)o(oisoning)22 b Fn(:)i(:)g(:)h(:)f(:)h(:)f(:)h(:) +f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(69)335 780 y(4.10.3)32 b(Keeping)16 +b(Additional)f(Information)24 b Fn(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:) +f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(70)335 841 y(4.10.4)32 b(Prev)o(en)o(tion)15 +b(of)h(Cac)o(he)g(P)o(oisoning)k Fn(:)k(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f +(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(70)335 901 y(4.10.5)32 +b(Con)o(text)16 b(Cac)o(he)47 b Fn(:)25 b(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h +(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 +b Fo(71)335 961 y(4.10.6)32 b(Authorit)o(y)15 b(Cac)o(he)47 +b Fn(:)24 b(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f +(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(72)335 1021 y(4.10.7)32 +b(Conditional)16 b(Cac)o(he)g(Use)29 b Fn(:)24 b(:)h(:)f(:)h(:)f(:)h(:)f(:)h +(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b +Fo(72)335 1081 y(4.10.8)32 b(Discussion)26 b Fn(:)e(:)h(:)f(:)h(:)f(:)g(:)h +(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h +(:)f(:)g(:)72 b Fo(73)223 1142 y(4.11)26 b(Cryptographic)17 +b(Metho)q(ds)f(for)h(Strong)g(Authen)o(tication)i Fn(:)24 b(:)h(:)f(:)h(:)f +(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(73)335 1202 y(4.11.1)32 b(Data)17 +b(In)o(tegrit)o(y)h Fn(:)24 b(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h +(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b +Fo(74)335 1262 y(4.11.2)32 b(Originator)16 b(Authen)o(tication)35 +b Fn(:)24 b(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h +(:)f(:)g(:)72 b Fo(75)335 1322 y(4.11.3)32 b(P)o(assing)17 +b(Creden)o(tials)e(to)i(Pro)o(v)o(e)e(Authorit)o(y)23 b Fn(:)h(:)h(:)f(:)h(:) +f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(77)335 1382 y(4.11.4)32 +b(Example)21 b Fn(:)k(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f +(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 +b Fo(78)335 1443 y(4.11.5)32 b(Discussion)26 b Fn(:)e(:)h(:)f(:)h(:)f(:)g(:)h +(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h +(:)f(:)g(:)72 b Fo(81)149 1551 y(5.)36 b(CONCLUSIONS)15 b(AND)h(OUTLOOK)30 +b Fn(:)24 b(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h +(:)f(:)h(:)f(:)g(:)72 b Fo(83)149 1709 y(BIBLIOGRAPHY)44 b +Fn(:)24 b(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f +(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 +b Fo(85)p eop +%%Page: 6 7 +6 bop 1894 -100 a Fo(vi)847 342 y(LIST)16 b(OF)g(T)l(ABLES)149 +516 y(T)l(able)1580 b(P)o(age)149 687 y(2.1)60 b(Subset)17 +b(of)f(QTYPEs)21 b Fn(:)k(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h +(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 +b Fo(19)149 796 y(2.2)60 b(Example)15 b(steps)h(in)g(name)f(resolution)h +Fn(:)24 b(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f +(:)h(:)f(:)g(:)72 b Fo(26)149 905 y(3.1)60 b(Regular)17 b(access)41 +b Fn(:)25 b(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f +(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 +b Fo(41)149 1014 y(3.2)60 b(The)17 b(\\Database)h(Mo)q(di\014cation")f +(approac)o(h)50 b Fn(:)24 b(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h +(:)f(:)h(:)f(:)g(:)72 b Fo(42)149 1123 y(3.3)60 b(The)17 b(\\Cac)o(he)f(P)o +(oisoning")h(approac)o(h)28 b Fn(:)c(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h +(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(43)149 1232 +y(4.1)60 b(Example:)20 b(certi\014cate)15 b(v)m(alidation)41 +b Fn(:)25 b(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f +(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(79)149 1341 y(4.2)60 b(Example:)20 +b(legend)c(of)g(abbreviations)22 b Fn(:)i(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g +(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(79)p +eop +%%Page: 7 8 +7 bop 1880 -100 a Fo(vii)833 342 y(LIST)17 b(OF)f(FIGURES)149 +516 y(Figure)1560 b(P)o(age)149 687 y(2.1)60 b(Domain)16 b(purdue.edu)45 +b Fn(:)24 b(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g +(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(12)149 +796 y(2.2)60 b(Domain)16 b(vs.)21 b(zone)32 b Fn(:)24 b(:)h(:)f(:)h(:)f(:)h +(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f +(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(13)149 905 y(2.3)60 b(DNS)17 +b(message)24 b Fn(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h +(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 +b Fo(14)149 1014 y(2.4)60 b(The)17 b(in-addr.arpa)g(domain)45 +b Fn(:)25 b(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h +(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(21)149 1123 y(2.5)60 +b(Degree)16 b(of)h(sp)q(eci\014cation)26 b Fn(:)f(:)f(:)h(:)f(:)g(:)h(:)f(:)h +(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g +(:)72 b Fo(21)149 1232 y(2.6)60 b(Example)15 b(name)g(resolution)41 +b Fn(:)25 b(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h +(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(25)149 1341 y(2.7)60 +b(Name)15 b(serv)o(er)g(algorithm)j Fn(:)25 b(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f +(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 +b Fo(28)149 1450 y(2.8)60 b(Resolv)o(er)15 b(algorithm)26 b +Fn(:)f(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:) +h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(30)149 +1559 y(2.9)60 b(Data)18 b(\015o)o(w)e(b)q(et)o(w)o(een)g(DNS)g(en)o(tities)e +Fn(:)25 b(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h +(:)f(:)h(:)f(:)g(:)72 b Fo(32)149 1668 y(3.1)60 b(Exp)q(erimen)o(tal)14 +b(setup)51 b Fn(:)24 b(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:) +h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 +b Fo(36)149 1777 y(3.2)60 b(Algorithm)15 b(of)h(the)g(Berk)o(eley)e(patc)o(h) +46 b Fn(:)24 b(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:) +h(:)f(:)h(:)f(:)g(:)72 b Fo(49)149 1886 y(3.3)60 b(Additional)16 +b(false)g(resource)g(record)22 b Fn(:)j(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f +(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(50)149 +1995 y(3.4)60 b(Mo)q(di\014cations)17 b(in)f(name)f(serv)o(er)g(co)q(de)47 +b Fn(:)25 b(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f +(:)h(:)f(:)g(:)72 b Fo(51)149 2104 y(4.1)60 b(Application)16 +b(of)g(a)h(message)e(digest)h(algorithm)33 b Fn(:)25 b(:)f(:)h(:)f(:)g(:)h(:) +f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(74)149 2213 +y(4.2)60 b(Digital)16 b(signature)h(generation)f(and)h(v)m(alidation)51 +b Fn(:)24 b(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 +b Fo(76)149 2321 y(4.3)60 b(Example:)20 b(certi\014cate)15 +b(v)m(alidation)41 b Fn(:)25 b(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:) +f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(80)p eop +%%Page: 8 9 +8 bop 1883 -100 a Fo(viii)776 342 y(A)o(CKNO)o(WLEDGMENTS)223 +516 y(W)l(e)15 b(w)o(ould)h(lik)o(e)e(to)j(thank)f(the)f(German-American)e(F) +l(ulbrigh)o(t)i(Commission)f(for)i(a)h(sc)o(hol-)149 606 y(arship)25 +b(that)f(made)f(this)h(w)o(ork)g(p)q(ossible.)45 b(Thanks)25 +b(to)f(Stev)o(en)f(Bello)o(vin)f(whose)j(v)m(aluable)149 696 +y(commen)o(ts)12 b(are)j(most)e(appreciated)i(and)g(Dan)g(T)l(rinkle)e(who)j +(sho)o(w)o(ed)e(us)h(ho)o(w)g(to)g(master)e(some)149 787 y(of)k(the)f(subtle) +g(di\016culties)e(of)j(the)f(DNS.)p eop +%%Page: 1 10 +9 bop 1925 -100 a Fo(1)815 342 y(1.)33 b(INTR)o(ODUCTION)223 +516 y(The)19 b(In)o(ternet)f(is)h(a)h(widespread)f(conglomeration)f(of)i(h)o +(undreds)f(of)h(thousands)h(of)e(in)o(ter-)149 606 y(connected)d +(heterogeneous)h(net)o(w)o(orks)f(and)h(hosts.)22 b(The)17 +b(design)f(of)h(the)f(In)o(ternet)f(is)h(based)h(on)149 696 +y(a)g(proto)q(col)g(hierarc)o(h)o(y)l(.)j(There)c(exist)f(m)o(ultiple)e +(implem)o(en)o(tations)h(of)i(these)g(proto)q(cols.)223 787 +y(Computers)k(comm)o(unicate)e(with)j(eac)o(h)g(other)g(on)h(the)f(basis)h +(of)g(di\013eren)o(t)e(t)o(yp)q(es)h(of)h(ad-)149 877 y(dresses;)e(on)e(the)g +(ph)o(ysical)g(la)o(y)o(er)f(using)h(lo)o(w{lev)o(el)f(ph)o(ysical)g +(addresses)i(lik)o(e)e(Ethernet)1820 859 y Fm(1)1857 877 y +Fo(card)149 967 y(addresses,)25 b(on)f(the)e(data)i(link)e(to)h(presen)o +(tation)g(la)o(y)o(er)e(using)i(host)h(addresses)f(suc)o(h)g(as)h(IP)149 +1057 y(addresses)347 1039 y Fm(2)368 1057 y Fo(,)15 b(and)h(on)g(the)f +(application)g(la)o(y)o(er)f(using)i(high{lev)o(el,)d(pronounceable)j(host)g +(names.)223 1148 y(One)j(of)h(the)g(managemen)o(t)e(tasks)i(in)g(the)f(In)o +(ternet)g(is)h(the)f(mapping)h(of)g(lo)o(w)o(er)f(lev)o(el)f(ad-)149 +1238 y(dresses)e(to)h(host)f(names.)k(A)c(\014rst)g(naiv)o(e)f(approac)o(h)i +(is)e(to)i(collect)d(all)i(name{to{address)g(map-)149 1328 +y(pings)g(in)g(a)g(single)f(\014le.)20 b(That)d(w)o(as)f(also)g(the)f +(\014rst)h(approac)o(h)h(tak)o(en)e(in)g(the)h(In)o(ternet.)j(The)d(\014le) +149 1419 y(\\HOSTS.TXT")f(con)o(tained)f(the)h(name{to{address)g(mapping)f +(for)h(ev)o(ery)e(host)i(connected)f(to)149 1509 y(the)i(ARP)l(ANET.)223 +1599 y(The)i(task)h(of)g(naming)f(hosts)h(and)g(net)o(w)o(ork)f(domains)g(is) +h(addressed)g(b)o(y)f(creating)g(a)h(hier-)149 1689 y(arc)o(hical)h(relation) +g(b)q(et)o(w)o(een)f(domains,)h(with)h(hosts)g(as)g(the)f(furthest)g +(descendan)o(ts)h(from)e(an)149 1780 y(arti\014cial)h(ro)q(ot)h(domain.)32 +b(By)20 b(app)q(ending)h(the)f(domain)f(lab)q(els)h(one)h(after)f(the)g +(other)g(to)h(the)149 1870 y(host)15 b(lab)q(els)f(on)g(the)g(path)g(up)g(to) +g(the)g(ro)q(ot)h(in)e(the)h(hierarc)o(hical)e(tree,)h(a)h(unique,)g(memoriz) +o(able,)149 1960 y(and)j(usually)f(pronounceable)h(iden)o(ti\014er)d(is)i +(created:)21 b(the)16 b(host)h(name.)223 2051 y(The)d(mapping,)g(or)h +(binding,)f(of)h(IP)g(addresses)g(to)g(host)g(names)f(b)q(ecame)f(a)i(ma)s +(jor)f(problem)149 2141 y(in)h(the)h(rapidly)e(gro)o(wing)i(In)o(ternet.)k +(This)15 b(thesis)g(do)q(es)i(not)e(deal)g(with)h(the)f(mapping)f(b)q(et)o(w) +o(een)149 2231 y(addresses)19 b(on)e(the)h(ph)o(ysical)e(la)o(y)o(er)g(and)i +(transp)q(ort)h(la)o(y)o(er,)d(whic)o(h)h(is)g(solv)o(ed)g(b)o(y)g(ARP)1787 +2213 y Fm(3)1824 2231 y Fo(in)g(the)149 2322 y(UNIX)278 2303 +y Fm(4)313 2322 y Fo(proto)q(col)g(suite,)e(but)h(with)h(the)f(mapping)f(b)q +(et)o(w)o(een)g(host)i(names)f(and)h(IP)f(addresses.)p 149 +2365 720 2 v 206 2396 a Fl(1)224 2411 y Fk(Ethernet)g(is)e(a)f(registered)j +(trademark)d(of)g(Xero)o(x)h(Corp)q(oration)206 2446 y Fl(2)224 +2461 y Fk(\\32-bit)f(addresses)j(assigned)e(to)g(hosts)g(that)g(w)o(an)o(t)g +(to)f(participate)h(in)g(a)f(TCP/IP)i(in)o(ternet")f([Com91)m(])206 +2495 y Fl(3)224 2511 y Fk(\\Address)h(Resolution)e(Proto)q(col)h({)f(used)i +(to)e(dynamically)e(bind)i(a)h(high)f(lev)o(el)g(IP)h(address)h(to)f(a)f(lo)o +(w)g(lev)o(el)149 2560 y(ph)o(ysical)h(hardw)o(are)g(address")h([Com91)m(]) +206 2595 y Fl(4)224 2610 y Fk(UNIX)f(is)g(a)g(trademark)f(of)g(A)m(T&T)h +(Bell)g(Lab)q(oratories)p eop +%%Page: 2 11 +10 bop 1925 -100 a Fo(2)223 75 y(This)13 b(higher)f(lev)o(el)f(binding)i +(e\013ort)h(w)o(en)o(t)e(through)i(di\013eren)o(t)e(stages)i(of)f(dev)o +(elopmen)o(t)d(up)j(to)149 165 y(the)g(curren)o(tly)e(used)i(Domain)f(Name)f +(System.)19 b(The)12 b(Domain)g(Name)f(System,)h(with)g(its)h(Berk)o(e-)149 +255 y(ley)19 b(UNIX)f(implem)o(en)o(tati)o(on)g(called)g(BIND)997 +237 y Fm(5)1016 255 y Fo(,)h(is)h(a)g(distributed)f(naming)f(resolution)i +(system)149 346 y(used)d(b)o(y)f(most)g(net)o(w)o(ork)g(services)g(a)o(v)m +(ailable)g(throughout)i(the)f(In)o(ternet.)k(It)16 b(w)o(orks)h(transpar-)149 +436 y(en)o(tly)j(for)h(the)f(user)h(who)g(sends)g(email,)e(accesses)i +(another)g(host)g(via)g(\\telnet")f(or)h(\\rlogin,")149 526 +y(or)d(transfers)g(some)e(\014les)h(via)g(\\ftp")h(from)e(another)i(site)e +(to)i(his)f(o)o(wn)h(mac)o(hine.)k(The)17 b(Domain)149 616 +y(Name)12 b(System)f(pro)o(vides)i(name)e(binding)i(in)g(b)q(oth)h +(directions:)19 b(giv)o(en)12 b(a)h(host)h(name,)e(it)g(returns)149 +707 y(the)k(appropriate)h(IP)f(addresses,)h(and)g(vice)d(v)o(ersa.)223 +797 y(Before)d(hosts)h(gran)o(t)h(net)o(w)o(ork)e(services)g(to)h(users,)h +(an)f(authen)o(tication)f(pro)q(cess)i(tak)o(es)f(place,)149 +887 y(where)19 b(the)g(users')g(access)g(righ)o(ts,)g(and)h(the)f(iden)o(tit) +o(y)e(of)i(connecting)g(hosts)h(get)f(scrutinized,)149 978 +y(according)c(to)g(pro)o(vider)e(p)q(olicies.)20 b(These)14 +b(examinations)f(are)h(usually)g(based)h(up)q(on)g(iden)o(ti\014ca-)149 +1068 y(tion)h(b)o(y)e(login)h(name,)f(passw)o(ord)i(and)g(host)g(name.)j(In)c +(some)f(cases)i(it)e(is)h(su\016cien)o(t)f(to)h(pro)o(vide)149 +1158 y(the)h(righ)o(t)g(names,)f(and)i(access)f(is)g(gran)o(ted)h(without)f +(sp)q(ecifying)g(an)o(y)g(passw)o(ord)h(at)g(all.)223 1248 +y(Some)h(Berk)o(eley)e(\\r{commands")i(o\013er)i(net)o(w)o(ork)e(services)g +(for)h(whic)o(h)g(it)g(is)f(su\016cien)o(t)g(to)149 1339 y(v)o(erify)d(user)i +(name)f(and)h(host)g(name)f(to)h(gran)o(t)g(complete)d(access.)23 +b(As)16 b(the)h(remote)e(user)i(name)149 1429 y(is)g(sp)q(eci\014ed)f(b)o(y)f +(the)i(connecting)f(site,)f(the)h(authen)o(tication)g(is)g(based)h(up)q(on)h +(the)e(name)f(of)i(the)149 1519 y(connecting)j(mac)o(hine.)30 +b(A)19 b(mac)o(hine)f(that)i(o\013ers)h(services)d(can)i(acquire)f +(information)g(ab)q(out)149 1610 y(the)g(so)q(c)o(k)o(et)g(that)h(is)f(used)g +(b)o(y)g(the)g(connecting)g(site.)29 b(A)19 b(so)q(c)o(k)o(et)f(is)h(a)h +(tuple)f(consisting)g(of)h(IP)149 1700 y(address,)g(p)q(ort,)g(and)g(proto)q +(col)g(used)f(b)o(y)g(the)f(remote)g(site.)29 b(T)l(o)19 b(v)o(erify)f(the)g +(host)i(name,)e(it)h(is)149 1790 y(the)e(task)g(of)h(the)e(Domain)g(Name)g +(System)f(to)i(map)f(the)h(IP)f(address)i(on)f(the)g(host)h(name.)k(W)l(e)149 +1880 y(examine)14 b(this)j(case)f(more)f(closely)g(later)h(in)g(this)g +(thesis.)223 1971 y(Because)c(the)h(Domain)f(Name)g(System)f(is)i +(distributed)g(among)g(man)o(y)f(thousands)i(of)g(hosts,)149 +2061 y(it)d(can)g(b)q(e)h(a)f(critical)f(mistak)o(e)f(to)i(blindly)f(trust)h +(the)g(resolv)o(ed)f(binding.)20 b(This)11 b(thesis)g(sho)o(ws)h(that)149 +2151 y(under)f(some)f(assumptions)h(it)f(is)h(no)g(ma)s(jor)f(e\013ort)h(to)h +(falsify)e(the)g(host)i(name)d(and)j(authorization)149 2242 +y(for)17 b(a)g(system.)223 2332 y(Although)j(this)f(problem)f(has)j(b)q(een)f +(kno)o(wn)f(for)i(some)d(y)o(ears)i(no)o(w,)g(not)g(man)o(y)f(publica-)149 +2422 y(tions)i(deal)e(with)h(it.)32 b([Bel90b)o(])20 b(is)g(the)f(main)g(pap) +q(er)i(w)o(e)e(can)h(men)o(tion)f(as)h(related)f(w)o(ork.)33 +b(It)149 2512 y(demonstrates)16 b(the)g(sub)o(v)o(ersion)f(of)h(system)f +(securit)o(y)g(using)h(the)g(Domain)f(Name)f(System)h(and)p +149 2556 720 2 v 206 2587 a Fl(5)224 2602 y Fk(Berk)o(eley)g(In)o(ternet)g +(Name)e(Domain)p eop +%%Page: 3 12 +11 bop 1925 -100 a Fo(3)149 75 y(discusses)19 b(p)q(ossible)g(defenses)g +(against)h(the)f(attac)o(k)f(and)i(limitations)d(on)i(their)f(applicabilit)o +(y)l(.)149 165 y(An)h(earlier)e(pap)q(er)i(b)o(y)f(Stev)o(en)f(Bello)o(vin)f +(\([Bel89)o(]\))i(has)i(already)e(men)o(tioned)e(the)i(p)q(ossibilit)o(y)149 +255 y(of)f(abuse)g(of)g(the)g(Domain)e(Name)g(System.)21 b(That)c(pap)q(er)g +(follo)o(ws)g(suggestions)g(from)f(P)o(aul)g(V.)149 346 y(Mo)q(c)o(k)m(ap)q +(etris,)g(the)g(designer)g(of)h(the)f(Domain)f(Name)g(System.)223 +436 y(The)f(main)g(b)q(o)q(dy)h(of)g(this)g(thesis)f(consists)h(of)g(three)f +(c)o(hapters)g(follo)o(w)o(ed)g(b)o(y)g(a)h(\014nal)g(c)o(hapter)149 +526 y(dra)o(wing)i(conclusions)f(and)h(giving)f(suggestions)i(for)e(future)g +(w)o(ork.)223 616 y(The)e(\014rst)h(of)g(these)g(three)f(c)o(hapters,)g +(Chapter)h(2,)g(describ)q(es)f(the)h(p)q(osition)g(and)g(role)g(of)g(the)149 +707 y(Domain)h(Name)f(System)g(in)h(its)h(frame,)e(the)h(In)o(ternet.)21 +b(It)16 b(giv)o(es)g(a)h(short)g(historical)f(sk)o(etc)o(h)f(of)149 +797 y(the)h(In)o(ternet)e(and)i(describ)q(es)f(the)g(Domain)g(Name)f(System)g +(on)i(a)f(high)h(lev)o(el.)j(In)c(that)h(section)149 887 y(w)o(e)g(go)i(in)o +(to)e(as)h(m)o(uc)o(h)d(detail)i(as)h(necessary)f(to)h(build)f(up)h(the)f +(necessary)g(bac)o(kground)h(for)g(the)149 978 y(succeeding)g(c)o(hapters.)26 +b(W)l(e)18 b(in)o(tro)q(duce)f(the)g(tec)o(hnical)f(terms)h(and)h(explain)f +(the)h(mec)o(hanism)o(s)149 1068 y(cen)o(tral)d(to)g(the)g(understanding)h +(of)g(the)f(Domain)f(Name)g(System)g(and)h(the)h(exploitation)e(of)i(its)149 +1158 y(w)o(eaknesses.)21 b(W)l(e)14 b(giv)o(e)f(an)i(example)d(of)j(a)f(name) +f(resolution)i(and)f(the)g(description)g(of)h(the)f(data)149 +1248 y(structures)j(and)f(algorithms)g(used)g(b)o(y)g(name)f(serv)o(ers)g +(and)i(resolv)o(ers.)223 1339 y(Chapter)h(3)h(states)g(precisely)e(the)h +(main)f(problem)g(w)o(e)h(are)g(addressing.)29 b(W)l(e)18 b(explain)g(the)149 +1429 y(main)d(problem)g(in)h(sev)o(eral)f(stages,)h(giving)g(more)f(details)g +(from)g(section)h(to)g(section.)21 b(First)16 b(w)o(e)149 1519 +y(describ)q(e)d(the)h(problem)e(at)i(a)g(high)g(lev)o(el.)k(Then)c(w)o(e)f +(sho)o(w)i(the)e(existence)f(of)i(the)f(problem)g(with)149 +1610 y(the)i(Domain)f(Name)f(System.)19 b(W)l(e)c(express)g(the)f +(assumptions)h(and)g(examine)e(the)i(w)o(eaknesses)149 1700 +y(in)c(the)g(Domain)f(Name)g(System)f(that)j(lead)e(to)i(the)f(p)q(ossibilit) +o(y)f(of)h(gaining)g(unauthorized)h(access)149 1790 y(to)20 +b(a)g(certain)e(t)o(yp)q(e)h(of)h(remote)e(host.)31 b(In)19 +b(Chapter)g(3)h(w)o(e)f(demonstrate)f(the)h(exploitation)g(of)149 +1880 y(the)i(securit)o(y)f(\015a)o(ws)i(b)o(y)f(giving)g(details)f(of)i(an)f +(arti\014cial)g(setup)g(that)h(leads)f(step)o(wise)f(to)i(an)149 +1971 y(unauthorized)e(login)g(on)h(another)f(host.)33 b(W)l(e)20 +b(close)f(the)h(c)o(hapter)f(with)h(exp)q(eriences)e(gained)149 +2061 y(during)f(our)g(exp)q(erimen)o(ts.)223 2151 y(Concluding)f(the)f(main)g +(b)q(o)q(dy)i(of)f(this)g(thesis,)g(Chapter)g(4)g(analyzes)g(the)g(curren)o +(t)f(securit)o(y)149 2242 y(features)20 b(in)f(the)g(Domain)g(Name)e(System)h +(and)i(presen)o(ts)f(solutions)h(to)g(the)f(giv)o(en)f(problem.)149 +2332 y(The)d(\014rst)f(part)h(con)o(tains)g(the)f(securit)o(y)f +(considerations)h(in)g(the)h(RF)o(C)f(and)h(a)f(securit)o(y)f(analysis)149 +2422 y(of)k(the)e(name)g(serv)o(er)f(and)j(resolv)o(er)d(algorithms.)21 +b(Some)14 b(of)i(the)g(solutions)g(in)g(the)f(second)h(part)149 +2512 y(are)i(already)e(impleme)o(n)o(ted)e(and)k(running)f(in)g(patc)o(hed)f +(v)o(ersions)h(of)g(system)f(soft)o(w)o(are,)h(or)g(are)149 +2603 y(follo)o(w)o(ed)g(b)o(y)f(organizational)i(p)q(olicies;)f(others)g(are) +g(still)g(in)f(an)i(early)f(stage)g(of)h(dev)o(elopmen)o(t.)p +eop +%%Page: 4 13 +12 bop 1925 -100 a Fo(4)149 75 y(Eac)o(h)22 b(of)f(the)g(solutions)h(presen)o +(ted)e(is)h(discussed)g(in)g(this)g(c)o(hapter)g(and)g(ev)m(aluated)g(using)h +(a)149 165 y(wide)16 b(v)m(ariet)o(y)f(of)i(criteria.)223 255 +y(The)h(approac)o(h,)i(and)f(its)f(discussion,)h(of)g(com)o(bining)e(partial) +i(solutions)g(to)g(a)g(dense)f(net-)149 346 y(w)o(ork,)g(are)g(part)g(of)g +(the)g(concluding)f(c)o(hapter.)26 b(Ev)o(en)17 b(if)g(these)h(in)o(terw)o(o) +o(v)o(en)d(solutions)k(do)f(not)149 436 y(guaran)o(tee)f(the)f(securit)o(y)f +(of)h(a)h(system,)d(at)j(least)f(they)g(increase)f(the)h(con\014dence)g(in)g +(it.)p eop +%%Page: 5 14 +13 bop 1925 -100 a Fo(5)655 342 y(2.)32 b(THE)16 b(DOMAIN)f(NAME)g(SYSTEM)223 +516 y(This)j(c)o(hapter)h(describ)q(es)f(the)h(p)q(osition)g(and)g(role)g(of) +g(the)f(Domain)g(Name)f(System)g(in)i(its)149 606 y(frame,)14 +b(the)g(In)o(ternet.)19 b(W)l(e)c(start)g(o\013)g(b)o(y)f(talking)g(ab)q(out) +i(the)f(In)o(ternet,)e(the)h(TCP/IP)i(proto)q(col)149 696 y(suite,)i(In)o +(ternet)e(services,)g(routing,)i(and)h(\014nally)e(the)g(need)g(for)h(name)f +(resolution.)25 b(It)18 b(follo)o(ws)149 787 y(an)23 b(outline)e(of)i(the)f +(historical)f(dev)o(elopmen)o(t)e(of)j(the)g(Domain)f(Name)g(System)f(that)j +(led)e(to)149 877 y(the)h(curren)o(t)e(system.)36 b(W)l(e)21 +b(describ)q(e)g(the)g(design)h(goals)g(of)g(the)f(curren)o(t)g(system)f(for)i +(name)149 967 y(resolution)14 b(in)g(the)g(In)o(ternet)f(and)h(its)g(in)o +(teracting)f(en)o(tities.)19 b(W)l(e)14 b(also)g(talk)g(ab)q(out)h(forw)o +(ard)g(and)149 1057 y(rev)o(erse)d(mapping)g(trees,)g(and)i(recursiv)o(e)d +(and)i(iterativ)o(e)e(resolving)h(tec)o(hniques.)19 b(The)13 +b(follo)o(wing)149 1148 y(section)18 b(con)o(tains)g(some)f(additional)g +(remarks)g(ab)q(out)i(topics)f(that)g(w)o(ere)f(already)h(men)o(tioned)149 +1238 y(but)f(deserv)o(e)e(a)h(more)f(detailed)h(treatmen)o(t.)223 +1328 y(Before)25 b(describing)g(the)h(concrete)g(data)h(structures)f(and)g +(algorithms)g(used)g(b)o(y)g(name)149 1419 y(serv)o(ers)16 +b(and)h(resolv)o(ers)f(w)o(e)g(giv)o(e)g(an)h(example)d(of)j(a)g(name)e +(resolution.)22 b(This)17 b(example)d(should)149 1509 y(pro)o(vide)d(a)h(go)q +(o)q(d)i(understanding)e(of)g(the)g(algorithms)e(and)j(the)e(in)o(teraction)g +(of)h(all)f(participating)149 1599 y(en)o(tities)k(in)h(the)g(distributed)g +(Domain)f(Name)g(System.)223 1689 y(Wherev)o(er)h(it)h(is)h(necessary)f(to)h +(pro)o(vide)f(more)g(sp)q(eci\014c)g(descriptions)g(of)h(concepts)g(or)g(the) +149 1780 y(impleme)o(n)o(tation)9 b(of)k(the)f(Domain)f(Name)f(System,)h(w)o +(e)h(co)o(v)o(er)f(the)g(resp)q(ectiv)o(e)g(topics)h(in)f(greater)149 +1870 y(detail.)149 2035 y(2.1)50 b(In)o(tro)q(duction)223 2175 +y(T)l(o)17 b(understand)g(the)f(role)h(that)g(the)f(DNS)h(pla)o(ys,)e(w)o(e)i +(start)g(b)o(y)f(in)o(tro)q(ducing)g(the)h(In)o(ternet)149 +2265 y(in)f(general)g(\(see)g([Com91,)g(Preface)f(and)i(c)o(hapter)f(1]\).) +223 2356 y(Data)g(comm)o(unic)o(ation)d(has)j(b)q(ecome)d(a)j(fundamen)o(tal) +e(part)h(of)h(computing.)j(Hosts)d(gather)149 2446 y(information)k(w)o +(orldwide)g(and)i(their)e(users)h(w)o(an)o(t)f(to)h(exc)o(hange)g(data)g(and) +g(use)g(remote)e(ser-)149 2536 y(vices)d(for)h(di\013eren)o(t)f(purp)q(oses.) +24 b(Common)16 b(in)o(terests,)f(shared)j(b)o(y)e(p)q(eople)h(that)g(liv)o(e) +e(and)i(w)o(ork)149 2626 y(thousands)j(of)f(miles)d(a)o(w)o(a)o(y)i(from)g +(eac)o(h)f(other,)i(created)f(the)g(need)g(for)h(e\016cien)o(t)d(and)j +(reliable)p eop +%%Page: 6 15 +14 bop 1925 -100 a Fo(6)149 75 y(data)22 b(comm)o(unic)o(ation.)32 +b(What)22 b(started)f(b)q(efore)f(1960)j(with)d(the)h(dev)o(elopmen)o(t)c(of) +k(informa-)149 165 y(tion)16 b(theory)l(,)f(the)h(sampling)e(theorem,)g(and)i +(the)f(\014eld)h(of)f(signal)h(pro)q(cessing,)g(b)q(ecame)e(around)149 +255 y(the)19 b(mid)d(1960s)k(the)e(question)g(of)h(ho)o(w)g(to)g(transmit)e +(data)i(pac)o(k)o(ets)e(in)h(lo)q(cal)h(area)f(net)o(w)o(orks.)149 +346 y(The)i(In)o(ternet)f(con)o(tains)h(and)g(pro)o(vides)f(ev)o(en)g(more:) +27 b(in)o(ternet)o(w)o(ork)18 b(tec)o(hnologies,)i(proto)q(col)149 +436 y(la)o(y)o(ering)c(mo)q(dels,)f(and)j(datagram)f(and)g(stream)f(transp)q +(ort)i(services)e(b)q(et)o(w)o(een)g(hosts)i(on)f(p)q(os-)149 +526 y(sibly)e(di\013eren)o(t)g(net)o(w)o(orks,)g(that)h(together)g +(constitute)f(an)h(in)o(terconnected)e(arc)o(hitecture)g(that)149 +616 y(functions)j(as)g(a)f(single)g(uni\014ed)g(comm)o(unic)o(ation)e +(system.)149 776 y(2.1.1)49 b(The)17 b(TCP/IP)g(Proto)q(col)g(Suite)223 +899 y(The)i(need)g(and)h(imp)q(ortance)f(of)h(in)o(ternet)e(tec)o(hnology)h +(w)o(as)h(recognized)f(b)o(y)g(go)o(v)o(ernmen)o(t)149 989 +y(agencies,)k(whic)o(h)e(resulted)f(in)i(its)f(dev)o(elopmen)o(t)e(b)o(y)i(D) +o(ARP)l(A)1367 971 y Fm(1)1385 989 y Fo(.)h(The)f(D)o(ARP)l(A)g(tec)o +(hnology)149 1079 y(includes)14 b(net)o(w)o(ork)g(standards)i(that)f(sp)q +(ecify)f(details)g(and)h(con)o(v)o(en)o(tions)e(of)i(computer)e(comm)o(u-)149 +1170 y(nication,)18 b(net)o(w)o(ork)g(in)o(terconnection,)f(and)h(tra\016c)g +(routing.)28 b(\\TCP/IP)1536 1152 y Fm(2)1557 1170 y Fo(,")18 +b(an)h(abbreviation)149 1260 y(of)g(the)g(o\016cial)e(name)h(\\TCP/IP)i(In)o +(ternet)d(Proto)q(col)i(Suite,")g(can)g(b)q(e)f(used)h(to)g(set)g(up)f(com-) +149 1350 y(m)o(unication)h(b)q(et)o(w)o(een)h(an)o(y)h(set)f(of)h(in)o +(terconnected)e(hosts)j(or)f(net)o(w)o(orks.)34 b(It)20 b(is)h(notew)o(orth)o +(y)149 1441 y(that)h(TCP/IP)g(is)f(one)g(of)g(man)o(y)f(p)q(ossible)h(tec)o +(hnologies)g(that)g(could)g(b)q(e)g(used)h(to)f(comp)q(ose)149 +1531 y(in)o(terconnected)15 b(net)o(w)o(orks;)g(one)i(that)f(has)h +(demonstrated)f(its)g(viabilit)o(y)e(on)j(a)f(large)h(scale.)149 +1691 y(2.1.2)49 b(In)o(ternet)15 b(Services)223 1813 y(Users)j(are)h(usually) +f(not)h(in)o(terested)e(in)i(the)f(underlying)g(tec)o(hnologies)g(of)h(the)g +(In)o(ternet)e({)149 1904 y(their)j(in)o(terest)f(is)h(the)f(utilization)g +(of)i(net)o(w)o(ork)e(services.)32 b(The)20 b(la)o(y)o(ered)e(design)i(of)h +(TCP/IP)149 1994 y(pro)o(vides)c(the)h(necessary)f(means)f(for)i +(transparency)g(in)f(comm)o(unication)e(and)j(hiding)f(details)149 +2084 y(from)j(the)g(high)g(lev)o(el)e(applications.)33 b(Services)19 +b(can)h(b)q(e)h(partitioned)f(in)o(to)g(application)g(lev)o(el)149 +2174 y(in)o(ternet)f(services)g(and)h(net)o(w)o(ork)f(lev)o(el)f(in)o(ternet) +h(services.)30 b(Examples)19 b(of)h(application)g(lev)o(el)149 +2265 y(services)13 b(are)h(electronic)e(mail,)g(\014le)h(transfer,)h(and)g +(remote)e(login.)20 b(The)14 b(net)o(w)o(ork)f(lev)o(el)f(services)149 +2355 y(\\connectionless)19 b(pac)o(k)o(et)f(deliv)o(ery)f(service")h(and)h +(\\reliable)f(stream)g(transp)q(ort)i(service")e(are)149 2445 +y(used)c(b)o(y)f(the)h(net)o(w)o(ork)f(application)g(programmer)f(and)i +(remain)e(hidden)h(from)f(the)i(application)p 149 2489 720 +2 v 206 2520 a Fl(1)224 2535 y Fk(Defense)h(Adv)n(anced)g(Researc)o(h)g(Pro)r +(jects)g(Agency)206 2569 y Fl(2)224 2585 y Fk(named)24 b(after)h(its)g(ma)r +(jor)e(standards)j(TCP)f(\(T)m(ransmission)e(Con)o(trol)h(Proto)q(col\))h +(and)g(IP)g(\(In)o(ternet)149 2634 y(Proto)q(col\))p eop +%%Page: 7 16 +15 bop 1925 -100 a Fo(7)149 75 y(end)17 b(user.)23 b(These)17 +b(t)o(w)o(o)f(services)g(are)h(based)g(on)g(the)g(transmission)f(of)h(data)h +(pac)o(k)o(ets,)d(units)i(of)149 165 y(data)i(sen)o(t)e(across)i(a)f(pac)o(k) +o(et)e(switc)o(hing)h(net)o(w)o(ork.)25 b(The)18 b(collection)e(of)i(pac)o(k) +o(ets)f(that)h(b)q(elongs)149 255 y(to)f(one)f(connection)g(comp)q(oses)g +(the)g(data)h(comm)o(unication.)149 415 y(2.1.3)49 b(P)o(ac)o(k)o(et)15 +b(Routing)223 538 y(P)o(ac)o(k)o(ets)e(that)h(are)g(sen)o(t)g(from)f(one)h +(host)h(to)g(another)f(usually)g(ha)o(v)o(e)g(to)g(tra)o(v)o(erse)f(more)g +(than)149 628 y(one)i(ph)o(ysical)e(link)h(b)q(et)o(w)o(een)f(these)h(hosts.) +22 b(In)14 b(a)h(complex)d(net)o(w)o(ork)i(with)g(man)o(y)f(thousands)j(of) +149 718 y(mac)o(hines)f(it)g(is)i(not)f(a)h(trivial)e(task)h(to)h(direct)e(a) +i(pac)o(k)o(et)e(from)g(its)h(source)g(to)h(its)f(destination.)223 +809 y(In)k(an)g(in)o(ternet)527 791 y Fm(3)566 809 y Fo(there)g(are)g(sp)q +(ecially)f(dedicated)h(mac)o(hines)e(that)j(attac)o(h)f(t)o(w)o(o)g(or)h +(more)149 899 y(net)o(w)o(orks)h(and)h(transmit)e(pac)o(k)o(ets)g(from)g(one) +h(to)g(the)g(other.)38 b(These)22 b(mac)o(hines)e(are)j(called)149 +989 y(\\gatew)o(a)o(ys.")f(While)13 b(tra)o(v)o(ersing)h(the)f(net)o(w)o(ork) +h(from)f(source)h(to)h(destination)f(host,)h(a)f(message)149 +1079 y(is)i(lik)o(ely)c(to)k(pass)g(through)h(one)e(or)h(more)e(gatew)o(a)o +(ys.)21 b(If)15 b(the)g(top)q(ology)i(of)f(the)f(net)o(w)o(ork)f(allo)o(ws) +149 1170 y(sev)o(eral)j(paths)i(for)f(the)g(message)f(to)i(reac)o(h)e(its)h +(destination,)g(these)g(gatew)o(a)o(ys)g(ha)o(v)o(e)f(to)h(mak)o(e)149 +1260 y(decisions)e(ab)q(out)i(whic)o(h)d(route)i(to)f(c)o(ho)q(ose)h(for)g +(the)f(pac)o(k)o(et.)223 1350 y(In)d(a)h(TCP/IP)h(in)o(ternet)d(the)i(basic)f +(unit)h(of)g(data)g(transmission)f(is)h(the)f(IP)h(datagram.)20 +b(The)149 1441 y(pro)q(cess)c(of)g(c)o(ho)q(osing)g(a)g(path)g(o)o(v)o(er)e +(whic)o(h)h(to)g(send)h(a)g(datagram)f(from)f(source)i(to)f(destination)149 +1531 y(is)h(referred)g(to)g(as)h(routing;)f(an)o(y)h(computer)d(making)h(suc) +o(h)h(a)h(decision)f(is)g(called)f(a)h(router.)223 1621 y(Gatew)o(a)o(ys)f +(in)g(the)h(function)f(of)h(routers)g(comp)q(ose)f(a)g(co)q(op)q(erativ)o(e,) +g(in)o(terconnected)f(struc-)149 1711 y(ture.)21 b(Datagrams)c(originated)e +(at)h(the)g(source)g(are)f(passed)i(from)e(router)g(to)i(router)e(un)o(til)g +(they)149 1802 y(reac)o(h)h(a)h(gatew)o(a)o(y)f(that)h(can)f(deliv)o(er)e +(the)i(datagram)h(directly)d(to)j(its)f(destination.)149 1962 +y(2.1.4)49 b(Name)15 b(Resolution)223 2084 y(Early)e(systems)f(supp)q(orted)i +(p)q(oin)o(t{to{p)q(oin)o(t)h(connections)e(b)q(et)o(w)o(een)f(computers)g +(and)i(used)149 2174 y(lo)o(w)g(lev)o(el)d(hardw)o(are)j(addresses)g(to)g(sp) +q(ecify)e(mac)o(hines.)19 b(In)o(ternet)o(w)o(orking)11 b(in)o(tro)q(duced)i +(univ)o(er-)149 2265 y(sal)18 b(addressing)g(as)h(w)o(ell)d(as)i(proto)q(col) +g(soft)o(w)o(are)g(to)g(map)f(univ)o(ersal)f(addresses)i(in)o(to)g(lo)o +(w-lev)o(el)149 2355 y(hardw)o(are)g(addresses.)24 b(There)17 +b(is)g(also)h(the)f(notion)g(of)h(a)f(host)h(name)e(|)h(a)h(high)f(lev)o(el)e +(address)p 149 2399 720 2 v 206 2429 a Fl(3)224 2444 y Fk(\\Ph)o(ysically)m +(,)h(a)i(collection)f(of)f(pac)o(k)o(et)i(switc)o(hing)f(net)o(w)o(orks)h(in) +o(terconnected)i(b)o(y)d(gatew)o(a)o(ys)g(along)g(with)149 +2494 y(proto)q(cols)h(that)f(allo)o(w)f(them)g(to)h(function)g(logically)e +(as)i(a)g(single,)g(large,)g(virtual)f(net)o(w)o(ork.)29 b(When)17 +b(written)149 2544 y(in)g(upp)q(er)i(case,)g(In)o(ternet)g(refers)g(sp)q +(eci\014cally)e(to)h(the)g(connected)h(In)o(ternet)g(and)e(the)h(TCP/IP)g +(proto)q(cols)g(it)149 2594 y(uses."[Com91)n(])p eop +%%Page: 8 17 +16 bop 1925 -100 a Fo(8)149 75 y(|)17 b(a)g(pronounceable)f(iden)o(ti\014er)f +(for)i(hosts.)23 b(The)16 b(univ)o(ersal)g(addresses)h(can)f(b)q(e)h(mapp)q +(ed)f(in)o(to)149 165 y(host)h(names.)223 255 y(Mapping)e(pro)q(cesses)g(can) +h(also)f(b)q(e)g(called)f(\\name)g(binding")i(or)f(\\name)f(resolution.")21 +b(This)149 346 y(thesis)16 b(is)f(based)h(on)h(the)e(name)f(resolution)i(pro) +q(cess)g(b)q(et)o(w)o(een)f(high)h(lev)o(el)d(addresses,)j(the)g(host)149 +436 y(names,)f(and)i(univ)o(ersally)e(assigned)i(lo)o(w)o(er)e(lev)o(el)f(IP) +i(addresses.)223 526 y(Name)c(resolution)j(is)f(a)h(general)f(concept.)20 +b(The)15 b(curren)o(t)e(proto)q(col)j(in)e(the)g(TCP/IP)h(proto-)149 +616 y(col)h(suite)g(dealing)g(with)h(this)f(concept)g(and)h(solving)f(the)g +(problems)f(that)i(arise)f(from)g(it)g(is)g(the)149 707 y(Domain)g(Name)f +(System.)149 872 y(2.2)50 b(Historical)15 b(Dev)o(elopmen)o(t)223 +1012 y(Around)21 b(1970,)j(the)e(ARP)l(ANET)e(and)i(the)g(TYMNET)f(w)o(ere)f +(in)o(tro)q(duced.)37 b(They)21 b(w)o(ere)149 1102 y(the)h(\014rst)g +(large{scale,)g(general{purp)q(ose)h(data)f(net)o(w)o(orks)g(that)g +(connected)f(geographically)149 1192 y(distributed)16 b(computer)f(systems.) +223 1283 y(As)e(the)h(comm)o(unit)o(y)c(con)o(tained)k(only)g(a)g(few)g(h)o +(undred)g(hosts,)h(name)e(resolution)h(w)o(as)g(man-)149 1373 +y(aged)g(using)g(a)g(single)f(text)f(\014le:)20 b(HOSTS.TXT.)12 +b(This)h(\014le)g(con)o(tained)g(name{to{address)h(map-)149 +1463 y(ping)e(for)g(ev)o(ery)e(connected)h(host.)21 b(The)11 +b(administration,)g(main)o(tenance,)f(and)j(distribution)e(w)o(as)149 +1553 y(done)17 b(b)o(y)f(the)g(SRI)499 1535 y Fm(4)518 1553 +y Fo({)h(NIC)649 1535 y Fm(5)668 1553 y Fo(.)223 1644 y(Whenev)o(er)12 +b(some)i(application)g(had)g(to)h(resolv)o(e)e(a)i(host)f(name)f(and)i(get)g +(the)e(corresp)q(onding)149 1734 y(IP)j(address,)h(or)g(vice)e(v)o(ersa,)g +(the)h(resolv)o(er)f(function)h(called)f(simply)f(lo)q(ok)o(ed)j(up)f(the)g +(name)f(\(or)149 1824 y(IP)d(address\))h(in)f(a)g(lo)q(cal)g(cop)o(y)g(of)g +(the)g(master)f(HOSTS.TXT)h(\014le)f(and)i(returned)f(the)f(asso)q(ciated)149 +1915 y(v)m(alue.)223 2005 y(The)i(enormous)f(gro)o(wth)i(rate)e(of)i(the)e +(In)o(ternet)g(w)o(as)h(b)o(y)g(no)g(means)f(predictable.)19 +b(Therefore)149 2095 y(it)d(to)q(ok)h(sev)o(eral)e(y)o(ears)h(un)o(til)g +(serious)g(problems)f(b)q(ecame)g(apparen)o(t:)222 2227 y Fj(\017)24 +b Fo(System)13 b(administrators)h(used)g(to)h(e{mail)e(c)o(hanges)h(to)h(the) +f(NIC)g(and)h(p)q(erio)q(dically)e(con-)271 2317 y(tact)h(the)f(SRI-NIC)f(to) +i(obtain)g(the)f(latest)g(cop)o(y)g(of)g(HOSTS.TXT.)g(Net)o(w)o(ork)f +(tra\016c)h(and)271 2407 y(pro)q(cessor)18 b(load)e(b)q(ecame)f(unacceptably) +h(high)g(for)h(the)f(NIC.)p 149 2451 720 2 v 206 2482 a Fl(4)224 +2497 y Fk(Stanford)e(Researc)o(h)h(Institute)g(in)e(Menlo)h(P)o(ark,)f +(California)206 2532 y Fl(5)224 2547 y Fk(Net)o(w)o(ork)h(Information)e(Cen)o +(ter)p eop +%%Page: 9 18 +17 bop 1925 -100 a Fo(9)222 75 y Fj(\017)24 b Fo(Names)15 b(assigned)i(to)g +(hosts)g(ha)o(v)o(e)e(to)i(b)q(e)f(unique.)k(As)c(the)g(NIC)g(had)h(no)f +(authorit)o(y)g(o)o(v)o(er)271 165 y(host)h(name)e(assignmen)o(ts,)g(name)g +(collisions)h(b)q(ecame)f(a)h(problem.)222 297 y Fj(\017)24 +b Fo(With)19 b(the)g(gro)o(wth)h(of)f(the)g(In)o(ternet)f(and)i(the)e +(irregularit)o(y)g(of)h(database)i(up)q(dates)f(the)271 387 +y(consistency)c(of)h(the)f(name)f(space)h(w)o(as)h(no)f(longer)h(guaran)o +(teed.)149 519 y(All)e(of)i(these)f(problems)f(arose)i(b)q(ecause)f(the)g +(original)g(approac)o(h)h(scaled)f(p)q(o)q(orly)l(.)223 609 +y(In)22 b(1984)h(the)f(net)o(w)o(ork)g(comm)o(unit)n(y)d(switc)o(hed)j(to)g +(the)g(Domain)g(Name)e(System.)38 b(P)o(aul)149 699 y(Mo)q(c)o(k)m(ap)q +(etris)22 b(w)o(as)g(resp)q(onsible)g(for)f(the)h(design)f(of)h(the)g(arc)o +(hitecture)e(of)h(the)h(new)f(system.)149 790 y(The)14 b(original)f(RF)o(Cs) +541 772 y Fm(6)573 790 y Fo(describing)g(the)g(Domain)f(Name)g(System)f(are)j +([Mo)q(c83a])f(and)h([Mo)q(c83b].)149 880 y(They)j(ha)o(v)o(e)f(b)q(een)g +(obsolete)h(since)f(the)g(release)g(of)h(the)f(curren)o(t)g(sp)q +(eci\014cations)h([Mo)q(c87a)q(])f(and)149 970 y([Mo)q(c87b)q(])g(in)g(No)o +(v)o(em)o(b)q(er)d(1987)18 b(\([LR93])e(and)h([BG92]\).)149 +1136 y(2.3)50 b(Design)16 b(Goals)223 1275 y(The)k(e\013ort)h(of)f(designing) +h(the)f(Domain)f(Name)g(System)g(w)o(as)i(directed)e(to)o(w)o(ards)i(sev)o +(eral)149 1366 y(goals,)e(whic)o(h)e(had)i(the)e(main)g(in\015uence)f(on)j +(determining)c(the)j(curren)o(t)f(structure.)25 b(The)18 b(aim)149 +1456 y(w)o(as)f(to)g(create)e(a)i(system)e(with)h(the)g(follo)o(wing)g(ob)s +(jectiv)o(es)e(in)i(mind:)222 1588 y Fj(\017)24 b Fo(Data)18 +b(Consistency)222 1719 y Fj(\017)24 b Fo(E\016ciency)222 1851 +y Fj(\017)g Fo(Distributed)16 b(Character)222 1983 y Fj(\017)24 +b Fo(Generalit)o(y)222 2115 y Fj(\017)g Fo(Indep)q(endence)149 +2247 y(P)l(.)12 b(Mo)q(c)o(k)m(ap)q(etris)g(states)h(in)e([Mo)q(c87a)q(])h +(the)g(design)g(ob)s(jectiv)o(es)e(that)j(led)e(to)h(the)g(curren)o(t)f +(system:)p 149 2293 720 2 v 206 2324 a Fl(6)224 2339 y Fk(RF)o(Cs)j(are)g(a)g +(series)h(of)e(tec)o(hnical)h(rep)q(orts)i(called)d(Requests)i(for)f(Commen)o +(ts)p eop +%%Page: 10 19 +18 bop 1901 -100 a Fo(10)149 75 y(2.3.1)49 b(Data)18 b(Consistency)223 +197 y(The)g(primary)f(goal)i(w)o(as)f(to)h(pro)o(vide)e(a)i(consisten)o(t)f +(name)f(space)h(to)h(b)q(e)g(used)f(to)h(refer)e(to)149 287 +y(resources.)j(In)12 b(particular,)g(the)f(name)g(space)h(should)g(not)g(dep) +q(end)g(on)g(an)o(y)g(net)o(w)o(ork)f(iden)o(ti\014ers,)149 +378 y(and)17 b(therefore)f(b)q(e)g(totally)g(indep)q(enden)o(t)f(of)i +(routing)g(information)e(or)i(net)o(w)o(ork)e(top)q(ology)l(.)149 +538 y(2.3.2)49 b(E\016ciency)223 660 y(The)15 b(gro)o(wth)g(of)g(the)g(In)o +(ternet)f(in)g(n)o(um)o(b)q(er)f(of)i(mac)o(hines)e(and)j(subnet)o(w)o(orks)f +(called)f(for)h(the)149 750 y(in)o(tro)q(duction)i(of)h(a)f(naming)f +(resolution)h(system)f(that)h(could)g(handle)g(not)g(only)g(the)g(imme)o(nse) +149 841 y(v)o(olume)h(of)j(mac)o(hines)d(and)j(resolution)f(requests,)h(but)f +(could)g(also)h(resp)q(ond)g(e\016cien)o(tly)l(.)31 b(T)l(o)149 +931 y(obtain)14 b(these)e(desired)g(e\013ects,)g(the)h(system)e(w)o(as)i +(built)f(in)g(a)h(hierarc)o(hical,)f(distributed)g(manner)149 +1021 y(using)17 b(the)f(tec)o(hnology)g(of)g(cac)o(hing.)223 +1112 y(In)j(an)i(in)o(ternet,)e(access)h(to)h(mac)o(hines)d(in)i(lo)q(cal)g +(net)o(w)o(orks)f(is)h(more)f(lik)o(ely)e(than)k(remote)149 +1202 y(access)14 b(via)g(man)o(y)f(links.)19 b(Therefore,)14 +b(far)g(more)f(name)f(resolution)i(requests)g(are)g(made)f(lo)q(cally)l(.)149 +1292 y(The)18 b(kno)o(wledge)e(ab)q(out)i(the)f(requested)g(bindings)g(in)f +(the)h(lo)q(cal)g(net)o(w)o(ork)g(is)g(a)o(v)m(ailable)f(in)h(the)149 +1382 y(form)h(of)i(the)f(lo)q(cal)g(database.)30 b(These)19 +b(facts)h(suggests)g(the)f(use)g(of)g(the)g(hierarc)o(hical)e(organi-)149 +1473 y(zational)j(format)e(in)h(whic)o(h)g(lo)q(cal)g(resolution)g(requests)g +(are)g(resolv)o(ed)g(e\016cien)o(tly)d(b)o(y)j(a)h(lo)q(cal)149 +1563 y(en)o(tit)o(y)l(,)d(and)i(infrequen)o(t)e(resolution)h(requests)g(ab)q +(out)h(remote)e(mappings)h(are)g(dealt)g(with)g(b)o(y)149 1653 +y(an)e(in)o(teraction)d(of)i(lo)q(cal)g(and)g(remote)e(en)o(tities.)19 +b(The)c(clear)f(and)h(clean)f(structure)h(that)g(results)149 +1744 y(in)h(seeing)g(the)g(name)f(space)i(as)g(a)f(tree)g(also)h(fa)o(v)o +(ors)f(this)g(approac)o(h.)223 1834 y(The)c(creation)g(of)h(host)g(names)f(b) +o(y)f(app)q(ending)j(no)q(de)f(lab)q(els)f(from)f(the)i(lea)o(v)o(es)e(to)h +(the)h(ro)q(ot)g(of)149 1924 y(this)h(tree)e(serv)o(ed)h(the)g(need)g(for)h +(pronounceable,)g(easily)e(remem)n(b)q(erable)f(names)h(for)i(mac)o(hines.) +149 2014 y(The)23 b(distributed)f(arrangemen)o(t)g(of)h(the)f(system)g(con)o +(tributes)g(to)h(cutting)f(the)h(h)o(uge)g(name)149 2105 y(space)c(in)o(to)g +(pieces)e(that)i(can)g(b)q(e)g(managed)f(e\016cien)o(tly)l(.)26 +b(Cac)o(hing)19 b(information)e(lo)q(cally)h(that)149 2195 +y(w)o(as)e(receiv)o(ed)e(from)g(remote)g(sites)h(is)g(another)i(mec)o(hanism) +12 b(to)k(obtain)g(e\016ciency)l(.)i(Because)d(of)149 2285 +y(the)20 b(dynamics)e(of)i(the)f(system,)f(the)i(cac)o(hed)e(information)h +(is)g(quali\014ed)g(with)g(an)h(additional)149 2376 y(time)15 +b(to)h(liv)o(e)f(\(TTL\))i(parameter)e(to)h(ensure)g(the)g(goal)h(of)g(data)g +(consistency)l(.)p eop +%%Page: 11 20 +19 bop 1901 -100 a Fo(11)149 75 y(2.3.3)49 b(Distributed)16 +b(Character)223 197 y(The)f(c)o(hoice)e(of)j(implem)o(en)n(ting)c(this)j +(large)g(scale)g(clien)o(t{serv)o(er)d(paradigm)j(in)f(a)i(geograph-)149 +287 y(ically)f(distributed)h(set)g(of)h(mac)o(hines)d(w)o(as)j(supp)q(orted)h +(b)o(y)e(the)g(need)g(for)g(increased)g(reliabilit)o(y)149 +378 y(through)f(the)f(existence)e(of)i(redundan)o(t)g(data)h(bases)f(in)g +(secondary)g(name)f(serv)o(ers.)19 b(In)14 b(the)f(case)149 +468 y(of)20 b(an)o(y)f(kind)g(of)h(failure)e(in)h(one)h(of)f(the)h(name)e +(serv)o(ers)g(for)i(a)g(zone,)f(the)g(redundan)o(t)h(bac)o(kup)149 +558 y(serv)o(ers)c(will)f(still)g(b)q(e)i(able)f(to)g(pro)o(vide)g(the)g +(mapping)g(service.)k(Therefore)15 b(the)i(o)q(ccurrence)e(of)149 +649 y(a)i(failure)e(at)i(a)g(single)e(site)h(cannot)h(lead)f(to)h(the)f +(denial)f(of)i(the)f(resolution)g(service.)223 739 y(Lo)q(cal)e(authorities)g +(could)g(administer)e(their)h(o)o(wn)h(domains)g(and)g(zones,)g(k)o(eeping)f +(the)h(data)149 829 y(base)j(consisten)o(t,)e(pro)o(viding)g(autonomous)h +(con)o(trol)g(of)g(name)e(assignmen)o(t,)h(and)h(taking)g(a)o(w)o(a)o(y)149 +919 y(the)11 b(load)g(from)f(cen)o(tral)g(authorities.)20 b(Authorit)o(y)9 +b(passes)j(do)o(wn)g(the)e(edges)h(of)h(the)e(tree,)h(whereas)149 +1010 y(information)19 b(\015o)o(ws)i(across)g(the)e(hierarc)o(hies)g(from)g +(one)h(host)h(to)f(another.)33 b(The)20 b(conceptual)149 1100 +y(arrangemen)o(t)f(of)h(domain)f(name)g(serv)o(ers)g(in)h(a)g(tree)f(resem)o +(bling)e(the)j(name)f(structure)g(is)h(in)149 1190 y(fact)d(a)f(more)f +(realistic)g(arrangemen)o(t,)g(namely)f(a)j(shallo)o(w)f(tree.)149 +1350 y(2.3.4)49 b(Generalit)o(y)223 1473 y(Pragmatic)15 b(reasons)i(called)e +(for)i(generalit)o(y)l(.)i(Impleme)o(n)o(tation)13 b(costs)k(and)g(the)f +(amoun)o(t)f(of)149 1563 y(administrativ)o(e)9 b(e\013ort)i(in)g(supp)q +(orting)h(the)f(system)f(dictated)g(a)i(general)f(usefulness.)19 +b(Therefore)149 1653 y(the)j(system)e(do)q(es)i(not)g(con)o(tain)g(an)o(y)f +(unnecessary)h(restrictions)f(regarding)h(its)g(purp)q(ose)g(or)149 +1744 y(applications.)30 b(This)19 b(goal)g(can)h(b)q(e)f(reform)o(ulated)e +(as)i(the)g(desire)f(to)h(allo)o(w)g(augmen)o(tation)f(of)149 +1834 y(the)e(data)i(basis)e(b)o(y)g(new)g(data)h(structures.)149 +1994 y(2.3.5)49 b(Indep)q(endence)223 2116 y(The)16 b(system)g(w)o(as)h +(designed)g(to)g(b)q(e)g(indep)q(enden)o(t)f(of)h(underlying)f(hardw)o(are,)h +(b)q(e)g(it)g(of)g(the)149 2207 y(lo)q(cal)24 b(mac)o(hine)d(or)j(the)f(net)o +(w)o(ork)g(in)o(terface.)42 b(F)l(urthermore,)23 b(the)g(transactions)h +(should)g(b)q(e)149 2297 y(indep)q(enden)o(t)17 b(of)g(the)g(comm)o(uni)o +(cation)d(system)i(that)h(carries)g(them.)k(Therefore,)c(all)f(p)q(ossible) +149 2387 y(kinds)23 b(of)f(pac)o(k)o(et)g(switc)o(hing)g(are)g(suitable,)h +(suc)o(h)f(as)i(store{and{forw)o(ard)g(switc)o(hing)e(using)149 +2478 y(datagrams,)17 b(virtual)e(circuits,)g(or)h(p)q(ossibly)h(h)o(ybrid)e +(approac)o(hes.)p eop +%%Page: 12 21 +20 bop 1901 -100 a Fo(12)149 75 y(2.4)50 b(DNS)16 b(En)o(tities)223 +214 y(The)11 b(Domain)h(Name)e(System)g(consists)i(of)g(sev)o(eral)f(en)o +(tities:)17 b(resolv)o(ers,)12 b(name)e(serv)o(ers,)i(and)149 +305 y(resource)i(records)g(\(RR\).)g(W)l(e)g(\014rst)g(describ)q(e)g(the)f +(domain)h(name)f(space)h(and)h(resource)e(records)149 395 y(that)k(are)e +(sections)h(in)f(DNS)h(messages.)21 b(They)15 b(serv)o(e)g(for)h(the)f(exc)o +(hange)g(of)h(data)h(b)q(et)o(w)o(een)e(the)149 485 y(in)o(teracting)k(name)g +(serv)o(ers)g(and)i(resolv)o(ers.)32 b(W)l(e)19 b(then)h(describ)q(e)f(purp)q +(oses)j(and)e(features)g(of)149 575 y(name)c(serv)o(ers)f(and)i(resolv)o +(ers.)149 735 y(2.4.1)49 b(Domain)16 b(Name)f(Space)223 858 +y(The)d(Domain)f(Name)g(Space)h(is)f(the)h(sp)q(eci\014cation)g(of)h(a)f +(tree{structured)g(name)f(space.)19 b(The)149 948 y(ro)q(ot)i(of)f(the)f +(tree)f(is)i(the)f(ro)q(ot)h(domain)f(follo)o(w)o(ed)f(b)o(y)h(its)g(c)o +(hildren,)f(the)h(top{lev)o(el)f(domains,)149 1039 y(whic)o(h)i(can)h(con)o +(tain)g(sev)o(eral)e(lev)o(els)g(of)i(sub)q(domains.)35 b(Figure)20 +b(2.1)h(sho)o(ws)g(the)g(structure)f(of)149 1129 y(suc)o(h)d(a)g(tree.)k +(Host)c(names)e(consist)i(of)g(a)f(concatenation)h(of)g(the)f(lab)q(els)h(of) +g(eac)o(h)f(no)q(de)h(on)g(the)149 1219 y(path)f(from)d(the)i(leaf)f(that)h +(represen)o(ts)f(the)h(actual)f(host)i(up)f(to)g(the)f(ro)q(ot.)22 +b(Adjacen)o(t)14 b(lab)q(els)g(are)149 1309 y(separated)i(b)o(y)e(a)i(dot.)21 +b(Domains)15 b(are)g(simply)e(subtrees)i(of)g(the)g(Domain)f(Name)f(Space.)21 +b(In)15 b(our)149 1400 y(example)f(\\purdue.edu")j(is)f(a)h(domain)e(name.) +524 2188 y @beginspecial 0 @llx 0 @lly 239 @urx 134 @ury 2390 +@rwi @setspecial +%%BeginDocument: pictures/dom_purd.ps +/$F2psDict 200 dict def +$F2psDict begin +$F2psDict /mtrx matrix put +/l {lineto} bind def +/m {moveto} bind def +/s {stroke} bind def +/n {newpath} bind def +/gs {gsave} bind def +/gr {grestore} bind def +/clp {closepath} bind def +/graycol {dup dup currentrgbcolor 4 -2 roll mul 4 -2 roll mul +4 -2 roll mul setrgbcolor} bind def +/col-1 {} def +/col0 {0 0 0 setrgbcolor} bind def +/col1 {0 0 1 setrgbcolor} bind def +/col2 {0 1 0 setrgbcolor} bind def +/col3 {0 1 1 setrgbcolor} bind def +/col4 {1 0 0 setrgbcolor} bind def +/col5 {1 0 1 setrgbcolor} bind def +/col6 {1 1 0 setrgbcolor} bind def +/col7 {1 1 1 setrgbcolor} bind def + /DrawEllipse { + /endangle exch def + /startangle exch def + /yrad exch def + /xrad exch def + /y exch def + /x exch def + /savematrix mtrx currentmatrix def + x y translate xrad yrad scale 0 0 1 startangle endangle arc + savematrix setmatrix + } def + + end +/$F2psBegin {$F2psDict begin /$F2psEnteredState save def} def +/$F2psEnd {$F2psEnteredState restore end} def + +$F2psBegin +0 setlinecap 0 setlinejoin +-4.0 139.0 translate 0.900 -0.900 scale +0.500 setlinewidth +n 74 114 70 40 0 360 DrawEllipse gs 0.95 setgray fill gr +gs col-1 s gr +n 189 14 m 189 44 l gs col-1 s gr +n 189 14 m 269 44 l gs col-1 s gr +n 189 14 m 109 44 l gs col-1 s gr +n 109 59 m 79 84 l gs col-1 s gr +n 79 99 m 109 124 l gs col-1 s gr +n 79 99 m 69 124 l gs col-1 s gr +n 79 99 m 29 124 l gs col-1 s gr +/Times-Bold findfont 12.00 scalefont setfont +99 54 m +gs 1 -1 scale (edu) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +179 54 m +gs 1 -1 scale (com) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +259 54 m +gs 1 -1 scale (org) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +184 14 m +gs 1 -1 scale (" ") col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +59 94 m +gs 1 -1 scale (purdue) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +19 134 m +gs 1 -1 scale (cs) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +59 134 m +gs 1 -1 scale (cc) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +99 134 m +gs 1 -1 scale (ecn) col-1 show gr +$F2psEnd +%%EndDocument + @endspecial 714 2433 a(Figure)h(2.1)33 b(Domain)15 b(purdue.edu)p +eop +%%Page: 13 22 +21 bop 1901 -100 a Fo(13)223 75 y(A)14 b(part)h(of)g(the)f(Domain)g(Name)f +(Space)i(that)g(is)f(con)o(trolled)g(completely)e(b)o(y)i(a)h(name)f(serv)o +(er)149 165 y(is)23 b(called)f(a)i(zone.)42 b(The)23 b(delicate)e +(di\013erence)h(b)q(et)o(w)o(een)h(a)g(domain)f(and)i(a)g(zone)f(is)g(that)g +(a)149 255 y(zone)16 b(con)o(tains)g(all)g(the)g(domain)f(names)g(and)i(data) +g(that)f(a)h(domain)e(con)o(tains,)g(except)g(for)i(the)149 +346 y(domain)h(names)f(and)i(data)g(that)f(are)g(delegated)g(elsewhere)f +(\(see)h(Figure)f(2.2\).)28 b(Viewing)17 b(the)149 436 y(domains)f(\(no)q +(des\))g(and)g(hosts)h(\(lea)o(v)o(es\))d(as)j(the)e(conceptual)g(arrangemen) +o(t)g(yields)f(a)j(tree)e(with)149 526 y(greater)i(heigh)o(t)f(than)i +(viewing)e(the)g(zones)h(as)g(no)q(des.)24 b(The)16 b(latter)h(is)f(a)h(more) +f(realistic)f(la)o(y)o(out)149 616 y(of)i(the)f(tree)g(in)f(terms)g(of)i +(e\016ciency)l(.)223 707 y(An)e(example)e(for)i(the)g(di\013erence)f(b)q(et)o +(w)o(een)h(domain)f(and)i(zone)f(is)g(the)g(follo)o(wing)g(scenario.)149 +797 y(A)i(lo)q(cal)h(authorit)o(y)f(manages)h(the)f(domain)f(\\alpha.dom".)25 +b(\\alpha.dom")18 b(has)g(three)f(sub)q(do-)149 887 y(mains)e(\\phi,")g(\\c)o +(hi,")g(and)h(\\psi")h(that)e(con)o(tain)h(sev)o(eral)e(hosts,)i(but)g(no)g +(further)f(sub)q(domains.)149 978 y(If)g(the)g(authorit)o(y)g(for)g(sub)q +(domain)g(\\psi")h(is)f(transferred)g(to)h(\\psi.alpha.dom,")e(t)o(w)o(o)h +(zones)g(are)149 1068 y(the)j(result.)27 b(The)18 b(authorit)o(y)g(for)h +(\\alpha.dom")f(could)g(additionally)f(transfer)i(the)f(authorit)o(y)149 +1158 y(for)k(\\c)o(hi")g(to)g(the)g(same)e(authorit)o(y)i(that)g(administers) +e(\\psi".)39 b(This)22 b(example)d(sho)o(ws)k(that)149 1248 +y(zones)17 b(do)g(not)f(ha)o(v)o(e)g(to)g(b)q(e)h(connected)e(b)o(y)h(edges)g +(in)g(the)g(tree)g(structured)g(domain)f(tree.)524 2037 y @beginspecial +0 @llx 0 @lly 248 @urx 126 @ury 2480 @rwi @setspecial +%%BeginDocument: pictures/dom_zone.ps +/$F2psDict 200 dict def +$F2psDict begin +$F2psDict /mtrx matrix put +/l {lineto} bind def +/m {moveto} bind def +/s {stroke} bind def +/n {newpath} bind def +/gs {gsave} bind def +/gr {grestore} bind def +/clp {closepath} bind def +/graycol {dup dup currentrgbcolor 4 -2 roll mul 4 -2 roll mul +4 -2 roll mul setrgbcolor} bind def +/col-1 {} def +/col0 {0 0 0 setrgbcolor} bind def +/col1 {0 0 1 setrgbcolor} bind def +/col2 {0 1 0 setrgbcolor} bind def +/col3 {0 1 1 setrgbcolor} bind def +/col4 {1 0 0 setrgbcolor} bind def +/col5 {1 0 1 setrgbcolor} bind def +/col6 {1 1 0 setrgbcolor} bind def +/col7 {1 1 1 setrgbcolor} bind def + /DrawEllipse { + /endangle exch def + /startangle exch def + /yrad exch def + /xrad exch def + /y exch def + /x exch def + /savematrix mtrx currentmatrix def + x y translate xrad yrad scale 0 0 1 startangle endangle arc + savematrix setmatrix + } def + + /DrawSplineSection { + /y3 exch def + /x3 exch def + /y2 exch def + /x2 exch def + /y1 exch def + /x1 exch def + /xa x1 x2 x1 sub 0.666667 mul add def + /ya y1 y2 y1 sub 0.666667 mul add def + /xb x3 x2 x3 sub 0.666667 mul add def + /yb y3 y2 y3 sub 0.666667 mul add def + x1 y1 lineto + xa ya xb yb x3 y3 curveto + } def + + end +/$F2psBegin {$F2psDict begin /$F2psEnteredState save def} def +/$F2psEnd {$F2psEnteredState restore end} def + +$F2psBegin +0 setlinecap 0 setlinejoin +-4.0 139.0 translate 0.900 -0.900 scale +0.500 setlinewidth +n 139 94 135 60 0 360 DrawEllipse gs col-1 s gr +n 219 14 m 219 34 l gs col-1 s gr +n 219 14 m 259 34 l gs col-1 s gr + 1 setlinecap [1 3.000000] 3.000000 setdash +n 259 34 m 279 44 l gs col-1 s gr + [] 0 setdash 0 setlinecap + 1 setlinecap [1 3.000000] 3.000000 setdash +n 219 34 m 219 44 l gs col-1 s gr + [] 0 setdash 0 setlinecap +n 219 14 m 139 54 l gs col-1 s gr +n 139 54 m 79 94 l gs col-1 s gr +n 139 54 m 139 94 l gs col-1 s gr +n 139 54 m 199 94 l gs col-1 s gr +n 199 94 m 179 134 l gs col-1 s gr +n 199 94 m 199 134 l gs col-1 s gr +n 199 94 m 219 134 l gs col-1 s gr +n 139 94 m 119 134 l gs col-1 s gr +n 139 94 m 139 134 l gs col-1 s gr +n 139 94 m 159 134 l gs col-1 s gr +n 79 94 m 59 134 l gs col-1 s gr +n 79 94 m 79 134 l gs col-1 s gr +n 79 94 m 99 134 l gs col-1 s gr + [4.000000] 0 setdash +n 49.000 104.000 m 49.000 89.000 l + 49.000 89.000 49.000 74.000 84.000 62.500 DrawSplineSection + 84.000 62.500 119.000 51.000 139.000 51.000 DrawSplineSection + 139.000 51.000 159.000 51.000 194.000 62.500 DrawSplineSection + 194.000 62.500 229.000 74.000 229.000 89.000 DrawSplineSection + 229.000 89.000 229.000 104.000 226.500 119.000 DrawSplineSection + 226.500 119.000 224.000 134.000 211.500 139.000 DrawSplineSection + 211.500 139.000 199.000 144.000 186.500 139.000 DrawSplineSection + 186.500 139.000 174.000 134.000 161.500 109.000 DrawSplineSection + 161.500 109.000 149.000 84.000 139.000 84.000 DrawSplineSection + 139.000 84.000 129.000 84.000 116.500 109.000 DrawSplineSection + 116.500 109.000 104.000 134.000 91.500 139.000 DrawSplineSection + 91.500 139.000 79.000 144.000 66.500 139.000 DrawSplineSection + 66.500 139.000 54.000 134.000 51.500 119.000 DrawSplineSection + 49.000 104.000 l gs col-1 s gr + [] 0 setdash +/Times-Bold findfont 12.00 scalefont setfont +219 69 m +gs 1 -1 scale (domain) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +59 89 m +gs 1 -1 scale (zone) col-1 show gr +$F2psEnd +%%EndDocument + @endspecial 746 2281 a(Figure)h(2.2)32 b(Domain)16 b(vs.)21 +b(zone)p eop +%%Page: 14 23 +22 bop 1901 -100 a Fo(14)149 75 y(2.4.2)49 b(DNS)17 b(Messages)223 +197 y(DNS)e(messages)h(are)f(the)h(data)g(units)g(that)g(are)g(transmitted)f +(b)q(et)o(w)o(een)f(name)h(serv)o(ers)g(and)149 287 y(resolv)o(ers.)22 +b(A)16 b(DNS)g(message)g(consists)h(of)g(the)f(header)h(and)g(up)g(to)f(four) +h(sections)g(\(see)f(Figure)149 378 y(2.3\).)22 b(The)16 b(header)g(con)o +(tains)h(the)f(follo)o(wing)g(\014elds:)337 2219 y @beginspecial +0 @llx 0 @lly 333 @urx 387 @ury 3330 @rwi @setspecial +%%BeginDocument: pictures/dns_mesg.ps +/$F2psDict 200 dict def +$F2psDict begin +$F2psDict /mtrx matrix put +/l {lineto} bind def +/m {moveto} bind def +/s {stroke} bind def +/n {newpath} bind def +/gs {gsave} bind def +/gr {grestore} bind def +/clp {closepath} bind def +/graycol {dup dup currentrgbcolor 4 -2 roll mul 4 -2 roll mul +4 -2 roll mul setrgbcolor} bind def +/col-1 {} def +/col0 {0 0 0 setrgbcolor} bind def +/col1 {0 0 1 setrgbcolor} bind def +/col2 {0 1 0 setrgbcolor} bind def +/col3 {0 1 1 setrgbcolor} bind def +/col4 {1 0 0 setrgbcolor} bind def +/col5 {1 0 1 setrgbcolor} bind def +/col6 {1 1 0 setrgbcolor} bind def +/col7 {1 1 1 setrgbcolor} bind def + end +/$F2psBegin {$F2psDict begin /$F2psEnteredState save def} def +/$F2psEnd {$F2psEnteredState restore end} def + +$F2psBegin +0 setlinecap 0 setlinejoin +-4.0 391.0 translate 0.900 -0.900 scale +0.500 setlinewidth +n 149 169 m 149 149 l 369 149 l 369 169 l gs col-1 s gr +n 149 189 m 369 189 l gs col-1 s gr + 1 setlinecap [1 4.000000] 4.000000 setdash +n 369 169 m 369 189 l gs col-1 s gr + [] 0 setdash 0 setlinecap + 1 setlinecap [1 4.000000] 4.000000 setdash +n 149 169 m 149 189 l gs col-1 s gr + [] 0 setdash 0 setlinecap +/Courier-Bold findfont 12.00 scalefont setfont +154 164 m +gs 1 -1 scale (QNAME) col-1 show gr +n 9 189 m 9 169 l 89 169 l 89 189 l gs col-1 s gr +n 9 269 m 89 269 l gs col-1 s gr +n 9 249 m 89 249 l gs col-1 s gr +n 9 229 m 89 229 l gs col-1 s gr +n 9 209 m 89 209 l gs col-1 s gr +n 9 189 m 89 189 l gs col-1 s gr + 1 setlinecap [1 3.000000] 3.000000 setdash +n 89 189 m 89 269 l gs col-1 s gr + [] 0 setdash 0 setlinecap + 1 setlinecap [1 3.000000] 3.000000 setdash +n 9 189 m 9 269 l gs col-1 s gr + [] 0 setdash 0 setlinecap +/Courier-Bold findfont 12.00 scalefont setfont +14 184 m +gs 1 -1 scale (HEADER) col-1 show gr +/Courier-Bold findfont 12.00 scalefont setfont +14 204 m +gs 1 -1 scale (QUESTION) col-1 show gr +/Courier-Bold findfont 12.00 scalefont setfont +14 224 m +gs 1 -1 scale (ANSWER) col-1 show gr +/Courier-Bold findfont 12.00 scalefont setfont +14 244 m +gs 1 -1 scale (AUTHORITY) col-1 show gr +/Courier-Bold findfont 12.00 scalefont setfont +14 264 m +gs 1 -1 scale (ADDITIONAL) col-1 show gr +n 369 129 m 369 9 l 149 9 l 149 129 l clp gs col-1 s gr +n 149 29 m 369 29 l gs col-1 s gr +n 149 49 m 369 49 l gs col-1 s gr +n 149 69 m 369 69 l gs col-1 s gr +n 149 89 m 369 89 l gs col-1 s gr +n 149 109 m 369 109 l gs col-1 s gr +n 149 189 m 149 229 l 369 229 l 369 189 l gs col-1 s gr +n 149 209 m 369 209 l gs col-1 s gr +n 149 269 m 149 249 l 369 249 l 369 269 l gs col-1 s gr +n 149 289 m 369 289 l gs col-1 s gr + 1 setlinecap [1 4.000000] 4.000000 setdash +n 369 269 m 369 289 l gs col-1 s gr + [] 0 setdash 0 setlinecap + 1 setlinecap [1 4.000000] 4.000000 setdash +n 149 269 m 149 289 l gs col-1 s gr + [] 0 setdash 0 setlinecap + 1 setlinecap [1 4.000000] 4.000000 setdash +n 369 409 m 369 429 l gs col-1 s gr + [] 0 setdash 0 setlinecap + 1 setlinecap [1 4.000000] 4.000000 setdash +n 149 409 m 149 429 l gs col-1 s gr + [] 0 setdash 0 setlinecap +n 149 289 m 149 409 l gs col-1 s gr +n 369 289 m 369 409 l gs col-1 s gr +n 149 429 m 369 429 l gs col-1 s gr +n 149 389 m 369 389 l gs col-1 s gr +n 149 369 m 369 369 l gs col-1 s gr +n 149 329 m 369 329 l gs col-1 s gr +n 149 309 m 369 309 l gs col-1 s gr +n 151 4 m 144 4 144 127 7 arcto 4 {pop} repeat 144 134 367 134 7 arcto 4 {pop} repeat 374 134 374 11 7 arcto 4 {pop} repeat 374 4 151 4 7 arcto 4 {pop} repeat clp gs col-1 s gr +n 151 144 m 144 144 144 227 7 arcto 4 {pop} repeat 144 234 367 234 7 arcto 4 {pop} repeat 374 234 374 151 7 arcto 4 {pop} repeat 374 144 151 144 7 arcto 4 {pop} repeat clp gs col-1 s gr +n 151 244 m 144 244 144 427 7 arcto 4 {pop} repeat 144 434 367 434 7 arcto 4 {pop} repeat 374 434 374 251 7 arcto 4 {pop} repeat 374 244 151 244 7 arcto 4 {pop} repeat clp gs col-1 s gr +n 11 164 m 4 164 4 267 7 arcto 4 {pop} repeat 4 274 87 274 7 arcto 4 {pop} repeat 94 274 94 171 7 arcto 4 {pop} repeat 94 164 11 164 7 arcto 4 {pop} repeat clp gs col-1 s gr +1.000 setlinewidth +n 94 179 m 144 29 l gs col-1 s gr +n 135.146 42.914 m 144.000 29.000 l 142.735 45.444 l gs 2 setlinejoin col-1 s gr +n 94 199 m 144 169 l gs col-1 s gr +n 128.222 173.802 m 144.000 169.000 l 132.338 180.662 l gs 2 setlinejoin col-1 s gr +0.500 setlinewidth +n 94 209 m 99 214 l 99 234 l 104 239 l 99 244 l 99 264 l + 94 269 l gs col-1 s gr +1.000 setlinewidth +n 104 239 m 144 269 l gs col-1 s gr +n 133.600 256.200 m 144.000 269.000 l 128.800 262.600 l gs 2 setlinejoin col-1 s gr +/Courier-Bold findfont 12.00 scalefont setfont +154 24 m +gs 1 -1 scale (ID) col-1 show gr +/Courier-Bold findfont 12.00 scalefont setfont +154 44 m +gs 1 -1 scale (QR/OPCODE/AA/TC/RD/RA/Z/RCODE) col-1 show gr +/Courier-Bold findfont 12.00 scalefont setfont +154 64 m +gs 1 -1 scale (QDCOUNT) col-1 show gr +/Courier-Bold findfont 12.00 scalefont setfont +154 84 m +gs 1 -1 scale (ANCOUNT) col-1 show gr +/Courier-Bold findfont 12.00 scalefont setfont +154 104 m +gs 1 -1 scale (NSCOUNT) col-1 show gr +/Courier-Bold findfont 12.00 scalefont setfont +154 124 m +gs 1 -1 scale (ARCOUNT) col-1 show gr +/Courier-Bold findfont 12.00 scalefont setfont +154 204 m +gs 1 -1 scale (QTYPE) col-1 show gr +/Courier-Bold findfont 12.00 scalefont setfont +154 224 m +gs 1 -1 scale (QCLASS) col-1 show gr +/Courier-Bold findfont 12.00 scalefont setfont +154 264 m +gs 1 -1 scale (NAME) col-1 show gr +/Courier-Bold findfont 12.00 scalefont setfont +154 304 m +gs 1 -1 scale (TYPE) col-1 show gr +/Courier-Bold findfont 12.00 scalefont setfont +154 324 m +gs 1 -1 scale (CLASS) col-1 show gr +/Courier-Bold findfont 12.00 scalefont setfont +154 344 m +gs 1 -1 scale (TTL) col-1 show gr +/Courier-Bold findfont 12.00 scalefont setfont +154 384 m +gs 1 -1 scale (RDLENGTH) col-1 show gr +/Courier-Bold findfont 12.00 scalefont setfont +154 404 m +gs 1 -1 scale (RDATA) col-1 show gr +$F2psEnd +%%EndDocument + @endspecial 781 2464 a(Figure)g(2.3)33 b(DNS)16 b(message)p +eop +%%Page: 15 24 +23 bop 1901 -100 a Fo(15)222 75 y Fj(\017)24 b Fo(a)17 b(16)g(bit)f(iden)o +(ti\014er)f(is)h(assigned)g(b)o(y)g(the)g(program)g(that)h(generates)f(an)o +(y)g(kind)g(of)h(query)222 207 y Fj(\017)24 b Fo(the)18 b(\\QR")g(bit)g(sp)q +(eci\014es)f(whether)h(the)f(message)g(is)h(a)g(query)f(\(v)m(alue)g(0\))h +(or)h(a)f(resp)q(onse)271 297 y(\(v)m(alue)e(1\))222 429 y +Fj(\017)24 b Fo(the)12 b(\\OPCODE")i(is)d(a)i(four)f(bit)g(\014eld)f(that)i +(sp)q(eci\014es)e(the)h(kind)g(of)g(query)f(in)h(the)g(message.)271 +519 y(It)k(can)h(con)o(tain)f(the)g(follo)o(wing)g(v)m(alues:)326 +651 y Fi({)25 b Fo(0)16 b(for)h(a)f(standard)i(query)d(\(QUER)l(Y\))326 +762 y Fi({)25 b Fo(1)16 b(for)h(an)g(in)o(v)o(erse)d(query)i(\(IQUER)l(Y\)) +326 873 y Fi({)25 b Fo(2)16 b(for)h(a)f(serv)o(er)g(status)h(request)e(\(ST)l +(A)l(TUS\))326 984 y Fi({)25 b Fo(3)16 b(-)h(15)g(reserv)o(ed)e(for)h(future) +g(use)222 1116 y Fj(\017)24 b Fo(the)16 b(next)g(bit)f(\\AA")h(is)g(only)g(v) +m(alid)f(in)h(a)g(resp)q(onse)h(and)g(sp)q(eci\014es)e(that)i(the)e(resp)q +(onding)271 1206 y(name)g(serv)o(er)h(is)g(an)g(authorit)o(y)g(for)h(the)f +(domain)f(name)g(in)h(the)g(question)g(section)222 1338 y Fj(\017)24 +b Fo(the)16 b(\\TC")i(bit)e(sp)q(eci\014es)g(if)f(a)i(message)e(w)o(as)i +(truncated)222 1469 y Fj(\017)24 b Fo(the)16 b(\\RD")i(bit)d(sp)q(eci\014es)h +(if)g(recursion)g(is)g(desired)g(b)o(y)f(a)i(query)222 1601 +y Fj(\017)24 b Fo(the)16 b(\\RA")h(bit)f(sp)q(eci\014es)g(if)f(recursion)h +(is)g(a)o(v)m(ailable)222 1733 y Fj(\017)24 b Fo(the)16 b(follo)o(wing)g +(three)g(bits)g(in)g(the)g(\\Z")h(\014eld)e(are)i(reserv)o(ed)e(for)h(future) +g(use)222 1865 y Fj(\017)24 b Fo(the)c(last)f(four)h(bits)g(determine)d(the)i +(resp)q(onse)i(co)q(de)e(\\R)o(CODE".)h(P)o(ossible)g(v)m(alues)f(for)271 +1955 y(the)d(resp)q(onse)h(co)q(de)g(are:)326 2087 y Fi({)25 +b Fo(0)16 b(for)h(\\No)f(Error)h(Condition")326 2198 y Fi({)25 +b Fo(1)16 b(to)h(indicate)e(a)i(\\F)l(ormat)f(Error")326 2309 +y Fi({)25 b Fo(2)16 b(to)h(indicate)e(a)i(\\Serv)o(er)e(F)l(ailure")326 +2420 y Fi({)25 b Fo(3)16 b(to)h(indicate)e(a)i(\\Name)e(Error")326 +2531 y Fi({)25 b Fo(4)16 b(to)h(indicate)e(that)i(the)f(requested)f(feature)h +(is)g(\\Not)h(Implem)o(en)n(ted")p eop +%%Page: 16 25 +24 bop 1901 -100 a Fo(16)326 75 y Fi({)25 b Fo(5)f(to)g(indicate)f(that)i +(the)e(name)g(serv)o(er)g(\\Refused")h(to)g(p)q(erform)f(the)h(sp)q +(eci\014ed)379 165 y(op)q(eration)326 276 y Fi({)h Fo(6)16 +b(-)h(15)g(are)f(reserv)o(ed)f(for)i(future)f(use)222 408 y +Fj(\017)24 b Fo(The)17 b(follo)o(wing)f(four)g(unsigned)h(16)g(bit)f(in)o +(teger)f(v)m(alues)i(sp)q(ecify)e(the)h(n)o(um)o(b)q(er)f(of)i(en)o(tries)271 +498 y(in)f(the)g(follo)o(wing)g(question,)g(answ)o(er,)g(authorit)o(y)l(,)f +(and)i(additional)g(sections.)223 642 y(The)i(con)o(ten)o(ts)g(of)g(these)g +(four)h(sections)f(serv)o(e)f(di\013eren)o(t)g(purp)q(oses.)32 +b(The)19 b(order)g(of)h(these)149 733 y(section)f(is)g(alw)o(a)o(ys)g(the)g +(same.)30 b(Some)18 b(of)h(the)g(sections)g(can)h(b)q(e)f(empt)o(y)e(in)i(a)g +(DNS)h(message.)149 823 y(The)d(format)e(of)i(the)f(answ)o(er,)g(authorit)o +(y)g(and)h(additional)f(section)g(is)g(the)g(same.)223 913 +y(The)e(question)g(section)g(carries)g(query)g(name,)f(query)h(t)o(yp)q(e)g +(and)h(query)f(class.)21 b(V)l(alid)13 b(query)149 1004 y(t)o(yp)q(es)g(are)g +(all)f(the)g(co)q(des)h(for)g(resource)f(record)h(t)o(yp)q(es,)g(whic)o(h)f +(w)o(e)g(will)f(explain)h(in)g(the)h(follo)o(wing)149 1094 +y(Section)h(2.4.3,)h(and)g(some)f(more)f(general)h(ones)h(for)g(zone)g +(transfer,)f(mail)f(handling)i(tasks,)g(and)149 1184 y(wild{carding.)223 +1274 y(The)h(follo)o(wing)g(class)g(mnemonics)d(and)k(v)m(alues)g(are)f +(curren)o(tly)e(de\014ned:)222 1406 y Fj(\017)24 b Fo(1)17 +b(for)g(\\IN")f({)g(In)o(ternet)222 1538 y Fj(\017)24 b Fo(2)17 +b(for)g(\\CS")g({)g(CSNET)222 1670 y Fj(\017)24 b Fo(3)17 b(for)g(\\CH")f({)h +(CHA)o(OS)222 1802 y Fj(\017)24 b Fo(4)17 b(for)g(\\HS")f({)h(Hesio)q(d)222 +1933 y Fj(\017)24 b Fo(255)18 b(for)e(wild{carding)223 2065 +y(The)k(answ)o(er)h(section)f(carries)g(resource)g(records)h(that)g(directly) +d(answ)o(er)j(the)f(query)l(,)h(the)149 2155 y(authorit)o(y)g(section)f +(carries)g(resource)g(records)h(that)f(describ)q(e)g(other)h(authoritativ)o +(e)f(serv)o(ers,)149 2246 y(and)g(the)e(additional)h(section)g(carries)f +(resource)g(records)h(that)g(are)g(not)g(explicitly)d(requested)149 +2336 y(but)h(migh)o(t)d(b)q(e)j(helpful)e(in)h(using)h(the)f(resource)g +(records)g(in)g(the)g(other)g(sections.)223 2426 y(The)k(authoritativ)o(e)h +(section)f(con)o(tains)h(name)f(serv)o(er)f(data)j(in)e(the)h(follo)o(wing)f +(case:)31 b(if)20 b(a)149 2517 y(name)14 b(serv)o(er)g(tries)g(to)h(resolv)o +(e)f(a)h(name)e(and)j(he)e(kno)o(ws)h(of)g(an)h(authoritativ)o(e)e(name)f +(serv)o(er)h(for)149 2607 y(the)h(domain)g(in)g(whic)o(h)f(the)h(name)f(lies) +g(that)i(has)g(to)f(b)q(e)g(resolv)o(ed,)f(he)h(puts)h(the)f(name)f(serv)o +(er's)p eop +%%Page: 17 26 +25 bop 1901 -100 a Fo(17)149 75 y(name)13 b(in)o(to)h(the)f(authorit)o(y)h +(section)g(of)g(the)f(reply)l(.)20 b(This)14 b(is)g(the)f(approac)o(h)i(in)e +(the)h(DNS)g(to)g(refer)149 165 y(clien)o(ts)h(to)i(others)f(serv)o(ers)g(in) +g(the)g(not)g(recursiv)o(e)f(mo)q(de.)223 255 y(The)g(additional)g(section)g +(pla)o(ys)g(an)g(imp)q(ortan)o(t)g(role)f(in)h(the)g(same)f(case.)21 +b(If)15 b(a)h(name)e(serv)o(er)149 346 y(refers)19 b(a)h(resolv)o(er)e(to)i +(another)g(name)e(serv)o(er,)g(he)h(b)q(etter)g(also)h(pro)o(vides)f(the)g +(address)h(of)g(the)149 436 y(other)f(name)e(serv)o(er,)h(b)q(ecause)h(that)g +(is)f(the)g(next)h(information)e(the)h(resolv)o(er)g(needs)g(in)g(order)149 +526 y(to)f(pro)q(ceed)e(with)h(his)f(queries.)20 b(Another)c(reason)g(to)g +(ha)o(v)o(e)f(the)h(additional)f(section)h(is)f(to)h(ha)o(v)o(e)149 +616 y(space)j(for)f(extra,)g(not)g(requested)f(information.)26 +b(If)17 b(a)i(resolv)o(er)e(receiv)o(es)f(additional)i(records,)149 +707 y(and)25 b(cac)o(hes)e(them,)h(he)g(migh)o(t)e(b)q(e)i(able)g(to)g(use)g +(them)e(later.)44 b(That)25 b(w)o(ould)f(result)f(in)h(an)149 +797 y(increased)14 b(p)q(erformance)f(of)h(the)g(system,)e(b)q(ecause)i(the)g +(resolution)g(of)g(data)h(that)f(is)g(already)g(in)149 887 +y(the)k(lo)q(cal)g(cac)o(he)g(is)g(considerably)f(more)g(e\016cien)o(t)f +(than)j(a)f(remote)f(resolution)h(that)h(requires)149 978 y(net)o(w)o(ork)d +(tra\016c.)223 1068 y(These)g(three)f(t)o(yp)q(es)h(of)h(DNS)f(message)g +(sections)g(share)g(the)g(same)g(format.)k(They)c(ha)o(v)o(e:)222 +1182 y Fj(\017)24 b Fo(a)17 b(name)222 1306 y Fj(\017)24 b +Fo(a)17 b(t)o(yp)q(e)f(as)h(in)f(a)g(query)222 1430 y Fj(\017)24 +b Fo(a)17 b(class)f(as)h(in)f(a)h(query)222 1555 y Fj(\017)24 +b Fo(a)17 b(32)g(bit)f(time)e(to)j(liv)o(e)d(\014eld)i(giv)o(en)f(in)h +(seconds)h(\(TTL\))222 1679 y Fj(\017)24 b Fo(an)15 b(unsigned)g(16)g(bit)f +(in)o(teger)g(that)h(sp)q(eci\014es)f(the)g(length)g(of)h(the)g(RD)o(A)l(T)l +(A)e(\014eld)h(in)g(b)o(ytes)222 1803 y Fj(\017)24 b Fo(a)17 +b(v)m(ariable)f(length)g(string)g(of)h(b)o(ytes)f(that)g(describ)q(es)g(the)g +(resource.)149 1967 y(2.4.3)49 b(Resource)16 b(Records)223 +2089 y(Data)g(that)h(is)e(asso)q(ciated)i(with)f(the)g(no)q(des)g(and)h(lea)o +(v)o(es)d(of)i(this)g(tree)f(is)h(exc)o(hanged)f(in)h(the)149 +2180 y(RD)o(A)l(T)l(A)f(p)q(ortion)i(of)g(the)e(last)h(three)g(sections)g(in) +f(a)i(DNS)e(message.)21 b(These)16 b(resource)f(records)149 +2270 y(are)i(tagged)g(according)g(to)f(the)g(t)o(yp)q(e)g(of)h(data)g(they)f +(con)o(tain.)21 b(W)l(e)16 b(men)o(tion)f(only)h(those)h(t)o(yp)q(es)149 +2360 y(that)h(pro)o(vide)f(necessary)g(information)g(for)h(understanding)g +(this)f(thesis.)25 b(A)17 b(complete)e(list)i(of)149 2451 y(t)o(yp)q(es)f +(and)h(classes)g(can)f(b)q(e)g(found)h(in)f(RF)o(C)g(1035)i(\([Mo)q(c87b]\).) +222 2560 y Fj(\017)24 b Fo(an)16 b(\\A")f(record)g(con)o(tains)f(a)i(host)f +(address;)h(a)f(32-bit)h(In)o(ternet)d(address)j(when)f(the)f(class)271 +2650 y(is)i(\\IN")p eop +%%Page: 18 27 +26 bop 1901 -100 a Fo(18)222 75 y Fj(\017)24 b Fo(an)18 b(\\NS")f(record)f +(sp)q(eci\014es)g(a)h(host)h(whic)o(h)e(should)h(b)q(e)g(authoritativ)o(e)f +(for)h(the)f(sp)q(eci\014ed)271 165 y(class)h(and)g(domain)222 +294 y Fj(\017)24 b Fo(an)18 b(\\SO)o(A")g(record)f(is)h(the)f(\014rst)h(en)o +(try)e(in)i(eac)o(h)f(of)h(the)f(database)i(\014les)e(and)h(sp)q(eci\014es)f +(a)271 385 y(serv)o(er)f(to)g(b)q(e)h(the)f(authoritativ)o(e)f(source)i(of)f +(information)f(within)h(the)g(domain)222 514 y Fj(\017)24 b +Fo(a)e(\\PTR")h(record)f(pro)o(vides)f(a)h(p)q(oin)o(ter)f(to)i(another)f(lo) +q(cation)g(in)f(the)h(domain)f(name)271 604 y(space)222 734 +y Fj(\017)j Fo(an)d(\\HINF)o(O")d(record)i(iden)o(ti\014es)e(the)h(CPU)h(t)o +(yp)q(e)f(and)h(op)q(erating)h(system)d(t)o(yp)q(e)h(used)271 +824 y(b)o(y)d(a)h(host)222 954 y Fj(\017)24 b Fo(a)14 b(\\CNAME")g(record)f +(sp)q(eci\014es)h(the)f(canonical)g(or)h(primary)e(name)h(for)h(the)f(o)o +(wner)h({)g(the)271 1044 y(o)o(wner)j(is)f(an)g(alias)222 1173 +y Fj(\017)24 b Fo(a)17 b(\\MX")g(record)g(sp)q(eci\014es)f(a)h(host)g +(willing)f(to)h(act)g(as)g(a)g(mail)e(exc)o(hange)h(for)h(the)f(o)o(wner)271 +1264 y(name)f(and)i(a)g(preference)e(giv)o(en)g(among)h(other)g(resource)g +(records)h(at)f(the)g(same)g(o)o(wner)222 1393 y Fj(\017)24 +b Fo(an)18 b(\\X25")h(record)e(con)o(tains)h(a)f(c)o(haracter)g(string)h +(whic)o(h)f(iden)o(ti\014es)f(a)i(public)e(switc)o(hed)271 +1483 y(data)h(net)o(w)o(ork)f(address)222 1613 y Fj(\017)24 +b Fo(an)14 b(\\ISDN")g(record)f(con)o(tains)g(a)h(c)o(haracter)e(string)i +(whic)o(h)e(iden)o(ti\014es)g(an)i(ISDN)1756 1595 y Fm(7)1788 +1613 y Fo(n)o(um)o(b)q(er)271 1703 y(of)j(the)f(o)o(wner)g(and)h(the)f(DDI)g +(\(Direct)g(Dial)g(In\),)f(if)h(an)o(y)149 1899 y(2.4.4)49 +b(Name)15 b(Serv)o(ers)223 2021 y(The)k(whole)h(database)h(is)f(divided)f(in) +o(to)g(zones)h(that)g(are)g(distributed)f(among)h(the)g(name)149 +2111 y(serv)o(ers.)34 b(The)20 b(essen)o(tial)g(task)g(of)h(a)g(name)e(serv)o +(er)h(is)g(to)h(answ)o(er)g(queries)e(using)i(data)h(in)e(its)149 +2202 y(zone.)38 b(T)l(o)23 b(ensure)e(a)h(higher)g(degree)f(of)i(reliabilit)o +(y)c(of)j(the)f(system,)h(the)f(de\014nition)h(of)g(the)149 +2292 y(Domain)17 b(Name)f(System)g(requires)g(that)i(at)g(least)f(t)o(w)o(o)h +(name)e(serv)o(ers)h(con)o(tain)g(authoritativ)o(e)149 2382 +y(data)23 b(for)f(a)g(giv)o(en)f(zone.)37 b(Some)20 b(sites)i(run)g(more)e +(than)i(t)o(w)o(o)g(name)e(serv)o(ers:)31 b(one)22 b(of)g(them)149 +2473 y(usually)d(outside)h(of)f(the)h(a\013ected)f(net)o(w)o(ork)g(to)g +(guaran)o(tee)h(name)e(service)g(if)h(the)g(net)o(w)o(ork)g(is)149 +2563 y(unreac)o(hable)12 b(for)f(some)g(reason.)21 b(The)11 +b(main)g(name)f(serv)o(er)h(is)g(called)g(the)g(primary)f(name)h(serv)o(er,)p +149 2604 720 2 v 206 2635 a Fl(7)224 2650 y Fk(In)o(tegrated)k(Services)g +(Digital)d(Net)o(w)o(ork)p eop +%%Page: 19 28 +27 bop 1901 -100 a Fo(19)731 101 y(T)l(able)16 b(2.1)33 b(Subset)16 +b(of)h(QTYPEs)452 232 y(QTYPE)p 662 259 2 91 v 60 w(v)m(alue)p +821 259 V 49 w(meaning)p 427 261 1246 2 v 452 324 a(A)p 662 +351 2 91 v 199 w(1)p 821 351 V 135 w(a)g(host)g(address)452 +414 y(NS)p 662 441 V 172 w(2)p 821 441 V 135 w(an)g(authoritativ)o(e)f(name)f +(serv)o(er)452 505 y(SO)o(A)p 662 532 V 135 w(6)p 821 532 V +135 w(start)i(of)f(authorit)o(y)452 595 y(PTR)p 662 622 V 132 +w(12)p 821 622 V 111 w(a)h(domain)e(name)g(p)q(oin)o(ter)452 +685 y(HINF)o(O)p 662 712 V 75 w(13)p 821 712 V 111 w(host)i(information)e +(CPU)i(and)f(OS)452 775 y(CNAME)p 662 802 V 49 w(14)p 821 802 +V 111 w(canonical)g(name)f(\(alias\))452 866 y(MX)p 662 893 +V 154 w(15)p 821 893 V 111 w(mail)g(exc)o(hange)452 956 y(X25)p +662 983 V 151 w(19)p 821 983 V 111 w(public)g(switc)o(hed)h(data)h(net)o(w)o +(ork)f(address)452 1046 y(ISDN)p 662 1073 V 117 w(20)p 821 +1073 V 111 w(in)o(tegrated)g(services)f(digital)h(net)o(w)o(ork)149 +1302 y(and)j(the)g(bac)o(kup)f(serv)o(ers)g(are)g(called)f(secondary)i(name)e +(serv)o(ers.)27 b(Secondary)19 b(authoritativ)o(e)149 1392 +y(name)d(serv)o(ers)g(up)q(date)i(the)f(data)h(base)f(for)g(their)f(zone)h(p) +q(erio)q(dically)f(with)h(data)h(p)q(olled)f(from)149 1482 +y(their)g(primary)e(serv)o(ers.)22 b(Primary)16 b(name)f(serv)o(ers)h(load)i +(the)e(database)j(\014les)d(pro)o(vided)g(b)o(y)h(the)149 1573 +y(zone)f(administrator)e(and)i(main)o(tain)e(a)i(cac)o(he)f(of)g(data)i(that) +f(w)o(as)g(acquired)e(through)j(resource)149 1663 y(records.)39 +b(Serv)o(ers)22 b(w)o(an)o(t)g(to)g(adapt)i(dynamically)19 +b(to)k(c)o(hanges)f(in)g(the)g(setup)g(of)h(the)f(name)149 +1753 y(space)f(of)g(other)g(authorities.)35 b(Therefore,)21 +b(eac)o(h)f(resource)h(record)f(con)o(tains)h(a)g(time)e(to)i(liv)o(e)149 +1843 y(\014eld)16 b(whic)o(h)g(ensures)g(that)h(name)e(serv)o(ers)g(do)i(not) +g(cac)o(he)e(data)i(without)g(time)d(b)q(ound.)223 1934 y(The)22 +b(actual)g(algorithm)f(name)g(serv)o(ers)g(use)h(dep)q(ends)h(on)f(the)g(lo)q +(cal)g(op)q(erating)h(system)149 2024 y(and)c(data)g(structures)f(used)g(to)g +(store)g(resource)g(records.)26 b(A)18 b(basic)g(outline)f(can)h(b)q(e)g +(found)h(in)149 2114 y([Mo)q(c87a)q(,)d(section)g(4.3.2])g(and)h(in)f +(section)g(2.9.2)g(of)h(this)f(thesis.)149 2274 y(2.4.5)49 +b(Resolv)o(ers)223 2397 y(The)16 b(in)o(terface)f(b)q(et)o(w)o(een)h(the)g +(Domain)g(Name)f(System)g(and)j(user)e(programs)h(is)f(the)h(name)149 +2487 y(resolv)o(er.)29 b(In)19 b(the)g(simplest)e(case,)i(a)g(resolv)o(er)f +(receiv)o(es)f(a)j(request)e(from)g(a)i(user)f(program)g(in)149 +2577 y(the)c(form)f(of)h(a)h(system)d(call)h(or)i(subroutine)f(call)f(and)i +(returns)f(the)f(desired)h(information.)k(The)p eop +%%Page: 20 29 +28 bop 1901 -100 a Fo(20)149 75 y(resolv)o(er)12 b(is)g(lo)q(cated)h(on)g +(the)g(same)e(mac)o(hine)g(as)i(the)f(user)h(program,)g(but)f(con)o(tacts)h +(one)g(or)g(more)149 165 y(name)19 b(serv)o(ers)h(on)h(\(usually\))e(remote)g +(mac)o(hines)f(if)i(the)g(requested)f(data)j(is)e(not)g(obtainable)149 +255 y(from)c(the)g(lo)q(cal)g(cac)o(he.)223 346 y(The)j(t)o(ypical)g(resolv)o +(er{clien)o(t)e(in)o(terface)h(has)i(a)g(triple)f(functionalit)o(y:)27 +b(host)20 b(name)f(to)h(IP)149 436 y(address)j(translation,)g(IP)e(address)h +(to)g(host)g(name)f(translation,)i(and)f(a)g(lo)q(okup)g(of)g(general)149 +526 y(information)f(sp)q(ecifying)h(query)f(name,)h(t)o(yp)q(e,)g(and)h +(class.)39 b(The)22 b(follo)o(wing)f(results)h(can)g(b)q(e)149 +616 y(obtained)e(after)e(the)h(resolv)o(er)e(p)q(erformed)h(the)h(indicated)f +(function:)26 b(the)18 b(data)i(requested,)e(a)149 707 y(name)e(error)g(in)g +(case)g(the)g(referenced)f(name)g(do)q(es)i(not)f(exist,)f(or)i(a)g(data)g +(not)f(found)h(error.)223 797 y(T)l(o)i(obtain)f(higher)h(e\016ciency)l(,)d +(it)i(is)g(reasonable)h(to)f(ha)o(v)o(e)g(all)g(resolv)o(ers)f(on)i(one)g +(mac)o(hine)149 887 y(share)i(their)f(cac)o(he.)32 b(An)20 +b(algorithm)g(outline)f(for)i(the)f(resolv)o(er)f(can)i(b)q(e)f(found)h(in)f +([Mo)q(c87a)q(,)149 978 y(section)c(5.3.3])g(and)h(in)f(section)g(2.9.3)g(of) +h(this)f(thesis.)149 1143 y(2.5)50 b(F)l(orw)o(ard)16 b(and)h(In)o(v)o(erse)e +(Mapping)h(T)l(ree)223 1283 y(The)d(Domain)f(Name)f(Space)i(consists)h(of)f +(a)h(hierarc)o(h)o(y)d(of)j(domain)e(names.)19 b(As)13 b(the)g(decimal)149 +1373 y(n)o(um)o(b)q(ers)j(in)h(the)g(dotted)h(quad)f(notation)h(for)g(IP)f +(addresses)h(can)f(b)q(e)h(view)o(ed)e(as)i(names,)e(it)h(is)149 +1463 y(only)j(one)f(step)h(to)g(construct)f(a)h(tree)f(that)h(consists)g(of)g +(these)f(n)o(um)o(b)q(ers)f(as)i(domain)f(names.)149 1553 y(This)g(in)o(v)o +(erse)e(mapping)g(tree)h(is)g(moun)o(ted)f(on)i(the)f(domain)g(in-addr.arpa.) +28 b(The)19 b(IP)f(address)149 1644 y(128.46.152.78)24 b(for)d(zo)q +(o.ecn.purdue.edu)e(has)j(the)e(corresp)q(onding)i(name)d(78.152.46.128.in-) +149 1734 y(addr.arpa)f(whic)o(h)d(maps)h(bac)o(k)g(to)g(zo)q +(o.ecn.purdue.edu)f(\(see)h(Figure)g(2.4\).)223 1824 y(The)j(reason)h(for)f +(the)g(n)o(um)o(b)q(ers)f(of)h(the)g(IP)g(address)h(app)q(earing)g(in)f(rev)o +(erse)f(order)h(in)g(the)149 1915 y(rev)o(erse)d(mapping)g(tree)g(is)g(the)h +(follo)o(wing:)22 b(Domain)16 b(names)f(read)i(from)f(left)g(to)h(righ)o(t)f +(get)h(less)149 2005 y(sp)q(eci\014c,)12 b(whereas)h(IP)f(addresses)h(get)f +(more)f(sp)q(eci\014c)h(from)f(left)g(to)i(righ)o(t)f(\(see)f(Figure)h +(2.5\).)20 b(The)149 2095 y(task)f(of)g(delegating)g(authorit)o(y)f(for)h +(in-addr.arpa)h(domains)e(to)h(zone)f(administrators)g(w)o(ould)149 +2185 y(b)q(e)f(imp)q(ossible)d(if)i(the)g(en)o(tries)f(app)q(eared)i(in)f +(the)g(original)g(order.)223 2276 y(In)h(case)g(someone)g(w)o(an)o(ted)g(to)h +(index)e(an)i(arbitrary)g(piece)e(of)h(data)i(in)e(the)g(domain)f(space)149 +2366 y(\(something)j(aside)h(from)f(IP)h(addresses)g(or)g(host)h(names\),)e +(an)i(additional)f(sub)q(domain)g(suc)o(h)149 2456 y(as)g(the)f(in-addr.arpa) +h(domain)f(is)f(necessary)l(.)30 b(A)19 b(so)h(called)e(in)o(v)o(erse)f(lo)q +(okup)j(\(an)g(exhaustiv)o(e)149 2547 y(searc)o(h)c(of)g(the)f(whole)h +(domain)f(name)f(space\),)i(is)f(also)h(p)q(ossible,)g(but)g(not)g(feasible)e +(for)i(regular)149 2637 y(usage.)21 b(An)o(y)13 b(one)g(name)f(serv)o(er)g +(only)h(kno)o(ws)g(ab)q(out)h(part)g(of)f(the)g(o)o(v)o(erall)f(domain)g +(name)g(space.)p eop +%%Page: 21 30 +29 bop 1901 -100 a Fo(21)524 979 y @beginspecial 0 @llx 0 @lly +261 @urx 212 @ury 2610 @rwi @setspecial +%%BeginDocument: pictures/rev_tree.ps +/$F2psDict 200 dict def +$F2psDict begin +$F2psDict /mtrx matrix put +/l {lineto} bind def +/m {moveto} bind def +/s {stroke} bind def +/n {newpath} bind def +/gs {gsave} bind def +/gr {grestore} bind def +/clp {closepath} bind def +/graycol {dup dup currentrgbcolor 4 -2 roll mul 4 -2 roll mul +4 -2 roll mul setrgbcolor} bind def +/col-1 {} def +/col0 {0 0 0 setrgbcolor} bind def +/col1 {0 0 1 setrgbcolor} bind def +/col2 {0 1 0 setrgbcolor} bind def +/col3 {0 1 1 setrgbcolor} bind def +/col4 {1 0 0 setrgbcolor} bind def +/col5 {1 0 1 setrgbcolor} bind def +/col6 {1 1 0 setrgbcolor} bind def +/col7 {1 1 1 setrgbcolor} bind def + end +/$F2psBegin {$F2psDict begin /$F2psEnteredState save def} def +/$F2psEnd {$F2psEnteredState restore end} def + +$F2psBegin +0 setlinecap 0 setlinejoin +-4.0 216.0 translate 0.900 -0.900 scale +0.500 setlinewidth +n 194 64 m 254 84 l gs col-1 s gr +n 194 64 m 244 84 l gs col-1 s gr +n 194 64 m 234 84 l gs col-1 s gr +n 194 64 m 224 84 l gs col-1 s gr +n 194 64 m 214 84 l gs col-1 s gr +n 194 64 m 204 84 l gs col-1 s gr +n 194 64 m 134 84 l gs col-1 s gr +n 194 64 m 144 84 l gs col-1 s gr +n 194 64 m 154 84 l gs col-1 s gr +n 194 64 m 164 84 l gs col-1 s gr +n 194 64 m 174 84 l gs col-1 s gr +n 194 64 m 184 84 l gs col-1 s gr +n 194 64 m 194 84 l gs col-1 s gr +n 194 104 m 254 124 l gs col-1 s gr +n 194 104 m 244 124 l gs col-1 s gr +n 194 104 m 234 124 l gs col-1 s gr +n 194 104 m 224 124 l gs col-1 s gr +n 194 104 m 214 124 l gs col-1 s gr +n 194 104 m 204 124 l gs col-1 s gr +n 194 104 m 134 124 l gs col-1 s gr +n 194 104 m 144 124 l gs col-1 s gr +n 194 104 m 154 124 l gs col-1 s gr +n 194 104 m 164 124 l gs col-1 s gr +n 194 104 m 174 124 l gs col-1 s gr +n 194 104 m 184 124 l gs col-1 s gr +n 194 104 m 194 124 l gs col-1 s gr +1.000 setlinewidth +n 194 104 m 114 144 l gs col-1 s gr +0.500 setlinewidth +n 114 144 m 174 164 l gs col-1 s gr +n 114 144 m 164 164 l gs col-1 s gr +n 114 144 m 154 164 l gs col-1 s gr +n 114 144 m 144 164 l gs col-1 s gr +n 114 144 m 134 164 l gs col-1 s gr +n 114 144 m 124 164 l gs col-1 s gr +n 114 144 m 54 164 l gs col-1 s gr +n 114 144 m 64 164 l gs col-1 s gr +n 114 144 m 74 164 l gs col-1 s gr +n 114 144 m 84 164 l gs col-1 s gr +n 114 144 m 94 164 l gs col-1 s gr +n 114 144 m 104 164 l gs col-1 s gr +n 114 144 m 114 164 l gs col-1 s gr +1.000 setlinewidth +n 114 144 m 154 184 l gs col-1 s gr +0.500 setlinewidth +n 154 184 m 214 204 l gs col-1 s gr +n 154 184 m 204 204 l gs col-1 s gr +n 154 184 m 194 204 l gs col-1 s gr +n 154 184 m 184 204 l gs col-1 s gr +n 154 184 m 174 204 l gs col-1 s gr +n 154 184 m 164 204 l gs col-1 s gr +n 154 184 m 94 204 l gs col-1 s gr +n 154 184 m 104 204 l gs col-1 s gr +n 154 184 m 114 204 l gs col-1 s gr +n 154 184 m 124 204 l gs col-1 s gr +n 154 184 m 134 204 l gs col-1 s gr +n 154 184 m 144 204 l gs col-1 s gr +n 154 184 m 154 204 l gs col-1 s gr +1.000 setlinewidth +n 154 184 m 114 224 l gs col-1 s gr +n 194 64 m 194 104 l gs col-1 s gr +0.500 setlinewidth + 1 setlinecap [1 3.000000] 3.000000 setdash +n 294 44 m 294 54 l gs col-1 s gr + [] 0 setdash 0 setlinecap +n 94 4 m 194 64 l gs col-1 s gr +n 94 4 m 94 44 l gs col-1 s gr +n 94 4 m 39 39 l gs col-1 s gr + 1 setlinecap [1 3.000000] 3.000000 setdash +n 39 39 m 4 59 l gs col-1 s gr + [] 0 setdash 0 setlinecap + 1 setlinecap [1 3.000000] 3.000000 setdash +n 94 44 m 94 59 l gs col-1 s gr + [] 0 setdash 0 setlinecap +/Times-Bold findfont 12.00 scalefont setfont +199 99 m +gs 1 -1 scale (128) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +154 179 m +gs 1 -1 scale (152) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +134 219 m +gs 1 -1 scale (78) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +139 144 m +gs 1 -1 scale (46) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +64 239 m +gs 1 -1 scale (zoo.ecn.purdue.edu) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +69 54 m +gs 1 -1 scale (edu) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +189 54 m +gs 1 -1 scale (in-addr.arpa) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +29 54 m +gs 1 -1 scale (ca) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +139 19 m +gs 1 -1 scale (IP address 128.46.152.78) col-1 show gr +$F2psEnd +%%EndDocument + @endspecial 657 1224 a(Figure)16 b(2.4)32 b(The)17 b(in-addr.arpa)g(domain) +787 1645 y @beginspecial 0 @llx 0 @lly 126 @urx 65 @ury 1260 +@rwi @setspecial +%%BeginDocument: pictures/nameaddr.ps +/$F2psDict 200 dict def +$F2psDict begin +$F2psDict /mtrx matrix put +/l {lineto} bind def +/m {moveto} bind def +/s {stroke} bind def +/n {newpath} bind def +/gs {gsave} bind def +/gr {grestore} bind def +/clp {closepath} bind def +/graycol {dup dup currentrgbcolor 4 -2 roll mul 4 -2 roll mul +4 -2 roll mul setrgbcolor} bind def +/col-1 {} def +/col0 {0 0 0 setrgbcolor} bind def +/col1 {0 0 1 setrgbcolor} bind def +/col2 {0 1 0 setrgbcolor} bind def +/col3 {0 1 1 setrgbcolor} bind def +/col4 {1 0 0 setrgbcolor} bind def +/col5 {1 0 1 setrgbcolor} bind def +/col6 {1 1 0 setrgbcolor} bind def +/col7 {1 1 1 setrgbcolor} bind def + end +/$F2psBegin {$F2psDict begin /$F2psEnteredState save def} def +/$F2psEnd {$F2psEnteredState restore end} def + +$F2psBegin +0 setlinecap 0 setlinejoin +0.0 72.0 translate 0.900 -0.900 scale +0.500 setlinewidth +n 139 24 m -1 24 l gs col-1 s gr +n 7.000 26.000 m -1.000 24.000 l 7.000 22.000 l gs 2 setlinejoin col-1 s gr +n -1 64 m 139 64 l gs col-1 s gr +n 131.000 62.000 m 139.000 64.000 l 131.000 66.000 l gs 2 setlinejoin col-1 s gr +/Times-Bold findfont 16.00 scalefont setfont +-1 44 m +gs 1 -1 scale 360.0 rotate (uther.cs.purdue.edu) col-1 show gr +/Times-Bold findfont 16.00 scalefont setfont +29 59 m +gs 1 -1 scale 360.0 rotate (128.10.4.20) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +-1 19 m +gs 1 -1 scale 360.0 rotate (more specific) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +74 79 m +gs 1 -1 scale 360.0 rotate (more specific) col-1 show gr +$F2psEnd +%%EndDocument + @endspecial 686 1890 a(Figure)e(2.5)33 b(Degree)16 b(of)h(sp)q +(eci\014cation)149 2074 y(Therefore,)d(an)g(in)o(v)o(erse)f(query)g(is)h(nev) +o(er)e(guaran)o(teed)j(to)f(return)g(an)g(answ)o(er.)21 b(If)13 +b(a)i(name)e(serv)o(er)149 2165 y(receiv)o(es)i(an)i(in)o(v)o(erse)e(query)g +(for)i(an)g(IP)g(address)g(it)f(kno)o(ws)h(nothing)g(ab)q(out,)g(it)f(cannot) +i(return)149 2255 y(an)f(answ)o(er;)f(but)h(it)f(also)h(do)q(es)g(not)g(kno)o +(w)f(if)g(the)g(IP)g(address)h(do)q(es)g(not)g(exist,)e(b)q(ecause)i(it)f +(has)149 2345 y(only)f(its)g(part)h(of)g(the)f(DNS)g(database)h(to)g(w)o(ork) +f(with.)21 b(Additionally)l(,)13 b(the)i(implem)o(en)o(tati)o(on)e(of)149 +2435 y(in)o(v)o(erse)i(queries)g(is)h(optional)h(according)f(to)h(the)f(DNS)g +(sp)q(eci\014cation.)p eop +%%Page: 22 31 +30 bop 1901 -100 a Fo(22)149 75 y(2.6)50 b(Recursion)15 b(and)i(Iteration)223 +214 y(When)i(there)g(is)h(the)f(need)g(for)h(resolving)f(a)h(name)f(in)g(the) +g(Domain)g(Name)f(System,)h(the)149 305 y(follo)o(wing)i(steps)f(are)h(tak)o +(en.)33 b(Who)q(ev)o(er)20 b(w)o(an)o(ts)h(to)g(resolv)o(e)e(a)i(name)e(in)o +(v)o(ok)o(es)g(a)i(lo)q(cal)f(clien)o(t)149 395 y(program,)13 +b(the)g(resolv)o(er.)19 b(The)12 b(resolv)o(er)g(form)o(ulates)f(a)i(query)f +(according)h(to)g(the)f(DNS)h(proto)q(col)149 485 y(and)k(con)o(tacts)g(its)f +(lo)q(cal)g(name)f(serv)o(er.)223 575 y(These)h(queries)f(can)h(come)f(in)h +(t)o(w)o(o)g(di\013eren)o(t)f(\015a)o(v)o(ors:)22 b(\\recursiv)o(e")15 +b(and)i(\\iterativ)o(e".)223 666 y(In)g(recursiv)o(e)f(resolution,)h(a)h +(resolv)o(er)e(sends)i(a)g(recursiv)o(e)e(query)g(to)i(a)g(name)f(serv)o(er.) +23 b(The)149 756 y(queried)13 b(name)f(serv)o(er)h(then)g(has)i(the)e +(obligation)h(to)g(resp)q(ond)h(with)e(the)g(answ)o(er)h(to)g(that)g(query) +149 846 y(or)20 b(with)g(an)g(error)f(co)q(de.)31 b(The)20 +b(name)e(serv)o(er)g(cannot)i(refer)f(the)g(resolv)o(er)g(to)h(another)g +(name)149 937 y(serv)o(er.)28 b(In)18 b(case)g(the)h(queried)e(name)g(serv)o +(er)h(is)g(not)h(authoritativ)o(e)f(for)h(the)f(requested)g(data,)149 +1027 y(it)k(has)g(to)g(resolv)o(e)f(the)g(query)g(again;)k(recursiv)o(e)19 +b(or)j(iterativ)o(e.)36 b(Curren)o(t)21 b(implem)o(en)o(tations)149 +1117 y(resolv)o(e)16 b(the)g(query)f(iterativ)o(e)f(and)j(do)g(not)g(pass)g +(the)f(w)o(ork)g(to)h(another)g(serv)o(er.)223 1207 y(Iterativ)o(e)9 +b(resolution)j(do)q(es)g(not)g(require)f(nearly)g(as)h(m)o(uc)o(h)d(w)o(ork)j +(on)g(the)f(part)h(of)g(the)g(queried)149 1298 y(name)k(serv)o(er.)23 +b(In)17 b(iterativ)o(e)e(resolution)i(a)g(name)f(serv)o(er)g(simply)f +(returns)i(the)g(b)q(est)h(answ)o(er)f(it)149 1388 y(is)h(capable)g(of)h +(giving.)26 b(No)18 b(additional)g(querying)f(of)i(other)f(name)f(serv)o(ers) +g(is)h(required.)25 b(The)149 1478 y(queried)14 b(name)f(serv)o(er)g(only)h +(consults)g(its)g(lo)q(cal)h(data)g(lo)q(oking)g(for)f(the)g(data)h +(requested.)20 b(If)14 b(the)149 1569 y(data)k(is)e(not)h(there,)f(it)g(mak)o +(es)f(its)h(b)q(est)h(attempt)e(to)i(giv)o(e)f(the)g(querier)f(data)j(that)f +(will)e(help)h(it)149 1659 y(con)o(tin)o(ue)i(the)g(resolution)g(pro)q(cess.) +28 b(This)19 b(data)g(usually)f(con)o(tains)h(names)e(and)i(addresses)g(of) +149 1749 y(name)d(serv)o(ers)f(that)i(are)f(\\closer")g(to)h(the)f(data)h +(its)f(seeking.)223 1839 y(After)10 b(p)q(ossibly)j(man)o(y)d(referrals,)h +(the)h(lo)q(cal)g(name)e(serv)o(er)h(queries)g(the)g(authoritativ)o(e)h(name) +149 1930 y(serv)o(er,)j(whic)o(h)h(returns)g(an)h(answ)o(er)f(or)h(an)g +(error)f(co)q(de.)149 2095 y(2.7)50 b(Filling)14 b(in)i(the)g(Blanks)223 +2235 y(This)h(section)g(con)o(tains)h(features)f(that)h(w)o(ere)e(brie\015y)h +(touc)o(hed)g(in)g(the)g(previous)g(sections,)149 2325 y(but)e(that)g(need)f +(further)g(explanations:)21 b(the)14 b(cen)o(tral)f(role)h(of)h(cac)o(hes)f +(for)h(system)e(p)q(erformance)149 2415 y(enhancemen)o(t,)h(the)i(role)f(of)h +(administrativ)o(e)e(authorities,)h(and)i(the)f(t)o(yp)q(es)f(of)i(errors)f +(that)g(can)149 2506 y(o)q(ccur)h(during)f(name)f(serv)o(er)h(op)q(eration.)p +eop +%%Page: 23 32 +31 bop 1901 -100 a Fo(23)149 75 y(2.7.1)49 b(Role)16 b(of)h(Cac)o(hes)223 +197 y(The)d(whole)h(resolution)f(pro)q(cess)h(ma)o(y)e(seem)g(con)o(v)o +(oluted)h(and)h(cum)o(b)q(ersome)d(compared)h(to)149 287 y(simple)h(seeks)h +(through)h(a)g(host)g(table)f(database.)22 b(Ho)o(w)o(ev)o(er,)14 +b(it)h(is)g(fast,)h(sp)q(eeded)f(up)g(consider-)149 378 y(ably)h(b)o(y)g(cac) +o(hing.)223 468 y(As)11 b(our)h(example)d(in)i(Section)g(2.8)h(sho)o(ws,)h +(name)d(serv)o(ers)h(ma)o(y)f(need)h(sev)o(eral)g(DNS)g(messages)149 +558 y(to)21 b(\014nd)f(the)f(answ)o(er)i(to)f(a)g(query)l(.)31 +b(During)21 b(successiv)o(e)d(resolution)i(attempts)f(name)f(serv)o(ers)149 +649 y(disco)o(v)o(er)f(information)g(ab)q(out)i(the)e(Domain)g(Name)f(Space.) +26 b(This)18 b(information)f(can)g(b)q(e)h(used)149 739 y(for)e(future)f +(resolutions.)21 b(If)15 b(a)g(name)f(serv)o(er)g(cac)o(hes)h(the)g(data,)h +(it)e(builds)h(up)h(a)f(data)h(base)g(that)149 829 y(helps)i(sp)q(eed)g(up)g +(the)f(pro)q(cessing)i(of)f(further)g(querying.)25 b(The)18 +b(next)f(time)f(a)i(resolv)o(er)e(queries)149 919 y(the)21 +b(name)e(serv)o(er)h(for)h(data)g(ab)q(out)h(a)f(domain)f(name)f(the)h(name)g +(serv)o(er)f(kno)o(ws)i(something)149 1010 y(ab)q(out,)16 b(the)d(pro)q(cess) +i(is)f(shortened)g(considerably)l(.)20 b(Ev)o(en)13 b(if)g(a)i(name)e(serv)o +(er)f(do)q(es)j(not)g(ha)o(v)o(e)e(the)149 1100 y(answ)o(er)f(to)f(the)g +(query)f(in)h(its)f(cac)o(he)h(it)f(migh)o(t)g(ha)o(v)o(e)g(learned)g(the)h +(iden)o(tities)e(of)i(the)g(authoritativ)o(e)149 1190 y(name)i(serv)o(ers)f +(for)i(the)f(zone)g(the)g(domain)g(name)f(is)h(in,)h(and)g(it)f(migh)o(t)e(b) +q(e)j(able)f(to)h(resolv)o(e)e(them)149 1281 y(directly)l(.)223 +1371 y(It)19 b(is)h(di\016cult)f(to)h(determine)d(the)j(optimal)f(time)e(to)k +(liv)o(e)d(v)m(alue)i(for)g(data)h(that)f(is)g(to)g(b)q(e)149 +1461 y(cac)o(hed.)i(There)16 b(is)h(a)g(trade-o\013)h(b)q(et)o(w)o(een)e +(enhanced)g(p)q(erformance)f(once)i(data)g(is)g(cac)o(hed)f(and)149 +1551 y(the)g(p)q(ossibilit)o(y)g(that)g(the)g(cac)o(hed)g(data)h(migh)o(t)e +(b)q(e)h(out)h(of)f(date)h(b)o(y)e(the)h(time)e(it)i(is)g(used.)149 +1711 y(2.7.2)49 b(Role)16 b(of)h(Authorities)223 1834 y(Manageabilit)o(y)f +(of)h(the)g(administration)f(of)h(the)g(Domain)g(Name)e(Space)i(is)g(an)g +(imp)q(ortan)o(t)149 1924 y(issue)g(b)q(ecause)g(of)g(the)g(large)f(n)o(um)o +(b)q(er)f(of)i(hosts)h(in)e(the)h(In)o(ternet.)k(The)c(k)o(ey)f(concept)g(to) +h(solv)o(e)149 2014 y(this)23 b(problem)f(is)h(the)g(delegation)f(of)i +(authorit)o(y)f(along)h(the)e(edges)i(of)f(the)g(Domain)f(Name)149 +2105 y(Space)d(tree.)27 b(Lo)q(cal)19 b(authorities)g(administer)d(their)i(o) +o(wn)h(zones.)28 b(They)18 b(k)o(eep)f(the)i(data)g(base)149 +2195 y(consisten)o(t)12 b(and)g(ha)o(v)o(e)f(autonomous)h(con)o(trol)g(of)g +(name)e(assignmen)o(ts.)19 b(This)12 b(delegation)g(sc)o(heme)149 +2285 y(tak)o(es)k(a)o(w)o(a)o(y)g(the)g(load)h(from)e(cen)o(tral)g +(authorities.)223 2376 y(It)e(is)h(imp)q(ortan)o(t)f(to)h(understand)h(that)g +(the)e(organizational)i(to)q(ol)g(of)f(delegation)g(of)g(author-)149 +2466 y(it)o(y)f(includes)g(the)g(resp)q(onsibilit)o(y)f(for)i(the)f +(delegated)g(en)o(tit)o(y)l(.)19 b(There)13 b(is)h(no)g(delegation)f(without) +149 2556 y(resp)q(onsibilit)o(y)l(.)p eop +%%Page: 24 33 +32 bop 1901 -100 a Fo(24)149 75 y(2.7.3)49 b(Occurrence)15 +b(of)i(Errors)223 197 y(Sev)o(eral)12 b(error)i(situations)g(can)g(o)q(ccur)g +(during)h(name)d(serv)o(er)h(and)h(resolv)o(er)f(op)q(eration.)21 +b(The)149 287 y(header)13 b(section)g(of)g(ev)o(ery)f(DNS)h(message)f(con)o +(tains)h(the)g(\014eld)g(\\R)o(CODE,")g(a)h(4)f(bit)g(\014eld)f(that)i(is)149 +378 y(part)h(of)f(a)h(resp)q(onse)g(\(see)f(section)f(2.4.2\).)21 +b(The)14 b(con)o(ten)o(ts)g(of)g(the)g(\\R)o(CODE")h(\014eld)f(determines)149 +468 y(whic)o(h)i(error)g(has)h(o)q(ccurred)f(while)g(pro)q(cessing)h(the)f +(query:)222 600 y Fj(\017)24 b Fo(if)16 b(a)h(name)e(serv)o(er)g(is)h(unable) +g(to)h(in)o(terpret)e(a)h(query)l(,)f(it)h(\015ags)h(a)g(\\F)l(ormat)f +(Error")222 732 y Fj(\017)24 b Fo(if)19 b(a)g(name)f(serv)o(er)g(is)h(unable) +g(to)h(pro)q(cess)f(a)h(query)e(b)q(ecause)i(of)f(a)h(problem)d(with)i(that) +271 822 y(serv)o(er,)c(it)h(\015ags)h(a)g(\\Serv)o(er)e(F)l(ailure")222 +954 y Fj(\017)24 b Fo(if)16 b(an)g(authoritativ)o(e)f(name)f(serv)o(er)h(for) +h(a)g(zone)g(determines)d(that)j(the)f(referenced)g(name)271 +1044 y(do)q(es)i(not)g(exist,)e(a)i(\\Name)e(Error")i(is)f(\015agged.)222 +1176 y Fj(\017)24 b Fo(if)f(a)h(serv)o(er)e(do)q(es)i(not)g(supp)q(ort)g(the) +f(requested)f(kind)h(of)h(query)l(,)f(it)g(returns)g(a)h(\\Not)271 +1266 y(Impleme)o(n)o(ted")13 b(error)222 1398 y Fj(\017)24 +b Fo(if)17 b(a)h(name)e(serv)o(er)g(do)q(es)i(not)f(w)o(an)o(t)h(to)f(pro)o +(vide)f(the)h(information)g(a)g(resolv)o(er)f(ask)o(ed)h(for)271 +1488 y(in)j(a)h(query)l(,)f(it)g(returns)g(the)g(\\Refused")h(co)q(de.)33 +b(This)20 b(is)g(one)h(example)d(of)j(the)f(serv)o(er)271 1578 +y(refusing)d(to)f(p)q(erform)f(a)i(sp)q(eci\014ed)f(op)q(eration)h(for)f(p)q +(olicy)g(reasons)149 1744 y(2.8)50 b(Example:)19 b(Name)c(Resolution)223 +1883 y(This)h(section)h(con)o(tains)f(a)h(simple)e(example)f(for)j(a)g(name)e +(resolution)i(using)g(a)g(mec)o(hanism)149 1974 y(based)e(on)f(the)f(clien)o +(t{serv)o(er)e(paradigm.)20 b(A)13 b(generic)g(resolution)g(example)f(is)h +(sho)o(wn)i(in)e(Figure)149 2064 y(2.6)k(with)f(a)h(short)g(explanation)f(of) +g(the)g(steps)h(in)f(table)g(2.2.)223 2154 y(A)10 b(resolv)o(er)g(forms)g(a)h +(query)g(of)g(some)f(kind)g(and)i(w)o(an)o(ts)f(to)g(retriev)o(e)e(the)i +(resp)q(onse)h(con)o(taining)149 2245 y(the)i(answ)o(er)g(to)g(its)f(query)g +(from)f(the)i(name)e(serv)o(er)h(A.)f(This)i(name)e(serv)o(er)h(A)g(could)g +(b)q(e)h(running)149 2335 y(on)21 b(the)f(same)f(host)i(with)e(the)h(resolv)o +(er)f(soft)o(w)o(are,)i(on)f(a)h(host)f(in)g(the)g(lo)q(cal)g(net)o(w)o(ork)f +(of)i(the)149 2425 y(resolv)o(er,)h(on)g(a)g(host)g(somewhere)e(in)h(the)h +(net,)g(or)g(on)g(one)f(of)h(the)f(hosts)i(serving)e(the)g(ro)q(ot)149 +2515 y(domains.)42 b(Assuming)22 b(that)i(A)f(do)q(es)h(not)g(kno)o(w)f(the)g +(requested)g(information,)h(it)e(tries)h(to)149 2606 y(retriev)o(e)16 +b(it)i(from)e(other)i(name)f(serv)o(ers.)25 b(The)18 b(selection)f(of)h(whic) +o(h)f(name)f(serv)o(ers)h(to)i(con)o(tact)p eop +%%Page: 25 34 +33 bop 1901 -100 a Fo(25)374 1345 y @beginspecial 0 @llx 0 +@lly 309 @urx 294 @ury 3090 @rwi @setspecial +%%BeginDocument: pictures/res_expl.ps +/$F2psDict 200 dict def +$F2psDict begin +$F2psDict /mtrx matrix put +/l {lineto} bind def +/m {moveto} bind def +/s {stroke} bind def +/n {newpath} bind def +/gs {gsave} bind def +/gr {grestore} bind def +/clp {closepath} bind def +/graycol {dup dup currentrgbcolor 4 -2 roll mul 4 -2 roll mul +4 -2 roll mul setrgbcolor} bind def +/col-1 {} def +/col0 {0 0 0 setrgbcolor} bind def +/col1 {0 0 1 setrgbcolor} bind def +/col2 {0 1 0 setrgbcolor} bind def +/col3 {0 1 1 setrgbcolor} bind def +/col4 {1 0 0 setrgbcolor} bind def +/col5 {1 0 1 setrgbcolor} bind def +/col6 {1 1 0 setrgbcolor} bind def +/col7 {1 1 1 setrgbcolor} bind def + /DrawEllipse { + /endangle exch def + /startangle exch def + /yrad exch def + /xrad exch def + /y exch def + /x exch def + /savematrix mtrx currentmatrix def + x y translate xrad yrad scale 0 0 1 startangle endangle arc + savematrix setmatrix + } def + + end +/$F2psBegin {$F2psDict begin /$F2psEnteredState save def} def +/$F2psEnd {$F2psEnteredState restore end} def + +$F2psBegin +0 setlinecap 0 setlinejoin +-7.0 301.0 translate 0.900 -0.900 scale +1.000 setlinewidth +n 253.000 163.000 m 249.000 179.000 l 245.000 163.000 l gs 2 setlinejoin col-1 s gr + [6.000000] 0 setdash +n 179.000 179.000 70.000 180.000 0.000 arc +gs col-1 s gr + [] 0 setdash +n 39 179 32 32 0 360 DrawEllipse gs col-1 s gr +n 179 39 32 32 0 360 DrawEllipse gs col-1 s gr +n 179 179 32 32 0 360 DrawEllipse gs col-1 s gr +n 319 179 32 32 0 360 DrawEllipse gs col-1 s gr +n 149 184 m 69 184 l gs col-1 s gr +n 85.000 188.000 m 69.000 184.000 l 85.000 180.000 l gs 2 setlinejoin col-1 s gr +n 69 174 m 149 174 l gs col-1 s gr +n 133.000 170.000 m 149.000 174.000 l 133.000 178.000 l gs 2 setlinejoin col-1 s gr +n 209 174 m 289 174 l gs col-1 s gr +n 273.000 170.000 m 289.000 174.000 l 273.000 178.000 l gs 2 setlinejoin col-1 s gr +n 289 184 m 209 184 l gs col-1 s gr +n 225.000 188.000 m 209.000 184.000 l 225.000 180.000 l gs 2 setlinejoin col-1 s gr +n 174 284 m 174 209 l gs col-1 s gr +n 170.000 225.000 m 174.000 209.000 l 178.000 225.000 l gs 2 setlinejoin col-1 s gr +n 184 209 m 184 284 l gs col-1 s gr +n 188.000 268.000 m 184.000 284.000 l 180.000 268.000 l gs 2 setlinejoin col-1 s gr +n 174 149 m 174 69 l gs col-1 s gr +n 170.000 85.000 m 174.000 69.000 l 178.000 85.000 l gs 2 setlinejoin col-1 s gr +n 184 69 m 184 149 l gs col-1 s gr +n 188.000 133.000 m 184.000 149.000 l 180.000 133.000 l gs 2 setlinejoin col-1 s gr +n 146 284 m 139 284 139 327 7 arcto 4 {pop} repeat 139 334 212 334 7 arcto 4 {pop} repeat 219 334 219 291 7 arcto 4 {pop} repeat 219 284 146 284 7 arcto 4 {pop} repeat clp gs col-1 s gr +/Times-Bold findfont 12.00 scalefont setfont +174 169 m +gs 1 -1 scale (A) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +174 29 m +gs 1 -1 scale (C) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +314 169 m +gs 1 -1 scale (D) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +34 169 m +gs 1 -1 scale (B) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +24 199 m +gs 1 -1 scale (server) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +24 184 m +gs 1 -1 scale (name) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +164 199 m +gs 1 -1 scale (server) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +164 184 m +gs 1 -1 scale (name) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +304 199 m +gs 1 -1 scale (server) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +304 184 m +gs 1 -1 scale (name) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +164 59 m +gs 1 -1 scale (server) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +164 44 m +gs 1 -1 scale (name) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +154 314 m +gs 1 -1 scale (resolver) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +139 249 m +gs 1 -1 scale (query) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +189 249 m +gs 1 -1 scale (answer) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +89 169 m +gs 1 -1 scale (referral) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +144 104 m +gs 1 -1 scale (query) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +214 169 m +gs 1 -1 scale (query) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +189 104 m +gs 1 -1 scale (referral) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +99 199 m +gs 1 -1 scale (query) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +229 199 m +gs 1 -1 scale (answer) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +79 199 m +gs 1 -1 scale (2) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +134 169 m +gs 1 -1 scale (3) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +159 84 m +gs 1 -1 scale (4) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +274 169 m +gs 1 -1 scale (6) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +194 279 m +gs 1 -1 scale (8) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +194 144 m +gs 1 -1 scale (5) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +219 199 m +gs 1 -1 scale (7) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +159 224 m +gs 1 -1 scale (1) col-1 show gr +$F2psEnd +%%EndDocument + @endspecial 654 1590 a(Figure)16 b(2.6)33 b(Example)15 b(name)g(resolution) +149 1774 y(dep)q(ends)i(on)g(the)f(name)g(to)g(b)q(e)h(resolv)o(ed.)k(The)16 +b(decision)g(pro)q(cess)h(ab)q(out)h(this)e(c)o(hoice)f(is)h(giv)o(en)149 +1864 y(in)f(sections)f(2.9.2)h(and)g(2.9.3)g(where)g(w)o(e)f(explain)f(the)i +(algorithms)f(used)g(b)o(y)h(name)e(serv)o(ers)h(and)149 1954 +y(resolv)o(ers.)223 2045 y(The)f(con)o(tacted)g(name)g(serv)o(ers)g(return)g +(an)h(answ)o(er)g(to)g(the)f(query)g(to)h(the)g(requesting)f(name)149 +2135 y(serv)o(er,)f(or)i(they)e(return)h(a)g(referral)f(to)h(another)h(name)e +(serv)o(er)f(that)j(is)e(more)g(lik)o(ely)e(to)k(kno)o(w)f(the)149 +2225 y(answ)o(er.)27 b(W)l(e)17 b(neither)g(consider)h(the)f(o)q(ccurrence)g +(of)i(exceptions)e(or)h(errors)g(in)f(this)h(example,)149 2316 +y(nor)g(cac)o(hing)f(issues.)26 b(P)o(ossible)17 b(return)g(co)q(des)h(in)f +(resp)q(onses)i(are)e(giv)o(en)g(in)g(section)g(2.4.2)h(and)149 +2406 y(are)f(further)f(explained)f(in)h(section)g(2.7.3.)223 +2496 y(As)e(so)q(on)j(as)e(one)g(of)g(the)g(con)o(tacted)f(name)g(serv)o(ers) +g(returns)h(an)g(answ)o(er)h(to)f(A,)f(A)g(resp)q(onds)149 +2586 y(to)j(the)f(original)g(query)g(of)g(the)g(resolv)o(er)f(with)h(the)g +(retriev)o(ed)f(answ)o(er.)p eop +%%Page: 26 35 +34 bop 1901 -100 a Fo(26)574 101 y(T)l(able)17 b(2.2)32 b(Example)15 +b(steps)h(in)g(name)f(resolution)452 232 y(Step)p 571 259 2 +91 v 49 w(Action)p 427 261 1246 2 v 452 324 a(1)p 571 351 2 +91 v 120 w(Name)g(serv)o(er)g(A)h(receiv)o(es)e(a)j(query)e(from)g(the)h +(resolv)o(er)452 414 y(2)p 571 441 V 120 w(A)g(queries)f(B)452 +505 y(3)p 571 532 V 120 w(B)h(refers)g(A)g(to)g(other)h(name)e(serv)o(ers,)g +(incl.)20 b(C)452 595 y(4)p 571 622 V 120 w(A)c(queries)f(C)452 +685 y(5)p 571 712 V 120 w(C)i(refers)f(A)f(to)i(other)f(name)f(serv)o(ers,)g +(incl.)20 b(D)452 775 y(6)p 571 802 V 120 w(A)c(queries)f(D)452 +866 y(7)p 571 893 V 120 w(D)i(answ)o(ers)452 956 y(8)p 571 +983 V 120 w(D)g(returns)f(the)g(answ)o(er)h(to)f(the)g(resolv)o(er)149 +1211 y(2.9)50 b(The)16 b(Domain)f(Name)g(System)g(Proto)q(col)223 +1351 y(The)f(o\016cial)f(design)h(do)q(cumen)o(ts)f([Mo)q(c87a)q(])h(and)h +([Mo)q(c87b])f(state)g(and)h(describ)q(e)f(concepts)149 1441 +y(and)23 b(facilities,)d(implem)o(en)o(tati)o(on)g(and)i(sp)q(eci\014cation.) +36 b(In)22 b(the)f(follo)o(wing)g(sections,)h(w)o(e)g(will)149 +1532 y(discuss)c(topics)g(related)f(to)h(the)g(data)h(structures)e(and)i +(data)f(organization,)h(and)g(presen)o(t)e(the)149 1622 y(name)c(serv)o(er)g +(and)i(the)f(resolv)o(er)f(algorithm)g(on)h(a)h(fairly)e(high)h(lev)o(el.)19 +b(W)l(e)14 b(get)g(in)o(to)f(more)g(detail)149 1712 y(where)j(it)g(is)g +(necessary)g(to)h(examine)d(the)i(w)o(eak)g(p)q(oin)o(ts)g(of)h(the)f(proto)q +(col.)223 1802 y(The)11 b(data)g(structures)g(and)h(the)e(algorithms)h(are)g +(the)f(basis)i(for)f(the)g(analysis)g(of)g(the)g(proto)q(col)149 +1893 y(later)16 b(in)g(this)g(thesis.)149 2053 y(2.9.1)49 b(Data)18 +b(Structures)223 2175 y(Tw)o(o)f(principal)e(kinds)h(of)h(data)g(app)q(ear)h +(in)e(the)g(Domain)g(Name)f(System:)20 b(zone)d(data)g(and)149 +2265 y(cac)o(he)f(data.)223 2356 y(A)11 b(zone)i(con)o(tains)f(a)h(complete)d +(database)j(for)g(a)f(particular)g(pruned)h(subtree)f(of)g(the)g(domain)149 +2446 y(name)19 b(space.)32 b(This)20 b(data)h(can)f(b)q(e)g(authoritativ)o(e) +f(if)g(it)h(is)f(the)h(original)g(database)h(managed)149 2536 +y(for)16 b(this)g(particular)f(zone)h(b)o(y)f(a)h(primary)e(or)i(secondary)g +(name)f(serv)o(er.)20 b(Otherwise)15 b(it)g(is)g(non{)149 2627 +y(authoritativ)o(e)i(data.)24 b(Secondary)17 b(serv)o(ers)f(main)o(tain)f +(zone)i(data)h(as)f(copies)g(from)f(the)h(master)p eop +%%Page: 27 36 +35 bop 1901 -100 a Fo(27)149 75 y(\014les.)21 b(Name)13 b(serv)o(ers)g(c)o +(hec)o(k)g(p)q(erio)q(dically)h(for)h(c)o(hanges)g(\(for)g(a)g(c)o(hanged)f +(serial)g(n)o(um)o(b)q(er)f(in)i(the)149 165 y(SO)o(A)h(records\))g(and)h(up) +q(date)f(their)g(data)h(b)o(y)e(reading)i(the)f(master)f(\014les,)g(or)h(via) +g(zone)g(transfer)149 255 y(op)q(erations.)223 346 y(As)f(w)o(e)g(will)f +(describ)q(e)h(in)g(Section)g(2.3.2,)h(the)f(tec)o(hnology)g(of)h(cac)o(hing) +f(is)g(a)h(k)o(ey)f(concept)g(in)149 436 y(the)k(Domain)f(Name)f(System.)27 +b(The)19 b(cac)o(hed)f(data)i(usually)e(represen)o(ts)g(only)h(an)g +(incomplete)149 526 y(view)d(of)h(zone)g(information.)k(It)16 +b(impro)o(v)o(es)e(the)j(p)q(erformance)e(of)i(the)g(retriev)m(al)e(pro)q +(cess)i(when)149 616 y(non{lo)q(cal)e(data)f(is)f(rep)q(eatedly)g(accessed.) +20 b(Zone)13 b(data)i(is)e(ev)o(en)o(tually)e(discarded)i(b)o(y)g(a)h +(timeout)149 707 y(mec)o(hanism.)223 797 y(The)h(implem)o(en)n(tation)e(of)j +(the)f(Domain)f(Name)g(System)g(is)h(not)g(limited)e(to)i(a)h(certain)f(data) +149 887 y(structure,)i(but)g(is)f(free)g(to)h(c)o(ho)q(ose)h(an)o(y)e(in)o +(ternal)g(data)i(structure.)k(Ho)o(w)o(ev)o(er,)15 b(it)h(is)h(suggested)149 +978 y(b)o(y)e(the)g(standard)i(that)f(a)f(separate)h(instance)f(of)h(the)f +(data)h(structure)f(b)q(e)g(used)h(for)f(eac)o(h)g(zone,)149 +1068 y(a)20 b(data)g(structure)e(for)h(the)g(catalog,)h(and)f(one)h(for)f +(the)f(cac)o(hed)h(data.)30 b(It)18 b(is)h(imp)q(ortan)o(t)f(that)149 +1158 y(resolv)o(er)g(and)h(name)f(serv)o(er)f(can)i(concurren)o(tly)f(access) +g(the)h(same)e(cac)o(he)h(when)h(they)f(are)h(on)149 1248 y(the)d(same)g(mac) +o(hine.)j(In)d(Section)f(2.10.1)i(w)o(e)f(go)h(in)o(to)f(more)f(detail)g(on)i +(this)f(p)q(oin)o(t.)149 1408 y(2.9.2)49 b(Name)15 b(Serv)o(er)g(Algorithm) +223 1531 y(The)k(impleme)o(n)o(tation)e(of)j(the)g(name)e(serv)o(er)h +(algorithm,)g(whic)o(h)g(is)h(giv)o(en)e(in)i(Figure)f(2.7)149 +1621 y(dep)q(ends)g(on)g(the)f(lo)q(cal)g(op)q(erating)h(system)e(and)i(data) +g(structures)f(used)g(to)h(store)f(RRs.)27 b(The)149 1711 y(algorithms)14 +b(of)i(the)e(name)g(serv)o(er)g(and)h(the)g(resolv)o(er)e(assume)h(an)i +(organization)f(of)h(the)e(data)i(as)149 1802 y(describ)q(ed)g(in)g(the)g +(previous)g(section:)21 b(sev)o(eral)15 b(tree)h(structures,)f(one)i(for)f +(eac)o(h)g(zone.)223 1892 y(In)c(the)h(follo)o(wing)g(presen)o(tation)f(of)i +(the)f(algorithm)e(w)o(e)i(sta)o(y)g(close)g(to)g(the)g(outline)f(sp)q +(eci\014ed)149 1982 y(in)k([Mo)q(c87a)q(].)209 2127 y(1.)24 +b(Set)13 b(or)h(clear)e(the)h(RA)g(bit)g(in)g(the)g(resp)q(onse)h(dep)q +(ending)f(on)h(whether)f(the)g(name)f(serv)o(er)g(is)271 2217 +y(willing)f(to)g(pro)o(vide)g(recursiv)o(e)e(service.)18 b(If)11 +b(recursiv)o(e)f(service)g(is)h(a)o(v)m(ailable)f(and)i(requested)271 +2307 y(via)k(the)g(RD)h(bit)f(in)f(the)h(query)l(,)f(branc)o(h)i(to)f(step)h +(5,)f(otherwise)g(step)g(2.)209 2439 y(2.)24 b(Searc)o(h)e(the)g(a)o(v)m +(ailable)f(zones)i(for)f(the)g(zone)g(whic)o(h)g(is)f(the)h(nearest)h +(ancestor)f(to)h(the)271 2529 y(queried)15 b(name.)20 b(If)c(suc)o(h)g(a)h +(zone)f(is)g(found,)g(branc)o(h)h(to)f(step)h(3,)f(otherwise)g(step)g(4.)p +eop +%%Page: 28 37 +36 bop 1901 -100 a Fo(28)187 2020 y @beginspecial 0 @llx 0 +@lly 378 @urx 436 @ury 3780 @rwi @setspecial +%%BeginDocument: pictures/ns_alg.ps +/$F2psDict 200 dict def +$F2psDict begin +$F2psDict /mtrx matrix put +/l {lineto} bind def +/m {moveto} bind def +/s {stroke} bind def +/n {newpath} bind def +/gs {gsave} bind def +/gr {grestore} bind def +/clp {closepath} bind def +/graycol {dup dup currentrgbcolor 4 -2 roll mul 4 -2 roll mul +4 -2 roll mul setrgbcolor} bind def +/col-1 {} def +/col0 {0 0 0 setrgbcolor} bind def +/col1 {0 0 1 setrgbcolor} bind def +/col2 {0 1 0 setrgbcolor} bind def +/col3 {0 1 1 setrgbcolor} bind def +/col4 {1 0 0 setrgbcolor} bind def +/col5 {1 0 1 setrgbcolor} bind def +/col6 {1 1 0 setrgbcolor} bind def +/col7 {1 1 1 setrgbcolor} bind def + end +/$F2psBegin {$F2psDict begin /$F2psEnteredState save def} def +/$F2psEnd {$F2psEnteredState restore end} def + +$F2psBegin +0 setlinecap 0 setlinejoin +-18.0 454.0 translate 0.900 -0.900 scale +0.500 setlinewidth +n 194 149 m 209 149 l gs col-1 s gr +n 201.000 147.000 m 209.000 149.000 l 201.000 151.000 l gs 2 setlinejoin col-1 s gr +1.000 setlinewidth +n 19 39 m 379 39 l gs col-1 s gr +n 19 79 m 379 79 l gs col-1 s gr +n 19 119 m 379 119 l gs col-1 s gr +n 39 359 m 39 139 l 379 139 l gs col-1 s gr +n 39 199 m 379 199 l gs col-1 s gr +n 39 259 m 379 259 l gs col-1 s gr +n 19 359 m 379 359 l gs col-1 s gr +n 19 419 m 379 419 l gs col-1 s gr +n 19 459 m 379 459 l gs col-1 s gr +n 19 504 m 19 19 l 379 19 l 379 504 l 19 504 l gs col-1 s gr +n 19 499 m 379 499 l gs col-1 s gr +0.500 setlinewidth +n 369 169 m 399 169 l 399 44 l 379 44 l gs col-1 s gr +n 387.000 46.000 m 379.000 44.000 l 387.000 42.000 l gs 2 setlinejoin col-1 s gr +n 289 69 m 419 69 l 419 424 l 379 424 l gs col-1 s gr +n 387.000 426.000 m 379.000 424.000 l 387.000 422.000 l gs 2 setlinejoin col-1 s gr +n 24 34 m 24 44 l gs col-1 s gr +n 26.000 36.000 m 24.000 44.000 l 22.000 36.000 l gs 2 setlinejoin col-1 s gr +n 24 74 m 24 84 l gs col-1 s gr +n 26.000 76.000 m 24.000 84.000 l 22.000 76.000 l gs 2 setlinejoin col-1 s gr +n 24 114 m 24 124 l gs col-1 s gr +n 26.000 116.000 m 24.000 124.000 l 22.000 116.000 l gs 2 setlinejoin col-1 s gr +n 24 354 m 24 364 l gs col-1 s gr +n 26.000 356.000 m 24.000 364.000 l 22.000 356.000 l gs 2 setlinejoin col-1 s gr +n 24 454 m 24 464 l gs col-1 s gr +n 26.000 456.000 m 24.000 464.000 l 22.000 456.000 l gs 2 setlinejoin col-1 s gr +n 179 109 m 439 109 l 439 364 l 379 364 l gs col-1 s gr +n 387.000 366.000 m 379.000 364.000 l 387.000 362.000 l gs 2 setlinejoin col-1 s gr +n 349 189 m 399 189 l 399 464 l 379 464 l gs col-1 s gr +n 387.000 466.000 m 379.000 464.000 l 387.000 462.000 l gs 2 setlinejoin col-1 s gr +n 264 249 m 439 249 l gs col-1 s gr +n 431.000 247.000 m 439.000 249.000 l 431.000 251.000 l gs 2 setlinejoin col-1 s gr +n 209 349 m 399 349 l gs col-1 s gr +n 391.000 347.000 m 399.000 349.000 l 391.000 351.000 l gs 2 setlinejoin col-1 s gr +n 309 409 m 399 409 l gs col-1 s gr +n 391.000 407.000 m 399.000 409.000 l 391.000 411.000 l gs 2 setlinejoin col-1 s gr +n 259 209 m 274 209 l gs col-1 s gr +n 266.000 207.000 m 274.000 209.000 l 266.000 211.000 l gs 2 setlinejoin col-1 s gr +/Times-Roman findfont 12.00 scalefont setfont +24 54 m +gs 1 -1 scale (1.\)) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +39 54 m +gs 1 -1 scale (set or clear recursion available flag) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +39 74 m +gs 1 -1 scale (If recursive service available and requested, then ) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +24 94 m +gs 1 -1 scale (2.\)) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +39 114 m +gs 1 -1 scale (If no such zone found, then) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +24 134 m +gs 1 -1 scale (3.\)) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +39 134 m +gs 1 -1 scale (match down, label by label, in the zone. Termination of process:) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +54 154 m +gs 1 -1 scale (whole QNAME is matched) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +214 154 m +gs 1 -1 scale (node is found.) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +54 174 m +gs 1 -1 scale (If data in node is CNAME \(!= QTYPE\), expand QNAME and) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +54 214 m +gs 1 -1 scale (match takes us out of authoritative data ) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +279 214 m +gs 1 -1 scale (referral) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +54 234 m +gs 1 -1 scale (copy RR of NS-record in authority section, and put available ) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +54 274 m +gs 1 -1 scale (match is impossible. look for wildcard "*". If no "*" exists) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +64 294 m +gs 1 -1 scale (then: If name is original QNAME, set authoritative name error) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +79 314 m +gs 1 -1 scale (in the response and exit, otherwise just exit.) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +64 334 m +gs 1 -1 scale (else: match RRs at that node against QTYPE, copy matches) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +79 354 m +gs 1 -1 scale (into answer section and) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +24 374 m +gs 1 -1 scale (4.\)) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +39 374 m +gs 1 -1 scale (match down in the cache. If CNAME is found, copy all RRs into) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +39 394 m +gs 1 -1 scale (answer section. If there was no delegation from auth. data, put) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +39 414 m +gs 1 -1 scale (best one from the cache into the authoritative section.) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +24 434 m +gs 1 -1 scale (5.\)) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +39 434 m +gs 1 -1 scale (use local resolver, or copy of the algorithm to answer query.) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +39 454 m +gs 1 -1 scale (Store the results \(incl. interm. CNAMEs\) in the answer section.) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +24 474 m +gs 1 -1 scale (6.\)) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +39 474 m +gs 1 -1 scale (use local data only, attempt to add other RRs which may be useful) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +39 494 m +gs 1 -1 scale (to the additional section of the query. Exit.) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +369 164 m +gs 1 -1 scale (1) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +294 64 m +gs 1 -1 scale (5) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +184 104 m +gs 1 -1 scale (4) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +269 244 m +gs 1 -1 scale (4) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +354 184 m +gs 1 -1 scale (6) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +314 404 m +gs 1 -1 scale (6) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +39 154 m +gs 1 -1 scale ( a\)) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +39 214 m +gs 1 -1 scale ( b\)) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +39 274 m +gs 1 -1 scale ( c\)) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +24 34 m +gs 1 -1 scale (0.\)) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +39 34 m +gs 1 -1 scale (incoming query) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +39 94 m +gs 1 -1 scale (search available zones for zone that is nearest answer to QNAME) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +54 194 m +gs 1 -1 scale (copy all RRs that match QTYPE into answer section and) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +214 344 m +gs 1 -1 scale (6) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +54 254 m +gs 1 -1 scale (addresses in the additional section, and) col-1 show gr +$F2psEnd +%%EndDocument + @endspecial 682 2265 a(Figure)16 b(2.7)32 b(Name)15 b(serv)o(er)g(algorithm) +209 2449 y(3.)24 b(Start)16 b(matc)o(hing)d(the)h(name)g(in)h(the)f(zone,)h +(lab)q(el)f(b)o(y)g(lab)q(el.)21 b(The)15 b(matc)o(hing)e(pro)q(cess)i(can) +271 2539 y(terminate)g(sev)o(eral)g(w)o(a)o(ys:)p eop +%%Page: 29 38 +37 bop 1901 -100 a Fo(29)292 75 y(\(a\))25 b(If)15 b(the)h(whole)h(queried)e +(name)g(is)h(matc)o(hed,)e(w)o(e)i(ha)o(v)o(e)f(found)i(the)f(no)q(de.)379 +186 y(If)21 b(the)h(data)g(at)h(the)e(no)q(de)i(is)e(a)i(canonical)e(name,)h +(and)g(the)g(queried)f(t)o(yp)q(e)g(w)o(as)379 277 y(not)f(CNAME,)f(cop)o(y)h +(the)g(canonical)g(name)f(resource)h(records)g(in)o(to)g(the)g(answ)o(er)379 +367 y(section)14 b(of)h(the)g(resp)q(onse,)g(c)o(hange)g(the)f(queried)g +(name)f(to)i(the)g(canonical)f(name)g(in)379 457 y(the)i(CNAME)f(RR)h(and)h +(go)g(bac)o(k)f(to)h(step)f(1.)379 569 y(Otherwise)e(cop)o(y)g(all)g +(resource)g(records)g(whic)o(h)g(matc)o(h)f(the)h(queried)g(t)o(yp)q(e)g(in)o +(to)g(the)379 659 y(answ)o(er)i(section)g(and)h(go)g(to)g(step)f(6.)289 +770 y(\(b\))25 b(If)15 b(a)g(matc)o(h)f(w)o(ould)i(tak)o(e)e(us)i(out)g(of)g +(the)f(authoritativ)o(e)g(data,)g(w)o(e)g(ha)o(v)o(e)g(a)h(referral.)379 +861 y(This)d(happ)q(ens)h(when)e(w)o(e)h(encoun)o(ter)f(a)h(no)q(de)h(with)e +(name)g(serv)o(er)g(resource)g(records)379 951 y(marking)j(cuts)h(along)h +(the)f(b)q(ottom)g(of)h(a)f(zone.)379 1063 y(Cop)o(y)h(the)f(name)g(serv)o +(er)g(resource)g(records)h(for)g(the)g(subzone)g(in)o(to)f(the)h(authorit)o +(y)379 1153 y(section)h(of)i(the)f(reply)l(.)29 b(Put)19 b(whatev)o(er)g +(addresses)h(are)f(a)o(v)m(ailable)f(in)o(to)h(the)g(addi-)379 +1243 y(tional)13 b(section,)h(using)g(glue)f(resource)g(records)h(if)f(the)g +(addresses)h(are)g(not)g(a)o(v)m(ailable)379 1334 y(from)h(authoritativ)o(e)g +(data)j(or)e(the)g(cac)o(he.)21 b(Go)c(to)f(step)g(4.)295 1445 +y(\(c\))24 b(If)15 b(at)i(some)e(lab)q(el,)h(a)g(matc)o(h)f(is)h(imp)q +(ossible,)e(lo)q(ok)j(to)g(see)e(if)h(a)h(\\)p Fq(\003)p Fo(")g(lab)q(el)f +(exists.)379 1556 y(If)e(the)h(\\)p Fq(\003)p Fo(")h(lab)q(el)f(do)q(es)h +(not)f(exist,)g(c)o(hec)o(k)e(whether)i(the)g(name)f(w)o(e)g(are)i(lo)q +(oking)f(for)379 1647 y(is)i(the)h(original)g(name)e(in)i(the)g(query)l(,)e +(or)j(a)f(name)f(w)o(e)g(ha)o(v)o(e)g(follo)o(w)o(ed)g(b)q(ecause)h(of)379 +1737 y(a)e(CNAME.)g(If)g(the)g(name)f(is)h(original,)g(set)g(an)h +(authoritativ)o(e)f(name)f(error)i(in)f(the)379 1827 y(resp)q(onse)h(and)g +(exit.)j(Otherwise)15 b(just)i(exit.)379 1939 y(If)i(the)h(\\)p +Fq(\003)p Fo(")g(lab)q(el)g(do)q(es)h(exist,)e(matc)o(h)g(resource)g(records) +h(at)h(that)f(no)q(de)g(against)379 2029 y(the)f(queried)g(t)o(yp)q(e.)31 +b(If)20 b(an)o(y)f(matc)o(h,)g(cop)o(y)g(them)f(in)o(to)i(the)f(answ)o(er)h +(section,)g(but)379 2119 y(set)d(the)g(o)o(wner)g(of)h(the)f(resource)g +(record)g(to)h(b)q(e)f(the)g(queried)f(name,)g(and)i(not)g(the)379 +2210 y(no)q(de)f(with)f(the)g(\\)p Fq(\003)p Fo(")h(lab)q(el.)j(Go)d(to)g +(step)f(6.)209 2342 y(4.)24 b(Start)e(matc)o(hing)f(do)o(wn)h(in)f(the)h(cac) +o(he.)36 b(If)22 b(the)f(name)g(is)g(found)h(in)g(the)f(cac)o(he,)h(cop)o(y) +271 2432 y(all)d(resource)f(records)h(attac)o(hed)g(to)g(it)g(that)g(matc)o +(h)e(the)i(query)f(t)o(yp)q(e)g(in)o(to)h(the)f(answ)o(er)271 +2522 y(section.)30 b(If)19 b(there)g(w)o(as)h(no)f(delegation)g(from)g +(authoritativ)o(e)f(data,)j(lo)q(ok)f(for)f(the)g(b)q(est)271 +2612 y(one)d(from)e(the)g(cac)o(he,)g(and)i(put)f(it)g(in)o(to)g(the)g +(authoritativ)o(e)f(section.)20 b(Branc)o(h)15 b(to)g(step)h(6.)p +eop +%%Page: 30 39 +38 bop 1901 -100 a Fo(30)209 75 y(5.)24 b(Use)16 b(the)g(lo)q(cal)f(resolv)o +(er)g(or)h(a)h(cop)o(y)e(of)i(its)e(algorithm)g(to)h(answ)o(er)h(the)e(query) +l(.)21 b(Store)16 b(the)271 165 y(results,)21 b(including)e(an)o(y)h(in)o +(termediate)d(canonical)j(names,)g(in)g(the)g(answ)o(er)g(section)g(of)271 +255 y(the)c(resp)q(onse.)209 387 y(6.)24 b(Use)15 b(lo)q(cal)f(data)i(only)l +(,)e(attempt)f(to)i(add)g(other)g(resource)f(records)h(whic)o(h)f(ma)o(y)f(b) +q(e)i(useful)271 477 y(to)i(the)f(additional)g(section)g(of)h(the)f(query)l +(.)k(Exit.)149 637 y(2.9.3)49 b(Resolv)o(er)16 b(Algorithm)187 +1974 y @beginspecial 0 @llx 0 @lly 378 @urx 238 @ury 3780 @rwi +@setspecial +%%BeginDocument: pictures/res_alg.ps +/$F2psDict 200 dict def +$F2psDict begin +$F2psDict /mtrx matrix put +/l {lineto} bind def +/m {moveto} bind def +/s {stroke} bind def +/n {newpath} bind def +/gs {gsave} bind def +/gr {grestore} bind def +/clp {closepath} bind def +/graycol {dup dup currentrgbcolor 4 -2 roll mul 4 -2 roll mul +4 -2 roll mul setrgbcolor} bind def +/col-1 {} def +/col0 {0 0 0 setrgbcolor} bind def +/col1 {0 0 1 setrgbcolor} bind def +/col2 {0 1 0 setrgbcolor} bind def +/col3 {0 1 1 setrgbcolor} bind def +/col4 {1 0 0 setrgbcolor} bind def +/col5 {1 0 1 setrgbcolor} bind def +/col6 {1 1 0 setrgbcolor} bind def +/col7 {1 1 1 setrgbcolor} bind def + end +/$F2psBegin {$F2psDict begin /$F2psEnteredState save def} def +/$F2psEnd {$F2psEnteredState restore end} def + +$F2psBegin +0 setlinecap 0 setlinejoin +-18.0 256.0 translate 0.900 -0.900 scale +1.000 setlinewidth +n 19 279 m 379 279 l gs col-1 s gr +n 39 199 m 379 199 l gs col-1 s gr +n 39 239 m 379 239 l gs col-1 s gr +n 39 159 m 379 159 l gs col-1 s gr +n 39 119 m 379 119 l gs col-1 s gr +n 19 99 m 379 99 l gs col-1 s gr +n 19 79 m 379 79 l gs col-1 s gr +n 19 59 m 379 59 l gs col-1 s gr +n 19 39 m 379 39 l gs col-1 s gr +n 19 19 m 19 284 l 379 284 l 379 19 l 19 19 l gs col-1 s gr +n 39 119 m 39 279 l gs col-1 s gr +0.500 setlinewidth +n 189 149 m 399 149 l 399 64 l 379 64 l gs col-1 s gr +n 387.000 66.000 m 379.000 64.000 l 387.000 62.000 l gs 2 setlinejoin col-1 s gr +n 329 229 m 419 229 l 419 44 l 379 44 l gs col-1 s gr +n 387.000 46.000 m 379.000 44.000 l 387.000 42.000 l gs 2 setlinejoin col-1 s gr +n 229 269 m 439 269 l 439 84 l 379 84 l gs col-1 s gr +n 387.000 86.000 m 379.000 84.000 l 387.000 82.000 l gs 2 setlinejoin col-1 s gr +n 24 34 m 24 44 l gs col-1 s gr +n 26.000 36.000 m 24.000 44.000 l 22.000 36.000 l gs 2 setlinejoin col-1 s gr +n 24 54 m 24 64 l gs col-1 s gr +n 26.000 56.000 m 24.000 64.000 l 22.000 56.000 l gs 2 setlinejoin col-1 s gr +n 24 74 m 24 84 l gs col-1 s gr +n 26.000 76.000 m 24.000 84.000 l 22.000 76.000 l gs 2 setlinejoin col-1 s gr +n 24 94 m 24 104 l gs col-1 s gr +n 26.000 96.000 m 24.000 104.000 l 22.000 96.000 l gs 2 setlinejoin col-1 s gr +/Times-Roman findfont 12.00 scalefont setfont +24 34 m +gs 1 -1 scale (0.\)) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +24 54 m +gs 1 -1 scale (1.\)) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +39 54 m +gs 1 -1 scale (If the answer is in the local information, return it to the client) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +24 74 m +gs 1 -1 scale (2.\)) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +24 94 m +gs 1 -1 scale (3.\)) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +39 94 m +gs 1 -1 scale (Send them queries until one returns a response.) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +24 114 m +gs 1 -1 scale (4.\)) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +39 114 m +gs 1 -1 scale (Analyze the response:) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +54 134 m +gs 1 -1 scale (if the response contains an answer or a name error, cache it) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +54 154 m +gs 1 -1 scale (and return it to the client.) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +54 174 m +gs 1 -1 scale (if the response contains a better delegation to other servers,) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +54 194 m +gs 1 -1 scale (cache the delegation, and) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +54 214 m +gs 1 -1 scale (if the response shows a CNAME and that is not the answer ) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +54 234 m +gs 1 -1 scale (itself, cache it, change SNAME to canonical name and ) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +54 254 m +gs 1 -1 scale (if the response shows a servers failure or bizarre results,) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +54 274 m +gs 1 -1 scale (delete the server from SLIST and) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +334 224 m +gs 1 -1 scale (1) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +194 144 m +gs 1 -1 scale (2) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +234 264 m +gs 1 -1 scale (3) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +39 134 m +gs 1 -1 scale ( a\)) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +39 174 m +gs 1 -1 scale ( b\)) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +39 214 m +gs 1 -1 scale ( c\)) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +39 254 m +gs 1 -1 scale ( d\)) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +39 34 m +gs 1 -1 scale (incoming query) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +39 74 m +gs 1 -1 scale (Find the best servers to ask) col-1 show gr +$F2psEnd +%%EndDocument + @endspecial 724 2219 a(Figure)g(2.8)33 b(Resolv)o(er)15 b(algorithm)223 +2434 y(The)k(resolv)o(er)g(acts)h(as)g(the)f(in)o(terface)g(b)q(et)o(w)o(een) +f(a)i(user)g(program)f(and)i(the)e(name)g(serv)o(er)149 2524 +y(describ)q(ed)j(in)g(Figure)g(2.9)h(and)g(p)q(erforms)f(three)f(main)g +(actions)i(to)g(map)e(the)i(query)e(to)i(an)149 2614 y(answ)o(er.)f(The)17 +b(algorithm)e(\(see)h(Figure)g(2.8)h(and)g(the)f(follo)o(wing)g(list)g(for)h +(details\))f(tries)f(to)i(\014nd)p eop +%%Page: 31 40 +39 bop 1901 -100 a Fo(31)149 75 y(the)17 b(information)e(lo)q(cally)h +(\014rst.)23 b(If)16 b(that)h(do)q(es)g(not)g(succeed,)f(it)g(sends)h(the)f +(query)g(to)h(the)f(b)q(est)149 165 y(serv)o(er)d(to)h(ask.)20 +b(As)14 b(so)q(on)h(as)f(a)g(reply)e(returns,)i(it)f(c)o(hec)o(ks)f(for)h +(answ)o(er,)h(name)f(error,)g(delegation,)149 255 y(canonical)j(name)e +(expansion,)h(or)h(failure)e(of)i(the)f(serv)o(er)f(and)i(reacts)f(prop)q +(erly)l(.)20 b(The)c(follo)o(wing)149 346 y(steps)h(describ)q(e)f(the)g +(algorithm)f(in)h(more)f(detail.)20 b(They)c(are)g(deriv)o(ed)f(from)g([Mo)q +(c87a)q(]:)209 486 y(1.)24 b(See)15 b(if)g(the)g(answ)o(er)h(to)f(the)h +(query)e(is)h(in)g(the)g(lo)q(cal)h(information,)e(and)i(if)e(so,)i(return)f +(it)g(to)271 576 y(the)h(clien)o(t.)209 707 y(2.)24 b(Find)16 +b(the)g(b)q(est)h(serv)o(ers)e(to)i(ask.)209 838 y(3.)24 b(Send)17 +b(them)d(queries)h(un)o(til)h(one)g(returns)g(a)h(resp)q(onse.)209 +969 y(4.)24 b(Analyze)15 b(the)h(resp)q(onse:)292 1111 y(\(a\))25 +b(if)18 b(the)h(resp)q(onse)g(answ)o(ers)h(the)e(question)h(or)g(con)o(tains) +g(a)h(name)d(error,)j(cac)o(he)e(the)379 1202 y(data)f(as)g(w)o(ell)e(as)h +(return)g(it)g(to)h(the)f(clien)o(t.)289 1312 y(\(b\))25 b(if)d(the)h(resp)q +(onse)g(con)o(tains)g(a)h(b)q(etter)e(delegation)h(to)g(other)g(serv)o(ers,)h +(cac)o(he)e(the)379 1402 y(delegation)16 b(information,)e(and)j(go)g(to)g +(step)f(2.)295 1512 y(\(c\))24 b(if)16 b(the)h(resp)q(onse)h(sho)o(ws)g(a)f +(CNAME)f(whic)o(h)h(is)f(not)i(the)f(answ)o(er)g(itself,)f(cac)o(he)g(the)379 +1602 y(CNAME,)e(c)o(hange)i(the)f(queried)f(name)h(to)h(the)f(canonical)g +(name)g(in)g(the)g(CNAME)379 1693 y(RR)h(and)h(go)g(to)f(step)g(1.)289 +1803 y(\(d\))25 b(if)16 b(the)h(resp)q(onse)g(sho)o(ws)h(a)g(serv)o(er)d +(failure)h(or)i(other)f(bizarre)f(con)o(ten)o(ts,)g(delete)g(the)379 +1893 y(serv)o(er)f(from)g(the)h(serv)o(er)f(list)h(and)h(go)g(bac)o(k)e(to)i +(step)f(3.)149 2059 y(2.10)50 b(In)o(teraction)15 b(of)i(Name)d(Serv)o(er)h +(and)i(Resolv)o(er)223 2198 y(Name)e(serv)o(er)g(and)j(resolv)o(er)d(in)o +(teract)h(mainly)f(b)o(y)h(passing)i(data)g(bac)o(k)e(and)i(forth.)23 +b(There)149 2289 y(is)16 b(at)g(most)e(indirect)g(con)o(trol)i(\015o)o(w)f +(at)h(step)g(\014v)o(e)e(in)i(the)f(name)f(serv)o(er)g(algorithm)h(\(see)g +(Section)149 2379 y(2.9.2\).)28 b(In)18 b(the)g(case)h(that)g(a)f(resolv)o +(er)g(requests)f(recursiv)o(e)g(name)g(resolution)i(and)g(the)f(name)149 +2469 y(serv)o(er)h(pro)o(vides)g(this)g(service,)f(the)h(name)f(serv)o(er)h +(passes)h(the)f(query)g(to)h(the)f(lo)q(cal)g(resolv)o(er.)149 +2560 y(This)f(can)f(b)q(e)g(seen)f(as)i(pure)f(data)h(\015o)o(w,)f(but)g(b)q +(ecause)g(the)g(execution)f(of)h(the)g(whole)f(query)h(is)149 +2650 y(passed)g(to)g(the)f(resolv)o(er,)f(w)o(e)h(in)o(terpret)e(it)i(as)h +(con)o(trol)f(\015o)o(w.)p eop +%%Page: 32 41 +40 bop 1901 -100 a Fo(32)149 75 y(2.10.1)50 b(Data)17 b(Flo)o(w)149 +2152 y @beginspecial 0 @llx 0 @lly 432 @urx 416 @ury 4320 @rwi +@setspecial +%%BeginDocument: pictures/dns_flow.ps +/$F2psDict 200 dict def +$F2psDict begin +$F2psDict /mtrx matrix put +/l {lineto} bind def +/m {moveto} bind def +/s {stroke} bind def +/n {newpath} bind def +/gs {gsave} bind def +/gr {grestore} bind def +/clp {closepath} bind def +/graycol {dup dup currentrgbcolor 4 -2 roll mul 4 -2 roll mul +4 -2 roll mul setrgbcolor} bind def +/col-1 {} def +/col0 {0 0 0 setrgbcolor} bind def +/col1 {0 0 1 setrgbcolor} bind def +/col2 {0 1 0 setrgbcolor} bind def +/col3 {0 1 1 setrgbcolor} bind def +/col4 {1 0 0 setrgbcolor} bind def +/col5 {1 0 1 setrgbcolor} bind def +/col6 {1 1 0 setrgbcolor} bind def +/col7 {1 1 1 setrgbcolor} bind def + end +/$F2psBegin {$F2psDict begin /$F2psEnteredState save def} def +/$F2psEnd {$F2psEnteredState restore end} def + +$F2psBegin +0 setlinecap 0 setlinejoin +0.0 432.0 translate 0.900 -0.900 scale +1.000 setlinewidth + [6.000000] 0 setdash +n 68.375 129.000 70.625 -97.628 97.628 arc +gs col-1 s gr + [] 0 setdash +0.500 setlinewidth +n 196 99 m 189 99 189 152 7 arcto 4 {pop} repeat 189 159 282 159 7 arcto 4 {pop} repeat 289 159 289 106 7 arcto 4 {pop} repeat 289 99 196 99 7 arcto 4 {pop} repeat clp gs col-1 s gr +n 99 119 m 189 119 l gs col-1 s gr +n 181.000 117.000 m 189.000 119.000 l 181.000 121.000 l gs 2 setlinejoin col-1 s gr +n 289 119 m 379 119 l gs col-1 s gr +n 371.000 117.000 m 379.000 119.000 l 371.000 121.000 l gs 2 setlinejoin col-1 s gr +n 379 139 m 289 139 l gs col-1 s gr +n 297.000 141.000 m 289.000 139.000 l 297.000 137.000 l gs 2 setlinejoin col-1 s gr +n 189 139 m 99 139 l gs col-1 s gr +n 107.000 141.000 m 99.000 139.000 l 107.000 137.000 l gs 2 setlinejoin col-1 s gr +n 196 199 m 189 199 189 252 7 arcto 4 {pop} repeat 189 259 282 259 7 arcto 4 {pop} repeat 289 259 289 206 7 arcto 4 {pop} repeat 289 199 196 199 7 arcto 4 {pop} repeat clp gs col-1 s gr +n 386 299 m 379 299 379 352 7 arcto 4 {pop} repeat 379 359 472 359 7 arcto 4 {pop} repeat 479 359 479 306 7 arcto 4 {pop} repeat 479 299 386 299 7 arcto 4 {pop} repeat clp gs col-1 s gr +n 6 299 m -1 299 -1 352 7 arcto 4 {pop} repeat -1 359 92 359 7 arcto 4 {pop} repeat 99 359 99 306 7 arcto 4 {pop} repeat 99 299 6 299 7 arcto 4 {pop} repeat clp gs col-1 s gr +n 269 199 m 269 159 l gs col-1 s gr +n 267.000 167.000 m 269.000 159.000 l 271.000 167.000 l gs 2 setlinejoin col-1 s gr +n 269 259 m 269 299 l gs col-1 s gr +n 271.000 291.000 m 269.000 299.000 l 267.000 291.000 l gs 2 setlinejoin col-1 s gr +n 209 299 m 209 259 l gs col-1 s gr +n 207.000 267.000 m 209.000 259.000 l 211.000 267.000 l gs 2 setlinejoin col-1 s gr +n 209 159 m 209 199 l gs col-1 s gr +n 211.000 191.000 m 209.000 199.000 l 207.000 191.000 l gs 2 setlinejoin col-1 s gr +n 289 319 m 379 319 l gs col-1 s gr +n 371.000 317.000 m 379.000 319.000 l 371.000 321.000 l gs 2 setlinejoin col-1 s gr +n 379 339 m 289 339 l gs col-1 s gr +n 297.000 341.000 m 289.000 339.000 l 297.000 337.000 l gs 2 setlinejoin col-1 s gr +n 269 359 m 269 419 l 379 419 l gs col-1 s gr +n 371.000 417.000 m 379.000 419.000 l 371.000 421.000 l gs 2 setlinejoin col-1 s gr +n 379 439 m 209 439 l 209 359 l gs col-1 s gr +n 207.000 367.000 m 209.000 359.000 l 211.000 367.000 l gs 2 setlinejoin col-1 s gr +n 99 329 m 189 329 l gs col-1 s gr +n 181.000 327.000 m 189.000 329.000 l 181.000 331.000 l gs 2 setlinejoin col-1 s gr +n 11 304 m 4 304 4 347 7 arcto 4 {pop} repeat 4 354 87 354 7 arcto 4 {pop} repeat 94 354 94 311 7 arcto 4 {pop} repeat 94 304 11 304 7 arcto 4 {pop} repeat clp gs col-1 s gr +n 201 204 m 194 204 194 247 7 arcto 4 {pop} repeat 194 254 277 254 7 arcto 4 {pop} repeat 284 254 284 211 7 arcto 4 {pop} repeat 284 204 201 204 7 arcto 4 {pop} repeat clp gs col-1 s gr +n 6 99 m -1 99 -1 152 7 arcto 4 {pop} repeat -1 159 92 159 7 arcto 4 {pop} repeat 99 159 99 106 7 arcto 4 {pop} repeat 99 99 6 99 7 arcto 4 {pop} repeat clp gs col-1 s gr +1.000 setlinewidth + [6.000000] 0 setdash +n 334 19 m 334 479 l gs col-1 s gr + [] 0 setdash +0.500 setlinewidth +n 386 99 m 379 99 379 152 7 arcto 4 {pop} repeat 379 159 472 159 7 arcto 4 {pop} repeat 479 159 479 106 7 arcto 4 {pop} repeat 479 99 386 99 7 arcto 4 {pop} repeat clp gs 0.95 setgray fill gr +gs col-1 s gr +n 386 404 m 379 404 379 457 7 arcto 4 {pop} repeat 379 464 472 464 7 arcto 4 {pop} repeat 479 464 479 411 7 arcto 4 {pop} repeat 479 404 386 404 7 arcto 4 {pop} repeat clp gs 0.95 setgray fill gr +gs col-1 s gr +n 196 299 m 189 299 189 352 7 arcto 4 {pop} repeat 189 359 282 359 7 arcto 4 {pop} repeat 289 359 289 306 7 arcto 4 {pop} repeat 289 299 196 299 7 arcto 4 {pop} repeat clp gs 0.95 setgray fill gr +gs col-1 s gr +1.000 setlinewidth +n 34 44 m 159 44 l gs col-1 s gr +n 374 44 m 464 44 l gs col-1 s gr + [6.000000] 0 setdash +n -1 59 m 59 59 l gs col-1 s gr + [] 0 setdash + [6.000000] 0 setdash +n -1 199 m 59 199 l gs col-1 s gr + [] 0 setdash + [6.000000] 0 setdash +n -1 229 m 334 229 l gs col-1 s gr + [] 0 setdash +/Times-Bold findfont 24.00 scalefont setfont +39 39 m +gs 1 -1 scale (Local Host) col-1 show gr +/Times-Bold findfont 24.00 scalefont setfont +194 139 m +gs 1 -1 scale (resolver) col-1 show gr +/Times-Bold findfont 24.00 scalefont setfont +9 324 m +gs 1 -1 scale (master) col-1 show gr +/Times-Bold findfont 24.00 scalefont setfont +194 249 m +gs 1 -1 scale (database) col-1 show gr +/Times-Bold findfont 24.00 scalefont setfont +204 349 m +gs 1 -1 scale (server) col-1 show gr +/Times-Bold findfont 24.00 scalefont setfont +389 324 m +gs 1 -1 scale (foreign) col-1 show gr +/Times-Bold findfont 24.00 scalefont setfont +384 349 m +gs 1 -1 scale (resolver) col-1 show gr +/Times-Bold findfont 24.00 scalefont setfont +399 139 m +gs 1 -1 scale (name) col-1 show gr +/Times-Bold findfont 24.00 scalefont setfont +399 444 m +gs 1 -1 scale (name) col-1 show gr +/Times-Bold findfont 24.00 scalefont setfont +379 39 m +gs 1 -1 scale (Foreign) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +104 154 m +gs 1 -1 scale (user responses) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +274 184 m +gs 1 -1 scale (references) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +124 184 m +gs 1 -1 scale (cache additions) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +114 114 m +gs 1 -1 scale (user queries) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +209 454 m +gs 1 -1 scale (maintenance responses) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +274 284 m +gs 1 -1 scale (references) col-1 show gr +/Times-Bold findfont 24.00 scalefont setfont +394 459 m +gs 1 -1 scale (server) col-1 show gr +/Times-Bold findfont 24.00 scalefont setfont +394 154 m +gs 1 -1 scale (server) col-1 show gr +/Times-Bold findfont 24.00 scalefont setfont +389 119 m +gs 1 -1 scale (foreign) col-1 show gr +/Times-Bold findfont 24.00 scalefont setfont +389 424 m +gs 1 -1 scale (foreign) col-1 show gr +/Times-Bold findfont 24.00 scalefont setfont +209 324 m +gs 1 -1 scale (name) col-1 show gr +/Times-Bold findfont 24.00 scalefont setfont +204 224 m +gs 1 -1 scale (shared) col-1 show gr +/Times-Bold findfont 24.00 scalefont setfont +24 144 m +gs 1 -1 scale (prg.) col-1 show gr +/Times-Bold findfont 24.00 scalefont setfont +24 124 m +gs 1 -1 scale (user) col-1 show gr +/Times-Bold findfont 24.00 scalefont setfont +24 349 m +gs 1 -1 scale (files) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +309 154 m +gs 1 -1 scale (responses) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +314 114 m +gs 1 -1 scale (queries) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +309 314 m +gs 1 -1 scale (responses) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +314 354 m +gs 1 -1 scale (queries) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +294 414 m +gs 1 -1 scale (maintenance) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +309 434 m +gs 1 -1 scale (queries) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +154 284 m +gs 1 -1 scale (refreshes) col-1 show gr +$F2psEnd +%%EndDocument + @endspecial 584 2396 a(Figure)f(2.9)33 b(Data)17 b(\015o)o(w)g(b)q(et)o(w)o +(een)e(DNS)h(en)o(tities)p eop +%%Page: 33 42 +41 bop 1901 -100 a Fo(33)223 75 y(The)21 b(data)i(\015o)o(w)f(b)q(et)o(w)o +(een)f(Domain)g(Name)f(System)h(en)o(tities)f(is)h(not)i(limited)c(to)j +(simple)149 165 y(queries)f(and)h(resp)q(onses,)i(illustrated)c(in)i(Figure)f +(2.9.)37 b(W)l(e)22 b(distinguish)f(among)h(four)g(parts)149 +255 y(that)d(in)o(teract)e(with)h(eac)o(h)f(other:)25 b(the)18 +b(user)g(program,)g(the)g(resolv)o(er,)f(the)h(name)f(serv)o(er,)g(and)149 +346 y(an)g(unkno)o(wn)g(subnet)f(that)h(can)f(con)o(tain)g(foreign)h(name)e +(serv)o(ers)g(and)i(resolv)o(ers.)223 436 y(User)12 b(program)h(and)h(resolv) +o(er)e(exc)o(hange)g(user)i(queries)e(and)h(user)h(resp)q(onses.)21 +b(In)13 b(the)f(BIND)149 526 y(impleme)o(n)o(tation)17 b(of)k(the)f(Domain)f +(Name)f(System,)h(this)h(exc)o(hange)g(is)g(done)g(b)o(y)f(calling)h(the)149 +616 y(system)h(calls)g(\\gethostb)o(y)o(addr\(\)")i(and)f(\\gethostb)o +(yname\(\)".)37 b(As)22 b(can)f(b)q(e)h(seen)g(here,)g(the)149 +707 y(usage)14 b(of)f(the)g(Domain)f(Name)f(System)h(is)g(completely)e +(transparen)o(t)j(to)h(the)e(user)h(who)h(requests)149 797 +y(name)f(resolution.)20 b(The)14 b(same)f(system)f(call)h(in)o(terface)f(can) +i(b)q(e)g(used)g(when)g(the)f(Domain)g(Name)149 887 y(System)i(is)h(replaced) +g(b)o(y)f(another)i(mapping)f(mec)o(hanism)d(\(for)j(example)e(static)i +(mapping\).)223 978 y(Lo)q(cal)d(resolv)o(ers)f(comm)o(unic)o(ate)e(with)j +(foreign)f(name)g(serv)o(ers)g(via)g(the)g(exc)o(hange)h(of)f(queries)149 +1068 y(and)22 b(resp)q(onses,)g(as)g(do)q(es)f(a)h(lo)q(cal)e(name)g(serv)o +(er)g(with)g(foreign)h(name)f(serv)o(ers)g(or)h(resolv)o(ers.)149 +1158 y(Queries)i(are)g(alw)o(a)o(ys)g(sen)o(t)g(to)g(a)h(name)e(serv)o(er)g +(and)h(resp)q(onses)h(go)g(the)f(rev)o(erse)f(direction.)149 +1248 y(When)d(name)f(serv)o(ers)g(comm)o(uni)o(cate,)e(they)i(exc)o(hange)g +(zone)h(data)h(or)f(main)o(tenance)d(queries)149 1339 y(and)h(resp)q(onses.)k +(Under)15 b(the)h(assumption)f(that)h(the)f(lo)q(cal)g(name)g(serv)o(er)f(is) +h(a)h(primary)e(serv)o(er,)149 1429 y(it)i(gets)h(its)f(primary)e(zone)i +(data)i(from)d(the)h(master)f(\014les.)223 1519 y(Both)j(name)f(serv)o(er)g +(and)h(resolv)o(er)f(usually)h(main)o(tain)f(a)h(cac)o(he.)26 +b(It)18 b(is)g(not)g(un)o(usual)h(for)f(a)149 1610 y(name)e(serv)o(er)f(and)i +(a)f(resolv)o(er)f(that)i(run)f(on)h(a)g(single)f(host)g(to)h(share)g(this)f +(database.)149 1770 y(2.10.2)50 b(Shared)16 b(Information)223 +1892 y(A)d(shared)i(cac)o(he)e(can)i(b)q(e)f(accessed)g(b)o(y)g(resolv)o(er)f +(and)i(name)e(serv)o(er.)19 b(Resolv)o(ers)13 b(pro)o(vide)h(as)149 +1982 y(cac)o(he)k(additions)h(whatev)o(er)f(they)h(learn)f(from)g(the)g(resp) +q(onses)i(to)f(their)f(queries.)27 b(They)19 b(also)149 2073 +y(consult)d(the)f(cac)o(he)g(and)h(retriev)o(e)d(data)k(from)d(it.)21 +b(Name)14 b(serv)o(ers)g(also)i(reference)e(the)h(cac)o(he)g(to)149 +2163 y(answ)o(er)i(queries)e(and)i(pro)o(vide)e(refreshes)h(from)f(lo)q(cal)h +(authoritativ)o(e)g(data.)223 2253 y(A)g(database)j(that)f(is)f(shared)h +(concurren)o(tly)d(b)o(y)i(man)o(y)f(pro)q(cesses)i(m)o(ust)e(b)q(e)h +(protected)g(b)o(y)149 2343 y(sync)o(hronization)c(mec)o(hanism)o(s.)18 +b(The)12 b(additional)h(complexit)o(y)c(in)k(dealing)f(with)g(the)h(problems) +149 2434 y(a)g(shared)f(database)h(brings)f(with)f(it)g(is)h(amortized)e(b)o +(y)h(the)g(gain)i(in)e(p)q(erformance)f(and)j(e\016ciency)149 +2524 y(of)21 b(the)f(system)f(in)h(total.)34 b(It)19 b(is)i(ob)o(vious)f +(that)h(successful)e(lo)q(okups)j(in)e(the)g(lo)q(cal)g(cac)o(he)f(are)149 +2614 y(preferred)13 b(o)o(v)o(er)g(sending)h(queries)f(to)i(remote)d(mac)o +(hines)g(with)h(no)i(b)q(ounds)g(on)g(ho)o(w)f(long)g(it)g(will)p +eop +%%Page: 34 43 +42 bop 1901 -100 a Fo(34)149 75 y(tak)o(e)16 b(them)e(to)i(reply)l(.)k(Main)o +(taining)c(a)g(larger)g(cac)o(he)f(shared)h(b)q(et)o(w)o(een)f(t)o(w)o(o)h +(en)o(tities)e(increases)149 165 y(the)i(probabilit)o(y)g(of)g(\014nding)h(a) +g(matc)o(h)d(in)i(the)g(cac)o(he.)p eop +%%Page: 35 44 +43 bop 1901 -100 a Fo(35)323 342 y(3.)33 b(DESCRIPTION)16 b(AND)g(DEMONSTRA)l +(TION)e(OF)i(WEAKNESSES)223 516 y(This)22 b(c)o(hapter)f(concen)o(trates)g +(on)i(the)f(description)f(and)h(demonstration)g(of)g(the)f(cen)o(tral)149 +606 y(problem)15 b(of)i(this)f(thesis.)223 696 y(W)l(e)22 b(\014rst)h(giv)o +(e)f(an)h(abstract)g(statemen)o(t)e(of)i(the)f(problem.)39 +b(W)l(e)23 b(state)g(it)f(again)h(in)g(the)149 787 y(follo)o(wing)h(section,) +i(but)e(in)g(a)h(more)e(concrete)g(fashion)i(directly)e(related)g(to)i(the)f +(Domain)149 877 y(Name)14 b(System.)20 b(W)l(e)15 b(talk)g(ab)q(out)i(the)e +(general)g(features)h(in)f(the)g(Domain)g(Name)f(System)g(that)149 +967 y(facilitate)h(the)h(exploitation)g(of)g(the)g(problem.)223 +1057 y(The)i(follo)o(wing)h(section)f(giv)o(es)g(details)g(of)h(regular)f +(remote)f(mac)o(hine)g(access)h(and)i(sev)o(eral)149 1148 y(approac)o(hes)k +(of)f(ho)o(w)h(to)f(exploit)f(the)h(problem)e(to)j(gain)f(unauthorized)g +(access.)42 b(W)l(e)23 b(then)149 1238 y(talk)f(ab)q(out)h(our)f(implem)o(en) +o(tation)d(test)j(en)o(vironmen)o(t)d(and)j(describ)q(e)f(the)h(exp)q(erimen) +o(ts)d(w)o(e)149 1328 y(p)q(erformed)14 b(to)h(supp)q(ort)i(the)d(claim)f +(that)i(this)g(securit)o(y)e(\015a)o(w)j(is)e(exploitable.)20 +b(The)15 b(concluding)149 1419 y(section)h(of)h(this)f(c)o(hapter)g(presen)o +(ts)g(the)g(exp)q(eriences)e(w)o(e)i(gained)h(from)e(our)h(exp)q(erimen)o +(ts.)223 1509 y(Figure)i(3.1)g(sho)o(ws)i(the)e(setup)g(of)h(mac)o(hines)d +(and)j(their)f(names.)27 b(It)18 b(serv)o(es)f(as)i(a)g(running)149 +1599 y(example)11 b(in)i(this)g(c)o(hapter.)20 b(A)12 b(detailed)g +(description)h(of)g(this)g(setup)g(is)g(giv)o(en)f(in)h(Section)f(3.5.1.)149 +1765 y(3.1)50 b(Statemen)o(t)14 b(of)i(the)g(Problem)223 1904 +y(Authen)o(ticit)o(y)11 b(is)j(based)h(on)g(the)f(iden)o(tit)o(y)f(of)h(some) +g(en)o(tit)o(y)l(.)k(This)d(en)o(tit)o(y)e(has)i(to)f(pro)o(v)o(e)g(that)149 +1994 y(it)19 b(is)g(gen)o(uine.)30 b(In)19 b(man)o(y)f(net)o(w)o(ork)h +(applications)g(the)g(iden)o(tit)o(y)e(of)j(participating)f(en)o(tities)f(is) +149 2085 y(simply)f(determined)f(b)o(y)j(their)f(names)f(or)j(addresses.)29 +b(High)18 b(lev)o(el)f(applications)i(use)f(mainly)149 2175 +y(names)f(for)h(authen)o(tication)f(purp)q(oses,)i(b)q(ecause)e(address)i +(lists)e(are)g(m)o(uc)o(h)f(harder)i(to)g(create,)149 2265 +y(understand,)f(and)g(main)o(tain)d(than)j(name)e(lists.)223 +2356 y(Assuming)f(an)i(en)o(tit)o(y)e(w)o(an)o(ts)i(to)f(sp)q(o)q(of)j(the)d +(iden)o(tit)o(y)e(of)j(some)f(other)g(en)o(tit)o(y)l(,)f(it)h(is)g(in)g(some) +149 2446 y(cases)j(enough)f(to)g(c)o(hange)g(the)g(mapping)f(b)q(et)o(w)o +(een)g(its)h(lo)o(w)f(lev)o(el)f(address)j(and)f(its)g(high)g(lev)o(el)149 +2536 y(name.)j(That)d(means)e(that)i(an)f(attac)o(k)o(er)f(can)i(fak)o(e)e +(the)h(name)f(of)h(someone)f(b)o(y)h(mo)q(difying)f(the)149 +2626 y(asso)q(ciation)j(of)e(his)h(address)g(from)e(his)h(o)o(wn)g(name)g(to) +g(the)g(name)f(he)h(w)o(an)o(ts)h(to)f(imp)q(ersonate.)p eop +%%Page: 36 45 +44 bop 1901 -100 a Fo(36)224 1204 y @beginspecial 0 @llx 0 +@lly 378 @urx 265 @ury 3780 @rwi @setspecial +%%BeginDocument: pictures/d_z_setup.ps +/$F2psDict 200 dict def +$F2psDict begin +$F2psDict /mtrx matrix put +/l {lineto} bind def +/m {moveto} bind def +/s {stroke} bind def +/n {newpath} bind def +/gs {gsave} bind def +/gr {grestore} bind def +/clp {closepath} bind def +/graycol {dup dup currentrgbcolor 4 -2 roll mul 4 -2 roll mul +4 -2 roll mul setrgbcolor} bind def +/col-1 {} def +/col0 {0 0 0 setrgbcolor} bind def +/col1 {0 0 1 setrgbcolor} bind def +/col2 {0 1 0 setrgbcolor} bind def +/col3 {0 1 1 setrgbcolor} bind def +/col4 {1 0 0 setrgbcolor} bind def +/col5 {1 0 1 setrgbcolor} bind def +/col6 {1 1 0 setrgbcolor} bind def +/col7 {1 1 1 setrgbcolor} bind def + end +/$F2psBegin {$F2psDict begin /$F2psEnteredState save def} def +/$F2psEnd {$F2psEnteredState restore end} def + +$F2psBegin +0 setlinecap 0 setlinejoin +-9.0 270.0 translate 0.900 -0.900 scale +1.000 setlinewidth + [6.000000] 0 setdash +n 379 19 m 419 19 l gs col-1 s gr + [] 0 setdash + [6.000000] 0 setdash +n 379 299 m 419 299 l gs col-1 s gr + [] 0 setdash +n 99 19 m 99 39 l gs col-1 s gr +n 99 279 m 99 299 l gs col-1 s gr +n 339 19 m 339 39 l gs col-1 s gr +n 339 279 m 339 299 l gs col-1 s gr +0.500 setlinewidth +n 159 59 m 279 59 l gs col-1 s gr +n 271.000 57.000 m 279.000 59.000 l 271.000 61.000 l gs 2 setlinejoin col-1 s gr +n 77.000 107.000 m 79.000 99.000 l 81.000 107.000 l gs 2 setlinejoin col-1 s gr +n 79 99 m 79 219 l gs col-1 s gr +n 81.000 211.000 m 79.000 219.000 l 77.000 211.000 l gs 2 setlinejoin col-1 s gr +n 46 39 m 39 39 39 92 7 arcto 4 {pop} repeat 39 99 152 99 7 arcto 4 {pop} repeat 159 99 159 46 7 arcto 4 {pop} repeat 159 39 46 39 7 arcto 4 {pop} repeat clp gs 0.95 setgray fill gr +gs col-1 s gr +n 286 39 m 279 39 279 92 7 arcto 4 {pop} repeat 279 99 392 99 7 arcto 4 {pop} repeat 399 99 399 46 7 arcto 4 {pop} repeat 399 39 286 39 7 arcto 4 {pop} repeat clp gs 0.95 setgray fill gr +gs col-1 s gr +n 286 219 m 279 219 279 272 7 arcto 4 {pop} repeat 279 279 392 279 7 arcto 4 {pop} repeat 399 279 399 226 7 arcto 4 {pop} repeat 399 219 286 219 7 arcto 4 {pop} repeat clp gs 0.95 setgray fill gr +gs col-1 s gr +n 46 219 m 39 219 39 272 7 arcto 4 {pop} repeat 39 279 152 279 7 arcto 4 {pop} repeat 159 279 159 226 7 arcto 4 {pop} repeat 159 219 46 219 7 arcto 4 {pop} repeat clp gs 0.95 setgray fill gr +gs col-1 s gr +1.000 setlinewidth +n 379 19 m 39 19 l gs col-1 s gr +n 19 39 m 19 279 l gs col-1 s gr +n 39 299 m 379 299 l gs col-1 s gr +0.500 setlinewidth + [3.000000] 0 setdash +n 9 189 m 429 189 l gs col-1 s gr + [] 0 setdash +1.000 setlinewidth +n 19 279 m + 20.353 287.853 21.603 291.603 24 294 curveto + 26.397 296.397 30.147 297.647 39 299 curveto +gs col-1 s gr +n 39 19 m + 30.147 20.353 26.397 21.603 24 24 curveto + 21.603 26.397 20.353 30.147 19 39 curveto +gs col-1 s gr + 1 setlinecap [1 6.000000] 6.000000 setdash +n 319 219 m + 322.096 196.474 322.096 186.474 319 179 curveto + 316.081 171.953 306.047 161.919 299 159 curveto + 259.136 142.488 178.864 175.512 139 159 curveto + 131.953 156.081 121.919 146.047 119 139 curveto + 115.904 131.526 115.904 121.526 119 99 curveto +gs col-1 s gr + [] 0 setdash 0 setlinecap +n 112.859 114.306 m 119.000 99.000 l 120.784 115.396 l gs 2 setlinejoin col-1 s gr +/Times-Roman findfont 24.00 scalefont setfont +79 74 m +gs 1 -1 scale (NS) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +109 79 m +gs 1 -1 scale (A) col-1 show gr +/Times-Roman findfont 24.00 scalefont setfont +329 74 m +gs 1 -1 scale (H) col-1 show gr +/Times-Roman findfont 24.00 scalefont setfont +329 254 m +gs 1 -1 scale (H) col-1 show gr +/Times-Roman findfont 24.00 scalefont setfont +79 254 m +gs 1 -1 scale (NS) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +349 79 m +gs 1 -1 scale (A) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +109 259 m +gs 1 -1 scale (B) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +349 259 m +gs 1 -1 scale (B) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +139 14 m +gs 1 -1 scale (Ethernet) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +339 179 m +gs 1 -1 scale (attacked side) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +339 209 m +gs 1 -1 scale (attacking side) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +44 94 m +gs 1 -1 scale (name server) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +284 94 m +gs 1 -1 scale (host) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +44 274 m +gs 1 -1 scale (name server) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +284 274 m +gs 1 -1 scale (host) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +84 184 m +gs 1 -1 scale (exchange of DNS packets) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +144 149 m +gs 1 -1 scale (Hi! I am Bob from H) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +179 54 m +gs 1 -1 scale (Alice trusts Bob) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +44 54 m +gs 1 -1 scale (user: Alice) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +284 54 m +gs 1 -1 scale (user: Bob) col-1 show gr +/Times-Roman findfont 8.00 scalefont setfont +244 154 m +gs 1 -1 scale (A) col-1 show gr +$F2psEnd +%%EndDocument + @endspecial 717 1449 a(Figure)15 b(3.1)33 b(Exp)q(erimen)o(tal)14 +b(setup)223 1633 y(Once)k(an)i(attac)o(k)o(er)e(has)i(done)g(that,)g(an)f +(authen)o(ticator)h(can)f(no)h(longer)f(distinguish)g(b)q(e-)149 +1723 y(t)o(w)o(een)d(the)g(true)g(and)g(the)g(fak)o(ed)g(en)o(tit)o(y)l(.)223 +1813 y(This)23 b(describ)q(es)f(the)h(fundamen)o(tal)e(problem)h(on)h(whic)o +(h)f(this)h(thesis)g(is)g(based.)41 b(If)23 b(the)149 1904 +y(binding)f(pro)q(cess)f(b)q(et)o(w)o(een)g(names)f(and)i(addresses)g(cannot) +g(b)q(e)f(trusted)g(fully)l(,)g(no)h(one)f(can)149 1994 y(rely)16 +b(on)g(an)h(authen)o(tication)f(pro)q(cess)h(on)g(a)f(high)h(lev)o(el.)149 +2159 y(3.2)50 b(The)16 b(Problem)f(in)g(the)h(DNS)223 2299 +y(Man)o(y)i(securit)o(y)f(problems)h(of)h(the)g(TCP/IP)g(proto)q(col)h(suite) +e(rely)g(on)i(the)e(abilit)o(y)g(of)h(the)149 2389 y(attac)o(k)o(er)g(to)i +(sp)q(o)q(of)g(the)f(IP)g(address)g(of)h(a)f(trusted)g(mac)o(hine,)e(as)j +(describ)q(ed)e(in)h([Bel89)o(].)32 b(As)149 2479 y(hosts)19 +b(trust)f(eac)o(h)f(other,)h(usually)f(on)i(the)e(basis)h(of)g(host)h(names,) +e(an)h(attac)o(k)o(er)f(can)h(tak)o(e)f(the)149 2570 y(easier)f(approac)o(h)h +(and)g(sp)q(o)q(of)h(a)f(host's)f(name)f(instead)i(of)f(its)g(IP)g(address.)p +eop +%%Page: 37 46 +45 bop 1901 -100 a Fo(37)223 75 y(If)22 b(a)i(host)g(named)e(H)640 +82 y Fm(A)691 75 y Fo(accesses)h(another)g(host)h(named)e(NS)1409 +82 y Fm(A)1437 75 y Fo(,)j(host)f(NS)1652 82 y Fm(A)1704 75 +y Fo(accepts)f(the)149 165 y(connection)e(and)g(retriev)o(es)e(address)j +(information)e(ab)q(out)i(the)e(connecting)h(host)g(H)1773 +172 y Fm(A)1801 165 y Fo(.)35 b(Host)149 255 y(NS)213 262 y +Fm(A)260 255 y Fo(reads)19 b(host)h(H)536 262 y Fm(A)564 255 +y Fo('s)e(IP)h(address)g(and)g(con)o(v)o(erts)f(it)g(in)o(to)h(a)g(regular)g +(host)g(name.)27 b(T)l(o)20 b(bind)149 346 y(the)d(righ)o(t)g(name)e(to)j +(the)e(IP)h(address,)g(host)h(NS)1055 353 y Fm(A)1100 346 y +Fo(starts)g(a)f(Domain)f(Name)f(System)h(query)g(in)149 436 +y(the)g(rev)o(erse)f(lo)q(okup)i(tree.)223 526 y(F)l(or)j(a)g(pair)h(of)f +(mac)o(hines)e(NS)800 533 y Fm(B)847 526 y Fo(and)j(H)983 533 +y Fm(B)1030 526 y Fo(under)f(the)g(p)q(o)o(w)o(er)g(of)g(an)h(attac)o(k)o +(er,)f(with)g(NS)1922 533 y Fm(B)149 616 y Fo(running)14 b(a)f(primary)e +(name)h(serv)o(er)g(for)h(a)g(certain)f(zone,)h(and)h(H)1330 +623 y Fm(B)1369 616 y Fo(trying)f(to)g(fak)o(e)f(H)1702 623 +y Fm(A)1730 616 y Fo('s)h(iden)o(tit)o(y)l(,)149 707 y(it)20 +b(is)f(easy)h(to)g(mak)o(e)d(NS)622 714 y Fm(A)670 707 y Fo(b)q(eliev)o(e)h +(H)872 714 y Fm(B)918 707 y Fo(w)o(as)i(H)1052 714 y Fm(A)1080 +707 y Fo(.)32 b(H)1163 714 y Fm(B)1209 707 y Fo(connects)20 +b(to)g(NS)1537 714 y Fm(A)1585 707 y Fo(and)h(claims)c(to)j(b)q(e)149 +797 y(H)186 804 y Fm(A)215 797 y Fo(,)d(NS)310 804 y Fm(A)356 +797 y Fo(retriev)o(es)f(H)590 804 y Fm(B)616 797 y Fo('s)i(IP)f(address)i +(111.22.33.4)g(and)g(queries)d(the)i(name)e(4.33.22.111.in-)149 +887 y(addr.arpa)24 b(from)e(the)g(Domain)g(Name)f(System.)39 +b(One)22 b(single)h(en)o(try)e(in)i(the)f(authoritativ)o(e)149 +978 y(data)i(for)g(the)e(rev)o(erse)g(lo)q(okup)i(tree)e(for)h(NS)1025 +985 y Fm(B)1052 978 y Fo('s)g(zone)g(sp)q(eci\014es)f(the)h(IP)g +(address{to{name)149 1068 y(mapping)17 b(b)q(et)o(w)o(een)f +(4.33.22.111.in-addr.arpa)k(and)e(H)1203 1075 y Fm(B)1229 1068 +y Fo(.)25 b(If)16 b(the)h(attac)o(k)o(er)g(replaces)f(this)i(line)149 +1158 y(b)o(y)j(a)h(mapping)f(b)q(et)o(w)o(een)f(4.33.22.111.in-addr.arpa)k +(and)e(H)1338 1165 y Fm(A)1366 1158 y Fo(,)g(NS)1466 1165 y +Fm(A)1494 1158 y Fo('s)f(resolution)h(attempt)149 1248 y(will)16 +b(\014nally)f(gran)o(t)i(H)555 1255 y Fm(B)598 1248 y Fo(access)f(to)h(NS)865 +1255 y Fm(A)894 1248 y Fo(.)223 1339 y(This)d(sho)o(ws)i(the)e(simplicit)o(y) +d(of)k(an)g(attac)o(k)g(that)g(is)f(based)h(up)q(on)h(trust)f(placed)f(in)g +(the)h(data)149 1429 y(pro)o(vided)h(b)o(y)f(DNS.)g(It)h(is)g(based)g(on)g(a) +h(w)o(eakness)e(in)h(the)g(DNS,)f(not)h(an)h(easily)e(\014xable)g(bug)i(in) +149 1519 y(the)f(impleme)o(n)o(tation)e(of)i(a)h(particular)f(net)o(w)o(ork)f +(service.)223 1610 y(One)k(widely)g(accepted)h(w)o(a)o(y)f(of)i(dealing)e +(with)h(this)g(problem)f(is)g(the)h(Berk)o(eley)d(soft)o(w)o(are)149 +1700 y(patc)o(h)e(describ)q(ed)g(in)g(section)f(4.5.)22 b(Ho)o(w)o(ev)o(er,) +13 b(adding)i(an)h(additional)f(Domain)g(Name)e(System)149 +1790 y(query)19 b(of)g(the)g(determined)e(host)j(name)e(to)h(the)g(serv)o(er) +f(co)q(de)i(and)g(comparing)e(the)h(returned)149 1880 y(IP)f(addresses)g +(against)g(the)f(original)h(IP)f(address)h(for)g(a)g(matc)o(h)e(only)h(adds)h +(to)g(the)f(qualit)o(y)f(of)149 1971 y(securit)o(y;)e(it)g(do)q(es)h(not)g +(pro)o(vide)e(complete)g(securit)o(y)l(.)19 b(An)14 b(attac)o(k)o(er)g(can)g +(piggybac)o(k)g(additional)149 2061 y(resource)e(records)g(to)g(the)g(answ)o +(er)g(pac)o(k)o(et)f(to)i(the)e(\014rst)i(query)l(.)19 b(Doing)12 +b(so,)h(the)f(attac)o(k)o(er)f(p)q(oisons)149 2151 y(the)21 +b(victim')o(s)d(cac)o(he)i(with)g(false)g(information,)g(suc)o(h)g(that)h +(the)f(forw)o(ard)h(lo)q(okup)h(w)o(ould)e(not)149 2242 y(disclose)g(the)g +(attac)o(k.)33 b(In)20 b(Section)f(3.5.6)i(w)o(e)f(go)h(in)o(to)e(more)g +(detail)h(on)h(this)f(issue)g(when)g(w)o(e)149 2332 y(describ)q(e)c(our)h +(concrete)e(approac)o(h)i(of)g(cac)o(he)e(corruption.)p eop +%%Page: 38 47 +46 bop 1901 -100 a Fo(38)149 75 y(3.3)50 b(W)l(eaknesses)223 +214 y(In)15 b(this)h(section)g(w)o(e)f(describ)q(e)h(the)f(conditions)h(that) +h(m)o(ust)d(hold)j(to)f(facilitate)f(a)h(break{in.)149 305 +y(The)k(Domain)f(Name)f(System)f(is)j(w)o(eak)f(in)g(sev)o(eral)g(places.)30 +b(W)l(e)19 b(examine)f(the)h(problems)f(of)149 395 y(name{based)h(authen)o +(tication)g(pro)q(cesses,)h(trusting)f(information)f(that)i(comes)d(from)h +(an)i(un-)149 485 y(trust)o(w)o(orth)o(y)e(authorit)o(y)l(,)f(and)h +(accepting)f(additional,)g(p)q(ossibly)h(incorrect)f(information)f(that)149 +575 y(w)o(as)h(not)g(requested,)e(but)h(that)h(seems)e(to)h(pro)o(vide)g(adv) +m(an)o(tages)h(for)g(run)o(time)d(p)q(erformance.)149 735 y(3.3.1)49 +b(Assumptions)16 b(to)g(F)l(acilitate)f(Break{ins)223 858 y(In)g(our)g(setup) +h(w)o(e)f(assume)f(that)i(the)f(attac)o(k)o(er)f(has)i(complete)d(con)o(trol) +i(o)o(v)o(er)g(mac)o(hine)e(NS)1922 865 y Fm(B)149 948 y Fo(running)19 +b(a)g(legitimate)c(primary)i(name)g(serv)o(er)g(for)i(a)g(DNS)f(zone.)27 +b(This)18 b(strong)i(assumption)149 1039 y(do)q(es)g(not)f(alw)o(a)o(ys)g +(need)f(to)h(b)q(e)g(satis\014ed.)30 b(It)18 b(is)h(simply)d(the)j(easiest)f +(w)o(a)o(y)h(for)g(an)g(attac)o(k)o(er)f(if)149 1129 y(he)e(con)o(trols)f(a)h +(primary)e(name)g(serv)o(er,)g(b)q(ecause)i(of)g(its)f(capabilities)g(and)h +(the)f(fact)g(that)h(other)149 1219 y(mac)o(hines)f(b)q(eliev)o(e)f(name)h +(serv)o(ers.)223 1309 y(Dep)q(ending)g(on)g(the)g(top)q(ology)i(of)e(a)g +(real)g(net)o(w)o(ork)f(it)h(is)g(su\016cien)o(t)e(if)i(an)g(attac)o(k)o(er)g +(con)o(trols)149 1400 y(one)i(of)f(the)g(authoritativ)o(e)f(name)g(serv)o +(ers)g(for)h(the)g(particular)f(zone;)h(the)f(one)i(that)f(is)g(queried)149 +1490 y(\014rst)e(b)o(y)f(the)g(remote)e(resolv)o(er.)19 b(It)13 +b(is)g(not)h(m)o(uc)o(h)d(easier)i(for)g(an)h(attac)o(k)o(er)e(to)i(satisfy)f +(this)g(second)149 1580 y(assumption)j(than)h(the)f(\014rst)h(one.)223 +1671 y(The)c(con)o(trol)f(m)o(ust)g(include)g(the)h(asso)q(ciated)h(in)o(v)o +(erse)d(mapping)h(tree.)20 b(The)13 b(attac)o(k)o(er)f(migh)o(t)149 +1761 y(ha)o(v)o(e)j(successfully)g(sub)o(v)o(erted)g(suc)o(h)g(a)h(mac)o +(hine)e(or)i(simply)e(b)q(e)h(a)i(renegade)e(system)g(adminis-)149 +1851 y(trator.)22 b(Both)17 b(ha)o(v)o(e)e(happ)q(ened)i(in)f(the)g(past)h +(\(i.e.)j([Sto89,)c(Mad92)q(]\).)223 1941 y(W)l(e)f(can)h(relax)f(this)h +(assumption)g(further.)k(If)c(an)g(attac)o(king)g(mac)o(hine)d(manages)j(to)g +(some-)149 2032 y(ho)o(w)k(obtain)g(the)g(ID)f(n)o(um)o(b)q(er)f(of)i(a)g +(curren)o(t)f(DNS)g(query)g(to)h(a)g(legitimate)d(name)h(serv)o(er,)h(it)149 +2122 y(could)h(run)g(some)e(co)q(de)i(\(e.g.)31 b(a)20 b(to)q(ol)g(that)g +(constructs)g(the)f(resp)q(onse)h(pac)o(k)o(et)f(and)h(uses)g(the)149 +2212 y(source)e(route)f(option)g(to)h(send)f(it)g(to)g(the)g(originator)h(of) +f(a)h(query\))e(to)h(answ)o(er)h(the)f(query)f(and)149 2303 +y(supply)j(additional)g(records)g(to)h(p)q(oison)g(the)f(cac)o(he.)28 +b(The)19 b(ID)g(n)o(um)o(b)q(er)e(prediction)h(could)h(b)q(e)149 +2393 y(based)h(on)f(previously)g(receiv)o(ed)d(queries)i(and)i(kno)o(wledge)e +(on)i(ho)o(w)f(a)h(resolv)o(er)e(mo)q(di\014es)g(the)149 2483 +y(iden)o(ti\014er.)i(An)15 b(attac)o(k)h(based)g(on)h(TCP)f(sequence)f(n)o +(um)o(b)q(er)f(prediction)h(to)i(construct)f(a)g(TCP)149 2573 +y(pac)o(k)o(et)h(sequence)f(that)h(allo)o(ws)h(an)f(attac)o(k)o(er)g(to)g(sp) +q(o)q(of)i(a)f(trusted)f(host's)h(iden)o(tit)o(y)d(on)j(a)g(lo)q(cal)p +eop +%%Page: 39 48 +47 bop 1901 -100 a Fo(39)149 75 y(net)o(w)o(ork)17 b(w)o(as)h(describ)q(ed)e +(in)h([Mor85)q(].)23 b(This)18 b(example)d(sho)o(ws)j(the)f(feasibilit)o(y)e +(of)i(ID)g(n)o(um)o(b)q(er)149 165 y(prediction.)223 255 y(In)e(the)g(follo)o +(wing)h(discussion)g(w)o(e)f(will)f(assume)h(that)i(the)e(attac)o(k)o(er)g +(has)h(indeed)f(sup)q(eruser)149 346 y(access)22 b(to)f(a)h(primary)e(name)g +(serv)o(er.)35 b(With)21 b(that)h(assumption)f(in)g(place)g(w)o(e)g(decrease) +g(the)149 436 y(complexit)o(y)13 b(of)k(the)f(follo)o(wing)g(discussions.)149 +596 y(3.3.2)49 b(Authen)o(tication)15 b(via)h(Host)h(Names)223 +718 y(W)l(e)c(explained)g(in)g(the)h(in)o(tro)q(duction)f(that)h(users)g(ha)o +(v)o(e)f(to)h(b)q(e)g(authorized)g(b)o(y)f(net)o(w)o(ork)g(ser-)149 +809 y(vice)k(pro)o(viders)h(b)q(efore)g(they)g(can)g(use)g(the)g(service.)26 +b(This)18 b(authen)o(tication)g(is)g(usually)g(based)149 899 +y(on)h(the)f(v)o(eri\014cation)f(of)h(the)g(user's)g(login)g(name)f(along)i +(with)f(the)g(asso)q(ciated)h(passw)o(ord)h(and)149 989 y(the)e(host)h(name)e +(of)i(the)f(mac)o(hine)e(on)i(whic)o(h)g(the)g(user)g(starts)h(his)f +(requests.)27 b(Net)o(w)o(orks)17 b(ma)o(y)149 1079 y(b)q(e)d(classi\014ed)f +(in)o(to)g(di\013eren)o(t)f(partitions)905 1061 y Fm(1)925 +1079 y Fo(:)20 b(Closed)14 b(Net)o(w)o(orks,)e(Op)q(en)i(Net)o(w)o(orks,)e +(and)i(T)l(rusted)149 1170 y(Net)o(w)o(orks)k([PL91)q(].)26 +b(Closed)19 b(Net)o(w)o(orks)e(can)h(b)q(e)h(accessed)f(only)g(within)f +(certain)h(b)q(oundaries.)149 1260 y(Sessions)f(are)g(con)o(trolled)e(and)i +(secured)f(in)g(accordance)g(with)g(the)g(rules)g(implied)d(b)o(y)j(an)h +(orga-)149 1350 y(nization's)i(business)h(goals.)31 b(In)19 +b(a)h(Closed)g(Net)o(w)o(ork,)e(the)h(lo)q(cation)h(of)g(all)e(resources)i +(is)f(w)o(ell)149 1441 y(kno)o(wn)e(and)g(sp)q(eci\014ed.)223 +1531 y(Op)q(en)e(Net)o(w)o(orks)f(are)h(regions)h(separated)g(b)o(y)e(b)q +(oundaries)j(from)d(their)g(surroundings,)i(but)149 1621 y(the)f(transfer)g +(of)f(information)g(across)i(these)e(b)q(oundaries)h(is)g(admitted.)k(They)14 +b(are)h(augmen)o(ted)149 1711 y(b)o(y)g(publicly)f(accessible)g(parts)i(or)g +(connections)f(to)h(net)o(w)o(orks)f(o)o(wned)h(b)o(y)e(other)i(companies)e +(or)149 1802 y(organizations.)22 b(These)13 b(t)o(w)o(o)h(extensions)f(mak)o +(e)f(this)h(t)o(yp)q(e)g(of)h(net)o(w)o(ork)f(vulnerable)f(to)i(external)149 +1892 y(threats.)223 1982 y(T)l(rusted)j(Net)o(w)o(orks)g(in)o(tro)q(duce)g +(the)g(concept)h(that)f(net)o(w)o(ork)g(access)h(is)f(con)o(trolled)g(at)h +(the)149 2073 y(en)o(try)k(no)q(de.)40 b(In)22 b(the)h(case)f(of)h(large)f +(in)o(ternational)g(net)o(w)o(orks,)h(main)o(tainabilit)o(y)c(and)k(con-)149 +2163 y(trollabilit)o(y)17 b(are)h(imp)q(ortan)o(t)g(issues.)27 +b(Adopting)19 b(the)f(T)l(rusted)g(Net)o(w)o(ork)f(concept)h(allo)o(ws)h(the) +149 2253 y(decomp)q(osition)13 b(of)g(a)h(large)f(net)o(w)o(ork,)g(gro)o +(wing)h(to)o(w)o(ards)g(an)g(unmanageable)f(complexit)o(y)-5 +b(,)11 b(in)o(to)149 2343 y(relativ)o(ely)h(small)h(national)h(or)h(regional) +f(net)o(w)o(orks,)g(eac)o(h)g(supp)q(orted)h(b)o(y)f(lo)q(cal)g(sta\013,)h +(and)g(eac)o(h)149 2434 y(pro)o(vided)h(with)g(its)g(o)o(wn)g(net)o(w)o(ork)g +(access)g(con)o(trol.)21 b(The)16 b(adv)m(an)o(tages)i(are)e(increased)g(con) +o(trol-)149 2524 y(labilit)o(y)l(,)e(main)o(tainabilit)o(y)l(,)e +(manageabilit)o(y)l(,)i(and)i(simpli\014cation)e(of)i(c)o(hange)g(managemen)o +(t.)j(A)p 149 2568 720 2 v 206 2598 a Fl(1)224 2613 y Fk(A)14 +b(v)o(ery)g(similar)e(classi\014cation)h(is)h(applicable)f(to)h(systems)g(in) +f(general.)p eop +%%Page: 40 49 +48 bop 1901 -100 a Fo(40)149 75 y(T)l(rusted)12 b(Net)o(w)o(ork)f(can)h(b)q +(e)g(regarded)g(globally)g(as)g(a)g(single)g(Closed)g(Net)o(w)o(ork,)f(but)h +(from)e(a)j(lo)q(cal)149 165 y(p)q(oin)o(t)j(of)g(view,)f(the)h(in)o +(terconnected)e(net)o(w)o(orks)h(stand)i(widely)d(op)q(en)j(with)f(all)f(the) +g(applicable)149 255 y(securit)o(y)g(threats.)223 346 y(The)f(In)o(ternet)f +(is)i(a)g(system)e(of)i(T)l(rusted)g(Net)o(w)o(orks)e(within)h(Op)q(en)h(Net) +o(w)o(orks.)20 b(This)14 b(allo)o(ws)149 436 y(the)20 b(danger)f(that)h(once) +f(someone)g(has)h(falsely)e(gained)i(access)f(to)h(one)f(mac)o(hine,)f(it)h +(is)g(m)o(uc)o(h)149 526 y(simpler)12 b(to)i(sub)o(v)o(ert)e(others.)21 +b(Within)13 b(T)l(rusted)h(Net)o(w)o(orks)f(users)h(are)f(authen)o(ticated)g +(solely)g(b)o(y)149 616 y(their)j(login)h(name)e(and)i(connecting)f(host)h +(name.)k(The)c(login)f(name)g(is)g(sp)q(eci\014ed)g(b)o(y)g(the)g(con-)149 +707 y(necting)h(site,)e(and)j(therefore)e(can)g(b)q(e)h(falsi\014ed,)f(suc)o +(h)h(that)g(the)f(only)h(\\reliable")f(information)149 797 +y(left)c(for)h(the)g(addressed)g(mac)o(hine)d(is)j(the)f(connecting)g(mac)o +(hine's)f(IP)h(address)22 b(that)13 b(is)f(pro)o(vided)149 +887 y(b)o(y)17 b(an)h(op)q(erating)g(system)e(call.)24 b(The)17 +b(addressed)h(mac)o(hine)d(then)i(maps)g(the)g(IP)g(address)h(in)o(to)149 +978 y(a)e(host)g(name)e(using)i(the)f(Domain)f(Name)g(System.)19 +b(If)c(an)g(attac)o(k)o(er)g(manages)g(to)g(sub)o(v)o(ert)g(this)149 +1068 y(name)g(binding)h(call,)f(he)h(can)g(falsify)g(the)f(name)g(of)i(a)f +(mac)o(hine)e(within)i(the)f(T)l(rusted)i(Net)o(w)o(ork)149 +1158 y(and)g(therefore)f(succeed)f(in)h(his)g(attac)o(k.)149 +1318 y(3.3.3)49 b(T)l(rusting)17 b(a)g(Not)f(T)l(rust)o(w)o(orth)o(y)g +(Source)223 1441 y(Using)i(the)g(Domain)g(Name)f(System)g(to)i(map)e(the)i +(IP)f(address)h(pro)o(vided)f(b)o(y)g(lo)o(w)o(er)g(lev)o(el)149 +1531 y(proto)q(col)i(la)o(y)o(ers)d(in)o(to)h(the)g(applicable)f(host)i +(name,)f(the)g(addressed)h(host)g(blindly)e(trusts)i(the)149 +1621 y(information)e(that)h(is)f(pro)o(vided)g(b)o(y)g(the)g(Domain)g(Name)e +(System.)23 b(Information)17 b(that)h(comes)149 1711 y(from)f(sources)g +(outside)h(of)f(the)g(trusted)g(area)h(is)f(trusted.)25 b(That)18 +b(is)f(a)g(sev)o(ere)f(violation)h(of)h(the)149 1802 y(partitioning)f +(concept.)k(Only)15 b(truly)h(authoritativ)o(e)f(information)h(should)g(b)q +(e)h(trusted.)149 1962 y(3.3.4)49 b(Believing)15 b(Additional,)g(Not)h +(Authoritativ)o(e)f(Information)223 2084 y(E\016ciency)i(is)i(one)h(of)f(the) +g(stated)h(goals)g(of)g(the)f(Domain)g(Name)e(System,)h(as)i(w)o(e)f(sa)o(w)h +(in)149 2174 y(Section)13 b(2.3.2.)20 b(The)13 b(DNS)g(pac)o(k)o(et)f(con)o +(tains)h(an)h(additional)f(answ)o(er)g(section)g(\(see)f(Figure)h(2.3\),)149 +2265 y(where)19 b(name)f(serv)o(ers)g(can)h(pro)o(vide)f(resource)h(records)g +(con)o(taining)f(information)g(that)i(could)149 2355 y(come)c(in)h(handy)h +(in)f(future)g(requests,)g(but)h(that)g(w)o(ere)e(not)i(explicitly)d +(requested.)23 b(There)17 b(are)149 2445 y(situations)f(where)g(these)f +(additional)g(records)h(yield)e(in)h(system)f(e\016ciency)l(,)f(for)j +(example)e(after)149 2536 y(the)h(lo)q(okup)h(of)g(\\NS")f(records)g(when)h +(\\A")f(records)g(sp)q(ecifying)g(the)g(addresses)g(of)h(the)f(queried)149 +2626 y(name)k(serv)o(ers)f(are)i(found)g(in)f(the)g(additional)h(answ)o(er)f +(section.)31 b(That)20 b(sa)o(v)o(es)f(the)g(lo)q(okup)h(of)p +eop +%%Page: 41 50 +49 bop 1901 -100 a Fo(41)149 75 y(the)18 b(IP)g(addresses,)g(once)f(the)h +(name)f(of)h(the)f(applicable)g(name)g(serv)o(er)f(is)i(found.)26 +b(Additional)149 165 y(resource)16 b(records)h(are)f(cac)o(hed)f(for)i +(future)f(use.)223 255 y(As)j(w)o(e)g(rely)f(on)i(the)f(correctness)g(of)h +(these)f(additional)h(records)f(once)g(w)o(e)g(use)h(them,)e(w)o(e)149 +346 y(trust)23 b(information)e(that)h(comes)f(from)g(a)h(source)g(p)q +(ossibly)g(outside)g(of)h(the)e(trusted)h(scop)q(e.)149 436 +y(That)17 b(is)f(another)h(violation)f(of)h(the)f(partitioning)g(concept.)149 +601 y(3.4)50 b(Exploiting)15 b(the)h(Fla)o(ws)223 741 y(The)21 +b(follo)o(wing)h(sections)f(are)h(the)g(most)f(concrete)g(description)g(of)h +(ho)o(w)g(to)g(exploit)f(the)149 831 y(securit)o(y)f(\015a)o(w)g(in)h(the)f +(Domain)g(Name)f(System.)32 b(In)20 b(this)h(c)o(hapter)f(w)o(e)g(concen)o +(trate)g(on)h(the)149 921 y(\\rlogin")16 b(command)e(of)h(Berk)o(eley)e +(UNIX.)g(W)l(e)i(do)g(not)h(explain)f(the)g(whole)g(\\rlogin")h(proto)q(col) +149 1012 y(in)g(detail,)f(but)i(only)f(state)g(the)g(parts)h(and)g(commands)e +(that)h(are)g(related)g(to)h(our)f(in)o(terest.)149 1172 y(3.4.1)49 +b(Regular)17 b(Access)780 1414 y(T)l(able)f(3.1)33 b(Regular)16 +b(access)451 1491 y(host)h(NS)621 1498 y Fm(A)665 1491 y Fo(\()p +Fh(rlogind)p Fo(\))p 1223 1518 2 91 v 408 w(Bob@H)1409 1498 +y Fm(A)p 426 1520 1247 2 v 1223 1610 2 91 v 1248 1583 a Fg(rlogin)f +Fo(NS)1450 1590 y Fm(A)1495 1583 y Fg(-l)g(Alice)451 1673 y +Ff(getpeernam)o(e\(\))c Fj(!)k Fo(IP)917 1680 y Fm(H)943 1686 +y Fe(A)p 1223 1701 V 451 1764 a Ff(gethostbya)o(ddr)o(\()p +Fo(I)o(P)861 1771 y Fm(H)887 1777 y Fe(A)913 1764 y Ff(\))g +Fj(!)g Fo(H)1058 1771 y Fm(A)p 1223 1791 V 451 1854 a Fo(\014nd)g(en)o(try)g +(H)713 1861 y Fm(A)767 1854 y Ff(Bob)f Fo(in)h Fh(~Alice/.rhosts)p +1223 1881 V 451 1944 a Fo(gran)o(t)h(access)p 1223 1971 V 223 +2230 a(T)l(able)g(3.1)h(giv)o(es)f(the)h(pro)q(cedure)g(follo)o(w)o(ed)e +(during)i(a)g(regular)g(remote)e(login.)26 b(Time)16 b(pro-)149 +2321 y(ceeds)j(from)e(top)i(to)g(b)q(ottom)g(of)g(the)f(table.)28 +b(User)19 b(Bob)f(on)i(mac)o(hine)c(H)1536 2328 y Fm(A)1583 +2321 y Fo(w)o(an)o(ts)j(to)g(log)g(in)o(to)149 2411 y(mac)o(hine)g(NS)409 +2418 y Fm(A)437 2411 y Fo(.)36 b(The)21 b(underlying)f(proto)q(cols)i(create) +f(a)g(connection)g(b)q(et)o(w)o(een)f(the)h(\\rlogin")149 2501 +y(program)d(and)h(the)e(\\rlogind")i(daemon.)26 b(During)18 +b(the)f(authen)o(tication)h(pro)q(cess)g(the)g(daemon)149 2592 +y(retriev)o(es)f(the)g(IP)h(address)h(of)f(the)g(connecting)g(mac)o(hine:)k +(IP)1330 2599 y Fm(H)1356 2605 y Fe(A)1383 2592 y Fo(.)27 b(It)17 +b(then)h(uses)g(the)g(Domain)p eop +%%Page: 42 51 +50 bop 1901 -100 a Fo(42)149 75 y(Name)12 b(System)f(to)j(map)e(this)h +(address)g(to)h(a)f(host)h(name.)19 b(The)13 b(call)f(of)i(\\gethostb)o(y)o +(addr\(IP)1853 82 y Fm(H)1879 88 y Fe(A)1906 75 y Fo(\)")149 +165 y(do)q(es)j(that)g(and)g(returns)f(H)665 172 y Fm(A)693 +165 y Fo(.)223 255 y(The)21 b(daemon)f(then)h(c)o(hec)o(ks)f(whether)h(the)f +(user)i(from)e(the)h(mac)o(hine)d(with)j(name)f(H)1867 262 +y Fm(A)1917 255 y Fo(is)149 346 y(allo)o(w)o(ed)k(access)g(b)o(y)g(scanning)h +(the)f(en)o(tries)f(in)i(the)f(\\.rhosts")h(\014le)f(of)h(user)f(Alice.)44 +b(If)24 b(the)149 436 y(appropriate)19 b(en)o(try)d(is)i(found,)g(access)f +(is)g(gran)o(ted.)26 b(If)17 b(the)g(system)f(administrator)h(of)h(system)149 +526 y(NS)213 533 y Fm(A)258 526 y Fo(has)f(installed)f(the)g +(\\/etc/hosts.equiv")g(\014le)g(and)h(en)o(tered)e(the)i(name)e(of)h(host)i +(H)1797 533 y Fm(A)1825 526 y Fo(,)e(then)149 616 y(access)h(is)f(gran)o(ted) +g(ev)o(en)f(without)i(a)f(user)h(main)o(tained)d(en)o(try)h(in)h(\014le)g +(\\.rhosts.")149 778 y(3.4.2)49 b(The)17 b(\\Database)h(Mo)q(di\014cation")f +(Approac)o(h)514 1014 y(T)l(able)g(3.2)32 b(The)17 b(\\Database)h(Mo)q +(di\014cation")f(approac)o(h)451 1091 y(host)g(NS)621 1098 +y Fm(A)665 1091 y Fo(\()p Fh(rlogind)p Fo(\))p 1223 1118 2 +91 v 408 w(Bob@H)1409 1098 y Fm(B)p 426 1120 1247 2 v 1223 +1210 2 91 v 1248 1183 a Fg(rlogin)f Fo(NS)1450 1190 y Fm(A)1495 +1183 y Fg(-l)g(Alice)451 1273 y Ff(getpeernam)o(e\(\))c Fj(!)k +Fo(IP)917 1280 y Fm(H)943 1286 y Fe(B)p 1223 1301 V 451 1364 +a Ff(gethostbya)o(ddr)o(\()p Fo(I)o(P)861 1371 y Fm(H)887 1377 +y Fe(B)912 1364 y Ff(\))g Fj(!)g Fo(H)1057 1371 y Fm(A)p 1223 +1391 V 451 1454 a Fo(\014nd)g(en)o(try)g(H)713 1461 y Fm(A)767 +1454 y Ff(Bob)f Fo(in)h Fh(~Alice/.rhosts)p 1223 1481 V 451 +1544 a Fo(gran)o(t)h(access)p 1223 1571 V 223 1824 a(This)f(is)h(the)f +(\014rst)h(example)d(of)j(ho)o(w)g(an)h(attac)o(k)o(er)d(can)i(sp)q(o)q(of)h +(someone)e(else's)g(host)h(name.)149 1914 y(Host)22 b(H)307 +1921 y Fm(B)355 1914 y Fo(b)q(eha)o(v)o(es)e(as)i(if)f(it)g(w)o(ere)f(host)i +(H)975 1921 y Fm(A)1003 1914 y Fo(.)36 b(The)21 b(access)h(pattern)f(is)g(v)o +(ery)f(similar)f(to)j(the)149 2005 y(previous,)g(regular)f(one,)h(except)e +(that)h(the)g(call)f(of)h(\\getp)q(eername\(\)")g(no)o(w)g(returns)g(the)g +(IP)149 2095 y(address)i(of)f(host)h(H)539 2102 y Fm(B)566 +2095 y Fo(.)38 b(If)21 b(the)h(DNS)g(database)h(is)f(mo)q(di\014ed)e(b)o(y)i +(the)f(attac)o(k)o(er,)h(the)g(call)f(of)149 2185 y(\\gethostb)o(y)o +(addr\(\)")g(do)q(es)f(not)f(return)g(the)g(name)f(H)1169 2192 +y Fm(B)1215 2185 y Fo(as)h(it)g(w)o(ould)g(with)g(a)h(database)g(in)f(an)149 +2276 y(unimpaired)c(state,)h(but)g(the)g(name)f(H)880 2283 +y Fm(A)908 2276 y Fo(.)22 b(Bob@H)1105 2283 y Fm(B)1148 2276 +y Fo(\014nally)15 b(gets)i(access)f(to)h(NS)1663 2283 y Fm(A)1692 +2276 y Fo(.)149 2437 y(3.4.3)49 b(The)17 b(\\Cac)o(he)f(P)o(oisoning")h +(Approac)o(h)223 2560 y(In)j(this)h(approac)o(h)g(the)g(\\rlogind")g(daemon)f +(tries)h(to)g(enhance)f(securit)o(y)f(b)o(y)i(calling)f(the)149 +2650 y(function)g(\\gethostb)o(yname\(\)")f(to)g(v)o(erify)f(the)h(mapping)g +(from)f(IP)1431 2657 y Fm(H)1457 2663 y Fe(B)1502 2650 y Fo(to)h(H)1601 +2657 y Fm(A)1630 2650 y Fo(.)30 b(The)19 b(attac)o(k)o(er)p +eop +%%Page: 43 52 +51 bop 1901 -100 a Fo(43)580 101 y(T)l(able)16 b(3.3)33 b(The)16 +b(\\Cac)o(he)h(P)o(oisoning")g(approac)o(h)451 178 y(host)g(NS)621 +185 y Fm(A)665 178 y Fo(\()p Fh(rlogind)p Fo(\))p 1223 205 +2 91 v 408 w(Bob@H)1409 185 y Fm(B)p 426 207 1247 2 v 1223 +297 2 91 v 1248 270 a Fg(rlogin)f Fo(NS)1450 277 y Fm(A)1495 +270 y Fg(-l)g(Alice)451 360 y Ff(getpeernam)o(e\(\))c Fj(!)k +Fo(IP)917 367 y Fm(H)943 373 y Fe(B)p 1223 387 V 451 451 a +Ff(gethostbya)o(ddr)o(\()p Fo(I)o(P)861 458 y Fm(H)887 464 +y Fe(B)912 451 y Ff(\))g Fj(!)g Fo(H)1057 458 y Fm(A)p 1223 +478 V 516 541 a Fo(and)h(H)648 548 y Fm(A)692 541 y Fj(!)f +Fo(IP)809 548 y Fm(H)835 554 y Fe(B)877 541 y Fo(mapping)p +1223 568 V 451 631 a Ff(gethostbyn)o(ame)o(\()p Fo(H)849 638 +y Fm(A)875 631 y Ff(\))g Fj(!)g Fo(IP)1034 638 y Fm(H)1060 +644 y Fe(B)p 1223 658 V 451 721 a Fo(\014nd)g(en)o(try)g(H)713 +728 y Fm(A)767 721 y Ff(Bob)f Fo(in)h Fh(~Alice/.rhosts)p 1223 +749 V 451 812 a Fo(gran)o(t)h(access)p 1223 839 V 149 1067 +a(ho)o(w)o(ev)o(er)i(has)i(a)g(w)o(a)o(y)f(of)h(sub)o(v)o(erting)e(this)h +(additional)h(securit)o(y)d(feature.)33 b(He)20 b(can)g(send)h(the)149 +1157 y(additional)d(mapping)e(of)i(H)676 1164 y Fm(A)721 1157 +y Fo(to)f(IP)832 1164 y Fm(H)858 1170 y Fe(B)901 1157 y Fo(along)h(with)f +(the)g(answ)o(er)g(to)h(the)f(query)f(for)i(IP)1799 1164 y +Fm(H)1825 1170 y Fe(B)1851 1157 y Fo(.)24 b(By)149 1248 y(the)17 +b(time)d(the)i(daemon)g(calls)g(\\gethostb)o(yname\(\),")f(it)h(already)h +(has)g(the)f(necessary)g(mapping)149 1338 y(information)g(in)g(its)g(cac)o +(he.)22 b(The)16 b(daemon)g(b)q(eliev)o(es)f(the)h(cac)o(hed)g(data)h(and)g +(again)g(gran)o(ts)h(the)149 1428 y(attac)o(k)o(er)e(access.)149 +1588 y(3.4.4)49 b(The)17 b(\\Ask)f(Me!")21 b(Approac)o(h)223 +1711 y(In)16 b(the)g(previous)g(sections)h(w)o(e)f(exploited)f(the)h(securit) +o(y)f(w)o(eakness)h(of)h(the)f(Domain)g(Name)149 1801 y(System)f(according)i +(to)f(S.)g(Bello)o(vin's)e(suggestions.)223 1891 y(W)l(e)i(though)o(t)h(of)g +(another)h(w)o(a)o(y)e(to)h(exploit)f(the)g(w)o(eakness.)23 +b(If)16 b(some)g(en)o(tit)o(y)f(sen)o(t)h(a)h(source)149 1982 +y(routed)e(datagram,)f(con)o(taining)g(a)h(DNS)f(message)f(with)h(false)g +(additional)g(resource)g(records)g(to)149 2072 y(a)i(name)e(serv)o(er,)g(w)o +(ould)h(that)h(name)e(serv)o(er)g(accept)h(the)g(data?)22 b(The)15 +b(idea)g(here)g(is)g(to)h(p)q(oison)g(a)149 2162 y(name)h(serv)o(er's)f(cac)o +(he)g(with)i(all)f(necessary)g(information)f(\(for)i(rev)o(erse)e(and)i(forw) +o(ard)g(lo)q(okup\))149 2252 y(b)q(efore)f(the)f(\\rlogin")h(attac)o(k)f(is)g +(launc)o(hed.)223 2343 y(W)l(e)21 b(will)f(explain)g(in)h(Section)g(4.1)h(wh) +o(y)f(this)g(cannot)h(w)o(ork)f(using)h(source)f(routed)h(DNS)149 +2433 y(messages)14 b(directly)l(.)19 b(This)c(depriv)o(es)e(us)i(of)g(the)f +(c)o(hance)g(of)h(eliminating)d(the)i(basic)h(assumption)149 +2523 y(of)g(the)f(attac)o(k)o(er)f(ha)o(ving)h(sup)q(eruser)h(priorit)o(y)e +(on)i(a)f(primary)f(name)g(serv)o(er)g(in)h(order)g(to)h(launc)o(h)149 +2614 y(an)i(attac)o(k.)p eop +%%Page: 44 53 +52 bop 1901 -100 a Fo(44)223 75 y(Nev)o(ertheless,)13 b(the)j(idea)g(can)h(b) +q(e)f(exploited)f(in)h(another)h(w)o(a)o(y)l(,)e(on)i(a)g(higher)f(lev)o(el,) +d(and)k(far)149 165 y(more)c(elegan)o(tly)f(than)i(creating)g(and)g(sending)g +(datagrams)g(man)o(ually)l(.)k(Imagine)12 b(the)i(follo)o(wing)149 +255 y(scenario:)223 346 y(The)j(attac)o(k)o(er)f(on)i(name)e(serv)o(er)g(NS) +918 353 y Fm(B)963 346 y Fo(whishes)h(to)g(giv)o(e)g(NS)1368 +353 y Fm(A)1414 346 y Fo(wrong)h(information)e(ab)q(out)149 +436 y(the)g(mappings)222 568 y Fj(\017)24 b Fo(IP)322 575 y +Fm(H)348 581 y Fe(B)390 568 y Fj(!)16 b Fo(H)493 575 y Fm(B)520 +568 y Fo(.sub.domain.dom)149 699 y(and)222 831 y Fj(\017)24 +b Fo(H)308 838 y Fm(B)335 831 y Fo(.sub.domain.dom)14 b Fj(!)i +Fo(IP)831 838 y Fm(H)857 844 y Fe(B)883 831 y Fo(.)149 963 +y(NS)213 970 y Fm(B)256 963 y Fo(w)o(an)o(ts)h(NS)459 970 y +Fm(A)503 963 y Fo(to)g(b)q(eliev)o(e)d(the)i(mappings)222 1095 +y Fj(\017)24 b Fo(IP)322 1102 y Fm(H)348 1108 y Fe(B)390 1095 +y Fj(!)16 b Fo(H)493 1102 y Fm(A)521 1095 y Fo(.domain.dom)149 +1227 y(and)222 1358 y Fj(\017)24 b Fo(H)308 1365 y Fm(A)336 +1358 y Fo(.domain.dom)14 b Fj(!)i Fo(IP)746 1365 y Fm(H)772 +1371 y Fe(B)798 1358 y Fo(.)223 1490 y(As)21 b(NS)363 1497 +y Fm(B)412 1490 y Fo(cannot)g(simply)f(send)h(the)g(false)g(information)f(to) +i(NS)1455 1497 y Fm(A)1513 1490 y Fo(it)f(could)g(ask)h(NS)1856 +1497 y Fm(A)1906 1490 y Fo(to)149 1581 y(resolv)o(e)14 b(a)h(mapping)f(that)h +(only)f(NS)819 1588 y Fm(B)861 1581 y Fo(can)h(resolv)o(e.)k(NS)1191 +1588 y Fm(B)1232 1581 y Fo(w)o(ould)c(then)g(app)q(end)g(the)f(additional)149 +1671 y(incorrect)j(information)g(to)i(the)f(resp)q(onse)h(to)f(NS)1092 +1678 y Fm(A)1120 1671 y Fo('s)g(query)l(.)26 b(Doing)18 b(so,)h(NS)1611 +1678 y Fm(A)1639 1671 y Fo('s)f(cac)o(he)f(w)o(ould)149 1761 +y(b)q(e)h(p)q(oisoned)h(with)e(the)g(necessary)h(information)e(to)i(allo)o(w) +f(H)1326 1768 y Fm(B)1371 1761 y Fo(to)h(imp)q(ersonate)e(H)1745 +1768 y Fm(A)1791 1761 y Fo(and)i(log)149 1851 y(in)o(to)e(NS)312 +1858 y Fm(A)341 1851 y Fo(.)223 1942 y(W)l(e)i(call)g(this)h(the)g(\\Ask)g +(Me!")29 b(approac)o(h,)20 b(b)q(ecause)f(name)f(serv)o(er)g(NS)1596 +1949 y Fm(B)1642 1942 y Fo(implici)o(tly)d(tells)149 2032 y(name)21 +b(serv)o(er)f(NS)495 2039 y Fm(A)545 2032 y Fo(to)i(send)g(a)g(query)f(to)h +(NS)1043 2039 y Fm(B)1070 2032 y Fo(.)37 b(NS)1185 2039 y Fm(B)1234 +2032 y Fo(therefore)21 b(tells)f(NS)1616 2039 y Fm(A)1666 2032 +y Fo(to)i(ask)g(him)e(a)149 2122 y(question.)223 2213 y(W)l(e)15 +b(did)h(not)h(implem)o(e)o(n)o(t)c(this)j(attac)o(k.)21 b(Using)16 +b(the)f(standard)j(to)q(ol)e(\\nslo)q(okup,")i(NS)1833 2220 +y Fm(B)1876 2213 y Fo(can)149 2303 y(force)i(NS)335 2310 y +Fm(A)383 2303 y Fo(to)h(create)e(a)i(query)l(,)f(and)g(using)h(the)f(name)f +(serv)o(er)g(mo)q(di\014cations)g(describ)q(ed)h(in)149 2393 +y(3.5.6,)c(NS)343 2400 y Fm(B)386 2393 y Fo(can)g(app)q(end)h(the)f(t)o(w)o +(o)g(false)g(resource)f(records)h(to)h(the)f(additional)g(section)f(of)i(the) +149 2483 y(resp)q(onse)g(to)g(the)f(query)l(.)p eop +%%Page: 45 54 +53 bop 1901 -100 a Fo(45)149 75 y(3.5)50 b(Implem)o(e)o(n)o(tation)14 +b(and)j(Exp)q(erimen)o(ts)223 214 y(This)24 b(section)g(describ)q(es)f(our)i +(main)e(exp)q(erimen)o(t)e(step)j(b)o(y)f(step.)45 b(W)l(e)24 +b(start)h(with)f(the)149 305 y(description)12 b(of)g(the)f(setup)h(of)g(our)g +(test)g(zones)g(and)g(the)f(mac)o(hines)f(used.)20 b(W)l(e)12 +b(con)o(tin)o(ue)e(with)i(the)149 395 y(name)k(serv)o(er)f(and)i(resolv)o(er) +e(setups.)21 b(The)16 b(UNIX)f(concept)h(of)g(trusted)h(hosts)g(is)f +(fundamen)o(tal)149 485 y(in)j(exploiting)f(this)h(\015a)o(w.)30 +b(W)l(e)19 b(explain)f(this)h(particular)g(instance)f(of)i(the)e(T)l(rusted)i +(Net)o(w)o(ork)149 575 y(concept)h(follo)o(w)o(ed)g(b)o(y)g(the)g(authen)o +(tication)g(pro)q(cess)h(using)g(the)f(Berk)o(eley)e(\\r{commands.")149 +666 y(Then)j(w)o(e)e(describ)q(e)h(the)g(manipulation)f(in)g(the)h +(authoritativ)o(e)g(data)h(of)f(the)g(name)f(serv)o(er's)149 +756 y(rev)o(erse)14 b(lo)q(okup)i(tree.)k(W)l(e)15 b(also)h(describ)q(e)e +(the)h(\014nal)g(step,)g(the)g(cac)o(he)g(corruption,)g(in)g(the)f(case)149 +846 y(that)j(the)f(Berk)o(eley)e(patc)o(h)i(is)g(already)g(installed.)149 +1006 y(3.5.1)49 b(Domain)16 b(and)h(Zone)f(Setup)223 1129 y(The)i(setup)h(of) +g(our)h(exp)q(erimen)o(tal)15 b(\014eld)k(consisted)f(of)h(t)o(w)o(o)g(zones) +g(\(see)f(Figure)h(3.1\).)29 b(All)149 1219 y(mac)o(hines,)21 +b(the)h(attac)o(k)o(ed)f(mac)o(hine)f(NS)933 1226 y Fm(A)961 +1219 y Fo(,)j(the)f(imitated)d(mac)o(hine)h(H)1522 1226 y Fm(A)1550 +1219 y Fo(,)j(and)g(the)e(attac)o(k)o(er)149 1309 y(mac)o(hines)13 +b(NS)422 1316 y Fm(B)463 1309 y Fo(and)i(H)593 1316 y Fm(B)620 +1309 y Fo(,)f(w)o(ere)g(part)h(of)g(the)f(domain)g(sub.domain.dom.)19 +b(Ho)o(w)o(ev)o(er,)12 b(NS)1828 1316 y Fm(A)1871 1309 y Fo(and)149 +1400 y(H)186 1407 y Fm(A)231 1400 y Fo(con)o(tacted)k(another)g(name)g(serv)o +(er)f(\(NS)984 1407 y Fm(A)1013 1400 y Fo(\))h(than)h(NS)1226 +1407 y Fm(B)1269 1400 y Fo(and)g(H)1401 1407 y Fm(B)1444 1400 +y Fo(\(NS)1526 1407 y Fm(B)1553 1400 y Fo(\).)223 1490 y(In)g(realit)o(y)g +(the)h(attac)o(k)o(er)f(and)i(attac)o(k)o(ed)e(hosts)i(w)o(ould)f(not)h +(reside)e(in)h(the)g(same)f(domain,)149 1580 y(but)25 b(b)q(ecause)f(w)o(e)f +(are)h(solely)f(observing)h(the)g(Domain)f(Name)f(System)h(proto)q(col)h(b)q +(et)o(w)o(een)149 1671 y(name)15 b(serv)o(ers,)g(it)g(did)g(not)i(mak)o(e)d +(a)i(di\013erence)e(as)j(long)f(as)g(the)g(authoritativ)o(e)f(data)i(that)f +(had)149 1761 y(to)j(b)q(e)f(corrupted)h(remained)d(in)i(the)g(attac)o(king)g +(name)f(serv)o(er's)g(zone,)h(outside)g(the)g(attac)o(k)o(ed)149 +1851 y(mac)o(hine's)c(zone.)149 2011 y(3.5.2)49 b(Name)15 b(Serv)o(er)g(and)i +(Resolv)o(er)e(Setup)223 2134 y(Name)i(serv)o(er)h(NS)573 2141 +y Fm(A)621 2134 y Fo(w)o(as)h(set)g(up)h(to)f(con)o(tain)g(primary)f +(information)g(ab)q(out)i(the)f(domain)149 2224 y(domain.dom,)k(whereas)h +(name)e(serv)o(er)g(NS)992 2231 y Fm(B)1043 2224 y Fo(con)o(tained)h(primary) +f(information)g(ab)q(out)j(the)149 2314 y(domain)e(sub.domain.dom.)41 +b(The)24 b(resolv)o(ers)f(of)g(NS)1177 2321 y Fm(A)1229 2314 +y Fo(and)h(NS)1395 2321 y Fm(B)1446 2314 y Fo(w)o(ere)e(set)i(up)g(to)g(con)o +(tact)149 2404 y(the)19 b(name)f(serv)o(ers)h(running)g(on)h(the)f(lo)q(cal)g +(hosts)h(exclusiv)o(ely)l(.)27 b(This)19 b(k)o(ept)g(the)g(information)149 +2495 y(requests)d(on)h(con)o(trollable,)e(w)o(ell{kno)o(wn)g(paths.)p +eop +%%Page: 46 55 +54 bop 1901 -100 a Fo(46)149 75 y(3.5.3)49 b(T)l(rusting)17 +b(Hosts)223 197 y(In)f(Berk)o(eley)e(UNIX)h(and)i(deriv)m(ativ)o(es,)d +(system)i(administrators)g(and)h(users)g(ha)o(v)o(e)e(the)i(op-)149 +287 y(tion)i(to)g(trust)g(other)f(systems,)f(or)i(to)g(trust)g(certain)f +(user)g(accoun)o(ts)h(on)g(remote)e(systems)g(b)o(y)149 378 +y(pro)o(viding)11 b(a)h(\\remote)e(authen)o(tication")i(database.)21 +b(W)l(e)11 b(in)o(tro)q(duced)g(\\trust")h(in)g(section)f(3.3.2.)149 +468 y(The)20 b(\\/etc/hosts.equiv")g(\014le)f(applies)g(to)h(the)g(en)o(tire) +e(system,)g(while)h(individual)f(users)i(can)149 558 y(main)o(tain)15 +b(their)h(o)o(wn)g(\\.rhosts")i(\014les)d(in)h(their)g(home)f(directories.) +223 649 y(The)h(\014le)g(\\/etc/hosts.equiv")g(is)g(main)o(tainable)e(only)j +(b)o(y)e(the)h(sup)q(eruser.)22 b(It)16 b(can)h(con)o(tain)149 +739 y(host)j(names)f(from)f(whic)o(h)g(users)i(can)f(remotely)e(access)i(lo)q +(cal)g(accoun)o(ts)g(without)h(ha)o(ving)f(to)149 829 y(pro)o(vide)h(a)g +(passw)o(ord)i(for)e(authen)o(tication.)32 b(The)20 b(user)h(has)f(to)h(ha)o +(v)o(e)e(the)h(same)f(login)h(id)g(on)149 919 y(b)q(oth)g(mac)o(hines.)27 +b(Access)18 b(is)g(gran)o(ted)h(on)g(basis)h(of)f(the)f(login)h(name)e(and)j +(the)e(host)i(name)d(of)149 1010 y(the)f(connecting)g(mac)o(hine.)223 +1100 y(Eac)o(h)h(user)g(can)h(create)e(a)i(\014le)f(named)f(\\.rhosts")i(in)f +(his)g(home)g(directory)l(.)23 b(In)17 b(this)g(\014le)g(he)149 +1190 y(can)g(sp)q(ecify)f(trusted)g(users)h(on)g(other)g(mac)o(hines.)j(It)c +(is)g(also)i(p)q(ossible)e(to)h(force)f(remote)f(users)149 +1281 y(to)k(alw)o(a)o(ys)f(supply)g(a)h(passw)o(ord)g(when)g(using)f(the)g +(\\r{commands,")g(b)o(y)g(pre\014xing)g(en)o(tries)f(in)149 +1371 y(\\.rhosts")h(b)o(y)e(a)g(dash.)271 1515 y(These)d(\014les)g(b)o(ypass) +g(the)f(standard)i(passw)o(ord-based)h(user)e(authen)o(tication)g(mec)o(h-) +271 1605 y(anism.)25 b(T)l(o)19 b(main)o(tain)d(system)g(securit)o(y)l(,)h +(care)g(m)o(ust)g(b)q(e)g(tak)o(en)h(in)f(creating)h(and)271 +1696 y(main)o(taining)d(these)h(\014les.)21 b([Sun91,)16 b(HOSTS.EQUIV\(5\)]) +223 1840 y(These)22 b(features)g(ha)o(v)o(e)f(caused)i(man)o(y)d(securit)o(y) +h(breac)o(hes)h(in)g(the)g(past,)i(but)e(still)f(most)149 1930 +y(system)13 b(administrators)h(do)g(not)h(disable)e(them.)19 +b(T)l(rust)c(in)e(net)o(w)o(orks)h(is)g(a)g(transitiv)o(e)f(relation,)149 +2021 y(in)19 b(the)g(sense)g(that)h(if)f(A)f(trusts)i(B,)e(and)i(B)f(trusts)g +(C,)g(then)g(A)g(trusts)h(C.)f(This)g(relationship)149 2111 +y(can)j(do)h(great)f(harm.)37 b(Once)21 b(an)i(in)o(truder)d(has)j +(successfully)d(sub)o(v)o(erted)h(one)h(mac)o(hine,)f(he)149 +2201 y(can)15 b(hop)g(to)g(other)g(mac)o(hines,)e(exploiting)g(trust.)21 +b(Examining)13 b(the)i(trade{o\013)h(b)q(et)o(w)o(een)d(con)o(v)o(e-)149 +2291 y(nience)i(and)i(p)q(ossibly)f(unauthorized)g(access,)f(most)h(system)e +(administrators)h(decide)g(in)h(fa)o(v)o(or)149 2382 y(of)h(con)o(v)o +(enience.)223 2472 y(In)g(our)h(setup,)g(host)h(NS)690 2479 +y Fm(A)737 2472 y Fo(trusts)f(host)h(H)1022 2479 y Fm(A)1067 +2472 y Fo(via)f(the)f(\014le)h(\\/etc/hosts.equiv")g(con)o(taining)149 +2562 y(host)f(H)292 2569 y Fm(A)320 2562 y Fo('s)g(host)f(name.)p +eop +%%Page: 47 56 +55 bop 1901 -100 a Fo(47)149 75 y(3.5.4)49 b(Authen)o(tication)15 +b(in)h(Berk)o(eley)e(\\r{Commands")223 197 y(The)20 b(main)g(t)o(w)o(o)h +(\\r{command")f(applications)g(w)o(e)h(deal)f(with)h(are)g(\\rlogin")g(and)h +(\\rsh,")149 287 y(b)q(oth)i(of)f(whic)o(h)f(consist)g(of)h(a)g(clien)o(t)e +(and)i(a)g(serv)o(er)f(side.)39 b([Ste90,)24 b(Chapter)f(14])g(giv)o(es)f(an) +149 378 y(o)o(v)o(erview)c(of)h(remote)f(command)f(execution)h(under)h(UNIX)f +(and)i([Ste90,)f(Chapter)h(15])f(giv)o(es)149 468 y(man)o(y)c(details)h(ab)q +(out)h(the)f(remote)f(login)h(pro)q(cedure.)223 558 y(Examining)f(the)h +(source)h(co)q(de)f(for)h(the)f(clien)o(t)f(\\rlogin")i(and)h(the)e(serv)o +(er)f(\\rlogind")j(yields)149 649 y(the)e(follo)o(wing)g(securit)o(y)f(c)o +(hec)o(k)g(pro)q(cedure:)209 793 y(1.)24 b(Chec)o(k)16 b(if)f(the)h(clien)o +(t)f(uses)h(a)h(reserv)o(ed)e(TCP)i(p)q(ort.)22 b(Ab)q(ort)16 +b(if)g(not.)209 925 y(2.)24 b(Chec)o(k)13 b(for)g(a)h(passw)o(ord)g(\014le)f +(en)o(try)f(on)i(the)f(serv)o(er)f(for)i(the)f(sp)q(eci\014ed)f(serv)o +(er{user{name.)271 1015 y(Ab)q(ort)17 b(if)f(not.)209 1147 +y(3.)24 b(If)16 b(not)h(ro)q(ot)g(login:)k(Chec)o(k)16 b(the)g +(\\/etc/hosts.equiv")g(\014le)g(for)g(the)g(clien)o(t's)e(system.)209 +1279 y(4.)24 b(If)15 b(not)h(ro)q(ot)h(login:)k(Chec)o(k)14 +b(the)h(\\.rhosts")i(\014le)e(in)g(the)g(home)f(directory)h(of)h(serv)o +(er{user{)271 1369 y(name)f(for)i(the)f(clien)o(t's)e(system.)209 +1501 y(5.)24 b(If)16 b(ro)q(ot)h(login:)22 b(Chec)o(k)15 b(the)h(\\/.rhosts") +i(\014le)d(for)i(the)f(clien)o(t's)e(system.)209 1632 y(6.)24 +b(Prompt)16 b(user)g(for)h(his)f(passw)o(ord)h(if)f(none)h(of)f(the)g(tests)g +(3-5)i(passed.)223 1777 y(It)23 b(ma)o(y)f(seem)g(that)i(a)g(system)f(is)g(m) +o(uc)o(h)f(safer)i(if)f(only)g(\\.rhosts")i(\014les)e(exist)g(with)h(no)149 +1867 y(\\/etc/hosts.equiv")d(\014le,)e(b)q(ecause)h(\\.rhosts")i(\014les)d +(create)g(the)h(additional)g(constrain)o(t)g(that)149 1957 +y(user)g(login)f(names)f(ha)o(v)o(e)h(to)g(matc)o(h:)26 b(the)19 +b(user)g(name)g(on)g(the)g(attac)o(king)g(host)h(and)g(the)f(one)149 +2048 y(on)k(the)e(attac)o(k)o(ed)g(host.)38 b(That)22 b(is)g(not)g(the)f +(case.)37 b(In)22 b(Section)f(3.6.1)h(w)o(e)f(will)f(discuss)i(ho)o(w)149 +2138 y(to)16 b(acquire)f(information)g(ab)q(out)h(whic)o(h)f(host)i(name)d +(and)i(whic)o(h)f(user)h(name)e(to)i(imp)q(ersonate.)149 2228 +y(Once)d(w)o(e)g(ha)o(v)o(e)f(that)i(information,)e(it)h(mak)o(es)e(no)j +(di\013erence)e(at)i(all.)19 b(In)13 b(the)g(\\rlogin")h(proto)q(col,)149 +2318 y(the)f(clien)o(t)f(connects)g(to)i(p)q(ort)g(IPPOR)l(T)p +906 2318 15 2 v 17 w(LOGINSER)-5 b(VER)1278 2300 y Fm(2)1310 +2318 y Fo(of)14 b(the)f(remote)e(host)j(and)g(sends)f(a)149 +2409 y(pac)o(k)o(et)f(consisting)g(of)h Fn(<)p Fo(lo)q(cal{user{name)p +Fn(>)p Fo(,)f Fn(<)p Fo(remote{user{name)p Fn(>)p Fo(,)e(and)j +Fn(<)p Fo(command)p Fn(>)d Fo(to)149 2499 y(the)j(serv)o(er.)20 +b(Because)12 b(the)h(clien)o(t)e(is)i(under)h(full)e(con)o(trol)h(of)g(the)g +(attac)o(k)o(er,)g(it)g(is)g(not)g(di\016cult)f(for)p 149 2543 +720 2 v 206 2573 a Fl(2)224 2588 y Fk(in)i(\\netinet/in.h")f(curren)o(tly)i +(sp)q(eci\014ed)g(as)f(TCP)g(p)q(ort)g(513)p eop +%%Page: 48 57 +56 bop 1901 -100 a Fo(48)149 75 y(the)12 b(attac)o(k)o(er)e(to)i(mo)q(dify)f +(the)g(\\rlogin")h(co)q(de,)h(suc)o(h)e(that)h(lo)q(cal{user{name)f(and)h +(remote{user{)149 165 y(name)17 b(con)o(tain)h(the)g(appropriate)h(v)m +(alues.)26 b(The)18 b(attac)o(k)o(er)f(can)i(then)f(recompile)d(the)j +(\\rlogin")149 255 y(co)q(de)f(and)g(use)f(the)g(mo)q(di\014ed)f(v)o(ersion)h +(instead)g(of)h(the)f(original)g(one.)149 415 y(3.5.5)49 b(Rev)o(erse)15 +b(Lo)q(okup)j(T)l(ree)e(Manipulation)223 538 y(Because)f(the)h(attac)o(k)o +(er)f(con)o(trols)h(the)g(primary)e(domain)h(sub.domain.dom,)f(he)h(can)i(mo) +q(d-)149 628 y(ify)i(the)f(data)i(of)f(the)g(rev)o(erse)e(lo)q(okup)j(tree)e +(of)i(his)e(domain.)29 b(In)18 b(the)h(\\rlogin")h(proto)q(col,)g(the)149 +718 y(serv)o(er)d(retriev)o(es)f(the)i(IP)g(address)h(of)f(the)g(connecting)f +(site)h(with)g(the)f(system)g(call)g(\\getp)q(eer-)149 809 +y(name\(\)".)25 b(The)18 b(serv)o(er)f(then)g(maps)g(the)h(IP)f(address)i(in) +o(to)e(the)h(host)g(name)f(with)g(the)h(system)149 899 y(call)f(\\gethostb)o +(y)o(addr\(\)".)27 b(In)18 b(Section)f(2.5)h(w)o(e)f(explained)g(that)h(the)g +(IP)f(address)i(111.22.33.4)149 989 y(gets)g(con)o(v)o(erted)f(in)o(to)g(the) +g(name)g(4.33.22.111.in-addr.arpa,)j(whic)o(h)d(is)g(then)h(queried)e(in)i +(the)149 1079 y(rev)o(erse)e(lo)q(okup)i(tree)e(via)g(the)h(Domain)f(Name)g +(System)f(proto)q(col.)27 b(In)18 b(an)g(unimpaired)e(state)149 +1170 y(of)j(the)g(database,)h(the)e(lo)q(okup)h(returns)g(the)f(name)f(of)i +(the)g(attac)o(k)o(er)e(H)1523 1177 y Fm(B)1550 1170 y Fo(.)28 +b(But)18 b(if)g(one)h(single)149 1260 y(record)d(in)g(the)g(rev)o(erse)f(lo)q +(okup)i(tree)f(is)g(c)o(hanged)g(from)284 1350 y(4.33.22.111.in-addr.arpa)153 +b(IN)c(PTR)i(H)1443 1357 y Fm(B)1470 1350 y Fo(.sub.domain.dom)149 +1441 y(to)284 1531 y(4.33.22.111.in-addr.arpa)i(IN)c(PTR)i(H)1443 +1538 y Fm(A)1471 1531 y Fo(.sub.domain.dom)149 1621 y(the)16 +b(query)g(yields)f(the)h(name)f(of)i(H)813 1628 y Fm(A)857 +1621 y Fo(after)f(the)g(zones)g(are)h(reloaded)f(in)o(to)g(the)g(name)f(serv) +o(er.)149 1781 y(3.5.6)49 b(Cac)o(he)16 b(Corruption)223 1904 +y(Section)21 b(3.1)i(already)f(men)o(tioned)f(the)h(Berk)o(eley)d(soft)o(w)o +(are)k(patc)o(h)f(that)h(adds)g(a)g(higher)149 1994 y(degree)d(of)g(securit)o +(y)f(to)h(the)g(remote)e(login)j(pro)q(cedure.)32 b(The)20 +b(patc)o(h)g(w)o(orks)g(as)h(follo)o(ws:)29 b(the)149 2084 +y(system)22 b(call)g(\\gethostb)o(y)o(addr\(\)")i(in)f(\\rlogind")g(and)h +(\\rshd")g(is)f(implem)o(e)o(n)o(ted)d(b)o(y)i(a)i(DNS)149 +2174 y(request)16 b(for)h(a)g(PTR)g(record.)23 b(The)16 b(serv)o(er)g(that)h +(supplies)f(the)g(PTR)h(record)g(is)f(under)h(con)o(trol)149 +2265 y(of)f(the)g(attac)o(k)o(er)f(and)h(can)g(return)g(a)g(falsi\014ed)f +(record.)21 b(The)16 b(system)e(call)h(\\gethostb)o(yname\(\)")149 +2355 y(requests)i(A)g(records)g(from)f(the)h(name,)e(serv)o(er)h(whic)o(h)g +(is)h(not)h(con)o(trolled)e(b)o(y)g(the)h(attac)o(k)o(er.)23 +b(If)149 2445 y(the)e(comparison)e(of)i(the)f(retriev)o(ed)e(IP)j(addresses)g +(and)g(the)f(original)g(IP)g(address)h(fails,)g(the)149 2536 +y(patc)o(h)d(has)h(succeeded)d(in)i(detecting)f(an)h(attempted)e(imp)q +(ersonation.)26 b(Figure)17 b(3.2)h(sho)o(ws)h(an)149 2626 +y(o)o(v)o(erview)c(of)i(the)f(algorithm)f(used)h(in)g(the)g(patc)o(h.)p +eop +%%Page: 49 58 +57 bop 1901 -100 a Fo(49)449 754 y @beginspecial 0 @llx 0 @lly +288 @urx 148 @ury 2880 @rwi @setspecial +%%BeginDocument: pictures/patch_alg.ps +/$F2psDict 200 dict def +$F2psDict begin +$F2psDict /mtrx matrix put +/l {lineto} bind def +/m {moveto} bind def +/s {stroke} bind def +/n {newpath} bind def +/gs {gsave} bind def +/gr {grestore} bind def +/clp {closepath} bind def +/graycol {dup dup currentrgbcolor 4 -2 roll mul 4 -2 roll mul +4 -2 roll mul setrgbcolor} bind def +/col-1 {} def +/col0 {0 0 0 setrgbcolor} bind def +/col1 {0 0 1 setrgbcolor} bind def +/col2 {0 1 0 setrgbcolor} bind def +/col3 {0 1 1 setrgbcolor} bind def +/col4 {1 0 0 setrgbcolor} bind def +/col5 {1 0 1 setrgbcolor} bind def +/col6 {1 1 0 setrgbcolor} bind def +/col7 {1 1 1 setrgbcolor} bind def + end +/$F2psBegin {$F2psDict begin /$F2psEnteredState save def} def +/$F2psEnd {$F2psEnteredState restore end} def + +$F2psBegin +0 setlinecap 0 setlinejoin +0.0 148.0 translate 0.900 -0.900 scale +0.500 setlinewidth +n -1 19 m -1 19 l 319 19 l gs col-1 s gr +n -1 39 m 319 39 l gs col-1 s gr +n 19 59 m 319 59 l gs col-1 s gr +n 19 59 m 169 89 l 319 59 l gs col-1 s gr +n 19 89 m 319 89 l gs col-1 s gr +n -1 109 m 319 109 l gs col-1 s gr +n 169 89 m 169 109 l gs col-1 s gr +n 19 59 m 19 109 l gs col-1 s gr +n -1 109 m 159 139 l 319 109 l gs col-1 s gr +n -1 139 m 319 139 l gs col-1 s gr +n -1 -1 m -1 164 l 319 164 l 319 -1 l -1 -1 l gs col-1 s gr +n -1 159 m 319 159 l gs col-1 s gr +n 159 139 m 159 159 l gs col-1 s gr +/Times-Roman findfont 12.00 scalefont setfont +4 14 m +gs 1 -1 scale (call gethostbyaddr\(\) with IP addr, get host name) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +4 34 m +gs 1 -1 scale (call gethostbyname\(\) with host name, get list of IP addresses) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +4 54 m +gs 1 -1 scale (for each A of these IP addresses do) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +129 74 m +gs 1 -1 scale (if \(IP addr == A\)) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +24 104 m +gs 1 -1 scale (then host ok. and break) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +84 124 m +gs 1 -1 scale (if \(no A has matched IP addr\)) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +4 154 m +gs 1 -1 scale (syslog impersonation attempt) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +29 79 m +gs 1 -1 scale (Y) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +299 79 m +gs 1 -1 scale (N) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +9 129 m +gs 1 -1 scale (Y) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +299 129 m +gs 1 -1 scale (N) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +234 154 m +gs 1 -1 scale (. /.) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +239 104 m +gs 1 -1 scale (. /.) col-1 show gr +$F2psEnd +%%EndDocument + @endspecial 580 999 a(Figure)16 b(3.2)33 b(Algorithm)14 b(of)j(the)f(Berk)o +(eley)d(patc)o(h)223 1183 y(In)h(the)h(case)f(that)i(the)e(attac)o(k)o(ed)g +(site)g(has)i(the)e(patc)o(h)h(in)f(place,)g(the)h(attac)o(k)o(er)f(has)h(to) +g(use)g(a)149 1273 y(more)d(sophisticated)h(approac)o(h)g(to)g(succeed)f +(with)h(his)f(in)o(trusion)h(attempt.)19 b(The)12 b(second)h(query)149 +1363 y(go)q(es)21 b(to)f(the)g(lo)q(cal)f(mac)o(hine's)e(name)i(serv)o(er)f +(\014rst.)32 b(This)20 b(name)e(serv)o(er)h(has)h(a)g(cac)o(he)f(whic)o(h)149 +1454 y(can)h(b)q(e)f(p)q(oisoned)h(b)o(y)e(the)h(attac)o(k)o(er)f(b)o(y)g +(adding)i(a)f(false)g(\\A")g(record)g(to)h(the)e(DNS)h(message)149 +1544 y(con)o(taining)14 b(the)f(PTR)h(record.)20 b(This)14 +b(additional)g(\\A")g(record)f(mak)o(es)f(the)h(remote)f(site)h(b)q(eliev)o +(e)149 1634 y(the)j(rev)o(erse)f(lo)q(okup)i(w)o(as)g(correct.)223 +1724 y(In)j(our)h(setup,)g(w)o(e)f(mo)q(di\014ed)g(the)g(name)f(serv)o(er)h +(co)q(de)g(of)h(the)g(attac)o(king)f(mac)o(hine.)32 b(W)l(e)149 +1815 y(added)22 b(statemen)o(ts)d(to)i(determine)e(when)i(the)f(rev)o(erse)g +(lo)q(okup)h(query)f(for)h(the)g(mapping)f(of)149 1905 y +(4.33.22.111.in-addr.arpa)26 b(w)o(as)e(issued.)43 b(T)l(o)24 +b(the)f(resp)q(onse)i(to)e(that)h(query)f(w)o(e)g(added)h(an)149 +1995 y(additional)c(record)f(pro)o(viding)g(a)g(fak)o(ed)g(forw)o(ard)h +(mapping)e(from)g(111.22.33.4)j(to)f(H)1788 2002 y Fm(A)1835 +1995 y Fo({)g(not)149 2086 y(H)186 2093 y Fm(B)213 2086 y Fo(.)38 +b(Figure)21 b(3.3)h(sho)o(ws)h(the)e(con)o(ten)o(ts)h(of)g(the)f(additional)h +(record.)38 b(It)21 b(w)o(as)h(imp)q(ortan)o(t)f(to)149 2176 +y(piggybac)o(k)12 b(the)g(unrequested)g(record)g(on)h(an)f(otherwise)g(v)m +(alid)g(pac)o(k)o(et,)f(b)q(ecause)i(a)g(name)e(serv)o(er)149 +2266 y(examines)i(receiv)o(ed)g(pac)o(k)o(ets)h(for)h(their)f(id)g(n)o(um)o +(b)q(er)f(and)j(other)e(criteria)g(b)q(efore)h(it)f(accepts)h(the)149 +2356 y(pac)o(k)o(ets)h(at)i(all)e(\(w)o(e)g(will)g(examine)e(these)j +(criteria)e(in)i(Section)f(4.1.)23 b(F)l(or)17 b(no)o(w)h(it)e(is)h(enough)g +(to)149 2447 y(kno)o(w)d(that)h(although)g(a)f(name)f(serv)o(er)f(do)q(es)j +(not)f(blindly)f(accept)g(an)o(ything,)h(it)g(is)f(nev)o(ertheless)149 +2537 y(easy)j(to)g(fo)q(ol\).)21 b(T)l(o)c(camou\015age)e(the)g(attac)o(k,)g +(w)o(e)g(supplied)g(a)h(short)g(time)e(to)i(liv)o(e)d(v)m(alue)j(in)f(the)149 +2627 y(resource)f(record.)21 b(Ho)o(w)o(ev)o(er,)12 b(the)i(BIND)f(co)q(de)h +(con)o(tains)g(a)h(hard{co)q(ded)g(constan)o(t)f(that)h(limits)p +eop +%%Page: 50 59 +58 bop 1901 -100 a Fo(50)562 1054 y @beginspecial 0 @llx 0 +@lly 239 @urx 229 @ury 2390 @rwi @setspecial +%%BeginDocument: pictures/add_rec_high.ps +/$F2psDict 200 dict def +$F2psDict begin +$F2psDict /mtrx matrix put +/l {lineto} bind def +/m {moveto} bind def +/s {stroke} bind def +/n {newpath} bind def +/gs {gsave} bind def +/gr {grestore} bind def +/clp {closepath} bind def +/graycol {dup dup currentrgbcolor 4 -2 roll mul 4 -2 roll mul +4 -2 roll mul setrgbcolor} bind def +/col-1 {} def +/col0 {0 0 0 setrgbcolor} bind def +/col1 {0 0 1 setrgbcolor} bind def +/col2 {0 1 0 setrgbcolor} bind def +/col3 {0 1 1 setrgbcolor} bind def +/col4 {1 0 0 setrgbcolor} bind def +/col5 {1 0 1 setrgbcolor} bind def +/col6 {1 1 0 setrgbcolor} bind def +/col7 {1 1 1 setrgbcolor} bind def + end +/$F2psBegin {$F2psDict begin /$F2psEnteredState save def} def +/$F2psEnd {$F2psEnteredState restore end} def + +$F2psBegin +0 setlinecap 0 setlinejoin +-4.0 234.0 translate 0.900 -0.900 scale +1.000 setlinewidth + 1 setlinecap [1 4.500000] 4.500000 setdash +n 89 104 m 124 104 l gs col-1 s gr + [] 0 setdash 0 setlinecap + 1 setlinecap [1 4.500000] 4.500000 setdash +n 89 84 m 124 84 l gs col-1 s gr + [] 0 setdash 0 setlinecap + 1 setlinecap [1 4.500000] 4.500000 setdash +n 89 64 m 124 64 l gs col-1 s gr + [] 0 setdash 0 setlinecap + 1 setlinecap [1 4.500000] 4.500000 setdash +n 89 44 m 124 44 l gs col-1 s gr + [] 0 setdash 0 setlinecap + 1 setlinecap [1 4.500000] 4.500000 setdash +n 89 124 m 124 124 l gs col-1 s gr + [] 0 setdash 0 setlinecap +n 84 114 m 204 114 l gs col-1 s gr +n 84 74 m 204 74 l gs col-1 s gr +n 84 54 m 204 54 l gs col-1 s gr +n 84 94 m 204 94 l gs col-1 s gr + [6.000000] 0 setdash +n 84 134 m 204 134 l gs col-1 s gr + [] 0 setdash +0.500 setlinewidth + [4.000000] 0 setdash +n 84 174 m 204 174 l gs col-1 s gr + [] 0 setdash + [4.000000] 0 setdash +n 84 194 m 204 194 l gs col-1 s gr + [] 0 setdash + [4.000000] 0 setdash +n 84 214 m 204 214 l gs col-1 s gr + [] 0 setdash + [4.000000] 0 setdash +n 84 234 m 204 234 l gs col-1 s gr + [] 0 setdash +1.000 setlinewidth +n 91 34 m 84 34 84 247 7 arcto 4 {pop} repeat 84 254 197 254 7 arcto 4 {pop} repeat 204 254 204 41 7 arcto 4 {pop} repeat 204 34 91 34 7 arcto 4 {pop} repeat clp gs col-1 s gr +n 86 29 m 79 29 79 252 7 arcto 4 {pop} repeat 79 259 202 259 7 arcto 4 {pop} repeat 209 259 209 36 7 arcto 4 {pop} repeat 209 29 86 29 7 arcto 4 {pop} repeat clp gs col-1 s gr +0.500 setlinewidth + [4.000000] 0 setdash +n 84 154 m 204 154 l gs col-1 s gr + [] 0 setdash +/Courier-Bold findfont 12.00 scalefont setfont +4 89 m +gs 1 -1 scale (ANSWER) col-1 show gr +/Courier-Bold findfont 12.00 scalefont setfont +4 49 m +gs 1 -1 scale (HEADER) col-1 show gr +/Courier-Bold findfont 12.00 scalefont setfont +4 69 m +gs 1 -1 scale (QUESTION) col-1 show gr +/Courier-Bold findfont 12.00 scalefont setfont +4 109 m +gs 1 -1 scale (AUTHORITY) col-1 show gr +/Courier-Bold findfont 12.00 scalefont setfont +4 129 m +gs 1 -1 scale (ADDITIONAL) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +4 14 m +gs 1 -1 scale (Sections) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +84 14 m +gs 1 -1 scale (Packet contents) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +204 14 m +gs 1 -1 scale (Fields) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +89 189 m +gs 1 -1 scale (IN = Internet) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +89 209 m +gs 1 -1 scale (5 seconds) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +89 229 m +gs 1 -1 scale (4 Bytes) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +89 249 m +gs 1 -1 scale (111.22.33.4) col-1 show gr +/Courier-Bold findfont 12.00 scalefont setfont +214 149 m +gs 1 -1 scale (NAME) col-1 show gr +/Courier-Bold findfont 12.00 scalefont setfont +214 169 m +gs 1 -1 scale (TYPE) col-1 show gr +/Courier-Bold findfont 12.00 scalefont setfont +214 189 m +gs 1 -1 scale (CLASS) col-1 show gr +/Courier-Bold findfont 12.00 scalefont setfont +214 209 m +gs 1 -1 scale (TTL) col-1 show gr +/Courier-Bold findfont 12.00 scalefont setfont +214 229 m +gs 1 -1 scale (RDLENGTH) col-1 show gr +/Courier-Bold findfont 12.00 scalefont setfont +214 249 m +gs 1 -1 scale (RDATA) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +89 149 m +gs 1 -1 scale (H sub.domain.edu) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +89 169 m +gs 1 -1 scale (A = address record) col-1 show gr +/Times-Roman findfont 8.00 scalefont setfont +99 154 m +gs 1 -1 scale (A) col-1 show gr +$F2psEnd +%%EndDocument + @endspecial 588 1299 a(Figure)15 b(3.3)33 b(Additional)16 +b(false)g(resource)g(record)149 1483 y(the)21 b(minim)n(um)c(time)i(to)j(liv) +o(e)d(v)m(alue)i(to)g(\\min)p 1041 1483 15 2 v 16 w(cac)o(he)p +1173 1483 V 17 w(ttl")1263 1465 y Fm(3)1283 1483 y Fo(.)36 +b(In)20 b(case)h(the)g(remote)f(site)g(NS)1921 1490 y Fm(A)149 +1573 y Fo(con)o(tacts)e(the)g(attac)o(king)f(name)g(serv)o(er)g(NS)981 +1580 y Fm(B)1026 1573 y Fo(again)i(within)e(these)h(\014v)o(e)e(min)o(utes,)g +(NS)1791 1580 y Fm(B)1836 1573 y Fo(could)149 1663 y(o)o(v)o(erwrite)f(the)h +(fak)o(ed)g(records)g(b)o(y)g(supplying)g(new)g(ones)h(with)f(the)g(correct)g +(information.)223 1754 y(W)l(e)g(included)g(the)h(feature)g(that)g(the)g +(name)f(serv)o(er)g(can)h(understand)h(an)f(additional)g(user)149 +1844 y(issued)f(signal.)22 b(Using)15 b(this)h(toggle)g(signal,)g(the)g +(attac)o(k)o(er)f(can)h(switc)o(h)f(on)i(the)e(malicious)f(co)q(de)149 +1934 y(b)q(efore)h(the)g(attac)o(k)g(starts,)g(and)h(switc)o(h)e(o\013)i(the) +f(distribution)f(of)h(the)g(malicious)e(records)i(righ)o(t)149 +2024 y(after)22 b(access)f(w)o(as)g(gran)o(ted)h(b)o(y)f(the)g(attac)o(k)o +(ed)f(site.)36 b(This)21 b(ensures)g(a)h(directed)e(attac)o(k)h(and)149 +2115 y(minim)o(um)12 b(p)q(ossible)k(un)o(w)o(an)o(ted)g(auditing.)149 +2280 y(3.6)50 b(Exp)q(eriences)15 b(Gained)223 2420 y(This)k(section)h +(states)g(the)g(pieces)e(of)i(information)f(necessary)h(to)g(launc)o(h)f(an)h +(attac)o(k)g(and)149 2510 y(describ)q(es)c(the)g(exp)q(eriences)f(gained)h +(while)g(w)o(orking)g(with)g(the)g(test)g(en)o(vironmen)o(t.)p +149 2554 720 2 v 206 2584 a Fl(3)224 2599 y Fk(in)e(BIND)g(v)o(ersion)g +(4.8.3)e(\(5*60\))h(seconds)i(=)f(\014v)o(e)h(min)o(utes)p +eop +%%Page: 51 60 +59 bop 1901 -100 a Fo(51)262 1129 y @beginspecial 0 @llx 0 +@lly 378 @urx 256 @ury 3780 @rwi @setspecial +%%BeginDocument: pictures/ns_req_mod.ps +/$F2psDict 200 dict def +$F2psDict begin +$F2psDict /mtrx matrix put +/l {lineto} bind def +/m {moveto} bind def +/s {stroke} bind def +/n {newpath} bind def +/gs {gsave} bind def +/gr {grestore} bind def +/clp {closepath} bind def +/graycol {dup dup currentrgbcolor 4 -2 roll mul 4 -2 roll mul +4 -2 roll mul setrgbcolor} bind def +/col-1 {} def +/col0 {0 0 0 setrgbcolor} bind def +/col1 {0 0 1 setrgbcolor} bind def +/col2 {0 1 0 setrgbcolor} bind def +/col3 {0 1 1 setrgbcolor} bind def +/col4 {1 0 0 setrgbcolor} bind def +/col5 {1 0 1 setrgbcolor} bind def +/col6 {1 1 0 setrgbcolor} bind def +/col7 {1 1 1 setrgbcolor} bind def + end +/$F2psBegin {$F2psDict begin /$F2psEnteredState save def} def +/$F2psEnd {$F2psEnteredState restore end} def + +$F2psBegin +0 setlinecap 0 setlinejoin +0.0 256.0 translate 0.900 -0.900 scale +0.500 setlinewidth +n 19 79 m 219 109 l 419 79 l gs col-1 s gr +n -1 59 m 419 59 l gs col-1 s gr +n -1 39 m 419 39 l gs col-1 s gr +n -1 19 m 419 19 l gs col-1 s gr +n 419 109 m 19 109 l gs col-1 s gr +n 419 79 m 19 79 l gs col-1 s gr +n 19 79 m 19 149 l gs col-1 s gr +n 419 129 m 19 129 l gs col-1 s gr +n -1 169 m 209 199 l 419 169 l gs col-1 s gr +n -1 149 m 419 149 l gs col-1 s gr +n -1 199 m 419 199 l gs col-1 s gr +n -1 239 m 419 239 l gs col-1 s gr +n -1 259 m 419 259 l gs col-1 s gr +n -1 279 m 419 279 l gs col-1 s gr +n -1 169 m 419 169 l gs col-1 s gr +n 419 284 m 419 -1 l -1 -1 l -1 284 l clp gs col-1 s gr +n 209 199 m 209 239 l gs col-1 s gr +n -1 219 m 209 219 l gs col-1 s gr +n 219 109 m 219 129 l gs col-1 s gr +/Times-Roman findfont 12.00 scalefont setfont +4 74 m +gs 1 -1 scale (case QUERY:) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +129 94 m +gs 1 -1 scale (if query is 4.33.22.111.in-addr.arpa) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +24 144 m +gs 1 -1 scale (...) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +4 164 m +gs 1 -1 scale (...) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +4 214 m +gs 1 -1 scale (add bogus record to additional section) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +4 234 m +gs 1 -1 scale (increase HEADER.ARCOUNT) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +4 254 m +gs 1 -1 scale (send packet to socket) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +4 34 m +gs 1 -1 scale ({ ...) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +4 274 m +gs 1 -1 scale (... }) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +4 14 m +gs 1 -1 scale (... ns_req\(...\)) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +29 99 m +gs 1 -1 scale (Y) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +399 99 m +gs 1 -1 scale (N) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +9 189 m +gs 1 -1 scale (Y) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +399 189 m +gs 1 -1 scale (N) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +224 124 m +gs 1 -1 scale (. /.) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +214 234 m +gs 1 -1 scale (. /.) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +4 54 m +gs 1 -1 scale (declare flag Eureka = false) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +24 124 m +gs 1 -1 scale (set flag Eureka = true) col-1 show gr +/Times-Roman findfont 12.00 scalefont setfont +164 184 m +gs 1 -1 scale (if \(Eureka == true\)) col-1 show gr +$F2psEnd +%%EndDocument + @endspecial 561 1374 a(Figure)16 b(3.4)33 b(Mo)q(di\014cations)16 +b(in)g(name)f(serv)o(er)h(co)q(de)149 1558 y(3.6.1)49 b(Acquiring)15 +b(Information)223 1680 y(An)20 b(attac)o(k)o(er)g(needs)h(to)g(ha)o(v)o(e)f +(three)g(pieces)g(of)h(information)f(b)q(efore)h(he)g(can)g(launc)o(h)f(an) +149 1770 y(attac)o(k:)222 1902 y Fj(\017)k Fo(target)17 b(host)g(name)e(NS) +715 1909 y Fm(A)222 2034 y Fj(\017)24 b Fo(user)17 b(name\(s\))e(on)i(hosts)g +(NS)818 2041 y Fm(A)863 2034 y Fo(and)g(H)995 2041 y Fm(A)1039 +2034 y Fo(to)g(imp)q(ersonate)222 2166 y Fj(\017)24 b Fo(host)17 +b(name)e(H)544 2173 y Fm(A)589 2166 y Fo(trusted)h(b)o(y)g(target)g(host)223 +2298 y(In)d(some)f(en)o(vironmen)o(ts,)f(the)i(lo)q(cal)g(and)h(remote)e +(login)h(names)g(for)g(one)h(user)f(are)h(iden)o(tical.)149 +2388 y(A)h(user)g(has)g(the)g(p)q(ossibilit)o(y)f(to)h(sp)q(ecify)f(other)h +(user)g(names)f(as)i(trusted)f(users)g(of)g(his)g(accoun)o(t.)149 +2478 y(In)h(that)h(case,)f(the)g(login)g(names)f(are)i(most)e(lik)o(ely)f +(di\013eren)o(t.)p eop +%%Page: 52 61 +60 bop 1901 -100 a Fo(52)223 75 y(In)12 b(our)h(setup,)g(w)o(e)f(w)o(ere)f +(not)i(in)f(need)h(of)f(acquiring)g(host)h(name)f(pairs)h(and)g(the)f +(appropriate)149 165 y(login)17 b(names.)23 b(Section)16 b(4.7)h(pro)o(vides) +f(metho)q(ds)h(to)g(obtain)g(this)g(information,)f(follo)o(w)o(ed)g(b)o(y)g +(a)149 255 y(discussion.)149 415 y(3.6.2)49 b(Complexit)o(y)14 +b(of)j(Mo)q(di\014cations)223 538 y(Most)d(of)g(the)g(w)o(ork)f(that)i(w)o +(as)f(done)g(during)g(the)g(exp)q(erimen)o(ts)d(w)o(en)o(t)i(in)o(to)h(the)g +(setup)g(of)g(the)149 628 y(zones)h(for)g(the)f(name)g(serv)o(ers,)g(the)g +(source)h(co)q(de)f(mo)q(di\014cations)h(of)g(the)f(remote)f(login)h(and)i +(the)149 718 y(name)i(serv)o(er,)g(and)h(some)f(shell)g(scripts)h(to)g +(automatize)f(the)g(break{in.)29 b(The)19 b(mo)q(di\014cations)149 +809 y(to)i(facilitate)e(a)i(break{in)f(are)h(minim)o(al)c(in)j(the)g(simpler) +f(case)h(that)h(the)f(Berk)o(eley)d(patc)o(h)k(is)149 899 y(not)f(installed.) +29 b(Only)18 b(one)i(record)f(in)f(the)h(database)i(for)e(the)g(rev)o(erse)e +(lo)q(okup)j(tree)f(m)o(ust)e(b)q(e)149 989 y(c)o(hanged.)223 +1079 y(If,)d(ho)o(w)o(ev)o(er,)f(the)h(patc)o(h)h(is)f(installed,)g(the)g +(name)f(serv)o(er)h(co)q(de)h(m)o(ust)e(b)q(e)i(c)o(hanged)f(to)h(en)o(ter) +149 1170 y(the)k(false)g(resource)f(record)h(in)o(to)g(the)f(additional)h +(answ)o(er)g(section.)29 b(These)19 b(c)o(hanges)g(are)g(not)149 +1260 y(di\016cult,)12 b(but)h(they)f(require)f(a)i(go)q(o)q(d)i +(understanding)e(of)g(the)g(Domain)f(Name)f(System)g(proto)q(col)149 +1350 y(and)17 b(the)f(name)f(serv)o(er)h(source)g(co)q(de.)223 +1441 y(F)l(urthermore,)h(there)i(are)g(some)f(c)o(hanges)h(to)g(the)g +(\\rlogin")h(program.)29 b(In)19 b(the)g(case)g(that)149 1531 +y(user)g(Alice)e(on)i(host)g(NS)622 1538 y Fm(A)669 1531 y +Fo(trusts)g(user)g(Bob)g(on)g(host)g(H)1236 1538 y Fm(A)1264 +1531 y Fo(,)g(the)f(attac)o(king)g(host)h(w)o(ould)g(need)149 +1621 y(a)e(legitimate)d(user)i(Bob)g(that)h(logs)g(in)o(to)f(NS)989 +1628 y Fm(A)1018 1621 y Fo(.)21 b(But)16 b(that)h(w)o(ould)f(require)f +(adding)i(a)f(new)g(user)149 1711 y(id)i(to)g(the)g(attac)o(king)g(system)e +(ev)o(ery)g(time)g(the)i(attac)o(k)o(er)f(w)o(an)o(ts)h(to)g(imp)q(ersonate)f +(a)h(di\013eren)o(t)149 1802 y(user)i(name,)e(regardless)h(of)h(the)f(view)o +(able)f(c)o(hanges)h(in)g(the)g(passw)o(ord)h(\014le.)30 b(A)19 +b(m)o(uc)o(h)e(neater)149 1892 y(approac)o(h)23 b(requires)e(few)h(c)o +(hanges)g(in)f(the)h(\\rlogin")g(co)q(de.)39 b(F)l(or)22 b(the)f(target)h +(host)h(it)e(is)h(not)149 1982 y(imp)q(ortan)o(t)c(that)g(the)g(remote)e +(user)j(Bob)f(exists;)g(it)f(is)h(su\016cien)o(t)f(to)i(pass)g(Bob's)f(login) +g(name)149 2073 y(in)f(the)g(\014rst)g(pac)o(k)o(et)f(\(see)g(section)h +(3.5.4\))g(from)f(the)g(\\rlogin")i(clien)o(t)d(to)i(the)g(\\rlogind")h(serv) +o(er)149 2163 y(to)f(mak)o(e)d(the)i(target)h(host)g(b)q(eliev)o(e)d(Bob)i +(is)h(\\real".)223 2253 y(Ov)o(erall,)c(the)j(attac)o(k)f(requires)g(only)g +(a)h(few)g(c)o(hanges)g(and)g(can)g(b)q(e)g(ac)o(hiev)o(ed)e(easily)l(.)20 +b(What)149 2343 y(mak)o(es)11 b(the)h(break{in)f(di\016cult)g(is)h(obtaining) +g(the)g(necessary)g(information)f(ab)q(out)i(remote)d(users)149 +2434 y(and)20 b(mac)o(hine)e(names,)g(ha)o(ving)i(sup)q(eruser)f(privileges)f +(on)i(a)g(system)e(with)h(a)h(primary)e(name)149 2524 y(serv)o(er,)13 +b(and)i(ha)o(ving)f(the)g(pro\014ciency)f(of)i(making)d(the)i(c)o(hanges)h +(in)e(the)h(name)f(serv)o(er)g(database)149 2614 y(and)k(co)q(de.)p +eop +%%Page: 53 62 +61 bop 1901 -100 a Fo(53)149 75 y(3.6.3)49 b(Detecting)16 b(a)h(DNS)f(based)h +(Break{in)223 197 y(During)j(an)g(attac)o(k,)f(an)h(attac)o(k)o(er)f(usually) +g(w)o(an)o(ts)h(to)g(op)q(erate)g(as)g(furtiv)o(ely)e(as)i(p)q(ossible.)149 +287 y(After)14 b(an)h(attac)o(k,)g(an)g(attac)o(k)o(er)e(w)o(an)o(ts)i(to)g +(lea)o(v)o(e)e(b)q(ehind)i(as)g(few)g(clues)e(as)j(p)q(ossible)f(that)g +(could)149 378 y(p)q(oin)o(t)i(to)f(him)f(or)i(his)f(actions.)223 +468 y(W)l(e)j(distinguish)h(b)q(et)o(w)o(een)f(where)h(the)f(attac)o(k)o +(er's)g(presence)g(or)h(his)g(actions)g(can)g(b)q(e)g(de-)149 +558 y(tected)c(or)g(observ)o(ed:)21 b(On)16 b(the)g(attac)o(k)o(ed)g(mac)o +(hine)e(and)j(on)g(the)f(attac)o(k)o(er's)f(mac)o(hine.)223 +649 y(In)e(the)h(follo)o(wing)g(w)o(e)f(assume)h(that)g(the)g(attac)o(k)o(er) +f(has)i(not)f(\(y)o(et\))f(done)h(an)o(y)g(ob)o(vious)g(harm)149 +739 y(to)f(the)f(attac)o(k)o(ed)f(system.)19 b(In)12 b(our)g(examination)f(w) +o(e)h(only)g(treat)g(the)g(detection)f(of)i(the)f(break-in)149 +829 y(directly)l(,)h(not)i(of)g(its)f(consequences,)g(once)g(an)h(attac)o(k)o +(er)f(has)h(gained)g(access.)21 b(The)14 b(false)h(record)149 +919 y(in)k(the)g(cac)o(he)g(has)g(a)h(minim)n(um)15 b(lifetime)h(of)j(curren) +o(tly)f(\014v)o(e)g(min)o(utes)f(and)j(can)f(b)q(e)h(detected)149 +1010 y(only)15 b(in)f(that)i(short)f(p)q(erio)q(d)g(of)g(time.)k(The)c(false) +f(mapping)g(could)h(b)q(e)f(detected)g(b)o(y)g(examining)149 +1100 y(a)j(cac)o(he)f(dump)f(of)i(the)f(name)f(serv)o(er,)g(or)i(in)f(case)h +(a)g(user)f(tried)g(to)h(resolv)o(e)e(one)h(of)h(the)f(names)149 +1190 y(in)o(v)o(olv)o(ed)e(in)i(the)g(tamp)q(ering.)223 1281 +y(The)11 b(simple)e(fact)i(that)h(the)f(attac)o(k)o(er)f(is)h(logged)h(in)f +(could)g(b)q(e)g(observ)o(ed.)20 b(In)10 b(an)i(en)o(vironmen)o(t)149 +1371 y(where)19 b(man)o(y)f(users)h(access)g(a)g(system)e(at)j(the)f(same)e +(time,)g(this)i(seems)f(unlik)o(ely)l(.)27 b(Ho)o(w)o(ev)o(er,)149 +1461 y(if)19 b(the)g(compromised)d(mac)o(hine)h(is)i(w)o(atc)o(hed)f(closely) +g(b)o(y)h(a)g(system)f(administrator)g(or)i(users,)149 1551 +y(the)e(c)o(hance)g(of)h(detecting)e(the)h(login)g(is)g(higher.)27 +b(If)18 b(the)g(attac)o(k)o(er)f(logs)i(in)f(as)h(sup)q(eruser,)g(the)149 +1642 y(c)o(hances)i(of)h(detection)f(are)g(ev)o(en)f(higher,)i(b)q(ecause)g +(logins)f(of)h(privileged)e(users)i(are)f(logged)149 1732 y(separately)l(.) +223 1822 y(It)c(is)h(also)h(p)q(ossible)f(to)h(mo)q(dify)e(the)h +(\\rlogin"{co)q(de)h(to)f(log)h(all)f(remote)e(logins)i(to)h(gather)149 +1913 y(more)c(information)h(ab)q(out)h(connections)f(in)o(v)o(olving)f(the)h +(o)o(wn)h(host.)223 2003 y(On)e(the)h(attac)o(k)o(er's)f(mac)o(hine,)e(w)o(e) +i(ha)o(v)o(e)g(to)h(distinguish)g(b)q(et)o(w)o(een)f(the)g(p)q(ossible)h +(iden)o(tities)149 2093 y(of)21 b(an)g(attac)o(k)o(er.)33 b(If)20 +b(he)h(is)f(a)h(rogue)g(system)e(administrator)h(and)h(has)g(no)g(higher)g +(authorit)o(y)149 2183 y(ab)q(o)o(v)o(e)c(him)d(in)j(his)f(organization,)h +(there)e(is)i(hardly)f(an)o(y)g(c)o(hance)g(that)h(an)o(y)o(one)f(on)h(his)f +(system)149 2274 y(could)h(detect)e(his)h(malicious)e(deeds.)223 +2364 y(If)i(he)g(has)i(sub)o(v)o(erted)d(the)i(system)e(and)i(has)g(gained)g +(the)g(necessary)f(sup)q(eruser)h(privileges)149 2454 y(on)e(the)f(attac)o +(king)g(mac)o(hine,)e(the)i(c)o(hances)f(of)i(detecting)e(him)f(are)i(b)q +(etter,)g(though)h(still)e(prett)o(y)149 2545 y(small.)27 b(Because)18 +b(the)h(attac)o(k)o(er)e(has)j(sub)o(v)o(erted)d(the)i(attac)o(king)f(mac)o +(hine)f(in)h(the)h(\014rst)g(place,)p eop +%%Page: 54 63 +62 bop 1901 -100 a Fo(54)149 75 y(ev)o(erything)17 b(w)o(e)g(said)h(ab)q(out) +h(the)f(p)q(ossibilities)f(of)h(detecting)f(an)o(ything)h(on)g(an)g(attac)o +(k)o(ed)f(ma-)149 165 y(c)o(hine)f(is)g(applicable)g(here)h(as)g(w)o(ell.)k +(W)l(e)c(could)f(also)i(observ)o(e)e(the)g(mo)q(di\014ed)g(executable)f +(\014les,)149 255 y(that)j(are)g(necessary)f(for)g(the)h(\\rlogin")g(and)g +(the)f(mo)q(di\014ed)f(name)g(serv)o(er)g(op)q(eration.)26 +b(But)17 b(all)149 346 y(c)o(hanges)j(in)f(binaries)f(can)i(b)q(e)f(made)f +(using)i(lo)q(cal)f(copies)f(of)i(the)f(source)g(co)q(de)g(that)h(is)f(read-) +149 436 y(ily)g(a)o(v)m(ailable.)31 b(Some)19 b(sites)g(run)h(monitors)f +(that)h(detect)f(on)h(a)g(daily)f(basis)i(if)e(binaries)g(w)o(ere)149 +526 y(c)o(hanged)c(or)g(touc)o(hed.)20 b(Using)14 b(lo)q(cal)h(copies)f(a)o +(v)o(oids)g(detection)g(b)o(y)g(this)g(t)o(yp)q(e)g(of)h(monitor.)k(The)149 +616 y(executables)c(can)h(ev)o(en)f(b)q(e)h(started)g(from)f(lo)q(cal)h +(directories,)f(w)o(ell{hidden)f(from)h(others.)21 b(The)149 +707 y(name)15 b(serv)o(er)g(that)i(is)f(already)g(running)g(has)h(to)f(b)q(e) +g(replaced)f(b)o(y)h(the)g(lo)q(cal)g(cop)o(y)l(,)f(but)h(that)h(is)149 +797 y(a)g(job)g(that)f(tak)o(es)g(less)g(than)h(a)g(second.)223 +887 y(T)l(amp)q(ering)h(with)g(the)h(log)g(\014les)f(also)h(aids)g(the)g +(attac)o(k)o(er)f(in)g(sta)o(ying)h(undetected.)28 b(With)149 +978 y(the)16 b(mo)q(di\014ed)e(\\rlogin")i(v)o(ersion,)f(there)g(are)h(no)g +(additional)f(passw)o(ord)i(\014le)e(en)o(tries)f(necessary)l(,)149 +1068 y(whic)o(h)i(otherwise)g(could)g(b)q(e)g(observ)o(ed.)223 +1158 y(Ov)o(erall,)k(the)g(attac)o(k)o(er)g(has)i(v)o(ery)e(go)q(o)q(d)j(c)o +(hances)d(of)h(hiding)g(his)g(activities)e(completely)l(.)149 +1248 y(Most)h(of)g(these)g(metho)q(ds)f(of)h(getting)f(a)h(glimpse)e(of)i +(his)f(doing)h(seem)e(farfetc)o(hed)h(to)h(us)g(and)149 1339 +y(their)14 b(o)q(dds)i(of)f(success)g(are)f(quite)g(small.)19 +b(The)c(highest)f(c)o(hances)g(of)h(detecting)f(the)g(tamp)q(ering)149 +1429 y(is)d(b)o(y)g(catc)o(hing)f(the)h(false)g(record)g(during)g(its)g +(short)h(lifetime)7 b(or)12 b(b)o(y)e(simply)f(\014nding)j(the)e(attac)o(k)o +(er)149 1519 y(logged)17 b(in.)p eop +%%Page: 55 64 +63 bop 1901 -100 a Fo(55)540 342 y(4.)33 b(SECURITY)16 b(ANAL)l(YSIS)e(AND)i +(SOLUTIONS)223 516 y(Most)e(of)g(the)g(prop)q(osed)i(\\solutions")f(in)f +(this)g(c)o(hapter)f(are)h(not)h(complete)d(solutions)i(to)h(the)149 +606 y(problem.)27 b(Some)18 b(of)h(them)e(are)h(v)m(alid)g(under)h +(additional)g(assumptions)f(that)h(cannot)h(alw)o(a)o(ys)149 +696 y(b)q(e)d(met;)d(others)j(are)f(applicable)f(to)i(parts)g(of)f(the)g +(problem.)223 787 y(Because)e(man)o(y)g(factors)i(con)o(tribute)e(to)i(the)f +(securit)o(y)f(breac)o(h)g(encoun)o(tered)h(in)g(this)g(thesis)149 +877 y(and)k(all)e(of)g(them)f(are)i(necessary)l(,)f(it)g(is)g(su\016cien)o(t) +g(to)g(eliminate)e(one)j(of)g(them.)23 b(That)18 b(sounds)149 +967 y(easy)j(to)f(accomplish,)f(but)h(is)g(a)h(di\016cult)d(task)j(in)f +(practice,)f(b)q(ecause)i(eliminating)c(an)o(y)j(one)149 1057 +y(of)f(the)e(factors)h(brings)g(a)h(trade{o\013)g(with)e(functionalit)o(y)l +(,)g(e\016ciency)l(,)e(or)j(simply)e(con)o(v)o(enience)149 +1148 y(with)h(it.)223 1238 y(W)l(e)h(presen)o(t)h(for)g(eac)o(h)f(of)i(our)f +(solutions)g(the)g(necessary)g(bac)o(kground,)h(if)e(it)g(w)o(as)i(not)f(al-) +149 1328 y(ready)j(giv)o(en)f(in)g(one)h(of)g(the)g(previous)f(c)o(hapters,)i +(follo)o(w)o(ed)e(b)o(y)g(a)h(description)f(of)h(the)g(idea)149 +1419 y(of)d(the)g(solution.)29 b(The)19 b(solution)g(is)f(then)h(examined)e +(and)i(discussed)g(using)g(criteria)e(suc)o(h)i(as)149 1509 +y(feasibilit)o(y)c(of)j(its)e(implem)o(en)o(tation,)e(qualit)o(y)i(of)h(the)g +(solution,)g(complexit)o(y)c(of)18 b(the)e(idea,)h(and)149 +1599 y(compatibilit)o(y)d(with)i(the)g(original)g(design)g(goals.)223 +1689 y(It)10 b(is)h(imp)q(ortan)o(t)f(to)h(view)f(these)h(solutions)g(as)h +(not)f(stand)h(alone.)19 b(In)11 b(di\013eren)o(t)f(com)o(binations)149 +1780 y(they)i(ac)o(hiev)o(e)f(sev)o(eral)g(degrees)h(of)h(securit)o(y)l(.)19 +b(The)12 b(concluding)g(c)o(hapter)g(of)h(this)f(thesis)g(con)o(tains)149 +1870 y(a)k(high)f(lev)o(el)d(discussion)j(ab)q(out)i(com)o(binations)c(of)i +(our)h(solutions,)f(to)g(obtain,)g(if)g(not)g(absolute)149 +1960 y(securit)o(y)l(,)c(at)h(least)f(a)h(high)g(lev)o(el)e(of)i +(con\014dence)f(in)g(the)g(securit)o(y)f(of)i(the)g(Domain)f(Name)f(System.) +149 2126 y(4.1)50 b(Securit)o(y)14 b(Considerations)j(in)f(the)g(RF)o(C)g +(1035)223 2265 y(In)h(the)g(design)g(of)h(the)f(Domain)g(Name)e(System,)h +(securit)o(y)g(considerations)i(w)o(ere)e(not)i(for-)149 2356 +y(gotten,)i(and)f(the)f(RF)o(Cs)h(sho)o(w)g(that)g(the)g(in)o(tegrit)o(y)e +(of)i(the)f(cac)o(he)g(w)o(as)h(an)g(imp)q(ortan)o(t)f(issue.)149 +2446 y(The)g(eagerness)h(to)f(impro)o(v)o(e)d(p)q(erformance)i(led)g(to)h +(the)g(nast)o(y)g(logic)g(b)q(om)o(b)f(of)h(adding)h(unau-)149 +2536 y(thorized)d(records)g(to)g(the)g(additional)g(section)g(and)g(|)g(in)g +(absence)g(of)g(strong)h(authen)o(tication)149 2626 y(|)f(b)q(elieving)f +(their)h(correctness.)p eop +%%Page: 56 65 +64 bop 1901 -100 a Fo(56)223 75 y(Before)22 b(resp)q(onses)j(are)e(further)g +(pro)q(cessed,)i(a)f(n)o(um)o(b)q(er)e(of)h(prepro)q(cessing)h(steps)g(tak)o +(es)149 165 y(place.)34 b(These)21 b(include)e(a)j(c)o(hec)o(k)c(for)j(the)g +(plausibilit)o(y)d(of)j(the)g(header)g(\(id)f(n)o(um)o(b)q(er)f(c)o(hec)o +(k\),)149 255 y(the)i(correctness)g(of)g(the)g(resource)g(records')g(format,) +g(and)h(time)d(to)i(liv)o(e)f(v)m(alues.)35 b(If)21 b(a)h(time)149 +346 y(to)e(liv)o(e)e(v)m(alue)i(exceeds)e(one)i(w)o(eek,)f(the)g(sp)q +(eci\014cation)h(allo)o(ws)f(the)h(implem)o(en)n(tor)d(to)j(discard)149 +436 y(this)g(record,)g(or)g(limit)c(its)k(lifetime)c(to)k(one)f(w)o(eek.)31 +b(The)19 b(id)g(in)h(the)f(header)h(of)f(the)h(resp)q(onse)149 +526 y(m)o(ust)h(matc)o(h)f(the)h(id)g(of)h(the)f(query)l(.)37 +b(A)21 b(name)f(serv)o(er)h(exp)q(ects)g(the)g(reply)g(from)f(the)h(same)149 +616 y(IP)e(address)h(where)e(he)h(sen)o(t)g(the)f(query)l(.)29 +b(This)19 b(can)g(cause)g(some)f(confusion)h(if)f(replies)g(come)149 +707 y(from)13 b(m)o(ultihome)o(d)e(hosts)j(that)g(use)g(other)g(p)q(orts)g +(for)g(sending)g(the)f(resp)q(onse,)i(b)q(ecause)f(of)g(lo)q(cal)149 +797 y(routing)j(information.)j(This)d(w)o(as)f(a)h(common)d(bug)j(in)f(name)f +(serv)o(ers.)223 887 y(The)j(standard)i(states)f(sev)o(eral)f(situations)h +(in)f(whic)o(h)g(data)h(should)h(not)f(b)q(e)f(cac)o(hed.)28 +b(If)18 b(a)149 978 y(pac)o(k)o(et)e(is)g(truncated)h(\(TC)g(\015ag)g(in)f +(the)g(header)h(is)f(set\),)g(its)h(resource)f(records)g(should)h(not)g(b)q +(e)149 1068 y(cac)o(hed,)i(although)h(they)f(can)g(b)q(e)g(used)g(for)h(the)e +(curren)o(t)h(mapping.)28 b(The)20 b(reason)f(for)h(this)f(is)149 +1158 y(that)e(a)g(cac)o(he)f(should)g(not)h(con)o(tain)f(incomplete)e +(information.)21 b(The)16 b(information)f(in)h(a)h(cac)o(he)149 +1248 y(migh)o(t)12 b(b)q(e)i(out)h(of)f(date)g(whic)o(h)f(will)f(ev)o(en)o +(tually)g(b)q(e)i(corrected;)f(but)h(the)f(cac)o(he)g(sta)o(ys)h(alw)o(a)o +(ys)g(in)149 1339 y(a)19 b(consisten)o(t)f(state,)h(b)q(ecause)f(incomplete)e +(mappings)i(are)g(nev)o(er)f(en)o(tered.)27 b(A)17 b(cac)o(he)h(should)149 +1429 y(nev)o(er)c(prefer)f(cac)o(he)h(data)h(o)o(v)o(er)f(authoritativ)o(e)g +(data.)21 b(Resp)q(onses)16 b(to)e(in)o(v)o(erse)f(queries)g(are)i(also)149 +1519 y(tab)q(o)q(o)21 b(b)q(ecause)d(of)h(their)f(incomplete)d(information)j +(c)o(haracter.)26 b(Name)17 b(serv)o(ers)h(or)g(resolv)o(ers)149 +1610 y(ha)o(v)o(e)g(to)h(do)f(all)g(correctness)g(c)o(hec)o(ks)f(b)q(efore)h +(they)g(can)g(cac)o(he)g(data.)28 b(Resp)q(onses)19 b(of)g(dubious)149 +1700 y(reliabilit)o(y)f(ha)o(v)o(e)i(to)i(b)q(e)f(examined)d(carefully)l(.)33 +b(It)21 b(is)f(ho)o(w)o(ev)o(er)g(not)h(easy)g(to)g(decide)f(criteria)149 +1790 y(suc)o(h)c(as)h(\\dubious)h(origin,")e(or)g(\\reliable)f(source.")223 +1880 y(Before)i(cac)o(hing)g(a)i(newly)e(receiv)o(ed)e(record,)j(the)g(name)f +(serv)o(er)g(should)h(c)o(hec)o(k)e(for)i(an)h(ex-)149 1971 +y(isting)h(record)f(in)g(the)g(cac)o(he.)29 b(Dep)q(ending)20 +b(on)g(the)f(circumstances,)e(either)i(the)g(data)h(in)f(the)149 +2061 y(resp)q(onse,)k(or)e(the)f(cac)o(he)g(is)h(preferred,)f(but)h(the)g(t)o +(w)o(o)f(should)h(nev)o(er)f(b)q(e)h(com)o(bined.)32 b(If)21 +b(the)149 2151 y(data)c(in)f(the)g(resp)q(onse)h(is)f(mark)o(ed)e(as)j +(authoritativ)o(e)f(data)h(in)f(the)g(answ)o(er)g(section,)f(it)h(should)149 +2242 y(alw)o(a)o(ys)h(b)q(e)f(preferred.)p eop +%%Page: 57 66 +65 bop 1901 -100 a Fo(57)149 75 y(4.2)50 b(Analysis)15 b(of)i(the)f(Name)e +(Serv)o(er)h(Algorithm)223 214 y(In)k(this)g(section)h(w)o(e)f(review)f(the)i +(name)e(serv)o(er)h(algorithm)f(stated)i(in)g(section)f(2.9.2)h(and)149 +305 y(analyze)d(it)f(step)h(b)o(y)f(step.)24 b(W)l(e)16 b(are)h(esp)q +(ecially)e(lo)q(oking)j(for)f(w)o(eak)f(assumptions)h(that)h(do)f(not)149 +395 y(alw)o(a)o(ys)g(hold.)k(These)16 b(assumptions)g(could)g(b)q(e)h +(exploited)e(b)o(y)g(attac)o(k)o(ers.)209 539 y(1.)24 b(In)14 +b(step)h(one)f(the)g(algorithm)f(determines)f(if)i(a)g(recursiv)o(e)f(name)g +(resolution)h(is)g(requested)271 629 y(and)k(a)o(v)m(ailable.)j(If)c(so,)g +(it)f(branc)o(hes)g(to)i(step)e(\014v)o(e,)g(where)g(a)h(cop)o(y)f(of)h(the)g +(resolv)o(er)e(algo-)271 720 y(rithm)e(or)h(the)g(lo)q(cal)g(resolv)o(er)f +(is)h(in)o(v)o(ok)o(ed.)19 b(When)14 b(the)g(resolv)o(er)f(returns)i(an)f +(answ)o(er,)h(the)271 810 y(name)f(serv)o(er)g(algorithm)g(b)q(eliev)o(es)f +(this)h(answ)o(er)h(to)g(b)q(e)g(correct)g(and)g(copies)f(it)h(as)g(is)g(in)o +(to)271 900 y(the)g(according)g(answ)o(er)g(sections)f(of)h(the)g(o)o(wn)g +(reply)l(.)20 b(This)15 b(answ)o(er)g(could)f(con)o(tain)h(false)271 +991 y(records)i(not)g(only)g(in)f(the)g(additional)h(section,)f(but)h(also)g +(in)f(the)g(answ)o(er)h(or)g(authorita-)271 1081 y(tiv)o(e)h(section.)31 +b(This)19 b(is)h(a)f(w)o(eak)h(assumption)f(b)q(ecause)g(the)h(resp)q(onse)g +(of)f(an)h(arbitrary)271 1171 y(name)15 b(serv)o(er)h(cannot)g(alw)o(a)o(ys)h +(b)q(e)f(trusted.)209 1303 y(2.)24 b(In)12 b(step)g(t)o(w)o(o)g(the)g(name)f +(serv)o(er)g(searc)o(hes)h(the)g(a)o(v)m(ailable)f(zones)h(for)h(the)e +(nearest)h(ancestor.)271 1393 y(It)k(assumes)f(that)h(its)f(zone)h(data)g(is) +g(accurate.)k(This)c(should)g(usually)g(b)q(e)f(the)h(case.)21 +b(But)271 1484 y(there)14 b(is)g(a)h(p)q(ossibilit)o(y)e(that)h(its)g(data)h +(base)g(is)f(not)h(consisten)o(t.)20 b(This)14 b(inconsistency)f(can)271 +1574 y(lead)20 b(to)g(malfunction)d(as)k(it)e(has)h(in)f(the)g(past,)i(and)f +(in)f(the)h(w)o(orst)g(case)f(to)h(a)g(securit)o(y)271 1664 +y(threat.)209 1796 y(3.)k(In)17 b(step)h(three)e(the)h(serv)o(er)g(tries)f +(to)i(matc)o(h)e(the)h(query)f(in)h(its)g(o)o(wn)h(authoritativ)o(e)f(data) +271 1886 y(base.)22 b(In)16 b(principle)e(the)i(same)g(problem)e(as)j(in)f +(the)g(previous)g(step)g(exists.)209 2018 y(4.)24 b(Step)18 +b(four)g(is)f(resp)q(onsible)h(for)f(\014nding)h(data)h(in)e(the)g(cac)o(he)g +(once)h(the)f(matc)o(hing)f(phase)271 2108 y(in)k(step)g(three)g(is)f(not)i +(successful.)32 b(If)20 b(the)f(QNAME)h(is)f(found)i(in)f(one)g(of)g(the)g +(cac)o(hed)271 2199 y(records,)c(all)e(resource)i(records)f(matc)o(hing)f +(the)h(QTYPE)h(of)f(the)h(query)e(are)i(copied)f(in)o(to)271 +2289 y(the)21 b(answ)o(er)g(section.)35 b(If)20 b(there)g(is)h(no)g +(delegation)g(found)h(in)e(its)h(authoritativ)o(e)f(data,)271 +2379 y(the)f(algorithm)g(puts)g(the)g(b)q(est)h(referral)f(found)g(in)g(the)h +(cac)o(he)e(in)o(to)h(the)g(authoritativ)o(e)271 2469 y(section.)30 +b(In)19 b(these)g(cases,)h(the)f(algorithm)g(b)q(eliev)o(es)e(the)i(data)h +(that)g(it)f(retriev)o(es)f(from)271 2560 y(the)e(cac)o(he)g(to)g(b)q(e)h +(unimpaired.)i(As)d(w)o(e)g(sho)o(w)o(ed,)g(this)g(do)q(es)h(not)g +(necessarily)e(hold.)p eop +%%Page: 58 67 +66 bop 1901 -100 a Fo(58)209 75 y(5.)24 b(Step)17 b(\014v)o(e)e(is)i(the)f +(call)f(to)i(another)g(resolv)o(er.)k(The)c(problem)d(here)i(is)h(that)f(the) +h(resp)q(onse)271 165 y(is)f(blindly)f(b)q(eliev)o(ed,)f(cac)o(hed)i(and)h +(used.)209 297 y(6.)24 b(Step)d(six)e(do)q(es)j(not)e(con)o(tain)h(a)f(\015a) +o(w)h(itself,)f(but)g(it)g(demonstrates)g(ho)o(w)h(easy)f(it)g(is)g(to)271 +387 y(add)h(records)f(to)h(the)f(reply)l(,)f(and)i(that)g(a)f(name)f(serv)o +(er)g(accepts)h(that)g(without)h(man)o(y)271 477 y(constrain)o(ts.)149 +643 y(4.3)50 b(Analysis)15 b(of)i(the)f(Resolv)o(er)f(Algorithm)223 +782 y(In)e(this)g(section)g(w)o(e)f(review)h(the)g(resolv)o(er)f(algorithm)g +(stated)i(in)f(section)f(2.9.3)i(and)g(analyze)149 873 y(it)k(step)g(b)o(y)g +(step.)26 b(W)l(e)18 b(are)g(esp)q(ecially)f(lo)q(oking)h(for)g(w)o(eak)g +(assumptions)g(that)h(do)f(not)h(alw)o(a)o(ys)149 963 y(hold.)j(These)16 +b(assumptions)g(could)g(b)q(e)h(exploited)e(b)o(y)g(attac)o(k)o(ers.)209 +1107 y(1.)24 b(Step)17 b(one)f(in)g(the)h(resolv)o(er's)e(algorithm)g(sho)o +(ws)j(one)e(of)h(the)f(securit)o(y)f(\015a)o(ws)i(in)f(the)h(pro-)271 +1197 y(to)q(col.)33 b(The)20 b(resolv)o(er)f(searc)o(hes)h(the)f(cac)o(he)g +(for)i(the)e(desired)h(data.)33 b(If)19 b(the)h(data)h(is)f(in)271 +1288 y(the)g(cac)o(he,)f(the)g(resolv)o(er)f(\\assumes")i(it)f(to)h(b)q(e)f +(go)q(o)q(d)j(enough)e(for)g(regular)f(use.)31 b(This)271 1378 +y(assumption)15 b(can)g(lead)f(to)i(the)e(use)h(of)g(false)g(records)g(and)g +(aid)g(an)g(attac)o(k)o(er)f(in)h(his)g(unau-)271 1468 y(thorized)h(attempt)f +(to)i(access)f(another)h(mac)o(hine.)271 1579 y(Some)k(resolv)o(ers)g +(o\013er)i(the)f(option)g(at)h(the)f(user)g(in)o(terface)e(to)j(force)e(the)h +(resolv)o(er)f(to)271 1670 y(ignore)e(cac)o(hed)f(data)h(and)h(alw)o(a)o(ys)e +(consult)h(an)g(authoritativ)o(e)f(serv)o(er.)27 b(Although)19 +b(this)271 1760 y(approac)o(h)c(w)o(ould)e(solv)o(e)g(the)g(problem,)f(it)h +(is)h(not)g(recomme)o(nded)d(as)j(the)f(default,)g(as)i(this)271 +1850 y(is)h(v)o(ery)f(ine\016cien)o(t.)209 1982 y(2.)24 b(In)19 +b(step)g(t)o(w)o(o)h(the)e(resolv)o(er)h(lo)q(oks)g(for)h(a)f(name)f(serv)o +(er)h(to)g(ask)h(for)f(the)g(required)f(data.)271 2072 y(The)13 +b(general)e(strategy)i(is)f(to)g(lo)q(ok)h(for)f(lo)q(cally)g(a)o(v)m +(ailable)f(name)g(serv)o(er)g(resource)h(records,)271 2163 +y(starting)k(at)g(SNAME,)f(to)o(w)o(ards)h(the)f(ro)q(ot.)22 +b(The)16 b(resolv)o(er)e(has)i(man)o(y)e(c)o(hoices)h(here)g(and)271 +2253 y(dep)q(ending)k(on)g(whic)o(h)e(c)o(hoice)g(it)h(mak)o(es)f(it)h(can)g +(con)o(tact)g(sound)h(name)f(serv)o(ers)f(or)i(the)271 2343 +y(attac)o(k)o(er's)14 b(name)g(serv)o(er.)20 b(Ho)o(w)o(ev)o(er,)13 +b(if)i(w)o(e)f(assume,)h(that)g(the)g(attac)o(k)o(er)f(has)i(set)f(up)h(his) +271 2433 y(zones)c(suc)o(h)g(that)g(his)f(name)g(serv)o(er)g(is)g(the)h(only) +f(one)h(with)g(the)f(necessary)g(information)g(to)271 2524 +y(answ)o(er)16 b(the)f(attac)o(k)o(ed)g(mac)o(hine's)e(query)l(,)h(the)i +(resolv)o(er)e(has)i(certainly)e(no)i(other)g(c)o(hoice)271 +2614 y(than)h(\014nally)f(con)o(tacting)g(him.)p eop +%%Page: 59 68 +67 bop 1901 -100 a Fo(59)209 75 y(3.)24 b(Step)d(three)g(sends)g(out)h +(queries)e(un)o(til)g(a)h(resp)q(onse)h(is)f(receiv)o(ed.)33 +b(The)21 b(strategy)g(is)g(to)271 165 y(cycle)c(around)h(all)g(of)g(the)g +(addresses)g(for)g(all)g(of)g(the)f(serv)o(ers)g(with)h(a)g(timeout)e(b)q(et) +o(w)o(een)271 255 y(eac)o(h)g(transmission.)209 387 y(4.)24 +b(In)17 b(step)h(four)f(the)g(resolv)o(er)f(accepts)i(answ)o(er)f(pac)o(k)o +(ets)f(from)h(name)f(serv)o(ers)g(it)h(has)h(con-)271 477 y(tacted.)33 +b(These)20 b(pac)o(k)o(ets)f(can)h(con)o(tain)g(records)g(in)f(the)h +(additional)g(section.)33 b(The)20 b(re-)271 568 y(solv)o(er)15 +b(p)q(erforms)g(some)g(prepro)q(cessing)h(on)g(these)g(pac)o(k)o(ets)e(and)j +(the)e(con)o(tained)g(records)271 658 y(\(see)h(4.1)g(for)g(detailed)f +(description\),)f(but)i(v)o(ery)f(lik)o(ely)e(accepts)i(them)g(and)h(cac)o +(hes)f(their)271 748 y(con)o(ten)o(ts.)41 b(Cac)o(hing)23 b(unrequested)f +(data)i(pro)o(vided)e(b)o(y)g(some)g(unkno)o(wn)h(source)g(can)271 +839 y(lead)18 b(to)g(a)f(ma)s(jor)g(problem)f(but)i(is)f(also)h(necessary)f +(to)h(obtain)g(a)g(go)q(o)q(d)i(o)o(v)o(erall)c(system)271 +929 y(p)q(erformance.)223 1073 y(If)g(the)h(resolv)o(er)f(has)i(direct)e +(access)h(to)h(a)f(name)f(serv)o(er's)g(zone,)h(it)g(should)g(c)o(hec)o(k)f +(to)h(see)g(if)149 1163 y(the)e(desired)e(data)i(is)f(presen)o(t)g(in)g +(authoritativ)o(e)g(form,)f(and)i(if)f(so,)g(use)h(the)f(authoritativ)o(e)g +(data)149 1254 y(in)i(preference)f(to)i(the)f(cac)o(he.)223 +1344 y(One)k(could)h(ask)g(where)g(exactly)e(the)i(problem)e(lies:)30 +b(in)21 b(b)q(elieving)e(the)i(cac)o(hed)f(data)i(in)149 1434 +y(step)e(one,)g(or)g(earlier)f(in)g(blindly)f(cac)o(hing)h(additional)h +(information)f(throughout)i(step)f(four.)149 1524 y(Ob)o(viously)l(,)12 +b(the)h(data)h(should)f(b)q(e)g(correct)g(b)q(efore)g(it)f(is)h(en)o(tered)e +(in)o(to)i(the)g(cac)o(he.)19 b(That)13 b(ensures)149 1615 +y(the)20 b(in)o(tegrit)o(y)d(of)j(the)f(in)o(ternal)f(data)i(structures,)g +(whic)o(h)f(is)g(an)g(imp)q(ortan)o(t)g(precondition)g(in)149 +1705 y(most)d(systems.)223 1795 y(But)h(this)g(answ)o(er)h(only)f(shifts)h +(the)f(question)h(to)f(the)h(origin)f(of)h(these)f(records.)26 +b(Where)17 b(is)149 1886 y(the)g(righ)o(t)g(p)q(oin)o(t)g(to)g(ensure)g(the)g +(in)o(tegrit)o(y)e(of)j(transmitted)d(resource)i(records?)24 +b(In)17 b(the)g(name)149 1976 y(serv)o(er)h(that)h(writes)g(the)f(records)h +(in)o(to)f(the)h(additional)g(section?)29 b(That)19 b(can)g(b)q(e)g(violated) +f(b)o(y)149 2066 y(an)e(attac)o(k)o(er,)e(as)i(w)o(e)f(ha)o(v)o(e)f(pro)o(v)o +(ed)g(in)h(our)h(exp)q(erimen)o(ts.)i(Or)d(in)g(the)g(name)f(serv)o(er)g(or)i +(resolv)o(er)149 2156 y(that)i(accepts)e(the)h(resource)g(records,)f(b)q +(efore)h(they)f(are)h(added)h(to)f(the)f(cac)o(he?)23 b(The)17 +b(problem)149 2247 y(here)e(is)g(that)g(the)g(receiving)e(en)o(tit)o(y)h(has) +i(no)f(w)o(a)o(y)g(of)g(deciding)f(what)i(is)f(reasonable)h(to)f(b)q(eliev)o +(e,)149 2337 y(and)i(what)g(can)g(lead)f(to)g(trouble.)223 +2427 y(Neither)d(of)i(the)f(approac)o(hes)h(is)g(feasible)f({)h(the)f(cen)o +(tral)g(dilemm)o(a)e(in)i(the)g(curren)o(t)g(Domain)149 2518 +y(Name)h(System)g(design.)p eop +%%Page: 60 69 +68 bop 1901 -100 a Fo(60)149 75 y(4.4)50 b(Ev)m(aluation)16 +b(Criteria)223 214 y(The)j(follo)o(wing)g(sections)h(presen)o(t)f(solutions)h +(that)f(address)i(the)e(stated)h(problem.)29 b(Most)149 305 +y(of)17 b(the)f(solutions)h(are)f(based)h(on)g(the)f(Domain)g(Name)e(System)h +(and)i(are)f(not)h(solutions)g(to)g(the)149 395 y(abstract)g(problem.)223 +485 y(As)g(w)o(e)h(ha)o(v)o(e)f(already)h(men)o(tioned,)e(the)i(presen)o(ted) +f(approac)o(hes)i(are)f(not)g(complete)e(solu-)149 575 y(tions)g(to)g(the)g +(problem.)j(Most)d(of)g(them)e(w)o(ork)h(only)h(under)f(certain)g(additional) +h(assumptions,)149 666 y(but)j(then)g(reliably)l(.)27 b(A)19 +b(go)q(o)q(d)i(approac)o(h)e(is)g(probably)g(to)g(not)g(limit)d(a)j(system)f +(to)h(the)g(appli-)149 756 y(cation)f(of)h(one)f(solution,)g(but)g(to)g +(impleme)o(n)o(t)d(a)j(reasonable)h(v)m(ariet)o(y)e(of)h(them.)24 +b(This)18 b(v)m(ariet)o(y)149 846 y(should)k(co)o(v)o(er)d(as)j(man)o(y)d +(cases)i(as)g(p)q(ossible,)h(with)e(few)h(o)o(v)o(erlaps.)34 +b(Some)20 b(of)h(the)f(presen)o(ted)149 937 y(solutions)d(are)f(already)g(in) +f(use)h(in)g(some)f(systems,)f(while)h(others)h(are)g(in)g(their)f(early)g +(stages)i(of)149 1027 y(design)g(or)f(dev)o(elopmen)o(t.)223 +1117 y(Our)e(presen)o(tation)h(of)g(eac)o(h)f(solution)h(con)o(tains)g(a)g +(description)f(and)h(a)g(discussion.)21 b(W)l(e)14 b(use)149 +1207 y(sev)o(eral)i(criteria)f(that)h(are)h(imp)q(ortan)o(t)e(in)h(an)h(ev)m +(aluation)f(of)g(solutions)h(to)g(our)g(problem:)222 1352 y +Fj(\017)24 b Fo(The)16 b(\\qualit)o(y")f(of)i(the)e(solution)h(is)g(a)g +(measuremen)o(t)d(of)j(the)f(radius)h(of)g(applicabilit)o(y)e(of)271 +1442 y(the)g(solution.)21 b(This)13 b(v)m(alue)h(cannot)g(easily)f(b)q(e)h +(sp)q(eci\014ed,)f(b)q(ecause)h(the)g(set)f(of)h(applicable)271 +1532 y(cases)g(is)e(not)i(precisely)d(giv)o(en.)19 b(W)l(e)13 +b(men)o(tion)e(the)i(cases)g(that)h(are)f(co)o(v)o(ered)e(b)o(y)i(a)g +(solution)271 1623 y(and)k(try)f(to)h(deriv)o(e)d(from)i(that)g(a)h(judgemen) +o(t)d(ab)q(out)k(the)e(qualit)o(y)f(of)h(the)g(solution.)222 +1754 y Fj(\017)24 b Fo(The)12 b(\\feasibilit)o(y)e(of)i(the)f(implem)o(en)o +(t)o(ation")f(of)i(a)g(solution)g(determines)d(ho)o(w)j(m)o(uc)o(h)d +(e\013ort)271 1845 y(is)19 b(needed)f(to)i(apply)e(the)h(solution)g(to)h(an)f +(unmo)q(di\014ed)f(v)o(ersion)g(of)i(a)f(state)g(of)g(the)g(art)271 +1935 y(name)c(serv)o(er.)222 2067 y Fj(\017)24 b Fo(The)19 +b(\\complexit)o(y)d(of)j(its)g(implem)o(e)o(n)o(tation")e(measures)g(if)i(mo) +q(di\014cations)f(in)g(di\013eren)o(t)271 2157 y(areas)c(are)f(in)o(v)o(olv)o +(ed)d(and)k(ho)o(w)f(complicated)d(their)i(in)o(teraction)g(is.)20 +b(A)12 b(solution)h(can)g(ha)o(v)o(e)271 2247 y(a)h(v)o(ery)f(lo)o(w)g +(degree)g(of)h(complexit)o(y)-5 b(,)11 b(but)j(require)e(considerable)h +(implem)o(en)o(tati)o(on)e(e\013ort.)271 2338 y(A)16 b(complex)e(implem)o(en) +o(tation)f(do)q(es)k(not)g(has)g(to)g(result)f(in)f(a)i(large)f(amoun)o(t)g +(of)g(co)q(ding.)222 2469 y Fj(\017)24 b Fo(In)18 b(solving)f(the)g(problem)f +(w)o(e)h(are)h(striving)f(for)h(\\compatibilit)o(y)c(with)k(the)f(original)g +(de-)271 2560 y(sign.")22 b(A)16 b(solution)g(that)h(do)q(es)g(not)f(require) +f(c)o(hanges)i(to)f(the)g(DNS)g(proto)q(col)h(is)f(usually)271 +2650 y(preferred)g(o)o(v)o(er)f(one)h(that)h(do)q(es)g({)g(ev)o(en)e(if)h +(this)g(conformit)o(y)e(has)j(other)f(disadv)m(an)o(tages.)p +eop +%%Page: 61 70 +69 bop 1901 -100 a Fo(61)222 75 y Fj(\017)24 b Fo(The)d(Domain)f(Name)f +(System)g(is)i(a)g(system)e(that)i(resolv)o(es)f(mappings)g(on{line.)34 +b(The)271 165 y(e\016ciency)14 b(of)j(the)e(system)g(and)i(its)f(p)q +(erformance)f(are)h(imp)q(ortan)o(t)f(factors)i(of)f(in\015uence.)271 +255 y(The)g(compliance)d(of)j(the)f(solution's)h(\\e\016ciency")e(with)h +(that)h(of)g(the)f(system)f(is)i(equally)271 346 y(imp)q(ortan)o(t.)222 +477 y Fj(\017)24 b Fo(Some)f(of)g(the)g(solutions)h(in)o(v)o(olv)o(e)d(users) +j(in)f(general.)42 b(F)l(or)23 b(example)e(if)i(the)g(solution)271 +568 y(requires)12 b(a)i(c)o(hange)f(in)f(the)h(user)g(in)o(terface,)f(or)h +(in)g(an)g(organization's)h(p)q(olicy)e(of)h(handling)271 658 +y(trust.)21 b(The)15 b(user)f(has)h(to)g(learn)f(to)h(handle)f(the)g(c)o +(hanges,)g(and)h(his)g(appro)o(v)m(al)g(is)f(a)h(crucial)271 +748 y(p)q(oin)o(t.)22 b(W)l(e)16 b(com)o(bine)e(these)i(asp)q(ects)h(in)e +(the)h(term)f(\\acceptabilit)o(y)g(b)o(y)g(the)h(user.")222 +880 y Fj(\017)24 b Fo(Solutions)15 b(migh)o(t)e(not)i(b)q(e)g(applicable)f +(in)g(ev)o(ery)f(organizational)i(en)o(vironmen)o(t.)j(W)l(e)c(call)271 +970 y(this)i(criterion)g(\\applicabilit)o(y)e(in)i(an)h(organization.")222 +1102 y Fj(\017)24 b Fo(An)15 b(imp)q(ortan)o(t)e(p)q(oin)o(t)i(in)f(the)h(in) +o(tro)q(duction)f(of)h(c)o(hanges)g(to)g(systems)e(is)h(the)h(\\transition) +271 1192 y(pro)q(cess")f(from)e(the)h(original)f(state)h(\(b)q(efore)g(the)g +(solution)g(is)g(applied\))f(to)h(the)g(new)g(state.)271 1283 +y(In)18 b(case)g(of)g(minor)e(c)o(hanges)i(this)f(transition)h(p)q(erio)q(d)h +(can)f(b)q(e)f(v)o(ery)g(short)h({)g(sometimes)271 1373 y(hardly)h +(noticeable.)27 b(If)18 b(c)o(hanges)h(of)f(considerable)g(degree)g(are)h(in) +o(v)o(olv)o(ed,)d(this)j(pro)q(cess)271 1463 y(pla)o(ys)d(a)h(ma)s(jor)e +(role)h(in)g(the)g(c)o(hange)g(managemen)o(t.)222 1595 y Fj(\017)24 +b Fo(The)16 b(\\transparency)g(of)g(the)f(solution")h(in)o(v)o(olv)o(es)d +(the)j(user)f(in)o(terface)f(and)i(the)f(soft)o(w)o(are)271 +1685 y(in)o(terface)e(to)i(the)f(system.)19 b(This)c(p)q(oin)o(t)f(examines)f +(another)i(notion)g(than)f(the)h(\\compat-)271 1776 y(ibilit)o(y)h(with)i +(the)g(original)f(design,")i(whic)o(h)e(only)h(in)o(v)o(olv)o(es)e(the)i +(proto)q(col)g(issue)g(|)g(not)271 1866 y(the)e(user.)149 2031 +y(4.5)50 b(The)16 b(Berk)o(eley)d(P)o(atc)o(h)223 2171 y(W)l(e)i(already)h +(men)o(tioned)d(the)j(Berk)o(eley)d(soft)o(w)o(are)j(patc)o(h)f(in)h(some)e +(sections)i(of)g(this)g(thesis)149 2261 y(and)h(explained)e(it)h(in)g(detail) +g(in)f(Section)h(3.5.6.)223 2351 y(This)11 b(\014rst)h(attempted)e(defense,)i +(dev)o(elop)q(ed)f(at)h(the)f(Univ)o(ersit)o(y)e(of)j(Berk)o(eley)l(,)d(CA)j +(,)f(consists)149 2442 y(of)16 b(mo)q(di\014cations)e(of)h(the)g(\\rlogind")h +(and)g(\\rshd")g(co)q(de.)21 b(The)15 b(idea)g(is)f(to)i(v)m(alidate)e(the)h +(in)o(v)o(erse)149 2532 y(mapping)h(tree)g(b)o(y)f(lo)q(oking)i(at)g(the)f +(corresp)q(onding)h(no)q(de)g(on)g(the)f(forw)o(ard)h(mapping)e(tree.)21 +b(S.)149 2622 y(Bello)o(vin)e(describ)q(es)h(the)g(metho)q(d)g(used)h(b)o(y)f +(the)g(patc)o(h)h(in)f([Bel92)o(])g(as)h(follo)o(ws:)30 b(\\T)l(o)21 +b(detect)p eop +%%Page: 62 71 +70 bop 1901 -100 a Fo(62)149 75 y(this,)19 b(w)o(e)f(p)q(erform)g(a)h +(cross{c)o(hec)o(k;)f(using)h(the)f(returned)g(name,)g(w)o(e)g(do)h(a)g(forw) +o(ard)g(c)o(hec)o(k)e(to)149 165 y(learn)e(the)g(legal)g(address)h(for)f +(that)h(host.)21 b(If)15 b(that)h(name)e(is)h(not)g(listed,)f(or)i(if)e(the)h +(addresses)h(do)149 255 y(not)h(matc)o(h,)d(alarms,)h(gongs,)j(and)f(to)q +(csins)f(are)h(sounded.")223 346 y(Refer)e(to)i(the)f(description)f(of)i(the) +f(algorithm)f(in)h(Section)g(3.5.6)g(and)h(Figure)f(3.2.)223 +436 y(The)c(\014x)g(is)g(easily)f(installed)h(and)h(not)f(v)o(ery)f(complex.) +18 b(Its)12 b(compatibilit)o(y)d(with)j(the)g(existing)149 +526 y(Domain)i(Name)e(System)h(proto)q(col)h(is)g(another)h(adv)m(an)o(tage.) +21 b(The)14 b(transition)h(pro)q(cess)f(to)h(mo)o(v)o(e)149 +616 y(to)k(a)g(name)e(serv)o(er)g(that)i(con)o(tains)f(the)h(patc)o(h)f(is)g +(not)h(di\016cult)e(or)h(complex.)26 b(A)18 b(few)g(lines)f(of)149 +707 y(co)q(de)i(ha)o(v)o(e)f(to)h(b)q(e)g(inserted)e(in)o(to)i(the)f(name)f +(serv)o(er)h(co)q(de,)h(and)g(the)f(name)g(serv)o(er)f(has)i(to)g(b)q(e)149 +797 y(recompiled)14 b(and)j(started.)223 887 y(Although)22 +b(w)o(e)g(regard)h(this)f(patc)o(h)g(as)h(an)g(obligatory)g(mo)q +(di\014cation)e(to)i(\\rlogind")g(and)149 978 y(\\rshd,")15 +b(it)e(is)g(limited)d(in)j(its)g(scop)q(e.)21 b(It)13 b(can)g(easily)g(b)q(e) +g(coun)o(tered)g(using)g(the)h(metho)q(ds)e(demon-)149 1068 +y(strated)j(throughout)h(Section)e(3.5.6.)21 b(Because)14 b(a)h(name)e(serv)o +(er)h(alw)o(a)o(ys)g(prefers)g(authoritativ)o(e)149 1158 y(data)i(o)o(v)o(er) +d(non{authoritativ)o(e)i(records,)g(it)f(is)g(imp)q(ossible)f(to)i(p)q(oison) +g(the)g(cac)o(he)e(of)i(a)g(primary)149 1248 y(or)h(secondary)f(serv)o(er)g +(for)g(a)h(zone.)k(Th)o(us,)c(an)f(additional)g(false)g(A)g(record)g(cannot)h +(b)q(e)f(inserted)149 1339 y(in)o(to)h(the)g(cac)o(he,)f(and)i(the)f(cross{c) +o(hec)o(k)f(will)h(detect)f(the)h(tamp)q(ering.)223 1429 y(Ov)o(erall,)22 +b(the)h(patc)o(h)f(is)h(a)g(true)g(solution)g(if)f(trust)h(can)g(b)q(e)g +(extended)f(only)g(within)h(the)149 1519 y(scop)q(e)c(of)f(authoritativ)o(e)f +(data,)h(and)h(if)e(the)g(attac)o(k)o(er)g(do)q(es)i(not)f(use)g(the)f(more)g +(sophisticated)149 1610 y(attac)o(king)h(metho)q(d.)26 b(In)18 +b(case)g(the)f(attac)o(k)o(er)g(supplies)h(the)g(additional)g(\\A")g(record)g +(with)g(the)149 1700 y(answ)o(er)13 b(to)g(the)f(rev)o(erse)g(lo)q(okup,)h +(and)g(trust)g(is)f(extended)g(to)h(p)q(ossibly)g(un)o(trust)o(w)o(orth)o(y)f +(sources,)149 1790 y(this)17 b(metho)q(d)e(will)g(fail.)149 +1956 y(4.6)50 b(Examining)14 b(Berk)o(eley)g(\\r{Commands")223 +2095 y(The)19 b(Berk)o(eley)e(r{commands)i(extensiv)o(ely)e(use)i(the)h +(\\.rhosts")h(and)f(\\/etc/hosts.equiv")149 2185 y(\014les)14 +b(to)g(increase)f(con)o(v)o(enien)o(t)f(net)o(w)o(ork)i(access.)20 +b(In)14 b(Section)f(3.5.3,)h(w)o(e)g(discussed)g(the)f(T)l(rusted)149 +2276 y(Net)o(w)o(ork)j(concept.)21 b(R{commands)15 b(suc)o(h)h(as)h(remote)e +(login)i(and)g(remote)d(shell)i(o\013er)h(the)f(p)q(os-)149 +2366 y(sibilit)o(y)c(to)j(extend)e(trust)h(to)g(other)g(mac)o(hines.)19 +b(Users)14 b(and)g(system)f(administrators)g(can)h(build)149 +2456 y(individual)j(net)o(w)o(orks)h(of)h(trust.)27 b(What)18 +b(lo)q(oks)h(lik)o(e)e(a)h(go)q(o)q(d)i(idea)e(at)h(the)f(\014rst)g(glance)g +(pro)o(v)o(es)149 2547 y(v)o(ery)d(dangerous)j(in)e(some)f(cases.)p +eop +%%Page: 63 72 +71 bop 1901 -100 a Fo(63)223 75 y(The)15 b(existence)e(of)i(these)g +(structures)g(of)g(trust)g(is)g(necessary)g(for)g(the)g(break{in)g(to)g(happ) +q(en.)149 165 y(Ob)o(viously)l(,)e(the)h(break{in)g(is)g(prev)o(en)o(ted)f +(if)g(w)o(e)h(prohibit)g(the)f(usage)i(of)g(trusted)f(hosts)h(or)f(users)149 +255 y(completely)l(.)37 b(It)22 b(is)g(tec)o(hnically)e(p)q(ossible)i(to)h +(disallo)o(w)f(the)g(usage)h(of)g(\\trust")g(in)f(Berk)o(eley)149 +346 y(commands.)29 b(The)19 b(c)o(hoice)f(can)h(b)q(e)h(made)e(b)o(y)g(the)h +(system)f(administrator)h(at)g(compile)e(time.)149 436 y(Ho)o(w)o(ev)o(er,)f +(b)q(eing)h(able)g(to)h(access)f(other)g(mac)o(hines)f(without)h(passw)o +(ords)i(mak)o(es)d(the)h(w)o(ork)g(in)149 526 y(a)j(net)o(w)o(orking)f(en)o +(vironmen)o(t)e(easier.)31 b(Once)19 b(used)g(to)h(the)g(comfort,)e(not)i +(man)o(y)f(users)g(agree)149 616 y(to)f(sacri\014ce)f(their)g(con)o(v)o +(enience)e(for)j(the)f(prev)o(en)o(tion)f(of)i(\\h)o(yp)q(othetical")f +(securit)o(y)f(concerns.)149 707 y(The)21 b(trade{o\013)g(hereb)o(y)f(w)o +(ould)g(con)o(tain)g(the)g(loss)h(of)f(v)o(ery)f(con)o(v)o(enien)o(t)g(and)h +(in)g(man)o(y)f(cases)149 797 y(necessary)d(to)q(ols)i(for)e(trouble)g(free)g +(connection)f(to)i(hosts)g(that)g(are)f(accessed)g(frequen)o(tly)l(.)223 +887 y(A)i(less)h(\\safe")i(solution)e(w)o(ould)g(b)q(e)h(to)f(limit)e(trust)i +(to)h(lo)q(cally)e(administered)g(zones,)h(i.e.)149 978 y(authoritativ)o(e)i +(zones,)g(where)f(the)h(Berk)o(eley)d(patc)o(h)i(w)o(orks)h(reliably)l(.)33 +b(As)20 b(w)o(e)h(disco)o(v)o(ered)e(in)149 1068 y(Section)k(4.5,)h(limiting) +d(trust)i(to)g(certain)g(zones)g(\014xes)g(the)f(\015a)o(w.)42 +b(An)23 b(organization)h(could)149 1158 y(issue)c(the)f(p)q(olicy)g(that)g +(only)h(lo)q(cal)f(trust)h(is)f(allo)o(w)o(ed.)30 b(In)19 b(some)f +(organizations)i(this)g(can)f(b)q(e)149 1248 y(considered)13 +b(a)h(reasonable)h(approac)o(h)f(if)f(hardly)g(an)o(y)h(remote)e(accesses)h +(are)h(originated)f(outside)149 1339 y(of)i(the)g(\\o)o(wn")h(zone)e(to)h +(the)g(\\o)o(wn")h(zone.)k(Additional)14 b(to)q(ols)i(w)o(ould)f(b)q(e)g +(necessary)f(to)h(enforce)149 1429 y(the)d(p)q(olicy)l(,)f(suc)o(h)h(as)g(a)g +(script)f(that)i(p)q(erio)q(dically)d(c)o(hec)o(ks)g(en)o(tries)h(in)g +(\\.rhosts")i(\014les.)20 b(If)11 b(p)q(erio)q(dic)149 1519 +y(c)o(hec)o(ks)i(are)h(still)f(to)q(o)i(w)o(eak,)e(the)h(r{command)e(implem)o +(en)o(tati)o(ons)g(could)i(b)q(e)g(c)o(hanged)g(in)f(a)i(w)o(a)o(y)149 +1610 y(that)h(users)f(cannot)g(directly)f(mo)q(dify)f(their)h(database)i(of)g +(trusted)e(mac)o(hines)f(\(\\.rhosts"\),)j(but)149 1700 y(ha)o(v)o(e)h(to)h +(use)f(a)h(sp)q(ecial)f(program)g(to)h(manage)f(trust{en)o(tries.)24 +b(The)18 b(data)g(m)o(ust)e(b)q(e)h(k)o(ept)g(in)g(a)149 1790 +y(protected)i(data)h(area)f(of)g(the)g(op)q(erating)g(system)f(managed)g(b)o +(y)h(the)f(k)o(ernel.)28 b(This)19 b(program)149 1880 y(could)e(\014lter)g +(out{of{zone)h(en)o(tries)e(at)h(the)g(time)e(the)i(user)g(w)o(an)o(ted)f(to) +i(en)o(ter)e(them.)22 b(It)16 b(w)o(ould)149 1971 y(also)c(con)o(tain)f(the)f +(p)q(ossibilit)o(y)g(of)h(managing)g(setup)g(c)o(hanges)g(cen)o(trally)l(.)18 +b(This)11 b(solution)g(actually)149 2061 y(prop)q(oses)18 b(an)f(automatized) +e(pro)q(cedure)h(to)h(implem)o(en)n(t)d(an)i(organization's)h(p)q(olicy)l(.) +223 2151 y(If)g(the)g(nature)g(of)h(connections)f(allo)o(ws)h(a)g(p)q(olicy)e +(suc)o(h)i(as)g(describ)q(ed)e(ab)q(o)o(v)o(e,)i(implem)o(e)o(n)o(t-)149 +2242 y(ing)k(it)e(is)h(a)h(ma)s(jor)e(e\013ort.)36 b(Some)20 +b(system)g(scripts)h(ha)o(v)o(e)f(to)i(b)q(e)f(written)f(to)i(ensure)f(prop)q +(er)149 2332 y(usage,)j(op)q(erating)f(system)d(co)q(de)i(and)g(r{command)e +(co)q(de)i(m)o(ust)e(b)q(e)i(mo)q(di\014ed,)g(and)g(a)g(new)149 +2422 y(user)17 b(in)o(terface)f(has)h(to)g(b)q(e)g(dev)o(elop)q(ed.)22 +b(Users)17 b(shall)f(b)q(e)h(trained)g(ho)o(w)g(to)g(apply)g(the)f(c)o +(hanged)149 2512 y(facilit)o(y)e(and)i(ha)o(v)o(e)f(to)i(b)q(e)e(made)g +(familiar)f(with)h(the)h(new)f(p)q(olicy)h(and)g(the)f(new)h(user)g(in)o +(terface)149 2603 y(\(whic)o(h)h(could)g(easily)f(impro)o(v)o(e)e(the)j +(existing)g(one\).)24 b(Adv)m(an)o(tages)17 b(of)g(this)g(new)h(approac)o(h)f +(are)p eop +%%Page: 64 73 +72 bop 1901 -100 a Fo(64)149 75 y(the)21 b(compatibilit)o(y)d(with)k(the)e +(existing)h(Domain)f(Name)g(System)g(proto)q(col)i(and)f(additional)149 +165 y(b)q(ene\014ts)c(in)f(further)g(securit)o(y)f(related)g(issues.)223 +255 y(Ov)o(erall,)f(a)j(v)o(ery)f(w)o(eak)g(p)q(oin)o(t)h(in)f(the)h(Berk)o +(eley)c(deriv)o(ed)j(UNIX)e(systems)i(is)g(the)h(usage)g(of)149 +346 y(trust.)27 b(This)18 b(thesis)f(exploits)h(only)f(one)h(of)h(sev)o(eral) +d(kno)o(wn)i(\015a)o(ws)h(based)f(up)q(on)h(trust.)27 b(Using)149 +436 y(trust{based)c(mec)o(hanism)o(s)c(requires)h(thinking)h(ab)q(out)h(a)g +(c)o(hange)f(in)g(individual)f(p)q(olicies)g(in)149 526 y(dealing)e(with)g +(gran)o(ting)g(trust)h(to)f(others.)27 b(W)l(e)17 b(can)h(conclude,)g(b)o(y)f +(citing)g(S.)h(Bello)o(vin:)k(\\If)c(a)149 616 y(host)i(trusts)g(another)f +(host)h(not)f(named)f(in)h(a)g(lo)q(cal)g(zone,)g(its)f(name)g(serv)o(er)g +(cannot)i(protect)149 707 y(it.")i(\([Bel90b)o(]\))223 797 +y(Although)e(w)o(e)f(concen)o(trate)h(on)g(the)g(Berk)o(eley)d(\\r{commands") +j(in)f(this)h(section,)g(w)o(e)g(do)149 887 y(not)d(forget)f(that)h(there)e +(are)h(other)g(w)o(a)o(ys)g(in)g(exploiting)f(the)h(\015a)o(w.)21 +b(F)l(or)16 b(example)e(in)o(tercepting)149 978 y(electronic)f(mail)f(is)i(a) +g(target)h(of)f(attac)o(k)o(ers;)g(esp)q(ecially)e(electronic)h(mail)f(that)i +(is)g(exc)o(hanged)g(b)o(y)149 1068 y(securit)o(y)h(agencies)h(and)h(securit) +o(y)e(related)g(organizations.)149 1233 y(4.7)50 b(Restricting)15 +b(Public)g(Information)g(Access)223 1373 y(What)j(mak)o(es)d(the)i(break{in)h +(p)q(ossible)f(in)g(the)h(\014rst)f(place)g(is)g(gathering)h(necessary)f +(infor-)149 1463 y(mation)g(ab)q(out)i(host)g(names)d(of)i(trusting)g(mac)o +(hines)e(and)i(user)g(names)f(on)h(di\013eren)o(t)f(systems)149 +1553 y(trusting)h(eac)o(h)f(other.)26 b(This)18 b(section)f(discusses)g(ho)o +(w)h(to)g(obtain)g(the)g(names)e(and)j(whether)e(it)149 1644 +y(is)f(feasible)g(or)g(reasonable)h(to)g(restrict)e(access)h(to)h(this)f +(information.)223 1734 y(W)l(e)i(are)h(not)g(discussing)f(random)h(patterns)g +(of)g(trust)g(that)g(migh)o(t)d(exist)i(b)q(et)o(w)o(een)g(hosts,)149 +1824 y(but)h(t)o(w)o(o)f(common)e(patterns)j(using)f(a)h(systematic)d +(approac)o(h.)28 b(The)18 b(follo)o(wing)g(discussion)h(is)149 +1915 y(based)f(on)g(section)f(3)g(in)g([Bel90b)o(].)24 b(In)17 +b(a)h(cluster)e(of)i(time{sharing)e(mac)o(hines,)f(eac)o(h)i(mac)o(hine)149 +2005 y(is)22 b(lik)o(ely)d(to)j(extend)f(trust)g(to)h(all)f(its)h(p)q(eers.) +37 b(This)21 b(pattern)h(is)f(not)h(common)e(to)i(the)f(gen-)149 +2095 y(eral)g(user)f(p)q(opulation,)j(but)d(it)h(is)f(applicable)g(to)h +(systems)e(programming)g(and)j(op)q(erational)149 2185 y(sta\013.)g(Another) +16 b(t)o(ypical)e(pattern)h(is)g(the)h(o)q(ccurrence)e(of)i(\014le)f(serv)o +(ers)f(that)i(trust)g(their)e(clien)o(ts,)149 2276 y(who)20 +b(serv)o(e)e(as)i(a)g(source)f(of)g(extra)g(CPU)g(cycles.)29 +b(\\Dataless")20 b(clien)o(ts)e(will)g(frequen)o(tly)f(trust)149 +2366 y(administrativ)o(e)d(mac)o(hines)g(to)j(p)q(ermit)e(soft)o(w)o(are)h +(main)o(tenance.)223 2456 y(There)h(are)h(sev)o(eral)f(net)o(w)o(orking)h +(utilities)e(that)i(are)g(generally)f(a)o(v)m(ailable)h(to)g(all)g(users)g +(on)149 2547 y(a)f(system)e(to)h(sp)o(y)g(out)h(the)f(w)o(an)o(ted)g +(information.)p eop +%%Page: 65 74 +73 bop 1901 -100 a Fo(65)223 75 y(A)22 b(com)o(bined)f(usage)i(of)g +(\\snmpnetstat")g(and)g(\\\014nger")h(can)f(do)g(the)g(job.)41 +b(One)22 b(migh)o(t)149 165 y(ob)s(ject)e(that)g(\\snmpnetstat")g(is)g(not)g +(alw)o(a)o(ys)g(a)o(v)m(ailable)f(and)i(that)f(some)f(sites)h(also)g +(restrict)149 255 y(the)c(usage)g(of)g(the)f(\014nger)h(daemon)f(on)h(their)f +(mac)o(hines.)k(But)c(there)g(are)h(more)e(common)g(to)q(ols)149 +346 y(that)j(can)g(b)q(e)f(abused.)223 436 y(Examination)e(of)h(mail)e(or)j +(news)f(headers)g(giv)o(es)f(us)i(information)e(ab)q(out)i(where)f(mail)e +(orig-)149 526 y(inated)23 b(and)h(whic)o(h)e(path)i(it)f(to)q(ok.)42 +b(The)23 b(\\Receiv)o(ed:")34 b(\014elds)23 b(con)o(tain)f(a)i(complete)d +(trace)149 616 y(of)g(the)f(route.)34 b(Sometimes)18 b(this)i(route)g(con)o +(tains)h(w)o(orkstation)g(-)g(serv)o(er)e(names)g(that)i(trust)149 +707 y(eac)o(h)g(other.)37 b(A)21 b(similar)f(tric)o(k)g(is)h(p)q(ossible)h +(using)f(\\traceroute")h(once)g(w)o(e)f(kno)o(w)g(a)h(remote)149 +797 y(w)o(orkstation)17 b(name.)223 887 y(W)l(e)g(can)h(also)g(gain)g(m)o(uc) +o(h)d(insigh)o(t)i(using)h(the)f(Domain)g(Name)f(System)g(itself.)24 +b(The)17 b(SO)o(A)149 978 y(records)j(con)o(tain)f(a)g(mac)o(hine)e(name)h +(and)i(a)g(host)f(address)h(of)g(a)f(privileged)f(user.)30 +b(With)19 b(the)149 1068 y(host)c(name)e(w)o(e)h(can)g(retriev)o(e)e(the)i +(IP)g(address)h(and)f(then)g(with)g(a)h(zone)f(transfer)g(obtain)g(names)149 +1158 y(of)21 b(other)f(mac)o(hines)e(in)i(the)g(net)o(w)o(ork)g(lo)q(cal)g +(to)h(that)f(mac)o(hine.)31 b(Ev)o(en)20 b(if)f(the)h(zone)g(transfer)149 +1248 y(is)h(disabled,)g(w)o(e)f(could)h(issue)g(254)g(rev)o(erse)f(lo)q +(okups)h(to)h(collect)d(the)h(names)g(w)o(e)g(seek.)34 b(The)149 +1339 y(HINF)o(O)15 b(records)h(giv)o(e)f(additional)i(information.)223 +1429 y(F)l(urther)c(\\help")h(is)g(pro)o(vided)f(b)o(y)h(\\ftp")g(\(some)f +(serv)o(ers)g(o\013er)i(the)e(service,)g(only)g(few)h(w)o(ork-)149 +1519 y(stations)23 b(do\),)f(\\sm)o(tp")f(\(mac)o(hines)e(that)j(run)g(mail)d +(serv)o(ers\),)i(and)h(Sun's)g(\\rp)q(cinfo")g(\(what)149 1610 +y(services)f(are)g(running?\))38 b(Published)21 b(material)e(is)i(a)o(v)m +(ailable)g(from)f(some)h(univ)o(ersities)e(that)149 1700 y(describ)q(es)d +(the)g(setup)h(of)f(their)g(net)o(w)o(orks)g(on)g(a)h(high)f(lev)o(el.)223 +1790 y(Some)j(systems)h(still)f(use)i(the)g(same)e(\\/etc/hosts.equiv")i +(\014les)g(on)g(man)o(y)e(hosts)j(just)f(to)149 1880 y(simplify)14 +b(systems)h(administration.)223 1971 y(The)23 b(men)o(tioned)e(collection)h +(of)h(to)q(ols)i(sho)o(ws)f(that)f(it)g(is)g(a)h(di\016cult)e(task)h(to)h +(limit)d(in-)149 2061 y(formation)i(access)g(without)g(sacri\014cing)g(the)g +(legitimate)d(utilization)i(of)i(net)o(w)o(ork)e(services.)149 +2151 y(Prev)o(en)o(ting)d(someone)g(from)f(gathering)i(the)g(necessary)f +(information)g(is)g(nearly)h(imp)q(ossible.)149 2242 y(T)l(o)q(o)c(man)o(y)e +(services)f(rely)h(on)h(address)g(information,)f(and)h(most)f(p)q(eople)h(w)o +(ould)f(complain)g(ter-)149 2332 y(ribly)f(if)h(they)g(w)o(ere)f(depriv)o(ed) +g(of)h(useful)g(to)q(ols)h(suc)o(h)f(as)g(\014nger,)h(email,)d(and)i(news.)21 +b(The)14 b(idea)g(of)149 2422 y(op)q(en)20 b(systems)d(requires)h(op)q(en)h +(access)f(to)h(information)f(services)f(and)j(address)f(information.)149 +2512 y(Therefore,)13 b(most)f(system)f(administrators)g(ha)o(v)o(e)h(decided) +g(that)g(the)h(b)q(ene\014ts)f(of)h(these)f(utilities)149 2603 +y(out)o(w)o(eigh)k(the)g(risks.)p eop +%%Page: 66 75 +74 bop 1901 -100 a Fo(66)223 75 y(Ov)o(erall,)11 b(w)o(e)i(think)f(that)h(sh) +o(utting)g(do)o(wn)h(w)o(ell{kno)o(wn)e(and)h(widely)f(used)h(services)f(is)h +(not)g(a)149 165 y(go)q(o)q(d)k(idea.)k(The)14 b(lac)o(k)g(of)h(these)f +(services)g(w)o(ould)h(h)o(urt)f(functionalit)o(y)f(and)j(the)e(purp)q(ose)i +(of)f(the)149 255 y(In)o(ternet)h(to)i(a)f(considerable)f(degree.)24 +b(There)16 b(are)h(to)q(o)h(man)o(y)e(w)o(a)o(ys)h(to)g(gather)h(the)f +(necessary)149 346 y(information;)e(it)h(w)o(ould)g(b)q(e)h(a)f(hop)q(eless)h +(job)f(to)h(protect)f(the)g(In)o(ternet)f(against)i(abuse.)149 +511 y(4.8)50 b(Adjusting)16 b(DNS)g(Up)q(date)g(In)o(terv)m(als)223 +651 y(Some)d(sites)h(ha)o(v)o(e)f(connections)h(c)o(hie\015y)f(with)h(mac)o +(hines)e(outside)i(of)h(their)e(zones)i(that)f(sta)o(y)149 +741 y(stable)20 b(in)f(the)g(sense)g(that)h(host)g(name)e(to)i(IP)f(address)h +(mapping)f(will)f(sta)o(y)h(the)g(same)f(for)i(a)149 831 y(long)15 +b(time.)k(The)14 b(idea)g(is)g(to)g(en)o(ter)g(long)g(TTL)i(v)m(alues)e(in)o +(to)g(the)g(resource)g(records,)g(v)m(alues)g(that)149 921 +y(exceed)h(the)h(curren)o(tly)f(implem)o(en)n(ted)e(threshold)j(of)h(1)g(w)o +(eek.)j(Limits)14 b(could)i(b)q(e)h(increased)e(up)149 1012 +y(to)k(6,)g(12)g(mon)o(ths,)e(or)i(ev)o(en)e(longer,)i(dep)q(ending)f(on)h +(the)f(situation.)27 b(If)18 b(this)g(data)i(is)e(en)o(tered)149 +1102 y(with)j(great)g(care)f(to)h(ensure)g(correctness)f(of)h(the)f +(mappings,)h(the)f(DNS)h(based)g(break{in)g(is)149 1192 y(prev)o(en)o(ted.) +223 1283 y(This)g(approac)o(h)h(is)f(limited)e(b)o(y)h(its)i(scop)q(e)f(of)h +(applicabilit)o(y)l(,)e(but)h(it)g(is)g(a)h(solution)g(with)149 +1373 y(man)o(y)17 b(adv)m(an)o(tages.)27 b(It)18 b(go)q(es)g(with)g(the)g +(curren)o(t)f(Domain)g(Name)f(System)g(proto)q(col)j(and)f(can)149 +1463 y(b)q(e)c(implem)o(en)n(ted)c(without)k(m)o(uc)o(h)d(e\013ort,)i(b)o(y)g +(simply)e(c)o(hanging)j(the)f(constan)o(t)g(max)p 1732 1463 +15 2 v 17 w(cac)o(he)p 1865 1463 V 16 w(ttl)1930 1445 y Fm(1)149 +1553 y Fo(in)h(the)g(name)e(serv)o(er)h(co)q(de)h(and)g(recompiling)e(the)h +(system.)19 b(As)14 b(all)f(necessary)h(en)o(tries)e(are)i(k)o(ept)149 +1644 y(in)19 b(the)f(lo)q(cal)g(cac)o(he,)g(the)h(system)e(pro)o(vides)h(v)o +(ery)f(quic)o(k)g(replies)g(to)i(queries.)27 b(It)18 b(hardly)h(ev)o(er)149 +1734 y(uses)e(the)f(net)o(w)o(ork)g(and)g(therefore)g(sa)o(v)o(es)g +(bandwidth)h(on)f(the)g(medium)d(for)k(other)f(tasks.)223 1824 +y(This)11 b(approac)o(h)i(has)f(the)f(problem)f(of)i(v)m(alidating)g(the)f +(host)h(name)e(to)i(IP)g(address)g(mappings)149 1915 y(b)q(efore)17 +b(they)g(are)g(cac)o(hed.)23 b(Ho)o(w)16 b(can)i(it)e(b)q(e)h(ensured)g(that) +h(the)e(mappings)h(are)g(correct)f(in)h(the)149 2005 y(\014rst)k(place?)34 +b(Certainly)l(,)20 b(a)h(false)f(en)o(try)f(w)o(ould)i(sta)o(y)f(for)h(a)g +(long)g(time,)d(and)j(the)g(attac)o(k)o(er's)149 2095 y(address)e(w)o(ould)e +(b)q(e)g(\014nally)g(noted.)25 b(But)17 b(do)q(es)h(that)g(really)e(help,)h +(once)g(misc)o(hief)d(is)k(done?)25 b(It)149 2185 y(migh)o(t)15 +b(aid)h(in)g(prosecution)h(e\013orts,)f(but)h(only)f(little)e(in)i(prev)o(en) +o(tion.)223 2276 y(One)d(of)h(the)g(original)f(reasons)i(to)f(in)o(tro)q +(duce)g(the)f(Domain)g(Name)f(System)g(w)o(as)j(to)f(manage)149 +2366 y(the)21 b(dynamic)f(b)q(eha)o(vior)h(of)h(c)o(hanges)f(in)g(the)g(data) +h(base.)37 b(This)21 b(approac)o(h)h(\014xes)f(mappings)149 +2456 y(for)d(a)h(long)f(time)d(and)k(uses)f(a)g(p)q(o)o(w)o(erful)f +(distributed)g(database)i(system)d(for)i(an)h(infrequen)o(tly)149 +2547 y(happ)q(ening)h(up)q(date)g(pro)q(cess.)29 b(Although)19 +b(w)o(e)g(are)g(not)g(talking)g(ab)q(out)h(a)f(static)g(mapping)f(in)p +149 2590 720 2 v 206 2621 a Fl(1)224 2636 y Fk(in)c(BIND)g(v)o(ersion)g +(4.8.3)e(\(7*24*60*60\))g(seconds)j(=)f(one)g(w)o(eek)p eop +%%Page: 67 76 +75 bop 1901 -100 a Fo(67)149 75 y(this)14 b(section,)f(a)h(w)o(ell{main)o +(tained)d(HOSTS.TXT)i(\014le)g(w)o(ould)g(do)i(the)e(job)h(with)f(less)h(o)o +(v)o(erhead.)149 165 y(W)l(e)24 b(will)f(presen)o(t)g(the)h(discussion)g(ab)q +(out)h(abandoning)h(the)d(Domain)g(Name)g(System)f(and)149 +255 y(returning)17 b(to)f(the)g(previous)g(system)f(in)h(Section)g(4.9.)223 +346 y(Ov)o(erall,)10 b(the)h(approac)o(h)g(of)h(extending)e(TTL)i(v)m(alues)f +(to)h(a)f(long)g(p)q(erio)q(d)h(of)f(time)e(is)i(a)h(safe)f(and)149 +436 y(feasible)19 b(metho)q(d)g(in)g(en)o(vironmen)o(ts)e(where)i(the)g +(additional)h(condition)f(of)h(static)f(mappings)149 526 y(with)12 +b(long)g(lifetimes)d(is)j(giv)o(en.)19 b(Ho)o(w)o(ev)o(er,)10 +b(in)i(this)f(case)h(not)h(the)e(Domain)h(Name)e(System)g(seems)149 +616 y(to)k(b)q(e)f(the)g(righ)o(t)f(approac)o(h,)i(but)f(a)h(lo)q(cally)e(w)o +(ell{administered)e(static)i(mapping)h(mec)o(hanism)o(.)149 +782 y(4.9)50 b(Abandoning)17 b(the)f(Domain)f(Name)g(System)223 +921 y(It)c(could)g(b)q(e)h(suggested)g(to)g(abandon)h(the)e(DNS)h(and)g +(either)e(return)h(to)h(the)g(previous)f(system)149 1012 y(with)k(a)h(static) +f(host)h(table,)e(or)i(mo)o(v)o(e)d(on)j(to)f(another)h(system,)d(that)j(has) +g(y)o(et)e(to)i(b)q(e)f(dev)o(elop)q(ed.)149 1102 y(W)l(e)21 +b(are)g(not)h(going)g(to)f(talk)g(ab)q(out)h(p)q(ossible)f(future)g(dev)o +(elopmen)o(t)d(of)j(the)g(Domain)f(Name)149 1192 y(System)d(here,)g(but)h(ab) +q(out)i(returning)e(to)g(the)g(previous)g(system.)25 b(Abandoning)18 +b(the)g(Domain)149 1283 y(Name)d(System)g(is)h(not)g(an)h(extreme)c(scenario) +k(of)f(what)h(w)o(e)f(describ)q(ed)g(in)f(Section)h(4.8,)g(as)h(our)149 +1373 y(solution)g(there)f(only)g(assumed)f(slo)o(w)i(dynamic)d(b)q(eha)o +(vior.)223 1463 y(This)j(section)h(suggests)h(an)f(again)g(cen)o(tralized)e +(managemen)o(t)f(of)j(the)g(mapping)e(data.)27 b(In)149 1553 +y(this)18 b(approac)o(h,)h(mappings)f(can)g(c)o(hange)g(frequen)o(tly)l(,)e +(but)j(c)o(hanges)f(ha)o(v)o(e)f(to)i(b)q(e)f(rep)q(orted)g(to)149 +1644 y(a)h(cen)o(tral)e(authorit)o(y)h(that)g(manages)g(the)g(whole)g(Domain) +g(Name)e(Space)i(in)g(con)o(trast)g(to)h(the)149 1734 y(Domain)f(Name)e +(System)g(approac)o(h)j(of)f(managing)f(zones)h(through)h(delegated)f(lo)q +(cal)f(author-)149 1824 y(ities.)30 b(This)20 b(w)o(ould)g(not)g(solv)o(e)e +(the)i(problem,)e(b)q(ecause)i(the)f(problem)f(is)h(not)h(the)f(DNS,)g(but) +149 1915 y(inadequate)d(metho)q(ds)g(of)h(host)g(authen)o(tication.)223 +2005 y(IP)22 b(addresses)i(of)f(trusted)g(mac)o(hines)e(could)h(still)g(b)q +(e)h(imitated.)39 b(This)23 b(is)g(a)g(somewhat)149 2095 y(harder)15 +b(task,)g(but)g(the)f(kno)o(w-ho)o(w)h(has)g(b)q(een)g(published)f(for)h +(quite)e(some)h(time)e(\(see)i([Mor85]\).)223 2185 y(W)l(ould)h(it)f(b)q(e)h +(safer)g(to)g(transmit)f(up)q(dates)h(to)g(a)h(cen)o(tral)d(site?)21 +b(Email,)13 b(telephone)h(calls,)g(or)149 2276 y(con)o(v)o(en)o(tional)d(pap) +q(er)i(are)f(not)g(necessarily)f(a)i(reliable)d(w)o(a)o(y)i(to)g(transmit)f +(mapping)h(information)149 2366 y(up)q(dates.)28 b(The)18 b(long)g(time)e +(dela)o(y)h(un)o(til)g(cen)o(trally)g(made)g(c)o(hanges)h(are)g(propagated)h +(through)149 2456 y(the)g(net)o(w)o(ork)f(w)o(ould)h(condemn)e(the)i +(database)g(to)h(b)q(e)e(in)h(an)g(inheren)o(tly)e(inconsisten)o(t)h(state.) +149 2547 y(The)c(system)f(w)o(ould)h(again)h(con)o(tain)f(all)f(the)h(disadv) +m(an)o(tages)h(describ)q(ed)f(in)f(Section)h(2.2,)g(whic)o(h)149 +2637 y(w)o(ere)i(the)g(reasons)h(for)g(dev)o(eloping)e(the)h(curren)o(t)f +(Domain)h(Name)e(System.)p eop +%%Page: 68 77 +76 bop 1901 -100 a Fo(68)223 75 y(But)11 b(b)q(esides)i(these)f(ob)o(vious,)g +(tec)o(hnical,)f(and)i(w)o(ell{kno)o(wn)f(reasons,)h(there)f(is)g(a)h +(signi\014can)o(t)149 165 y(argumen)o(t)g(wh)o(y)g(no)i(one)e(can)h(p)q +(ossibly)g(b)q(e)g(in)f(fa)o(v)o(or)h(of)g(reinstalling)e(the)i(previous)f +(system:)19 b(the)149 255 y(sheer)g(size)f(of)i(the)f(In)o(ternet.)28 +b(HOSTS.TXT)19 b(w)o(as)g(abandoned)i(b)q(ecause)e(200,000)i(hosts)f(w)o(as) +149 346 y(to)q(o)k(m)o(uc)o(h)c(to)i(b)q(e)h(managed.)38 b(Are)22 +b(curren)o(tly)e(ab)q(out)k(1.5)e(million)e(\(see)i([Lot93)q(]\))f(easier)h +(to)149 436 y(handle?)g(Certainly)15 b(not.)223 526 y(Ov)o(erall,)i +(abandoning)k(the)d(Domain)g(Name)f(System)h(w)o(ould)h(drag)g(the)g(name)f +(resolution)149 616 y(task)h(in)e(the)h(In)o(ternet)e(out)j(of)f(a)g +(functioning)g(state)g(with)g(a)g(not)g(easily)f(exploitable)g(securit)o(y) +149 707 y(breac)o(h,)j(in)o(to)f(an)h(unmanageable,)g(not)g(w)o(orking)g +(state)f(of)h(prehistoric)f(system)f(design.)32 b(W)l(e)149 +797 y(think)16 b(that)h(w)o(ould)f(do)h(more)e(harm)g(than)i(doing)g(nothing) +g(at)f(all.)149 962 y(4.10)50 b(Hardening)16 b(Name)f(Serv)o(ers)223 +1102 y(This)h(section)h(con)o(tains)f(a)i(n)o(um)o(b)q(er)c(of)j(problems)f +(that)h(w)o(e)f(classify)g(in)o(to)g(t)o(w)o(o)h(groups)h(and)149 +1192 y(a)f(collection)e(of)i(p)q(ossible)g(mo)q(di\014cations)f(to)h(the)f +(name)f(serv)o(er)h(to)h(pro)o(vide)e(\(at)i(least)g(partial\))149 +1283 y(solutions)g(to)g(these)f(problems.)223 1373 y(W)l(e)i(though)o(t)i(ab) +q(out)g(organizing)g(this)f(section)f(in)h(a)g(w)o(a)o(y)g(that)h(solutions)f +(are)g(stated)h(di-)149 1463 y(rectly)g(in)h(eac)o(h)g(section)g(describing)f +(a)i(problem.)35 b(But)20 b(then)i(w)o(e)e(disco)o(v)o(ered)g(that)i(most)e +(of)149 1553 y(the)g(prop)q(osed)i(solutions)f(in)f(hardening)g(the)h(name)e +(serv)o(er)g(are)h(applicable)g(to)g(a)h(v)m(ariet)o(y)e(of)149 +1644 y(problems.)27 b(In)18 b(the)g(same)f(time,)f(it)i(is)g(necessary)g(to)h +(not)g(only)f(concen)o(trate)f(on)i(ho)o(w)g(to)g(deal)149 +1734 y(with)i(certain)f(problems,)h(but)g(with)f(all)h(of)g(them)e(sim)o +(ultaneously)l(.)33 b(W)l(e)20 b(therefore)h(decided)149 1824 +y(that)c(a)f(more)e(general)i(approac)o(h)g(is)f(to)i(state)e(a)i(list)e(of)h +(problems)e(next)h(to)h(a)g(list)f(of)h(solutions.)149 1915 +y(This)h(w)o(a)o(y)f(w)o(e)g(can)g(relate)f(problems)g(to)i(solutions)g(and)g +(vice)d(v)o(ersa.)223 2005 y(The)19 b(follo)o(wing)f(t)o(w)o(o)h(sections)g +(are)g(descriptions)f(of)i(the)e(problems,)g(group)q(ed)i(dep)q(ending)149 +2095 y(on)d(whether)f(a)h(giv)o(en)e(problem)g(exploits)g(cac)o(he)h(p)q +(oisoning,)h(or)f(not.)149 2255 y(4.10.1)50 b(Problems)15 b(Not)h(Exploiting) +g(Cac)o(he)g(P)o(oisoning)223 2378 y(In)j(Section)f(3.4.2)i(w)o(e)f(sa)o(w)h +(a)f(\014rst)h(example)d(of)i(ho)o(w)h(to)g(exploit)e(the)h(w)o(eaknesses)g +(of)h(the)149 2468 y(DNS.)e(Simple)e(c)o(hanges)j(in)e(the)h(database)i(en)o +(tries)d(of)i(a)f(mac)o(hine)e(that)j(is)f(trusted,)g(can)h(lead)149 +2558 y(to)h(a)g(break{in.)29 b(As)19 b(w)o(e)g(sho)o(w)o(ed)g(in)g(this)g +(thesis,)g(it)g(is)g(not)h(di\016cult)e(to)h(coun)o(ter)g(the)g(attac)o(k)149 +2648 y(based)e(on)g(database)g(mo)q(di\014cation.)p eop +%%Page: 69 78 +77 bop 1901 -100 a Fo(69)223 75 y(There)18 b(are)h(t)o(w)o(o)f(more)g +(problems,)f(that)i(are)g(related)f(in)g(their)g(nature.)29 +b(In)18 b(the)h(\014rst)g(one,)149 165 y(an)c(attac)o(k)o(er)f(in)o(tercepts) +f(a)h(query)g(to)h(another)g(name)e(serv)o(er)g(and)i(pro)o(vides)f(the)g +(reply)f(himself.)149 255 y(If)23 b(the)g(reply)f(con)o(tains)h(a)h(referral) +e(to)h(some)f(host)i(that)g(is)e(under)h(the)g(attac)o(k)o(er's)f(con)o +(trol,)149 346 y(the)f(originator)h(of)g(the)f(query)f(will)h(\014nally)f +(ask)i(that)g(name)e(serv)o(er)g(and)i(b)q(eliev)o(e)d(whatev)o(er)149 +436 y(is)h(returned.)30 b(If)19 b(the)g(time)f(to)i(liv)o(e)d(v)m(alues)j +(for)f(records)h(supplied)f(in)g(that)h(answ)o(er)g(are)f(zero,)149 +526 y(the)i(originator)g(will)f(not)h(cac)o(he)f(the)h(information,)f(but)h +(use)g(it)f(for)h(the)g(curren)o(t)f(resolution)149 616 y(pro)q(cess.)30 +b(The)19 b(name)e(serv)o(er)h(that)h(w)o(as)h(originally)e(addressed,)h(or)h +(its)e(net)o(w)o(ork)g(connection,)149 707 y(can)g(b)q(e)f(manipulated)f(b)o +(y)h(the)g(attac)o(k)o(er)f(in)h(a)g(w)o(a)o(y)g(that)h(they)e(either)h(not)g +(receiv)o(e)e(an)o(y)i(query)149 797 y(at)g(all,)e(or)i(that)g(their)e(resp)q +(onse)i(gets)g(lost)f(\(see)g([Mor85])g(for)h(an)f(example\).)223 +887 y(A)k(similar)e(attac)o(k)j(is)f(based)h(on)g(the)g(fact)f(that)h(the)g +(standard)h(for)f(the)f(DNS)h(implici)o(tly)149 978 y(determines)14 +b(that)i(the)f(\014rst)h(answ)o(er)f(a)h(resolv)o(er)f(receiv)o(es)e(to)j(a)g +(query)f(is)g(returned)g(to)h(the)f(user)149 1068 y(program.)21 +b(The)15 b(standard)h(states)g(in)e([Mo)q(c87a)q(])h(:)20 b(\\Get)c(the)e +(answ)o(er)h(as)h(quic)o(kly)d(as)i(p)q(ossible".)149 1158 +y(If)21 b(a)g(query)g(is)f(answ)o(ered)i(b)o(y)e(more)g(than)h(one)h(host)f +(\(and)h(one)f(of)g(the)g(hosts)h(supplying)f(an)149 1248 y(answ)o(er)j(can)f +(b)q(e)g(the)g(attac)o(k)o(er)f(who)i(has)g(in)o(tercepted)d(the)i(query)l(,) +h(lik)o(e)d(in)i(the)f(previously)149 1339 y(describ)q(ed)c(problem\))e(the)h +(fastest)h(answ)o(er)g(wins.)25 b(This)18 b(answ)o(er)g(can)g(again)g(refer)f +(to)h(another)149 1429 y(name)e(serv)o(er)f(under)h(the)g(con)o(trol)g(of)g +(the)g(attac)o(k)o(er.)149 1589 y(4.10.2)50 b(Problems)15 b(Exploiting)h(Cac) +o(he)g(P)o(oisoning)223 1711 y(In)j(the)g(Sections)h(3.4.3)g(and)g(3.4.4)g(w) +o(e)f(describ)q(ed)g(t)o(w)o(o)h(problems)e(that)i(exploit)f(the)h(fact)149 +1802 y(that)d(the)f(cac)o(he)f(of)i(a)f(name)f(serv)o(er)g(can)h(b)q(e)h(p)q +(oisoned.)22 b(W)l(e)16 b(describ)q(e)f(t)o(w)o(o)h(more)f(problems)g(in)149 +1892 y(this)i(section.)223 1982 y(Imagine)10 b(again)j(the)f(scenario)h(w)o +(e)f(describ)q(ed)f(in)h(the)g(previous)h(section,)f(where)g(the)g(origina-) +149 2073 y(tor)j(of)f(a)g(query)f(receiv)o(es)f(more)g(than)i(one)g(resp)q +(onse)h(and)f(one)g(of)g(the)g(resp)q(onses)h(con)o(tains)f(false)149 +2163 y(information)19 b(supplied)g(b)o(y)h(an)g(attac)o(k)o(er.)31 +b(The)20 b(standard)h(states)f(in)g([Mo)q(c87b,)g(7.4])g(\\When)149 +2253 y(sev)o(eral)c(RRs)h(of)g(the)f(same)g(t)o(yp)q(e)g(are)h(a)o(v)m +(ailable)f(for)h(a)g(particular)f(o)o(wner)h(name,)e(the)i(resolv)o(er)149 +2343 y(should)h(either)e(cac)o(he)g(them)f(all)h(or)h(none)h(at)f(all.")23 +b(The)17 b(fact)g(that)g(the)f(resp)q(onses)i(come)e(from)149 +2434 y(di\013eren)o(t)i(IP)f(addresses,)i(do)q(es)g(not)f(matter)f(to)h(the)g +(originator.)27 b(In)17 b([Mo)q(c87b)q(])g(the)h(standard)149 +2524 y(deals)e(with)f(the)h(fact)f(that)h(name)f(serv)o(ers)f(are)i +(sometimes)d(m)o(ulti{home)o(d)g(hosts)j(and)h(resp)q(ond)149 +2614 y(to)k(queries)e(using)i(another)f(net)o(w)o(ork)g(in)o(terface)e(than)j +(where)f(the)g(query)f(arriv)o(ed.)32 b(W)l(e)20 b(cite:)p +eop +%%Page: 70 79 +78 bop 1901 -100 a Fo(70)149 75 y(\\That)23 b(is,)f(a)g(resolv)o(er)f(cannot) +h(rely)f(that)h(a)g(resp)q(onse)g(will)e(come)g(from)h(the)g(same)g(address) +149 165 y(whic)o(h)16 b(it)g(sen)o(t)g(the)g(corresp)q(onding)h(query)e +(to."\([Mo)q(c87b)q(]\))223 255 y(Under)h(certain)g(additional)g(assumptions) +h(it)f(is)h(p)q(ossible)g(to)g(p)q(oison)h(some)d(name)h(serv)o(er's)149 +346 y(cac)o(he)24 b(b)o(y)f(simply)f(sending)i(it)f(a)i(query)e(that)h(con)o +(tains)g(the)g(corrupt)g(information)f(in)h(the)149 436 y(additional)17 +b(section.)k(This)16 b(should)h(w)o(ork)f(in)g(the)g(follo)o(wing)g(setup:) +222 568 y Fj(\017)24 b Fo(an)16 b(A)o(ttac)o(k)o(er)d(on)j(host)g(NS)772 +575 y Fm(B)814 568 y Fo(sends)g(a)g(query)e(along)i(with)g(the)f(false)g +(additional)g(RR)g(to)h(a)271 658 y(name)f(serv)o(er)h(B)f(it)h(w)o(an)o(ts)h +(to)f(compromise,)d(requesting)j(recursiv)o(e)f(resolution)222 +790 y Fj(\017)24 b Fo(the)14 b(name)g(serv)o(er)f(on)i(host)g(NS)854 +797 y Fm(A)897 790 y Fo(do)q(es)g(not)g(cac)o(he)f(incoming)e(information)i +(according)g(to)271 880 y(the)i(RF)o(C,)g(but)g(it)g(shares)h(its)f(cac)o(he) +f(with)h(the)g(lo)q(cal)h(resolv)o(er)e(on)h(the)g(same)g(mac)o(hine)222 +1012 y Fj(\017)24 b Fo(if)12 b(the)g(name)f(serv)o(er)g(on)i(host)g(NS)885 +1019 y Fm(A)925 1012 y Fo(in)o(v)o(ok)o(es)e(its)h(lo)q(cal)g(resolv)o(er)f +(that)i(will)e(\014nally)h(get)g(bac)o(k)271 1102 y(an)k(answ)o(er)g(from)e +(somewhere,)g(this)h(resolv)o(er)f(on)i(host)g(NS)1381 1109 +y Fm(A)1425 1102 y Fo(will)e(cac)o(he)h(whatev)o(er)g(data)271 +1192 y(is)g(pro)o(vided)f(according)h(to)g(the)f(rules)g({)i(including)d(the) +i(additional)g(record)f(pro)o(vided)g(b)o(y)271 1283 y(the)i(attac)o(k)o(er.) +223 1414 y(The)g(name)f(serv)o(er)g(on)i(host)g(NS)831 1421 +y Fm(A)876 1414 y Fo(inherits)f(the)g(w)o(eakness)g(of)g(its)g(o)o(wn)h +(resolv)o(er.)149 1574 y(4.10.3)50 b(Keeping)16 b(Additional)f(Information) +223 1697 y(A)f(\014rst)i(idea)f(is)g(to)g(log)h(\\rlogin")f(attempts)g(with)g +(IP)g(address)g(and)h(lo)q(cal)f(and)h(remote)d(user)149 1787 +y(names.)28 b(Or)19 b(ev)o(en)e(more:)25 b(to)19 b(tag)g(cac)o(he)f(en)o +(tries)g(with)g(their)g(origin.)29 b(The)18 b(latter)g(is)h(another)149 +1878 y(easily)f(ac)o(hiev)o(ed)f(mo)q(di\014cation)g(that)i(costs)g +(additional)f(memory)e(space)i(in)g(the)h(cac)o(he.)26 b(This)149 +1968 y(metho)q(d)18 b(mak)o(es)f(it)h(easier)f(to)i(trac)o(k,)f(for)g +(example,)f(a)h(false)g(\\A")h(record)f(for)h(the)f(purp)q(ose)h(of)149 +2058 y(debugging)e(wrong)h(zone)e(data)h(or)g(in)o(v)o(estigating)e(a)h(DNS)h +(based)f(break{in.)149 2218 y(4.10.4)50 b(Prev)o(en)o(tion)15 +b(of)h(Cac)o(he)g(P)o(oisoning)223 2341 y(Prev)o(en)o(ting)d(the)h(cac)o(he)g +(from)g(con)o(tamination)f(is)h(probably)h(not)g(feasible)f(from)g(within)g +(the)149 2431 y(name)j(serv)o(er)g(co)q(de,)h(as)g(there)g(is)f(no)i(w)o(a)o +(y)e(of)h(a)g(priori)g(determining)d(if)j(an)o(y)f(giv)o(en)g(additional)149 +2521 y(record)h(is)f(trust)o(w)o(orth)o(y)h(or)f(not.)26 b(W)l(e)18 +b(could)f(start)h(treating)g(sp)q(ecial)f(cases)h(of)g(when)g(to)g(allo)o(w) +149 2611 y(or)f(disallo)o(w)f(additional)g(information.)p eop +%%Page: 71 80 +79 bop 1901 -100 a Fo(71)223 75 y(The)17 b(default)g(safe)g(b)q(eha)o(vior)g +(w)o(ould)g(b)q(e)g(to)h(disallo)o(w)f(the)g(cac)o(hing)f(of)i(unrequested)e +(infor-)149 165 y(mation,)k(and)g(to)g(allo)o(w)g(it)f(only)h(in)g(cases)g +(where)f(the)h(information)f(is)g(necessary)l(,)h(and)h(then)149 +255 y(only)16 b(for)h(the)f(curren)o(t)f(resolution.)149 415 +y(4.10.5)50 b(Con)o(text)16 b(Cac)o(he)223 538 y(But)i(there)g(are)h(other,)h +(more)d(sophisticated)i(approac)o(hes)g(p)q(ossible:)27 b(If)19 +b(some)e(additional)149 628 y(or)f(authoritativ)o(e)f(records)g(are)h +(returned)e(together)i(with)f(a)h(resource)f(record,)g(they)g(should)g(b)q(e) +149 718 y(in)o(terpreted)j(only)g(in)g(the)h(con)o(text)f(of)h(that)g +(resource)f(record.)29 b(The)18 b(di\013erence)g(b)q(et)o(w)o(een)g(the)149 +809 y(default)13 b(safe)f(b)q(eha)o(vior)g(approac)o(h)i(and)f(this)f(one)g +(is)h(that)f(in)g(the)h(\014rst)f(one)h(resource)f(records)g(are)149 +899 y(only)17 b(cac)o(hed,)e(when)h(they)g(w)o(ere)g(requested)f(or)i +(necessary)f(additional)g(information,)f(whereas)149 989 y(in)21 +b(the)g(second)g(approac)o(h)g(the)g(new)g(en)o(tries)f(get)h(cac)o(hed,)g +(but)g(can)g(b)q(e)g(retriev)o(ed)e(from)h(the)149 1079 y(cac)o(he)g(only)h +(in)f(the)g(same)g(con)o(text)f(in)i(whic)o(h)e(they)i(w)o(ere)e(en)o(tered.) +33 b(F)l(or)21 b(example,)e(an)i(\\A")149 1170 y(record)15 +b(in)g(the)g(additional)h(section)f(of)g(a)h(resp)q(onse)g(to)f(an)h(\\MX")f +(record)g(request)g(should)h(only)149 1260 y(b)q(e)g(used)f(for)h(deliv)o +(ering)d(mail.)19 b(The)c(information)f(w)o(ould)h(not)h(b)q(e)f(acceptable)g +(for)g(an)h(\\rlogin")149 1350 y(to)h(another)g(host,)f(or)h(generally)e +(usable)i(for)f(other)g(services.)223 1441 y(A)21 b(glue)h(\\A")g(record)g +(coming)f(along)i(with)e(an)i(\\NS")f(record)g(w)o(ould)g(only)g(b)q(e)g +(used)g(for)149 1531 y(domain)16 b(hopping,)g(b)q(ecause)h(that)g(is)f(the)g +(con)o(text)f(in)h(whic)o(h)f(it)h(w)o(as)h(supplied.)223 1621 +y(\\A")h(records)f(along)i(with)e(\\PTR")i(records)f(should)g(nev)o(er)e(b)q +(e)i(cac)o(hed,)f(b)q(ecause)h(there)f(is)149 1711 y(no)g(legal)f(con)o(text) +f(in)h(whic)o(h)g(they)g(ha)o(v)o(e)f(to)i(b)q(e)f(returned)g(in)g(a)g +(single)g(resp)q(onse.)223 1802 y(This)23 b(whole)g(approac)o(h)h(leads)g(to) +f(the)g(question)g(of)h(whether)f(w)o(e)g(still)f(need)h(the)g(addi-)149 +1892 y(tional)18 b(section)g(at)g(all.)26 b(If)17 b(only)h(certain)f(com)o +(binations)g(of)h(resource)g(records)g(are)g(allo)o(w)o(ed)f(as)149 +1982 y(a)j(resp)q(onse)h(to)e(a)h(query)l(,)f(wh)o(y)h(not)g(consequen)o(tly) +e(eliminate)e(the)k(idea)f(of)h(additional)f(unre-)149 2073 +y(quested)j(information)f(completely)l(,)f(and)j(adapt)g(the)f(proto)q(col)h +(to)f(accommo)q(date)f(the)g(new)149 2163 y(ideas,)16 b(namely)f(a)h(certain) +g(limited)d(n)o(um)o(b)q(er)i(of)h(t)o(yp)q(es)g(of)h(asso)q(ciations?)223 +2253 y(First)h(of)h(all,)f(that)h(w)o(ould)g(require)f(a)h(proto)q(col)g(c)o +(hange,)g(whic)o(h)f(is)h(something)e(w)o(e)i(try)f(to)149 +2343 y(a)o(v)o(oid.)j(Some)13 b(of)i(the)f(original)h(design)g(goals)g(of)g +(the)g(Domain)f(Name)f(System)g(also)i(imply)d(that)149 2434 +y(eliminating)i(the)h(additional)h(section)g(w)o(ould)g(not)g(b)q(e)g(a)g(go) +q(o)q(d)i(approac)o(h.)k(The)16 b(system)e(w)o(ould)149 2524 +y(lose)k(some)f(of)i(its)f(generalit)o(y)l(,)e(b)q(ecause)i(the)g(additional) +g(section)g(migh)o(t)e(b)q(ecome)h(v)o(ery)g(useful)149 2614 +y(in)h(future)g(applications)g(of)g(the)f(Domain)h(Name)e(System)g(without)i +(con)o(taining)g(an)o(y)g(securit)o(y)p eop +%%Page: 72 81 +80 bop 1901 -100 a Fo(72)149 75 y(threats.)24 b(The)17 b(system)f(w)o(ould)h +(certainly)e(lose)i(e\016ciency)l(.)k(Here)16 b(w)o(e)h(see)f(again)i(an)f +(imp)q(ortan)o(t)149 165 y(trade-o\013)k(that)f(w)o(e)g(ha)o(v)o(e)e(already) +i(men)o(tioned)d(in)j(sev)o(eral)e(earlier)h(sections:)28 b(an)20 +b(increase)f(in)149 255 y(systems)e(securit)o(y)f(and)i(a)g(decline)e(in)h +(system)f(p)q(erformance)h(vs.)25 b(go)q(o)q(d)19 b(system)e(p)q(erformance) +149 346 y(and)g(a)g(p)q(ossible)f(lac)o(k)g(of)g(securit)o(y)l(.)223 +436 y(It)j(is)h(therefore)f(justi\014able)g(to)i(tak)o(e)e(the)h(approac)o(h) +g(of)h(hardening)f(the)f(name)g(serv)o(er)g(b)o(y)149 526 y(treating)j(more)e +(sp)q(ecial)h(cases,)h(and)g(b)o(y)f(increasing)g(the)g(complexit)o(y)d(of)j +(the)g(in)o(ternal)g(data)149 616 y(bases,)j(instead)e(of)h(hardening)f(it)g +(b)o(y)f(impleme)o(n)o(ti)o(ng)f(the)i(same)f(ideas)h(accepting)g(proto)q +(col)149 707 y(c)o(hanges.)149 867 y(4.10.6)50 b(Authorit)o(y)15 +b(Cac)o(he)223 989 y(A)f(further)g(approac)o(h)h(w)o(ould)g(b)q(e)f(to)h(cac) +o(he)f(data)h(only)f(if)g(the)g(source)h(of)g(a)g(record)f(is)g(kno)o(wn)149 +1079 y(to)h(b)q(e)g(authoritativ)o(e)f(for)h(that)g(zone.)21 +b(W)l(e)14 b(giv)o(e)g(an)h(example)d(for)j(that:)21 b(If)14 +b(a)h(name)f(serv)o(er)f(NS)1921 1086 y Fm(A)149 1170 y Fo(receiv)o(es)18 +b(a)h(\\PTR")i(record)e(from)f(some)h(host)h(NS)1117 1177 y +Fm(B)1144 1170 y Fo(,)f(and)h(the)f(DNS)h(message)e(also)i(con)o(tains)149 +1260 y(an)k(\\A")f(record)g(in)f(its)h(additional)g(section,)h(then)e(the)h +(name)f(serv)o(er)g(NS)1604 1267 y Fm(A)1656 1260 y Fo(w)o(ould)g(b)q(eliev)o +(e)149 1350 y(and)17 b(cac)o(he)e(this)h(information)e(only)i(if)f(it)h +(already)f(kno)o(ws)i(that)f(the)f(source)h(name)f(serv)o(er)g(NS)1922 +1357 y Fm(B)149 1441 y Fo(is)i(authoritativ)o(e)g(for)g(the)g(according)g +(zone.)23 b(A)17 b(name)f(serv)o(er)g(follo)o(wing)g(this)h(strategy)g(w)o +(ould)149 1531 y(create)11 b(its)h(o)o(wn)g(tree)f(of)h(authoritativ)o(e)f +(name)g(serv)o(ers.)18 b(This)12 b(tree)f(w)o(ould)h(ha)o(v)o(e)f(to)h(lose)f +(subtrees)149 1621 y(according)17 b(to)g(the)f(expiration)f(of)i(the)f +(lifetime)d(of)j(some)f(no)q(de)i(\(name)e(serv)o(er\).)149 +1781 y(4.10.7)50 b(Conditional)16 b(Cac)o(he)g(Use)223 1904 +y(The)f(Berk)o(eley)d(patc)o(h)k(\(see)e(Section)h(4.5\))h(can)f(fail)g(in)g +(the)g(case)g(that)h(the)f(cac)o(he)g(is)g(already)149 1994 +y(p)q(oisoned.)30 b(An)18 b(idea)h(to)g(strengthen)g(the)f(Berk)o(eley)e +(patc)o(h)j(is)f(to)h(pro)o(vide)f(the)g(p)q(ossibilit)o(y)g(to)149 +2084 y(resolv)o(e)f(queries)g(without)g(using)h(the)g(cac)o(he.)24 +b(That)19 b(could)e(b)q(e)h(used)g(b)o(y)f(the)g(Berk)o(eley)e(patc)o(h.)149 +2174 y(The)f(system)e(call)h(executing)g(the)g(forw)o(ard)h(lo)q(okup)g(w)o +(ould)g(for)g(example)d(set)j(a)g(\015ag)g(to)g(indicate)149 +2265 y(that)i(the)f(cac)o(he)f(con)o(ten)o(ts)h(should)g(not)h(b)q(e)f(used)g +(for)h(the)e(follo)o(wing)h(resolution.)21 b(This)15 b(metho)q(d)149 +2355 y(again)e(hits)e(the)g(e\016ciency)f(of)h(the)h(system,)e(but)i(it)f +(prev)o(en)o(ts)f(the)h(exploitation)g(of)h(the)f(w)o(eakness.)149 +2445 y(One)18 b(could)h(also)f(think)g(of)h(a)g(system)d(call)i(to)g(\015ush) +h(the)f(cac)o(he)g(follo)o(w)o(ed)f(b)o(y)h(a)h(reload)f(of)h(the)149 +2536 y(database,)e(similar)d(to)i(the)f(signal)h(SIGHUP)f(that)h(a)g(system)e +(administrator)h(can)h(send)g(to)g(the)149 2626 y(BIND)g(implem)o(e)o(n)o +(tation)e(of)i(the)g(name)f(serv)o(er)h(to)g(ac)o(hiev)o(e)f(the)h(same.)p +eop +%%Page: 73 82 +81 bop 1901 -100 a Fo(73)149 75 y(4.10.8)50 b(Discussion)223 +197 y(A)12 b(v)o(ery)h(thorough)h(analysis)g(of)f(the)g(proto)q(col)i(is)e +(needed)f(to)i(determine)d(the)i(cases)g(in)g(whic)o(h)149 +287 y(additional)19 b(resource)f(records)h(are)f(legal)g(and)i(cannot)f(do)g +(an)o(y)f(harm,)g(or)h(ha)o(v)o(e)f(to)g(b)q(e)h(stored)149 +378 y(in)d(di\013eren)o(t)g(con)o(texts.)223 468 y(Hardening)h(the)h(system)e +(w)o(ould)i(require)f(careful)g(design,)h(implem)o(en)o(tation,)d(and)k +(testing)149 558 y(and)k(w)o(ould)e(lead)g(to)h(a)g(higher)f(complexit)o(y)d +(of)k(the)f(co)q(de)h(and)g(the)f(system.)36 b(Our)21 b(analysis)149 +649 y(has)e(to)f(stress)g(the)g(higher)f(complexit)o(y)l(,)e(b)q(ecause)j +(design,)g(implem)o(e)o(n)o(tation)d(and)k(testing)e(are)149 +739 y(a)e(pro)q(cess)g(that)g(will)e(b)q(e)i(done)g(at)g(some)e(p)q(oin)o(t,) +h(but)h(the)f(complexit)o(y)d(of)k(a)g(system)e(is)h(a)h(feature)149 +829 y(that)k(sta)o(ys)g(with)f(it.)26 b(Higher)18 b(complexit)o(y)d(usually)j +(go)q(es)h(along)g(with)f(greater)h(insecurit)o(y)l(.)25 b(It)149 +919 y(is)16 b(therefore)g(imp)q(ortan)o(t)f(to)i(k)o(eep)e(the)h(complexit)o +(y)d(in)j(a)h(manageable)e(scop)q(e.)223 1010 y(A)20 b(decline)g(in)h(system) +f(p)q(erformance)g(w)o(ould)h(result)g(from)f(the)h(fact)g(that)h(name)e +(serv)o(ers)149 1100 y(w)o(ould)d(b)q(eliev)o(e)d(and)j(therefore)e(cac)o(he) +h(less)g(data)h(|)f(data)h(that)g(migh)o(t)d(b)q(e)j(needed)e(later.)223 +1190 y(Ov)o(erall,)i(hardening)j(name)e(serv)o(ers)g(consists)h(of)h(sev)o +(eral)e(p)q(ossible)h(mo)q(di\014cations,)f(some)149 1281 y(of)h(whic)o(h)f +(seem)f(promising,)h(ev)o(en)f(though)j(their)d(application)i(decreases)f +(the)g(system's)f(p)q(er-)149 1371 y(formance)e(and)i(increases)f(its)g +(complexit)o(y)l(,)c(whic)o(h)k(migh)o(t)f(lead)h(to)g(further)g(insecurit)o +(y)l(.)149 1536 y(4.11)50 b(Cryptographic)17 b(Metho)q(ds)g(for)f(Strong)h +(Authen)o(tication)223 1676 y(In)j(this)h(section)g(w)o(e)g(describ)q(e)f(an) +i(arc)o(hitecture)d(for)j(an)f(authen)o(ticated)g(Domain)f(Name)149 +1766 y(System.)g(The)c(outline)f(for)i(the)f(approac)o(h)g(describ)q(ed)g(b)q +(elo)o(w)g(is)g(only)g(one)g(of)g(sev)o(eral)f(p)q(ossible)149 +1856 y(scenarios.)26 b(There)17 b(are)g(systems)g(that)g(pro)o(vide)g(access) +g(authen)o(tication)h(in)f(distributed)f(en)o(vi-)149 1947 +y(ronmen)o(ts.)23 b(Some)16 b(examples)f(of)j(systems)e(that)i(use)f(tic)o(k) +o(ets)e(or)j(securit)o(y)d(certi\014cates)h(are)i(the)149 2037 +y(Kerb)q(eros)e(authen)o(tication)f(service)g(\([SNS88]\))g(and)h(pro)s(ject) +f(SESAME)g(\([P)o(ar91)q(]\).)20 b(They)15 b(are)149 2127 y(not)i(directly)e +(applicable)g(to)i(our)f(problem.)223 2218 y(Our)e(approac)o(h)i(con)o(tains) +f(three)f(ma)s(jor)g(features)h(that)g(are)g(necessary)g(to)g(ensure)f(the)h +(kind)149 2308 y(of)i(securit)o(y)e(w)o(e)h(are)g(trying)g(to)g(obtain:)209 +2452 y(1.)24 b(data)17 b(in)o(tegrit)o(y)e(of)h(a)h(message)209 +2584 y(2.)24 b(originator)17 b(authen)o(tication)p eop +%%Page: 74 83 +82 bop 1901 -100 a Fo(74)209 75 y(3.)24 b(originator's)h(pro)q(of)f(of)g(b)q +(eing)g(an)h(authoritativ)o(e)e(source)h(b)o(y)f(presen)o(ting)g(creden)o +(tials)271 165 y(signed)17 b(b)o(y)e(the)h(paren)o(t)h(domain)223 +309 y(In)g(the)g(follo)o(wing)f(w)o(e)h(will)f(elab)q(orate)i(on)g(these)f +(three)f(features)i(and)f(presen)o(t)g(tec)o(hniques)149 400 +y(and)g(ideas)f(for)h(their)f(p)q(ossible)g(implem)o(en)o(tati)o(on.)149 +560 y(4.11.1)50 b(Data)17 b(In)o(tegrit)o(y)262 1071 y @beginspecial +0 @llx 0 @lly 369 @urx 54 @ury 3690 @rwi @setspecial +%%BeginDocument: pictures/mesg_digest.ps +/$F2psDict 200 dict def +$F2psDict begin +$F2psDict /mtrx matrix put +/l {lineto} bind def +/m {moveto} bind def +/s {stroke} bind def +/n {newpath} bind def +/gs {gsave} bind def +/gr {grestore} bind def +/clp {closepath} bind def +/graycol {dup dup currentrgbcolor 4 -2 roll mul 4 -2 roll mul +4 -2 roll mul setrgbcolor} bind def +/col-1 {} def +/col0 {0 0 0 setrgbcolor} bind def +/col1 {0 0 1 setrgbcolor} bind def +/col2 {0 1 0 setrgbcolor} bind def +/col3 {0 1 1 setrgbcolor} bind def +/col4 {1 0 0 setrgbcolor} bind def +/col5 {1 0 1 setrgbcolor} bind def +/col6 {1 1 0 setrgbcolor} bind def +/col7 {1 1 1 setrgbcolor} bind def + end +/$F2psBegin {$F2psDict begin /$F2psEnteredState save def} def +/$F2psEnd {$F2psEnteredState restore end} def + +$F2psBegin +0 setlinecap 0 setlinejoin +-4.0 63.0 translate 0.900 -0.900 scale +1.000 setlinewidth +n 16 29 m 9 29 9 42 7 arcto 4 {pop} repeat 9 49 87 49 7 arcto 4 {pop} repeat 94 49 94 36 7 arcto 4 {pop} repeat 94 29 16 29 7 arcto 4 {pop} repeat clp gs col-1 s gr +n 11 24 m 4 24 4 47 7 arcto 4 {pop} repeat 4 54 92 54 7 arcto 4 {pop} repeat 99 54 99 31 7 arcto 4 {pop} repeat 99 24 11 24 7 arcto 4 {pop} repeat clp gs col-1 s gr +/Times-Bold findfont 12.00 scalefont setfont +14 44 m +gs 1 -1 scale (DNS message) col-1 show gr +n 279 69 m 279 9 l 134 9 l 134 69 l clp gs col-1 s gr +n 321 29 m 314 29 314 42 7 arcto 4 {pop} repeat 314 49 407 49 7 arcto 4 {pop} repeat 414 49 414 36 7 arcto 4 {pop} repeat 414 29 321 29 7 arcto 4 {pop} repeat clp gs col-1 s gr +n 99 39 m 134 39 l gs col-1 s gr +n 118.000 35.000 m 134.000 39.000 l 118.000 43.000 l gs 2 setlinejoin col-1 s gr +n 279 39 m 314 39 l gs col-1 s gr +n 298.000 35.000 m 314.000 39.000 l 298.000 43.000 l gs 2 setlinejoin col-1 s gr +/Times-Bold findfont 12.00 scalefont setfont +139 44 m +gs 1 -1 scale (message digest algorithm) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +159 24 m +gs 1 -1 scale (MD2, MD4, MD5) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +189 64 m +gs 1 -1 scale (Snefru) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +324 44 m +gs 1 -1 scale (message digest) col-1 show gr +0.500 setlinewidth +n 139 49 m 274 49 l gs col-1 s gr +$F2psEnd +%%EndDocument + @endspecial 478 1316 a(Figure)e(4.1)33 b(Application)15 b(of)i(a)g(message)e +(digest)h(algorithm)223 1531 y(In)o(tegrit)o(y)10 b(service)g(means)h(that)h +(a)g(recipien)o(t)d(is)j(pro)o(vided)f(with)g(assurance)i(that)f(the)f(con)o +(ten)o(t)149 1621 y(of)19 b(a)f(receiv)o(ed)e(message)h(is)h(iden)o(tical)e +(to)j(the)e(con)o(ten)o(t)h(of)g(a)g(message)g(\(including)f(its)h(header\)) +149 1711 y(sen)o(t)e(b)o(y)g(its)g(originator)h(\(see)f([Ken93a]\).)223 +1802 y(In)f(our)h(case,)f(w)o(e)g(w)o(an)o(t)g(to)h(ensure)f(the)h(in)o +(tegrit)o(y)d(of)j(transmitted)e(DNS)h(messages.)21 b(There)149 +1892 y(are)15 b(sev)o(eral)f(approac)o(hes)h(to)g(protect)f(a)h(message)f +(against)i(unauthorized)f(c)o(hange:)20 b(prev)o(en)o(tion)149 +1982 y(tec)o(hniques,)e(a)o(v)o(oidance)h(tec)o(hniques,)e(and)j(detection)e +(and)i(reco)o(v)o(ery)d(tec)o(hniques.)28 b(All)18 b(these)149 +2072 y(tec)o(hniques)h(ha)o(v)o(e)h(inheren)o(t)f(adv)m(an)o(tages)j(and)f +(disadv)m(an)o(tages.)35 b(W)l(e)20 b(will)g(not)g(discuss)h(them)149 +2163 y(here,)f(but)f(concen)o(trate)g(on)h(a)g(certain)f(tec)o(hnique)f(to)i +(detect)e(unauthorized)i(message)f(alter-)149 2253 y(ation.)36 +b(W)l(e)21 b(stress)g(this)g(approac)o(h,)h(b)q(ecause)f(it)g(is)f(e\016cien) +o(t)f(and)j(considerably)e(secure.)35 b(In)149 2343 y(case)14 +b(of)g(alteration)g(detection,)e(reco)o(v)o(ery)g(actions)i(could)g(b)q(e)f +(to)h(ignore)g(the)f(DNS)h(message)f(and)149 2434 y(issue)20 +b(an)h(additional)f(query)l(.)31 b(Our)20 b(approac)o(h)h(is)f(based)g(up)q +(on)i(message)d(digest)h(algorithms.)149 2524 y(They)15 b(are)g(one-w)o(a)o +(y)g(hash)g(functions)g(that)g(compute)e(a)j(c)o(hec)o(ksum)11 +b(of)16 b(some)d(data)j(\(in)e(our)h(case)149 2614 y(the)h(DNS)h(message)e(|) +h(see)g(Figure)g(4.1\).)21 b(They)16 b(ha)o(v)o(e)g(the)g(follo)o(wing)g +(features:)p eop +%%Page: 75 84 +83 bop 1901 -100 a Fo(75)222 75 y Fj(\017)24 b Fo(they)17 b(are)g(easy)h(to)f +(compute)f(\(examples)g(are)h(the)g(MD2,)g(MD4,)h(and)g(MD5)f(algorithms)271 +165 y(in)f([Kal92,)g(Riv92a)q(,)f(Riv92b])h(and)h(the)f(Snefru)g(algorithm)f +(in)h([Mer89]\))222 289 y Fj(\017)24 b Fo(the)16 b(signature)h(\(message)e +(digest)i(or)f(\014ngerprin)o(t\))g(is)g(only)g(a)h(few)f(b)o(ytes)f(p)q(er)i +(message)222 412 y Fj(\017)24 b Fo(they)16 b(are)g(computationally)f(hard)i +(to)g(in)o(v)o(ert)222 536 y Fj(\017)24 b Fo(they)16 b(usually)g(require)f(a) +i(certain)e(size)h(of)g(input)g(data)149 648 y(An)23 b(originator)h(w)o(ould) +f(calculate)f(the)h(message)f(digest)h(of)g(a)h(DNS)f(message)f(imme)o +(diately)149 738 y(b)q(efore)15 b(it)f(is)g(sen)o(t)g(out.)21 +b(The)14 b(recipien)o(t)e(w)o(ould)j(recalculate)e(the)h(message)f(digest)i +(and)g(compare)149 828 y(the)h(resulting)g(v)m(alue)g(with)g(the)g(one)h +(calculated)e(b)o(y)h(the)g(originator.)22 b(In)16 b(case)g(of)g(a)h(mismatc) +o(h,)149 919 y(the)e(originator)g(w)o(ould)g(conclude)f(that)h(he)f(did)h +(not)g(receiv)o(e)d(an)j(unaltered)g(DNS)f(message.)20 b(He)149 +1009 y(w)o(ould)d(disp)q(ose)g(of)f(it.)223 1099 y(Ho)o(w)c(do)q(es)i(the)f +(message)f(digest)h(calculated)f(b)o(y)h(the)f(originator)i(get)f(to)g(the)g +(receiv)o(er)e(unim-)149 1190 y(paired?)35 b(The)21 b(message)f(digest)h +(algorithms)f(are)h(publicly)e(kno)o(wn)i(and)g(an)o(y)o(one)f(tamp)q(ering) +149 1280 y(with)h(a)g(message)f(could)h(easily)f(mo)q(dify)f(the)h(asso)q +(ciated)i(message)e(digest)h(accordingly)l(.)34 b(T)l(o)149 +1370 y(sho)o(w)21 b(ho)o(w)f(this)g(can)g(b)q(e)g(prev)o(en)o(ted)e(w)o(e)h +(discuss)h(a)g(metho)q(d)f(for)h(originator)h(authen)o(tication)149 +1460 y(in)h(the)g(follo)o(wing)g(section.)38 b(A)21 b(message)h(digest)g +(together)g(with)g(an)g(authorization)h(service)149 1551 y(guaran)o(tee)17 +b(the)f(in)o(tegrit)o(y)e(of)j(transmitted)e(data.)149 1715 +y(4.11.2)50 b(Originator)16 b(Authen)o(tication)223 1837 y(Originator)k +(authen)o(tication)g(service)g(p)q(ermits)f(the)h(recipien)o(t)e(of)j(a)g +(message)f(to)h(reliably)149 1928 y(determine)14 b(the)i(iden)o(tit)o(y)e(of) +j(the)f(originator)h(of)f(a)h(message.)223 2018 y(W)l(e)22 +b(demonstrate)h(a)g(pro)q(cedure)g(that)g(guaran)o(tees)h(the)f(originator's) +g(authen)o(ticit)o(y)l(.)40 b(In)149 2108 y(an)20 b(asymmetri)o(c)c(\(i.e.)27 +b(public)18 b(k)o(ey\))g(cryptoalgorithm)f(a)i(pair)g(of)g(distinct,)f(but)h +(mathemati-)149 2198 y(cally)g(related,)h(k)o(eys)e(are)i(used)g(for)g +(encryption)f(and)h(decryption.)31 b(One)19 b(k)o(ey)g(is)g(priv)m(ate)h(and) +149 2289 y(k)o(ept)f(secret)f(b)o(y)g(the)h(sender,)g(the)g(other)g(one)g(is) +f(publicly)g(kno)o(wn.)29 b(Data)20 b(encrypted)e(with)h(a)149 +2379 y(sender's)i(priv)m(ate)f(k)o(ey)g(can)h(b)q(e)g(decrypted)f(using)i +(his)e(public)g(k)o(ey)l(,)h(and)g(vice)f(v)o(ersa.)35 b(These)149 +2469 y(k)o(eys)15 b(are)g(usually)g(large)g(in)o(teger)f(n)o(um)o(b)q(ers,)g +(sev)o(eral)g(h)o(undred)h(decimal)e(digits)i(long)h(with)f(sp)q(e-)149 +2560 y(cial,)j(mathematical)d(prop)q(erties.)28 b(\(ex.)f([Den82]\).)g +(\\RSA")19 b(is)f(an)h(example)d(of)i(a)h(public)f(k)o(ey)149 +2650 y(encryption)e(algorithm)f(\([RSA78]\).)p eop +%%Page: 76 85 +84 bop 1901 -100 a Fo(76)299 970 y @beginspecial 0 @llx 0 @lly +350 @urx 206 @ury 3500 @rwi @setspecial +%%BeginDocument: pictures/dig_sig_val.ps +/$F2psDict 200 dict def +$F2psDict begin +$F2psDict /mtrx matrix put +/l {lineto} bind def +/m {moveto} bind def +/s {stroke} bind def +/n {newpath} bind def +/gs {gsave} bind def +/gr {grestore} bind def +/clp {closepath} bind def +/graycol {dup dup currentrgbcolor 4 -2 roll mul 4 -2 roll mul +4 -2 roll mul setrgbcolor} bind def +/col-1 {} def +/col0 {0 0 0 setrgbcolor} bind def +/col1 {0 0 1 setrgbcolor} bind def +/col2 {0 1 0 setrgbcolor} bind def +/col3 {0 1 1 setrgbcolor} bind def +/col4 {1 0 0 setrgbcolor} bind def +/col5 {1 0 1 setrgbcolor} bind def +/col6 {1 1 0 setrgbcolor} bind def +/col7 {1 1 1 setrgbcolor} bind def + end +/$F2psBegin {$F2psDict begin /$F2psEnteredState save def} def +/$F2psEnd {$F2psEnteredState restore end} def + +$F2psBegin +0 setlinecap 0 setlinejoin +-4.0 211.0 translate 0.900 -0.900 scale +1.000 setlinewidth + 1 setlinecap [1 3.000000] 3.000000 setdash +n 159 229 m 239 229 l gs col-1 s gr + [] 0 setdash 0 setlinecap +n 231.000 227.000 m 239.000 229.000 l 231.000 231.000 l gs 2 setlinejoin col-1 s gr + 1 setlinecap [1 3.000000] 3.000000 setdash +n 159 29 m 239 29 l gs col-1 s gr + [] 0 setdash 0 setlinecap +n 231.000 27.000 m 239.000 29.000 l 231.000 31.000 l gs 2 setlinejoin col-1 s gr +n 319 39 m 319 59 l gs col-1 s gr +n 321.000 51.000 m 319.000 59.000 l 317.000 51.000 l gs 2 setlinejoin col-1 s gr +n 319 79 m 319 99 l gs col-1 s gr +n 321.000 91.000 m 319.000 99.000 l 317.000 91.000 l gs 2 setlinejoin col-1 s gr +n 319 179 m 319 159 l gs col-1 s gr +n 317.000 167.000 m 319.000 159.000 l 321.000 167.000 l gs 2 setlinejoin col-1 s gr +n 319 219 m 319 199 l gs col-1 s gr +n 317.000 207.000 m 319.000 199.000 l 321.000 207.000 l gs 2 setlinejoin col-1 s gr +n 79 39 m 79 59 l gs col-1 s gr +n 81.000 51.000 m 79.000 59.000 l 77.000 51.000 l gs 2 setlinejoin col-1 s gr +n 79 79 m 79 99 l gs col-1 s gr +n 81.000 91.000 m 79.000 99.000 l 77.000 91.000 l gs 2 setlinejoin col-1 s gr +n 79 119 m 79 179 l gs col-1 s gr +n 81.000 171.000 m 79.000 179.000 l 77.000 171.000 l gs 2 setlinejoin col-1 s gr +n 79 199 m 79 219 l gs col-1 s gr +n 81.000 211.000 m 79.000 219.000 l 77.000 211.000 l gs 2 setlinejoin col-1 s gr +n 279 19 m 359 19 l gs col-1 s gr +n 39 19 m 119 19 l gs col-1 s gr +0.500 setlinewidth +n 274 159 m 284 184 l gs col-1 s gr +n 282.886 175.829 m 284.000 184.000 l 279.172 177.315 l gs 2 setlinejoin col-1 s gr +n 108 159 m 98 184 l gs col-1 s gr +n 102.828 177.315 m 98.000 184.000 l 99.114 175.829 l gs 2 setlinejoin col-1 s gr +/Times-Bold findfont 12.00 scalefont setfont +59 14 m +gs 1 -1 scale (Sender:) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +19 34 m +gs 1 -1 scale (\(data before signature\)) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +39 74 m +gs 1 -1 scale (hash algorithm) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +54 114 m +gs 1 -1 scale (hash value) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +4 194 m +gs 1 -1 scale (asymmetric cryptoalgorithm) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +39 234 m +gs 1 -1 scale (digital signature) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +294 14 m +gs 1 -1 scale (Receiver:) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +279 34 m +gs 1 -1 scale (\(received data\)) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +279 74 m +gs 1 -1 scale (hash algorithm) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +294 114 m +gs 1 -1 scale (hash value) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +294 154 m +gs 1 -1 scale (hash value) col-1 show gr +/Times-Bold findfont 24.00 scalefont setfont +309 139 m +gs 1 -1 scale (=?) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +244 194 m +gs 1 -1 scale (asymmetric cryptoalgorithm) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +254 234 m +gs 1 -1 scale (received digital signature) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +119 154 m +gs 1 -1 scale (sender's ) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +114 169 m +gs 1 -1 scale (private key) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +224 154 m +gs 1 -1 scale (sender's ) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +219 169 m +gs 1 -1 scale (public key) col-1 show gr +$F2psEnd +%%EndDocument + @endspecial 467 1215 a(Figure)15 b(4.2)33 b(Digital)16 b(signature)h +(generation)f(and)h(v)m(alidation)223 1399 y(The)f(follo)o(wing)g(pro)q +(cedure)h(and)g(Figure)f(4.2)g(outline)g(ho)o(w)h(w)o(e)f(w)o(ould)g(use)h +(the)f(public)g(k)o(ey)149 1489 y(cryptoalgorithm)f(to)i(ensure)f(originator) +h(authen)o(tication.)223 1579 y(The)f(pro)q(cedure)g(could)g(w)o(ork)g(as)h +(follo)o(ws:)222 1711 y Fj(\017)24 b Fo(The)17 b(sending)f(name)f(serv)o(er)g +(creates)h(the)g(digital)g(signature)h(of)f(the)g(DNS)g(message)g +Fn(m)p Fo(:)271 1802 y Fn(s)e Fo(=)g Fn(hash)p Fo(\()p Fn(m)p +Fo(\))222 1933 y Fj(\017)24 b Fo(The)13 b(sending)h(name)e(serv)o(er)g(signs) +h(the)g(message)f(digest)h(\(the)g(digital)g(signature\))g +Fn(s)g Fo(using)271 2024 y(its)j(priv)m(ate)g(k)o(ey)f Fn(K)636 +2006 y Fd(S)r(ender)632 2036 y(pr)q(iv)767 2024 y Fo(:)22 b +Fn(s)826 2006 y Fc(0)851 2024 y Fo(=)14 b Fn(E)939 2035 y Fd(K)971 +2024 y Fb(S)q(ender)969 2047 y(pr)q(iv)1075 2024 y Fo(\()p +Fn(s)p Fo(\))222 2155 y Fj(\017)24 b Fo(The)17 b(sending)f(name)f(serv)o(er)g +(transmits)h(\()p Fn(m;)8 b(s)1144 2137 y Fc(0)1155 2155 y +Fo(\))222 2287 y Fj(\017)24 b Fo(The)f(resolv)o(er)e(decrypts)h +Fn(s)789 2269 y Fc(0)822 2287 y Fo(b)o(y)g(applying)g(the)g(name)g(serv)o +(er's)f(public)g(k)o(ey)g Fn(K)1799 2269 y Fd(S)r(ender)1795 +2300 y(pub)1936 2287 y Fo(:)271 2378 y Fn(s)294 2359 y Fc(00)329 +2378 y Fo(=)14 b Fn(D)421 2389 y Fd(K)453 2378 y Fb(S)q(ender)451 +2402 y(pub)558 2378 y Fo(\()p Fn(s)600 2359 y Fc(0)611 2378 +y Fo(\))222 2509 y Fj(\017)24 b Fo(The)17 b(resolv)o(er)e(recomputes)f(the)i +(message)g(digest)g Fn(s)e Fo(=)g Fn(hash)p Fo(\()p Fn(m)p +Fo(\))p eop +%%Page: 77 86 +85 bop 1901 -100 a Fo(77)222 75 y Fj(\017)24 b Fo(If)19 b(\()p +Fn(s)g Fo(=)g Fn(s)464 57 y Fc(00)486 75 y Fo(\))g(then)g(the)g(resolv)o(er)f +(has)i(v)m(alidated)f(the)h(in)o(tegrit)o(y)d(and)j(the)f(originator)h(of)271 +165 y(the)c(DNS)h(message)223 290 y(Wh)o(y)j(do)h(w)o(e)g(calculate)f(a)h +(message)f(digest)h(at)g(all)g(and)g(not)g(simply)e(encrypt)h(and)i(then)149 +380 y(transmit)h(the)g(whole)g(message?)43 b(The)24 b(main)e(p)q(oin)o(t)h +(here)g(is)h(the)f(di\013erence)f(b)q(et)o(w)o(een)h(the)149 +470 y(run)o(time)16 b(costs)i(of)h(creating)e(a)i(message)e(digest)h(and)g +(encrypting)f(a)i(message,)e(dep)q(ending)h(on)149 560 y(the)e(length)g(of)h +(the)f(original)g(message.)223 651 y(Run)o(time)g(costs)k(for)f(public)f(k)o +(ey)g(encryption)g(are)h(rather)g(high.)29 b(Man)o(y)19 b(CPU)g(cycles)e(are) +149 741 y(needed.)j(Therefore)11 b(w)o(e)h(w)o(an)o(t)g(to)h(\014x)f(the)f +(size)h(of)g(the)g(data)h(p)q(ortion)g(that)f(has)h(to)g(b)q(e)f(encrypted:) +149 831 y(in)k(our)h(case)f(the)g(\014ngerprin)o(t,)g(the)g(output)h(of)f +(the)g(message)g(digest)g(algorithm.)223 922 y(Run)o(time)11 +b(costs)k(for)g(the)f(hash)h(functions)f(are)g(rather)h(small)d(compared)i +(to)g(those)h(of)f(public)149 1012 y(k)o(ey)k(encryption.)29 +b(It)19 b(is)f(therefore)h(imp)q(ortan)o(t)f(to)h(note,)h(that)f(it)g(is)f +(more)g(e\016cien)o(t)f(to)i(pad)h(a)149 1102 y(short)f(DNS)e(message,)f +(calculate)h(its)g(\014ngerprin)o(t,)g(and)h(then)f(encrypt)g(the)g +(\014ngerprin)o(t,)g(than)149 1193 y(simply)22 b(to)i(encrypt)f(the)g(whole)h +(DNS)f(message.)43 b(Message)24 b(digest)f(lengths)h(are)g(t)o(ypically)149 +1283 y(shorter)17 b(than)g(the)f(t)o(ypical)f(DNS)h(message.)149 +1444 y(4.11.3)50 b(P)o(assing)17 b(Creden)o(tials)e(to)i(Pro)o(v)o(e)e +(Authorit)o(y)223 1566 y(The)e(name)f(serv)o(er)g(sending)h(the)g(DNS)g +(message)f(has)i(to)f(pro)o(vide)f(creden)o(tials)g(signed)h(b)o(y)g(its)149 +1657 y(paren)o(t)18 b(domain,)f(to)i(con)o(vince)d(the)i(recipien)o(t)e(of)i +(its)f(authorit)o(y)h(o)o(v)o(er)f(the)h(domain)f(for)h(whic)o(h)149 +1747 y(it)e(just)h(resolv)o(ed)e(a)i(mapping.)223 1837 y(The)d(use)g(of)g +(suc)o(h)g(a)h(certi\014cate)e(transforms)h(the)f(problem)g(of)h +(establishing)g(the)g(credibilit)o(y)149 1928 y(of)23 b(one)g(en)o(tit)o(y)e +(in)o(to)i(the)f(problem)f(of)i(establishing)g(the)f(credibilit)o(y)e(of)j +(the)f(en)o(tit)o(y)f(issuing)149 2018 y(the)g(certi\014cate.)32 +b(This)20 b(problem)f(is)h(v)o(ery)g(closely)f(related)g(to)i(the)f(problem)f +(of)i(distributing)149 2108 y(public)14 b(k)o(ey)g(certi\014cates.)19 +b(The)c(CCITT)g(recommendation)d(X.509)j(sho)o(ws)g(a)g(w)o(a)o(y)g(to)g +(solv)o(e)f(this)149 2198 y(problem.)20 b(In)15 b(X.509,)g(a)g(certi\014cate) +f(binds)h(a)h(public)e(k)o(ey)g(to)h(a)h(directory)e(name)g(and)i(iden)o +(ti\014es)149 2289 y(a)h(part)o(y)f(that)h(v)o(ouc)o(hes)e(for)i(the)f +(binding.)223 2379 y(W)l(e)f(can)h(adopt)h(this)f(mec)o(hanism,)c(suc)o(h)k +(that)h(a)f(certi\014cate)f(binds)h(all)f(name)g(serv)o(ers)g(that)149 +2469 y(are)j(authoritativ)o(e)g(for)g(a)g(certain)f(zone)h(to)g(this)g(zone)g +(of)g(authorit)o(y)g(and)g(iden)o(ti\014es)f(the)h(zone)149 +2560 y(that)c(v)o(ouc)o(hes)d(for)i(the)g(binding.)20 b(X.509)12 +b(imp)q(oses)g(no)h(constrain)o(ts)g(on)g(the)g(seman)o(tic)d(or)j(syn)o +(tac-)149 2650 y(tic)i(relationship)g(b)q(et)o(w)o(een)f(a)i(certi\014cate)e +(issuer)h(and)g(a)h(sub)s(ject.)k(Ho)o(w)o(ev)o(er,)14 b(in)g(our)i(approac)o +(h,)p eop +%%Page: 78 87 +86 bop 1901 -100 a Fo(78)149 75 y(the)17 b(certi\014cation)f(system)f(tak)o +(es)i(the)f(form)g(of)h(a)g(single)f(ro)q(oted)i(tree.)k(Eac)o(h)17 +b(no)q(de)g(represen)o(ts)149 165 y(a)g(zone.)22 b(Sev)o(eral)15 +b(name)h(serv)o(ers)f(serv)o(e)h(as)h(certi\014cation)e(authorities)i(for)f +(eac)o(h)g(zone,)g(b)q(ecause)149 255 y(all)g(serv)o(ers)e(that)j(w)o(ere)d +(in)o(tro)q(duced)i(to)g(increase)f(the)g(reliabilit)o(y)e(of)j(the)f +(database)i(system)d(are)149 346 y(capable)j(of)f(v)m(alid)g(referrals.)223 +436 y(A)e(certi\014cate)g(for)h(a)g(zone)g(\(for)g(example)e +(sub.domain.dom\))g(consists)i(of)h(all)e(IP)h(addresses)149 +526 y(of)i(authoritativ)o(e)g(name)e(serv)o(ers)h(for)h(that)g(zone,)f +(signed)h(with)g(the)f(priv)m(ate)h(k)o(ey)e(of)i(the)g(name)149 +616 y(serv)o(ers)e(for)h(the)g(paren)o(t)g(domain)f(\(domain.dom\).)j(An)o(y) +d(resolv)o(er)g(that)h(receiv)o(es)e(a)i(DNS)g(mes-)149 707 +y(sage)24 b(receiv)o(es)c(as)j(part)g(of)g(it)f(this)h(certi\014cate.)39 +b(After)21 b(obtaining)i(the)g(public)e(k)o(ey)h(for)h(the)149 +797 y(paren)o(t)16 b(zone)f(of)h(the)f(queried)g(zone,)g(the)g(resolv)o(er)g +(can)g(then)h(v)o(erify)d(the)j(v)m(alidit)o(y)e(of)i(the)f(refer-)149 +887 y(ral.)24 b(But)17 b(to)g(v)o(erify)f(the)g(authorit)o(y)h(of)h(the)f +(paren)o(t)f(zone,)h(the)g(resolv)o(er)f(has)i(to)f(ask)h(this)f(zone)149 +978 y(for)g(creden)o(tials.)223 1068 y(This)f(v)m(alidation)g(pro)q(cess)i +(for)e(certi\014cates)f(is)i(done)f(recursiv)o(ely)e(up)j(the)f(tree,)f +(starting)i(at)149 1158 y(the)f(name)f(serv)o(er)g(that)i(pro)o(vides)e(the)h +(queried)f(mapping.)20 b(The)d(recursion)e(will)g(stop)i(at)f(some)149 +1248 y(p)q(oin)o(t,)f(either)f(at)h(the)g(ro)q(ot,)g(or)h(at)f(some)e(in)o +(termediate)f(no)q(de)k(that)f(w)o(as)g(certi\014ed)f(b)q(efore.)20 +b(The)149 1339 y(certi\014cates)f(that)h(a)f(name)g(serv)o(er)f(holds)i(are)f +(sub)s(ject)g(to)h(timeouts,)e(just)i(lik)o(e)e(the)h(resource)149 +1429 y(records)g(that)g(sp)q(ecify)f(bindings)h(of)g(this)f(name)g(serv)o +(er.)27 b(The)19 b(certi\014cate)e(for)i(the)f(ro)q(ot)i(m)o(ust)149 +1519 y(b)q(e)25 b(transmitted)d(b)o(y)i(some)f(trusted,)j(out-of-band)g(mec)o +(hanism)o(.)42 b(F)l(or)24 b(example,)g(the)f(ro)q(ot)149 1610 +y(certi\014cate)15 b(could)h(b)q(e)h(published)f(in)f(a)i(national)g(newspap) +q(er.)223 1700 y(Ev)o(en)h(if)h(an)g(attac)o(k)o(er)f(manages)h(to)h(get)f(a) +g(v)m(alid)g(certi\014cate)f(of)h(a)h(name)e(serv)o(er)g(it)g(w)o(an)o(ts)149 +1790 y(to)e(imp)q(ersonate,)e(and)i(has)g(the)g(capabilit)o(y)e(to)h(also)h +(sp)q(o)q(of)h(this)f(name)e(serv)o(er's)g(IP)h(address,)h(it)149 +1880 y(is)j(still)e(not)i(p)q(ossible)g(for)f(the)h(attac)o(k)o(er)e(to)i +(imp)q(ersonate)f(another)h(host.)28 b(As)19 b(w)o(e)f(sa)o(w)h(in)f(the)149 +1971 y(previous)g(Section)e(4.11.2,)i(a)g(DNS)f(message)g(is)g(encrypted)f +(with)h(the)h(name)e(serv)o(er's)g(priv)m(ate)149 2061 y(k)o(ey)c(b)q(efore)g +(it)g(is)g(sen)o(t)g(out.)21 b(The)12 b(creden)o(tials)f(are)h(part)h(of)g +(the)f(message)g(and)h(are)f(therefore)g(also)149 2151 y(encrypted.)29 +b(An)18 b(attac)o(k)o(er)g(cannot)i(construct)f(the)g(correctly)e(enciphered) +h(message)g(without)149 2242 y(breaking)f(the)f(public)f(k)o(ey)g(system)g +(used.)149 2402 y(4.11.4)50 b(Example)223 2524 y(W)l(e)19 b(presen)o(t)h(an)g +(example)e(to)i(sho)o(w)h(ho)o(w)f(certi\014cates)f(are)h(used)g(in)f(our)i +(approac)o(h.)33 b(W)l(e)149 2614 y(assume)18 b(that)g(all)g(hosts)h(already) +f(ha)o(v)o(e)g(the)g(public)f(k)o(eys)g(of)h(the)g(mac)o(hines)f(that)h +(participate)p eop +%%Page: 79 88 +87 bop 1901 -100 a Fo(79)149 75 y(in)22 b(this)f(example.)35 +b(Host)22 b(\\host.aim.")37 b(w)o(an)o(ts)22 b(to)g(resolv)o(e)e(the)h +(name{to{address)i(binding)149 165 y(for)e(the)f(name)g(\\host.domain.dom.".) +32 b(The)21 b(example)d(is)i(not)h(complete)d(in)i(the)h(sense)f(that)149 +255 y(all)d(p)q(ossibilities)g(are)g(not)h(co)o(v)o(ered,)d(or)j(else)e +(reasons)j(are)e(giv)o(en)f(wh)o(y)h(a)h(name)e(serv)o(er)g(returns)149 +346 y(a)k(certain)e(referral)g(and)i(not)f(another)h(one.)30 +b(But)18 b(it)h(describ)q(es)g(the)f(o)o(v)o(erall)g(in)o(teraction)g(and)149 +436 y(stresses)f(the)f(use)g(of)h(certi\014cates.)223 526 y(T)l(able)e(4.1)g +(con)o(tains)g(a)h(summary)c(of)k(the)f(zones)g(in)g(Figure)f(4.3,)h(and)h(T) +l(able)f(4.2)h(in)o(terprets)149 616 y(the)g(abbreviations)h(used)f +(through<out)h(the)f(description)g(of)h(the)f(resolution)g(pro)q(cess.)607 +824 y(T)l(able)g(4.1)33 b(Example:)19 b(certi\014cate)c(v)m(alidation)513 +955 y(Zone)h(Name)p 800 982 2 91 v 68 w(Domain)g(Name\(s\))p +1213 982 V 48 w(Name)f(Serv)o(er\(s\))p 488 984 1124 2 v 488 +994 V 513 1057 a(.)p 800 1084 2 91 v 298 w(.)p 1213 1084 V +400 w(ns)p 800 1174 V 825 1147 a(dom)p 1213 1174 V 321 w(ns)p +488 1176 1124 2 v 513 1239 a(domain.dom)p 800 1266 2 91 v 47 +w(domain.dom)p 1213 1266 V 149 w(ns1.domain.dom)p 800 1357 +V 1213 1357 V 1239 1330 a(ns2.domain.dom)p 488 1358 1124 2 +v 513 1421 a(aim)p 800 1449 2 91 v 232 w(aim)p 1213 1449 V +334 w(ns.aim)p 488 1450 1124 2 v 577 1824 a(T)l(able)i(4.2)32 +b(Example:)20 b(legend)c(of)g(abbreviations)489 1955 y(Name)p +692 1982 2 91 v 104 w(Meaning)p 464 1984 1172 2 v 489 2047 +a Fn(M)5 b(D)q Fo(\()p Fn(m)p Fo(\))p 692 2074 2 91 v 55 w(message)16 +b(digest)g(\(\014ngerprin)o(t\))f(of)i(message)f Fn(m)489 2137 +y(K)534 2119 y Fd(ow)q(ner)530 2151 y(pub=pr)q(iv)p 692 2164 +V 718 2137 a Fo(k)o(ey)f(of)i(o)o(wner)f({)h(public/priv)m(ate)489 +2228 y Fn(E)525 2235 y Fd(K)559 2228 y Fo(\()p Fn(s)p Fo(\))p +692 2255 V 98 w Fn(s)f Fo(encrypted)g(with)g(k)o(ey)f Fn(K)489 +2318 y(D)529 2325 y Fd(K)563 2318 y Fo(\()p Fn(s)p Fo(\))p +692 2345 V 94 w Fn(s)h Fo(decrypted)g(with)g(k)o(ey)f Fn(K)222 +2650 y Fj(\017)24 b Fo(\\host.aim")11 b(queries)f(\\ns.aim")g(for)h +(name{to{address)g(resolution)g(of)g(\\host.domain.dom".)p +eop +%%Page: 80 89 +88 bop 1901 -100 a Fo(80)262 979 y @beginspecial 0 @llx 0 @lly +360 @urx 202 @ury 3600 @rwi @setspecial +%%BeginDocument: pictures/expl_setup.ps +/$F2psDict 200 dict def +$F2psDict begin +$F2psDict /mtrx matrix put +/l {lineto} bind def +/m {moveto} bind def +/s {stroke} bind def +/n {newpath} bind def +/gs {gsave} bind def +/gr {grestore} bind def +/clp {closepath} bind def +/graycol {dup dup currentrgbcolor 4 -2 roll mul 4 -2 roll mul +4 -2 roll mul setrgbcolor} bind def +/col-1 {} def +/col0 {0 0 0 setrgbcolor} bind def +/col1 {0 0 1 setrgbcolor} bind def +/col2 {0 1 0 setrgbcolor} bind def +/col3 {0 1 1 setrgbcolor} bind def +/col4 {1 0 0 setrgbcolor} bind def +/col5 {1 0 1 setrgbcolor} bind def +/col6 {1 1 0 setrgbcolor} bind def +/col7 {1 1 1 setrgbcolor} bind def + /DrawEllipse { + /endangle exch def + /startangle exch def + /yrad exch def + /xrad exch def + /y exch def + /x exch def + /savematrix mtrx currentmatrix def + x y translate xrad yrad scale 0 0 1 startangle endangle arc + savematrix setmatrix + } def + + end +/$F2psBegin {$F2psDict begin /$F2psEnteredState save def} def +/$F2psEnd {$F2psEnteredState restore end} def + +$F2psBegin +0 setlinecap 0 setlinejoin +-9.0 211.0 translate 0.900 -0.900 scale +1.000 setlinewidth +n 219 44 2 2 0 360 DrawEllipse gs 0.00 setgray fill gr +gs col-1 s gr +n 337 102 2 2 0 360 DrawEllipse gs 0.00 setgray fill gr +gs col-1 s gr +n 99 104 2 2 0 360 DrawEllipse gs 0.00 setgray fill gr +gs col-1 s gr +n 79 164 2 2 0 360 DrawEllipse gs 0.00 setgray fill gr +gs col-1 s gr +n 279 164 2 2 0 360 DrawEllipse gs 0.00 setgray fill gr +gs col-1 s gr +n 259 104 2 2 0 360 DrawEllipse gs 0.00 setgray fill gr +gs col-1 s gr +n 159 164 2 2 0 360 DrawEllipse gs 0.00 setgray fill gr +gs col-1 s gr +n 339 104 70 50 0 360 DrawEllipse gs col-1 s gr +n 159 74 90 65 0 360 DrawEllipse gs col-1 s gr +n 79 184 70 50 0 360 DrawEllipse gs col-1 s gr +n 219 44 m 339 104 l gs col-1 s gr +n 219 44 m 99 104 l gs col-1 s gr +n 99 104 m 79 164 l gs col-1 s gr +n 219 44 m 219 64 l gs col-1 s gr +n 339 104 m 349 124 l gs col-1 s gr +n 339 104 m 329 124 l gs col-1 s gr +n 79 164 m 99 184 l gs col-1 s gr +n 79 164 m 79 184 l gs col-1 s gr +n 79 164 m 59 184 l gs col-1 s gr + 1 setlinecap [1 4.500000] 4.500000 setdash +n 339 104 m 359 124 l gs col-1 s gr + [] 0 setdash 0 setlinecap + 1 setlinecap [1 4.500000] 4.500000 setdash +n 219 44 m 259 104 l gs col-1 s gr + [] 0 setdash 0 setlinecap + 1 setlinecap [1 4.500000] 4.500000 setdash +n 99 104 m 159 164 l gs col-1 s gr + [] 0 setdash 0 setlinecap + 1 setlinecap [1 4.500000] 4.500000 setdash +n 339 104 m 279 164 l gs col-1 s gr + [] 0 setdash 0 setlinecap +n 334 134 m 334 124 l 324 124 l 324 134 l clp gs col-1 s gr +n 369 134 m 369 124 l 359 124 l 359 134 l clp gs col-1 s gr +n 104 194 m 104 184 l 94 184 l 94 194 l clp gs col-1 s gr +n 224 74 m 214 74 l 214 64 l 224 64 l clp gs 0.00 setgray fill gr +gs col-1 s gr +n 354 134 m 344 134 l 344 124 l 354 124 l clp gs 0.00 setgray fill gr +gs col-1 s gr +n 64 194 m 54 194 l 54 184 l 64 184 l clp gs 0.00 setgray fill gr +gs col-1 s gr +n 84 194 m 74 194 l 74 184 l 84 184 l clp gs 0.00 setgray fill gr +gs col-1 s gr +0.500 setlinewidth +n 279 19 m 219 44 l gs col-1 s gr +n 227.154 42.769 m 219.000 44.000 l 225.615 39.077 l gs 2 setlinejoin col-1 s gr +/Times-Bold findfont 12.00 scalefont setfont +204 39 m +gs 1 -1 scale (".") col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +79 99 m +gs 1 -1 scale ("dom") col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +344 99 m +gs 1 -1 scale ("aim") col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +29 159 m +gs 1 -1 scale ("domain") col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +49 209 m +gs 1 -1 scale (ns1) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +74 209 m +gs 1 -1 scale (ns2) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +104 209 m +gs 1 -1 scale (host) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +309 149 m +gs 1 -1 scale (host) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +344 149 m +gs 1 -1 scale (ns) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +209 89 m +gs 1 -1 scale (ns) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +39 24 m +gs 1 -1 scale (zone ".") col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +284 24 m +gs 1 -1 scale (root) col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +149 219 m +gs 1 -1 scale (zone "domain.dom") col-1 show gr +/Times-Bold findfont 12.00 scalefont setfont +304 49 m +gs 1 -1 scale (zone "aim") col-1 show gr +$F2psEnd +%%EndDocument + @endspecial 597 1224 a(Figure)16 b(4.3)33 b(Example:)19 b(certi\014cate)c(v) +m(alidation)222 1408 y Fj(\017)24 b Fo(\\ns.aim")16 b(replies)f(with)h(a)h +(referral)e(to)i(\\ns2.domain.dom")222 1540 y Fj(\017)24 b +Fo(\\host.aim")16 b(queries)f(\\ns2.domain.dom")h(for)g(name{to{address)h +(resolution)271 1630 y(of)g(\\host.domain.dom".)222 1762 y +Fj(\017)24 b Fo(\\ns2.domain.dom")16 b(replies)f(with)h(\()p +Fn(m)p Fo(,)p Fn(c)p Fo(,)p Fn(s)p Fo(\),)e(where)271 1852 +y Fn(m)38 b Fo(=)21 b(mapping)16 b(information)f(\\host.domain.dom")g +Fj(!)h Fo(IP)1424 1859 y Fm(host)p Fd(:)p Fm(domain)o Fd(:)p +Fm(do)o(m)271 1942 y Fn(c)60 b Fo(=)21 b(creden)o(tials)15 +b(from)g(\\ns2.domain.dom"'s)g(paren)o(t)h(zone's)g(name)f(serv)o(er)g(\\ns") +352 2032 y(=)21 b Fn(E)447 2039 y Fd(K)479 2028 y Fb(ns)477 +2052 y(pr)q(iv)556 2032 y Fo(\(list)16 b(of)g(all)g(IP)g(addresses)h(of)g +(authoritativ)o(e)e(name)g(serv)o(ers)411 2123 y(for)i(zone)f +(\\domain.dom"\))271 2213 y Fn(s)58 b Fo(=)21 b(encrypted)15 +b(message)h(digest)g(of)h Fn(m)f Fo(concatenated)g(with)g Fn(c)352 +2303 y Fo(=)21 b Fn(E)447 2315 y Fd(K)479 2303 y Fb(ns)p Fe(2)p +Fb(:domain:dom)477 2327 y(pr)q(iv)715 2303 y Fo(\()p Fn(M)5 +b(D)q Fo(\()p Fn(m)p Fj(j)p Fn(c)p Fo(\)\))222 2435 y Fj(\017)24 +b Fo(\\host.aim")16 b(receiv)o(es)e(\()p Fn(m)p Fo(,)p Fn(c)p +Fo(,)p Fn(s)p Fo(\),)h(and)i(then)p eop +%%Page: 81 90 +89 bop 1901 -100 a Fo(81)326 75 y Fi({)25 b Fo(v)m(alidates)18 +b Fn(s)p Fo(,)g(b)o(y)f(calculating)h Fn(s)979 57 y Fc(0)1007 +75 y Fo(=)f Fn(M)5 b(D)q Fo(\()p Fn(c)p Fj(j)p Fn(s)p Fo(\))19 +b(and)g Fn(s)1390 57 y Fc(00)1428 75 y Fo(=)e Fn(D)1523 86 +y Fd(K)1555 75 y Fb(ns)p Fe(2)p Fb(:domain:dom)1553 99 y(pub)1792 +75 y Fo(\()p Fn(s)p Fo(\))h(and)379 165 y(comparing)d(them.)379 +255 y(If)g(they)h(are)g(equal)g Fj(!)g Fo(ok!)326 366 y Fi({)25 +b Fo(v)m(alidates)16 b Fn(c)p Fo(,)g(b)o(y)f(calculating)h +Fn(L)e Fo(=)g Fn(D)1085 373 y Fd(K)1117 362 y Fb(ns)1115 386 +y(pub)1167 366 y Fo(\()p Fn(c)p Fo(\))i(and)h(c)o(hec)o(king)379 +457 y(if)e(IP)474 464 y Fm(ns2)p Fd(:)p Fm(domain)p Fd(:)p +Fm(d)o(om)741 457 y Fj(2)f Fn(L)p Fo(.)379 547 y(If)h(so)i +Fj(!)f Fo(ok!)326 658 y Fi({)25 b Fo(c)o(hec)o(ks)14 b(if)i(\\ns")h(is)f +(already)h(v)m(alidated)f(\(previously)l(,)e(or)j(ro)q(ot)g(name)e(serv)o +(er\).)379 748 y(If)g(\\ns")i(w)o(ere)e(not)i(a)f(ro)q(ot)h(name)e(serv)o +(er,)f(\\host.aim")i(w)o(ould)g(request)f(creden)o(tials)379 +839 y(from)g(\\ns"'s)i(paren)o(t)f(zone)g(and)h(v)m(alidate)f(them)f(the)h +(same)f(w)o(a)o(y)149 999 y(4.11.5)50 b(Discussion)223 1121 +y(The)16 b(v)m(alidation)f(of)i(in)o(tegrit)o(y)d(and)i(originator)h(of)f +(the)g(message,)e(and)j(its)f(underlying)f(pat-)149 1211 y(tern)20 +b(of)g(certi\014cations)f(stating)h(trust)g(are)g(the)f(features)h(that)g +(mak)o(e)e(this)h(approac)o(h)i(secure.)149 1302 y(The)e(follo)o(wing)f +(discussion)g(sho)o(ws)h(its)f(disadv)m(an)o(tages.)28 b(Some)17 +b(of)i(them)d(are)i(serious)h(enough)149 1392 y(to)e(blo)q(c)o(k)f(an)h +(implem)o(e)o(n)o(tation)d(of)i(this)g(approac)o(h)h(at)g(the)f(curren)o(t)f +(time.)223 1482 y(The)g(whole)g(pro)q(cedure)h(is)f(v)o(ery)f(time)f(and)j +(space)g(consuming.)k(Man)o(y)15 b(rather)h(long)f(public)149 +1572 y(k)o(eys)k(ha)o(v)o(e)f(to)h(b)q(e)h(stored)f(\(ab)q(out)i(200)f +(decimal)d(digits)i(long)g(eac)o(h)g(to)g(mak)o(e)f(the)g(public)h(k)o(ey)149 +1663 y(encryption)i(reasonably)h(strong\).)38 b(Obtaining)21 +b(memory)e(for)j(them,)e(as)i(w)o(ell)e(as)i(additional)149 +1753 y(cac)o(he)17 b(memory)e(for)j(larger)g(resource)f(records,)g(is)h(not)g +(a)g(problem)e(in)i(curren)o(t)e(arc)o(hitectures.)149 1843 +y(The)f(k)o(eys)f(ha)o(v)o(e)g(to)h(b)q(e)g(obtained)g(b)q(efore)g(they)g +(can)g(b)q(e)f(used.)21 b(S.)15 b(Ken)o(t)f(describ)q(es)g(in)h([Ken93b])149 +1934 y(certi\014cate)e(based)i(k)o(ey)d(managemen)o(t;)g(X.509)j(is)e(the)h +(equiv)m(alen)o(t)f(in)g(the)h(OSI)1604 1915 y Fm(2)1623 1934 +y Fo(-w)o(orld.)21 b(W)l(e)14 b(will)149 2024 y(not)19 b(go)g(in)o(to)f +(detail)g(regarding)h(the)f(k)o(ey)f(distribution)h(pro)q(cess.)28 +b(The)18 b(registering)g(pro)q(cess)h(is)149 2114 y(rather)h(cum)o(b)q +(ersome.)29 b(The)20 b(calculations)f(to)i(encrypt)e(and)h(decrypt)f(message) +g(digests)h(ma)o(y)149 2204 y(tak)o(e)h(to)q(o)h(long)g(to)g(supp)q(ort)g +(the)f(goal)h(of)f(the)g(Domain)g(Name)f(System)f(of)j(e\016ciency)l(.)33 +b(The)149 2295 y(additional)14 b(data)h(that)f(has)h(to)f(b)q(e)g +(transmitted)f(w)o(ould)h(not)g(degrade)g(p)q(erformance)f(to)q(o)i(badly)l +(,)149 2385 y(esp)q(ecially)f(if)g(faster)h(transmission)f(media)f(b)q +(ecomes)h(broadly)h(a)o(v)m(ailable,)f(but)h(the)f(calculation)149 +2475 y(o)o(v)o(erhead)i(for)h(encryption)e(and)i(decryption)e(cannot)i +(easily)f(b)q(e)g(amortized.)p 149 2519 720 2 v 206 2550 a +Fl(2)224 2565 y Fk(\\Op)q(en)h(Systems)e(In)o(terconnection)j({)d(A)h +(reference)j(to)c(proto)q(cols,)h(sp)q(eci\014cally)g(ISO)h(standards,)f(for) +g(the)149 2614 y(in)o(terconnection)f(of)f(co)q(op)q(erativ)o(e)g(computer)g +(systems."[Com91)m(])p eop +%%Page: 82 91 +90 bop 1901 -100 a Fo(82)223 75 y(The)21 b(implem)o(en)n(tation)e(of)i(suc)o +(h)g(a)h(solution)f(is)g(a)g(ma)s(jor)g(e\013ort.)36 b(The)21 +b(whole)g(k)o(ey)f(man-)149 165 y(agemen)o(t)i(problem)g(is)i(complex)d(and)j +(it)f(also)h(requires)f(additional)g(administrativ)o(e)e(e\013ort.)149 +255 y(Resolv)o(er)14 b(routines)i(and)f(name)f(serv)o(er)g(routines)i(ha)o(v) +o(e)e(to)h(b)q(e)h(mo)q(di\014ed,)e(along)i(with)f(the)g(DNS)149 +346 y(proto)q(col.)30 b(The)18 b(implem)o(en)o(tation)e(is)i(feasible,)g +(though)i(v)o(ery)d(complex.)26 b(Another)19 b(dra)o(wbac)o(k)149 +436 y(is)d(the)g(transition)h(phase)g(that)f(is)g(necessary)g(b)q(ecause)h +(of)f(proto)q(col)h(c)o(hanges.)223 526 y(Ov)o(erall,)10 b(the)i(metho)q(d)f +(seems)f(to)i(b)q(e)g(hardly)g(feasible,)f(b)q(ecause)h(of)g(its)g(large)f +(computational)149 616 y(o)o(v)o(erhead.)21 b(F)l(urther)16 +b(dra)o(wbac)o(ks)g(are)g(the)g(necessary)g(proto)q(col)h(c)o(hanges)f(and)h +(the)f(complexit)o(y)149 707 y(of)h(prop)q(er)g(k)o(ey)e(and)i(certi\014cate) +e(managemen)o(t.)p eop +%%Page: 83 92 +91 bop 1901 -100 a Fo(83)637 342 y(5.)32 b(CONCLUSIONS)16 b(AND)f(OUTLOOK)223 +516 y(The)20 b(Domain)g(Name)e(System)h(is)h(the)g(w)o(orld's)g(most)g +(distributed)f(database,)k(managing)149 606 y(name)15 b(resolution)h(for)g +(ab)q(out)h(1.5)f(million)e(hosts.)22 b(In)15 b(this)h(thesis)f(w)o(e)h +(outlined)f(and)i(explained)149 696 y(the)f(curren)o(t)g(implem)o(en)n +(tation)e(of)j(the)f(Domain)f(Name)g(System.)223 787 y(W)l(e)i(stated)i(the)f +(main)f(problem)f(w)o(e)i(are)g(dealing)g(with)g(in)f(this)h(thesis:)25 +b(name)17 b(based)i(au-)149 877 y(then)o(tication,)f(where)f(the)h(name)f +(resolution)h(pro)q(cess)h(cannot)f(b)q(e)h(trusted.)26 b(W)l(e)18 +b(examined)e(a)149 967 y(metho)q(d)k(to)g(abuse)g(the)g(Domain)f(Name)f +(System)g(for)i(system)f(break{ins)h(and)g(sho)o(w)o(ed)g(that)149 +1057 y(this)g(metho)q(d)e(exploits)g(sev)o(eral)g(w)o(eaknesses.)30 +b(All)18 b(these)h(w)o(eaknesses)g(are)g(necessary)g(b)q(efore)149 +1148 y(the)d(break{in)g(is)g(p)q(ossible.)21 b(W)l(e)16 b(demonstrated)f(the) +h(feasibilit)o(y)e(of)j(the)e(break{in)h(b)o(y)g(describ-)149 +1238 y(ing)j(our)g(implem)o(en)n(tation)d(in)i(an)h(exp)q(erimen)o(tal)d(net) +o(w)o(ork,)h(set)i(up)f(to)h(satisfy)g(the)f(necessary)149 +1328 y(assumptions)f(that)f(matc)o(h)f(the)h(real)g(w)o(orld)g(situation)g +(in)g(the)g(crucial)g(p)q(oin)o(ts.)223 1419 y(W)l(e)21 b(pro)o(vided)f(the)h +(securit)o(y)f(considerations)h(found)h(in)f(the)g(o\016cial)f(design)i(do)q +(cumen)o(ts)149 1509 y(and)e(analyzed)f(name)e(serv)o(er)h(and)i(resolv)o(er) +e(algorithms)g(with)h(resp)q(ect)g(to)g(securit)o(y)e(\015a)o(ws)j(or)149 +1599 y(w)o(eak)c(assumptions.)21 b(Most)15 b(of)h(the)f(solutions)h(presen)o +(ted)f(are)h(not)g(complete)d(solutions)j(to)g(the)149 1689 +y(problem)11 b(in)h(the)g(sense)g(that)g(they)g(cannot)g(prev)o(en)o(t)f(the) +h(break{in)g(unconditionally)l(.)19 b(Ho)o(w)o(ev)o(er,)149 +1780 y(a)c(com)o(bination)e(of)i(some)e(of)i(the)f(prop)q(osed)i(solutions)f +(increases)f(the)g(securit)o(y)f(of)i(the)f(Domain)149 1870 +y(Name)j(System)f(and)i(giv)o(es)f(a)i(high)f(con\014dence)f(in)h(securit)o +(y)l(,)e(although)j(complete)c(securit)o(y)i(is)149 1960 y(not)g(ac)o(hiev)o +(ed.)223 2051 y(W)l(e)i(consider)h(the)g(Berk)o(eley)d(patc)o(h)j(to)h(b)q(e) +f(mandatory)l(.)32 b(The)20 b(curren)o(t)f(impleme)o(n)o(tation)149 +2141 y(of)h(the)e(T)l(rusted)h(Net)o(w)o(ork)f(concept)g(in)g(UNIX)f(is)i +(far)g(from)f(b)q(eing)h(optimal)e(from)h(a)h(securit)o(y)149 +2231 y(p)q(oin)o(t)e(of)h(view.)k(W)l(e)17 b(prop)q(ose)h(ma)s(jor)e(impro)o +(v)o(em)o(en)n(ts)e(in)j(its)g(design,)f(whic)o(h)h(w)o(ould)g(also)g(tak)o +(e)149 2322 y(care)f(of)h(other)f(shortcomings)g(in)g(the)g(securit)o(y)f(of) +h(systems.)223 2412 y(F)l(uture)e(w)o(ork)h(could)g(implem)o(en)n(t)d(some)i +(of)h(the)g(solutions)g(w)o(e)g(ga)o(v)o(e)f(in)h(the)g(previous)f(c)o(hap-) +149 2502 y(ter.)29 b(Exp)q(erience)17 b(with)i(the)g(implem)o(e)o(n)o(tation) +d(of)j(p)q(olicy)g(based)g(solutions)g(w)o(ould)g(giv)o(e)f(deep)149 +2592 y(insigh)o(t)e(in)o(to)g(the)g(applicabilit)o(y)e(of)j(these)f(approac)o +(hes.)p eop +%%Page: 84 93 +92 bop 1901 -100 a Fo(84)223 75 y(An)18 b(implem)o(en)n(tation)e(of)j(the)f +(solution)h(presen)o(ted)f(in)g(Section)g(4.11)h(\(Digital)f(Signatures)149 +165 y(and)f(Public)d(Key)h(Encryption\))h(w)o(ould)f(pro)o(vide)g(a)h(test)f +(en)o(vironmen)o(t)e(to)j(determine)d(run)o(time)149 255 y(costs)20 +b(of)g(that)g(approac)o(h.)32 b(These)20 b(results)f(in)g(connection)g(with)h +(results)f(of)h(the)f(exp)q(eriences)149 346 y(gained)d(with)g(the)f(PEM)h +(system)e(could)h(lead)h(to)g(surprising)f(conclusions.)21 +b(Despite)16 b(the)f(man)o(y)149 436 y(disadv)m(an)o(tages)i(w)o(e)d(found,)i +(w)o(e)f(still)f(consider)g(this)h(solution)h(w)o(orth)f(some)f(more)g +(though)o(t)i(and)149 526 y(examination.)p eop +%%Page: 84 94 +93 bop 855 1170 a Fo(BIBLIOGRAPHY)p eop +%%Page: 85 95 +94 bop 1901 -100 a Fo(85)855 342 y(BIBLIOGRAPHY)202 598 y([AL92])24 +b(P)o(aul)14 b(Albitz)e(and)i(Cric)o(k)o(et)e(Liu.)21 b Fa(DNS)16 +b(and)f(BIND)p Fo(.)20 b(O'Reilley)11 b(&)j(Asso)q(ciates,)h(Inc.)369 +658 y(Sebastop)q(ol,)i(CA.,)e(1992.)199 760 y([Bel89])23 b(Stev)o(en)h(M.)h +(Bello)o(vin.)45 b Fa(Se)n(curity)26 b(Pr)n(oblems)g(in)g(the)g(TCP/IP)f(Pr)n +(oto)n(c)n(ol)g(Suite)p Fo(.)369 820 y(A)l(T&T)16 b(Bell)f(Lab)q(oratories,)i +(Murra)o(y)f(Hill,)e(New)i(Jersey)l(,)f(April)g(1989.)174 922 +y([Bel90a])24 b(Stev)o(en)c(M.)h(Bello)o(vin.)35 b(Pseudo-Net)o(w)o(ork)22 +b(Driv)o(ers)e(and)j(Virtual)d(Net)o(w)o(orks.)37 b(In)369 +982 y Fa(Pr)n(o)n(c.)27 b(Winter)h(USENIX)h(Confer)n(enc)n(e)p +Fo(,)i(pages)d(229{244,)33 b(W)l(ashington,)e(D.C.,)369 1042 +y(1990.)172 1144 y([Bel90b])23 b(Stev)o(en)c(M.)h(Bello)o(vin.)31 +b Fa(Using)22 b(the)f(Domain)g(Name)h(System)f(for)g(System)g(Br)n(e)n(ak-) +369 1204 y(ins)p Fo(.)f(A)l(T&T)12 b(Bell)e(Lab)q(oratories,)k(Murra)o(y)e +(Hill,)e(New)i(Jersey)l(,)g(1990.)21 b(\(unpublished)369 1264 +y(tec)o(hnical)14 b(rep)q(ort\).)199 1366 y([Bel92])23 b(Stev)o(en)16 +b(M.)g(Bello)o(vin.)21 b(There)16 b(Be)h(Dragons.)25 b(In)16 +b Fa(UNIX)j(Se)n(curity)f(Symp)n(osium)f(III)369 1426 y(Pr)n(o)n(c)n(e)n(e)n +(dings)p Fo(,)e(pages)i(1{16,)g(Baltimore,)c(MD,)j(1992.)196 +1528 y([BG92])24 b(Dimitri)c(Bertsek)m(as)j(and)g(Rob)q(ert)h(Gallager.)41 +b Fa(Data)23 b(Networks)p Fo(.)42 b(Pren)o(tice-Hall,)369 1588 +y(Englew)o(o)q(o)q(d)18 b(Cli\013s,)d(New)h(Jersey)l(,)f(second)i(edition,)e +(1992.)196 1690 y([CD88])25 b(George)19 b(F.)g(Coulouris)h(and)g(Jean)f +(Dollimore.)28 b Fa(Distribute)n(d)20 b(Systems)p Fo(.)30 b(Addison-)369 +1750 y(W)l(esley)15 b(Publishing)h(Compan)o(y)l(,)f(Inc.,)g(1988.)168 +1852 y([Com91])24 b(Douglas)d(E.)e(Comer.)29 b Fa(Internetworking)23 +b(with)e(TCP/IP)p Fo(.)30 b(Pren)o(tice-Hall,)17 b(Engle-)369 +1912 y(w)o(o)q(o)q(d)h(Cli\013s,)d(New)h(Jersey)l(,)f(second)i(edition,)e +(1991.)183 2014 y([Den82])24 b(Doroth)o(y)e(E.)f(Denning.)36 +b Fa(Crypto)n(gr)n(aphy)19 b(and)j(Data)g(Se)n(curity)p Fo(.)36 +b(Addison-W)l(esley)369 2074 y(Publishing)16 b(Compan)o(y)l(,)f(Inc.,)g +(1982.)193 2176 y([DK84])25 b(Kevin)19 b(J.)g(Dunlap)i(and)f(Mic)o(hael)e(J.) +i(Karels.)31 b Fa(Name)22 b(Server)f(Op)n(er)n(ations)f(Guide)369 +2236 y(for)d(BIND,)g(R)n(ele)n(ase)h(4.8)p Fo(.)j(Univ)o(ersit)o(y)13 +b(of)k(California,)f(Berk)o(eley)l(,)d(CA,)i(Ma)o(y)h(1984.)156 +2337 y([DOK92])24 b(P)o(eter)11 b(B.)g(Danzig,)i(Katia)f(Obraczk)m(a,)g(and)h +(Anan)o(t)e(Kumar.)19 b(An)11 b(Analysis)h(of)g(Wide-)369 2398 +y(Area)k(Name)f(Serv)o(er)g(T)l(ra\016c.)21 b Fa(Computer)d(Communic)n +(ations)g(R)n(eview)p Fo(,)e(22\(4\):281{)369 2458 y(92,)g(Octob)q(er)h +(1992.)203 2560 y([GS91])25 b(Simson)16 b(Gar\014nk)o(el)h(and)i(Gene)e +(Spa\013ord.)26 b Fa(Pr)n(actic)n(al)19 b(UNIX)g(Se)n(curity)p +Fo(.)25 b(O'Reilley)369 2620 y(&)16 b(Asso)q(ciates,)g(Inc.)f(Sebastop)q(ol,) +i(CA.,)f(1991.)p eop +%%Page: 86 96 +95 bop 1901 -100 a Fo(86)178 75 y([Hun92])24 b(Craig)e(Hun)o(t.)37 +b Fa(TCP/IP)22 b(Network)i(A)n(dministr)n(ation)p Fo(.)37 b(O'Reilley)19 +b(&)j(Asso)q(ciates,)369 135 y(Inc.)15 b(Sebastop)q(ol,)i(CA.,)e(1992.)193 +237 y([Kal92])24 b(Burton)19 b(S.)g(Kaliski.)28 b Fa(RF)o(C-1319)19 +b(The)h(MD2)g(Message-Digest)h(A)o(lgorithm)p Fo(.)30 b(Net-)369 +297 y(w)o(ork)16 b(W)l(orking)h(Group,)f(April)f(1992.)158 +399 y([Ken93a])24 b(Stephen)d(T.)f(Ken)o(t.)34 b(In)o(ternet)20 +b(Priv)m(acy)g(Enhanced)i(Mail.)34 b Fa(Communic)n(ations)22 +b(of)369 459 y(the)c(A)o(CM)p Fo(,)d(36\(8\):48{59,)k(Ma)o(y)c(1993.)155 +560 y([Ken93b])24 b(Stephen)15 b(T.)g(Ken)o(t.)20 b Fa(RF)o(C-1422)15 +b(Privacy)i(Enhanc)n(ement)h(for)e(Internet)i(Ele)n(ctr)n(onic)369 +621 y(Mail:)42 b(Part)27 b(II:)g(Certi\014c)n(ate-Base)n(d)i(Key)f +(Management)p Fo(.)55 b(Net)o(w)o(ork)26 b(W)l(orking)369 681 +y(Group,)17 b(F)l(ebruary)e(1993.)195 782 y([KR88])24 b(Brian)19 +b(W.)g(Kernighan)h(and)g(Dennis)g(M.)f(Ritc)o(hie.)29 b Fa(Pr)n(o)n(gr)n +(ammier)n(en)18 b(in)j(C)p Fo(.)31 b(Carl)369 843 y(Hanser)16 +b(V)l(erlag)g(M)q(\177)-26 b(unc)o(hen)16 b(Wien,)f(second)i(edition,)e +(1988.)195 944 y([Lot93])25 b(Mark)20 b(Lottor.)34 b(In)o(ternet)19 +b(Domain)g(Surv)o(ey)g(Apr)h(93.)34 b(SRI)20 b(In)o(ternational,)g(April)369 +1005 y(1993.)202 1106 y([LR93])25 b(Daniel)k(C.)g(Lync)o(h)h(and)g(Marshall)f +(T.)h(Rose.)61 b Fa(Internet)31 b(System)f(Handb)n(o)n(ok)p +Fo(.)369 1166 y(Addison-W)l(esley)15 b(Publishing)h(Compan)o(y)l(,)f(Inc.,)g +(1993.)172 1268 y([Mad92])25 b(J\034rgen)d(Bo)f(Madsen.)36 +b(The)21 b(greatest)g(crac)o(k)o(er-case)f(in)h(Denmark:)30 +b(The)21 b(detect-)369 1328 y(ing,)16 b(tracing)h(and)g(arresting)g(of)g(t)o +(w)o(o)f(in)o(ternational)g(crac)o(k)o(ers.)21 b(In)16 b Fa(UNIX)i(Se)n +(curity)369 1389 y(Symp)n(osium)e(III)h(Pr)n(o)n(c)n(e)n(e)n(dings)p +Fo(,)e(pages)i(17{40,)h(Baltimore,)13 b(MD,)j(1992.)183 1490 +y([Mer89])24 b(Ralph)16 b(C.)g(Merkle.)k(Snefru.)h(Xero)o(x)15 +b(Corp)q(oration,)j(P)o(alo)e(Alto,)f(CA,)h(1989.)152 1592 +y([Mo)q(c83a])25 b(P)o(aul)f(Mo)q(c)o(k)m(ap)q(etris.)44 b +Fa(RF)o(C-882)24 b(Domain)g(Names)h(-)g(Conc)n(epts)g(and)g(F)l(acilities)p +Fo(.)369 1652 y(Net)o(w)o(ork)15 b(W)l(orking)h(Group,)h(No)o(v)o(em)o(b)q +(er)c(1983.)149 1754 y([Mo)q(c83b])25 b(P)o(aul)17 b(Mo)q(c)o(k)m(ap)q +(etris.)25 b Fa(RF)o(C-883)18 b(Domain)g(Names)h(-)g(Implementation)h(and)f +(Sp)n(e)n(ci-)369 1814 y(\014c)n(ation)p Fo(.)j(Net)o(w)o(ork)15 +b(W)l(orking)h(Group,)h(No)o(v)o(em)o(b)q(er)c(1983.)152 1916 +y([Mo)q(c87a])25 b(P)o(aul)c(Mo)q(c)o(k)m(ap)q(etris.)37 b +Fa(RF)o(C-1034)21 b(Domain)h(Names)g(-)h(Conc)n(epts)f(and)h(F)l(acilities)p +Fo(.)369 1976 y(Net)o(w)o(ork)15 b(W)l(orking)h(Group,)h(No)o(v)o(em)o(b)q +(er)c(1987.)149 2078 y([Mo)q(c87b])25 b(P)o(aul)16 b(Mo)q(c)o(k)m(ap)q +(etris.)22 b Fa(RF)o(C-1035)17 b(Domain)g(Names)h(-)g(Implementation)h(and)f +(Sp)n(e)n(c-)369 2138 y(i\014c)n(ation)p Fo(.)k(Net)o(w)o(ork)15 +b(W)l(orking)h(Group,)h(No)o(v)o(em)o(b)q(er)c(1987.)177 2240 +y([Mo)q(c89])24 b(P)o(aul)18 b(Mo)q(c)o(k)m(ap)q(etris.)27 +b Fa(RF)o(C-1123)18 b(R)n(e)n(quir)n(ements)h(for)g(Internet)h(Hosts)g({)f +(Applic)n(a-)369 2300 y(tion)f(and)f(Supp)n(ort)p Fo(.)k(Net)o(w)o(ork)15 +b(W)l(orking)i(Group,)f(1989.)181 2401 y([Mor85])24 b(R.)16 +b(T.)h(Morris.)23 b(A)16 b(W)l(eakness)h(in)g(the)f(4.2BSD)h(UNIX)e(TCP/IP)j +(Soft)o(w)o(are.)23 b(Com-)369 2462 y(puting)13 b(Science)d(T)l(ec)o(hnical)h +(Rep)q(ort)i(No.)f(117,)i(A)l(T&T)f(Bell)d(Lab)q(oratories,)15 +b(Murra)o(y)369 2522 y(Hill,)f(New)i(Jersey)l(,)f(F)l(ebruary)h(1985.)p +eop +%%Page: 87 97 +96 bop 1901 -100 a Fo(87)193 75 y([P)o(ar91])25 b(T.)18 b(A.)g(P)o(ark)o(er.) +28 b(A)19 b(Secure)f(System)f(for)i(Applications)f(in)g(a)h(Multi-v)o(endor)f +(En)o(vi-)369 135 y(ronmen)o(t)f(\(The)i(SESAME)f(pro)s(ject\).)28 +b(In)18 b(14)1230 117 y Fd(th)1286 135 y Fa(NCSC)i(Confer)n(enc)n(e)g(Pr)n(o) +n(c)n(e)n(e)n(dings)p Fo(,)369 195 y(1991.)j(V)l(ol.)15 b(I)q(I.)205 +297 y([PL91])25 b(R.)19 b(P)o(aans)h(and)g(H.)f(de)g(Lange.)31 +b(Auditing)19 b(the)g(SNA/SNI)f(En)o(vironmen)o(t.)28 b Fa(Com-)369 +357 y(puter)18 b(&)f(Se)n(curity)p Fo(,)f(10\(3\):251{61,)j(Ma)o(y)d(1991.) +169 459 y([Riv92a])24 b(Ronald)c(L.)g(Riv)o(est.)31 b Fa(RF)o(C-1320)19 +b(The)i(MD4)f(Message-Digest)j(A)o(lgorithm)p Fo(.)32 b(Net-)369 +519 y(w)o(ork)16 b(W)l(orking)h(Group,)f(April)f(1992.)166 +621 y([Riv92b])24 b(Ronald)c(L.)g(Riv)o(est.)31 b Fa(RF)o(C-1321)19 +b(The)i(MD5)f(Message-Digest)j(A)o(lgorithm)p Fo(.)32 b(Net-)369 +681 y(w)o(ork)16 b(W)l(orking)h(Group,)f(April)f(1992.)169 +782 y([RSA78])24 b(R.)18 b(Riv)o(est,)g(A.)g(Shamir,)g(and)i(L.)f(Adleman.)28 +b(A)18 b(Metho)q(d)h(for)h(Obtaining)f(Digital)369 843 y(Signatures)e(and)g +(Public)f(Key)g(Cryptosystems.)21 b Fa(Communic)n(ations)d(of)g(the)g(A)o(CM) +p Fo(,)369 903 y(21\(2\):120{6,)g(F)l(ebruary)e(1978.)178 1005 +y([SNS88])24 b(J.G.)18 b(Steiner,)f(C.)h(Neuman,)f(and)h(J.I.)f(Sc)o(hiller.) +25 b(Kerb)q(eros:)h(An)18 b(Authen)o(tication)369 1065 y(Service)c(for)h(Op)q +(en)h(Net)o(w)o(ork)e(Systems.)19 b(In)c Fa(Pr)n(o)n(c)n(e)n(e)n(dings,)h +(Winter)g(USENIX)p Fo(,)g(Dal-)369 1125 y(las,)g(T)l(exas,)g(1988.)190 +1227 y([Spa88])25 b(Eugene)14 b(H.)f(Spa\013ord.)21 b(The)14 +b(In)o(ternet)e(W)l(orm)h(Program:)20 b(An)13 b(Analysis.)20 +b(T)l(ec)o(hnical)369 1287 y(Rep)q(ort)d(CSD-TR-823,)h(Purdue)e(Univ)o(ersit) +o(y)l(,)d(W)l(est)j(Lafa)o(y)o(ette,)g(IN,)f(1988.)201 1389 +y([Ste90])24 b(Ric)o(hard)17 b(W.)h(Stev)o(ens.)26 b Fa(UNIX)19 +b(Network)h(Pr)n(o)n(gr)n(amming)p Fo(.)25 b(Pren)o(tice-Hall,)16 +b(Engle-)369 1449 y(w)o(o)q(o)q(d)i(Cli\013s,)d(New)h(Jersey)l(,)f(1990.)198 +1550 y([Sto89])25 b(Cli\013ord)19 b(P)l(.)f(Stoll.)28 b Fa(The)20 +b(Cucko)n(o's)f(Egg:)28 b(T)l(r)n(acing)20 b(a)f(Spy)h(Thr)n(ough)f(the)h +(Maze)g(of)369 1611 y(Computer)d(Espionage)p Fo(.)22 b(Doubleda)o(y)l(,)16 +b(1989.)187 1712 y([Sun91])25 b(Sun)16 b(Microsystems.)k Fa(manual)e(p)n +(ages)p Fo(,)e(4.1)g(edition,)f(Jan)o(uary)i(1991.)186 1814 +y([T)l(an92])25 b(Andrew)16 b(S.)g(T)l(anen)o(baum.)22 b Fa(Mo)n(dern)17 +b(Op)n(er)n(ating)h(Systems)p Fo(.)k(Pren)o(tice-Hall,)14 b(Engle-)369 +1874 y(w)o(o)q(o)q(d)k(Cli\013s,)d(New)h(Jersey)l(,)f(1992.)182 +1976 y([Tho84])25 b(Ken)c(Thompson.)37 b(Re\015ections)20 b(on)i(T)l(rusting) +g(T)l(rust.)37 b Fa(Communic)n(ations)22 b(of)g(the)369 2036 +y(A)o(CM)p Fo(,)15 b(27\(8\):761{3,)k(August)d(1984.)p eop +%%Trailer +end +userdict /end-hook known{end-hook}if +%%EOF diff --git a/usr.sbin/named/doc/misc/style.txt b/usr.sbin/named/doc/misc/style.txt new file mode 100644 index 00000000000..444dd64563f --- /dev/null +++ b/usr.sbin/named/doc/misc/style.txt @@ -0,0 +1,172 @@ +Path: vixie!vixie +From: vixie@vix.com (Paul A Vixie) +Newsgroups: comp.protocols.tcp-ip.domains +Subject: Re: Format of DNS files (style question) +Date: 28 Aug 94 03:17:08 +Organization: Vixie Enterprises +Lines: 159 +Distribution: inet +Message-ID: <VIXIE.94Aug28031708@office.home.vix.com> +References: <33onnr$i4u@zombie.ncsc.mil> +NNTP-Posting-Host: office.home.vix.com +In-reply-to: sjr@zombie.ncsc.mil's message of 27 Aug 1994 21:02:51 -0400 + +> (Style) Suggestions for how to layout DNS configuration files (both +> forward and reverse)? + +I've gone back and forth on the question of whether the BOG should include a +section on this topic. I know what I myself prefer, but I'm wary of ramming +my own stylistic preferences down the throat of every BOG reader. But since +you ask :-)... + +Create /var/named. If your system is too old to have a /var, either create +one or use /usr/local/adm/named instead. Put your named.boot in it, and make +/etc/named.boot a symlink to it. If your system doesn't have symlinks, you're +S-O-L (but you knew that). In named.boot, put a "directory" directive that +specifies your actual BIND working directory: + + directory /var/named + +All relative pathnames used in "primary", "secondary", and "cache" directives +will be evaluated relative to this directory. Create two subdirectories, +/var/named/pri and /var/named/sec. Whenever you add a "primary" directive +to your named.boot, use "pri/WHATEVER" as the path name. And then put the +primary zone file into "pri/WHATEVER". Likewise when you add "secondary" +directives, use "sec/WHATEVER" and BIND (really named-xfer) will create the +files in that subdirectory. + +(Variations: (1) make a midlevel directory "zones" and put "pri" and "sec" +into it; (2) if you tend to pick up a lot of secondaries from a few hosts, +group them together in their own subdirectories -- something like +/var/named/zones/uucp if you're a UUCP Project name server.) + +For your forward files, name them after the zone. dec.com becomes +"/var/named/zones/pri/dec.com". For your reverse files, name them after the +network number. 0.1.16.in-addr.arpa becomes "/var/named/zones/pri/16.1.0". + +When creating or maintaining primary zone files, try to use the same SOA +values everywhere, except for the serial number which varies per zone. Put +a $ORIGIN directive at the top of the primary zone file, not because it's +needed (it's not since the default origin is the zone named in the "primary" +directive) but because it make it easier to remember what you're working on +when you have a lot of primary zones. Put some comments up there indicating +contact information for the real owner if you're proxying. Use RCS and put +the "$Id: style.txt,v 1.1 1998/05/22 02:51:08 millert Exp $" in a ";" comment near the top of the zone file. + +The SOA and other top level information should all be listed together. But +don't put IN on every line, it defaults nicely. For example: + +============== +@ IN SOA gw.home.vix.com. postmaster.vix.com. ( + 1994082501 ; serial + 3600 ; refresh (1 hour) + 1800 ; retry (30 mins) + 604800 ; expire (7 days) + 3600 ) ; minimum (1 hour) + + NS gw.home.vix.com. + NS ns.uu.net. + NS uucp-gw-1.pa.dec.com. + NS uucp-gw-2.pa.dec.com. + + MX 10 gw.home.vix.com. + MX 20 uucp-gw-1.pa.dec.com. + MX 20 uucp-gw-1.pa.dec.com. +============== + +I don't necessarily recommend those SOA values. Not every zone is as volatile +as the example shown. I do recommend that serial number format; it's in date +format with a 2-digit per-day revision number. This format will last us until +2147 A.D. at which point I expect a better solution will have been found :-). +(Note that it would last until 4294 A.D. except that there are some old BINDs +out there that use a signed quantity for representing serial number interally; +I suppose that as long as none of these are still running after 2047 A.D., +that we can use the above serial number format until 4294 A.D., at which point +a better solution will HAVE to be found.) + +You'll note that I use a tab stop for "IN" even though I never again specify +it. This leaves room for names longer than 7 bytes without messing up the +columns. You might also note that I've put the MX priority and destination +in the same tab stop; this is because both are part of the RRdata and both +are very different from MX which is an RRtype. Some folks seem to prefer to +group "MX" and the priority together in one tab stop. While this looks neat +it's very confusing to newcomers and for them it violates the law of least +astonishment. + +If you have a multi-level zone (one which contains names that have dots in +them), you can use additional $ORIGIN statements but I recommend against it +since there is no "back" operator. That is, given the above example you can +add: + +============= +$ORIGIN home +gw A 192.5.5.1 +============= + +The problem with this is that subsequent RR's had better be somewhere under +the "home.vix.com" name or else the $ORIGIN that introduces them will have +to use a fully qualified name. FQDN $ORIGIN's aren't bad and I won't be mad +if you use them. Unqualified ones as shown above are real trouble. I usually +stay away from them and just put the whole name in: + +============= +gw.home A 192.5.5.1 +============= + +In your reverse zones, you're usually in some good luck because the owner name +is usually a single short token or sometimes two. + +============= +$ORIGIN 5.5.192.in-addr.arpa. +@ IN SOA ... + NS ... +1 PTR gw.home.vix.com. +------------- +$ORIGIN 1.16.in-addr.arpa. +@ IN SOA ... + NS ... +2.0 PTR gatekeeper.dec.com. +============= + +It is usually pretty hard to keep your forward and reverse zones in synch. +You can avoid that whole problem by just using "h2n" (see the ORA book, DNS +and BIND, and its sample toolkit, included in the BIND distribution or on +ftp.uu.net (use the QUOTE SITE EXEC INDEX command there to find this -- I +never can remember where it's at). "h2n" and many tools like it can just +read your old /etc/hosts file and churn it into DNS zone files. (May I +recommend contrib/decwrl/mkdb.pl from the BIND distribution?) However, if +you (like me) prefer to edit these things by hand, you need to follow the +simple convention of making all of your holes consistent. If you use +192.5.5.1 and 192.5.5.3 but not (yet) 192.5.5.2, then in your forward file +you will have something like + +============= +... +gw.home A 192.5.5.1 +;avail A 192.5.5.2 +pc.home A 192.5.5.3 +============= + +and in your reverse file you will have something like + +============= +... +1 PTR gw.home.vix.com. +;2 PTR avail +3 PTR pc.home.vix.com. +============= + +This convention will allow you to keep your sanity and make fewer errors. +Any kind of automation (h2n, mkdb, or your own perl/tcl/awk/python tools) +will help you maintain a consistent universe even if it's also a complex +one. Editing by hand doesn't have to be deadly but you MUST take care. + +Anyone who wants to know how to maintain nonleaf zones, i.e., zones which +have few or no hosts in them but have hundreds or thousands of delegations, +should attend Usenix LISA in San Diego and be there for the SENDS talk. +Contact office@usenix.org for conference information. +-- +Paul Vixie +Redwood City, CA +decwrl!vixie!paul +<paul@vix.com> diff --git a/usr.sbin/named/doc/misc/vixie-security.ps b/usr.sbin/named/doc/misc/vixie-security.ps new file mode 100644 index 00000000000..2cb8676bcb9 --- /dev/null +++ b/usr.sbin/named/doc/misc/vixie-security.ps @@ -0,0 +1,2915 @@ +%!PS-Adobe-3.0 +%%Creator: Basser Lout Version 3.01 (October 1994) +%%CreationDate: Tue May 2 22:39:43 1995 +%%DocumentData: Binary +%%DocumentNeededResources: (atend) +%%DocumentSuppliedResources: (atend) +%%Pages: (atend) +%%BoundingBox: 0 0 612 792 +%%EndComments + +%%BeginProlog +%%BeginResource: procset LoutStartUp +/m { 3 1 roll moveto show } bind def +/s { exch currentpoint exch pop moveto show } bind def +/k { exch neg 0 rmoveto show } bind def +/in { 1440 mul } def +/cm { 567 mul } def +/pt { 20 mul } def +/em { 120 mul } def +/sp { louts mul } def +/vs { loutv mul } def +/ft { loutf mul } def +/dg { } def + +/LoutGraphic { + /louts exch def + /loutv exch def + /loutf exch def + /ymark exch def + /xmark exch def + /ysize exch def + /xsize exch def +} def + +/LoutFont +{ findfont exch scalefont setfont +} bind def + +/LoutRecode { + { findfont dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding exch def + currentdict end definefont pop + } + stopped {} +} bind def + +/BeginEPSF { + /LoutEPSFState save def + /dict_count countdictstack def + /op_count count 1 sub def + userdict begin + /showpage { } def + 0 setgray 0 setlinecap + 1 setlinewidth 0 setlinejoin + 10 setmiterlimit [] 0 setdash newpath + /languagelevel where + { pop languagelevel + 1 ne + { false setstrokeadjust false setoverprint + } if + } if +} bind def + +/EndEPSF { + count op_count sub { pop } repeat + countdictstack dict_count sub { end } repeat + LoutEPSFState restore +} bind def +%%EndResource + +%%BeginResource encoding vec1 +/vec1 [ +/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef +/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef +/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef +/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef +/space /exclam /quotedbl /numbersign /dollar /percent /ampersand /quoteright +/parenleft /parenright /asterisk /plus /comma /hyphen /period /slash +/zero /one /two /three /four /five /six /seven +/eight /nine /colon /semicolon /less /equal /greater /question +/at /A /B /C /D /E /F /G +/H /I /J /K /L /M /N /O +/P /Q /R /S /T /U /V /W +/X /Y /Z /bracketleft /backslash /bracketright /asciicircum /underscore +/quoteleft /a /b /c /d /e /f /g +/h /i /j /k /l /m /n /o +/p /q /r /s /t /u /v /w +/x /y /z /braceleft /bar /braceright /asciitilde /.notdef +/.notdef /.notdef /.notdef /.notdef /.notdef /quotedblleft /quotedblright /fi +/fl /endash /emdash /bullet /dagger /daggerdbl /florin /fraction +/dotlessi /grave /acute /circumflex /tilde /macron /breve /dotaccent +/dieresis /.notdef /ring /cedilla /.notdef /hungarumlaut /ogonek /caron +/space /exclamdown /cent /sterling /currency /yen /brokenbar /section +/dieresis /copyright /ordfeminine /guillemotleft /logicalnot /hyphen /registered /macron +/degree /plusminus /twosuperior /threesuperior /acute /mu /paragraph /periodcentered +/cedilla /onesuperior /ordmasculine /guillemotright /onequarter /onehalf /threequarters /questiondown +/Agrave /Aacute /Acircumflex /Atilde /Adieresis /Aring /AE /Ccedilla +/Egrave /Eacute /Ecircumflex /Edieresis /Igrave /Iacute /Icircumflex /Idieresis +/Eth /Ntilde /Ograve /Oacute /Ocircumflex /Otilde /Odieresis /multiply +/Oslash /Ugrave /Uacute /Ucircumflex /Udieresis /Yacute /Thorn /germandbls +/agrave /aacute /acircumflex /atilde /adieresis /aring /ae /ccedilla +/egrave /eacute /ecircumflex /edieresis /igrave /iacute /icircumflex /idieresis +/eth /ntilde /ograve /oacute /ocircumflex /otilde /odieresis /divide +/oslash /ugrave /uacute /ucircumflex /udieresis /yacute /thorn /ydieresis +] def +%%EndResource + +%%BeginResource: procset LoutTabPrependGraphic +% @PrependGraphic file /usr/local/share/lout/include/tab_prepend +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +% % +% PostScript @SysPrependGraphic file for @Tab % +% % +% To assist in avoiding name clashes, the names % +% of all these symbols begin with "ltab". % +% % +% Jeffrey H. Kingston % +% 24 September 1991 % +% 22 December 1992 % +% % +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +% linewidth ltabhs - +% horizontal single line +/ltabhs +{ 0 0 moveto xsize 0 lineto + setlinewidth 0 setlinecap stroke +} def + +% linewidth ltabhsp - +% horizontal single line with projecting ends +/ltabhsp +{ 0 0 moveto xsize 0 lineto + setlinewidth 2 setlinecap stroke +} def + +% linewidth ltabhd - +% horizontal double line +/ltabhd +{ dup dup + 0 0 moveto xsize 0 lineto + 0 exch 3 mul moveto xsize exch 3 mul lineto + setlinewidth 0 setlinecap stroke +} def + +% linewidth ltabhdb - +% horizontal double line below mark +/ltabhdb +{ dup dup + 0 0 moveto xsize 0 lineto + 0 exch -3 mul moveto xsize exch -3 mul lineto + setlinewidth 0 setlinecap stroke +} def + +% linewidth ltabhdnw - +% horizontal double line with northwest corner +/ltabhdnw +{ dup dup dup dup + 0 0 moveto xsize 0 lineto + xsize exch 3 mul moveto + -3 mul exch 3 mul lineto + -3 mul 0 lineto + setlinewidth 0 setlinejoin 2 setlinecap stroke +} def + +% linewidth ltabhdne - +% horizontal double line with northeast corner +/ltabhdne +{ dup dup dup dup + 0 0 moveto xsize 0 lineto + 0 exch 3 mul moveto + 3 mul xsize add exch 3 mul lineto + 3 mul xsize add 0 lineto + setlinewidth 0 setlinejoin 2 setlinecap stroke +} def + +% linewidth ltabhdsw - +% horizontal double line with southwest corner +/ltabhdsw +{ dup dup dup dup + 0 0 moveto xsize 0 lineto + xsize exch -3 mul moveto + -3 mul exch -3 mul lineto + -3 mul 0 lineto + setlinewidth 0 setlinejoin 2 setlinecap stroke +} def + +% linewidth ltabhdse - +% horizontal double line with southeast corner +/ltabhdse +{ dup dup dup dup + 0 0 moveto xsize 0 lineto + 0 exch -3 mul moveto + 3 mul xsize add exch -3 mul lineto + 3 mul xsize add 0 lineto + setlinewidth 0 setlinejoin 2 setlinecap stroke +} def + +% linewidth ltabvs - +% vertical single line +/ltabvs +{ 0 0 moveto 0 ysize lineto + setlinewidth 0 setlinecap stroke +} def + +% linewidth ltabvd - +% vertical double line +/ltabvd +{ dup dup + 0 0 moveto 0 ysize lineto + -3 mul 0 moveto -3 mul ysize lineto + setlinewidth 0 setlinecap stroke +} def + +% linewidth ltabvdr - +% vertical double line to right of mark +/ltabvdr +{ dup dup + 0 0 moveto 0 ysize lineto + 3 mul 0 moveto 3 mul ysize lineto + setlinewidth 0 setlinecap stroke +} def +%%EndResource + +%%BeginResource: procset LoutFigPrependGraphic +% @PrependGraphic file /usr/local/share/lout/include/fig_prepend +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +% % +% PostScript @SysPrependGraphic file for @Fig Jeffrey H. Kingston % +% Version 2.0 (includes CIRCUM label) January 1992 % +% % +% To assist in avoiding name clashes, the names of all symbols % +% defined here begin with "lfig". However, this is not feasible % +% with user-defined labels and some labels used by users. % +% % +% <point> is two numbers, a point. % +% <length> is one number, a length % +% <angle> is one number, an angle in degrees % +% <dashlength> is one number, the preferred length of a dash % +% % +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +errordict begin + /handleerror + { + { /Times-Roman findfont 8 pt scalefont setfont + 0 setgray 4 pt 4 pt moveto + $error /errorname get + dup lfigdict exch known + { lfigdict exch get } + { 30 string cvs } ifelse + show + ( Command: ) show + $error /command get 30 string cvs show + } stopped {} if + showpage stop + } def +end + +% concat strings: <string> <string> lfigconcat <string> +% must be defined outside lfigdict since used in lfigpromotelabels +/lfigconcat +{ 2 copy length exch length add string + dup 0 4 index putinterval + dup 3 index length 3 index putinterval + 3 1 roll pop pop +} def + +% <string> lfigdebugprint - +% must be defined outside lfigdict since used in arbitrary places +% /lfigdebugprint +% { print +% (; operand stack:\n) print +% count copy +% count 2 idiv +% { == +% (\n) print +% } repeat +% (\n) print +% } def + +/lfigdict 120 dict def +lfigdict begin + +% error messages +/dictfull (dictfull error: too many labels?) def +/dictstackoverflow (dictstackoverflow error: labels nested too deeply?) def +/execstackoverflow (execstackoverflow error: figure nested too deeply?) def +/limitcheck (limitcheck error: figure nested too deeply or too large?) def +/syntaxerror (syntaxerror error: syntax error in text of figure?) def +/typecheck (typecheck error: syntax error in text of figure?) def +/undefined (undefined error: unknown or misspelt label?) def +/VMError (VMError error: run out of memory?) def + +% push pi onto stack: - lfigpi <num> +/lfigpi 3.14159 def + +% arc directions +/clockwise false def +/anticlockwise true def + +% maximum of two numbers: <num> <num> lfigmax <num> +/lfigmax { 2 copy gt { pop } { exch pop } ifelse } def + +% minimum of two numbers: <num> <num> lfigmin <num> +/lfigmin { 2 copy lt { pop } { exch pop } ifelse } def + +% add two points: <point> <point> lfigpadd <point> +/lfigpadd { exch 3 1 roll add 3 1 roll add exch } def + +% subtract first point from second: <point> <point> lfigpsub <point> +/lfigpsub { 3 2 roll sub 3 1 roll exch sub exch } def + +% max two points: <point> <point> lfigpmax <point> +/lfigpmax { exch 3 1 roll lfigmax 3 1 roll lfigmax exch } def + +% min two points: <point> <point> lfigpmin <point> +/lfigpmin { exch 3 1 roll lfigmin 3 1 roll lfigmin exch } def + +% scalar multiplication: <point> <num> lfigpmul <point> +/lfigpmul { dup 3 1 roll mul 3 1 roll mul exch } def + +% point at angle and distance: <point> <length> <angle> lfigatangle <point> +/lfigatangle { 2 copy cos mul 3 1 roll sin mul lfigpadd } def + +% angle from one point to another: <point> <point> lfigangle <angle> +/lfigangle { lfigpsub 2 copy 0 eq exch 0 eq and {pop} {exch atan} ifelse } def + +% distance between two points: <point> <point> lfigdistance <length> +/lfigdistance { lfigpsub dup mul exch dup mul add sqrt } def + +% difference in x coords: <point> <point> lfigxdistance <length> +/lfigxdistance { pop 3 1 roll pop sub } def + +%difference in y coords: <point> <point> lfigydistance <length> +/lfigydistance { 3 1 roll pop sub exch pop } def + +% stroke a solid line: <length> <dashlength> lfigsolid - +/lfigsolid +{ pop pop [] 0 setdash stroke +} def + +% stroke a lfigdashed line: <length> <dashlength> lfigdashed - +/lfigdashed +{ 2 copy div 2 le 1 index 0 le or + { exch pop 1 pt lfigmax [ exch dup ] 0 setdash } + { dup [ exch 4 2 roll 2 copy div + 1 sub 2 div ceiling dup 4 1 roll + 1 add mul sub exch div ] 0 setdash + } ifelse stroke +} def + +% stroke a lfigcdashed line: <length> <dashlength> lfigcdashed - +/lfigcdashed +{ 2 copy le 1 index 0 le or + { exch pop 1 pt lfigmax [ exch dup ] dup 0 get 2 div setdash } + { dup [ 4 2 roll exch 2 copy exch div + 2 div ceiling div 1 index sub + ] exch 2 div setdash + } ifelse stroke +} def + +% stroke a dotted line: <length> <dashlength> lfigdotted - +/lfigdotted +{ 2 copy le 1 index 0 le or + { exch pop 1 pt lfigmax [ exch 0 exch ] 0 setdash } + { 1 index exch div ceiling div + [ 0 3 2 roll ] 0 setdash + } ifelse stroke +} def + +% stroke a noline line: <length> <dashlength> lfignoline - +/lfignoline +{ pop pop +} def + +% painting (i.e. filling): - lfigwhite - (etc.) +/lfignopaint { } def +/lfignochange { fill } def +/lfigdarkblue { 0.0 0.0 0.5 setrgbcolor fill } def +/lfigblue { 0.0 0.0 1.0 setrgbcolor fill } def +/lfiglightblue { 0.5 0.5 1.0 setrgbcolor fill } def +/lfigdarkgreen { 0.0 0.5 0.0 setrgbcolor fill } def +/lfiggreen { 0.0 1.0 0.0 setrgbcolor fill } def +/lfiglightgreen { 0.5 1.0 0.5 setrgbcolor fill } def +/lfigdarkred { 0.5 0.0 0.0 setrgbcolor fill } def +/lfigred { 1.0 0.0 0.0 setrgbcolor fill } def +/lfiglightred { 1.0 0.5 0.5 setrgbcolor fill } def +/lfigdarkcyan { 0.0 0.5 0.5 setrgbcolor fill } def +/lfigcyan { 0.0 1.0 1.0 setrgbcolor fill } def +/lfiglightcyan { 0.5 1.0 1.0 setrgbcolor fill } def +/lfigdarkmagenta { 0.5 0.0 0.5 setrgbcolor fill } def +/lfigmagenta { 1.0 0.0 1.0 setrgbcolor fill } def +/lfiglightmagenta { 1.0 0.5 1.0 setrgbcolor fill } def +/lfigdarkyellow { 0.5 0.5 0.0 setrgbcolor fill } def +/lfigyellow { 1.0 1.0 0.0 setrgbcolor fill } def +/lfiglightyellow { 1.0 1.0 0.5 setrgbcolor fill } def +/lfigdarkgray { 0.2 0.2 0.2 setrgbcolor fill } def +/lfiggray { 0.5 0.5 0.5 setrgbcolor fill } def +/lfiglightgray { 0.8 0.8 0.8 setrgbcolor fill } def +/lfigdarkgrey { 0.2 0.2 0.2 setrgbcolor fill } def +/lfiggrey { 0.5 0.5 0.5 setrgbcolor fill } def +/lfiglightgrey { 0.8 0.8 0.8 setrgbcolor fill } def +/lfigblack { 0.0 0.0 0.0 setrgbcolor fill } def +/lfigwhite { 1.0 1.0 1.0 setrgbcolor fill } def + +% line caps (and joins, not currently used) +/lfigbutt 0 def +/lfiground 1 def +/lfigprojecting 2 def +/lfigmiter 0 def +/lfigbevel 2 def + +% shape and labels of the @Box symbol +/lfigbox +{ + 0 0 /SW lfigpointdef + xsize 0 /SE lfigpointdef + xsize ysize /NE lfigpointdef + 0 ysize /NW lfigpointdef + SE 0.5 lfigpmul /S lfigpointdef + NW 0.5 lfigpmul /W lfigpointdef + W SE lfigpadd /E lfigpointdef + S NW lfigpadd /N lfigpointdef + NE 0.5 lfigpmul /CTR lfigpointdef + [ CTR NE lfigpsub /lfigboxcircum cvx ] lfigcircumdef + SW SE NE NW SW +} def + +% shape and labels of the @Square symbol +/lfigsquare +{ + xsize ysize 0.5 lfigpmul /CTR lfigpointdef + CTR xsize xsize ysize ysize lfigpmax 0.5 lfigpmul lfigpadd /NE lfigpointdef + CTR 0 0 CTR NE lfigdistance 135 lfigatangle lfigpadd /NW lfigpointdef + CTR 0 0 CTR NE lfigdistance 225 lfigatangle lfigpadd /SW lfigpointdef + CTR 0 0 CTR NE lfigdistance 315 lfigatangle lfigpadd /SE lfigpointdef + SW 0.5 lfigpmul SE 0.5 lfigpmul lfigpadd /S lfigpointdef + NW 0.5 lfigpmul NE 0.5 lfigpmul lfigpadd /N lfigpointdef + SW 0.5 lfigpmul NW 0.5 lfigpmul lfigpadd /W lfigpointdef + SE 0.5 lfigpmul NE 0.5 lfigpmul lfigpadd /E lfigpointdef + [ CTR NE lfigpsub /lfigboxcircum cvx ] lfigcircumdef + SW SE NE NW SW +} def + +% shape and labels of the @Diamond symbol +/lfigdiamond +{ + xsize 0 0.5 lfigpmul /S lfigpointdef + 0 ysize 0.5 lfigpmul /W lfigpointdef + S W lfigpadd /CTR lfigpointdef + CTR W lfigpadd /N lfigpointdef + CTR S lfigpadd /E lfigpointdef + [ xsize ysize 0.5 lfigpmul /lfigdiamondcircum cvx ] lfigcircumdef + S E N W S +} def + +% shape and labels of the @Ellipse symbol +/lfigellipse +{ + xsize 0 0.5 lfigpmul /S lfigpointdef + 0 ysize 0.5 lfigpmul /W lfigpointdef + S W lfigpadd /CTR lfigpointdef + CTR W lfigpadd /N lfigpointdef + CTR S lfigpadd /E lfigpointdef + CTR xsize 0 0.3536 lfigpmul lfigpadd 0 ysize 0.3536 lfigpmul lfigpadd /NE lfigpointdef + 0 ysize 0.3536 lfigpmul CTR xsize 0 0.3536 lfigpmul lfigpadd lfigpsub /SE lfigpointdef + xsize 0 0.3536 lfigpmul CTR lfigpsub 0 ysize 0.3536 lfigpmul lfigpadd /NW lfigpointdef + 0 ysize 0.3536 lfigpmul xsize 0 0.3536 lfigpmul CTR lfigpsub lfigpsub /SW lfigpointdef + [ xsize ysize 0.5 lfigpmul /lfigellipsecircum cvx ] lfigcircumdef + S [ CTR ] E [ CTR ] N [ CTR ] W [ CTR ] S +} def + +% shape and labels of the @Circle symbol +/lfigcircle +{ + xsize ysize 0.5 lfigpmul /CTR lfigpointdef + CTR xsize 0 ysize 0 lfigpmax 0.5 lfigpmul lfigpadd /E lfigpointdef + CTR 0 0 CTR E lfigdistance 45 lfigatangle lfigpadd /NE lfigpointdef + CTR 0 0 CTR E lfigdistance 90 lfigatangle lfigpadd /N lfigpointdef + CTR 0 0 CTR E lfigdistance 135 lfigatangle lfigpadd /NW lfigpointdef + CTR 0 0 CTR E lfigdistance 180 lfigatangle lfigpadd /W lfigpointdef + CTR 0 0 CTR E lfigdistance 225 lfigatangle lfigpadd /SW lfigpointdef + CTR 0 0 CTR E lfigdistance 270 lfigatangle lfigpadd /S lfigpointdef + CTR 0 0 CTR E lfigdistance 315 lfigatangle lfigpadd /SE lfigpointdef + [ S E lfigpsub /lfigellipsecircum cvx ] lfigcircumdef + S [ CTR ] E [ CTR ] N [ CTR ] W [ CTR ] S +} def + +% shape and labels of the @HLine and @HArrow symbols +/lfighline +{ + 0 ymark lfigprevious /FROM lfigpointdef + xsize ymark lfigprevious /TO lfigpointdef +} def + +% shape and labels of the @VLine and @VArrow symbols +/lfigvline +{ + xmark ysize lfigprevious /FROM lfigpointdef + xmark 0 lfigprevious /TO lfigpointdef +} def + +% points of a polygon around base with given no of sides, vert init angle: +% <sides> <angle> figpolygon <point> ... <point> +/lfigpolygon +{ xsize ysize 0.5 lfigpmul /CTR lfigpointdef + 90 sub CTR 2 copy lfigmax 5 3 roll + [ 4 copy pop /lfigpolycircum cvx ] lfigcircumdef + exch dup 360 exch div exch + 1 1 3 2 roll + { 4 string cvs (P) exch lfigconcat cvn + 6 copy pop pop lfigatangle 2 copy 10 2 roll + 3 2 roll lfigpointdef + dup 3 1 roll add exch + } for + pop lfigatangle +} def + +% next array element: <array> <index> lfiggetnext <array> <index> <any> true +% or <array> <index> false +/lfiggetnext +{ 2 copy exch length ge + { false } + { 2 copy get exch 1 add exch true } ifelse +} def + +% check whether thing is number: <any> lfigisnumbertype <any> <bool> +/lfigisnumbertype +{ dup type dup + /integertype eq exch /realtype eq or +} def + +% check whether thing is an array: <any> lfigisarraytype <any> <bool> +/lfigisarraytype { dup type /arraytype eq } def + +% get next item: <array> <index> lfiggetnextitem <array> <index> 0 +% or <array> <index> <array> 1 +% or <array> <index> <point> 2 +/lfiggetnextitem +{ lfiggetnext + { lfigisarraytype + { 1 + } + { lfigisnumbertype + { 3 1 roll + lfiggetnext + { lfigisnumbertype + { 4 3 roll exch 2 + } + { pop 3 2 roll pop 0 + } ifelse + } + { 3 2 roll pop 0 + } ifelse + } + { pop 0 + } ifelse + } ifelse + } + { 0 + } ifelse +} def + +% set arc path: bool x1 y1 x2 y2 x0 y0 lfigsetarc <angle> <angle> <dist> +% the path goes from x1 y1 to x2 y2 about centre x0 y0, +% anticlockwise if bool is true else clockwise. +% The orientations of backwards pointing and forwards pointing +% arrowheads are returned in the two angles, and +% the length of the arc is returned in <dist>. +/lfigsetarc +{ + 20 dict begin + matrix currentmatrix 8 1 roll + 2 copy translate 2 copy 8 2 roll + 4 2 roll lfigpsub 6 2 roll lfigpsub + dup /y1 exch def dup mul /y1s exch def + dup /x1 exch def dup mul /x1s exch def + dup /y2 exch def dup mul /y2s exch def + dup /x2 exch def dup mul /x2s exch def + + y1s y2s eq + { -1 + } + { y1s x2s mul y2s x1s mul sub y1s y2s sub div + } ifelse + /da exch def + + x1s x2s eq + { -1 + } + { x1s y2s mul x2s y1s mul sub x1s x2s sub div + } ifelse + /db exch def + + da 0 gt db 0 gt and + { /LMax da sqrt db sqrt lfigmax def + /scalex da sqrt LMax div def + /scaley db sqrt LMax div def + scalex scaley scale + 0 0 LMax + 0 0 x1 scalex mul y1 scaley mul lfigangle + 0 0 x2 scalex mul y2 scaley mul lfigangle + 2 copy eq { 360 add } if + 2 copy 8 2 roll + 5 index { arc } { arcn } ifelse + 2 index 1 index + { 90 sub } { 90 add } ifelse + dup sin scaley mul exch cos scalex mul atan + 2 index 2 index + { 90 add } { 90 sub } ifelse + dup sin scaley mul exch cos scalex mul atan + 5 2 roll % res1 res2 ang1 ang2 anticlockwise + { exch sub } { sub } ifelse + dup 0 le { 360 add } if lfigpi mul LMax mul 180 div + } + { 0 0 x1 y1 lfigdistance 0 0 x2 y2 lfigdistance eq + 0 0 x1 y1 lfigdistance 0 gt and + { 0 0 + 0 0 x1 y1 lfigdistance + 0 0 x1 y1 lfigangle + 0 0 x2 y2 lfigangle + 2 copy eq { 360 add } if + 2 copy 8 2 roll + 5 index { arc } { arcn } ifelse + 2 index 1 index + { 90 sub } { 90 add } ifelse + 2 index 2 index + { 90 add } { 90 sub } ifelse + 5 2 roll % res1 res2 ang1 ang2 clockwise + { exch sub } { sub } ifelse + dup 0 le { 360 add } if lfigpi mul 0 0 x1 y1 lfigdistance mul 180 div + } + { x2 y2 lineto pop + x2 y2 x1 y1 lfigangle + x1 y1 x2 y2 lfigangle + x1 y1 x2 y2 lfigdistance + } ifelse + } ifelse + 4 -1 roll setmatrix + end +} def + +% lfigsetcurve: set up a Bezier curve from x0 y0 to x3 y3 +% and return arrowhead angles and length of curve (actually 0) +% x0 y0 x1 y1 x2 y2 x3 y3 lfigsetcurve <angle> <angle> <length> +/lfigsetcurve +{ 8 copy curveto pop pop + lfigangle + 5 1 roll + 4 2 roll lfigangle + exch + 0 +} def + +% lfigpaintpath: paint a path of the given shape +% /paint [ shape ] lfigpaintpath - +/lfigpaintpath +{ + 10 dict begin + 0 newpath + /prevseen false def + /curveseen false def + { lfiggetnextitem + dup 0 eq { pop exit } + { 1 eq + { /curveseen true def + /curve exch def + curve length 0 eq { /curveseen false def } if + } + { /ycurr exch def + /xcurr exch def + prevseen + { curveseen + { curve length 4 eq + { xprev yprev + curve 0 get curve 1 get + curve 2 get curve 3 get + xcurr ycurr + lfigsetcurve pop pop pop + } + { xprev yprev xcurr ycurr + curve length 1 ge { curve 0 get } { 0 } ifelse + curve length 2 ge { curve 1 get } { 0 } ifelse + curve length 3 ge { curve 2 get } { true } ifelse + 7 1 roll + lfigsetarc pop pop pop + } ifelse + } + { xcurr ycurr lineto + } ifelse + } + { xcurr ycurr moveto + } ifelse + /xprev xcurr def + /yprev ycurr def + /prevseen true def + /curveseen false def + } ifelse + } ifelse + } loop pop pop cvx exec + end +} def + +% stroke a path of the given shape in the given linestyle and dash length. +% Return the origin and angle of the backward and forward arrow heads. +% dashlength /linestyle [shape] lfigdopath [<point> <angle>] [<point> <angle>] +/lfigdopath +{ + 10 dict begin + 0 + /prevseen false def + /curveseen false def + /backarrow [] def + /fwdarrow [] def + { + lfiggetnextitem + dup 0 eq { pop exit } + { + 1 eq + { /curveseen true def + /curve exch def + curve length 0 eq { /prevseen false def } if + } + { /ycurr exch def + /xcurr exch def + prevseen + { newpath xprev yprev moveto + curveseen + { curve length 4 eq + { xprev yprev + curve 0 get curve 1 get + curve 2 get curve 3 get + xcurr ycurr lfigsetcurve + } + { xprev yprev xcurr ycurr + curve length 1 ge { curve 0 get } { 0 } ifelse + curve length 2 ge { curve 1 get } { 0 } ifelse + curve length 3 ge { curve 2 get } { true } ifelse + 7 1 roll + lfigsetarc + } ifelse + } + { xcurr ycurr lineto + xcurr ycurr xprev yprev lfigangle dup 180 sub + xprev yprev xcurr ycurr lfigdistance + } ifelse + 6 index 6 index cvx exec + [ xprev yprev 5 -1 roll ] + backarrow length 0 eq + { /backarrow exch def } + { pop } ifelse + [ xcurr ycurr 4 -1 roll ] /fwdarrow exch def + } if + /xprev xcurr def + /yprev ycurr def + /prevseen true def + /curveseen false def + } ifelse + } ifelse + } loop + pop pop pop pop + backarrow length 0 eq { [ 0 0 0 ] } { backarrow } ifelse + fwdarrow length 0 eq { [ 0 0 0 ] } { fwdarrow } ifelse + end +} def + +% lfigdoarrow: draw an arrow head of given form +% dashlength /lstyle /pstyle hfrac height width [ <point> <angle> ] lfigdoarrow - +/lfigdoarrow +{ matrix currentmatrix 8 1 roll + dup 0 get 1 index 1 get translate + 2 get rotate + [ 2 index neg 2 index 0 0 + 3 index 3 index neg + 1 index 10 index mul 0 + 7 index 7 index ] + 4 1 roll pop pop pop + dup 3 1 roll + gsave lfigpaintpath grestore lfigdopath pop pop + setmatrix +} def + +% arrow head styles +/lfigopen 0.0 def +/lfighalfopen 0.5 def +/lfigclosed 1.0 def + +% stroke no arrows, forward, back, and both +/lfignoarrow { pop pop pop pop pop pop pop pop } def +/lfigforward { 7 -1 roll lfigdoarrow pop } def +/lfigback { 8 -2 roll pop lfigdoarrow } def +/lfigboth { 8 -1 roll 7 copy lfigdoarrow pop 7 -1 roll lfigdoarrow } def + +% lfigprevious: return previous point on path +/lfigprevious +{ lfigisnumbertype + { 2 copy } + { lfigisarraytype + { 2 index 2 index } + { 0 0 } + ifelse + } ifelse +} def + +% label a point in 2nd top dictionary: <point> /name lfigpointdef - +/lfigpointdef +{ + % (Entering lfigpointdef) lfigdebugprint + [ 4 2 roll transform + /itransform cvx ] cvx + currentdict end + 3 1 roll + % currentdict length currentdict maxlength lt + % { def } + % { exec moveto (too many labels) show stop } + % ifelse + def + begin + % (Leaving lfigpointdef) lfigdebugprint +} def + +% promote labels from second top to third top dictionary +% <string> lfigpromotelabels - +/lfigpromotelabels +{ + % (Entering lfigpromotelabels) lfigdebugprint + currentdict end exch currentdict end + { exch 20 string cvs 2 index + (@) lfigconcat exch lfigconcat cvn exch def + } forall pop begin + % (Leaving lfigpromotelabels) lfigdebugprint +} def + +% show labels (except CIRCUM): - lfigshowlabels - +/lfigshowlabels +{ + % (Entering lfigshowlabels) lfigdebugprint + currentdict end + currentdict + { 1 index 20 string cvs (CIRCUM) search % if CIRCUM in key + { pop pop pop pop pop } + { pop cvx exec 2 copy + newpath 1.5 pt 0 360 arc + 0 setgray fill + /Times-Roman findfont 8 pt scalefont setfont + moveto 0.2 cm 0.1 cm rmoveto 20 string cvs show + } + ifelse + } forall + begin + % (Leaving lfigshowlabels) lfigdebugprint +} def + +% fix an angle to between 0 and 360 degrees: <angle> lfigfixangle <angle> +/lfigfixangle +{ + % (Entering lfigfixangle) lfigdebugprint + { dup 0 ge { exit } if + 360 add + } loop + { dup 360 lt { exit } if + 360 sub + } loop + % (Leaving lfigfixangle) lfigdebugprint +} def + +% find point on circumference of box: alpha a b lfigboxcircum x y +/lfigboxcircum +{ + % (Entering lfigboxcircum) lfigdebugprint + 4 dict begin + /b exch def + /a exch def + lfigfixangle /alpha exch def + 0 0 a b lfigangle /theta exch def + + % if alpha <= theta, return (a, a*tan(alpha)) + alpha theta le + { a a alpha sin mul alpha cos div } + { + % else if alpha <= 180 - theta, return (b*cot(alpha), b) + alpha 180 theta sub le + { b alpha cos mul alpha sin div b } + { + % else if alpha <= 180 + theta, return (-a, -a*tan(alpha)) + alpha 180 theta add le + { a neg a neg alpha sin mul alpha cos div } + { + % else if alpha <= 360 - theta, return (-b*cot(alpha), -b) + alpha 360 theta sub le + { b neg alpha cos mul alpha sin div b neg } + { + % else 360 - theta <= alpha, return (a, a*tan(alpha)) + a a alpha sin mul alpha cos div + } ifelse + } ifelse + } ifelse + } ifelse + end + % (Leaving lfigboxcircum) lfigdebugprint +} def + +% find point on circumference of diamond: alpha a b lfigdiamondcircum x y +/lfigdiamondcircum +{ + % (Entering lfigdiamondcircum) lfigdebugprint + 4 dict begin + /b exch def + /a exch def + lfigfixangle /alpha exch def + b alpha cos abs mul a alpha sin abs mul add /denom exch def + a b mul alpha cos mul denom div + a b mul alpha sin mul denom div + end + % (Leaving lfigdiamondcircum) lfigdebugprint +} def + +% find point on circumference of ellipse: alpha a b lfigellipsecircum x y +/lfigellipsecircum +{ + % (Entering lfigellipsecircum) lfigdebugprint + 4 dict begin + /b exch def + /a exch def + lfigfixangle /alpha exch def + b alpha cos mul dup mul a alpha sin mul dup mul add sqrt /denom exch def + a b mul alpha cos mul denom div + a b mul alpha sin mul denom div + end + % (Leaving lfigellipsecircum) lfigdebugprint +} def + +% find point of intersection of two lines each defined by two points +% x1 y1 x2 y2 x3 y3 x4 y4 lfiglineintersect x y +/lfiglineintersect +{ + % (Entering lfiglineintersect) lfigdebugprint + 13 dict begin + /y4 exch def + /x4 exch def + /y3 exch def + /x3 exch def + /y2 exch def + /x2 exch def + /y1 exch def + /x1 exch def + x2 x1 sub /x21 exch def + x4 x3 sub /x43 exch def + y2 y1 sub /y21 exch def + y4 y3 sub /y43 exch def + y21 x43 mul y43 x21 mul sub /det exch def + + % calculate x + y21 x43 mul x1 mul + y43 x21 mul x3 mul sub + y3 y1 sub x21 mul x43 mul add + det div + + % calculate y + x21 y43 mul y1 mul + x43 y21 mul y3 mul sub + x3 x1 sub y21 mul y43 mul add + det neg div + + end + % (Leaving lfiglineintersect) lfigdebugprint +} def + +% find point on circumference of polygon +% alpha radius num theta lfigpolycircum x y +/lfigpolycircum +{ + % (Entering lfigpolycircum) lfigdebugprint + 13 dict begin + /theta exch def + /num exch def + /radius exch def + /alpha exch def + + % calculate delta, the angle from theta to alpha + alpha theta sub lfigfixangle + + % calculate the angle which is the multiple of 360/num closest to delta + 360 num div div truncate 360 num div mul theta add /anglea exch def + + % calculate the next multiple of 360/num after anglea + anglea 360 num div add /angleb exch def + + % intersect the line through these two points with the alpha line + anglea cos anglea sin angleb cos angleb sin + 0 0 alpha cos 2 mul alpha sin 2 mul + lfiglineintersect radius lfigpmul + + end + % (Leaving lfigpolycircum) lfigdebugprint +} def + +% add CIRCUM operator with this body: <array> lfigcircumdef - +/lfigcircumdef +{ % (Entering lfigcircumdef) lfigdebugprint + /CIRCUM exch cvx + currentdict end + 3 1 roll + % currentdict length currentdict maxlength lt + % { def } + % { exec moveto (too many labels) show stop } + % ifelse + def + begin + % (Leaving lfigcircumdef) lfigdebugprint +} def + +end +%%EndResource + +%%EndProlog + +%%BeginSetup +%%IncludeResource: font Times-Italic +/Times-Italicfnt83 vec1 /Times-Italic LoutRecode +/fnt83 { /Times-Italicfnt83 LoutFont } def +%%IncludeResource: font Times-Bold +/Times-Boldfnt84 vec1 /Times-Bold LoutRecode +/fnt84 { /Times-Boldfnt84 LoutFont } def +%%IncludeResource: font Times-Roman +/Times-Romanfnt82 vec1 /Times-Roman LoutRecode +/fnt82 { /Times-Romanfnt82 LoutFont } def +%%EndSetup + +%%Page: ? 1 +%%BeginPageSetup +%%PageResources: font Times-Italic +%%+ font Times-Bold +%%+ font Times-Roman +/pgsave save def +0.0500 dup scale 10 setlinewidth +%%EndPageSetup + +gsave +0 15840 translate +0.0000 rotate + +grestore +gsave +0 15840 translate +0.0000 rotate +200 fnt83 0.0 0.0 0.0 setrgbcolor 3005 -1576(Originally)m 3884(published)s 4709(in)s +4914(the)s 5207(pr)s 9(oceedings)k 6221(of)s 6426(the)s +6719(5th)s 7024(Usenix)s 7626(Security)s 8327(Symposium)s 224 fnt84 +4401 -3032(DNS)m 280 fnt84 4917 -3034(and)m 224 fnt84 5437 -3032(BIND)m +280 fnt84 6065 -3034(Security)m 7127(Issues)s 240 fnt82 5620 -3494(P)m 3(aul)k +6102(V)s 14(ixie)k 5279 -3734(<paul@vix.com>)m 240 fnt83 4695 -4067(Internet)m +5511(Softwar)s 8(e)k 6414(Consortium)s 200 fnt82 5619 -4494(2)m +5769(May)s 13(,)k 6221(1995)s 200 fnt84 5750 -5395(Abstract)m +200 fnt82 2160 -5773(Ef)m 5(forts)k 2757(are)s 3049(underw)s 2(ay)k +3883(to)s 4088(add)s 4426(security)s 5105(to)s 5310(the)s +160 fnt82 5603 -5771(DNS)m 200 fnt82 5971 -5773(protocol.)m 6785(W)s 16(e)k +7095(ha)s 4(v)k 3(e)k 7514(observ)s 3(ed)k +8280(that)s 8628(if)s 160 fnt82 8799 -5771(BIND)m 200 fnt82 +9238 -5773(w)m 2(ould)k 9785(just)s 2160 -6013(do)m 2400(what)s +2827(the)s 160 fnt82 3110 -6011(DNS)m 200 fnt82 3468 -6013(speci\207cations)m +4590(say)s 4895(it)s 5045(should)s 5617(do,)s 5907(stop)s +6279(crashing,)s 7043(and)s 7371(start)s 7752(checking)s 8511(its)s +8738(inputs,)s 9315(then)s 9698(most)s 2160 -6253(of)m 2382(the)s +2681(e)s 3(xisting)k 3364(security)s 4049(holes)s 4525(in)s +160 fnt82 4736 -6251(DNS)m 200 fnt83 5110 -6252(as)m 5343(pr)s 3(acticed)k +200 fnt82 6147 -6253(w)m 2(ould)k 6700(go)s 6956(a)s 3(w)k 2(ay)k 13(.)k +7514(T)s 16(o)k 7776(be)s 8020(sure,)s 8457(attack)s 2(ers)k +9216(w)s 2(ould)k 9769(still)s 2160 -6493(ha)m 4(v)k 3(e)k +2588(a)s 2735(pretty)s 3258(easy)s 3670(time)s 4082(co-opting)s +160 fnt82 4905 -6491(DNS)m 200 fnt82 5282 -6493(in)m 5496(their)s +5919(break-in)s 6641(attempts.)s 7473(Our)s 7842(aim)s 8199(has)s +8523(been)s 8958(to)s 9172(get)s 160 fnt82 9474 -6491(BIND)m +200 fnt82 9922 -6493(to)m 2160 -6733(the)m 2459(point)s 2925(where)s +3467(its)s 3710(only)s 4121(vulnerabilities)s 5314(are)s 5612(due)s +5956(to)s 6167(the)s 160 fnt82 6466 -6731(DNS)m 200 fnt82 +6840 -6733(protocol,)m 7610(and)s 7954(not)s 8265(to)s 8476(the)s +8775(implementation.)s 2160 -6973(This)m 2564(paper)s 3056(describes)s 3845(our)s +4161(progress)s 4885(to)s 5090(date.)s 240 fnt84 1440 -7606(1.)m +1740(Intr)s 4(oduction)k 200 fnt82 1440 -7985(Man)m 3(y)k +1949(were)s 2382(the)s 2672(reasons)s 3315(for)s 3594(starting)s +4237(w)s 2(ork)k 4692(on)s 160 fnt82 4939 -7983(BIND)m +200 fnt82 5375 -7985(ag)m 1(ain)k 5852(a)s 1440 -8225(fe)m 5(w)k +1784(years)s 2254(back.)s 2731(The)s 160 fnt82 3092 -8223(BIND)m +200 fnt82 3532 -8225(serv)m 3(er)k 4065(and)s 4404(resolv)s 3(er)k +5092(are)s 5385(critical)s 1440 -8465(to)m 1630(the)s 1908(daily)s +2341(acti)s 5(vities)k 3087(of)s 3288(millions)s 3975(of)s +4176(Internet)s 4829(users,)s 5322(yet)s 5600(the)s 3(y)k +1440 -8705(ha)m 4(v)k 3(e)k 1861(each)s 2277(been)s +2705(infested)s 3386(with)s 3792(b)s 4(ugs)k 4217(from)s +4656(their)s 5072(\207rst)s 5433(day)s 5773(of)s 1440 -8945(use.)m +1853(W)s 16(e)k 2161(ha)s 4(v)k 3(e)k +2578(made)s 3057(some)s 3525(good)s 3973(progress)s 4695(on)s +4943(plugging)s 5701(the)s 1440 -9185(memory)m 2169(leaks)s 2642(and)s +2995(core)s 3402(dumps)s 3999(that)s 160 fnt82 4362 -9183(BIND)m +200 fnt82 4816 -9185(is)m 5013(f)s 2(amous)k 5662(for)s 8(,)k +1440 -9425(and)m 1784(along)s 2283(the)s 2582(w)s 2(ay)k +2968(we)s 3256(ha)s 4(v)k 3(e)k 3681(found)s +4203(a)s 4347(lot)s 4613(of)s 4835(w)s 2(ays)k +5298(to)s 5509(mak)s 2(e)k 160 fnt82 1440 -9663(BIND)m +200 fnt82 1879 -9665(more)m 2338(secure.)s 1840 -9976(Man)m 3(y)k +2355(of)s 2574(the)s 2870(classic)s 3451(security)s 4133(breaches)s +4881(in)s 5089(the)s 5385(history)s 1440 -10216(of)m 1674(computers)s +2571(and)s 2927(computer)s 3747(netw)s 2(orking)k 4721(ha)s 4(v)k 3(e)k +5158(had)s 5514(to)s 5737(do)s 1440 -10456(not)m 1770(with)s +2199(fundamental)s 3269(algorythm)s 4163(or)s 4404(protocol)s 5143(\210a)s 3(ws,)k +5685(b)s 4(ut)k 1440 -10696(with)m 1834(implementation)s 3123(errors.)s +3726(Sometimes)s 4650(those)s 5110(errors)s 5613(tak)s 2(e)k +1440 -10936(the)m 1721(form)s 2146(of)s 2350(ignorant)s 3052(or)s +3256(\205security)s 4011(una)s 3(w)k 2(are\206)k 4806(programming,)s +1440 -11176(such)m 1855(as)s 2070(collecting)s 2904(potentially)s 3805(unbounded)s +4743(streams)s 5399(of)s 5615(data)s 1440 -11416(from)m 1910(the)s +2236(netw)s 2(ork)k 2970(using)s 3485(functions)s 4309(which)s +4879(do)s 5162(not)s 5500(kno)s 5(w)k 1440 -11656(the)m +1784(length)s 2383(of)s 2650(their)s 3115(destination)s 4089(b)s 4(uf)k 5(fers,)k +4794(or)s 5061(the)s 5405(use)s 5771(of)s 1440 -11896(predictable)m +2391(magic)s 2945(cookies)s 3621(since)s 4097(the)s 4408(programmer')s 11(s)k +5592(goal)s 1440 -12136(is)m 1618(to)s 1819(pre)s 5(v)k 3(ent)k +2454(accidental)s 3305(data)s 3682(errors)s 4191(rather)s 4700(than)s +5089(intentional)s 1440 -12376(ones.)m 1950(Other)s 2448(times,)s 2973(a)s +3106(code)s 3527(branch)s 4114(rarely)s 4622(or)s 4833(ne)s 5(v)k 3(er)k +5312(tak)s 2(en)k 5786(in)s 1440 -12616(normal)m 2053(use)s +2367(is)s 2548(found)s 3063(to)s 3267(ha)s 4(v)k 3(e)k +3685(\205security)s 4451(f)s 2(atal\206)k 4938(b)s 4(ugs)k +5360(or)s 5575(e)s 5(v)k 3(en)k 1440 -12856(deliberate)m +2273(back)s 2699(doors)s 3192(or)s 3408(loopholes.)s 1840 -13167(While)m +2407(we)s 2720(do)s 3001(not)s 3337(intend)s 3916(to)s +4152(demean)s 4852(the)s 5176(ef)s 5(forts)k 5770(of)s +1440 -13407(those)m 1956(in)s 8(v)k 4(olv)k 3(ed)k +2735(in)s 2986(upgrading)s 3891(the)s 4230(Internet)s 4944(protocols)s +5781(to)s 1440 -13647(mak)m 2(e)k 1945(security)s 2650(a)s +2814(more)s 3299(realistic)s 4002(goal,)s 4471(we)s 4779(ha)s 4(v)k 3(e)k +5224(observ)s 3(ed)k 1440 -13887(that)m 1813(if)s 160 fnt82 +2009 -13885(BIND)m 200 fnt82 2473 -13887(w)m 2(ould)k 3045(just)s +3407(do)s 3682(what)s 4144(the)s 160 fnt82 4462 -13885(DNS)m +200 fnt82 4855 -13887(speci\207cations)m 1440 -14127(say)m 1788(it)s 1981(should)s +2596(do,)s 2929(stop)s 3344(crashing,)s 4151(and)s 4522(start)s +4946(checking)s 5748(its)s 6300 -7577(inputs,)m 6887(then)s 7280(most)s +7717(of)s 7933(the)s 8226(e)s 3(xisting)k 8903(security)s +9582(holes)s 10052(in)s 160 fnt82 10257 -7575(DNS)m 200 fnt83 +10625 -7576(as)m 6300 -7816(pr)m 3(acticed)k 200 fnt82 7120 -7817(w)m 2(ould)k +7689(go)s 7961(a)s 3(w)k 2(ay)k 13(.)k +8535(T)s 16(o)k 8813(be)s 9073(sure,)s 9526(attack)s 2(ers)k +10301(w)s 2(ould)k 6300 -8057(still)m 6705(ha)s 4(v)k 3(e)k +7182(a)s 7378(pretty)s 7950(easy)s 8411(time)s 8872(co-opting)s +160 fnt82 9744 -8055(DNS)m 200 fnt82 10170 -8057(in)m 10433(their)s +6300 -8297(break-in)m 7026(attempts.)s 7862(Our)s 8235(aim)s 8596(has)s +8924(been)s 9363(to)s 9581(get)s 160 fnt82 9887 -8295(BIND)m +200 fnt82 10339 -8297(to)m 10557(the)s 6300 -8537(point)m 6785(where)s +7346(its)s 7608(only)s 8038(vulnerabilities)s 9250(are)s 9567(due)s +9930(to)s 10160(the)s 160 fnt82 10478 -8535(DNS)m 200 fnt82 +6300 -8777(protocol,)m 7064(and)s 7402(not)s 7707(to)s 7912(the)s +8205(implementation.)s 240 fnt84 6300 -9465(2.)m 6600(Wh)s 3(y)k +7150(Is)s 192 fnt84 7396 -9463(DNS)m 240 fnt84 7838 -9465(Security)m +8747(Important?)s 200 fnt82 6300 -9890(Let')m 11(s)k 6778(say)s +7124(that)s 7503(a)s 7672(security)s 8382(conscious)s 9248(user)s +9660(al)s 2(w)k 2(ays)k 10289(uses)s 10712(a)s +160 fnt82 6300 -10128(DES)m 200 fnt82 6650 -10130(challenge/response)m 8213(de)s 5(vice)k +8777(when)s 9259(connecting)s 10183(to)s 10388(hosts)s 6300 -10370(outside)m +6940(the)s 7248(local)s 7699(netw)s 2(ork,)k 8465(b)s 4(ut)k +8781(when)s 9278(connecting)s 10217(locally)s 13(,)k 6300 -10610(she)m +6635(\207gures)s 7247(that)s 7615(it)s 7795(is)s 7997(safe)s +8386(to)s 8611(send)s 9046(her)s 9370(passw)s 2(ord)k +10190(in)s 10415(clear)s 6300 -10850(te)m 3(xt)k 6660(since)s +7133(she)s 7463(kno)s 5(ws)k 128 fnt82 7979 -10761(1)m +200 fnt82 8108 -10850(that)m 8471(outsiders)s 9254(cannot)s 9850(snif)s 5(f)k +10274(on)s 10539(her)s 6300 -11090(pri)m 5(v)k 5(ate)k +6906(netw)s 2(ork.)k 7721(Further)s 8371(assume)s 9020(that)s +9382(hers)s 9777(is)s 9973(one)s 10325(of)s 10555(the)s +6300 -11330(man)m 3(y)k 6796(installations)s 7812(which)s 8355(does)s +8776(not)s 9087(restrict)s 9693(outbound)s 160 fnt82 10504 -11328(TCP)m +200 fnt82 6300 -11570(connections,)m 7383(on)s 7665(the)s 7990(assumption)s +8979(that)s 9359(\207re)s 5(w)k 2(alls)k 10118(are)s +10442(only)s 6300 -11810(necessary)m 7121(to)s 7325(k)s 2(eep)k +7748(people)s 200 fnt83 8328 -11809(out)m 128 fnt82 8583 -11721(2)m +200 fnt82 8647 -11810(.)m 8796(If)s 8977(her)s 9280(name)s +9760(serv)s 3(er)k 10291(is)s 10472(able)s 6300 -12050(to)m +6509(recei)s 5(v)k 3(e)k 160 fnt82 7128 -12048(UDP)m +200 fnt82 7500 -12050(pack)m 2(ets)k 8148(on)s 8402(port)s +8777(53)s 9031(from)s 9472(outside)s 10101(her)s 10409(local)s +6300 -12290(netw)m 2(ork,)k 7091(then)s 7524(this)s 7901(security)s +8620(conscious)s 9495(user)s 9916(is)s 10138(in)s 10383(for)s +10705(a)s 6300 -12530(potentially)m 7201(rough)s 7717(ride.)s 6700 -12841(Before)m +7318(we)s 7627(be)s 3(gin,)k 8194(we')s 10(d)k +8659(lik)s 2(e)k 9032(to)s 9264(emphasize)s 10180(that)s +10555(the)s 6300 -13081(e)m 3(xamples)k 7145(are)s 7484(not)s +7836(dra)s 3(wn)k 8428(from)s 8912(theoretical)s 9847(studies,)s +10546(b)s 4(ut)k 6300 -13321(rather)m 6813(the)s 200 fnt84 +7106 -13322(tcpdump)m 200 fnt82 7920 -13321(command)m 8756(running)s 9427(on)s +9677(real)s 10024(netw)s 2(orks.)k gsave +6300 -13861 translate +200 fnt82 0.0 0.0 0.0 setrgbcolor 1134 0 0 0 200 240 50 LoutGraphic +gsave +0 0 moveto xsize 0 lineto stroke +grestore + +grestore +102 fnt82 0.0 0.0 0.0 setrgbcolor +6300 -14042(1)m 160 fnt82 6351 -14113(W)m 12(e')k 1(ll)k +6741(assume)s 7251(that)s 7530(she)s 7783(is)s 7929(correct.)s +102 fnt82 6300 -14295(2)m 160 fnt82 6351 -14366(An)m 6586(assumption)s +7353(with)s 7676(which)s 8106(we)s 8332(do)s 8532(not)s +8776(agree.)s +grestore + +pgsave restore +showpage + +%%Page: ? 2 +%%BeginPageSetup +%%PageResources: font Times-Roman +%%+ font Times-Bold +%%+ font Times-Italic +/pgsave save def +0.0500 dup scale 10 setlinewidth +%%EndPageSetup +gsave +0 15840 translate +0.0000 rotate + +grestore +gsave +0 15840 translate +0.0000 rotate +200 fnt82 0.0 0.0 0.0 setrgbcolor 1440 -1576(F)m 3(olks)k 1944(o)s 3(v)k 3(er)k +2356(on)s 2620(the)s 2927(Dark)s 3389(Side)s 3807(ha)s 4(v)k 3(e)k +4240(tools)s 4691(to)s 4910(e)s 3(xploit)k 5524(these)s +1440 -1816(weaknesses,)m 2469(and)s 2809(the)s 3(y)k 3201(are)s +3495(real,)s 3894(right)s 4322(here,)s 4766(right)s 5194(no)s 5(w)k 13(.)k +5672(W)s 16(e)k 1440 -2056(learned)m 2067(of)s 2275(these)s +2725(weaknesses)s 3694(by)s 3936(studying)s 4665(some)s 5127(successful)s +1440 -2296(attacks,)m 2092(not)s 2398(just)s 2736(by)s 2987(a)s +3126(careful)s 3728(e)s 3(xamination)k 4760(of)s 4977(the)s +5271(protocol)s 1440 -2536(and)m 1778(the)s 160 fnt82 2071 -2534(BIND)m +200 fnt82 2510 -2536(source)m 3079(code.)s 200 fnt84 1440 -3036(2.1)m +1690(.)s 1840(Misdir)s 3(ected)k 2902(Destination)s 200 fnt82 +1440 -3414(A)m 1660(user)s 2067(asks)s 2485(her)s 2815(telnet)s +3332(client)s 3849(to)s 4080(connect)s 4775(to)s 200 fnt84 +5006 -3415(host1)m 200 fnt82 5460 -3414(.)m 5636(Her)s 1440 -3654(client)m +1972(asks)s 2405(the)s 2739(name)s 3261(serv)s 3(er)k +3834(for)s 4157(the)s 4491(address)s 5178(of)s 200 fnt84 +5435 -3655(host1)m 200 fnt82 5889 -3654(,)m 1440 -3894(recei)m 5(v)k 3(es)k +2201(a)s 2408(corrupt)s 3102(answer)s 8(,)k 3826(and)s +4233(then)s 4695(initiates)s 5442(a)s 160 fnt82 5649 -3892(TCP)m +200 fnt82 1440 -4134(connection)m 2415(to)s 2671(the)s 3015(telnet)s +3557(serv)s 3(er)k 4140(at)s 4384(that)s 4783(address.)s +5580(This)s 1440 -4374(address)m 2098(does)s 2525(not)s 2842(correspond)s +3789(to)s 4006(her)s 4322(intended)s 5070(host,)s 5514(b)s 4(ut)k +5827(it)s 1440 -4614(displays)m 2140(the)s 2431(usual)s 2899(greeting,)s +3649(and)s 3985(she)s 4298(types)s 4766(her)s 5068(usual)s +5536(login)s 1440 -4854(and)m 1789(passw)s 2(ord.)k 2700(The)s +3071(connection)s 4006(drops,)s 4560(she)s 4886(tries)s 5288(it)s +5459(ag)s 1(ain,)k 1440 -5094(all)m 1677(is)s 1848(well,)s +2279(she)s 2583(chalks)s 3130(it)s 3279(up)s 3518(to)s +3712(a)s 3839(gremlin)s 4497(in)s 4691(the)s 4973(netw)s 2(ork)k +5663(and)s 1440 -5334(for)m 3(gets)k 2032(all)s 2273(about)s +2759(it.)s 3012(But)s 3343(there)s 200 fnt83 3783 -5333(is)m +200 fnt82 3958 -5334(a)m 4089(gremlin)s 4751(in)s 4949(her)s +5246(netw)s 2(ork,)k 1440 -5574(and)m 1778(that)s 2126(gremlin)s +2795(just)s 3132(harv)s 3(ested)k 3941(her)s 4245(passw)s 2(ord.)k +200 fnt84 1440 -6115(2.2)m 1690(.)s 1840(Misdir)s 3(ected)k +2902(Sour)s 3(ce)k 200 fnt82 1440 -6494(If)m 1630(that)s +1986(same)s 2452(user)s 2841(depends)s 3552(on)s 3810(name)s +4299(based)s 4810(authentication)s 1440 -6734(when)m 1941(inside)s 2485(what)s +2941(she)s 3275(considers)s 4095(to)s 4319(be)s 4576(the)s +4888(safe)s 5276(con\207nes)s 1440 -6974(of)m 1697(her)s 2042(internal)s +2740(netw)s 2(ork,)k 3532(she')s 11(s)k 4020(in)s +4266(for)s 4589(another)s 5277(hellride.)s 1440 -7214(An)m 3(yone)k +2131(on)s 2393(an)s 3(y)k 2740(interior)s 3387(host)s +3781(can)s 4119(almost)s 4711(tri)s 5(vially)k 5397(bypass)s +1440 -7454(name)m 1944(based)s 2470(authentication,)s 3720(causing)s 4401(this)s +4761(user')s 11(s)k 5297(hosts)s 5779(to)s 1440 -7694(belie)m 5(v)k 3(e)k +2051(that)s 2394(\205the)s 3(y\206)k 2955(are)s 3242(\205her\206)s +3717(and)s 4050(therefore)s 4812(allo)s 5(wing)k 5549(them)s +1440 -7934(to)m 1643(log)s 1946(in)s 2149(with)s 2551(her)s +2853(access)s 3407(rights)s 3908(and)s 4244(pri)s 5(viledges.)k +5221(An)s 3(y)k 5610(host)s 1440 -8174(which)m 1998(is)s +2201(allo)s 5(wed)k 2897(to)s 3123(accept)s 3701(incoming)s +4525(connections)s 5547(from)s 1440 -8414(outside)m 2087(the)s 2402(local)s +2860(netw)s 2(ork)k 3583(could)s 4098(be)s 4358(fooled)s +4939(in)s 5166(this)s 5525(same)s 1440 -8654(w)m 2(ay)k 13(,)k +1857(b)s 4(ut)k 2158(by)s 2408(an)s 2646(outside)s +3271(host.)s 240 fnt84 1440 -9342(3.)m 1740(Ho)s 2(w)k +2277(Did)s 2709(That)s 3261(Happen?)s 200 fnt82 1440 -9767(Clearly)m 13(,)k +2150(the)s 2481(abo)s 3(v)k 3(e)k 3039(acti)s 5(vities)k +3838(were)s 4312(not)s 4655(design)s 5263(goals)s 5771(of)s +1440 -10007(the)m 160 fnt82 1749 -10005(DNS)m 200 fnt82 2133 -10007(protocol)m +2863(or)s 3095(of)s 3327(the)s 160 fnt82 3636 -10005(BIND)m +200 fnt82 4091 -10007(implementation)m 5406(of)s 5638(that)s 1440 -10247(protocol.)m +2254(Let')s 11(s)k 2701(look)s 3106(at)s 3299(ho)s 5(w)k +3688(the)s 3(y)k 4078(could)s 4571(occur)s 11(.)k +200 fnt84 1440 -10788(3.1)m 1690(.)s 1840(Misdir)s 3(ected)k +2902(Destination)s 200 fnt82 1440 -11166(It)m 1627(could)s 2136(be)s +2390(as)s 2621(simple)s 3217(as)s 3448(a)s 3602(for)s 3(ged)k +4185(response)s 4947(sent)s 5333(directly)s 1440 -11406(to)m 1673(her)s +2005(resolv)s 3(er)k 11(.)k 2759(Ev)s 3(en)k +3244(after)s 3685(25)s 3963(years)s 4460(of)s 4704(e)s 3(xperience,)k +5690(the)s 1440 -11646(Internet)m 2136(still)s 2511(has)s 2854(no)s +3132(production)s 4074(routers)s 4704(which)s 5269(disallo)s 5(w)k +1440 -11886(pack)m 2(ets)k 2084(with)s 2488(impossible)s 3400(source)s +3969(addresses.)s 4880(So)s 5141(if)s 5312(you)s 5662(can)s +1440 -12126(route)m 1919(pack)s 2(ets)k 2583(to)s 2808(someone,)s +3636(you)s 4006(can)s 4352(mak)s 2(e)k 4851(those)s +5341(pack)s 2(ets)k 1440 -12366(look)m 1857(as)s 2084(though)s +2701(the)s 3(y)k 3103(came)s 3584(from)s 4033(a)s +4183(close)s 4653(and)s 5003(trusted)s 5606(host)s 1440 -12606(\211)m +1600(e)s 5(v)k 3(en)k 2028(if)s 2209(the)s 3(y)k +2609(originated)s 3476(outside)s 4111(that)s 4469(host')s 11(s)k +4993(netw)s 2(ork.)k 5804(If)s 1440 -12846(an)m 1678(attack)s 2(er)k +2354(can)s 2680(predict)s 3282(the)s 3575(time)s 3978(that)s +4326(a)s 4464(query)s 4968(will)s 5327(be)s 5565(sent,)s +1440 -13086(he)m 1699(need)s 2146(only)s 2572(\210ood)s 3054(the)s +3368(resolv)s 3(er)k 4076(with)s 4501(bogus)s 5049(replies)s +5649(and)s 1440 -13326(hope)m 1890(that)s 2250(his)s 2544(bogons)s +3183(arri)s 5(v)k 3(e)k 3700(earlier)s 4268(than)s +4673(the)s 4978(real)s 5337(answer)s 11(.)k 1440 -13566(Predicting)m +2351(the)s 160 fnt82 2687 -13564(UDP)m 200 fnt82 3098 -13566(port)m +3512(used)s 3970(by)s 4263(the)s 4599(resolv)s 3(er)k +5329(for)s 5654(an)s 3(y)k 1440 -13806(gi)m 5(v)k 3(en)k +1947(query)s 2473(might)s 3010(require)s 3645(that)s 4015(a)s +4175(no)s 3(vice)k 4775(attack)s 2(er)k 5473(spend)s +1440 -14046(se)m 5(v)k 3(eral)k 2038(minutes)s 2712(thinking)s +3421(about)s 3908(it,)s 4112(b)s 4(ut)k 4407(man)s 3(y)k +4891(attack)s 2(ers)k 5638(will)s 1440 -14286(consider)m 2164(that)s +2512(time)s 2915(well)s 3307(spent.)s 6700 -1576(This)m 7114(w)s 2(ould)k +7671(not)s 7986(ha)s 4(v)k 3(e)k 8415(w)s 2(ork)k 2(ed)k +9069(in)s 9284(our)s 9610(e)s 3(xample,)k 10391(since)s +6300 -1816(we')m 10(re)k 6820(assuming)s 7650(a)s 7816(one-w)s 2(ay)k +8578(\207re)s 5(w)k 2(all.)k 9356(Her)s 9732(resolv)s 3(er)k +10447(isn')s 3(t)k 6300 -2056(reachable)m 7158(by)s 7455(pack)s 2(ets)k +8146(from)s 8630(outside)s 9302(her)s 9653(net)s 9993(\211)s +10190(b)s 4(ut)k 10538(her)s 6300 -2296(name)m 6812(serv)s 3(er)k +7375(is.)s 7688(If)s 7901(that)s 8280(name)s 8792(serv)s 3(er)k +9355(can)s 9712(be)s 9981(corrupted,)s 6300 -2536(e)m 5(v)k 3(en)k +6804(for)s 7172(an)s 7496(instant,)s 8212(then)s 8691(an)s +9015(attack)s 2(er)k 9777(can)s 10189(redirect)s 6300 -2776(telnet)m +6825(sessions)s 7560(\(containing)s 8551(passw)s 2(ords\),)k 9578(electronic)s +10445(mail)s 6300 -3016(\(containing)m 7349(proprietary)s 8375(information\),)s 9573(or)s +9881(e)s 5(v)k 3(en)k 10391(other)s 160 fnt82 +6300 -3254(DNS)m 200 fnt82 6674 -3256(queries)m 7304(\(thus)s 7758(using)s +8246(one)s 8590(name)s 9077(serv)s 3(er)k 9615(to)s +9826(help)s 10225(corrupt)s 6300 -3496(others.\))m 6990(Ev)s 3(ery)k +7501(one)s 7827(of)s 8031(those)s 8489(things)s 9014(has)s +9317(been)s 9731(seen)s 10122(in)s 10315(action)s 6300 -3736(\211)m +6450(we')s 10(re)k 6942(not)s 200 fnt83 7247 -3735(just)m +200 fnt82 7584 -3736(being)m 8077(paranoid.)s 200 fnt84 6300 -4277(3.2)m +6550(.)s 6700(Misdir)s 3(ected)k 7762(Sour)s 3(ce)k +200 fnt82 6300 -4656(On)m 6594(late)s 6930(mod)s 7285(el)s +160 fnt82 7478 -4654(BSD)m 200 fnt82 7787 -4656(-de)m 8041(ri)s 5(v)k 3(ed)k +8492(sys)s 8746(tems,)s 9221(name)s 9702(based)s 10205(au)s +10393(then)s 10736(-)s 6300 -4896(ti)m 6410(ca)s 6586(tion)s +6975(usu)s 7252(al)s 7395(ly)s 7629(tak)s 2(es)k +8114(the)s 8436(form)s 8902(of)s 9147(\207les)s 9557(con)s +9845(tain)s 10143(ing)s 10477(lists)s 6300 -5136(of)m 6551(host)s +6968(names)s 7561(or)s 7812(ad)s 8000(dress)s 8408(es,)s +8708(pos)s 8985(si)s 9117(bly)s 9457(in)s 9612(clud)s +9955(ing)s 10295(a)s 10468(user)s 6300 -5376(name)m 6769(to)s +6962(be)s 7188(matched)s 7900(ag)s 1(ainst)k 8500(the)s +8781(re)s 8935(mote)s 9371(\(\205incoming\206\))s 10470(user)s 6300 -5616(name)m +128 fnt82 6731 -5527(1)m 200 fnt82 6795 -5616(.)m 6896(A)s +7091(con)s 7379(v)s 3(en)k 7664(tion)s 8025(is)s +8208(up)s 8408(held)s 8802(where)s 9288(by)s 9539(cer)s +9781(tain)s 160 fnt82 10130 -5614(TCP)m 200 fnt82 10472 -5616(port)m +6300 -5856(num)m 6655(bers)s 128 fnt82 6986 -5767(2)m 200 fnt82 +7099 -5856(are)m 7390(able)s 7770(to)s 7974(be)s 8211(bound)s +8760(only)s 9164(by)s 9413(pro)s 9679(cess)s 10009(es)s +10223(e)s 3(x)k 10408(e)s 10496(cut)s 10739(-)s +6300 -6096(ing)m 6608(with)s 7015(so-)s 7258(called)s 7785(\205super)s +8357(user\206)s 8829(pri)s 5(v)k 9145(iledges)s 128 fnt82 +9708 -6007(3)m 200 fnt82 9772 -6096(.)m 9925(This)s 10332(rather)s +6300 -6336(brit)m 6576(tle)s 6849(chain)s 7355(of)s 7596(causal)s +8092(i)s 8147(ty)s 8377(per)s 8631(mits)s 9048(the)s +160 fnt82 9366 -6334(BSD)m 200 fnt84 9750 -6337(ruser)m 3(ok\(\))k +200 fnt82 10617 -6336(li)m 10727(-)s 6300 -6576(brary)m 6780(call)s +7126(to)s 7341(as)s 7506(sume)s 7986(that)s 8344(the)s +8647(re)s 8801(mote)s 9259(user)s 9650(name)s 10141(gi)s 5(v)k +10391(en)s 10639(in)s 6300 -6816(the)m 6603(data)s 6994(stream)s +7583(is)s 7775(\205authentic\206)s 8740(from)s 9187(the)s 9490(point)s +9960(of)s 10186(vie)s 5(w)k 10628(of)s 6300 -7056(the)m +6598(re)s 6752(mote)s 7205(host)s 7592(and)s 7935(its)s +8177(ad)s 8365(min)s 8675(is)s 8807(tra)s 9016(tors.)s +9469(Users)s 9976(are)s 10273(not)s 10583(al)s 10726(-)s +6300 -7296(lo)m 5(wed)k 6834(to)s 7041(claim,)s 7584(when)s +8068(the)s 3(y)k 8460(use)s 8777(the)s 200 fnt84 +9072 -7297(rsh)m 200 fnt82 9400 -7296(or)m 200 fnt84 9618 -7297(rdist)m +200 fnt82 10067 -7296(or)m 200 fnt84 10285 -7297(rlogin)m 200 fnt82 +6300 -7536(com)m 6643(mands,)s 7265(that)s 7615(the)s 3(y)k +8007(are)s 8301(some)s 8721(body)s 9173(the)s 3(y')k 10(re)k +9775(not)s 10082(\211)s 10234(at)s 10429(least)s 6300 -7776(on)m +6550(well)s 6942(run,)s 7308(trust)s 7661(w)s 2(or)k +7969(th)s 1(y)k 8273(mul)s 8583(tius)s 8870(er)s +9074(hosts.)s 160 fnt82 6700 -8085(BSD)m 200 fnt82 7009 -8087(')m 11(s)k +7264(security)s 8016(took)s 8494(a)s 8705(giant)s 9226(step)s +9669(forw)s 2(ard)k 10420(back)s 6300 -8327(in)m 6567(1989)s +7079(or)s 7357(so,)s 7696(when)s 8240(the)s 8595(callers)s +9224(of)s 200 fnt84 9502 -8328(ruser)m 3(ok\(\))k 200 fnt82 +10406 -8327(were)m 6300 -8567(encouraged)m 7316(to)s 7569(do)s 7867(more)s +8374(than)s 8815(blindly)s 9478(assume)s 10161(that)s 10557(the)s +6300 -8807(result)m 6891(of)s 200 fnt84 7207 -8808(gethostbyaddr\(getpeer)m 3(name\()k +200 fnt82 9659 -8807(remote)m 200 fnt84 10211 -8808(\)\))m 200 fnt82 +10493 -8807(w)m 2(as)k 6300 -9047(accurate.)m 7095(It)s 7250(used)s +7649(to)s 7838(be)s 8060(that)s 8392(whate)s 5(v)k 3(er)k +160 fnt82 9147 -9045(DNS)m 200 fnt82 9499 -9047(g)m 1(a)k 4(v)k 3(e)k +9901(as)s 10100(the)s 10377(name)s 6300 -9287(corresponding)m 7535(to)s +7785(the)s 8123(source)s 8737(address)s 9428(of)s 9689(a)s +9872(connection,)s 6300 -9527(w)m 2(as)k 6717(used)s 7192(directly)s +7909(as)s 8184(the)s 8537(search)s 9154(k)s 2(e)k 3(y)k +9547(when)s 10089(scanning)s 200 fnt84 6300 -9768(~/.rhosts)m 200 fnt82 +7150 -9767(and)m 7560(its)s 7869(bretheren.)s 8842(After)s 9383(someone)s +10213(noticed)s 6300 -10007(that)m 6684(the)s 7013(name)s 7530(serv)s 3(er)k +8098(being)s 8627(ask)s 2(ed)k 9164(for)s 9482(this)s +9855(information)s 6300 -10247(w)m 2(as)k 6675(the)s 6986(one)s +7342(belonging)s 8208(to)s 8431(the)s 8742(connection')s 11(s)k +9816(initiator)s 8(,)k 10555(the)s 6300 -10487(con)m 8(v)k 3(ention)k +7210(changed:)s 7964(No)s 5(w)k 13(,)k 8419(after)s +8817(calling)s 200 fnt84 9393 -10488(gethostbyaddr\(\))m 200 fnt82 10754 -10487(,)m +6300 -10727(the)m 6626(result)s 7150(is)s 7365(passed)s 7978(back)s +8437(through)s 200 fnt84 9141 -10728(gethostbyname\(\))m 200 fnt82 10640 -10727(to)m +6300 -10967(see)m 6642(if)s 6852(the)s 7184(addresses)s 8034(and)s +8411(names)s 9008(all)s 9295(match.)s 9970(The)s 10369(name)s +6300 -11207(serv)m 3(er)k 6843(for)s 200 fnt84 7136 -11208(gethostbyname\(\))m +200 fnt82 8613 -11207(will)m 8983(be,)s 9282(barring)s 9918(corruption,)s +6300 -11447(authoritati)m 5(v)k 3(e)k 7346(for)s 7627(an)s 3(y)k +7961(gi)s 5(v)k 3(en)k 8445(host)s 8826(name)s +9306(in)s 200 fnt84 9510 -11448(~/.rhosts)m 200 fnt82 10287 -11447(\(et)m +10545(al.\))s 6300 -11687(Someone)m 7104(who)s 7510(can)s 7848(mak)s 2(e)k +8339(their)s 8765(address)s 9423(appear)s 10015(to)s 10232(map)s +10637(to)s 6300 -11927(one)m 6655(of)s 6888(your)s 7321(hosts)s +7797(will)s 8173(ha)s 4(v)k 3(e)k 8609(to)s +8831(tak)s 2(e)k 9227(some)s 9714(e)s 3(xtra)k +10175(steps)s 10639(to)s 6300 -12167(also)m 6670(mak)s 2(e)k +7149(your)s 7565(host)s 7947(appear)s 8527(to)s 8732(ha)s 4(v)k 3(e)k +9151(one)s 9489(of)s 9705(his)s 9987(addresses.)s 6700 -12478(\(SunOS)m +7403(put)s 7729(this)s 8087(check)s 8622(into)s 200 fnt84 +9003 -12479(gethostbyaddr\(\))m 200 fnt82 10435 -12478(\211)m 10606(an)s 6300 -12718(error)m +6728(that)s 7068(will)s 7419(li)s 5(v)k 3(e)k +7751(in)s 7948(inf)s 2(amy)k 13(,)k 8589(since)s +9039(not)s 9336(e)s 5(v)k 3(ery)k 9812(caller)s +10294(of)s 10502(that)s 6300 -12958(function)m 7033(w)s 2(ants)k +7564(to)s 7788(get)s 8100(an)s 8357(\205error\206)s 8988(return)s +9532(status)s 10053(when)s 10554(the)s gsave +6300 -13574 translate +200 fnt82 0.0 0.0 0.0 setrgbcolor 1134 0 0 0 200 240 50 LoutGraphic +gsave +0 0 moveto xsize 0 lineto stroke +grestore + +grestore +102 fnt82 0.0 0.0 0.0 setrgbcolor +6300 -13755(1)m 160 fnt82 6351 -13826(E.g.,)m 160 fnt84 6688(hosts.equi)s 1(v)k +160 fnt82 7443(,)s 160 fnt84 7523(hosts.lpd)s 160 fnt82 +8128(,)s 160 fnt84 8208(~/.rhosts)s 102 fnt82 6300 -14041(2)m +160 fnt82 6351 -14112(Those)m 6781(from)s 7131(512)s 7411(to)s +7575(1023.)s 102 fnt82 6300 -14295(3)m 160 fnt82 6351 -14366(This)m +6674(con)s 6(v)k 2(ention)k 7416(is)s 7562(of)s +7735(course)s 8192(meaningless)s 9021(on)s 9221(single-user)s 9961(hosts.)s + +grestore + +pgsave restore +showpage + +%%Page: ? 3 +%%BeginPageSetup +%%PageResources: font Times-Roman +%%+ font Times-Bold +%%+ font Times-Italic +/pgsave save def +0.0500 dup scale 10 setlinewidth +%%EndPageSetup +gsave +0 15840 translate +0.0000 rotate + +grestore +gsave +0 15840 translate +0.0000 rotate +200 fnt82 0.0 0.0 0.0 setrgbcolor 1440 -1576(forw)m 2(ard)k 2150(and)s +2520(re)s 5(v)k 3(erse)k 3167(lookups)s 3881(yield)s +4361(asymmetric)s 5370(results.)s 1440 -1816(The)m 1853(proper)s 2476(place)s +2998(for)s 3333(this)s 3723(mapping)s 4524(logic)s 5025(is)s +5260(in)s 5518(those)s 1440 -2056(applications)m 2459(and)s 2805(library)s +3393(calls)s 3814(who)s 4216(intend)s 4772(to)s 4985(use)s +5308(the)s 5609(data)s 1440 -2296(for)m 1720(some)s 2188(kind)s +2591(of)s 2805(authentication)s 3980(\211)s 4128(it)s 4286(is)s +4466(not)s 4769(a)s 4905(naming)s 5551(issue)s 1440 -2536(per)m +1744(se,)s 2009(and)s 2347(does)s 2762(not)s 3067(belong)s +3660(in)s 3865(the)s 4158(resolv)s 3(er)k 11(.\))k +1840 -2847(As)m 2114(ef)s 5(fecti)k 5(v)k 3(e)k +2848(as)s 3066(that)s 3417(e)s 3(xtra)k 200 fnt84 +3864 -2848(gethostbyname\(\))m 200 fnt82 5333 -2847(call)m 5672(has)s 1440 -3087(been,)m +1908(its)s 2137(goal)s 2522(w)s 2(as)k 2871(to)s +3068(k)s 2(eep)k 3484(attack)s 2(ers)k 4229(from)s +4658(just)s 4987(editing)s 5582(their)s 160 fnt82 1440 -3325(IN-ADDR.ARP)m 14(A)k +200 fnt82 2603 -3327(zones)m 3097(and)s 3426(zooming)s 4165(on)s +4406(in.)s 4702(No)s 4987(thought)s 5638(w)s 2(as)k +1440 -3567(gi)m 5(v)k 3(en)k 1949(to)s 2178(whether)s +2893(the)s 3210(name)s 3715(serv)s 3(ers)k 4348(could)s +4865(be)s 5127(corrupted.)s 1440 -3807(So)m 1724(while)s 2239(an)s +2500(attack)s 2(er)k 3199(has)s 3537(a)s 3698(little)s +4134(more)s 4616(w)s 2(ork)k 5097(to)s 5325(do)s +5598(no)s 5(w)k 1440 -4047(than)m 1853(in)s 2078(the)s +2391(Old)s 2760(Days,)s 3289(it)s 3469(is)s 3671(still)s +4038(tri)s 5(vially)k 4732(easy)s 5155(to)s 5380(pollute)s +1440 -4287(the)m 1733(caches)s 2312(of)s 2528(the)s 2821(set)s +3091(of)s 3307(serv)s 3(ers)k 3916(who)s 4310(will)s +4669(be)s 4907(ask)s 2(ed)k 5408(for)s 5690(the)s +200 fnt84 1440 -4528(gethostbyaddr\(\))m 200 fnt82 2885 -4527(and)m 200 fnt84 +3257 -4528(gethostbyname\(\))m 200 fnt82 4757 -4527(answers,)m 5531(or)s 5781(to)s +1440 -4767(\210ood)m 1905(the)s 2202(resolv)s 3(ers)k 2970(with)s +3378(bogus)s 3909(responses)s 4736(at)s 4933(the)s 5230(time)s +5637(that)s 1440 -5007(the)m 3(y)k 1830(are)s 2122(predicted)s +2912(to)s 3117(be)s 3355(w)s 2(aiting)k 4000(for)s +4282(the)s 4575(answers.)s 1840 -5318(If)m 2035(an)s 2286(attack)s 2(er)k +2975(can)s 3314(reach)s 3807(the)s 4113(victim')s 11(s)k +4816(host,)s 5261(the)s 3(y)k 5664(can)s 1440 -5558(probably)m +2223(mak)s 2(e)k 2726(their)s 3164(host)s 3570(name)s +4075(seem)s 4557(to)s 4786(be)s 5048(almost)s 5652(an)s 3(y)k +1440 -5798(arbitrary)m 2210(string)s 2749(when)s 3267(vie)s 5(wed)k +3923(by)s 4209(the)s 4538(victim')s 11(s)k 200 fnt84 +5264 -5799(rlogind)m 200 fnt82 5884 -5798(.)m 1440 -6038(And,)m 1869(if)s +2025(the)s 3(y)k 2400(can)s 2711(also)s 3066(break)s +3543(\205super)s 4097(user\206)s 4551(on)s 4786(the)s 5064(source)s +5618(host)s 1440 -6278(\(or)m 1727(if)s 1903(that)s 2256(host)s +2643(is)s 2830(their)s 3249(o)s 5(wn)k 3643(of\207ce)s +4151(w)s 2(orkstation\),)k 5260(the)s 3(y)k 5655(can)s +1440 -6518(mak)m 2(e)k 1930(the)s 2234(victim)s 2803(see)s +3117(an)s 3(y)k 3463(arbitrary)s 4208(remote)s 4821(user)s +5213(name.)s 5805(If)s 1440 -6758(this)m 1777(attack)s 2(er)k +2453(kno)s 5(ws)k 3019(an)s 3(y)k 3354(of)s +3570(the)s 3863(contents)s 4576(of)s 4792(your)s 200 fnt84 +5208 -6759(~/.rhosts)m 200 fnt82 1440 -6998(\207les)m 1817(or)s 2029(your)s +2441(~B)s 2682(hosts.equi)s 5(v)k 3625(\207le)s 3925(\211)s +4071(and)s 4405(these)s 4859(are)s 5147(eminently)s 1440 -7238(guessable)m +2263(\211)s 2413(then)s 2806(the)s 3(y)k 3196(are)s +200 fnt83 3488 -7237(in)m 200 fnt82 3643 -7238(.)m 240 fnt84 +1440 -7926(4.)m 1740(Pr)s 4(otocol)k 2659(V)s 8(iew)k +3229(of)s 3488(W)s 15(eaknesses)k 200 fnt82 1440 -8306(One)m +1869(w)s 2(ay)k 2296(of)s 2559(looking)s 3266(at)s +3506(these)s 4011(weaknesses)s 5035(is)s 5264(from)s 5748(an)s +1440 -8546(operational)m 2461(point)s 2997(of)s 3289(vie)s 5(w)k 13(,)k +3834(which)s 4447(gi)s 5(v)k 3(en)k 5008(the)s +5377(current)s 1440 -8786(state)m 1883(of)s 2129(the)s 2452(art,)s +2791(tells)s 3201(us:)s 200 fnt83 3513 -8785(name)m 4025(based)s +4570(authentication)s 5801(is)s 1440 -9025(inher)m 7(ently)k 2303(insecur)s 7(e)k +200 fnt82 2969 -9026(.)m 3133(Sessions)s 3882(\(whether)s 160 fnt82 +4653 -9024(TELNET)m 200 fnt82 5253 -9026(,)m 160 fnt82 5367 -9024(NFS)m +200 fnt82 5658 -9026(,)m 5772(or)s 1440 -9266(whate)m 5(v)k 3(er\))k +2279(should)s 2863(require)s 3478(something)s 4360(stronger)s 5064(than)s +5459(trying)s 1440 -9506(to)m 1645(determine)s 2490(a)s 2628(host')s 11(s)k +3142(name)s 3623(and)s 3961(and)s 4299(then)s 4692(looking)s +5352(for)s 5634(that)s 1440 -9746(name)m 1923(in)s 2130(some)s +2602(statically)s 3370(con\207gured)s 4275(list.)s 4619(\()s 4685([)s +4751(RFC1510)s 5528(])s 5646(and)s 1440 -9986([)m 1506(RFC1760)s +2283(])s 2399(are)s 2691(each)s 3105(cause)s 3596(for)s +3878(optimism.\))s 1840 -10297(From)m 2307(the)s 2585(bottom,)s 3235(though,)s +3875(these)s 4318(weaknesses)s 5280(all)s 5513(come)s 1440 -10537(with)m +1875(particular)s 2717(sets)s 3095(of)s 3342(details)s 3941(and)s +4310(can)s 4667(be)s 4936(described)s 5779(in)s 1440 -10777(terms)m +1960(of)s 160 fnt82 2205 -10775(DNS)m 200 fnt82 2602 -10777(protocol)m +3345(elements.)s 4230(As)s 4530(implementors)s 5703(we)s 1440 -11017(are)m +1728(more)s 2183(interested)s 3001(in)s 3202(this)s 3535(vie)s 5(w)k +3963(than)s 4352(in)s 4553(the)s 4842(more)s 5297(political)s +1440 -11257(questions)m 2225(of)s 2424(Global)s 2999(Internet)s 3650(Authentication.)s +4966(So)s 5210(let')s 11(s)k 5573(ha)s 4(v)k 3(e)k +1440 -11497(a)m 1595(look)s 2017(at)s 2227(the)s 2537(pack)s 2(ets,)k +3248(shall)s 3690(we?)s 4127(After)s 4613(that)s 4978(we')s 2(ll)k +5451(tak)s 2(e)k 5847(a)s 1440 -11737(look)m 1845(at)s +2038(the)s 2331(w)s 2(ays)k 2788(the)s 3(y)k +3178(can)s 3504(be)s 3742(perv)s 3(erted.)k 1840 -12048(W)m 16(e)k +2161(do)s 2422(not)s 2738(in)s 2893(tend)s 3297(to)s +3513(present)s 4148(an)s 4397(e)s 3(x)k 4582(haus)s +4947(ti)s 5(v)k 3(e)k 5298(de)s 5486(scrip)s +5872(-)s 1440 -12288(tion)m 1794(of)s 160 fnt82 2004 -12286(DNS)m +200 fnt82 2366 -12288(\211)m 2510([)s 2576(RFC1034)s 3353(])s +3463(and)s 3795([)s 3861(RFC1035)s 4638(])s 4748(al)s +4891(ready)s 5377(\207ll)s 5642(that)s 1440 -12528(need.)m 1963(Our)s +2320(goal)s 2710(in)s 2912(this)s 3246(sec)s 3499(tion)s +3856(is)s 4035(to)s 4237(present)s 4858(enough)s 5493(in)s +5648(for)s 5880(-)s 1440 -12768(ma)m 1683(tion)s 2030(about)s +160 fnt82 2510 -12766(DNS)m 200 fnt82 2865 -12768(that)m 3200(some)s +3620(one)s 3945(un)s 4145(f)s 2(a)k 4297(mil)s +4562(iar)s 4808(with)s 5199(its)s 5423(de)s 5611(tails)s +1440 -13008(can)m 1795(still)s 2171(un)s 2371(der)s 2625(stand)s +3124(the)s 3446(se)s 3611(cu)s 3799(ri)s 3920(ty)s +4154(rami\207cations)s 5271(of)s 5516(some)s 1440 -13248(of)m 160 fnt82 +1691 -13246(DNS)m 200 fnt82 2009 -13248(')m 11(s)k 2226(de)s +2414(sign)s 2831(choic)s 3262(es.)s 3612(If)s 3829(this)s +4201(re)s 4355(port)s 4761(dis)s 4993(agrees)s 5585(with)s +1440 -13488([)m 1506(RFC1034)s 2283(])s 2405(or)s 2627([)s +2693(RFC1035)s 3470(])s 3592(in)s 3803(an)s 3(y)k +4144(de)s 4332(tail,)s 4691(it)s 4857(is)s 5045(most)s +5488(lik)s 2(e)k 5784(ly)s 1440 -13728(that)m 1788(the)s +2081(re)s 2235(port)s 2606(is)s 2788(wrong.)s 200 fnt84 +6300 -1577(4.1)m 6550(.)s 160 fnt84 6700 -1574(DNS)m 200 fnt84 +7068 -1577(Datagram)m 7982(F)s 5(ormats)k 160 fnt82 6300 -1992(DNS)m +200 fnt82 6664 -1994(queries)m 7284(and)s 7618(responses)s 8437(use)s +8748(a)s 8882(common)s 9626(format,)s 10252(though)s 6300 -2234(not)m +6651(all)s 6945(protocol)s 7705(elements)s 8507(are)s 8845(used)s +9306(all)s 9600(the)s 9939(time.)s 10488(The)s 6300 -2474(simplest)m +7047(case,)s 7523(described)s 8370(here,)s 8847(uses)s 160 fnt82 +9274 -2472(IP/UDP)m 200 fnt82 9862 -2474(where)m 10433(each)s 6300 -2714(datagram)m +7085(contains)s 7793(one)s 160 fnt82 8126 -2712(DNS)m 200 fnt82 +8489 -2714(query)m 8988(or)s 9199(response.)s 160 fnt82 10040 -2712(DNS)m +200 fnt82 10358 -2714(')m 11(s)k 10535(use)s 6300 -2954(of)m +160 fnt82 6520 -2952(IP/TCP)m 200 fnt82 7050 -2954(is)m 7236(be)s 3(yond)k +7875(the)s 8172(scope)s 8679(of)s 8899(this)s 9240(report)s +9769(other)s 10232(than)s 10629(as)s 6300 -3194(it)m 6460(af)s 5(fects)k +7033(zone)s 7459(transfers,)s 8242(which)s 8779(we)s 9061(will)s +9420(discuss)s 10044(shortly)s 13(.)k 200 fnt84 6300 -3506(Header)m +7064(Section)s 200 fnt82 7683 -3505(:)m 7872(Describes)s 8789(the)s +9166(other)s 9709(sections,)s 10533(has)s 6700 -3745(\210ags)m 7207(including)s +160 fnt82 8091 -3743(RD)m 200 fnt82 8443 -3745(\(recursion)m 9380(desired\))s +10151(and)s 160 fnt82 10570 -3743(AA)m 200 fnt82 6700 -3985(\(authoritati)m 5(v)k 3(e)k +7831(answer\),)s 8578(and)s 8934(most)s 9389(important)s 10231(for)s +10531(our)s 6700 -4225(discussion,)m 7629(has)s 7944(a)s 8082(16)s +8332(bit)s 8592(\205query)s 160 fnt82 9184 -4223(ID)m 200 fnt82 +9352 -4225(.)m 14(\206)k 200 fnt84 6300 -4537(Query)m 6884(Section)s +200 fnt82 7503 -4536(:)m 7600(Contains)s 8350(the)s 8635(name,)s +9158(class,)s 9635(and)s 9965(type)s 10350(of)s 10558(the)s +6700 -4776(resource)m 7406(record)s 7947(set)s 8200(\(\205RRset\206\))s 9027(being)s +9503(queried)s 10133(for)s 11(.)k 160 fnt82 10487 -4774(DNS)m +200 fnt82 6700 -5016(permits)m 7353(multiple)s 8073(queries)s 8704(in)s +8916(this)s 9260(section)s 9880(b)s 4(ut)k 10188(this)s +10532(has)s 6700 -5256(ne)m 5(v)k 3(er)k 7184(been)s +7610(tried)s 8024(and)s 8362(is)s 8544(not)s 8849(well)s +9241(speci\207ed.)s 200 fnt84 6300 -5568(Answer)m 7041(Section)s 200 fnt82 +7660 -5567(:)m 7804(Al)s 2(w)k 2(ays)k 8497(empty)s +9084(in)s 9328(queries.)s 10091(Contains)s 6700 -5807(the)m 7003(RRset)s +7549(matching)s 8350(the)s 8653(query)s 13(,)k 9204(or)s +9430(is)s 9622(empty)s 10180(if)s 10361(name)s 6700 -6047(doesn')m 3(t)k +7349(e)s 3(xist,)k 7837(if)s 8024(no)s 8290(data)s +8687(matched)s 9427(the)s 9736(query)s 13(,)k 10293(or)s +10525(if)s 10712(a)s 6700 -6287(nonrecursi)m 5(v)k 3(e)k +7770(query)s 8274(results)s 8842(in)s 9047(a)s 9185(referral.)s +200 fnt84 6300 -6599(A)m 10(uthority)k 7210(Section)s 200 fnt82 +7829 -6598(:)m 7963(Al)s 2(w)k 2(ays)k 8646(empty)s +9223(in)s 9457(queries.)s 10210(Can)s 10610(be)s 6700 -6838(empty)m +7282(in)s 7521(responses.)s 8478(If)s 8694(nonempty)s 13(,)k +9613(it)s 9807(contains)s 10554(the)s 160 fnt82 6700 -7076(NS)m +200 fnt82 6992 -7078(and)m 160 fnt82 7369 -7076(SO)m 5(A)k +7771(RR)s 200 fnt82 7983 -7078(s)m 8149(for)s 8470(the)s +8802(enclosing)s 9654(zone.)s 10219(This)s 10662(is)s 6700 -7318(sometimes)m +7600(called)s 8124(\205referral)s 8845(data.)s 14(\206)k 200 fnt84 +6300 -7630(Additional)m 7245(Data)s 7692(Section)s 200 fnt82 8311 -7629(:)m +8403(Al)s 2(w)k 2(ays)k 9044(empty)s 9579(in)s +9771(queries.)s 10482(Can)s 6700 -7869(be)m 6958(empty)s 7526(in)s +7751(responses.)s 8694(If)s 8896(the)s 9209(answer)s 9842(or)s +10078(authority)s 6700 -8109(section)m 7326(contains)s 8052(an)s 3(y)k +160 fnt82 8400 -8107(RR)m 200 fnt82 8612 -8109(s)m 8752(whose)s +9324(data)s 9718(\207elds)s 10212(contain)s 6700 -8349(RRnames,)m 7609(the)s +7937(RRsets)s 8585(for)s 8902(those)s 9407(RRnames)s 10266(appear)s +6700 -8589(here.)m 200 fnt84 6300 -9089(4.2)m 6550(.)s 6700(Ser)s 2(v)k 2(ers)k +7386(and)s 7758(Resolv)s 2(ers)k 200 fnt82 6300 -9468(The)m +6687(client)s 7205(in)s 160 fnt82 7437 -9466(DNS)m 200 fnt82 +7832 -9468(is)m 8041(called)s 8592(a)s 8757(\205resolv)s 3(er)k 11(.)k 14(\206)k +9722(The)s 10109(serv)s 3(er)k 10668(is)s 6300 -9708(called,)m +6865(appropriately)s 7967(enough,)s 8646(a)s 8775(\205name)s 9335(serv)s 3(er)k 11(.)k 14(\206)k +10021(Resolv)s 3(ers)k 6300 -9948(ha)m 4(v)k 3(e)k +6714(some)s 7179(static)s 7642(con\207guration)s 8750(information,)s 9785(consisting)s +10637(of)s 6300 -10188(a)m 6427(domain)s 7064(\205search)s 7698(list\206)s +8067(and)s 8394(a)s 8521(list)s 8802(of)s 9007(name)s +9477(serv)s 3(er)k 9998(addresses.)s 6300 -10428(Theoretically)m 13(,)k +7471(a)s 7633(resolv)s 3(er)k 8344(can)s 8694(also)s +9088(be)s 9350(con\207gured)s 10277(with)s 10705(a)s 6300 -10668(static)m +6759(map)s 7143(of)s 7350(domains)s 8066(to)s 8262(name)s +8734(serv)s 3(er)k 9257(addresses,)s 10109(allo)s 5(wing)k +6300 -10908(queries)m 6969(to)s 7219(be)s 7502(forw)s 2(arded)k +8413(directly)s 9115(to)s 9365(appropriate)s 10366(name)s 6300 -11148(serv)m 3(ers)k +6941(for)s 7255(some)s 7757(set)s 8059(of)s 8307(locally)s +8930(kno)s 5(wn)k 9551(domains.)s 160 fnt82 10408 -11146(BIND)m +200 fnt82 6300 -11388(does)m 6725(not)s 7040(implement)s 7951(this)s +8298(last)s 8633(part)s 9002(yet.)s 9355(The)s 9725(resolv)s 3(er')k 11(s)k +10554(list)s 6300 -11628(of)m 6526(name)s 7017(serv)s 3(er)k +7559(addresses)s 8380(had)s 8728(better)s 9240(include)s 9886(at)s +10089(least)s 10512(one)s 6300 -11868(recursi)m 5(v)k 3(e)k +7069(name)s 7549(serv)s 3(er)k 8(,)k 8122(or)s +8337(the)s 160 fnt82 8629 -11866(DNS)m 200 fnt82 8996 -11868(name)m +9476(space)s 9966(is)s 10147(going)s 10651(to)s 6300 -12108(look)m +6705(pretty)s 7219(small.)s 200 fnt84 6300 -12649(4.3)m 6550(.)s +6700(Recursion)s 200 fnt82 6300 -13027(T)m 16(o)k 6557(\205recurse\206)s +7357(on)s 7608(a)s 7747(query)s 8252(means)s 8811(that)s +9160(when)s 9643(a)s 9782(query)s 10287(comes)s 6300 -13267(in)m +6507(for)s 6791(an)s 7031(RRset)s 7569(not)s 7876(kno)s 5(wn)k +8467(to)s 8674(the)s 8969(serv)s 3(er)k 9503(recei)s 5(ving)k +10290(it,)s 10502(that)s 6300 -13507(serv)m 3(er)k 6829(will)s +7185(forw)s 2(ard)k 7860(it)s 8017(to)s 8219(some)s +8686(name)s 9164(serv)s 3(er)k 9693(more)s 10149(lik)s 2(ely)k +10647(to)s 6300 -13747(kno)m 5(w)k 6802(the)s 7108(answer)s 11(.)k +7823(In)s 8052(some)s 8535(cases,)s 9066(the)s 9372(forw)s 2(arding)k +10318(serv)s 3(er)k 6300 -13987(will)m 6678(kno)s 5(w)k +7186(the)s 7498(name)s 7998(serv)s 3(er)k 8549(list)s +8860(for)s 9161(the)s 9473(e)s 3(xact)k 9958(domain)s +10625(or)s 6300 -14227(parent)m 6862(domain)s 7525(of)s 7756(the)s +8064(query)s 13(.)k 8670(More)s 9166(often,)s 9690(a)s +9843(grandparent)s +grestore + +pgsave restore +showpage + +%%Page: ? 4 +%%BeginPageSetup +%%PageResources: font Times-Roman +%%+ font Times-Bold +%%+ font Times-Italic +/pgsave save def +0.0500 dup scale 10 setlinewidth +%%EndPageSetup +gsave +0 15840 translate +0.0000 rotate + +grestore +gsave +0 15840 translate +0.0000 rotate +200 fnt82 0.0 0.0 0.0 setrgbcolor 1440 -1576(domain')m 11(s)k 2254(serv)s 3(ers)k +2897(are)s 3223(kno)s 5(wn,)k 3896(or)s 4146(no)s +4430(serv)s 3(ers)k 5073(are)s 5399(kno)s 5(wn)k +1440 -1816(and)m 1777(the)s 2069(query)s 2572(is)s 2753(sent)s +3122(all)s 3369(the)s 3661(w)s 2(ay)k 4040(to)s +4244(the)s 4536(root)s 4906(name)s 5386(serv)s 3(ers)k +1440 -2056(\(which)m 2041(are)s 2331(co-operated)s 3318(by)s 3566(the)s +3857(InterNIC)s 4623(and)s 4959(a)s 5095(w)s 2(orldwide)k +1440 -2296(cadre)m 1910(of)s 2116(v)s 4(olunteers.\))k 3097(There)s +3601(is)s 3773(a)s 3901(\210ag)s 4240(in)s 4435(the)s +4718(query)s 5212(called)s 160 fnt82 5726 -2294(RD)m 200 fnt82 +1440 -2536(which,)m 2037(if)s 2218(set,)s 2548(speci\207es)s 3292(that)s +3650(recursion)s 4450(is)s 4642(desired;)s 5331(if)s 5512(clear)s 8(,)k +1440 -2776(a)m 1592(name)s 2087(serv)s 3(er)k 2633(will)s +3006(answer)s 3633(queries)s 4271(for)s 4567(unkno)s 5(wn)k +5370(RRsets)s 1440 -3016(with)m 1838(an)s 2070(appropriate)s 3020(error)s +3450(\(\205name)s 4079(unkno)s 5(wn\206)k 4950(or)s 5160(\205no)s +5492(data,)s 14(\206)k 1440 -3256(depending.\))m 1840 -3567(Sending)m 2561(nonrecursi)s 5(v)k 3(e)k +3648(queries)s 4289(is)s 4488(a)s 4643(\207ne)s 5009(w)s 2(ay)k +5406(to)s 5628(\207nd)s 1440 -3807(out)m 1748(what)s 2188(a)s +2329(name)s 2813(serv)s 3(er)k 3348(already)s 3986(kno)s 5(ws,)k +4605(since,)s 5116(otherwise,)s 1440 -4047(you)m 1790(will)s 2149(get)s +2442(an)s 2680(answer)s 3293(e)s 5(v)k 3(en)k +3711(if)s 3882(the)s 4175(name)s 4656(serv)s 3(er)k +5188(had)s 5526(to)s 5731(go)s 1440 -4287(searching)m 2252(for)s +2534(it)s 2694(at)s 2887(the)s 3180(time)s 3583(of)s +3799(your)s 4215(query)s 13(.)k 200 fnt84 1440 -4828(4.4)m +1690(.)s 1840(Referrals)s 200 fnt82 1440 -5207(If)m 1615(a)s +1746(name)s 2220(serv)s 3(er)k 2745(recei)s 5(v)k 3(es)k +3430(a)s 3561(query)s 4058(for)s 4333(a)s 4464(<)s +200 fnt83 4576 -5206(name)m 200 fnt82 5008 -5207(,)m 200 fnt83 +5058 -5206(class)m 200 fnt82 5455 -5207(,)m 200 fnt83 5505 -5206(type)m +200 fnt82 5836 -5207(>)m 1440 -5447(tuple)m 1937(that)s 2334(it)s +2543(kno)s 5(ws)k 3158(it)s 3367(has)s 3731(dele)s 3(g)k 1(ated,)k +4638(it)s 4847(answers)s 5586(with)s 1440 -5687(what')m 11(s)k +2052(called)s 2619(a)s 2800(\205referral.)s 14(\206)k 3688(A)s +3925(referral)s 4601(response)s 5390(has)s 5748(an)s 1440 -5927(empty)m +1995(answer)s 2615(section)s 3235(b)s 4(ut)k 3543(a)s +3688(nonempty)s 4543(authority)s 5319(section;)s 1440 -6167(the)m 1755(intent)s +2280(of)s 2518(this)s 2877(message)s 3622(is)s 3826(to)s +4053(tell)s 4378(another)s 5047(serv)s 3(er)k 5601(\205the)s +1440 -6407(name)m 1934(you)s 2297(ask)s 2(ed)k 2811(for)s +3106(e)s 3(xists,)k 3668(b)s 4(ut)k 3982(I)s +4111(don')s 3(t)k 4592(ha)s 4(v)k 3(e)k +5024(the)s 5330(answer)s 8(,)k 1440 -6647(go)m 1726(try)s +2033(these)s 2527(other)s 3022(serv)s 3(ers.)k 14(\206)k +3791(Bogus)s 4387(referrals)s 5133(are)s 5461(a)s 5635(\207ne)s +1440 -6887(w)m 2(ay)k 1832(to)s 2049(pollute)s 2664(a)s +2814(cache)s 3328(indirectly)s 4152(\211)s 4314(if)s 4497(you)s +4859(can)s 5197(snoop)s 5736(on)s 1440 -7127(a)m 1609(forw)s 2(arded)k +2506(query)s 3041(and)s 3410(then)s 3834(inject)s 4356(a)s +4525(referral)s 5189(response,)s 1440 -7367(you)m 1809(can)s 2154(mak)s 2(e)k +2652(the)s 2964(forw)s 2(arding)k 3916(serv)s 3(er)k +4467(ef)s 5(fecti)k 5(v)k 3(ely)k 5372(belie)s 5(v)k 3(e)k +1440 -7607(that)m 200 fnt83 1795 -7606(you)m 200 fnt82 2140 -7607(are)m +2439(the)s 2739(dele)s 3(g)k 1(ated)k 3554(serv)s 3(er)k +4093(for)s 4382(an)s 4627(entire)s 5136(subtree)s 5767(of)s +1440 -7847(the)m 160 fnt82 1742 -7845(DNS)m 200 fnt82 2119 -7847(name)m +2609(space.)s 3209(This)s 3622(is)s 3813(actually)s 4501(the)s +4803(easiest)s 5390(w)s 2(ay)k 5779(to)s 1440 -8087(pollute)m +2057(a)s 2209(cache)s 2725(since)s 3197(there')s 11(s)k +3790(no)s 4054(guessing)s 4815(in)s 8(v)k 4(olv)k 3(ed:)k +5617(Y)s 22(ou)k 1440 -8327(kno)m 5(w)k 1938(the)s +2240(source)s 2818(address,)s 3523(source)s 160 fnt82 4101 -8325(UDP)m +200 fnt82 4478 -8327(port,)m 4908(and)s 5255(query)s 160 fnt82 +5768 -8325(ID)m 200 fnt82 1440 -8567(by)m 1680(inspection.)s 2638(Y)s 22(ou)k +3000(e)s 5(v)k 3(en)k 3408(kno)s 5(w)k +3887(the)s 4170(query)s 4664(name.)s 5235(The)s 5585(only)s +1440 -8807(trick)m 1854(is)s 2036(in)s 2241(breaking)s 2988(into)s +3348(a)s 3486(host)s 3868(on)s 4118(a)s 4256(netw)s 2(ork)k +4957(backbone)s 5771(so)s 1440 -9047(that)m 1795(you)s 2152(can)s +2485(actually)s 3171(see)s 3481(the)s 3781(queries)s 4412(being)s +4912(forw)s 2(arded)k 5785(to)s 1440 -9287(the)m 1733(root)s +2104(serv)s 3(ers.)k 2763(This)s 3167(has)s 3482(been)s +3908(done)s 128 fnt82 4296 -9198(1)m 200 fnt82 4360 -9287(,)m +4460(b)s 4(ut)k 4761(not)s 5066(often.)s 200 fnt84 +1440 -9813(4.5)m 1690(.)s 1840(A)s 10(uthority:)k 2787(Masters)s +3521(and)s 3893(Sla)s 5(v)k 2(es)k 200 fnt82 +1440 -10230(T)m 16(o)k 1720(be)s 1982(\205authoritati)s 5(v)k 3(e\206)k +3229(means)s 3811(that)s 4183(a)s 4345(name)s 4850(serv)s 3(er)k +5406(has)s 5745(an)s 1440 -10470(entire)m 1955(\205zone\206)s 2570(loaded,)s +3214(either)s 3729(via)s 4035(a)s 4186(\205master)s 4866(\207le\206)s +5271(that)s 5632(w)s 2(as)k 1440 -10710(created)m 2069(by)s +2325(the)s 2624(name)s 3111(serv)s 3(er)k 3649(administrator)s 8(,)k +4807(or)s 5029(via)s 5328(a)s 5472(\205zone)s 1440 -10950(transfer)m 8(,)k 14(\206)k +2196(which)s 2717(is)s 2883(a)s 160 fnt82 3005 -10948(TCP)m +200 fnt82 3330 -10950(session)m 3938(with)s 4326(another)s 4957(name)s +5422(serv)s 3(er)k 11(.)k 1440 -11190(The)m 1806(former)s +2403(kind)s 2814(of)s 3036(serv)s 3(er)k 3574(is)s +3762(called)s 4292(the)s 4591(\205master\206)s 5352(and)s 5696(the)s +1440 -11430(latter)m 1890(is)s 2065(a)s 2196(\205sla)s 4(v)k 3(e.)k 14(\206)k +2852(Sla)s 4(v)k 3(es)k 3407(generally)s 4190(do)s +4433(their)s 4840(zone)s 5259(transfers)s 1440 -11670(from)m 1891(the)s +2198(master)s 8(,)k 2833(b)s 4(ut)k 3148(sometimes)s +4062(\207re)s 5(w)k 2(alls)k 4803(are)s 5109(interposed)s +1440 -11910(and)m 1797(it)s 1976(becomes)s 2741(necessary)s 3582(to)s +3806(ha)s 4(v)k 3(e)k 4244(sla)s 4(v)k 3(es)k +4791(pull)s 5170(their)s 5603(data)s 1440 -12150(from)m 1884(other)s +2350(sla)s 4(v)k 3(es,)k 2935(which)s 3479(are)s +3778(themselv)s 3(es)k 4715(stationed)s 5490(at)s 5690(the)s +1440 -12390(border)m 8(,)k 2052(perhaps)s 2721(e)s 5(v)k 3(en)k +3139(on)s 3389(the)s 3682(\207re)s 5(w)k 2(all)k +4332(itself.)s 1840 -12701(Masters)m 2570(and)s 2960(sla)s 4(v)k 3(es)k +3540(will)s 3951(set)s 4273(the)s 160 fnt82 4618 -12699(AA)m +200 fnt82 4950 -12701(\210ag)m 5351(on)s 5653(an)s 3(y)k +1440 -12941(response)m 2234(whose)s 2841(answer)s 3502(section)s 4163(contains)s +4924(only)s 5377(RRsets)s 1440 -13181(from)m 1884(authoriti)s 5(v)k 3(e)k +2795(zones.)s 3405(The)s 160 fnt82 3772 -13179(AA)m 200 fnt82 +4059 -13181(\210ag)m 4415(will)s 4781(be)s 5026(clear)s 5468(if)s +5646(an)s 3(y)k 1440 -13421(RRset)m 1985(in)s 2199(the)s +2501(answer)s 3123(section)s 3745(came)s 4223(from)s 4669(the)s +4971(the)s 5273(\205cache,)s 14(\206)k gsave +1440 -14114 translate +200 fnt82 0.0 0.0 0.0 setrgbcolor 1134 0 0 0 200 240 50 LoutGraphic +gsave +0 0 moveto xsize 0 lineto stroke +grestore + +grestore +102 fnt82 0.0 0.0 0.0 setrgbcolor +1440 -14295(1)m 160 fnt82 1491 -14366(No,)m 1766(we')s 8(re)k +2161(not)s 2405(going)s 2809(to)s 2973(name)s 3359(names.)s +200 fnt82 6300 -1576(which)m 6837(is)s 7019(what)s 7456(we)s +7738(call)s 8074(the)s 8367(portion)s 8993(of)s 9209(the)s +160 fnt82 9502 -1574(DNS)m 200 fnt82 9870 -1576(name)m 10351(space)s +6300 -1816(that)m 6669(is)s 6872(outside)s 7518(all)s 7787(of)s +8024(a)s 8183(serv)s 3(er')k 11(s)k 8868(zones)s +9392(of)s 9629(authority)s 13(.)k 10506(If)s 10709(a)s +6300 -2056(serv)m 3(er)k 6846(has)s 7175(no)s 7439(zones)s +7956(of)s 8186(authority)s 13(,)k 9006(then)s 9413(all)s +9675(of)s 9905(its)s 10156(answers)s 6300 -2296(will)m 6668(be)s +6915(nonauthoritati)s 5(v)k 3(e)k 8271(since)s 8738(all)s +8995(it)s 9164(has)s 9488(is)s 9679(a)s 9826(cache.)s +10437(This)s 6300 -2536(kind)m 6725(of)s 6961(serv)s 3(er)k +7513(is)s 7715(sometimes)s 8635(called)s 9179(a)s 9337(\205caching)s +10114(only\206)s 10627(or)s 6300 -2776(\205forw)m 2(arding\206)k 7409(serv)s 3(er)k 11(.)k +200 fnt84 6300 -3317(4.6)m 6550(.)s 6700(F)s 5(orwarding)k +7764(-vs-)s 8123(Recursion)s 200 fnt82 6300 -3734(When)m 6834(a)s +6980(name)s 7469(serv)s 3(er)k 8009(recei)s 5(v)k 3(es)k +8709(a)s 8855(query)s 9367(for)s 9657(data)s 10046(it)s +10214(doesn')s 3(t)k 6300 -3974(ha)m 4(v)k 3(e,)k +6792(it)s 6975(can)s 7324(either)s 7849(send)s 8287(back)s +8736(an)s 8997(error)s 9456(response)s 10225(\(if)s 10485(it)s +10668(is)s 6300 -4214(authoritati)m 5(v)k 3(e)k 7379(for)s +7693(the)s 8018(name')s 11(s)k 8663(zone,)s 9171(it)s +9363(kno)s 5(ws)k 9961(that)s 10341(either)s 6300 -4454(the)m +6637(name)s 7162(or)s 7422(data)s 7847(doesn')s 3(t)k +8524(e)s 3(xist\),)k 9106(send)s 9565(back)s 10035(a)s +10217(referral)s 6300 -4694(\(if)m 6563(running)s 7260(in)s 7491(\205nonrecursi)s 5(v)k 3(e)k +8675(mode\206)s 9282(as)s 9523(the)s 9842(root)s 10239(serv)s 3(ers)k +6300 -4934(all)m 6566(do,)s 6884(or)s 7118(if)s 7307(the)s +160 fnt82 7618 -4932(RD)m 200 fnt82 7907 -4934(\210ag)m 8274(is)s +8474(clear)s 8927(in)s 9150(the)s 9461(query\),)s 10099(or)s +10333(it)s 10511(can)s 6300 -5174(forw)m 2(ard)k 6970(the)s +7255(query)s 13(.)k 7838(This)s 8234(last)s 8551(possibility)s +9422(is)s 9596(of)s 9804(interest)s 10430(to)s 10627(us)s +6300 -5414(in)m 6508(our)s 6827(security)s 7509(study)s 13(,)k +8031(because)s 8713(of)s 8932(what)s 9372(will)s 9734(happen)s +10363(when)s 6300 -5654(some)m 6781(response)s 7538(\207nally)s 8108(comes)s +8677(back.)s 9214(F)s 3(orw)k 2(arding)k 10200(is)s +10393(not)s 10709(a)s 6300 -5894(three-party)m 7239(transaction)s 8178(\211)s +8345(a)s 8500(forw)s 2(arded)k 9383(query)s 9904(results)s +10489(in)s 10711(a)s 6300 -6134(response)m 7068(to)s 7295(the)s +7610(forw)s 2(arder)k 8464(who)s 8880(must)s 9339(then)s +9754(complete)s 10555(the)s 6300 -6374(original)m 6984(transaction)s 7921(by)s +8186(forw)s 2(arding)k 9134(the)s 9442(response)s 10203(back)s +10644(to)s 6300 -6614(the)m 6593(originator)s 11(.)k 160 fnt82 +6700 -6923(BIND)m 200 fnt82 7139 -6925(tak)m 2(es)k 7595(its)s +7832(forw)s 2(arding)k 8765(duties)s 9290(one)s 9628(step)s +9998(further)s 8(,)k 10631(as)s 6300 -7165(an)m 6555(optimization)s +7628(attempt:)s 8346(It)s 8534(caches)s 9130(all)s 9395(the)s +9705(RRsets)s 10335(in)s 10557(the)s 6300 -7405(forw)m 2(arded)k +7190(response.)s 8060(This)s 8488(promiscuity)s 9513(is)s 9719(the)s +10036(source)s 10629(of)s 6300 -7645(most)m 6738(of)s 160 fnt82 +6955 -7643(BIND)m 200 fnt82 7344 -7645(')m 11(s)k 7527(bad)s +7866(reputation)s 8724(in)s 8930(both)s 9336(the)s 9630(operations)s +10510(and)s 6300 -7885(the)m 6609(security)s 7304(\207elds.)s 7901(Other)s +8420(serv)s 3(ers)k 9045(are)s 9353(free)s 9727(to)s +9948(put)s 10269(almost)s 6300 -8125(an)m 3(ything)k 7062(into)s +7439(the)s 7749(response,)s 8562(e)s 5(v)k 3(en)k +8997(if)s 9185(it)s 9362(has)s 9694(nothing)s 10371(to)s +10593(do)s 6300 -8365(with)m 6687(the)s 6963(query)s 13(.)k +7537(As)s 7791(sho)s 5(wn)k 8340(in)s 8528([)s +8594(Bel95a)s 9158(])s 9224(,)s 9307(this)s 9627(has)s +9925(disasterous)s 6300 -8605(ef)m 5(fects)k 6873(on)s 7123(security)s 13(.)k +6700 -8916(It)m 6886(is)s 7083(w)s 2(orth)k 7611(noting)s +8186(that)s 8549(the)s 8857(\207rst)s 9231(query)s 9750(handled)s +10446(by)s 10711(a)s 6300 -9156(forw)m 2(arding)k 7255(or)s +7493(recursi)s 5(v)k 3(e)k 8285(name)s 8788(serv)s 3(er)k +9342(for)s 9646(a)s 9806(gi)s 5(v)k 3(en)k +10313(RRset)s 6300 -9396(is)m 6511(lik)s 2(ely)k 7041(to)s +7275(result,)s 7845(ultimately)s 13(,)k 8767(in)s 9001(it)s +9190(forw)s 2(arding)k 10152(back)s 10607(an)s 6300 -9636(answer)m +6958(obtained)s 7739(from)s 8221(an)s 8504(authoritati)s 5(v)k 3(e)k +9596(name)s 10122(serv)s 3(er)k 10699(\211)s 6300 -9876(thus)m +6687(the)s 160 fnt82 6985 -9874(AA)m 200 fnt82 7270 -9876(\210ag)m +7624(will)s 7988(be)s 8231(set)s 8506(in)s 8716(the)s +9014(response,)s 9815(e)s 5(v)k 3(en)k 10238(though)s +6300 -10116(the)m 6635(forw)s 2(arder)k 7509(is)s 7733(not)s +8080(itself)s 8568(authoritati)s 5(v)k 3(e)k 9657(for)s +9981(the)s 10316(name.)s 6300 -10356(Subsequent)m 7264(queries)s 7883(to)s +8083(the)s 8371(same)s 8824(name)s 9300(serv)s 3(er)k +9827(for)s 10104(the)s 10392(same)s 6300 -10596(RRset)m 6850(will)s +7223(probably)s 7996(be)s 8248(satis\207ed)s 8963(from)s 9414(the)s +9721(cache,)s 10287(and)s 10639(in)s 6300 -10836(that)m 6652(case)s +7047(the)s 160 fnt82 7344 -10834(AA)m 200 fnt82 7628 -10836(\210ag)m +7981(will)s 8344(not)s 8653(be)s 8895(set)s 9169(in)s +9378(the)s 9675(response.)s 10475(Y)s 22(ou)k 6300 -11076(can)m +6625(see)s 6927(this)s 7263(in)s 7467(action)s 8002(using)s +8483(the)s 160 fnt82 8775 -11074(ISI)m 200 fnt84 9018 -11077(dig)m +200 fnt82 9333 -11076(tool)m 9692(from)s 10128(the)s 160 fnt82 +10420 -11074(BIND)m 200 fnt82 6300 -11316(kit.)m 200 fnt84 6300 -11816(4.7)m +6550(.)s 6700(F)s 5(orwarding)k 7764(-vs-)s 8123(T)s 3(imeouts)k +200 fnt82 6300 -12233(When)m 160 fnt82 6893 -12231(BIND)m 200 fnt82 +7282 -12233(')m 11(s)k 7531(resolv)s 3(er)k 8285(needs)s +8855(to)s 9127(forw)s 2(ard)k 9872(a)s 10077(query)s 13(,)k +10685(it)s 6300 -12473(chooses)m 6991(the)s 7295(ne)s 3(xt)k +7696(name)s 8188(serv)s 3(er)k 8731(address)s 9388(from)s +9836(its)s 10084(statically)s 6300 -12713(con\207gured)m 7229(list,)s 7597(sends)s +8115(the)s 8434(query)s 13(,)k 9001(w)s 2(aits)k +9494(a)s 9658(short)s 10132(time)s 10561(for)s 6300 -12953(an)m +6549(answer)s 8(,)k 7215(chooses)s 7906(the)s 8210(ne)s 3(xt)k +8611(name)s 9103(serv)s 3(er)k 9646(address,)s 10353(sends)s +6300 -13193(and)m 6636(w)s 2(aits,)k 7151(and)s 7487(so)s +7712(on.)s 160 fnt82 8060 -13191(BIND)m 200 fnt82 8449 -13193(')m 11(s)k +8629(timeouts)s 9362(are)s 9652(f)s 2(airly)k 10128(short;)s +10679(It)s 6300 -13433(will)m 6666(often)s 7132(send)s 7554(a)s +7699(query)s 8210(to)s 8422(name)s 8910(serv)s 3(er)k +9449(#1,)s 9756(then)s 10156(to)s 10368(name)s 6300 -13673(serv)m 3(er)k +6867(#2,)s 7202(then)s 7630(the)s 7958(response)s 8739(will)s +9133(come)s 9649(in)s 9889(from)s 10361(name)s 6300 -13913(serv)m 3(er)k +6834(#1,)s 7136(and)s 7476(the)s 7771(resolv)s 3(er)k +8460(will)s 8821(close)s 9281(its)s 9520(sock)s 2(et)k +10078(such)s 10495(that)s 6300 -14153(when)m 6805(name)s 7309(serv)s 3(er)k +7864(#2')s 11(s)k 8269(response)s 9038(comes)s 9619(in)s +9847(a)s 10008(second)s 10634(or)s 6300 -14393(so)m 6532(later)s +6939(the)s 7237(k)s 2(ernel)k 7787(sends)s 8284(back)s +8715(an)s 160 fnt82 8958 -14391(ICMP)m 200 fnt82 9402 -14393(Port)m +9789(Unreachable)s +grestore + +pgsave restore +showpage + +%%Page: ? 5 +%%BeginPageSetup +%%PageResources: font Times-Roman +%%+ font Times-Bold +%%+ font Times-Italic +/pgsave save def +0.0500 dup scale 10 setlinewidth +%%EndPageSetup +gsave +0 15840 translate +0.0000 rotate + +grestore +gsave +0 15840 translate +0.0000 rotate +200 fnt82 0.0 0.0 0.0 setrgbcolor 1440 -1576(message.)m 2257(W)s 16(e)k +2561(wish)s 2981(there)s 3422(were)s 3852(a)s 3984(w)s 2(ay)k +4358(to)s 4557(ask)s 4866(the)s 5153(k)s 2(ernel)k +5692(not)s 1440 -1816(to)m 1650(send)s 2070(these,)s 2583(other)s +3047(than)s 3445(k)s 2(eeping)k 4129(the)s 4427(sock)s 2(et)k +4988(open)s 5431(longer)s 1440 -2056(\(which)m 2060(w)s 2(ould)k +2624(lead)s 3022(to)s 3244(resource)s 3984(starv)s 5(ation)k +4830(among)s 5440(k)s 2(ernel)k 1440 -2296(protocol)m 2151(control)s +2762(blocks.\))s 3445(Lengthening)s 4500(the)s 4790(timeout)s 5445(w)s 2(ould)k +1440 -2536(lead)m 1812(to)s 2008(longer)s 2558(application-visible)s 4079(delays)s +4628(when)s 5101(a)s 5230(statically)s 1440 -2776(con\207gured)m 2343(name)s +2824(serv)s 3(er)k 3356(goes)s 3771(of)s 5(f)k +4048(the)s 4341(air)s 8(,)k 4642(b)s 4(ut)k +4943(life)s 5257(is)s 5439(full)s 5765(of)s 1440 -3016(hard)m +1844(choices.)s 200 fnt84 1440 -3516(4.8)m 1690(.)s 1840(Query)s +160 fnt84 2432 -3513(ID)m 200 fnt84 2609 -3516(s)m 2736(and)s +160 fnt84 3108 -3513(UDP)m 200 fnt84 3485 -3516(P)m 4(orts)k +200 fnt82 1440 -3933(Each)m 1898(query)s 2412(sent)s 2792(out)s +3107(by)s 3367(a)s 3515(resolv)s 3(er)k 4212(will)s +4581(come)s 5072(from)s 5519(some)s 160 fnt82 1440 -4171(UDP)m +200 fnt82 1819 -4173(port)m 2201(on)s 2462(some)s 2943(address)s +3600(of)s 3827(the)s 4131(resolv)s 3(er')k 11(s)k +4961(host,)s 5404(and)s 5753(its)s 1440 -4413(header)m 2017(will)s +2373(contain)s 3006(a)s 3141(unique)s 3731(\(in)s 3999(the)s +4289(conte)s 3(xt)k 4919(of)s 5132(the)s 5422(source)s +1440 -4653(address)m 2068(and)s 2388(port)s 2741(number\))s 3448(query)s +160 fnt82 3934 -4651(ID)m 200 fnt82 4102 -4653(.)m 160 fnt82 +4234 -4651(UDP)m 200 fnt82 4584 -4653(port)m 4937(numbers)s 5655(and)s +160 fnt82 1440 -4891(DNS)m 200 fnt82 1806 -4893(query)m 160 fnt82 +2308 -4891(ID)m 200 fnt82 2476 -4893(s)m 2601(are)s 2891(both)s +3294(unsigned)s 4062(16)s 4310(bit)s 4568(quantities,)s 5439(gi)s 5(ving)k +1440 -5133(a)m 1572(range)s 2058(from)s 2489(0)s 2633(to)s +2832(65535)s 3376(for)s 3652(each.)s 4160(Port)s 4536(numbers)s +5266(could)s 5753(be)s 1440 -5373(conserv)m 3(ed)k 2295(and)s +2634(reused)s 3204(by)s 3455(the)s 3749(resolv)s 3(er)k 8(,)k +4479(b)s 4(ut)k 160 fnt82 4781 -5371(BIND)m 200 fnt82 +5221 -5373(currently)m 1440 -5613(opens)m 1971(a)s 2125(ne)s 5(w)k +2518(sock)s 2(et)k 3090(for)s 3388(each)s 3818(query)s 13(,)k +4375(and)s 4729(k)s 2(ernels)k 5367(tend)s 5776(to)s +1440 -5853(use)m 1765(an)s 160 fnt82 2013 -5851(LR)m 6(U)k +200 fnt82 2385 -5853(mechanism)m 3351(when)s 3843(assigning)s 4655(port)s +5036(numbers)s 5782(to)s 1440 -6093(ne)m 5(w)k 1862(sock)s 2(ets.)k +2590(The)s 2995(tuple)s 3488(<)s 200 fnt83 3600 -6092(addr)m 7(ess)k +200 fnt82 4212 -6093(,)m 200 fnt83 4262 -6092(port)m 200 fnt82 +4594 -6093(,)m 200 fnt83 4644 -6092(query)m 160 fnt83 5097 -6090(ID)m +200 fnt82 5265 -6093(>)m 5472(forms)s 1440 -6333(a)m 1594(unique)s +2203(identi\207er)s 2987(that)s 3351(serv)s 3(ers)k 3976(can)s +4318(use)s 4649(to)s 4870(k)s 2(eep)k 5310(track)s +5773(of)s 1440 -6573(queries)m 2109(in)s 2359(progress.)s 3228(Resolv)s 3(ers)k +4104(should)s 4731(v)s 3(erify)k 5298(that)s 5691(the)s +1440 -6813(query)m 160 fnt82 1944 -6811(ID)m 200 fnt82 2162 -6813(of)m +2378(the)s 2671(response)s 3417(matches)s 4118(that)s 4466(of)s +4682(their)s 5096(query)s 13(.)k 200 fnt84 1440 -7354(4.9)m +1690(.)s 1840(Delegations,)s 2924(Zones,)s 3533(Domains,)s 4386(and)s +4758(Subdomains)s 200 fnt82 1440 -7771(Strictly)m 2125(speaking,)s 2983(e)s 5(v)k 3(ery)k +160 fnt82 3517 -7769(DNS)m 200 fnt82 3935 -7771(name)m 4466(is)s +4698(a)s 4886(domain.)s 5684(All)s 1440 -8011(domains)m 2204(e)s 3(xcept)k +2809(the)s 3141(root)s 3551(are)s 3882(also)s 4291(\205subdomains.)s 14(\206)k +5594(An)s 3(y)k 1440 -8251(time)m 1832(a)s 1959(subdomain)s +2873(is)s 3044(dele)s 3(g)k 1(ated)k 3841(to)s +4035(some)s 4494(other)s 4942(master)s 5510(name)s 1440 -8491(serv)m 3(er)k 8(,)k +2027(a)s 2178(\205zone)s 2705(cut\206)s 3099(is)s 3294(said)s +3677(to)s 3895(e)s 3(xist.)k 4430(A)s 4637(zone)s +5076(consists)s 5768(of)s 1440 -8731(all)m 1704(names)s 2278(from)s +2731(a)s 2885(zone)s 3327(cut)s 3636(do)s 5(wnw)k 2(ard)k +4537(to)s 4758(either)s 5276(terminal)s 1440 -8971(names)m 1983(\(sometimes)s +2934(called)s 3443(\205leaf)s 3863(domains\206\))s 4727(or)s 4928(other)s 8(,)k +5414(deeper)s 1440 -9211(zone)m 1866(cuts.)s 1840 -9522(The)m 2259(most)s +2755(common)s 3562(case)s 4012(of)s 4287(a)s 4484(zone)s +4969(be)s 3(gins)k 5595(at)s 5847(a)s 1440 -9762(subdomain)m +2387(and)s 2747(has)s 3084(no)s 3356(zone)s 3804(cuts)s +4196(beneath)s 4887(it.)s 5169(The)s 5551(most)s 1440 -10002(f)m 2(amous)k +2120(zone)s 2592(is)s 2820(the)s 3159(root)s 3576(\(\205)s +200 fnt84 3730 -10003(.)m 200 fnt82 3780 -10002(\206\))m 4030(which)s +4613(has)s 4974(no)s 5270(terminal)s 1440 -10242(names,)m 2048(just)s +2385(dele)s 3(g)k 1(ations.)k 1840 -10553(There)m 2391(are)s +2720(tw)s 2(o)k 3104(vie)s 5(ws)k 3650(of)s +3903(a)s 4078(dele)s 3(g)k 1(ation:)k 5045(The)s +5442(parent)s 1440 -10793(zone,)m 1942(which)s 2505(has)s 2846(some)s +160 fnt82 3342 -10791(NS)m 3585(RR)s 200 fnt82 3797 -10793(s)m +3950(at)s 4169(the)s 4488(cut,)s 4857(and)s 5221(the)s +5540(child)s 1440 -11033(zone,)m 1932(which)s 2485(has)s 2816(a)s +2970(superset)s 3687(of)s 3919(those)s 160 fnt82 4405 -11031(NS)m +4648(RR)s 200 fnt82 4860 -11033(s)m 5003(and)s 5357(also)s +5743(an)s 160 fnt82 1440 -11271(SO)m 5(A)k 1793(RR)s +200 fnt82 2005 -11273(.)m 2170(When)s 2711(we)s 3008(say)s +3338(\205superset\206)s 4230(we)s 4527(mean)s 5023(that)s 5386(a)s +5539(child)s 1440 -11513(will)m 1827(ha)s 4(v)k 3(e)k +2274(at)s 2495(least)s 2936(the)s 160 fnt82 3257 -11511(NS)m +3500(RR)s 200 fnt82 3712 -11513(s)m 3867(kno)s 5(wn)k +4484(by)s 4762(its)s 5027(parent,)s 5652(and)s 1440 -11753(perhaps)m +2118(some)s 2597(additional)s 160 fnt82 3452 -11751(NS)m 3695(RR)s +200 fnt82 3907 -11753(s)m 4043(that)s 4400(the)s 4702(parent)s +5258(does)s 5682(not)s 1440 -11993(kno)m 5(w)k 1929(about.)s +200 fnt84 1440 -12493(4.)m 1590(10)s 1790(.)s 1940(Lame)s +2477(Delegations)s 200 fnt82 1440 -12910(If)m 1705(a)s 1926(dele)s 3(g)k 1(ation)k +160 fnt82 2884 -12908(NS)m 3127(RR)s 200 fnt82 3472 -12910(names)m +4113(a)s 4334(host)s 4799(which)s 5419(is)s 5684(not)s +1440 -13150(authoritati)m 5(v)k 3(e)k 2512(for)s 2819(the)s +3137(zone,)s 3638(then)s 4056(that)s 4429(host)s 4836(when)s +5343(queried)s 1440 -13390(nonrecursi)m 5(v)k 3(ely)k 2665(for)s +2947(names)s 3505(in)s 3710(that)s 4058(zone)s 4484(will)s +4843(answer)s 5456(with)s 5860(a)s 1440 -13630(dele)m 3(g)k 1(ation)k +2302(to)s 2494(a)s 2619(higher)s 3165(\(that)s 3566(is,)s +3785(closer)s 4296(to)s 4488(the)s 4768(root\))s 5192(authority)s 13(.)k +1440 -13870(This)m 1847(is)s 2032(an)s 2273(error)s 2712(condition)s +3518(as)s 3736(percei)s 5(v)k 3(ed)k 4554(by)s +4807(the)s 5103(serv)s 3(er)k 5638(that)s 1440 -14110(forw)m 2(arded)k +2341(a)s 2514(nonrecursi)s 5(v)k 3(e)k 3619(query)s +4158(\211)s 4343(if)s 4549(a)s 4722(name)s 5238(serv)s 3(er)k +5805(is)s 1440 -14350(listed)m 1931(in)s 2147(an)s 160 fnt82 +2396 -14348(NS)m 2639(RR)s 200 fnt82 2851 -14350(,)m 2962(it)s +3133(is)s 3326(supposed)s 4129(to)s 4345(ha)s 4(v)k 3(e)k +4775(the)s 5079(zone.)s 5616(It)s 5798(is)s 6300 -1576(reasonable)m +7193(to)s 7391(declare)s 8007(f)s 2(ailure)k 8566(at)s +8752(this)s 9082(point,)s 9585(though)s 10183(perhaps)s 6300 -1816(a)m +6438(bit)s 6698(se)s 5(v)k 3(ere.)k 160 fnt82 +6700 -2125(BIND)m 200 fnt82 7089 -2127(s)m 7207(from)s 7635(v)s 3(ersion)k +8259(4.9)s 8550(ha)s 4(v)k 3(e)k 200 fnt84 +8960 -2128(syslog)m 200 fnt82 9469 -2127('ed)m 9764(the)s 10048(condition)s +6300 -2367(and)m 6624(gone)s 7048(on)s 7284(to)s 7475(try)s +7732(the)s 8011(other)s 8456(dele)s 3(g)k 1(ated)k +9250(serv)s 3(ers.)k 9945(The)s 200 fnt84 10291 -2368(syslog)m +200 fnt82 6300 -2607(v)m 4(olume)k 6949(generated)s 7777(by)s +8032(this)s 8374(condition)s 9182(is)s 9369(the)s 9667(cause)s +10163(of)s 10384(more)s 6300 -2847(than)m 6683(half)s 7032(the)s +7315(questions)s 8107(we)s 8379(see)s 8672(about)s 160 fnt82 +9155 -2845(BIND)m 200 fnt82 9584 -2847(from)m 10011(ne)s 5(w)k +10378(name)s 6300 -3087(serv)m 3(er)k 6835(administrators.)s 8125(The)s +8488(only)s 8896(w)s 2(ay)k 9279(to)s 9487(\207x)s +9751(the)s 10047(condition)s 6300 -3327(is)m 6507(to)s 6737(get)s +7055(someone)s 7838(to)s 8068(edit)s 8441(the)s 8759(dele)s 3(g)k 1(ation)k +9659(to)s 9889(remo)s 3(v)k 3(e)k 10555(the)s +6300 -3567(nonauthoritati)m 5(v)k 3(e)k 7714(name)s 8262(serv)s 3(er)k 8(,)k +8903(or)s 9186(to)s 9458(get)s 9818(someone)s 10643(to)s +6300 -3807(mak)m 2(e)k 6837(the)s 7188(name)s 7727(serv)s 3(er)k +8317(authoritati)s 5(v)k 3(e.)k 9522(Either)s 10116(w)s 2(ay)k +10554(it')s 11(s)k 6300 -4047(not)m 6637(something)s 7549(the)s +7874(detecting)s 8685(serv)s 3(er')k 11(s)k 9381(administrator)s +10523(can)s 6300 -4287(do)m 6569(an)s 3(ything)k 7333(about)s +7845(directly;)s 8576(we)s 8877(hope)s 9334(that)s 9701(the)s +10013(continued)s 200 fnt84 6300 -4528(syslog)m 200 fnt82 6891 -4527(v)m 4(olume)k +7567(will)s 7958(lead)s 8371(to)s 8608(more)s 9099(hate)s +9512(mail)s 9947(being)s 10472(sent)s 6300 -4767(to)m 6541(the)s +6870(administrators)s 8093(of)s 8345(brok)s 2(en)k 8983(zones,)s +9572(thus)s 9990(ultimately)s 6300 -5007(leading)m 6941(to)s 7151(a)s +7294(decline)s 7923(in)s 8133(the)s 8431(number)s 9095(of)s +9316(brok)s 2(en)k 9923(zones.)s 10531(W)s 16(e)k +6300 -5247(ha)m 4(v)k 3(e)k 6719(been)s 7145(accused)s +7824(of)s 8040(optimism)s 8842(in)s 9047(this)s 9384(matter)s 11(.)k +200 fnt84 6300 -5788(4.)m 6450(11)s 6650(.)s 6800(Glue)s +200 fnt82 6300 -6167(When)m 6836(transmitting)s 7857(a)s 8005(zone)s +8441(via)s 8744(a)s 160 fnt82 8892 -6165(TCP)m 200 fnt82 +9243 -6167(\205zone)m 9767(transfer)s 8(,)k 14(\206)k 10549(the)s +6300 -6407(general)m 6942(rule)s 7308(is)s 7497(to)s 7709(send)s +8131(only)s 8543(the)s 8843(RRsets)s 9463(whose)s 10029(names)s +10594(lie)s 6300 -6647(within)m 6852(the)s 7138(zone)s 7557(being)s +8043(transferred,)s 8996(which)s 9526(is)s 9701(to)s 9899(say)s +10207(starting)s 6300 -6887(from)m 6791(the)s 7138(initial)s 7705(zone)s +8185(cut,)s 8582(and)s 8974(proceeding)s 9963(do)s 5(wnw)k 2(ard)k +6300 -7127(\(a)m 3(w)k 2(ay)k 6838(from)s 7282(the)s +7582(root\))s 8026(to)s 8238(include)s 8881(all)s 9136(names)s +9701(which)s 10245(are)s 10544(not)s 6300 -7367(further)m 6919(dele)s 3(g)k 1(ated.)k +7805(There)s 8347(is)s 8557(an)s 8823(e)s 3(xception)k +9672(to)s 9905(this,)s 10320(called)s 6300 -7607(\205glue.)m 14(\206)k +6967(An)s 3(y)k 7370(address)s 8028(records)s 8675(\()s +160 fnt82 8741 -7605(A)m 8896(RR)s 200 fnt82 9108 -7607(s\))m +9313(which)s 9862(are)s 10166(referred)s 6300 -7847(to)m 6521(by)s +6787(an)s 160 fnt82 7041 -7845(NS)m 7284(RR)s 200 fnt82 +7562 -7847(inside)m 8103(the)s 8412(zone)s 8854(\(at)s 9129(the)s +9438(initial)s 9967(cut)s 10276(or)s 10508(an)s 3(y)k +6300 -8087(do)m 5(wnw)k 2(ard)k 7171(cuts\))s 7593(must)s +8016(be)s 8240(included,)s 9012(e)s 5(v)k 3(en)k +9416(if)s 9573(the)s 3(y)k 9949(lie)s 10183(beneath)s +6300 -8327(one)m 6638(of)s 6854(the)s 7147(do)s 5(wnw)k 2(ard)k +8032(zone)s 8458(cuts.)s 6700 -8638(If)m 6943(this)s 7341(information)s +8392(is)s 8635(not)s 9001(included)s 9798(in)s 10064(the)s +10418(zone)s 6300 -8878(transfer)m 8(,)k 7002(then)s 7399(referral)s +8036(responses)s 8863(w)s 2(on')k 3(t)k 9377(be)s +9619(able)s 10004(to)s 10213(include)s 6300 -9118(those)m 6785(addresses)s +7611(in)s 7831(their)s 8260(additional)s 9121(data)s 9517(sections.)s +10322(In)s 10553(the)s 6300 -9358(absence)m 6978(of)s 7193(that)s +7540(additional)s 8385(data,)s 8815(the)s 9107(name)s 9587(serv)s 3(ers)k +10195(will)s 10553(not)s 6300 -9598(be)m 6543(reachable)s 7359(e)s 3(xcept)k +7930(by)s 8185(serv)s 3(ers)k 8799(who)s 9198(ha)s 4(v)k 3(e)k +9622(the)s 9920(zone)s 10351(\211)s 10506(and)s 6300 -9838(that')m 11(s)k +6792(not)s 7109(v)s 3(ery)k 7522(useful.)s 8170(It)s +8353(is)s 8547(important)s 9383(that)s 9743(a)s 9893(serv)s 3(er)k +10437(only)s 6300 -10078(send)m 6705(\(or)s 6977(accept\))s 7590(rele)s 5(v)k 5(ant)k +8260(glue)s 8643(during)s 9204(zone)s 9620(transfers,)s 10393(since)s +6300 -10318(otherwise)m 7147(this)s 7508(becomes)s 8278(an)s 8540(easy)s +8967(w)s 2(ay)k 9371(for)s 9677(your)s 10117(cache)s +10643(to)s 6300 -10558(become)m 6969(polluted.)s 240 fnt84 6300 -11246(5.)m +6600(What)s 7232(W)s 15(e)k 7623(Ha)s 6(v)k 2(e)k +8207(Fixed)s 160 fnt82 6300 -11623(BIND)m 200 fnt82 6689 -11625(s)m +6822(from)s 7265(v)s 3(ersion)k 7904(4.9)s 8210(ha)s 4(v)k 3(e)k +8635(plugged)s 9334(a)s 9478(lot)s 9744(of)s 9966(holes)s +10442(with)s 6300 -11865(respect)m 6912(to)s 7117(earlier)s 7673(v)s 3(ersions.)k +8483(An)s 8777(incomplete)s 9711(list)s 10003(follo)s 5(ws:)k +200 fnt84 6300 -12406(5.1)m 6550(.)s 6700(Cache)s 7281(T)s 18(agging)k +160 fnt82 6300 -12821(BIND)m 200 fnt82 6758 -12823(no)m 5(w)k +7166(maintains)s 8008(for)s 8309(each)s 8742(cached)s 160 fnt82 +9363 -12821(RR)m 200 fnt82 9644 -12823(a)m 9801(\205credibility\206)s 6300 -13063(le)m 5(v)k 3(el)k +6758(sho)s 5(wing)k 7509(whether)s 8230(the)s 8553(data)s +8964(came)s 9463(from)s 9930(a)s 10098(zone,)s 10604(an)s +6300 -13303(authoritati)m 5(v)k 3(e)k 7366(answer)s 8(,)k +8040(an)s 8297(authority)s 9085(section,)s 9767(or)s 10002(additional)s +6300 -13543(data)m 6681(section.)s 7394(When)s 7920(a)s 8058(more)s +8517(credible)s 9207(RRset)s 9743(comes)s 10301(in,)s 10556(the)s +6300 -13783(old)m 6631(one)s 6995(is)s 7203(completely)s 8163(wiped)s +8726(out.)s 9157(Older)s 160 fnt82 9686 -13781(BIND)m 200 fnt82 +10075 -13783(s)m 10228(blindly)s 6300 -14023(aggre)m 3(g)k 1(ated)k +7228(data)s 7618(from)s 8064(all)s 8321(sources,)s 9026(paying)s +9628(no)s 9887(attention)s 10642(to)s 6300 -14263(the)m 6593(maxim)s +7196(that)s 7544(some)s 8014(sources)s 8660(are)s 8952(better)s +9454(than)s 9847(others.)s +grestore + +pgsave restore +showpage + +%%Page: ? 6 +%%BeginPageSetup +%%PageResources: font Times-Roman +%%+ font Times-Bold +%%+ font Symbol +%%+ font Times-Italic +/pgsave save def +%%IncludeResource: font Symbol +/fnt78 { /Symbol LoutFont } def +0.0500 dup scale 10 setlinewidth +%%EndPageSetup +gsave +0 15840 translate +0.0000 rotate + +grestore +gsave +0 15840 translate +0.0000 rotate +200 fnt82 0.0 0.0 0.0 setrgbcolor 1840 -1576(Each)m 160 fnt82 2278 -1574(RR)m +200 fnt82 2530 -1576(also)m 2890(has)s 3195(the)s 3478(address)s +4114(of)s 4320(the)s 4603(name)s 5074(serv)s 3(er)k +5596(who)s 1440 -1816(sent)m 1803(it)s 1956(to)s 2154(us.)s +2424(This)s 2821(can)s 3140(be)s 3371(seen)s 3767(in)s +3965(cache)s 4460(dump)s 4958(when)s 5433(you')s 10(re)k +1440 -2056(looking)m 2121(at)s 2335(some)s 2826(bad)s 3185(data)s +3587(and)s 3946(w)s 2(ondering)k 4868(ho)s 5(w)k +5278(it)s 5459(got)s 5785(to)s 1440 -2296(you.)m 200 fnt84 +1440 -2837(5.2)m 1690(.)s 1840(Additional)s 2798(Data)s 3258(Pr)s 3(omiscuity)k +200 fnt82 1440 -3254(W)m 16(e)k 1763(accelerate)s 2618(the)s +160 fnt82 2924 -3252(TTL)m 200 fnt82 3278 -3254(decline)m 3915(for)s +4210(data)s 4604(which)s 5154(arri)s 5(v)k 3(ed)k +5772(as)s 1440 -3494(additional)m 2293(data.)s 2781(W)s 16(e)k +3098(are)s 3397(considering)s 4383(not)s 4695(caching)s 5371(it)s +5538(at)s 5738(all)s 1440 -3734(other)m 1894(than)s 2282(as)s +2492(necessary)s 3309(for)s 3586(forw)s 2(arding)k 4514(the)s +4802(response)s 5543(\211)s 5688(see)s 1440 -3974(belo)m 5(w)k 13(.)k +200 fnt84 1440 -4474(5.3)m 1690(.)s 1840(Irr)s 3(ele)k 3(v)k 2(ant)k +2743(Answers)s 200 fnt82 1440 -4852(W)m 16(e)k 1758(check)s +2280(the)s 2581(response)s 3335(to)s 3548(ensure)s 4125(that)s +4481(all)s 4737(RRsets)s 5358(in)s 5571(each)s 1440 -5092(section)m +2091(ha)s 4(v)k 3(e)k 2548(names)s 3144(and)s +3520(types)s 4028(that)s 4414(mak)s 2(e)k 4931(sense)s +5449(in)s 5692(the)s 1440 -5332(conte)m 3(xt)k 2130(of)s +2403(the)s 2753(query)s 3314(and)s 3709(answer)s 4379(sections.)s +5176(Including)s 1440 -5572(spurious)m 2200(additional)s 3081(data)s 3497(w)s 2(on')k 3(t)k +4042(automatically)s 5209(pollute)s 5847(a)s 1440 -5812(cache)m 1973(an)s 3(y)k +2339(more;)s 2884(As)s 3186(of)s 160 fnt82 3433 -5810(BIND)m +200 fnt82 3903 -5812(4.9.3)m 4384(it)s 4575(is)s 4788(necessary)s +5641(that)s 1440 -6052(the)m 1750(answer)s 2380(section)s 3010(contain)s +3663(a)s 160 fnt82 3818 -6050(CN)m 5(AME)k 4428(RR)s +200 fnt82 4707 -6052(to)m 4929(introduce)s 5748(an)s 1440 -6292(arbitrary)m +2158(name,)s 2673(after)s 3070(which)s 3591(it')s 11(s)k +3867(b)s 4(usiness)k 4571(as)s 4770(usual)s 5224(for)s +5490(cache)s 1440 -6532(polluters.)m 2294(This)s 2706(is)s 2896(the)s +3197(best)s 3575(we)s 3865(can)s 4199(do)s 4457(without)s +5124(a)s 5270(protocol)s 1440 -6772(change.)m 200 fnt84 1440 -7313(5.4)m +1690(.)s 1840(Nonmatching)s 3042(Answers)s 200 fnt82 1440 -7730(Belie)m 5(v)k 3(e)k +2132(it)s 2335(or)s 2594(not,)s 2992(older)s 160 fnt82 +3494 -7728(BIND)m 200 fnt82 3883 -7730(s)m 4053(did)s 4401(not)s +4749(check)s 5306(that)s 5697(the)s 1440 -7970(answer)m 2099(name)s +2626(matched)s 3396(the)s 3735(query)s 4285(name.)s 4912(No)s 5(w)k 13(,)k +5428(within)s 1440 -8210(the)m 1760(limits)s 2289(of)s 160 fnt82 +2532 -8208(CN)m 5(AME)k 200 fnt82 3102 -8210(s)m 3256(and)s +3621(wildcard)s 4394(answers,)s 160 fnt82 5161 -8208(BIND)m 200 fnt82 +5627 -8210(will)m 1440 -8450(insist)m 1935(that)s 2309(a)s 2473(response)s +3245(answers)s 3961(the)s 4280(right)s 4732(question.)s 5583(This)s +1440 -8690(error)m 1907(w)s 2(as)k 2295(particularly)s 3292(pernicious)s +4202(with)s 4637(respect)s 5280(to)s 5516(some)s 1440 -8930(of)m +1686(the)s 2009(name)s 200 fnt78 2520 -8935(\253)m 200 fnt82 +2808 -8930(address)m 3484(symmetry)s 4360(checking,)s 5209(since)s 5697(the)s +1440 -9170(answer')m 11(s)k 2170(RRname)s 2902(sets)s 3234(the)s +3512(name)s 3978(in)s 4168(the)s 4446(resolv)s 3(er')k 11(s)k +5250(response)s 1440 -9410(structure,)m 2249(which)s 2800(meant)s 3350(that)s +3712(callers)s 4293(of)s 200 fnt84 4523 -9411(gethostbyname\(\))m 200 fnt82 +1440 -9650(could)m 1991(end)s 2387(up)s 2695(comparing)s 3655(a)s +3851(foreign)s 4534(name)s 5073(to)s 5336(another)s 1440 -9890(foreign)m +2065(name.)s 200 fnt84 1440 -10431(5.5)m 1690(.)s 1840(Logging)s +200 fnt82 1440 -10848(Man)m 3(y)k 1961(of)s 2186(the)s +2488(detectable)s 3352(conditions)s 4241(indicating)s 5096(a)s 5243(probable)s +1440 -11088(break-in)m 2164(attempt)s 2821(were)s 3268(in)s 3484(the)s +3788(past)s 4169(either)s 4682(not)s 4998(detected,)s 5771(or)s +1440 -11328(treated)m 2019(as)s 2223(protocol)s 2926(errors)s 3428(\(which)s +4020(is)s 4191(to)s 4385(say)s 13(,)k 4726(silently)s +5350(w)s 2(ork)k 2(ed)k 1440 -11568(around\).)m 160 fnt82 +2195 -11566(BIND)m 200 fnt82 2619 -11568(no)m 5(w)k 2993(f)s 2(airly)k +3456(shrieks)s 4054(whene)s 5(v)k 3(er)k 4855(it)s +5000(has)s 5300(e)s 5(v)k 3(en)k 5703(the)s +1440 -11808(slightest)m 2147(cause)s 2633(for)s 2910(alarm,)s 3457(which)s +3989(is)s 4166(a)s 4299(mix)s 3(ed)k 4839(blessing)s +5536(since)s 1440 -12048(the)m 1748(v)s 4(olume)k 2407(of)s +2638(its)s 2890(complaints)s 3828(is)s 4025(so)s 4267(high)s +4687(that)s 5050(most)s 5502(name)s 1440 -12288(serv)m 3(er)k +1972(administrators)s 3159(pay)s 3497(no)s 3747(attention.)s 1840 -12599(The)m +200 fnt84 2235 -12600(syslog)m 200 fnt82 2829 -12599(data)m 3245(is)s +3462(of)s 3713(greatest)s 4415(interest)s 5084(during)s 5690(the)s +1440 -12839(post)m 1834(mortem)s 2515(analysis)s 3217(of)s 3445(a)s +3595(break-in)s 4320(attempt.)s 5078(The)s 5450(log)s 5767(of)s +1440 -13079(unsolicited)m 2394(responses,)s 3298(for)s 3611(e)s 3(xample,)k +4413(can)s 4770(sho)s 5(w)k 5267(attempts)s 1440 -13319(at)m +1659(cache)s 2187(pollution)s 2983(during)s 3580(the)s 3899(early)s +4372(stages)s 4933(\211)s 5109(before)s 5693(the)s 1440 -13559(attack)m 2(ers)k +2217(switched)s 2998(to)s 3227(whate)s 5(v)k 3(er)k +4022(technology)s 4982(actually)s 5685(got)s 1440 -13799(them)m 1905(in,)s +2177(or)s 2410(set)s 2697(of)s 5(f)k 2991(your)s +3424(alarms,)s 4070(or)s 4303(whate)s 5(v)k 3(er)k 11(.)k +5180(Be)s 5468(a)s 3(w)k 2(are)k 1440 -14039(while)m +1979(e)s 3(xamining)k 2914(these)s 3419(logs)s 3848(that)s +4243(some)s 4760(systems)s 5486(\(most)s 1440 -14279(notably)m 2118(SunOS\))s +2830(cannot)s 3441(cause)s 3962(pack)s 2(ets)k 4636(to)s +4871(come)s 5382(from)s 5849(a)s 6300 -1576(particular)m 7114(address)s +7763(if)s 7937(the)s 3(y)k 8330(ha)s 4(v)k 3(e)k +8752(more)s 9214(than)s 9610(one)s 9951(interf)s 2(ace)k +10696(\211)s 6300 -1816(so)m 6540(if)s 6724(you')s 10(re)k +7297(on)s 7560(the)s 7866(wrong)s 8439(side)s 8822(of)s +9051(a)s 9202(multihomed)s 10228(SunOS)s 6300 -2056(name)m 6845(serv)s 3(er)k 8(,)k +200 fnt83 7483 -2055(all)m 200 fnt82 7807 -2056(of)m 8087(its)s +8388(responses)s 9275(will)s 9698(appear)s 10342(to)s 10611(be)s +6300 -2296(\205unsolicited.)m 14(\206)k 200 fnt84 6300 -2796(5.6)m 6550(.)s +6700(Glue)s 160 fnt82 6300 -3173(BIND)m 200 fnt82 6689 -3175(s)m +6854(from)s 7329(v)s 3(ersion)k 8000(4.9)s 8338(restrict)s +8976(glue)s 9407(to)s 9650(just)s 10025(the)s 160 fnt82 +10356 -3173(A)m 10511(RR)s 200 fnt82 10723 -3175(s)m 6300 -3415(under)m +6841(the)s 7171(dele)s 3(g)k 1(ation)k 8083(point,)s +8630(whereas)s 9368(pre)s 5(vious)k 10136(v)s 3(ersions)k +6300 -3655(included)m 7057(all)s 7326(the)s 160 fnt82 7640 -3653(A)m +7795(RR)s 200 fnt82 8007 -3655(s)m 8155(referred)s 8854(to)s +9080(by)s 9351(a)s 9510(zone')s 11(s)k 160 fnt82 +10089 -3653(NS)m 10332(RR)s 200 fnt82 10544 -3655(s)m 10692(\211)s +6300 -3895(e)m 5(v)k 3(en)k 6735(those)s 7222(abo)s 3(v)k 3(e)k +7759(the)s 8069(zone.)s 8612(By)s 8912(\205restrict\206)s 9705(we)s +10004(mean)s 10502(that)s 160 fnt82 6300 -4133(BIND)m 200 fnt82 +6751 -4135(will)m 7122(be)s 7372(conserv)s 5(ati)k 5(v)k 3(e)k +8426(both)s 8843(in)s 9060(what)s 9509(it)s 9681(generates)s +200 fnt83 10493 -4134(and)m 6300 -4374(what)m 6726(it)s 6874(accepts)s +200 fnt82 7470 -4375(.)m 7558(This)s 7950(may)s 8331(\210y)s +8580(in)s 8773(the)s 9054(f)s 2(ace)k 9420(of)s +9624(the)s 9905(Rob)s 4(ustness)k 6300 -4615(Principle)m 128 fnt82 +7018 -4526(1)m 200 fnt82 7139 -4615(of)m 7362([)s 7428(RFC1123)s +8205(])s 8271(,)s 8378(b)s 4(ut)k 8686(the)s +8986(old)s 9298(beha)s 4(viour)k 10148(w)s 2(as)k +10512(just)s 6300 -4855(simply)m 200 fnt83 6892 -4854(wr)m 9(ong)k +200 fnt82 7393 -4855(.)m 240 fnt84 6300 -5543(6.)m 6600(What)s +7232(W)s 15(e)k 7623(Cannot)s 8441(Fix)s 200 fnt82 +6300 -5923(W)m 16(e)k 6660(are)s 7002(counting)s 7800(on)s +8100(the)s 160 fnt82 8443 -5921(IETF)m 8878(DNSSEC)s 200 fnt82 +9587 -5923(ef)m 5(fort)k 10123(to)s 10378(bring)s 6300 -6163(us)m +6585(a)s 160 fnt82 6781 -6161(DNS)m 200 fnt82 7207 -6163(protocol)m +7979(re)s 5(vision)k 8723(that)s 9129(authoritati)s 5(v)k 3(ely)k +10389(signs)s 6300 -6403(responses.)m 7235(W)s 8(ith)k 7687(that)s +8047(in)s 8264(place)s 8745(we)s 9039(will)s 9410(all)s +9670(stop)s 10064(w)s 2(orrying)k 6300 -6643(about)m 6789(attack)s 2(ers)k +7538(who)s 7928(spoof)s 8417(their)s 8827(source)s 9392(addresses,)s +10249(predict)s 6300 -6883(our)m 160 fnt82 6620 -6881(UDP)m 200 fnt82 +6992 -6883(port)m 7367(numbers)s 8107(and)s 8449(query)s 160 fnt82 +8957 -6881(ID)m 200 fnt82 9179 -6883(numbers,)m 9969(and)s 10311(so)s +10542(on.)s 6300 -7123(Response)m 7107(data)s 7482(will)s 7835(be)s +8067(objecti)s 5(v)k 3(ely)k 8987(v)s 3(eri\207able,)k +9829(independent)s 6300 -7363(of)m 6526(whether)s 7227(it)s 7397(is)s +7589(e)s 5(v)k 3(en)k 8017(a)s 8165(response)s +8921(to)s 9136(some)s 9616(query)s 10130(we)s 10422(ha)s 4(v)k 3(e)k +6300 -7603(sent.)m 6771(Until)s 160 fnt82 7231 -7601(DNSSEC)m 200 fnt82 +7891 -7603(is)m 8074(\207nished)s 8756(and)s 9095(in)s 9301(wide)s +9739(use,)s 10105(there)s 10553(are)s 6300 -7843(some)m 6770(things)s +7307(we')s 10(re)k 7799(just)s 8136(going)s 8641(to)s +8846(ha)s 4(v)k 3(e)k 9265(to)s 9470(li)s 5(v)k 3(e)k +9810(with.)s 200 fnt84 6300 -8384(6.1)m 6550(.)s 6700(Query)s +160 fnt84 7292 -8381(ID)m 200 fnt84 7519 -8384(Pr)m 3(ediction)k +200 fnt82 6300 -8801(W)m 8(ith)k 6760(only)s 7185(16)s +7455(bits)s 7812(w)s 2(orth)k 8345(of)s 8581(query)s +160 fnt82 9105 -8799(ID)m 200 fnt82 9343 -8801(and)m 9701(16)s +9971(bits)s 10328(w)s 2(orth)k 6300 -9041(of)m 160 fnt82 +6543 -9039(UDP)m 200 fnt82 6938 -9041(port)m 7336(number)s 8(,)k +8064(it')s 11(s)k 8383(hard)s 8814(not)s 9146(to)s +9378(be)s 9643(predictable.)s 10653(A)s 6300 -9281(determined)m 7232(attack)s 2(er)k +7895(can)s 8208(try)s 8466(all)s 8701(the)s 8981(numbers)s +9704(in)s 9896(a)s 10021(v)s 3(ery)k 10409(short)s +6300 -9521(time)m 6689(and)s 7013(can)s 7325(use)s 7626(patterns)s +8291(deri)s 5(v)k 3(ed)k 8916(from)s 9339(e)s 3(xamination)k +10356(of)s 10558(the)s 6300 -9761(freely)m 6800(a)s 4(v)k 5(ailable)k +160 fnt82 7545 -9759(BIND)m 200 fnt82 7971 -9761(source)m 8527(code.)s +9040(Ev)s 3(en)k 9484(if)s 9642(we)s 9911(had)s +10236(a)s 10361(white)s 6300 -10001(noise)m 6777(generator)s 7585(to)s +7797(help)s 8197(randomize)s 9094(our)s 9417(numbers,)s 10210(it')s 11(s)k +10509(just)s 6300 -10241(too)m 6605(easy)s 7008(to)s 7213(try)s +7484(them)s 7932(all.)s 200 fnt84 6300 -10782(6.1)m 6550(.)s +160 fnt84 6700 -10779(CN)m 3(AME)k 200 fnt84 7349 -10782(Indir)m 3(ection)k +200 fnt82 6300 -11160(As)m 6608(mentioned)s 7536(pre)s 5(viously)k 13(,)k +8496(a)s 160 fnt82 8671 -11158(CN)m 5(AME)k 200 fnt82 +9328 -11160(response)m 10111(allo)s 5(ws)k 10712(a)s 6300 -11400(remote)m +6890(name)s 7359(serv)s 3(er)k 7879(to)s 8072(introduce)s +8862(a)s 8988(ne)s 5(w)k 9353(name)s 9822(for)s +10092(an)s 10318(RRset)s 6300 -11640(of)m 6526(arbitrary)s 7270(type.)s +7773(F)s 3(orw)k 2(arders)k 8734(recei)s 5(ving)k +9529(such)s 9954(a)s 10102(response)s 6300 -11880(should)m 6889(not)s +7201(cache)s 7710(those)s 8187(RRsets)s 8807(\(as)s 160 fnt82 +9095 -11878(BIND)m 200 fnt82 9541 -11880(currently)m 10316(does\),)s 6300 -12120(b)m 4(ut)k +6607(e)s 5(v)k 3(en)k 7031(with)s 7441(that)s +7795(precaution)s 8691(it)s 8857(will)s 9222(be)s 9466(possible)s +10174(to)s 10385(use)s 10706(a)s 160 fnt82 6300 -12358(CN)m 5(AME)k +200 fnt82 6939 -12360(response)m 7704(to)s 7928(bypass)s 8539(the)s +8851(name/address)s 10002(symmetry)s 6300 -12600(checking.)m gsave +6300 -14114 translate +200 fnt82 0.0 0.0 0.0 setrgbcolor 1134 0 0 0 200 240 50 LoutGraphic +gsave +0 0 moveto xsize 0 lineto stroke +grestore + +grestore +102 fnt82 0.0 0.0 0.0 setrgbcolor +6300 -14295(1)m 160 fnt82 6351 -14366(\205Be)m 6639(liberal)s 7086(in)s +7250(what)s 7600(you)s 7880(accept,)s 8368(and)s 8639(conserv)s 4(ati)k 4(v)k 2(e)k +9476(in)s 9640(what)s 9990(you)s 10270(send.)s 11(\206)k + +grestore + +pgsave restore +showpage + +%%Page: ? 7 +%%BeginPageSetup +%%PageResources: font Times-Bold +%%+ font Times-Roman +%%+ font Times-Italic +%%+ font Symbol +/pgsave save def +%%IncludeResource: font Symbol +/fnt78 { /Symbol LoutFont } def +0.0500 dup scale 10 setlinewidth +%%EndPageSetup +gsave +0 15840 translate +0.0000 rotate + +grestore +gsave +0 15840 translate +0.0000 rotate +240 fnt84 0.0 0.0 0.0 setrgbcolor 1440 -1605(7.)m 1740(What)s 2372(W)s 15(e)k +2763(W)s 18(ould)k 3497(Lik)s 2(e)k 4020(T)s 22(o)k +4338(Fix)s 200 fnt82 1440 -1984(Ev)m 3(ery)k 2017(change)s +2685(to)s 160 fnt82 2944 -1982(BIND)m 200 fnt82 3437 -1984(has)m +3806(the)s 4153(potential)s 4953(to)s 5212(push)s 5693(the)s +1440 -2224(Internet)m 2160(into)s 2572(the)s 2917(\207nal)s 3373(abyss.)s +4017(W)s 16(e)k 4379(are)s 4723(therefore)s 5542(quite)s +1440 -2464(conserv)m 5(ati)k 5(v)k 3(e)k 2484(about)s +2979(an)s 3(ything)k 3726(that)s 4076(looks)s 4560(lik)s 2(e)k +4908(it)s 5070(could)s 5565(ha)s 4(v)k 3(e)k +1440 -2704(f)m 2(ar)k 1738(reaching)s 2503(consequences,)s 3727(which)s +4294(is)s 4506(to)s 4741(say)s 13(,)k 5123(just)s +5490(about)s 1440 -2944(an)m 3(ything)k 128 fnt82 2135 -2855(1)m +200 fnt82 2199 -2944(.)m 200 fnt84 1440 -3485(7.1)m 1690(.)s +1840(Query)s 2432(Restarts)s 200 fnt82 1440 -3902(Some)m 1967(of)s +2206(the)s 2522(information)s 3535(needed)s 4172(to)s 4400(properly)s +5148(v)s 5(alidate)k 5845(a)s 160 fnt82 1440 -4140(DNS)m +200 fnt82 1834 -4142(response)m 2606(is)s 2814(e)s 3(xpensi)k 5(v)k 3(e)k +3675(\(in)s 3972(terms)s 4489(of)s 4731(bandwidth)s 5649(and)s +1440 -4382(delay\))m 2010(to)s 2238(obtain,)s 2859(and)s 3220(for)s +3525(that)s 3896(reason)s 4488(it)s 4671(is)s 4876(inappropriate)s +1440 -4622(for)m 1714(e)s 5(v)k 3(ery)k 2190(resolv)s 3(er)k +2869(to)s 3066(e)s 3(xhausti)k 5(v)k 3(ely)k +4103(v)s 5(alidate)k 4769(e)s 5(v)k 3(ery)k +5245(response)s 1440 -4862(it)m 1631(recei)s 5(v)k 3(es.)k +2454(Recursi)s 5(v)k 3(e)k 3322(or)s 3569(forw)s 2(arding)k +4533(name)s 5045(serv)s 3(ers,)k 5735(on)s 1440 -5102(the)m +1767(other)s 2260(hand,)s 2782(ha)s 4(v)k 3(e)k +3235(\(or)s 3551(should)s 4167(be)s 4439(able)s 4854(to)s +5093(obtain\))s 5741(all)s 1440 -5342(the)m 1750(information)s 2757(the)s +160 fnt82 3067 -5340(DNS)m 200 fnt82 3452 -5342(has)m 3784(to)s +4006(of)s 5(fer)k 8(,)k 4496(and)s 4851(it)s +5028(w)s 2(ould)k 5592(be)s 5847(a)s 1440 -5582(good)m +1891(thing)s 2352(if)s 2524(the)s 2818(name)s 3300(serv)s 3(er)k +3833(v)s 5(alidated)k 4608(responses)s 5432(before)s 1440 -5822(forw)m 2(arding)k +2363(them)s 2801(to)s 2996(the)s 3279(client.)s 160 fnt82 +3860 -5820(BIND)m 200 fnt82 4289 -5822(does)m 4694(not)s 4989(currently)s +5747(do)s 1440 -6062(this,)m 1812(since)s 2255(it)s 2400(is)s +2567(not)s 2857(possible)s 3544(to)s 3734(edit)s 4067(responses)s +200 fnt83 4875 -6061(in)m 5065(situ)s 200 fnt82 5387 -6062(and)m +5710(we)s 1440 -6302(are)m 1751(uncomfortable)s 2981(with)s 3404(the)s +3716(idea)s 4116(of)s 160 fnt82 4351 -6300(BIND)m 200 fnt82 +4809 -6302(autonomously)m 1440 -6542(deciding)m 2184(that)s 2540(certain)s 3138(responses)s +3969(should)s 4559(not)s 4872(be)s 5118(forw)s 2(arded)k +1440 -6782(at)m 1633(all.)s 1840 -7093(Our)m 2184(current)s 2781(plan)s +3158(for)s 3424(circumv)s 3(enting)k 4605(this)s 4926(problem)s +5624(is)s 5790(to)s 1440 -7333(restart)m 1981(all)s 2225(queries.)s +2895(T)s 16(o)k 3147(\205restart\206)s 3864(means)s 4418(that)s +4762(upon)s 5208(recei)s 5(ving)k 1440 -7573(an)m 1701(answer)s +2337(from)s 2797(a)s 2958(forw)s 2(arded)k 3847(query)s 13(,)k +4411(a)s 4572(name)s 5076(serv)s 3(er)k 5631(will)s +1440 -7813(v)m 5(alidate)k 2120(the)s 2419(response)s 3171(and)s +3515(insert)s 4012(\205kno)s 5(wn)k 4695(good\206)s 5239(data)s +5626(into)s 1440 -8053(its)m 1702(cache,)s 2279(and)s 2642(then)s +3060(pretend)s 3732(that)s 4105(the)s 4423(original)s 5117(query)s +5646(had)s 1440 -8293(\205just)m 1863(no)s 5(w\206)k 2338(been)s +2762(recei)s 5(v)k 3(ed.)k 3575(All)s 3877(the)s +4168(original)s 4835(RRsets)s 5446(w)s 2(ould)k 1440 -8533(be)m +1700(look)s 2(ed)k 2313(up)s 2585(ag)s 1(ain,)k +3137(and)s 3497(if)s 3690(an)s 3(y)k 4047(are)s +4361(still)s 4730(missing)s 5421(\(either)s 1440 -8773(because)m 2136(no)s +2403(response)s 3166(has)s 3498(yet)s 3808(included)s 4561(them,)s +5076(or)s 5309(because)s 1440 -9013(the)m 1758(responses)s 2606(that)s +2979(included)s 3740(them)s 4213(were)s 4674(in)s 8(v)k 5(alid)k +5289(in)s 5519(some)s 1440 -9253(w)m 2(ay\),)k 1966(ne)s 5(w)k +2373(queries)s 3027(w)s 2(ould)k 3604(be)s 3872(generated)s +4725(to)s 4960(bring)s 5461(in)s 5696(the)s 1440 -9493(missing)m +2131(data.)s 2634(Query)s 3204(restarts)s 3848(are)s 4162(the)s +200 fnt83 4477 -9492(only)m 200 fnt82 4892 -9493(w)m 2(ay)k +5294(to)s 5521(solv)s 3(e)k 1440 -9733(certain)m 2059(other)s +2547(problems)s 3367(currently)s 4164(being)s 4686(encountered)s 5738(by)s +160 fnt82 1440 -9971(BIND)m 128 fnt82 1829 -9884(2)m 200 fnt82 +1943 -9973(\211)m 2093(the)s 2386(security)s 3065(bene\207ts)s 3734(will)s +4093(be)s 4331(a)s 4469(happ)s 2(y)k 5005(side)s +5375(ef)s 5(fect.)k 1840 -10284(One)m 2284(interesting)s 3235(question)s +4022(we')s 10(re)k 4576(pondering)s 5497(about)s 1440 -10524(query)m +1957(restarts)s 2592(is)s 2787(whether)s 3491(to)s 3709(preserv)s 3(e)k +4442(the)s 160 fnt82 4748 -10522(AA)m 200 fnt82 5041 -10524(\210ag,)m +5453(which)s 1440 -10764(as)m 1697(discussed)s 2551(earlier)s 3149(will)s +3550(tend)s 3985(to)s 4232(be)s 4512(set)s 4824(on)s +5116(forw)s 2(arded)k 1440 -11004(responses)m 2271(if)s 2450(those)s +2928(responses)s 3759(come)s 4248(from)s 4693(an)s 4939(authoritati)s 5(v)k 3(e)k +1440 -11244(serv)m 3(er)k 8(,)k 1998(b)s 4(ut)k +2283(will)s 2626(tend)s 3003(to)s 3192(be)s 3414(clear)s +3833(on)s 4067(responses)s 4874(satis\207ed)s 5559(from)s 1440 -11484(the)m +1766(forw)s 2(arder')k 11(s)k 2763(cache.)s 3398(W)s 16(e)k +3741(could)s 4267(maintain)s 5046(the)s 5372(current)s 1440 -11724(semantics)m +2298(with)s 2727(the)s 3045(hierarchical)s 4057(cache)s 4584(described)s +5421(belo)s 5(w)k 13(,)k 1440 -11964(b)m 4(ut)k +1741(it')s 11(s)k 2033(not)s 2338(clear)s 2773(that)s +3121(the)s 160 fnt82 3414 -11962(AA)m 200 fnt82 3694 -11964(\210ag)m +4043(on)s 4293(forw)s 2(arded)k 5159(responses)s 1440 -12204(really)m +1937(matters)s 2566(that)s 2909(much.)s 160 fnt82 3497 -12202(DNS)m +200 fnt82 3815 -12204(v2)m 4060(will)s 4414(probably)s 5168(ha)s 4(v)k 3(e)k +5582(a)s 160 fnt82 5715 -12202(AD)m 200 fnt82 1440 -12444(\210ag)m +1795(\211)s 1951(authority)s 2726(desired)s 3356(\211)s 3512(to)s +3723(force)s 4187(forw)s 2(arding)k 5126(in)s 5337(spite)s +5768(of)s 1440 -12684(an)m 3(y)k 1786(cache.)s 2399(The)s +2770(proposed)s 160 fnt82 3562 -12682(AD)m 200 fnt82 3853 -12684(\210ag)m +4213(will)s 4583(probably)s 5353(ha)s 4(v)k 3(e)k +5783(to)s 1440 -12924(bypass)m 2032(the)s 2325(query)s 2829(restart)s +3374(logic)s 3822(described)s 4634(here.)s gsave +1440 -13828 translate +200 fnt82 0.0 0.0 0.0 setrgbcolor 1134 0 0 0 200 240 50 LoutGraphic +gsave +0 0 moveto xsize 0 lineto stroke +grestore + +grestore +102 fnt82 0.0 0.0 0.0 setrgbcolor +1440 -14009(1)m 160 fnt82 1491 -14080(A)m 1646(Usenet)s 2129(article)s +2567(once)s 2909(opined,)s 3424(\205)s 128 fnt82 3495 -14078(BIND)m +160 fnt82 3846 -14080(is)m 3992(lik)s 1(e)k 4270(a)s +4381(train)s 4713(wreck)s 5143(inside.)s 11(\206)k 102 fnt82 +1440 -14295(2)m 160 fnt82 1491 -14366(Out)m 1770(of)s 1943(zone)s +128 fnt82 2285 -14364(CN)m 4(AME)k 160 fnt82 2741 -14366(s,)m +2883(for)s 3109(e)s 2(xample.)k 200 fnt84 6300 -1578(7.2)m +6550(.)s 6700(Hierar)s 3(chical)k 7818(Cache)s 200 fnt82 +6300 -1957(W)m 16(e)k 6613(w)s 2(ould)k 7163(lik)s 2(e)k +7512(to)s 7720(se)s 3(gment)k 8433(the)s 8729(cache)s +9234(such)s 9652(that)s 10003(additional)s 6300 -2197(data)m 6686(can)s +7017(be)s 7260(cached)s 7867(for)s 8154(the)s 8452(duration)s +9171(of)s 9392(a)s 9535(query')s 11(s)k 10176(restarts,)s +6300 -2437(b)m 4(ut)k 6586(not)s 6876(used)s 7276(to)s +7466(satisfy)s 8019(other)s 8463(queries)s 9072(\(either)s 9625(as)s +9825(answer)s 10423(data,)s 6300 -2677(authority)m 7053(data,)s 7468(or)s +7668(additional)s 8498(data\).)s 9029(Ideally)s 13(,)k 9652(the)s +9929(only)s 10318(things)s 6300 -2917(we)m 6586(w)s 2(ould)k +7137(e)s 5(v)k 3(er)k 7525(cache)s 8031(w)s 2(ould)k +8582(be)s 8824(the)s 9121(answer)s 9738(and)s 10080(authority)s +6300 -3157(sections,)m 7051(and)s 7400(only)s 7816(those)s 8297(from)s +8745(authoritati)s 5(v)k 3(e)k 9803(answers)s 10504(\()s +160 fnt82 10570 -3155(AA)m 200 fnt82 6300 -3397(\210ag)m 6676(set\).)s +160 fnt82 7139 -3395(BIND)m 200 fnt82 7528 -3397(')m 11(s)k +7737(current)s 8377(cache)s 8906(design)s 9503(is)s 9712(not)s +10044(ready)s 10563(for)s 6300 -3637(this)m 6654(kind)s 7076(of)s +7309(o)s 3(v)k 3(erloading)k 8322(\211)s 8489(we')s 10(v)k 3(e)k +9029(pushed)s 9661(it)s 9838(about)s 10348(as)s 10580(f)s 2(ar)k +6300 -3877(as)m 6519(it)s 6683(will)s 7046(go)s 7300(just)s +7641(by)s 7895(adding)s 8492(the)s 8789(credibility)s 9660(tags)s +10034(described)s 6300 -4117(earlier)m 11(.)k 6957(What')s 11(s)k +7582(needed)s 8208(is)s 8402(a)s 8552(multile)s 5(v)k 3(el)k +9412(translucent)s 10346(cache)s 6300 -4357(such)m 6762(that)s 7157(each)s +7618(lookup)s 8270(can)s 8643(specify)s 9314(a)s 9499(stack)s +10004(of)s 10267(caches)s 6300 -4597(to)m 6528(be)s 6789(searched,)s +7607(and)s 7968(each)s 8405(cache)s 8930(can)s 9279(be)s +9540(managed)s 10332(by)s 10605(an)s 6300 -4837(appropriate)m 7256(pur)s 3(ge)k +7757(polic)s 3(y)k 13(.)k 200 fnt84 6300 -5378(7.3)m +6550(.)s 6700(Empty)s 7326(Nonterminal)s 8460(Names)s 200 fnt82 +6300 -5795(One)m 6691(of)s 6916(the)s 7218(g)s 1(aping)k +7819(holes)s 8298(in)s 160 fnt82 8512 -5793(BIND)m 200 fnt82 +8901 -5795(')m 11(s)k 9092(ne)s 5(w)k 9478(nonpromiscuous)s +6300 -6035(polic)m 3(y)k 6845(to)s 5(w)k 2(ards)k +7518(cache)s 8020(data)s 8401(is)s 8583(that)s 8931(the)s +9224(credibility)s 10091(and)s 10429(zone)s 6300 -6275(tags)m 6673(are)s +6968(held)s 7364(in)s 7572(the)s 160 fnt82 7868 -6273(RR)m +200 fnt82 8080 -6275(,)m 8183(not)s 8491(in)s 8699(the)s +8995(name.)s 9579(It)s 9753(is)s 9938(possible)s 10643(to)s +6300 -6515(determine,)m 7194(kno)s 5(wing)k 7937(only)s 8341(a)s +8478(name,)s 9008(whether)s 9698(that)s 10045(name)s 10525(lies)s +6300 -6755(within)m 6858(an)s 3(y)k 7192(of)s 7407(a)s +7544(serv)s 3(er')k 11(s)k 8207(zones)s 8709(of)s +8924(authority)s 13(.)k 160 fnt82 9779 -6753(BIND)m 200 fnt82 +10217 -6755(doesn')m 3(t)k 6300 -6995(do)m 6550(that)s 6898(right)s +7324(no)s 5(w)k 13(,)k 7750(it)s 7910(currently)s +8678(checks)s 9269(the)s 160 fnt82 9562 -6993(RR)m 200 fnt82 +9774 -6995(s)m 9901(looking)s 10561(for)s 6300 -7235(an)m 3(y)k +6628(that)s 6969(ha)s 4(v)k 3(e)k 7381(a)s +7512(zone)s 7931(tag,)s 8267(and)s 8598(if)s 8762(none)s +9193(are)s 9478(found)s 9987(it)s 10140(assumes)s 6300 -7475(that)m +6669(it)s 6850(is)s 7053(in)s 7279(the)s 7593(cache.)s +8216(This)s 8641(is)s 8844(bad)s 9203(ne)s 5(ws)k +9678(in)s 9904(the)s 10218(case)s 10630(of)s 6300 -7715(empty)m +6854(nonterminal)s 7872(names)s 8436(\211)s 8592(those)s 9068(names)s +9632(which)s 10175(ha)s 4(v)k 3(e)k 10600(no)s +160 fnt82 6300 -7953(RR)m 200 fnt82 6512 -7955(s)m 6635(and)s +6969(are)s 7257(only)s 7658(present)s 8278(to)s 8479(k)s 2(eep)k +8899(tw)s 2(o)k 9242(dots)s 9620(from)s 10053(smashing)s +6300 -8195(into)m 6660(each)s 7074(other)s 11(.)k 6700 -8506(The)m +160 fnt84 7084 -8504(ARP)m 11(A)k 200 fnt82 7589 -8506(domain)m +8261(w)s 2(as)k 8642(once)s 9092(empty)s 9664(other)s +10147(than)s 10564(for)s 6300 -8746(its)m 160 fnt84 6569 -8744(IN-ADDR.ARP)m 11(A)k +200 fnt82 7812 -8746(subdomain,)m 8819(and)s 9189(e)s 5(v)k 3(entually)k +10092(someone)s 6300 -8986(accidentally)m 7317(fed)s 7628(a)s 7773(root)s +8151(serv)s 3(er)k 8690(some)s 160 fnt82 9167 -8984(NS)m +9410(RR)s 200 fnt82 9622 -8986(s)m 9756(at)s 9956(that)s +10311(name.)s 6300 -9226(That)m 6746(root)s 7148(serv)s 3(er)k +7711(told)s 8102(the)s 8426(other)s 8916(root)s 9318(serv)s 3(ers,)k +10008(and)s 10377(those)s 6300 -9466(root)m 6683(serv)s 3(ers)k +7304(told)s 7676(e)s 5(v)k 3(ery)k 8172(name)s +8665(serv)s 3(er)k 9209(on)s 9471(the)s 9776(Internet,)s +10506(and)s 6300 -9706(pretty)m 6816(soon)s 7245(nobody)s 7897(an)s 3(ywhere)k +8720(could)s 9215(do)s 9467(address)s 200 fnt78 10115 -9711(\256)m +200 fnt82 10364 -9706(name)m 6300 -9946(translations.)m 7364(W)s 16(e)k +7672(quickly)s 8318(added)s 8842(some)s 160 fnt82 9310 -9944(NS)m +9553(RR)s 200 fnt82 9765 -9946(s)m 9890(at)s 10081(the)s +160 fnt84 10372 -9944(ARP)m 11(A)k 200 fnt82 6300 -10186(domain)m +6948(and)s 7286(cold)s 7679(started)s 8258(the)s 8551(uni)s 5(v)k 3(erse.)k +6700 -10497(It)m 6891(w)s 2(ould)k 7458(be)s 7716(better)s +8238(if)s 160 fnt82 8429 -10495(BIND)m 200 fnt82 8888 -10497(did)m +9213(not)s 9538(need)s 9984(data)s 10385(to)s 10610(be)s +6300 -10737(present)m 6943(at)s 7155(a)s 7312(name)s 7812(in)s +8036(order)s 8525(to)s 8749(kno)s 5(w)k 9257(that)s +9624(that)s 9991(name)s 10491(w)s 2(as)k 6300 -10977(inside)m +6826(a)s 6965(local)s 7402(zone)s 7829(of)s 8046(authority)s 13(.)k +8903(Astute)s 9473(readers)s 10097(will)s 10457(note)s 6300 -11217(that)m +6659(it')s 11(s)k 6962(really)s 7475(quite)s 7934(easy)s +8348(to)s 8564(add)s 8913(ne)s 5(w)k 9301(names)s +9870(to)s 10086(someone)s 6300 -11457(else')m 11(s)k 6815(authority)s +7609(zones)s 8137(\211)s 8312(just)s 8674(k)s 2(eep)k +9123(in)s 9353(mind)s 9838(during)s 10434(your)s 6300 -11697(e)m 3(xperiments)k +7327(that)s 7683(these)s 8149(ne)s 5(w)k 8534(names)s +9100(w)s 2(on')k 3(t)k 9618(appear)s 10206(in)s +10419(zone)s 6300 -11937(transfers,)m 7113(so)s 7370(you)s 7750(will)s +8139(ha)s 4(v)k 3(e)k 8588(to)s 8823(infect)s +9355(each)s 9799(authoritati)s 5(v)k 3(e)k 6300 -12177(name)m +6781(serv)s 3(er)k 7313(manually)s 13(.)k 200 fnt84 +6300 -12718(7.4)m 6550(.)s 6700(Uni\207ed)s 7370(Zone)s 7852(Cut)s +8223(V)s 7(iew)k 200 fnt82 6300 -13097(Right)m 6815(no)s 5(w)k +7226(the)s 7541(answer)s 8176(you')s 2(ll)k 8722(get)s +9037(for)s 9341(an)s 160 fnt82 9601 -13095(NS)m 200 fnt82 +9876 -13097(query)m 10402(for)s 10706(a)s 6300 -13337(domain)m 6948(will)s +7307(depend)s 7933(on)s 8183(who)s 8577(you)s 8927(ask.)s +9342(If)s 9524(you)s 9874(ask)s 10189(a)s 10327(serv)s 3(er)k +6300 -13577(of)m 6501(the)s 6779(parent)s 7311(zone,)s 7772(you)s +8107(will)s 8451(get)s 8729(the)s 9007(dele)s 3(g)k 1(ation)k +9867(information)s 6300 -13817(from)m 6762(\205abo)s 3(v)k 3(e\206)k +7483(the)s 7801(zone)s 8252(cut.)s 8670(If)s 8877(you)s +9252(ask)s 9592(the)s 9910(a)s 10073(serv)s 3(er)k +10630(of)s 6300 -14057(the)m 6599(zone)s 7031(itself,)s 7533(you)s +7889(will)s 8254(get)s 8553(the)s 8852(actual)s 9382(authority)s +10157(data)s 10544(\(an)s 160 fnt82 6300 -14295(NS)m 200 fnt82 +6586 -14297(RRset)m 7155(and)s 7526(an)s 160 fnt82 7797 -14295(SO)m 5(A)k +200 fnt82 8110 -14297(.\))m 8309(W)s 16(e)k 8652(belie)s 5(v)k 3(e)k +9301(it)s 9494(w)s 2(ould)k 10074(be)s 10345(better)s + +grestore + +pgsave restore +showpage + +%%Page: ? 8 +%%BeginPageSetup +%%PageResources: font Times-Roman +%%+ font Times-Bold +%%+ font Times-Italic +%%+ font Helvetica-Bold +/pgsave save def +%%IncludeResource: font Helvetica-Bold +/Helvetica-Boldfnt37 vec1 /Helvetica-Bold LoutRecode +/fnt37 { /Helvetica-Boldfnt37 LoutFont } def +0.0500 dup scale 10 setlinewidth +%%EndPageSetup +gsave +0 15840 translate +0.0000 rotate + +grestore +gsave +0 15840 translate +0.0000 rotate +200 fnt82 0.0 0.0 0.0 setrgbcolor 1440 -1576(in)m 1656(most)s 2104(cases)s +2583(to)s 2799(ha)s 4(v)k 3(e)k 3229(the)s +3533(serv)s 3(er)k 4076(for)s 4369(the)s 4673(parent)s +5231(zone)s 5668(use)s 1440 -1816(its)m 1704(dele)s 3(g)k 1(ation)k +2606(data)s 3014(only)s 3446(as)s 3688(hints,)s 4202(and)s +4567(that)s 4942(it)s 5129(should)s 5738(go)s 1440 -2056(out)m +1787(and)s 2167(ask)s 2524(the)s 2859(serv)s 3(ers)k +3510(named)s 4133(therein)s 4777(for)s 5101(their)s 5557(vie)s 5(w)k +1440 -2296(of)m 1694(the)s 2025(real)s 2410(dele)s 3(g)k 1(ation)k +3323(data.)s 3842(This)s 4284(w)s 2(ould)k 4869(pre)s 5(v)k 3(ent)k +5546(most)s 1440 -2536(of)m 1696(the)s 2029(current)s 2682(instances)s +3500(of)s 3756(lame)s 4232(dele)s 3(g)k 1(ation,)k +5197(since)s 5695(the)s 1440 -2776(lameness)m 2226(w)s 2(ould)k +2781(be)s 3027(detected)s 3747(by)s 4005(the)s 4306(serv)s 3(er)k +4846(for)s 5136(the)s 5437(parent)s 1440 -3016(zone)m 1867(where)s +2404(it)s 2565(can)s 2892(most)s 3330(lik)s 2(ely)k +3832(be)s 4071(\207x)s 3(ed)k 4518(by)s 4769(the)s +5063(local)s 5500(name)s 1440 -3256(serv)m 3(er)k 1985(administrator)s 11(.)k +3197(The)s 3570(lame)s 4019(data)s 4413(can)s 4752(be)s +5003(elided)s 5552(from)s 1440 -3496(dele)m 3(g)k 1(ation)k +2406(responses,)s 3370(thus)s 3843(pre)s 5(v)k 3(enting)k +4828(other)s 5378(serv)s 3(ers)k 1440 -3736(from)m 1907(follo)s 5(wing)k +2757(it)s 2947(and)s 3315(ha)s 4(ving)k 3934(each)s +4378(other)s 4867(serv)s 3(er)k 200 fnt84 5429 -3737(syslog)m +200 fnt82 1440 -3976(the)m 1756(lameness)s 2557(information)s 3570(to)s +3798(their)s 4235(local,)s 4744(helpless,)s 5507(name)s 1440 -4216(serv)m 3(er)k +1954(administrator)s 11(.)k 3135(Naturally)s 3918(we)s 4182(w)s 2(ould)k +4711(e)s 3(xtend)k 5271(the)s 5546(logic)s 1440 -4456(so)m +1703(that)s 2087(the)s 2416(zone)s 2878(serv)s 3(ers)k +3523(v)s 5(alidate)k 4233(their)s 4683(o)s 5(wn)k +5108(dele)s 3(g)k 1(ation)k 1440 -4696(information)m 2466(and)s +2840(lik)s 2(e)k 5(wise)k 3581(elide)s 4053(lame)s +4525(information)s 5551(from)s 1440 -4936(their)m 1854(responses.)s 1840 -5247(This)m +2253(uni\207cation)s 3164(w)s 2(ould)k 3720(put)s 4034(a)s +4181(stop)s 4572(to)s 4786(the)s 5088(unpleasant)s 1440 -5487(question,)m +2269(\205ho)s 5(w)k 2800(can)s 3180(both)s 3639(the)s +3986(parent)s 4587(and)s 4979(child)s 5481(zones)s 1440 -5727(answer)m +2108(authoritati)s 5(v)k 3(ely)k 3365(if)s 3591(the)s 3(y)k +4036(are)s 4383(allo)s 5(wed)k 5113(to)s 5373(answer)s +1440 -5967(dif)m 5(ferently?\206)k 2598(W)s 16(e)k 2956(may)s +3397(implement)s 4346(a)s 4532(stopg)s 1(ap)k 5249(whereby)s +1440 -6207(parents)m 2084(stop)s 2486(setting)s 3086(the)s 160 fnt82 +3399 -6205(AA)m 200 fnt82 3699 -6207(\210ag)m 4068(on)s 4338(referral)s +4991(responses)s 5834(\211)s 1440 -6447(since)m 1902(the)s 2199(child)s +2651(is)s 2837(really)s 3343(the)s 3640(authority)s 13(.)k +4450(Unfortunately)s 13(,)k 5658(last)s 1440 -6687(time)m 1846(we)s +2131(changed)s 2848(the)s 3144(w)s 2(ay)k 3527(we)s +3812(handed)s 4441(out)s 4749(referrals,)s 5512(some)s 1440 -6927(major)m +1988(clients)s 2590(could)s 3117(not)s 3456(handle)s 4071(it)s +4265(and)s 4637(we)s 4953(had)s 5325(to)s 5564(back)s +1440 -7167(out)m 1767(to)s 1994(older)s 8(,)k 2517(brok)s 2(en)k +3141(beha)s 4(viour)k 11(.)k 4045(K)s 5(eeping)k +4787(track)s 5256(of)s 5494(client)s 1440 -7407(sensiti)m 5(vities)k +2422(has)s 2737(become)s 3406(a)s 3544(\207rst)s 3903(order)s +4373(task)s 4743(for)s 5025(us.)s 1840 -7718(What)m 2318(we')s 10(re)k +2807(wrestling)s 3594(with)s 3995(on)s 4242(the)s 4532(uni\207cation)s +5431(theory)s 1440 -7958(is)m 1667(whether)s 2403(the)s 2741(root)s +3157(serv)s 3(ers)k 3811(should)s 4438(try)s 4754(to)s +5004(v)s 3(erify)k 5571(their)s 1440 -8198(dele)m 3(g)k 1(ation)k +2360(data.)s 2886(W)s 8(ith)k 3371(millions)s 4118(of)s +4379(zones)s 4927(dele)s 3(g)k 1(ated,)k 5830(it)s +1440 -8438(could)m 1948(tak)s 2(e)k 2342(quite)s 2805(a)s +2958(while)s 3465(for)s 3762(each)s 4191(root)s 4577(serv)s 3(er)k +5124(to)s 5344(get)s 5652(this)s 1440 -8678(done)m 1869(at)s +2053(startup)s 2635(time,)s 3079(so)s 3297(if)s 3459(we)s +3732(do)s 3973(it,)s 4174(it')s 2(ll)k 4499(ha)s 4(v)k 3(e)k +4909(to)s 5105(come)s 5577(after)s 1440 -8918(we)m 1722(mak)s 2(e)k +2201(the)s 2494(cache)s 2996(persistent.)s 240 fnt84 1440 -9606(8.)m +192 fnt84 1740 -9604(DNSSEC)m 240 fnt84 2554 -9606(\211)m 2734(The)s +192 fnt84 3193 -9604(IETF)m 3700(DNS)s 240 fnt84 4142 -9606(Security)m +192 fnt84 5051 -9604(WG)m 200 fnt82 1440 -10031(As)m 1743(we')s 10(v)k 3(e)k +2298(mentioned)s 3221(se)s 5(v)k 3(eral)k 3857(times)s +4369(in)s 4606(this)s 4975(paper)s 8(,)k 5541(there)s +1440 -10271(is)m 1626(presently)s 2409(w)s 2(ork)k 2871(underw)s 2(ay)k +3709(to)s 3918(add)s 4260(security)s 4943(to)s 160 fnt82 +5152 -10269(DNS)m 200 fnt82 5470 -10271(.)m 5624(The)s 1440 -10511(current)m +2069(model)s 2633(is)s 2831(something)s 3727(lik)s 2(e)k +4089(a)s 4243(\205web)s 4729(of)s 4961(trust,)s 14(\206)k +5504(using)s 1440 -10751(public)m 2003(k)s 2(e)k 3(y)k +2351(technology)s 13(.)k 3389(A)s 3598(ne)s 5(w)k +160 fnt82 3990 -10749(KEY)m 4357(RR)s 200 fnt82 4634 -10751(holds)m +5131(the)s 5439(public)s 1440 -10991(k)m 2(e)k 3(y)k +1812(and)s 2189(is)s 2410(added)s 2975(to)s 3219(the)s +3551(dele)s 3(g)k 1(ation)k 4465(data.)s 4985(This)s +5428(k)s 2(e)k 3(y)k 5800(is)s 1440 -11231(suf\207cient)m +2246(to)s 2467(v)s 5(alidate)k 3157(signed)s 3743(answers)s +4449(b)s 4(ut)k 4766(not)s 5087(to)s 5308(actually)s +1440 -11471(sign)m 1832(them.)s 2390(Signing)s 3071(is)s 3263(done)s +3711(by)s 3971(the)s 4274(authoritati)s 5(v)k 3(e)k +5331(serv)s 3(ers,)k 1440 -11711(and)m 1778(the)s 160 fnt82 +2071 -11709(SIG)m 2367(RR)s 200 fnt82 2629 -11711(is)m 2811(used)s +3226(to)s 3431(carry)s 3889(the)s 4182(signature)s 4961(of)s +5177(an)s 3(y)k 5512(gi)s 5(v)k 3(en)k +1440 -11951(RRset.)m 1840 -12262(Once)m 160 fnt82 2360 -12260(DNSSEC)m 200 fnt82 +3069 -12262(is)m 3301(widely)s 3943(implemented,)s 5132(it)s 5342(will)s +5751(be)s 1440 -12502(possible)m 2228(to)s 2519(determine)s 3450(from)s +3973(e)s 3(xamination)k 5090(of)s 5392(a)s 160 fnt82 +5616 -12500(DNS)m 200 fnt82 1440 -12742(response)m 2184(whether)s 2873(its)s +3108(contents)s 3819(are)s 4109(authentic.)s 4986(This)s 5388(sounds)s +1440 -12982(simple)m 2019(b)s 4(ut)k 2319(it)s 2478(has)s +2792(deep)s 3217(reaching)s 3951(consequences)s 5094(in)s 5298(both)s +5702(the)s 1440 -13222(protocol)m 2140(and)s 2464(the)s 2743(implementation)s +4028(\211)s 4164(which)s 4687(is)s 4855(wh)s 1(y)k +5234(it')s 11(s)k 5512(tak)s 2(en)k 1440 -13462(more)m +1895(than)s 2284(a)s 2418(year)s 2806(to)s 3007(choose)s +3606(a)s 3740(security)s 4415(model)s 4959(and)s 5293(design)s +5859(a)s 1440 -13702(solution.)m 2234(W)s 16(e)k 2546(e)s 3(xpect)k +3114(it)s 3276(to)s 3483(be)s 3723(another)s 4372(year)s +4766(before)s 160 fnt82 5326 -13700(DNSSEC)m 200 fnt82 1440 -13942(is)m +1612(in)s 1807(wide)s 2234(use)s 2539(on)s 2779(the)s +3062(leading)s 3688(edge,)s 4154(and)s 4482(at)s 4665(least)s +5068(a)s 5196(year)s 5578(after)s 1440 -14182(that)m 1788(before)s +2346(its)s 2583(use)s 2898(is)s 3080(commonplace)s 4247(on)s +4497(the)s 4790(Internet.)s 240 fnt84 6300 -1605(9.)m 6600(Which)s +192 fnt84 7338 -1603(BIND)m 240 fnt84 7876 -1605(V)m 24(ersion)k +8709(Plugs)s 9327(Which)s 10065(Hole?)s 200 fnt82 6300 -2030(Al)m 2(w)k 2(ays)k +6951(assume)s 7583(that)s 7928(you)s 8275(need)s 8698(the)s +8988(latest)s 160 fnt82 9453 -2028(BIND)m 200 fnt82 9889 -2030(you)m +10236(can)s 10559(lay)s 6300 -2270(your)m 6728(hands)s 7255(on.)s +7567(Our)s 160 fnt82 7939 -2268(RCS)m 200 fnt82 8301 -2270(libraries)m +9013(ha)s 4(v)k 3(e)k 9444(the)s 9749(whole)s +10298(sordid)s 6300 -2510(story)m 13(,)k 6785(and)s 7123(from)s +7560(them)s 8008(we)s 8290(could)s 8783(deri)s 5(v)k 3(e)k +9322(a)s 9460(table)s 9896(of)s 10112(V)s 22(ersions)k +6300 -2750(-vs-)m 6668(V)s 15(ulnerabilities.)k 7993(Y)s 22(ou)k +8374(can)s 8709(bet)s 9011(that)s 9368(the)s 9670(upper)s +10183(class)s 10627(of)s 6300 -2990(attack)m 2(ers)k 7063(can)s +7399(do)s 7659(this)s 8006(as)s 8231(well.)s 8733(Deri)s 5(ving)k +9496(that)s 9854(table)s 10300(w)s 2(ould)k 6300 -3230(be)m +6553(a)s 6706(lot)s 6981(of)s 7212(w)s 2(ork)k +7685(and)s 8038(publishing)s 8945(it)s 9120(might)s 9650(do)s +9915(more)s 10389(harm)s 6300 -3470(\(gi)m 5(ving)k 6907(folks)s +7341(the)s 7620(f)s 2(alse)k 8028(idea)s 8395(that)s +8729(the)s 3(y)k 9105(don')s 3(t)k 9559(need)s +9971(to)s 10162(upgrade)s 6300 -3710(their)m 160 fnt82 6730 -3708(BIND)m +200 fnt82 7119 -3710(\))m 7251(than)s 7660(good)s 8126(\(letting)s +8766(folks)s 9230(see)s 9549(ho)s 5(w)k 9954(bad)s +10308(things)s 6300 -3950(really)m 6812(are.\))s 7280(When)s 7816(we)s +8108(took)s 8523(o)s 3(v)k 3(er)k 160 fnt82 +8931 -3948(BIND)m 200 fnt82 9320 -3950(,)m 9430(the)s 9733(latest)s +10211(v)s 3(ersion)k 6300 -4190(w)m 2(as)k 160 fnt82 +6655 -4188(UCB)m 200 fnt82 7030 -4190(4.8.3.)m 7578(Our)s 7936(\207rst)s +8293(release)s 8891(w)s 2(as)k 160 fnt82 9246 -4188(DECWRL)m +200 fnt82 9966 -4190(4.9,)m 10314(which)s 6300 -4430(contained)m 7177(quite)s +7678(a)s 7869(fe)s 5(w)k 8265(security)s 8997(related)s +9640(changes.)s 10484(Our)s 6300 -4670(current)m 6916(release)s 7519(as)s +7737(of)s 7956(this)s 8296(writing)s 8924(is)s 160 fnt82 +9109 -4668(ISC)m 200 fnt82 9409 -4670(4.9.3)m 128 fnt82 9809 -4581(1)m +200 fnt82 9873 -4670(,)m 9976(and)s 10317(it)s 10480(also)s +6300 -4910(contains)m 7013(quite)s 7461(a)s 7599(fe)s 5(w)k +7942(security)s 8621(related)s 9211(changes.)s 200 fnt84 6300 -5571(Refer)m 3(ences)k +200 fnt82 6300 -5950([)m 6366(Bel95a)s 6930(])s 7300(Ste)s 5(v)k 3(en)k +7953(M.)s 8299(Bello)s 3(vin)k 8982(.)s 9201(Us)s +9422(ing)s 9796(the)s 10158(Do)s 10402(main)s 7300 -6190(Name)m +7889(Sys)s 8177(tem)s 8589(for)s 8935(Syetem)s 9646(Break-)s +10187(ins)s 10419(.)s 10633(In)s 200 fnt83 7300 -6429(Pr)m 9(o)k +7590(ceed)s 7954(ings)s 8449(of)s 8767(the)s 9173(F)s 9(ifth)k +9714(Usenix)s 160 fnt83 10429 -6427(UNIX)m 200 fnt83 7300 -6669(Se)m +7488(cu)s 7676(ri)s 7808(ty)s 8094(Sy)s 8282(po)s +8482(sium,)s 9051(Salt)s 9504(Lak)s 2(e)k 10032(City)s 11(,)k +160 fnt83 10545 -6667(UT)m 200 fnt82 10748 -6670(.)m 7300 -6910(A)m 22(T&T Bell Laboratories)k +9257(,)s 9357(1995)s 9757(.)s 6300 -7314([)m 6366(RFC1034)s +7143(])s 7300(P)s 3(aul)k 7797(V)s 25(.)k +8112(Mockapetris)s 9252(\(ISI\))s 9627(.)s 9873(RFC)s 10396(1034)s +7300 -7554(\211)m 7496(Domain)s 8234(Concepts)s 9071(and)s 9455(F)s 3(acilities)k +10179(,)s 10325(IETF)s 10746(,)s 7300 -7794(1987)m 7700(.)s +6300 -8175([)m 6366(RFC1035)s 7143(])s 7300(P)s 3(aul)k +7756(V)s 25(.)k 8030(Mockapetris)s 9129(\(ISI\))s 9504(.)s +9709(RFC)s 10191(1035)s 10696(\211)s 7300 -8415(Domain)m 8015(Implementation)s +9348(and)s 9709(Speci\207cation)s 10748(,)s 7300 -8655(IETF)m 7721(,)s +7821(1987)s 8221(.)s 6300 -9059([)m 6366(RFC1123)s 7143(])s +7300(R.)s 7569(Braden,)s 8280(Ed)s 8502(i)s 8557(tor)s +8778(.)s 8964(RFC)s 9427(1123)s 9913(\211)s 10099(Re)s +10320(quire)s 10729(-)s 7300 -9299(ments)m 7840(for)s 8137(In)s +8303(ter)s 8512(net)s 8820(Hosts)s 9338(\211)s 9503(Ap)s +9747(pli)s 9957(ca)s 10133(tion)s 10508(and)s 7300 -9539(Sup)m +7611(port)s 7932(,)s 8032(IETF)s 8453(,)s 8553(1989)s +8953(.)s 6300 -9959([)m 6366(RFC1510)s 7143(])s 7300(John)s +7795(T)s 14(.)k 8071(K)s 7(ohl,)k 8631(et)s +8892(al)s 9035(.)s 9253(RFC)s 9748(1510)s 10266(\211)s +10484(The)s 7300 -10199(K)m 5(erberos)k 8124(Netw)s 2(ork)k +8919(Authentication)s 10202(Service)s 7300 -10439(\(V5\))m 7676(,)s 7776(IETF)s +8197(,)s 8297(1993)s 8697(.)s 6300 -10850([)m 6366(RFC1760)s +7143(])s 7300(N.)s 7651(Haller)s 8147(.)s 8404(RFC)s +8938(1760)s 9495(\211)s 9752(The)s 10219(S/KEY)s 7300 -11090(One-T)m 7(ime)k +8161(P)s 3(assw)k 2(ord)k 8969(System)s 9555(,)s +9655(IETF)s 10076(,)s 10176(1995)s 10576(.)s gsave +6300 -14117 translate +200 fnt82 0.0 0.0 0.0 setrgbcolor 1134 0 0 0 200 240 50 LoutGraphic +gsave +0 0 moveto xsize 0 lineto stroke +grestore + +grestore +102 fnt82 +0.0 0.0 0.0 setrgbcolor 6300 -14298(1)m 160 fnt82 6351 -14369(see)m 140 fnt37 +6595 -14370(http://www)m 5(.isc.or)k 2(g/isc/)k 160 fnt82 8056 -14369(.)m + +grestore + +pgsave restore +showpage + +%%Trailer +%%DocumentNeededResources: font Helvetica-Bold +%%+ font Symbol +%%+ font Times-Roman +%%+ font Times-Italic +%%+ font Times-Bold +%%DocumentSuppliedResources: procset LoutStartUp +%%+ procset LoutTabPrependGraphic +%%+ procset LoutFigPrependGraphic +%%+ encoding vec1 +%%Pages: 8 +%%EOF diff --git a/usr.sbin/named/doc/rfc/rfc1032 b/usr.sbin/named/doc/rfc/rfc1032 new file mode 100644 index 00000000000..0e82721cee7 --- /dev/null +++ b/usr.sbin/named/doc/rfc/rfc1032 @@ -0,0 +1,781 @@ +Network Working Group M. Stahl +Request for Comments: 1032 SRI International + November 1987 + + + DOMAIN ADMINISTRATORS GUIDE + + +STATUS OF THIS MEMO + + This memo describes procedures for registering a domain with the + Network Information Center (NIC) of Defense Data Network (DDN), and + offers guidelines on the establishment and administration of a domain + in accordance with the requirements specified in RFC-920. It is + intended for use by domain administrators. This memo should be used + in conjunction with RFC-920, which is an official policy statement of + the Internet Activities Board (IAB) and the Defense Advanced Research + Projects Agency (DARPA). Distribution of this memo is unlimited. + +BACKGROUND + + Domains are administrative entities that provide decentralized + management of host naming and addressing. The domain-naming system + is distributed and hierarchical. + + The NIC is designated by the Defense Communications Agency (DCA) to + provide registry services for the domain-naming system on the DDN and + DARPA portions of the Internet. + + As registrar of top-level and second-level domains, as well as + administrator of the root domain name servers on behalf of DARPA and + DDN, the NIC is responsible for maintaining the root server zone + files and their binary equivalents. In addition, the NIC is + responsible for administering the top-level domains of "ARPA," "COM," + "EDU," "ORG," "GOV," and "MIL" on behalf of DCA and DARPA until it + becomes feasible for other appropriate organizations to assume those + responsibilities. + + It is recommended that the guidelines described in this document be + used by domain administrators in the establishment and control of + second-level domains. + +THE DOMAIN ADMINISTRATOR + + The role of the domain administrator (DA) is that of coordinator, + manager, and technician. If his domain is established at the second + level or lower in the tree, the DA must register by interacting with + the management of the domain directly above his, making certain that + + + +Stahl [Page 1] + +RFC 1032 DOMAIN ADMINISTRATORS GUIDE November 1987 + + + his domain satisfies all the requirements of the administration under + which his domain would be situated. To find out who has authority + over the name space he wishes to join, the DA can ask the NIC + Hostmaster. Information on contacts for the top-level and second- + level domains can also be found on line in the file NETINFO:DOMAIN- + CONTACTS.TXT, which is available from the NIC via anonymous FTP. + + The DA should be technically competent; he should understand the + concepts and procedures for operating a domain server, as described + in RFC-1034, and make sure that the service provided is reliable and + uninterrupted. It is his responsibility or that of his delegate to + ensure that the data will be current at all times. As a manager, the + DA must be able to handle complaints about service provided by his + domain name server. He must be aware of the behavior of the hosts in + his domain, and take prompt action on reports of problems, such as + protocol violations or other serious misbehavior. The administrator + of a domain must be a responsible person who has the authority to + either enforce these actions himself or delegate them to someone + else. + + Name assignments within a domain are controlled by the DA, who should + verify that names are unique within his domain and that they conform + to standard naming conventions. He furnishes access to names and + name-related information to users both inside and outside his domain. + He should work closely with the personnel he has designated as the + "technical and zone" contacts for his domain, for many administrative + decisions will be made on the basis of input from these people. + +THE DOMAIN TECHNICAL AND ZONE CONTACT + + A zone consists of those contiguous parts of the domain tree for + which a domain server has complete information and over which it has + authority. A domain server may be authoritative for more than one + zone. The domain technical/zone contact is the person who tends to + the technical aspects of maintaining the domain's name server and + resolver software, and database files. He keeps the name server + running, and interacts with technical people in other domains and + zones to solve problems that affect his zone. + +POLICIES + + Domain or host name choices and the allocation of domain name space + are considered to be local matters. In the event of conflicts, it is + the policy of the NIC not to get involved in local disputes or in the + local decision-making process. The NIC will not act as referee in + disputes over such matters as who has the "right" to register a + particular top-level or second-level domain for an organization. The + NIC considers this a private local matter that must be settled among + + + +Stahl [Page 2] + +RFC 1032 DOMAIN ADMINISTRATORS GUIDE November 1987 + + + the parties involved prior to their commencing the registration + process with the NIC. Therefore, it is assumed that the responsible + person for a domain will have resolved any local conflicts among the + members of his domain before registering that domain with the NIC. + The NIC will give guidance, if requested, by answering specific + technical questions, but will not provide arbitration in disputes at + the local level. This policy is also in keeping with the distributed + hierarchical nature of the domain-naming system in that it helps to + distribute the tasks of solving problems and handling questions. + + Naming conventions for hosts should follow the rules specified in + RFC-952. From a technical standpoint, domain names can be very long. + Each segment of a domain name may contain up to 64 characters, but + the NIC strongly advises DAs to choose names that are 12 characters + or fewer, because behind every domain system there is a human being + who must keep track of the names, addresses, contacts, and other data + in a database. The longer the name, the more likely the data + maintainer is to make a mistake. Users also will appreciate shorter + names. Most people agree that short names are easier to remember and + type; most domain names registered so far are 12 characters or fewer. + + Domain name assignments are made on a first-come-first-served basis. + The NIC has chosen not to register individual hosts directly under + the top-level domains it administers. One advantage of the domain + naming system is that administration and data maintenance can be + delegated down a hierarchical tree. Registration of hosts at the + same level in the tree as a second-level domain would dilute the + usefulness of this feature. In addition, the administrator of a + domain is responsible for the actions of hosts within his domain. We + would not want to find ourselves in the awkward position of policing + the actions of individual hosts. Rather, the subdomains registered + under these top-level domains retain the responsibility for this + function. + + Countries that wish to be registered as top-level domains are + required to name themselves after the two-letter country code listed + in the international standard ISO-3166. In some cases, however, the + two-letter ISO country code is identical to a state code used by the + U.S. Postal Service. Requests made by countries to use the three- + letter form of country code specified in the ISO-3166 standard will + be considered in such cases so as to prevent possible conflicts and + confusion. + + + + + + + + + +Stahl [Page 3] + +RFC 1032 DOMAIN ADMINISTRATORS GUIDE November 1987 + + +HOW TO REGISTER + + Obtain a domain questionnaire from the NIC hostmaster, or FTP the + file NETINFO:DOMAIN-TEMPLATE.TXT from host SRI-NIC.ARPA. + + Fill out the questionnaire completely. Return it via electronic mail + to HOSTMASTER@SRI-NIC.ARPA. + + The APPENDIX to this memo contains the application form for + registering a top-level or second-level domain with the NIC. It + supersedes the version of the questionnaire found in RFC-920. The + application should be submitted by the person administratively + responsible for the domain, and must be filled out completely before + the NIC will authorize establishment of a top-level or second-level + domain. The DA is responsible for keeping his domain's data current + with the NIC or with the registration agent with which his domain is + registered. For example, the CSNET and UUCP managements act as + domain filters, processing domain applications for their own + organizations. They pass pertinent information along periodically to + the NIC for incorporation into the domain database and root server + files. The online file NETINFO:ALTERNATE-DOMAIN-PROCEDURE.TXT + outlines this procedure. It is highly recommended that the DA review + this information periodically and provide any corrections or + additions. Corrections should be submitted via electronic mail. + +WHICH DOMAIN NAME? + + The designers of the domain-naming system initiated several general + categories of names as top-level domain names, so that each could + accommodate a variety of organizations. The current top-level + domains registered with the DDN Network Information Center are ARPA, + COM, EDU, GOV, MIL, NET, and ORG, plus a number of top-level country + domains. To join one of these, a DA needs to be aware of the purpose + for which it was intended. + + "ARPA" is a temporary domain. It is by default appended to the + names of hosts that have not yet joined a domain. When the system + was begun in 1984, the names of all hosts in the Official DoD + Internet Host Table maintained by the NIC were changed by adding + of the label ".ARPA" in order to accelerate a transition to the + domain-naming system. Another reason for the blanket name changes + was to force hosts to become accustomed to using the new style + names and to modify their network software, if necessary. This + was done on a network-wide basis and was directed by DCA in DDN + Management Bulletin No. 22. Hosts that fall into this domain will + eventually move to other branches of the domain tree. + + + + + +Stahl [Page 4] + +RFC 1032 DOMAIN ADMINISTRATORS GUIDE November 1987 + + + "COM" is meant to incorporate subdomains of companies and + businesses. + + "EDU" was initiated to accommodate subdomains set up by + universities and other educational institutions. + + "GOV" exists to act as parent domain for subdomains set up by + government agencies. + + "MIL" was initiated to act as parent to subdomains that are + developed by military organizations. + + "NET" was introduced as a parent domain for various network-type + organizations. Organizations that belong within this top-level + domain are generic or network-specific, such as network service + centers and consortia. "NET" also encompasses network + management-related organizations, such as information centers and + operations centers. + + "ORG" exists as a parent to subdomains that do not clearly fall + within the other top-level domains. This may include technical- + support groups, professional societies, or similar organizations. + + One of the guidelines in effect in the domain-naming system is that a + host should have only one name regardless of what networks it is + connected to. This implies, that, in general, domain names should + not include routing information or addresses. For example, a host + that has one network connection to the Internet and another to BITNET + should use the same name when talking to either network. For a + description of the syntax of domain names, please refer to Section 3 + of RFC-1034. + +VERIFICATION OF DATA + + The verification process can be accomplished in several ways. One of + these is through the NIC WHOIS server. If he has access to WHOIS, + the DA can type the command "whois domain <domain name><return>". + The reply from WHOIS will supply the following: the name and address + of the organization "owning" the domain; the name of the domain; its + administrative, technical, and zone contacts; the host names and + network addresses of sites providing name service for the domain. + + + + + + + + + + +Stahl [Page 5] + +RFC 1032 DOMAIN ADMINISTRATORS GUIDE November 1987 + + + Example: + + @whois domain rice.edu<Return> + + Rice University (RICE-DOM) + Advanced Studies and Research + Houston, TX 77001 + + Domain Name: RICE.EDU + + Administrative Contact: + Kennedy, Ken (KK28) Kennedy@LLL-CRG.ARPA (713) 527-4834 + Technical Contact, Zone Contact: + Riffle, Vicky R. (VRR) rif@RICE.EDU + (713) 527-8101 ext 3844 + + Domain servers: + + RICE.EDU 128.42.5.1 + PENDRAGON.CS.PURDUE.EDU 128.10.2.5 + + + Alternatively, the DA can send an electronic mail message to + SERVICE@SRI-NIC.ARPA. In the subject line of the message header, the + DA should type "whois domain <domain name>". The requested + information will be returned via electronic mail. This method is + convenient for sites that do not have access to the NIC WHOIS + service. + + The initial application for domain authorization should be submitted + via electronic mail, if possible, to HOSTMASTER@SRI-NIC.ARPA. The + questionnaire described in the appendix may be used or a separate + application can be FTPed from host SRI-NIC.ARPA. The information + provided by the administrator will be reviewed by hostmaster + personnel for completeness. There will most likely be a few + exchanges of correspondence via electronic mail, the preferred method + of communication, prior to authorization of the domain. + +HOW TO GET MORE INFORMATION + + An informational table of the top-level domains and their root + servers is contained in the file NETINFO:DOMAINS.TXT online at SRI- + NIC.ARPA. This table can be obtained by FTPing the file. + Alternatively, the information can be acquired by opening a TCP or + UDP connection to the NIC Host Name Server, port 101 on SRI-NIC.ARPA, + and invoking the command "ALL-DOM". + + + + + +Stahl [Page 6] + +RFC 1032 DOMAIN ADMINISTRATORS GUIDE November 1987 + + + The following online files, all available by FTP from SRI-NIC.ARPA, + contain pertinent domain information: + + - NETINFO:DOMAINS.TXT, a table of all top-level domains and the + network addresses of the machines providing domain name + service for them. It is updated each time a new top-level + domain is approved. + + - NETINFO:DOMAIN-INFO.TXT contains a concise list of all + top-level and second-level domain names registered with the + NIC and is updated monthly. + + - NETINFO:DOMAIN-CONTACTS.TXT also contains a list of all the + top level and second-level domains, but includes the + administrative, technical and zone contacts for each as well. + + - NETINFO:DOMAIN-TEMPLATE.TXT contains the questionnaire to be + completed before registering a top-level or second-level + domain. + + For either general or specific information on the domain system, do + one or more of the following: + + 1. Send electronic mail to HOSTMASTER@SRI-NIC.ARPA + + 2. Call the toll-free NIC hotline at (800) 235-3155 + + 3. Use FTP to get background RFCs and other files maintained + online at the NIC. Some pertinent RFCs are listed below in + the REFERENCES section of this memo. + + + + + + + + + + + + + + + + + + + + + +Stahl [Page 7] + +RFC 1032 DOMAIN ADMINISTRATORS GUIDE November 1987 + + +REFERENCES + + The references listed here provide important background information + on the domain-naming system. Path names of the online files + available via anonymous FTP from the SRI-NIC.ARPA host are noted in + brackets. + + 1. Defense Communications Agency DDN Defense Communications + System, DDN Management Bulletin No. 22, Domain Names + Transition, March 1984. + [ DDN-NEWS:DDN-MGT-BULLETIN-22.TXT ] + + 2. Defense Communications Agency DDN Defense Communications + System, DDN Management Bulletin No. 32, Phase I of the Domain + Name Implementation, January 1987. + [ DDN-NEWS:DDN-MGT-BULLETIN-32.TXT ] + + 3. Harrenstien, K., M. Stahl, and E. Feinler, "Hostname + Server", RFC-953, DDN Network Information Center, SRI + International, October 1985. [ RFC:RFC953.TXT ] + + 4. Harrenstien, K., M. Stahl, and E. Feinler, "Official DoD + Internet Host Table Specification", RFC-952, DDN Network + Information Center, SRI International, October 1985. + [ RFC:RFC952.TXT ] + + 5. ISO, "Codes for the Representation of Names of Countries", + ISO-3166, International Standards Organization, May 1981. + [ Not online ] + + 6. Lazear, W.D., "MILNET Name Domain Transition", RFC-1031, + Mitre Corporation, October 1987. [ RFC:RFC1031.TXT ] + + 7. Lottor, M.K., "Domain Administrators Operations Guide", + RFC-1033, DDN Network Information Center, SRI International, + July 1987. [ RFC:RFC1033.TXT ] + + 8. Mockapetris, P., "Domain Names - Concepts and Facilities", + RFC-1034, USC Information Sciences Institute, October 1987. + [ RFC:RFC1034.TXT ] + + 9. Mockapetris, P., "Domain Names - Implementation and + Specification", RFC-1035, USC Information Sciences Institute, + October 1987. [ RFC:RFC1035.TXT ] + + 10. Mockapetris, P., "The Domain Name System", Proceedings of the + IFIP 6.5 Working Conference on Computer Message Services, + Nottingham, England, May 1984. Also as ISI/RS-84-133, June + + + +Stahl [Page 8] + +RFC 1032 DOMAIN ADMINISTRATORS GUIDE November 1987 + + + 1984. [ Not online ] + + 11. Mockapetris, P., J. Postel, and P. Kirton, "Name Server + Design for Distributed Systems", Proceedings of the Seventh + International Conference on Computer Communication, October + 30 to November 3 1984, Sidney, Australia. Also as + ISI/RS-84-132, June 1984. [ Not online ] + + 12. Partridge, C., "Mail Routing and the Domain System", RFC-974, + CSNET-CIC, BBN Laboratories, January 1986. + [ RFC:RFC974.TXT ] + + 13. Postel, J., "The Domain Names Plan and Schedule", RFC-881, + USC Information Sciences Institute, November 1983. + [ RFC:RFC881.TXT ] + + 14. Reynolds, J., and Postel, J., "Assigned Numbers", RFC-1010 + USC Information Sciences Institute, May 1986. + [ RFC:RFC1010.TXT ] + + 15. Romano, S., and Stahl, M., "Internet Numbers", RFC-1020, + SRI, November 1987. + [ RFC:RFC1020.TXT ] + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Stahl [Page 9] + +RFC 1032 DOMAIN ADMINISTRATORS GUIDE November 1987 + + +APPENDIX + + The following questionnaire may be FTPed from SRI-NIC.ARPA as + NETINFO:DOMAIN-TEMPLATE.TXT. + + --------------------------------------------------------------------- + + To establish a domain, the following information must be sent to the + NIC Domain Registrar (HOSTMASTER@SRI-NIC.ARPA): + + NOTE: The key people must have electronic mailboxes and NIC + "handles," unique NIC database identifiers. If you have access to + "WHOIS", please check to see if you are registered and if so, make + sure the information is current. Include only your handle and any + changes (if any) that need to be made in your entry. If you do not + have access to "WHOIS", please provide all the information indicated + and a NIC handle will be assigned. + + (1) The name of the top-level domain to join. + + For example: COM + + (2) The NIC handle of the administrative head of the organization. + Alternately, the person's name, title, mailing address, phone number, + organization, and network mailbox. This is the contact point for + administrative and policy questions about the domain. In the case of + a research project, this should be the principal investigator. + + For example: + + Administrator + + Organization The NetWorthy Corporation + Name Penelope Q. Sassafrass + Title President + Mail Address The NetWorthy Corporation + 4676 Andrews Way, Suite 100 + Santa Clara, CA 94302-1212 + Phone Number (415) 123-4567 + Net Mailbox Sassafrass@ECHO.TNC.COM + NIC Handle PQS + + (3) The NIC handle of the technical contact for the domain. + Alternately, the person's name, title, mailing address, phone number, + organization, and network mailbox. This is the contact point for + problems concerning the domain or zone, as well as for updating + information about the domain or zone. + + + + +Stahl [Page 10] + +RFC 1032 DOMAIN ADMINISTRATORS GUIDE November 1987 + + + For example: + + Technical and Zone Contact + + Organization The NetWorthy Corporation + Name Ansel A. Aardvark + Title Executive Director + Mail Address The NetWorthy Corporation + 4676 Andrews Way, Suite 100 + Santa Clara, CA. 94302-1212 + Phone Number (415) 123-6789 + Net Mailbox Aardvark@ECHO.TNC.COM + NIC Handle AAA2 + + (4) The name of the domain (up to 12 characters). This is the name + that will be used in tables and lists associating the domain with the + domain server addresses. [While, from a technical standpoint, domain + names can be quite long (programmers beware), shorter names are + easier for people to cope with.] + + For example: TNC + + (5) A description of the servers that provide the domain service for + translating names to addresses for hosts in this domain, and the date + they will be operational. + + A good way to answer this question is to say "Our server is + supplied by person or company X and does whatever their standard + issue server does." + + For example: Our server is a copy of the one operated by + the NIC; it will be installed and made operational on + 1 November 1987. + + (6) Domains must provide at least two independent servers for the + domain. Establishing the servers in physically separate locations + and on different PSNs is strongly recommended. A description of the + server machine and its backup, including + + + + + + + + + + + + + +Stahl [Page 11] + +RFC 1032 DOMAIN ADMINISTRATORS GUIDE November 1987 + + + (a) Hardware and software (using keywords from the Assigned + Numbers RFC). + + (b) Host domain name and network addresses (which host on which + network for each connected network). + + (c) Any domain-style nicknames (please limit your domain-style + nickname request to one) + + For example: + + - Hardware and software + + VAX-11/750 and UNIX, or + IBM-PC and MS-DOS, or + DEC-1090 and TOPS-20 + + - Host domain names and network addresses + + BAR.FOO.COM 10.9.0.193 on ARPANET + + - Domain-style nickname + + BR.FOO.COM (same as BAR.FOO.COM 10.9.0.13 on ARPANET) + + (7) Planned mapping of names of any other network hosts, other than + the server machines, into the new domain's naming space. + + For example: + + BAR-FOO2.ARPA (10.8.0.193) -> FOO2.BAR.COM + BAR-FOO3.ARPA (10.7.0.193) -> FOO3.BAR.COM + BAR-FOO4.ARPA (10.6.0.193) -> FOO4.BAR.COM + + + (8) An estimate of the number of hosts that will be in the domain. + + (a) Initially + (b) Within one year + (c) Two years + (d) Five years. + + For example: + + (a) Initially = 50 + (b) One year = 100 + (c) Two years = 200 + (d) Five years = 500 + + + +Stahl [Page 12] + +RFC 1032 DOMAIN ADMINISTRATORS GUIDE November 1987 + + + (9) The date you expect the fully qualified domain name to become + the official host name in HOSTS.TXT. + + Please note: If changing to a fully qualified domain name (e.g., + FOO.BAR.COM) causes a change in the official host name of an + ARPANET or MILNET host, DCA approval must be obtained beforehand. + Allow 10 working days for your requested changes to be processed. + + ARPANET sites should contact ARPANETMGR@DDN1.ARPA. MILNET sites + should contact HOSTMASTER@SRI-NIC.ARPA, 800-235-3155, for + further instructions. + + (10) Please describe your organization briefly. + + For example: The NetWorthy Corporation is a consulting + organization of people working with UNIX and the C language in an + electronic networking environment. It sponsors two technical + conferences annually and distributes a bimonthly newsletter. + + --------------------------------------------------------------------- + + This example of a completed application corresponds to the examples + found in the companion document RFC-1033, "Domain Administrators + Operations Guide." + + (1) The name of the top-level domain to join. + + COM + + (2) The NIC handle of the administrative contact person. + + NIC Handle JAKE + + (3) The NIC handle of the domain's technical and zone + contact person. + + NIC Handle DLE6 + + (4) The name of the domain. + + SRI + + (5) A description of the servers. + + Our server is the TOPS20 server JEEVES supplied by ISI; it + will be installed and made operational on 1 July 1987. + + + + + +Stahl [Page 13] + +RFC 1032 DOMAIN ADMINISTRATORS GUIDE November 1987 + + + (6) A description of the server machine and its backup: + + (a) Hardware and software + + DEC-1090T and TOPS20 + DEC-2065 and TOPS20 + + (b) Host domain name and network address + + KL.SRI.COM 10.1.0.2 on ARPANET, 128.18.10.6 on SRINET + STRIPE.SRI.COM 10.4.0.2 on ARPANET, 128.18.10.4 on SRINET + + (c) Domain-style nickname + + None + + (7) Planned mapping of names of any other network hosts, other than + the server machines, into the new domain's naming space. + + SRI-Blackjack.ARPA (128.18.2.1) -> Blackjack.SRI.COM + SRI-CSL.ARPA (192.12.33.2) -> CSL.SRI.COM + + (8) An estimate of the number of hosts that will be directly within + this domain. + + (a) Initially = 50 + (b) One year = 100 + (c) Two years = 200 + (d) Five years = 500 + + (9) A date when you expect the fully qualified domain name to become + the official host name in HOSTS.TXT. + + 31 September 1987 + + (10) Brief description of organization. + + SRI International is an independent, nonprofit, scientific + research organization. It performs basic and applied research + for government and commercial clients, and contributes to + worldwide economic, scientific, industrial, and social progress + through research and related services. + + + + + + + + + +Stahl [Page 14] + diff --git a/usr.sbin/named/doc/rfc/rfc1033 b/usr.sbin/named/doc/rfc/rfc1033 new file mode 100644 index 00000000000..37029fd9ae0 --- /dev/null +++ b/usr.sbin/named/doc/rfc/rfc1033 @@ -0,0 +1,1229 @@ +Network Working Group M. Lottor +Request For Comments: 1033 SRI International + November 1987 + + + DOMAIN ADMINISTRATORS OPERATIONS GUIDE + + + +STATUS OF THIS MEMO + + This RFC provides guidelines for domain administrators in operating a + domain server and maintaining their portion of the hierarchical + database. Familiarity with the domain system is assumed. + Distribution of this memo is unlimited. + +ACKNOWLEDGMENTS + + This memo is a formatted collection of notes and excerpts from the + references listed at the end of this document. Of particular mention + are Paul Mockapetris and Kevin Dunlap. + +INTRODUCTION + + A domain server requires a few files to get started. It will + normally have some number of boot/startup files (also known as the + "safety belt" files). One section will contain a list of possible + root servers that the server will use to find the up-to-date list of + root servers. Another section will list the zone files to be loaded + into the server for your local domain information. A zone file + typically contains all the data for a particular domain. This guide + describes the data formats that can be used in zone files and + suggested parameters to use for certain fields. If you are + attempting to do anything advanced or tricky, consult the appropriate + domain RFC's for more details. + + Note: Each implementation of domain software may require different + files. Zone files are standardized but some servers may require + other startup files. See the appropriate documentation that comes + with your software. See the appendix for some specific examples. + +ZONES + + A zone defines the contents of a contiguous section of the domain + space, usually bounded by administrative boundaries. There will + typically be a separate data file for each zone. The data contained + in a zone file is composed of entries called Resource Records (RRs). + + + + +Lottor [Page 1] + +RFC 1033 DOMAIN OPERATIONS GUIDE November 1987 + + + You may only put data in your domain server that you are + authoritative for. You must not add entries for domains other than + your own (except for the special case of "glue records"). + + A domain server will probably read a file on start-up that lists the + zones it should load into its database. The format of this file is + not standardized and is different for most domain server + implementations. For each zone it will normally contain the domain + name of the zone and the file name that contains the data to load for + the zone. + +ROOT SERVERS + + A resolver will need to find the root servers when it first starts. + When the resolver boots, it will typically read a list of possible + root servers from a file. + + The resolver will cycle through the list trying to contact each one. + When it finds a root server, it will ask it for the current list of + root servers. It will then discard the list of root servers it read + from the data file and replace it with the current list it received. + + Root servers will not change very often. You can get the names of + current root servers from the NIC. + + FTP the file NETINFO:ROOT-SERVERS.TXT or send a mail request to + NIC@SRI-NIC.ARPA. + + As of this date (June 1987) they are: + + SRI-NIC.ARPA 10.0.0.51 26.0.0.73 + C.ISI.EDU 10.0.0.52 + BRL-AOS.ARPA 192.5.25.82 192.5.22.82 128.20.1.2 + A.ISI.EDU 26.3.0.103 + +RESOURCE RECORDS + + Records in the zone data files are called resource records (RRs). + They are specified in RFC-883 and RFC-973. An RR has a standard + format as shown: + + <name> [<ttl>] [<class>] <type> <data> + + The record is divided into fields which are separated by white space. + + <name> + + The name field defines what domain name applies to the given + + + +Lottor [Page 2] + +RFC 1033 DOMAIN OPERATIONS GUIDE November 1987 + + + RR. In some cases the name field can be left blank and it will + default to the name field of the previous RR. + + <ttl> + + TTL stands for Time To Live. It specifies how long a domain + resolver should cache the RR before it throws it out and asks a + domain server again. See the section on TTL's. If you leave + the TTL field blank it will default to the minimum time + specified in the SOA record (described later). + + <class> + + The class field specifies the protocol group. If left blank it + will default to the last class specified. + + <type> + + The type field specifies what type of data is in the RR. See + the section on types. + + <data> + + The data field is defined differently for each type and class + of data. Popular RR data formats are described later. + + The domain system does not guarantee to preserve the order of + resource records. Listing RRs (such as multiple address records) in + a certain order does not guarantee they will be used in that order. + + Case is preserved in names and data fields when loaded into the name + server. All comparisons and lookups in the name server are case + insensitive. + + Parenthesis ("(",")") are used to group data that crosses a line + boundary. + + A semicolon (";") starts a comment; the remainder of the line is + ignored. + + The asterisk ("*") is used for wildcarding. + + The at-sign ("@") denotes the current default domain name. + + + + + + + + +Lottor [Page 3] + +RFC 1033 DOMAIN OPERATIONS GUIDE November 1987 + + +NAMES + + A domain name is a sequence of labels separated by dots. + + Domain names in the zone files can be one of two types, either + absolute or relative. An absolute name is the fully qualified domain + name and is terminated with a period. A relative name does not + terminate with a period, and the current default domain is appended + to it. The default domain is usually the name of the domain that was + specified in the boot file that loads each zone. + + The domain system allows a label to contain any 8-bit character. + Although the domain system has no restrictions, other protocols such + as SMTP do have name restrictions. Because of other protocol + restrictions, only the following characters are recommended for use + in a host name (besides the dot separator): + + "A-Z", "a-z", "0-9", dash and underscore + +TTL's (Time To Live) + + It is important that TTLs are set to appropriate values. The TTL is + the time (in seconds) that a resolver will use the data it got from + your server before it asks your server again. If you set the value + too low, your server will get loaded down with lots of repeat + requests. If you set it too high, then information you change will + not get distributed in a reasonable amount of time. If you leave the + TTL field blank, it will default to what is specified in the SOA + record for the zone. + + Most host information does not change much over long time periods. A + good way to set up your TTLs would be to set them at a high value, + and then lower the value if you know a change will be coming soon. + You might set most TTLs to anywhere between a day (86400) and a week + (604800). Then, if you know some data will be changing in the near + future, set the TTL for that RR down to a lower value (an hour to a + day) until the change takes place, and then put it back up to its + previous value. + + Also, all RRs with the same name, class, and type should have the + same TTL value. + +CLASSES + + The domain system was designed to be protocol independent. The class + field is used to identify the protocol group that each RR is in. + + The class of interest to people using TCP/IP software is the class + + + +Lottor [Page 4] + +RFC 1033 DOMAIN OPERATIONS GUIDE November 1987 + + + "Internet". Its standard designation is "IN". + + A zone file should only contain RRs of the same class. + +TYPES + + There are many defined RR types. For a complete list, see the domain + specification RFCs. Here is a list of current commonly used types. + The data for each type is described in the data section. + + Designation Description + ========================================== + SOA Start Of Authority + NS Name Server + + A Internet Address + CNAME Canonical Name (nickname pointer) + HINFO Host Information + WKS Well Known Services + + MX Mail Exchanger + + PTR Pointer + +SOA (Start Of Authority) + + <name> [<ttl>] [<class>] SOA <origin> <person> ( + <serial> + <refresh> + <retry> + <expire> + <minimum> ) + + The Start Of Authority record designates the start of a zone. The + zone ends at the next SOA record. + + <name> is the name of the zone. + + <origin> is the name of the host on which the master zone file + resides. + + <person> is a mailbox for the person responsible for the zone. It is + formatted like a mailing address but the at-sign that normally + separates the user from the host name is replaced with a dot. + + <serial> is the version number of the zone file. It should be + incremented anytime a change is made to data in the zone. + + + + +Lottor [Page 5] + +RFC 1033 DOMAIN OPERATIONS GUIDE November 1987 + + + <refresh> is how long, in seconds, a secondary name server is to + check with the primary name server to see if an update is needed. A + good value here would be one hour (3600). + + <retry> is how long, in seconds, a secondary name server is to retry + after a failure to check for a refresh. A good value here would be + 10 minutes (600). + + <expire> is the upper limit, in seconds, that a secondary name server + is to use the data before it expires for lack of getting a refresh. + You want this to be rather large, and a nice value is 3600000, about + 42 days. + + <minimum> is the minimum number of seconds to be used for TTL values + in RRs. A minimum of at least a day is a good value here (86400). + + There should only be one SOA record per zone. A sample SOA record + would look something like: + + @ IN SOA SRI-NIC.ARPA. HOSTMASTER.SRI-NIC.ARPA. ( + 45 ;serial + 3600 ;refresh + 600 ;retry + 3600000 ;expire + 86400 ) ;minimum + + +NS (Name Server) + + <domain> [<ttl>] [<class>] NS <server> + + The NS record lists the name of a machine that provides domain + service for a particular domain. The name associated with the RR is + the domain name and the data portion is the name of a host that + provides the service. If machines SRI-NIC.ARPA and C.ISI.EDU provide + name lookup service for the domain COM then the following entries + would be used: + + COM. NS SRI-NIC.ARPA. + NS C.ISI.EDU. + + Note that the machines providing name service do not have to live in + the named domain. There should be one NS record for each server for + a domain. Also note that the name "COM" defaults for the second NS + record. + + NS records for a domain exist in both the zone that delegates the + domain, and in the domain itself. + + + +Lottor [Page 6] + +RFC 1033 DOMAIN OPERATIONS GUIDE November 1987 + + +GLUE RECORDS + + If the name server host for a particular domain is itself inside the + domain, then a 'glue' record will be needed. A glue record is an A + (address) RR that specifies the address of the server. Glue records + are only needed in the server delegating the domain, not in the + domain itself. If for example the name server for domain SRI.COM was + KL.SRI.COM, then the NS record would look like this, but you will + also need to have the following A record. + + SRI.COM. NS KL.SRI.COM. + KL.SRI.COM. A 10.1.0.2 + + +A (Address) + + <host> [<ttl>] [<class>] A <address> + + The data for an A record is an internet address in dotted decimal + form. A sample A record might look like: + + SRI-NIC.ARPA. A 10.0.0.51 + + There should be one A record for each address of a host. + +CNAME ( Canonical Name) + + <nickname> [<ttl>] [<class>] CNAME <host> + + The CNAME record is used for nicknames. The name associated with the + RR is the nickname. The data portion is the official name. For + example, a machine named SRI-NIC.ARPA may want to have the nickname + NIC.ARPA. In that case, the following RR would be used: + + NIC.ARPA. CNAME SRI-NIC.ARPA. + + There must not be any other RRs associated with a nickname of the + same class. + + Nicknames are also useful when a host changes it's name. In that + case, it is usually a good idea to have a CNAME pointer so that + people still using the old name will get to the right place. + + + + + + + + + +Lottor [Page 7] + +RFC 1033 DOMAIN OPERATIONS GUIDE November 1987 + + +HINFO (Host Info) + + <host> [<ttl>] [<class>] HINFO <hardware> <software> + + The HINFO record gives information about a particular host. The data + is two strings separated by whitespace. The first string is a + hardware description and the second is software. The hardware is + usually a manufacturer name followed by a dash and model designation. + The software string is usually the name of the operating system. + + Official HINFO types can be found in the latest Assigned Numbers RFC, + the latest of which is RFC-1010. The Hardware type is called the + Machine name and the Software type is called the System name. + + Some sample HINFO records: + + SRI-NIC.ARPA. HINFO DEC-2060 TOPS20 + UCBARPA.Berkeley.EDU. HINFO VAX-11/780 UNIX + + +WKS (Well Known Services) + + <host> [<ttl>] [<class>] WKS <address> <protocol> <services> + + The WKS record is used to list Well Known Services a host provides. + WKS's are defined to be services on port numbers below 256. The WKS + record lists what services are available at a certain address using a + certain protocol. The common protocols are TCP or UDP. A sample WKS + record for a host offering the same services on all address would + look like: + + Official protocol names can be found in the latest Assigned Numbers + RFC, the latest of which is RFC-1010. + + SRI-NIC.ARPA. WKS 10.0.0.51 TCP TELNET FTP SMTP + WKS 10.0.0.51 UDP TIME + WKS 26.0.0.73 TCP TELNET FTP SMTP + WKS 26.0.0.73 UDP TIME + +MX (Mail Exchanger) (See RFC-974 for more details.) + + <name> [<ttl>] [<class>] MX <preference> <host> + + MX records specify where mail for a domain name should be delivered. + There may be multiple MX records for a particular name. The + preference value specifies the order a mailer should try multiple MX + records when delivering mail. Zero is the highest preference. + Multiple records for the same name may have the same preference. + + + +Lottor [Page 8] + +RFC 1033 DOMAIN OPERATIONS GUIDE November 1987 + + + A host BAR.FOO.COM may want its mail to be delivered to the host + PO.FOO.COM and would then use the MX record: + + BAR.FOO.COM. MX 10 PO.FOO.COM. + + A host BAZ.FOO.COM may want its mail to be delivered to one of three + different machines, in the following order: + + BAZ.FOO.COM. MX 10 PO1.FOO.COM. + MX 20 PO2.FOO.COM. + MX 30 PO3.FOO.COM. + + An entire domain of hosts not connected to the Internet may want + their mail to go through a mail gateway that knows how to deliver + mail to them. If they would like mail addressed to any host in the + domain FOO.COM to go through the mail gateway they might use: + + FOO.COM. MX 10 RELAY.CS.NET. + *.FOO.COM. MX 20 RELAY.CS.NET. + + Note that you can specify a wildcard in the MX record to match on + anything in FOO.COM, but that it won't match a plain FOO.COM. + +IN-ADDR.ARPA + + The structure of names in the domain system is set up in a + hierarchical way such that the address of a name can be found by + tracing down the domain tree contacting a server for each label of + the name. Because of this 'indexing' based on name, there is no easy + way to translate a host address back into its host name. + + In order to do the reverse translation easily, a domain was created + that uses hosts' addresses as part of a name that then points to the + data for that host. In this way, there is now an 'index' to hosts' + RRs based on their address. This address mapping domain is called + IN-ADDR.ARPA. Within that domain are subdomains for each network, + based on network number. Also, for consistency and natural + groupings, the 4 octets of a host number are reversed. + + For example, the ARPANET is net 10. That means there is a domain + called 10.IN-ADDR.ARPA. Within this domain there is a PTR RR at + 51.0.0.10.IN-ADDR that points to the RRs for the host SRI-NIC.ARPA + (who's address is 10.0.0.51). Since the NIC is also on the MILNET + (Net 26, address 26.0.0.73), there is also a PTR RR at 73.0.0.26.IN- + ADDR.ARPA that points to the same RR's for SRI-NIC.ARPA. The format + of these special pointers is defined below along with the examples + for the NIC. + + + + +Lottor [Page 9] + +RFC 1033 DOMAIN OPERATIONS GUIDE November 1987 + + +PTR + + <special-name> [<ttl>] [<class>] PTR <name> + + The PTR record is used to let special names point to some other + location in the domain tree. They are mainly used in the IN- + ADDR.ARPA records for translation of addresses to names. PTR's + should use official names and not aliases. + + For example, host SRI-NIC.ARPA with addresses 10.0.0.51 and 26.0.0.73 + would have the following records in the respective zone files for net + 10 and net 26: + + 51.0.0.10.IN-ADDR.ARPA. PTR SRI-NIC.ARPA. + 73.0.0.26.IN-ADDR.ARPA. PTR SRI-NIC.ARPA. + +GATEWAY PTR's + + The IN-ADDR tree is also used to locate gateways on a particular + network. Gateways have the same kind of PTR RRs as hosts (as above) + but in addition they have other PTRs used to locate them by network + number alone. These records have only 1, 2, or 3 octets as part of + the name depending on whether they are class A, B, or C networks, + respectively. + + Lets take the SRI-CSL gateway for example. It connects 3 different + networks, one class A, one class B and one class C. It will have the + standard RR's for a host in the CSL.SRI.COM zone: + + GW.CSL.SRI.COM. A 10.2.0.2 + A 128.18.1.1 + A 192.12.33.2 + + Also, in 3 different zones (one for each network), it will have one + of the following number to name translation pointers: + + 2.0.2.10.IN-ADDR.ARPA. PTR GW.CSL.SRI.COM. + 1.1.18.128.IN-ADDR.ARPA. PTR GW.CSL.SRI.COM. + 1.33.12.192.IN-ADDR.ARPA. PTR GW.CSL.SRI.COM. + + In addition, in each of the same 3 zones will be one of the following + gateway location pointers: + + 10.IN-ADDR.ARPA. PTR GW.CSL.SRI.COM. + 18.128.IN-ADDR.ARPA. PTR GW.CSL.SRI.COM. + 33.12.192.IN-ADDR.ARPA. PTR GW.CSL.SRI.COM. + + + + + +Lottor [Page 10] + +RFC 1033 DOMAIN OPERATIONS GUIDE November 1987 + + +INSTRUCTIONS + + Adding a subdomain. + + To add a new subdomain to your domain: + + Setup the other domain server and/or the new zone file. + + Add an NS record for each server of the new domain to the zone + file of the parent domain. + + Add any necessary glue RRs. + + Adding a host. + + To add a new host to your zone files: + + Edit the appropriate zone file for the domain the host is in. + + Add an entry for each address of the host. + + Optionally add CNAME, HINFO, WKS, and MX records. + + Add the reverse IN-ADDR entry for each host address in the + appropriate zone files for each network the host in on. + + Deleting a host. + + To delete a host from the zone files: + + Remove all the hosts' resource records from the zone file of + the domain the host is in. + + Remove all the hosts' PTR records from the IN-ADDR zone files + for each network the host was on. + + Adding gateways. + + Follow instructions for adding a host. + + Add the gateway location PTR records for each network the + gateway is on. + + Deleting gateways. + + Follow instructions for deleting a host. + + Also delete the gateway location PTR records for each network + + + +Lottor [Page 11] + +RFC 1033 DOMAIN OPERATIONS GUIDE November 1987 + + + the gateway was on. + +COMPLAINTS + + These are the suggested steps you should take if you are having + problems that you believe are caused by someone else's name server: + + + 1. Complain privately to the responsible person for the domain. You + can find their mailing address in the SOA record for the domain. + + 2. Complain publicly to the responsible person for the domain. + + 3. Ask the NIC for the administrative person responsible for the + domain. Complain. You can also find domain contacts on the NIC in + the file NETINFO:DOMAIN-CONTACTS.TXT + + 4. Complain to the parent domain authorities. + + 5. Ask the parent authorities to excommunicate the domain. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Lottor [Page 12] + +RFC 1033 DOMAIN OPERATIONS GUIDE November 1987 + + +EXAMPLE DOMAIN SERVER DATABASE FILES + + The following examples show how zone files are set up for a typical + organization. SRI will be used as the example organization. SRI has + decided to divided their domain SRI.COM into a few subdomains, one + for each group that wants one. The subdomains are CSL and ISTC. + + Note the following interesting items: + + There are both hosts and domains under SRI.COM. + + CSL.SRI.COM is both a domain name and a host name. + + All the domains are serviced by the same pair of domain servers. + + All hosts at SRI are on net 128.18 except hosts in the CSL domain + which are on net 192.12.33. Note that a domain does not have to + correspond to a physical network. + + The examples do not necessarily correspond to actual data in use + by the SRI domain. + + SRI Domain Organization + + +-------+ + | COM | + +-------+ + | + +-------+ + | SRI | + +-------+ + | + +----------++-----------+ + | | | + +-------+ +------+ +-------+ + | CSL | | ISTC | | Hosts | + +-------+ +------+ +-------+ + | | + +-------+ +-------+ + | Hosts | | Hosts | + +-------+ +-------+ + + + + + + + + + + +Lottor [Page 13] + +RFC 1033 DOMAIN OPERATIONS GUIDE November 1987 + + + [File "CONFIG.CMD". Since bootstrap files are not standardized, this + file is presented using a pseudo configuration file syntax.] + + load root server list from file ROOT.SERVERS + load zone SRI.COM. from file SRI.ZONE + load zone CSL.SRI.COM. from file CSL.ZONE + load zone ISTC.SRI.COM. from file ISTC.ZONE + load zone 18.128.IN-ADDR.ARPA. from file SRINET.ZONE + load zone 33.12.192.IN-ADDR.ARPA. from file SRI-CSL-NET.ZONE + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Lottor [Page 14] + +RFC 1033 DOMAIN OPERATIONS GUIDE November 1987 + + + [File "ROOT.SERVERS". Again, the format of this file is not + standardized.] + + ;list of possible root servers + SRI-NIC.ARPA 10.0.0.51 26.0.0.73 + C.ISI.EDU 10.0.0.52 + BRL-AOS.ARPA 192.5.25.82 192.5.22.82 128.20.1.2 + A.ISI.EDU 26.3.0.103 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Lottor [Page 15] + +RFC 1033 DOMAIN OPERATIONS GUIDE November 1987 + + + [File "SRI.ZONE"] + + SRI.COM. IN SOA KL.SRI.COM. DLE.STRIPE.SRI.COM. ( + 870407 ;serial + 1800 ;refresh every 30 minutes + 600 ;retry every 10 minutes + 604800 ;expire after a week + 86400 ;default of an hour + ) + + SRI.COM. NS KL.SRI.COM. + NS STRIPE.SRI.COM. + MX 10 KL.SRI.COM. + + ;SRI.COM hosts + + KL A 10.1.0.2 + A 128.18.10.6 + MX 10 KL.SRI.COM. + + STRIPE A 10.4.0.2 + STRIPE A 128.18.10.4 + MX 10 STRIPE.SRI.COM. + + NIC CNAME SRI-NIC.ARPA. + + Blackjack A 128.18.2.1 + HINFO VAX-11/780 UNIX + WKS 128.18.2.1 TCP TELNET FTP + + CSL A 192.12.33.2 + HINFO FOONLY-F4 TOPS20 + WKS 192.12.33.2 TCP TELNET FTP SMTP FINGER + MX 10 CSL.SRI.COM. + + + + + + + + + + + + + + + + + +Lottor [Page 16] + +RFC 1033 DOMAIN OPERATIONS GUIDE November 1987 + + + [File "CSL.ZONE"] + + CSL.SRI.COM. IN SOA KL.SRI.COM. DLE.STRIPE.SRI.COM. ( + 870330 ;serial + 1800 ;refresh every 30 minutes + 600 ;retry every 10 minutes + 604800 ;expire after a week + 86400 ;default of a day + ) + + CSL.SRI.COM. NS KL.SRI.COM. + NS STRIPE.SRI.COM. + A 192.12.33.2 + + ;CSL.SRI.COM hosts + + A CNAME CSL.SRI.COM. + B A 192.12.33.3 + HINFO FOONLY-F4 TOPS20 + WKS 192.12.33.3 TCP TELNET FTP SMTP + GW A 10.2.0.2 + A 192.12.33.1 + A 128.18.1.1 + HINFO PDP-11/23 MOS + SMELLY A 192.12.33.4 + HINFO IMAGEN IMAGEN + SQUIRREL A 192.12.33.5 + HINFO XEROX-1100 INTERLISP + VENUS A 192.12.33.7 + HINFO SYMBOLICS-3600 LISPM + HELIUM A 192.12.33.30 + HINFO SUN-3/160 UNIX + ARGON A 192.12.33.31 + HINFO SUN-3/75 UNIX + RADON A 192.12.33.32 + HINFO SUN-3/75 UNIX + + + + + + + + + + + + + + + +Lottor [Page 17] + +RFC 1033 DOMAIN OPERATIONS GUIDE November 1987 + + + [File "ISTC.ZONE"] + + ISTC.SRI.COM. IN SOA KL.SRI.COM. roemers.JOYCE.ISTC.SRI.COM. ( + 870406 ;serial + 1800 ;refresh every 30 minutes + 600 ;retry every 10 minutes + 604800 ;expire after a week + 86400 ;default of a day + ) + + ISTC.SRI.COM. NS KL.SRI.COM. + NS STRIPE.SRI.COM. + MX 10 SPAM.ISTC.SRI.COM. + + ; ISTC hosts + + joyce A 128.18.4.2 + HINFO VAX-11/750 UNIX + bozo A 128.18.0.6 + HINFO SUN UNIX + sundae A 128.18.0.11 + HINFO SUN UNIX + tsca A 128.18.0.201 + A 10.3.0.2 + HINFO VAX-11/750 UNIX + MX 10 TSCA.ISTC.SRI.COM. + tsc CNAME tsca + prmh A 128.18.0.203 + A 10.2.0.51 + HINFO PDP-11/44 UNIX + spam A 128.18.4.3 + A 10.2.0.107 + HINFO VAX-11/780 UNIX + MX 10 SPAM.ISTC.SRI.COM. + + + + + + + + + + + + + + + + + +Lottor [Page 18] + +RFC 1033 DOMAIN OPERATIONS GUIDE November 1987 + + + [File "SRINET.ZONE"] + + 18.128.IN-ADDR.ARPA. IN SOA KL.SRI.COM DLE.STRIPE.SRI.COM. ( + 870406 ;serial + 1800 ;refresh every 30 minutes + 600 ;retry every 10 minutes + 604800 ;expire after a week + 86400 ;default of a day + ) + + 18.128.IN-ADDR.ARPA. NS KL.SRI.COM. + NS STRIPE.SRI.COM. + PTR GW.CSL.SRI.COM. + + ; SRINET [128.18.0.0] Address Translations + + ; SRI.COM Hosts + 1.2.18.128.IN-ADDR.ARPA. PTR Blackjack.SRI.COM. + + ; ISTC.SRI.COM Hosts + 2.4.18.128.IN-ADDR.ARPA. PTR joyce.ISTC.SRI.COM. + 6.0.18.128.IN-ADDR.ARPA. PTR bozo.ISTC.SRI.COM. + 11.0.18.128.IN-ADDR.ARPA. PTR sundae.ISTC.SRI.COM. + 201.0.18.128.IN-ADDR.ARPA. PTR tsca.ISTC.SRI.COM. + 203.0.18.128.IN-ADDR.ARPA. PTR prmh.ISTC.SRI.COM. + 3.4.18.128.IN-ADDR.ARPA. PTR spam.ISTC.SRI.COM. + + ; CSL.SRI.COM Hosts + 1.1.18.128.IN-ADDR.ARPA. PTR GW.CSL.SRI.COM. + + + + + + + + + + + + + + + + + + + + + + +Lottor [Page 19] + +RFC 1033 DOMAIN OPERATIONS GUIDE November 1987 + + + [File "SRI-CSL-NET.ZONE"] + + 33.12.192.IN-ADDR.ARPA. IN SOA KL.SRI.COM DLE.STRIPE.SRI.COM. ( + 870404 ;serial + 1800 ;refresh every 30 minutes + 600 ;retry every 10 minutes + 604800 ;expire after a week + 86400 ;default of a day + ) + + 33.12.192.IN-ADDR.ARPA. NS KL.SRI.COM. + NS STRIPE.SRI.COM. + PTR GW.CSL.SRI.COM. + + ; SRI-CSL-NET [192.12.33.0] Address Translations + + ; SRI.COM Hosts + 2.33.12.192.IN-ADDR.ARPA. PTR CSL.SRI.COM. + + ; CSL.SRI.COM Hosts + 1.33.12.192.IN-ADDR.ARPA. PTR GW.CSL.SRI.COM. + 3.33.12.192.IN-ADDR.ARPA. PTR B.CSL.SRI.COM. + 4.33.12.192.IN-ADDR.ARPA. PTR SMELLY.CSL.SRI.COM. + 5.33.12.192.IN-ADDR.ARPA. PTR SQUIRREL.CSL.SRI.COM. + 7.33.12.192.IN-ADDR.ARPA. PTR VENUS.CSL.SRI.COM. + 30.33.12.192.IN-ADDR.ARPA. PTR HELIUM.CSL.SRI.COM. + 31.33.12.192.IN-ADDR.ARPA. PTR ARGON.CSL.SRI.COM. + 32.33.12.192.IN-ADDR.ARPA. PTR RADON.CSL.SRI.COM. + + + + + + + + + + + + + + + + + + + + + + + +Lottor [Page 20] + +RFC 1033 DOMAIN OPERATIONS GUIDE November 1987 + + +APPENDIX + + BIND (Berkeley Internet Name Domain server) distributed with 4.3 BSD + UNIX + + This section describes two BIND implementation specific files; the + boot file and the cache file. BIND has other options, files, and + specifications that are not described here. See the Name Server + Operations Guide for BIND for details. + + The boot file for BIND is usually called "named.boot". This + corresponds to file "CONFIG.CMD" in the example section. + + -------------------------------------------------------- + cache . named.ca + primary SRI.COM SRI.ZONE + primary CSL.SRI.COM CSL.ZONE + primary ISTC.SRI.COM ISTC.ZONE + primary 18.128.IN-ADDR.ARPA SRINET.ZONE + primary 33.12.192.IN-ADDR.ARPA SRI-CSL-NET.ZONE + -------------------------------------------------------- + + The cache file for BIND is usually called "named.ca". This + corresponds to file "ROOT.SERVERS" in the example section. + + ------------------------------------------------- + ;list of possible root servers + . 1 IN NS SRI-NIC.ARPA. + NS C.ISI.EDU. + NS BRL-AOS.ARPA. + NS C.ISI.EDU. + ;and their addresses + SRI-NIC.ARPA. A 10.0.0.51 + A 26.0.0.73 + C.ISI.EDU. A 10.0.0.52 + BRL-AOS.ARPA. A 192.5.25.82 + A 192.5.22.82 + A 128.20.1.2 + A.ISI.EDU. A 26.3.0.103 + ------------------------------------------------- + + + + + + + + + + + +Lottor [Page 21] + +RFC 1033 DOMAIN OPERATIONS GUIDE November 1987 + + +REFERENCES + + [1] Dunlap, K., "Name Server Operations Guide for BIND", CSRG, + Department of Electrical Engineering and Computer Sciences, + University of California, Berkeley, California. + + [2] Partridge, C., "Mail Routing and the Domain System", RFC-974, + CSNET CIC BBN Laboratories, January 1986. + + [3] Mockapetris, P., "Domains Names - Concepts and Facilities", + RFC-1034, USC/Information Sciences Institute, November 1987. + + [4] Mockapetris, P., "Domain Names - Implementations Specification", + RFC-1035, USC/Information Sciences Institute, November 1987. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Lottor [Page 22] + diff --git a/usr.sbin/named/doc/rfc/rfc1034 b/usr.sbin/named/doc/rfc/rfc1034 new file mode 100644 index 00000000000..55cdb21fe65 --- /dev/null +++ b/usr.sbin/named/doc/rfc/rfc1034 @@ -0,0 +1,3077 @@ +Network Working Group P. Mockapetris +Request for Comments: 1034 ISI +Obsoletes: RFCs 882, 883, 973 November 1987 + + + DOMAIN NAMES - CONCEPTS AND FACILITIES + + + +1. STATUS OF THIS MEMO + +This RFC is an introduction to the Domain Name System (DNS), and omits +many details which can be found in a companion RFC, "Domain Names - +Implementation and Specification" [RFC-1035]. That RFC assumes that the +reader is familiar with the concepts discussed in this memo. + +A subset of DNS functions and data types constitute an official +protocol. The official protocol includes standard queries and their +responses and most of the Internet class data formats (e.g., host +addresses). + +However, the domain system is intentionally extensible. Researchers are +continuously proposing, implementing and experimenting with new data +types, query types, classes, functions, etc. Thus while the components +of the official protocol are expected to stay essentially unchanged and +operate as a production service, experimental behavior should always be +expected in extensions beyond the official protocol. Experimental or +obsolete features are clearly marked in these RFCs, and such information +should be used with caution. + +The reader is especially cautioned not to depend on the values which +appear in examples to be current or complete, since their purpose is +primarily pedagogical. Distribution of this memo is unlimited. + +2. INTRODUCTION + +This RFC introduces domain style names, their use for Internet mail and +host address support, and the protocols and servers used to implement +domain name facilities. + +2.1. The history of domain names + +The impetus for the development of the domain system was growth in the +Internet: + + - Host name to address mappings were maintained by the Network + Information Center (NIC) in a single file (HOSTS.TXT) which + was FTPed by all hosts [RFC-952, RFC-953]. The total network + + + +Mockapetris [Page 1] + +RFC 1034 Domain Concepts and Facilities November 1987 + + + bandwidth consumed in distributing a new version by this + scheme is proportional to the square of the number of hosts in + the network, and even when multiple levels of FTP are used, + the outgoing FTP load on the NIC host is considerable. + Explosive growth in the number of hosts didn't bode well for + the future. + + - The network population was also changing in character. The + timeshared hosts that made up the original ARPANET were being + replaced with local networks of workstations. Local + organizations were administering their own names and + addresses, but had to wait for the NIC to change HOSTS.TXT to + make changes visible to the Internet at large. Organizations + also wanted some local structure on the name space. + + - The applications on the Internet were getting more + sophisticated and creating a need for general purpose name + service. + + +The result was several ideas about name spaces and their management +[IEN-116, RFC-799, RFC-819, RFC-830]. The proposals varied, but a +common thread was the idea of a hierarchical name space, with the +hierarchy roughly corresponding to organizational structure, and names +using "." as the character to mark the boundary between hierarchy +levels. A design using a distributed database and generalized resources +was described in [RFC-882, RFC-883]. Based on experience with several +implementations, the system evolved into the scheme described in this +memo. + +The terms "domain" or "domain name" are used in many contexts beyond the +DNS described here. Very often, the term domain name is used to refer +to a name with structure indicated by dots, but no relation to the DNS. +This is particularly true in mail addressing [Quarterman 86]. + +2.2. DNS design goals + +The design goals of the DNS influence its structure. They are: + + - The primary goal is a consistent name space which will be used + for referring to resources. In order to avoid the problems + caused by ad hoc encodings, names should not be required to + contain network identifiers, addresses, routes, or similar + information as part of the name. + + - The sheer size of the database and frequency of updates + suggest that it must be maintained in a distributed manner, + with local caching to improve performance. Approaches that + + + +Mockapetris [Page 2] + +RFC 1034 Domain Concepts and Facilities November 1987 + + + attempt to collect a consistent copy of the entire database + will become more and more expensive and difficult, and hence + should be avoided. The same principle holds for the structure + of the name space, and in particular mechanisms for creating + and deleting names; these should also be distributed. + + - Where there tradeoffs between the cost of acquiring data, the + speed of updates, and the accuracy of caches, the source of + the data should control the tradeoff. + + - The costs of implementing such a facility dictate that it be + generally useful, and not restricted to a single application. + We should be able to use names to retrieve host addresses, + mailbox data, and other as yet undetermined information. All + data associated with a name is tagged with a type, and queries + can be limited to a single type. + + - Because we want the name space to be useful in dissimilar + networks and applications, we provide the ability to use the + same name space with different protocol families or + management. For example, host address formats differ between + protocols, though all protocols have the notion of address. + The DNS tags all data with a class as well as the type, so + that we can allow parallel use of different formats for data + of type address. + + - We want name server transactions to be independent of the + communications system that carries them. Some systems may + wish to use datagrams for queries and responses, and only + establish virtual circuits for transactions that need the + reliability (e.g., database updates, long transactions); other + systems will use virtual circuits exclusively. + + - The system should be useful across a wide spectrum of host + capabilities. Both personal computers and large timeshared + hosts should be able to use the system, though perhaps in + different ways. + +2.3. Assumptions about usage + +The organization of the domain system derives from some assumptions +about the needs and usage patterns of its user community and is designed +to avoid many of the the complicated problems found in general purpose +database systems. + +The assumptions are: + + - The size of the total database will initially be proportional + + + +Mockapetris [Page 3] + +RFC 1034 Domain Concepts and Facilities November 1987 + + + to the number of hosts using the system, but will eventually + grow to be proportional to the number of users on those hosts + as mailboxes and other information are added to the domain + system. + + - Most of the data in the system will change very slowly (e.g., + mailbox bindings, host addresses), but that the system should + be able to deal with subsets that change more rapidly (on the + order of seconds or minutes). + + - The administrative boundaries used to distribute + responsibility for the database will usually correspond to + organizations that have one or more hosts. Each organization + that has responsibility for a particular set of domains will + provide redundant name servers, either on the organization's + own hosts or other hosts that the organization arranges to + use. + + - Clients of the domain system should be able to identify + trusted name servers they prefer to use before accepting + referrals to name servers outside of this "trusted" set. + + - Access to information is more critical than instantaneous + updates or guarantees of consistency. Hence the update + process allows updates to percolate out through the users of + the domain system rather than guaranteeing that all copies are + simultaneously updated. When updates are unavailable due to + network or host failure, the usual course is to believe old + information while continuing efforts to update it. The + general model is that copies are distributed with timeouts for + refreshing. The distributor sets the timeout value and the + recipient of the distribution is responsible for performing + the refresh. In special situations, very short intervals can + be specified, or the owner can prohibit copies. + + - In any system that has a distributed database, a particular + name server may be presented with a query that can only be + answered by some other server. The two general approaches to + dealing with this problem are "recursive", in which the first + server pursues the query for the client at another server, and + "iterative", in which the server refers the client to another + server and lets the client pursue the query. Both approaches + have advantages and disadvantages, but the iterative approach + is preferred for the datagram style of access. The domain + system requires implementation of the iterative approach, but + allows the recursive approach as an option. + + + + + +Mockapetris [Page 4] + +RFC 1034 Domain Concepts and Facilities November 1987 + + +The domain system assumes that all data originates in master files +scattered through the hosts that use the domain system. These master +files are updated by local system administrators. Master files are text +files that are read by a local name server, and hence become available +through the name servers to users of the domain system. The user +programs access name servers through standard programs called resolvers. + +The standard format of master files allows them to be exchanged between +hosts (via FTP, mail, or some other mechanism); this facility is useful +when an organization wants a domain, but doesn't want to support a name +server. The organization can maintain the master files locally using a +text editor, transfer them to a foreign host which runs a name server, +and then arrange with the system administrator of the name server to get +the files loaded. + +Each host's name servers and resolvers are configured by a local system +administrator [RFC-1033]. For a name server, this configuration data +includes the identity of local master files and instructions on which +non-local master files are to be loaded from foreign servers. The name +server uses the master files or copies to load its zones. For +resolvers, the configuration data identifies the name servers which +should be the primary sources of information. + +The domain system defines procedures for accessing the data and for +referrals to other name servers. The domain system also defines +procedures for caching retrieved data and for periodic refreshing of +data defined by the system administrator. + +The system administrators provide: + + - The definition of zone boundaries. + + - Master files of data. + + - Updates to master files. + + - Statements of the refresh policies desired. + +The domain system provides: + + - Standard formats for resource data. + + - Standard methods for querying the database. + + - Standard methods for name servers to refresh local data from + foreign name servers. + + + + + +Mockapetris [Page 5] + +RFC 1034 Domain Concepts and Facilities November 1987 + + +2.4. Elements of the DNS + +The DNS has three major components: + + - The DOMAIN NAME SPACE and RESOURCE RECORDS, which are + specifications for a tree structured name space and data + associated with the names. Conceptually, each node and leaf + of the domain name space tree names a set of information, and + query operations are attempts to extract specific types of + information from a particular set. A query names the domain + name of interest and describes the type of resource + information that is desired. For example, the Internet + uses some of its domain names to identify hosts; queries for + address resources return Internet host addresses. + + - NAME SERVERS are server programs which hold information about + the domain tree's structure and set information. A name + server may cache structure or set information about any part + of the domain tree, but in general a particular name server + has complete information about a subset of the domain space, + and pointers to other name servers that can be used to lead to + information from any part of the domain tree. Name servers + know the parts of the domain tree for which they have complete + information; a name server is said to be an AUTHORITY for + these parts of the name space. Authoritative information is + organized into units called ZONEs, and these zones can be + automatically distributed to the name servers which provide + redundant service for the data in a zone. + + - RESOLVERS are programs that extract information from name + servers in response to client requests. Resolvers must be + able to access at least one name server and use that name + server's information to answer a query directly, or pursue the + query using referrals to other name servers. A resolver will + typically be a system routine that is directly accessible to + user programs; hence no protocol is necessary between the + resolver and the user program. + +These three components roughly correspond to the three layers or views +of the domain system: + + - From the user's point of view, the domain system is accessed + through a simple procedure or OS call to a local resolver. + The domain space consists of a single tree and the user can + request information from any section of the tree. + + - From the resolver's point of view, the domain system is + composed of an unknown number of name servers. Each name + + + +Mockapetris [Page 6] + +RFC 1034 Domain Concepts and Facilities November 1987 + + + server has one or more pieces of the whole domain tree's data, + but the resolver views each of these databases as essentially + static. + + - From a name server's point of view, the domain system consists + of separate sets of local information called zones. The name + server has local copies of some of the zones. The name server + must periodically refresh its zones from master copies in + local files or foreign name servers. The name server must + concurrently process queries that arrive from resolvers. + +In the interests of performance, implementations may couple these +functions. For example, a resolver on the same machine as a name server +might share a database consisting of the the zones managed by the name +server and the cache managed by the resolver. + +3. DOMAIN NAME SPACE and RESOURCE RECORDS + +3.1. Name space specifications and terminology + +The domain name space is a tree structure. Each node and leaf on the +tree corresponds to a resource set (which may be empty). The domain +system makes no distinctions between the uses of the interior nodes and +leaves, and this memo uses the term "node" to refer to both. + +Each node has a label, which is zero to 63 octets in length. Brother +nodes may not have the same label, although the same label can be used +for nodes which are not brothers. One label is reserved, and that is +the null (i.e., zero length) label used for the root. + +The domain name of a node is the list of the labels on the path from the +node to the root of the tree. By convention, the labels that compose a +domain name are printed or read left to right, from the most specific +(lowest, farthest from the root) to the least specific (highest, closest +to the root). + +Internally, programs that manipulate domain names should represent them +as sequences of labels, where each label is a length octet followed by +an octet string. Because all domain names end at the root, which has a +null string for a label, these internal representations can use a length +byte of zero to terminate a domain name. + +By convention, domain names can be stored with arbitrary case, but +domain name comparisons for all present domain functions are done in a +case-insensitive manner, assuming an ASCII character set, and a high +order zero bit. This means that you are free to create a node with +label "A" or a node with label "a", but not both as brothers; you could +refer to either using "a" or "A". When you receive a domain name or + + + +Mockapetris [Page 7] + +RFC 1034 Domain Concepts and Facilities November 1987 + + +label, you should preserve its case. The rationale for this choice is +that we may someday need to add full binary domain names for new +services; existing services would not be changed. + +When a user needs to type a domain name, the length of each label is +omitted and the labels are separated by dots ("."). Since a complete +domain name ends with the root label, this leads to a printed form which +ends in a dot. We use this property to distinguish between: + + - a character string which represents a complete domain name + (often called "absolute"). For example, "poneria.ISI.EDU." + + - a character string that represents the starting labels of a + domain name which is incomplete, and should be completed by + local software using knowledge of the local domain (often + called "relative"). For example, "poneria" used in the + ISI.EDU domain. + +Relative names are either taken relative to a well known origin, or to a +list of domains used as a search list. Relative names appear mostly at +the user interface, where their interpretation varies from +implementation to implementation, and in master files, where they are +relative to a single origin domain name. The most common interpretation +uses the root "." as either the single origin or as one of the members +of the search list, so a multi-label relative name is often one where +the trailing dot has been omitted to save typing. + +To simplify implementations, the total number of octets that represent a +domain name (i.e., the sum of all label octets and label lengths) is +limited to 255. + +A domain is identified by a domain name, and consists of that part of +the domain name space that is at or below the domain name which +specifies the domain. A domain is a subdomain of another domain if it +is contained within that domain. This relationship can be tested by +seeing if the subdomain's name ends with the containing domain's name. +For example, A.B.C.D is a subdomain of B.C.D, C.D, D, and " ". + +3.2. Administrative guidelines on use + +As a matter of policy, the DNS technical specifications do not mandate a +particular tree structure or rules for selecting labels; its goal is to +be as general as possible, so that it can be used to build arbitrary +applications. In particular, the system was designed so that the name +space did not have to be organized along the lines of network +boundaries, name servers, etc. The rationale for this is not that the +name space should have no implied semantics, but rather that the choice +of implied semantics should be left open to be used for the problem at + + + +Mockapetris [Page 8] + +RFC 1034 Domain Concepts and Facilities November 1987 + + +hand, and that different parts of the tree can have different implied +semantics. For example, the IN-ADDR.ARPA domain is organized and +distributed by network and host address because its role is to translate +from network or host numbers to names; NetBIOS domains [RFC-1001, RFC- +1002] are flat because that is appropriate for that application. + +However, there are some guidelines that apply to the "normal" parts of +the name space used for hosts, mailboxes, etc., that will make the name +space more uniform, provide for growth, and minimize problems as +software is converted from the older host table. The political +decisions about the top levels of the tree originated in RFC-920. +Current policy for the top levels is discussed in [RFC-1032]. MILNET +conversion issues are covered in [RFC-1031]. + +Lower domains which will eventually be broken into multiple zones should +provide branching at the top of the domain so that the eventual +decomposition can be done without renaming. Node labels which use +special characters, leading digits, etc., are likely to break older +software which depends on more restrictive choices. + +3.3. Technical guidelines on use + +Before the DNS can be used to hold naming information for some kind of +object, two needs must be met: + + - A convention for mapping between object names and domain + names. This describes how information about an object is + accessed. + + - RR types and data formats for describing the object. + +These rules can be quite simple or fairly complex. Very often, the +designer must take into account existing formats and plan for upward +compatibility for existing usage. Multiple mappings or levels of +mapping may be required. + +For hosts, the mapping depends on the existing syntax for host names +which is a subset of the usual text representation for domain names, +together with RR formats for describing host addresses, etc. Because we +need a reliable inverse mapping from address to host name, a special +mapping for addresses into the IN-ADDR.ARPA domain is also defined. + +For mailboxes, the mapping is slightly more complex. The usual mail +address <local-part>@<mail-domain> is mapped into a domain name by +converting <local-part> into a single label (regardles of dots it +contains), converting <mail-domain> into a domain name using the usual +text format for domain names (dots denote label breaks), and +concatenating the two to form a single domain name. Thus the mailbox + + + +Mockapetris [Page 9] + +RFC 1034 Domain Concepts and Facilities November 1987 + + +HOSTMASTER@SRI-NIC.ARPA is represented as a domain name by +HOSTMASTER.SRI-NIC.ARPA. An appreciation for the reasons behind this +design also must take into account the scheme for mail exchanges [RFC- +974]. + +The typical user is not concerned with defining these rules, but should +understand that they usually are the result of numerous compromises +between desires for upward compatibility with old usage, interactions +between different object definitions, and the inevitable urge to add new +features when defining the rules. The way the DNS is used to support +some object is often more crucial than the restrictions inherent in the +DNS. + +3.4. Example name space + +The following figure shows a part of the current domain name space, and +is used in many examples in this RFC. Note that the tree is a very +small subset of the actual name space. + + | + | + +---------------------+------------------+ + | | | + MIL EDU ARPA + | | | + | | | + +-----+-----+ | +------+-----+-----+ + | | | | | | | + BRL NOSC DARPA | IN-ADDR SRI-NIC ACC + | + +--------+------------------+---------------+--------+ + | | | | | + UCI MIT | UDEL YALE + | ISI + | | + +---+---+ | + | | | + LCS ACHILLES +--+-----+-----+--------+ + | | | | | | + XX A C VAXA VENERA Mockapetris + +In this example, the root domain has three immediate subdomains: MIL, +EDU, and ARPA. The LCS.MIT.EDU domain has one immediate subdomain named +XX.LCS.MIT.EDU. All of the leaves are also domains. + +3.5. Preferred name syntax + +The DNS specifications attempt to be as general as possible in the rules + + + +Mockapetris [Page 10] + +RFC 1034 Domain Concepts and Facilities November 1987 + + +for constructing domain names. The idea is that the name of any +existing object can be expressed as a domain name with minimal changes. +However, when assigning a domain name for an object, the prudent user +will select a name which satisfies both the rules of the domain system +and any existing rules for the object, whether these rules are published +or implied by existing programs. + +For example, when naming a mail domain, the user should satisfy both the +rules of this memo and those in RFC-822. When creating a new host name, +the old rules for HOSTS.TXT should be followed. This avoids problems +when old software is converted to use domain names. + +The following syntax will result in fewer problems with many +applications that use domain names (e.g., mail, TELNET). + +<domain> ::= <subdomain> | " " + +<subdomain> ::= <label> | <subdomain> "." <label> + +<label> ::= <letter> [ [ <ldh-str> ] <let-dig> ] + +<ldh-str> ::= <let-dig-hyp> | <let-dig-hyp> <ldh-str> + +<let-dig-hyp> ::= <let-dig> | "-" + +<let-dig> ::= <letter> | <digit> + +<letter> ::= any one of the 52 alphabetic characters A through Z in +upper case and a through z in lower case + +<digit> ::= any one of the ten digits 0 through 9 + +Note that while upper and lower case letters are allowed in domain +names, no significance is attached to the case. That is, two names with +the same spelling but different case are to be treated as if identical. + +The labels must follow the rules for ARPANET host names. They must +start with a letter, end with a letter or digit, and have as interior +characters only letters, digits, and hyphen. There are also some +restrictions on the length. Labels must be 63 characters or less. + +For example, the following strings identify hosts in the Internet: + +A.ISI.EDU XX.LCS.MIT.EDU SRI-NIC.ARPA + +3.6. Resource Records + +A domain name identifies a node. Each node has a set of resource + + + +Mockapetris [Page 11] + +RFC 1034 Domain Concepts and Facilities November 1987 + + +information, which may be empty. The set of resource information +associated with a particular name is composed of separate resource +records (RRs). The order of RRs in a set is not significant, and need +not be preserved by name servers, resolvers, or other parts of the DNS. + +When we talk about a specific RR, we assume it has the following: + +owner which is the domain name where the RR is found. + +type which is an encoded 16 bit value that specifies the type + of the resource in this resource record. Types refer to + abstract resources. + + This memo uses the following types: + + A a host address + + CNAME identifies the canonical name of an + alias + + HINFO identifies the CPU and OS used by a host + + MX identifies a mail exchange for the + domain. See [RFC-974 for details. + + NS + the authoritative name server for the domain + + PTR + a pointer to another part of the domain name space + + SOA + identifies the start of a zone of authority] + +class which is an encoded 16 bit value which identifies a + protocol family or instance of a protocol. + + This memo uses the following classes: + + IN the Internet system + + CH the Chaos system + +TTL which is the time to live of the RR. This field is a 32 + bit integer in units of seconds, an is primarily used by + resolvers when they cache RRs. The TTL describes how + long a RR can be cached before it should be discarded. + + + + +Mockapetris [Page 12] + +RFC 1034 Domain Concepts and Facilities November 1987 + + +RDATA which is the type and sometimes class dependent data + which describes the resource: + + A For the IN class, a 32 bit IP address + + For the CH class, a domain name followed + by a 16 bit octal Chaos address. + + CNAME a domain name. + + MX a 16 bit preference value (lower is + better) followed by a host name willing + to act as a mail exchange for the owner + domain. + + NS a host name. + + PTR a domain name. + + SOA several fields. + +The owner name is often implicit, rather than forming an integral part +of the RR. For example, many name servers internally form tree or hash +structures for the name space, and chain RRs off nodes. The remaining +RR parts are the fixed header (type, class, TTL) which is consistent for +all RRs, and a variable part (RDATA) that fits the needs of the resource +being described. + +The meaning of the TTL field is a time limit on how long an RR can be +kept in a cache. This limit does not apply to authoritative data in +zones; it is also timed out, but by the refreshing policies for the +zone. The TTL is assigned by the administrator for the zone where the +data originates. While short TTLs can be used to minimize caching, and +a zero TTL prohibits caching, the realities of Internet performance +suggest that these times should be on the order of days for the typical +host. If a change can be anticipated, the TTL can be reduced prior to +the change to minimize inconsistency during the change, and then +increased back to its former value following the change. + +The data in the RDATA section of RRs is carried as a combination of +binary strings and domain names. The domain names are frequently used +as "pointers" to other data in the DNS. + +3.6.1. Textual expression of RRs + +RRs are represented in binary form in the packets of the DNS protocol, +and are usually represented in highly encoded form when stored in a name +server or resolver. In this memo, we adopt a style similar to that used + + + +Mockapetris [Page 13] + +RFC 1034 Domain Concepts and Facilities November 1987 + + +in master files in order to show the contents of RRs. In this format, +most RRs are shown on a single line, although continuation lines are +possible using parentheses. + +The start of the line gives the owner of the RR. If a line begins with +a blank, then the owner is assumed to be the same as that of the +previous RR. Blank lines are often included for readability. + +Following the owner, we list the TTL, type, and class of the RR. Class +and type use the mnemonics defined above, and TTL is an integer before +the type field. In order to avoid ambiguity in parsing, type and class +mnemonics are disjoint, TTLs are integers, and the type mnemonic is +always last. The IN class and TTL values are often omitted from examples +in the interests of clarity. + +The resource data or RDATA section of the RR are given using knowledge +of the typical representation for the data. + +For example, we might show the RRs carried in a message as: + + ISI.EDU. MX 10 VENERA.ISI.EDU. + MX 10 VAXA.ISI.EDU. + VENERA.ISI.EDU. A 128.9.0.32 + A 10.1.0.52 + VAXA.ISI.EDU. A 10.2.0.27 + A 128.9.0.33 + +The MX RRs have an RDATA section which consists of a 16 bit number +followed by a domain name. The address RRs use a standard IP address +format to contain a 32 bit internet address. + +This example shows six RRs, with two RRs at each of three domain names. + +Similarly we might see: + + XX.LCS.MIT.EDU. IN A 10.0.0.44 + CH A MIT.EDU. 2420 + +This example shows two addresses for XX.LCS.MIT.EDU, each of a different +class. + +3.6.2. Aliases and canonical names + +In existing systems, hosts and other resources often have several names +that identify the same resource. For example, the names C.ISI.EDU and +USC-ISIC.ARPA both identify the same host. Similarly, in the case of +mailboxes, many organizations provide many names that actually go to the +same mailbox; for example Mockapetris@C.ISI.EDU, Mockapetris@B.ISI.EDU, + + + +Mockapetris [Page 14] + +RFC 1034 Domain Concepts and Facilities November 1987 + + +and PVM@ISI.EDU all go to the same mailbox (although the mechanism +behind this is somewhat complicated). + +Most of these systems have a notion that one of the equivalent set of +names is the canonical or primary name and all others are aliases. + +The domain system provides such a feature using the canonical name +(CNAME) RR. A CNAME RR identifies its owner name as an alias, and +specifies the corresponding canonical name in the RDATA section of the +RR. If a CNAME RR is present at a node, no other data should be +present; this ensures that the data for a canonical name and its aliases +cannot be different. This rule also insures that a cached CNAME can be +used without checking with an authoritative server for other RR types. + +CNAME RRs cause special action in DNS software. When a name server +fails to find a desired RR in the resource set associated with the +domain name, it checks to see if the resource set consists of a CNAME +record with a matching class. If so, the name server includes the CNAME +record in the response and restarts the query at the domain name +specified in the data field of the CNAME record. The one exception to +this rule is that queries which match the CNAME type are not restarted. + +For example, suppose a name server was processing a query with for USC- +ISIC.ARPA, asking for type A information, and had the following resource +records: + + USC-ISIC.ARPA IN CNAME C.ISI.EDU + + C.ISI.EDU IN A 10.0.0.52 + +Both of these RRs would be returned in the response to the type A query, +while a type CNAME or * query should return just the CNAME. + +Domain names in RRs which point at another name should always point at +the primary name and not the alias. This avoids extra indirections in +accessing information. For example, the address to name RR for the +above host should be: + + 52.0.0.10.IN-ADDR.ARPA IN PTR C.ISI.EDU + +rather than pointing at USC-ISIC.ARPA. Of course, by the robustness +principle, domain software should not fail when presented with CNAME +chains or loops; CNAME chains should be followed and CNAME loops +signalled as an error. + +3.7. Queries + +Queries are messages which may be sent to a name server to provoke a + + + +Mockapetris [Page 15] + +RFC 1034 Domain Concepts and Facilities November 1987 + + +response. In the Internet, queries are carried in UDP datagrams or over +TCP connections. The response by the name server either answers the +question posed in the query, refers the requester to another set of name +servers, or signals some error condition. + +In general, the user does not generate queries directly, but instead +makes a request to a resolver which in turn sends one or more queries to +name servers and deals with the error conditions and referrals that may +result. Of course, the possible questions which can be asked in a query +does shape the kind of service a resolver can provide. + +DNS queries and responses are carried in a standard message format. The +message format has a header containing a number of fixed fields which +are always present, and four sections which carry query parameters and +RRs. + +The most important field in the header is a four bit field called an +opcode which separates different queries. Of the possible 16 values, +one (standard query) is part of the official protocol, two (inverse +query and status query) are options, one (completion) is obsolete, and +the rest are unassigned. + +The four sections are: + +Question Carries the query name and other query parameters. + +Answer Carries RRs which directly answer the query. + +Authority Carries RRs which describe other authoritative servers. + May optionally carry the SOA RR for the authoritative + data in the answer section. + +Additional Carries RRs which may be helpful in using the RRs in the + other sections. + +Note that the content, but not the format, of these sections varies with +header opcode. + +3.7.1. Standard queries + +A standard query specifies a target domain name (QNAME), query type +(QTYPE), and query class (QCLASS) and asks for RRs which match. This +type of query makes up such a vast majority of DNS queries that we use +the term "query" to mean standard query unless otherwise specified. The +QTYPE and QCLASS fields are each 16 bits long, and are a superset of +defined types and classes. + + + + + +Mockapetris [Page 16] + +RFC 1034 Domain Concepts and Facilities November 1987 + + +The QTYPE field may contain: + +<any type> matches just that type. (e.g., A, PTR). + +AXFR special zone transfer QTYPE. + +MAILB matches all mail box related RRs (e.g. MB and MG). + +* matches all RR types. + +The QCLASS field may contain: + +<any class> matches just that class (e.g., IN, CH). + +* matches aLL RR classes. + +Using the query domain name, QTYPE, and QCLASS, the name server looks +for matching RRs. In addition to relevant records, the name server may +return RRs that point toward a name server that has the desired +information or RRs that are expected to be useful in interpreting the +relevant RRs. For example, a name server that doesn't have the +requested information may know a name server that does; a name server +that returns a domain name in a relevant RR may also return the RR that +binds that domain name to an address. + +For example, a mailer tying to send mail to Mockapetris@ISI.EDU might +ask the resolver for mail information about ISI.EDU, resulting in a +query for QNAME=ISI.EDU, QTYPE=MX, QCLASS=IN. The response's answer +section would be: + + ISI.EDU. MX 10 VENERA.ISI.EDU. + MX 10 VAXA.ISI.EDU. + +while the additional section might be: + + VAXA.ISI.EDU. A 10.2.0.27 + A 128.9.0.33 + VENERA.ISI.EDU. A 10.1.0.52 + A 128.9.0.32 + +Because the server assumes that if the requester wants mail exchange +information, it will probably want the addresses of the mail exchanges +soon afterward. + +Note that the QCLASS=* construct requires special interpretation +regarding authority. Since a particular name server may not know all of +the classes available in the domain system, it can never know if it is +authoritative for all classes. Hence responses to QCLASS=* queries can + + + +Mockapetris [Page 17] + +RFC 1034 Domain Concepts and Facilities November 1987 + + +never be authoritative. + +3.7.2. Inverse queries (Optional) + +Name servers may also support inverse queries that map a particular +resource to a domain name or domain names that have that resource. For +example, while a standard query might map a domain name to a SOA RR, the +corresponding inverse query might map the SOA RR back to the domain +name. + +Implementation of this service is optional in a name server, but all +name servers must at least be able to understand an inverse query +message and return a not-implemented error response. + +The domain system cannot guarantee the completeness or uniqueness of +inverse queries because the domain system is organized by domain name +rather than by host address or any other resource type. Inverse queries +are primarily useful for debugging and database maintenance activities. + +Inverse queries may not return the proper TTL, and do not indicate cases +where the identified RR is one of a set (for example, one address for a +host having multiple addresses). Therefore, the RRs returned in inverse +queries should never be cached. + +Inverse queries are NOT an acceptable method for mapping host addresses +to host names; use the IN-ADDR.ARPA domain instead. + +A detailed discussion of inverse queries is contained in [RFC-1035]. + +3.8. Status queries (Experimental) + +To be defined. + +3.9. Completion queries (Obsolete) + +The optional completion services described in RFCs 882 and 883 have been +deleted. Redesigned services may become available in the future, or the +opcodes may be reclaimed for other use. + +4. NAME SERVERS + +4.1. Introduction + +Name servers are the repositories of information that make up the domain +database. The database is divided up into sections called zones, which +are distributed among the name servers. While name servers can have +several optional functions and sources of data, the essential task of a +name server is to answer queries using data in its zones. By design, + + + +Mockapetris [Page 18] + +RFC 1034 Domain Concepts and Facilities November 1987 + + +name servers can answer queries in a simple manner; the response can +always be generated using only local data, and either contains the +answer to the question or a referral to other name servers "closer" to +the desired information. + +A given zone will be available from several name servers to insure its +availability in spite of host or communication link failure. By +administrative fiat, we require every zone to be available on at least +two servers, and many zones have more redundancy than that. + +A given name server will typically support one or more zones, but this +gives it authoritative information about only a small section of the +domain tree. It may also have some cached non-authoritative data about +other parts of the tree. The name server marks its responses to queries +so that the requester can tell whether the response comes from +authoritative data or not. + +4.2. How the database is divided into zones + +The domain database is partitioned in two ways: by class, and by "cuts" +made in the name space between nodes. + +The class partition is simple. The database for any class is organized, +delegated, and maintained separately from all other classes. Since, by +convention, the name spaces are the same for all classes, the separate +classes can be thought of as an array of parallel namespace trees. Note +that the data attached to nodes will be different for these different +parallel classes. The most common reasons for creating a new class are +the necessity for a new data format for existing types or a desire for a +separately managed version of the existing name space. + +Within a class, "cuts" in the name space can be made between any two +adjacent nodes. After all cuts are made, each group of connected name +space is a separate zone. The zone is said to be authoritative for all +names in the connected region. Note that the "cuts" in the name space +may be in different places for different classes, the name servers may +be different, etc. + +These rules mean that every zone has at least one node, and hence domain +name, for which it is authoritative, and all of the nodes in a +particular zone are connected. Given, the tree structure, every zone +has a highest node which is closer to the root than any other node in +the zone. The name of this node is often used to identify the zone. + +It would be possible, though not particularly useful, to partition the +name space so that each domain name was in a separate zone or so that +all nodes were in a single zone. Instead, the database is partitioned +at points where a particular organization wants to take over control of + + + +Mockapetris [Page 19] + +RFC 1034 Domain Concepts and Facilities November 1987 + + +a subtree. Once an organization controls its own zone it can +unilaterally change the data in the zone, grow new tree sections +connected to the zone, delete existing nodes, or delegate new subzones +under its zone. + +If the organization has substructure, it may want to make further +internal partitions to achieve nested delegations of name space control. +In some cases, such divisions are made purely to make database +maintenance more convenient. + +4.2.1. Technical considerations + +The data that describes a zone has four major parts: + + - Authoritative data for all nodes within the zone. + + - Data that defines the top node of the zone (can be thought of + as part of the authoritative data). + + - Data that describes delegated subzones, i.e., cuts around the + bottom of the zone. + + - Data that allows access to name servers for subzones + (sometimes called "glue" data). + +All of this data is expressed in the form of RRs, so a zone can be +completely described in terms of a set of RRs. Whole zones can be +transferred between name servers by transferring the RRs, either carried +in a series of messages or by FTPing a master file which is a textual +representation. + +The authoritative data for a zone is simply all of the RRs attached to +all of the nodes from the top node of the zone down to leaf nodes or +nodes above cuts around the bottom edge of the zone. + +Though logically part of the authoritative data, the RRs that describe +the top node of the zone are especially important to the zone's +management. These RRs are of two types: name server RRs that list, one +per RR, all of the servers for the zone, and a single SOA RR that +describes zone management parameters. + +The RRs that describe cuts around the bottom of the zone are NS RRs that +name the servers for the subzones. Since the cuts are between nodes, +these RRs are NOT part of the authoritative data of the zone, and should +be exactly the same as the corresponding RRs in the top node of the +subzone. Since name servers are always associated with zone boundaries, +NS RRs are only found at nodes which are the top node of some zone. In +the data that makes up a zone, NS RRs are found at the top node of the + + + +Mockapetris [Page 20] + +RFC 1034 Domain Concepts and Facilities November 1987 + + +zone (and are authoritative) and at cuts around the bottom of the zone +(where they are not authoritative), but never in between. + +One of the goals of the zone structure is that any zone have all the +data required to set up communications with the name servers for any +subzones. That is, parent zones have all the information needed to +access servers for their children zones. The NS RRs that name the +servers for subzones are often not enough for this task since they name +the servers, but do not give their addresses. In particular, if the +name of the name server is itself in the subzone, we could be faced with +the situation where the NS RRs tell us that in order to learn a name +server's address, we should contact the server using the address we wish +to learn. To fix this problem, a zone contains "glue" RRs which are not +part of the authoritative data, and are address RRs for the servers. +These RRs are only necessary if the name server's name is "below" the +cut, and are only used as part of a referral response. + +4.2.2. Administrative considerations + +When some organization wants to control its own domain, the first step +is to identify the proper parent zone, and get the parent zone's owners +to agree to the delegation of control. While there are no particular +technical constraints dealing with where in the tree this can be done, +there are some administrative groupings discussed in [RFC-1032] which +deal with top level organization, and middle level zones are free to +create their own rules. For example, one university might choose to use +a single zone, while another might choose to organize by subzones +dedicated to individual departments or schools. [RFC-1033] catalogs +available DNS software an discusses administration procedures. + +Once the proper name for the new subzone is selected, the new owners +should be required to demonstrate redundant name server support. Note +that there is no requirement that the servers for a zone reside in a +host which has a name in that domain. In many cases, a zone will be +more accessible to the internet at large if its servers are widely +distributed rather than being within the physical facilities controlled +by the same organization that manages the zone. For example, in the +current DNS, one of the name servers for the United Kingdom, or UK +domain, is found in the US. This allows US hosts to get UK data without +using limited transatlantic bandwidth. + +As the last installation step, the delegation NS RRs and glue RRs +necessary to make the delegation effective should be added to the parent +zone. The administrators of both zones should insure that the NS and +glue RRs which mark both sides of the cut are consistent and remain so. + +4.3. Name server internals + + + + +Mockapetris [Page 21] + +RFC 1034 Domain Concepts and Facilities November 1987 + + +4.3.1. Queries and responses + +The principal activity of name servers is to answer standard queries. +Both the query and its response are carried in a standard message format +which is described in [RFC-1035]. The query contains a QTYPE, QCLASS, +and QNAME, which describe the types and classes of desired information +and the name of interest. + +The way that the name server answers the query depends upon whether it +is operating in recursive mode or not: + + - The simplest mode for the server is non-recursive, since it + can answer queries using only local information: the response + contains an error, the answer, or a referral to some other + server "closer" to the answer. All name servers must + implement non-recursive queries. + + - The simplest mode for the client is recursive, since in this + mode the name server acts in the role of a resolver and + returns either an error or the answer, but never referrals. + This service is optional in a name server, and the name server + may also choose to restrict the clients which can use + recursive mode. + +Recursive service is helpful in several situations: + + - a relatively simple requester that lacks the ability to use + anything other than a direct answer to the question. + + - a request that needs to cross protocol or other boundaries and + can be sent to a server which can act as intermediary. + + - a network where we want to concentrate the cache rather than + having a separate cache for each client. + +Non-recursive service is appropriate if the requester is capable of +pursuing referrals and interested in information which will aid future +requests. + +The use of recursive mode is limited to cases where both the client and +the name server agree to its use. The agreement is negotiated through +the use of two bits in query and response messages: + + - The recursion available, or RA bit, is set or cleared by a + name server in all responses. The bit is true if the name + server is willing to provide recursive service for the client, + regardless of whether the client requested recursive service. + That is, RA signals availability rather than use. + + + +Mockapetris [Page 22] + +RFC 1034 Domain Concepts and Facilities November 1987 + + + - Queries contain a bit called recursion desired or RD. This + bit specifies specifies whether the requester wants recursive + service for this query. Clients may request recursive service + from any name server, though they should depend upon receiving + it only from servers which have previously sent an RA, or + servers which have agreed to provide service through private + agreement or some other means outside of the DNS protocol. + +The recursive mode occurs when a query with RD set arrives at a server +which is willing to provide recursive service; the client can verify +that recursive mode was used by checking that both RA and RD are set in +the reply. Note that the name server should never perform recursive +service unless asked via RD, since this interferes with trouble shooting +of name servers and their databases. + +If recursive service is requested and available, the recursive response +to a query will be one of the following: + + - The answer to the query, possibly preface by one or more CNAME + RRs that specify aliases encountered on the way to an answer. + + - A name error indicating that the name does not exist. This + may include CNAME RRs that indicate that the original query + name was an alias for a name which does not exist. + + - A temporary error indication. + +If recursive service is not requested or is not available, the non- +recursive response will be one of the following: + + - An authoritative name error indicating that the name does not + exist. + + - A temporary error indication. + + - Some combination of: + + RRs that answer the question, together with an indication + whether the data comes from a zone or is cached. + + A referral to name servers which have zones which are closer + ancestors to the name than the server sending the reply. + + - RRs that the name server thinks will prove useful to the + requester. + + + + + + +Mockapetris [Page 23] + +RFC 1034 Domain Concepts and Facilities November 1987 + + +4.3.2. Algorithm + +The actual algorithm used by the name server will depend on the local OS +and data structures used to store RRs. The following algorithm assumes +that the RRs are organized in several tree structures, one for each +zone, and another for the cache: + + 1. Set or clear the value of recursion available in the response + depending on whether the name server is willing to provide + recursive service. If recursive service is available and + requested via the RD bit in the query, go to step 5, + otherwise step 2. + + 2. Search the available zones for the zone which is the nearest + ancestor to QNAME. If such a zone is found, go to step 3, + otherwise step 4. + + 3. Start matching down, label by label, in the zone. The + matching process can terminate several ways: + + a. If the whole of QNAME is matched, we have found the + node. + + If the data at the node is a CNAME, and QTYPE doesn't + match CNAME, copy the CNAME RR into the answer section + of the response, change QNAME to the canonical name in + the CNAME RR, and go back to step 1. + + Otherwise, copy all RRs which match QTYPE into the + answer section and go to step 6. + + b. If a match would take us out of the authoritative data, + we have a referral. This happens when we encounter a + node with NS RRs marking cuts along the bottom of a + zone. + + Copy the NS RRs for the subzone into the authority + section of the reply. Put whatever addresses are + available into the additional section, using glue RRs + if the addresses are not available from authoritative + data or the cache. Go to step 4. + + c. If at some label, a match is impossible (i.e., the + corresponding label does not exist), look to see if a + the "*" label exists. + + If the "*" label does not exist, check whether the name + we are looking for is the original QNAME in the query + + + +Mockapetris [Page 24] + +RFC 1034 Domain Concepts and Facilities November 1987 + + + or a name we have followed due to a CNAME. If the name + is original, set an authoritative name error in the + response and exit. Otherwise just exit. + + If the "*" label does exist, match RRs at that node + against QTYPE. If any match, copy them into the answer + section, but set the owner of the RR to be QNAME, and + not the node with the "*" label. Go to step 6. + + 4. Start matching down in the cache. If QNAME is found in the + cache, copy all RRs attached to it that match QTYPE into the + answer section. If there was no delegation from + authoritative data, look for the best one from the cache, and + put it in the authority section. Go to step 6. + + 5. Using the local resolver or a copy of its algorithm (see + resolver section of this memo) to answer the query. Store + the results, including any intermediate CNAMEs, in the answer + section of the response. + + 6. Using local data only, attempt to add other RRs which may be + useful to the additional section of the query. Exit. + +4.3.3. Wildcards + +In the previous algorithm, special treatment was given to RRs with owner +names starting with the label "*". Such RRs are called wildcards. +Wildcard RRs can be thought of as instructions for synthesizing RRs. +When the appropriate conditions are met, the name server creates RRs +with an owner name equal to the query name and contents taken from the +wildcard RRs. + +This facility is most often used to create a zone which will be used to +forward mail from the Internet to some other mail system. The general +idea is that any name in that zone which is presented to server in a +query will be assumed to exist, with certain properties, unless explicit +evidence exists to the contrary. Note that the use of the term zone +here, instead of domain, is intentional; such defaults do not propagate +across zone boundaries, although a subzone may choose to achieve that +appearance by setting up similar defaults. + +The contents of the wildcard RRs follows the usual rules and formats for +RRs. The wildcards in the zone have an owner name that controls the +query names they will match. The owner name of the wildcard RRs is of +the form "*.<anydomain>", where <anydomain> is any domain name. +<anydomain> should not contain other * labels, and should be in the +authoritative data of the zone. The wildcards potentially apply to +descendants of <anydomain>, but not to <anydomain> itself. Another way + + + +Mockapetris [Page 25] + +RFC 1034 Domain Concepts and Facilities November 1987 + + +to look at this is that the "*" label always matches at least one whole +label and sometimes more, but always whole labels. + +Wildcard RRs do not apply: + + - When the query is in another zone. That is, delegation cancels + the wildcard defaults. + + - When the query name or a name between the wildcard domain and + the query name is know to exist. For example, if a wildcard + RR has an owner name of "*.X", and the zone also contains RRs + attached to B.X, the wildcards would apply to queries for name + Z.X (presuming there is no explicit information for Z.X), but + not to B.X, A.B.X, or X. + +A * label appearing in a query name has no special effect, but can be +used to test for wildcards in an authoritative zone; such a query is the +only way to get a response containing RRs with an owner name with * in +it. The result of such a query should not be cached. + +Note that the contents of the wildcard RRs are not modified when used to +synthesize RRs. + +To illustrate the use of wildcard RRs, suppose a large company with a +large, non-IP/TCP, network wanted to create a mail gateway. If the +company was called X.COM, and IP/TCP capable gateway machine was called +A.X.COM, the following RRs might be entered into the COM zone: + + X.COM MX 10 A.X.COM + + *.X.COM MX 10 A.X.COM + + A.X.COM A 1.2.3.4 + A.X.COM MX 10 A.X.COM + + *.A.X.COM MX 10 A.X.COM + +This would cause any MX query for any domain name ending in X.COM to +return an MX RR pointing at A.X.COM. Two wildcard RRs are required +since the effect of the wildcard at *.X.COM is inhibited in the A.X.COM +subtree by the explicit data for A.X.COM. Note also that the explicit +MX data at X.COM and A.X.COM is required, and that none of the RRs above +would match a query name of XX.COM. + +4.3.4. Negative response caching (Optional) + +The DNS provides an optional service which allows name servers to +distribute, and resolvers to cache, negative results with TTLs. For + + + +Mockapetris [Page 26] + +RFC 1034 Domain Concepts and Facilities November 1987 + + +example, a name server can distribute a TTL along with a name error +indication, and a resolver receiving such information is allowed to +assume that the name does not exist during the TTL period without +consulting authoritative data. Similarly, a resolver can make a query +with a QTYPE which matches multiple types, and cache the fact that some +of the types are not present. + +This feature can be particularly important in a system which implements +naming shorthands that use search lists beacuse a popular shorthand, +which happens to require a suffix toward the end of the search list, +will generate multiple name errors whenever it is used. + +The method is that a name server may add an SOA RR to the additional +section of a response when that response is authoritative. The SOA must +be that of the zone which was the source of the authoritative data in +the answer section, or name error if applicable. The MINIMUM field of +the SOA controls the length of time that the negative result may be +cached. + +Note that in some circumstances, the answer section may contain multiple +owner names. In this case, the SOA mechanism should only be used for +the data which matches QNAME, which is the only authoritative data in +this section. + +Name servers and resolvers should never attempt to add SOAs to the +additional section of a non-authoritative response, or attempt to infer +results which are not directly stated in an authoritative response. +There are several reasons for this, including: cached information isn't +usually enough to match up RRs and their zone names, SOA RRs may be +cached due to direct SOA queries, and name servers are not required to +output the SOAs in the authority section. + +This feature is optional, although a refined version is expected to +become part of the standard protocol in the future. Name servers are +not required to add the SOA RRs in all authoritative responses, nor are +resolvers required to cache negative results. Both are recommended. +All resolvers and recursive name servers are required to at least be +able to ignore the SOA RR when it is present in a response. + +Some experiments have also been proposed which will use this feature. +The idea is that if cached data is known to come from a particular zone, +and if an authoritative copy of the zone's SOA is obtained, and if the +zone's SERIAL has not changed since the data was cached, then the TTL of +the cached data can be reset to the zone MINIMUM value if it is smaller. +This usage is mentioned for planning purposes only, and is not +recommended as yet. + + + + + +Mockapetris [Page 27] + +RFC 1034 Domain Concepts and Facilities November 1987 + + +4.3.5. Zone maintenance and transfers + +Part of the job of a zone administrator is to maintain the zones at all +of the name servers which are authoritative for the zone. When the +inevitable changes are made, they must be distributed to all of the name +servers. While this distribution can be accomplished using FTP or some +other ad hoc procedure, the preferred method is the zone transfer part +of the DNS protocol. + +The general model of automatic zone transfer or refreshing is that one +of the name servers is the master or primary for the zone. Changes are +coordinated at the primary, typically by editing a master file for the +zone. After editing, the administrator signals the master server to +load the new zone. The other non-master or secondary servers for the +zone periodically check for changes (at a selectable interval) and +obtain new zone copies when changes have been made. + +To detect changes, secondaries just check the SERIAL field of the SOA +for the zone. In addition to whatever other changes are made, the +SERIAL field in the SOA of the zone is always advanced whenever any +change is made to the zone. The advancing can be a simple increment, or +could be based on the write date and time of the master file, etc. The +purpose is to make it possible to determine which of two copies of a +zone is more recent by comparing serial numbers. Serial number advances +and comparisons use sequence space arithmetic, so there is a theoretic +limit on how fast a zone can be updated, basically that old copies must +die out before the serial number covers half of its 32 bit range. In +practice, the only concern is that the compare operation deals properly +with comparisons around the boundary between the most positive and most +negative 32 bit numbers. + +The periodic polling of the secondary servers is controlled by +parameters in the SOA RR for the zone, which set the minimum acceptable +polling intervals. The parameters are called REFRESH, RETRY, and +EXPIRE. Whenever a new zone is loaded in a secondary, the secondary +waits REFRESH seconds before checking with the primary for a new serial. +If this check cannot be completed, new checks are started every RETRY +seconds. The check is a simple query to the primary for the SOA RR of +the zone. If the serial field in the secondary's zone copy is equal to +the serial returned by the primary, then no changes have occurred, and +the REFRESH interval wait is restarted. If the secondary finds it +impossible to perform a serial check for the EXPIRE interval, it must +assume that its copy of the zone is obsolete an discard it. + +When the poll shows that the zone has changed, then the secondary server +must request a zone transfer via an AXFR request for the zone. The AXFR +may cause an error, such as refused, but normally is answered by a +sequence of response messages. The first and last messages must contain + + + +Mockapetris [Page 28] + +RFC 1034 Domain Concepts and Facilities November 1987 + + +the data for the top authoritative node of the zone. Intermediate +messages carry all of the other RRs from the zone, including both +authoritative and non-authoritative RRs. The stream of messages allows +the secondary to construct a copy of the zone. Because accuracy is +essential, TCP or some other reliable protocol must be used for AXFR +requests. + +Each secondary server is required to perform the following operations +against the master, but may also optionally perform these operations +against other secondary servers. This strategy can improve the transfer +process when the primary is unavailable due to host downtime or network +problems, or when a secondary server has better network access to an +"intermediate" secondary than to the primary. + +5. RESOLVERS + +5.1. Introduction + +Resolvers are programs that interface user programs to domain name +servers. In the simplest case, a resolver receives a request from a +user program (e.g., mail programs, TELNET, FTP) in the form of a +subroutine call, system call etc., and returns the desired information +in a form compatible with the local host's data formats. + +The resolver is located on the same machine as the program that requests +the resolver's services, but it may need to consult name servers on +other hosts. Because a resolver may need to consult several name +servers, or may have the requested information in a local cache, the +amount of time that a resolver will take to complete can vary quite a +bit, from milliseconds to several seconds. + +A very important goal of the resolver is to eliminate network delay and +name server load from most requests by answering them from its cache of +prior results. It follows that caches which are shared by multiple +processes, users, machines, etc., are more efficient than non-shared +caches. + +5.2. Client-resolver interface + +5.2.1. Typical functions + +The client interface to the resolver is influenced by the local host's +conventions, but the typical resolver-client interface has three +functions: + + 1. Host name to host address translation. + + This function is often defined to mimic a previous HOSTS.TXT + + + +Mockapetris [Page 29] + +RFC 1034 Domain Concepts and Facilities November 1987 + + + based function. Given a character string, the caller wants + one or more 32 bit IP addresses. Under the DNS, it + translates into a request for type A RRs. Since the DNS does + not preserve the order of RRs, this function may choose to + sort the returned addresses or select the "best" address if + the service returns only one choice to the client. Note that + a multiple address return is recommended, but a single + address may be the only way to emulate prior HOSTS.TXT + services. + + 2. Host address to host name translation + + This function will often follow the form of previous + functions. Given a 32 bit IP address, the caller wants a + character string. The octets of the IP address are reversed, + used as name components, and suffixed with "IN-ADDR.ARPA". A + type PTR query is used to get the RR with the primary name of + the host. For example, a request for the host name + corresponding to IP address 1.2.3.4 looks for PTR RRs for + domain name "4.3.2.1.IN-ADDR.ARPA". + + 3. General lookup function + + This function retrieves arbitrary information from the DNS, + and has no counterpart in previous systems. The caller + supplies a QNAME, QTYPE, and QCLASS, and wants all of the + matching RRs. This function will often use the DNS format + for all RR data instead of the local host's, and returns all + RR content (e.g., TTL) instead of a processed form with local + quoting conventions. + +When the resolver performs the indicated function, it usually has one of +the following results to pass back to the client: + + - One or more RRs giving the requested data. + + In this case the resolver returns the answer in the + appropriate format. + + - A name error (NE). + + This happens when the referenced name does not exist. For + example, a user may have mistyped a host name. + + - A data not found error. + + This happens when the referenced name exists, but data of the + appropriate type does not. For example, a host address + + + +Mockapetris [Page 30] + +RFC 1034 Domain Concepts and Facilities November 1987 + + + function applied to a mailbox name would return this error + since the name exists, but no address RR is present. + +It is important to note that the functions for translating between host +names and addresses may combine the "name error" and "data not found" +error conditions into a single type of error return, but the general +function should not. One reason for this is that applications may ask +first for one type of information about a name followed by a second +request to the same name for some other type of information; if the two +errors are combined, then useless queries may slow the application. + +5.2.2. Aliases + +While attempting to resolve a particular request, the resolver may find +that the name in question is an alias. For example, the resolver might +find that the name given for host name to address translation is an +alias when it finds the CNAME RR. If possible, the alias condition +should be signalled back from the resolver to the client. + +In most cases a resolver simply restarts the query at the new name when +it encounters a CNAME. However, when performing the general function, +the resolver should not pursue aliases when the CNAME RR matches the +query type. This allows queries which ask whether an alias is present. +For example, if the query type is CNAME, the user is interested in the +CNAME RR itself, and not the RRs at the name it points to. + +Several special conditions can occur with aliases. Multiple levels of +aliases should be avoided due to their lack of efficiency, but should +not be signalled as an error. Alias loops and aliases which point to +non-existent names should be caught and an error condition passed back +to the client. + +5.2.3. Temporary failures + +In a less than perfect world, all resolvers will occasionally be unable +to resolve a particular request. This condition can be caused by a +resolver which becomes separated from the rest of the network due to a +link failure or gateway problem, or less often by coincident failure or +unavailability of all servers for a particular domain. + +It is essential that this sort of condition should not be signalled as a +name or data not present error to applications. This sort of behavior +is annoying to humans, and can wreak havoc when mail systems use the +DNS. + +While in some cases it is possible to deal with such a temporary problem +by blocking the request indefinitely, this is usually not a good choice, +particularly when the client is a server process that could move on to + + + +Mockapetris [Page 31] + +RFC 1034 Domain Concepts and Facilities November 1987 + + +other tasks. The recommended solution is to always have temporary +failure as one of the possible results of a resolver function, even +though this may make emulation of existing HOSTS.TXT functions more +difficult. + +5.3. Resolver internals + +Every resolver implementation uses slightly different algorithms, and +typically spends much more logic dealing with errors of various sorts +than typical occurances. This section outlines a recommended basic +strategy for resolver operation, but leaves details to [RFC-1035]. + +5.3.1. Stub resolvers + +One option for implementing a resolver is to move the resolution +function out of the local machine and into a name server which supports +recursive queries. This can provide an easy method of providing domain +service in a PC which lacks the resources to perform the resolver +function, or can centralize the cache for a whole local network or +organization. + +All that the remaining stub needs is a list of name server addresses +that will perform the recursive requests. This type of resolver +presumably needs the information in a configuration file, since it +probably lacks the sophistication to locate it in the domain database. +The user also needs to verify that the listed servers will perform the +recursive service; a name server is free to refuse to perform recursive +services for any or all clients. The user should consult the local +system administrator to find name servers willing to perform the +service. + +This type of service suffers from some drawbacks. Since the recursive +requests may take an arbitrary amount of time to perform, the stub may +have difficulty optimizing retransmission intervals to deal with both +lost UDP packets and dead servers; the name server can be easily +overloaded by too zealous a stub if it interprets retransmissions as new +requests. Use of TCP may be an answer, but TCP may well place burdens +on the host's capabilities which are similar to those of a real +resolver. + +5.3.2. Resources + +In addition to its own resources, the resolver may also have shared +access to zones maintained by a local name server. This gives the +resolver the advantage of more rapid access, but the resolver must be +careful to never let cached information override zone data. In this +discussion the term "local information" is meant to mean the union of +the cache and such shared zones, with the understanding that + + + +Mockapetris [Page 32] + +RFC 1034 Domain Concepts and Facilities November 1987 + + +authoritative data is always used in preference to cached data when both +are present. + +The following resolver algorithm assumes that all functions have been +converted to a general lookup function, and uses the following data +structures to represent the state of a request in progress in the +resolver: + +SNAME the domain name we are searching for. + +STYPE the QTYPE of the search request. + +SCLASS the QCLASS of the search request. + +SLIST a structure which describes the name servers and the + zone which the resolver is currently trying to query. + This structure keeps track of the resolver's current + best guess about which name servers hold the desired + information; it is updated when arriving information + changes the guess. This structure includes the + equivalent of a zone name, the known name servers for + the zone, the known addresses for the name servers, and + history information which can be used to suggest which + server is likely to be the best one to try next. The + zone name equivalent is a match count of the number of + labels from the root down which SNAME has in common with + the zone being queried; this is used as a measure of how + "close" the resolver is to SNAME. + +SBELT a "safety belt" structure of the same form as SLIST, + which is initialized from a configuration file, and + lists servers which should be used when the resolver + doesn't have any local information to guide name server + selection. The match count will be -1 to indicate that + no labels are known to match. + +CACHE A structure which stores the results from previous + responses. Since resolvers are responsible for + discarding old RRs whose TTL has expired, most + implementations convert the interval specified in + arriving RRs to some sort of absolute time when the RR + is stored in the cache. Instead of counting the TTLs + down individually, the resolver just ignores or discards + old RRs when it runs across them in the course of a + search, or discards them during periodic sweeps to + reclaim the memory consumed by old RRs. + + + + + +Mockapetris [Page 33] + +RFC 1034 Domain Concepts and Facilities November 1987 + + +5.3.3. Algorithm + +The top level algorithm has four steps: + + 1. See if the answer is in local information, and if so return + it to the client. + + 2. Find the best servers to ask. + + 3. Send them queries until one returns a response. + + 4. Analyze the response, either: + + a. if the response answers the question or contains a name + error, cache the data as well as returning it back to + the client. + + b. if the response contains a better delegation to other + servers, cache the delegation information, and go to + step 2. + + c. if the response shows a CNAME and that is not the + answer itself, cache the CNAME, change the SNAME to the + canonical name in the CNAME RR and go to step 1. + + d. if the response shows a servers failure or other + bizarre contents, delete the server from the SLIST and + go back to step 3. + +Step 1 searches the cache for the desired data. If the data is in the +cache, it is assumed to be good enough for normal use. Some resolvers +have an option at the user interface which will force the resolver to +ignore the cached data and consult with an authoritative server. This +is not recommended as the default. If the resolver has direct access to +a name server's zones, it should check to see if the desired data is +present in authoritative form, and if so, use the authoritative data in +preference to cached data. + +Step 2 looks for a name server to ask for the required data. The +general strategy is to look for locally-available name server RRs, +starting at SNAME, then the parent domain name of SNAME, the +grandparent, and so on toward the root. Thus if SNAME were +Mockapetris.ISI.EDU, this step would look for NS RRs for +Mockapetris.ISI.EDU, then ISI.EDU, then EDU, and then . (the root). +These NS RRs list the names of hosts for a zone at or above SNAME. Copy +the names into SLIST. Set up their addresses using local data. It may +be the case that the addresses are not available. The resolver has many +choices here; the best is to start parallel resolver processes looking + + + +Mockapetris [Page 34] + +RFC 1034 Domain Concepts and Facilities November 1987 + + +for the addresses while continuing onward with the addresses which are +available. Obviously, the design choices and options are complicated +and a function of the local host's capabilities. The recommended +priorities for the resolver designer are: + + 1. Bound the amount of work (packets sent, parallel processes + started) so that a request can't get into an infinite loop or + start off a chain reaction of requests or queries with other + implementations EVEN IF SOMEONE HAS INCORRECTLY CONFIGURED + SOME DATA. + + 2. Get back an answer if at all possible. + + 3. Avoid unnecessary transmissions. + + 4. Get the answer as quickly as possible. + +If the search for NS RRs fails, then the resolver initializes SLIST from +the safety belt SBELT. The basic idea is that when the resolver has no +idea what servers to ask, it should use information from a configuration +file that lists several servers which are expected to be helpful. +Although there are special situations, the usual choice is two of the +root servers and two of the servers for the host's domain. The reason +for two of each is for redundancy. The root servers will provide +eventual access to all of the domain space. The two local servers will +allow the resolver to continue to resolve local names if the local +network becomes isolated from the internet due to gateway or link +failure. + +In addition to the names and addresses of the servers, the SLIST data +structure can be sorted to use the best servers first, and to insure +that all addresses of all servers are used in a round-robin manner. The +sorting can be a simple function of preferring addresses on the local +network over others, or may involve statistics from past events, such as +previous response times and batting averages. + +Step 3 sends out queries until a response is received. The strategy is +to cycle around all of the addresses for all of the servers with a +timeout between each transmission. In practice it is important to use +all addresses of a multihomed host, and too aggressive a retransmission +policy actually slows response when used by multiple resolvers +contending for the same name server and even occasionally for a single +resolver. SLIST typically contains data values to control the timeouts +and keep track of previous transmissions. + +Step 4 involves analyzing responses. The resolver should be highly +paranoid in its parsing of responses. It should also check that the +response matches the query it sent using the ID field in the response. + + + +Mockapetris [Page 35] + +RFC 1034 Domain Concepts and Facilities November 1987 + + +The ideal answer is one from a server authoritative for the query which +either gives the required data or a name error. The data is passed back +to the user and entered in the cache for future use if its TTL is +greater than zero. + +If the response shows a delegation, the resolver should check to see +that the delegation is "closer" to the answer than the servers in SLIST +are. This can be done by comparing the match count in SLIST with that +computed from SNAME and the NS RRs in the delegation. If not, the reply +is bogus and should be ignored. If the delegation is valid the NS +delegation RRs and any address RRs for the servers should be cached. +The name servers are entered in the SLIST, and the search is restarted. + +If the response contains a CNAME, the search is restarted at the CNAME +unless the response has the data for the canonical name or if the CNAME +is the answer itself. + +Details and implementation hints can be found in [RFC-1035]. + +6. A SCENARIO + +In our sample domain space, suppose we wanted separate administrative +control for the root, MIL, EDU, MIT.EDU and ISI.EDU zones. We might +allocate name servers as follows: + + + |(C.ISI.EDU,SRI-NIC.ARPA + | A.ISI.EDU) + +---------------------+------------------+ + | | | + MIL EDU ARPA + |(SRI-NIC.ARPA, |(SRI-NIC.ARPA, | + | A.ISI.EDU | C.ISI.EDU) | + +-----+-----+ | +------+-----+-----+ + | | | | | | | + BRL NOSC DARPA | IN-ADDR SRI-NIC ACC + | + +--------+------------------+---------------+--------+ + | | | | | + UCI MIT | UDEL YALE + |(XX.LCS.MIT.EDU, ISI + |ACHILLES.MIT.EDU) |(VAXA.ISI.EDU,VENERA.ISI.EDU, + +---+---+ | A.ISI.EDU) + | | | + LCS ACHILLES +--+-----+-----+--------+ + | | | | | | + XX A C VAXA VENERA Mockapetris + + + + +Mockapetris [Page 36] + +RFC 1034 Domain Concepts and Facilities November 1987 + + +In this example, the authoritative name server is shown in parentheses +at the point in the domain tree at which is assumes control. + +Thus the root name servers are on C.ISI.EDU, SRI-NIC.ARPA, and +A.ISI.EDU. The MIL domain is served by SRI-NIC.ARPA and A.ISI.EDU. The +EDU domain is served by SRI-NIC.ARPA. and C.ISI.EDU. Note that servers +may have zones which are contiguous or disjoint. In this scenario, +C.ISI.EDU has contiguous zones at the root and EDU domains. A.ISI.EDU +has contiguous zones at the root and MIL domains, but also has a non- +contiguous zone at ISI.EDU. + +6.1. C.ISI.EDU name server + +C.ISI.EDU is a name server for the root, MIL, and EDU domains of the IN +class, and would have zones for these domains. The zone data for the +root domain might be: + + . IN SOA SRI-NIC.ARPA. HOSTMASTER.SRI-NIC.ARPA. ( + 870611 ;serial + 1800 ;refresh every 30 min + 300 ;retry every 5 min + 604800 ;expire after a week + 86400) ;minimum of a day + NS A.ISI.EDU. + NS C.ISI.EDU. + NS SRI-NIC.ARPA. + + MIL. 86400 NS SRI-NIC.ARPA. + 86400 NS A.ISI.EDU. + + EDU. 86400 NS SRI-NIC.ARPA. + 86400 NS C.ISI.EDU. + + SRI-NIC.ARPA. A 26.0.0.73 + A 10.0.0.51 + MX 0 SRI-NIC.ARPA. + HINFO DEC-2060 TOPS20 + + ACC.ARPA. A 26.6.0.65 + HINFO PDP-11/70 UNIX + MX 10 ACC.ARPA. + + USC-ISIC.ARPA. CNAME C.ISI.EDU. + + 73.0.0.26.IN-ADDR.ARPA. PTR SRI-NIC.ARPA. + 65.0.6.26.IN-ADDR.ARPA. PTR ACC.ARPA. + 51.0.0.10.IN-ADDR.ARPA. PTR SRI-NIC.ARPA. + 52.0.0.10.IN-ADDR.ARPA. PTR C.ISI.EDU. + + + +Mockapetris [Page 37] + +RFC 1034 Domain Concepts and Facilities November 1987 + + + 103.0.3.26.IN-ADDR.ARPA. PTR A.ISI.EDU. + + A.ISI.EDU. 86400 A 26.3.0.103 + C.ISI.EDU. 86400 A 10.0.0.52 + +This data is represented as it would be in a master file. Most RRs are +single line entries; the sole exception here is the SOA RR, which uses +"(" to start a multi-line RR and ")" to show the end of a multi-line RR. +Since the class of all RRs in a zone must be the same, only the first RR +in a zone need specify the class. When a name server loads a zone, it +forces the TTL of all authoritative RRs to be at least the MINIMUM field +of the SOA, here 86400 seconds, or one day. The NS RRs marking +delegation of the MIL and EDU domains, together with the glue RRs for +the servers host addresses, are not part of the authoritative data in +the zone, and hence have explicit TTLs. + +Four RRs are attached to the root node: the SOA which describes the root +zone and the 3 NS RRs which list the name servers for the root. The +data in the SOA RR describes the management of the zone. The zone data +is maintained on host SRI-NIC.ARPA, and the responsible party for the +zone is HOSTMASTER@SRI-NIC.ARPA. A key item in the SOA is the 86400 +second minimum TTL, which means that all authoritative data in the zone +has at least that TTL, although higher values may be explicitly +specified. + +The NS RRs for the MIL and EDU domains mark the boundary between the +root zone and the MIL and EDU zones. Note that in this example, the +lower zones happen to be supported by name servers which also support +the root zone. + +The master file for the EDU zone might be stated relative to the origin +EDU. The zone data for the EDU domain might be: + + EDU. IN SOA SRI-NIC.ARPA. HOSTMASTER.SRI-NIC.ARPA. ( + 870729 ;serial + 1800 ;refresh every 30 minutes + 300 ;retry every 5 minutes + 604800 ;expire after a week + 86400 ;minimum of a day + ) + NS SRI-NIC.ARPA. + NS C.ISI.EDU. + + UCI 172800 NS ICS.UCI + 172800 NS ROME.UCI + ICS.UCI 172800 A 192.5.19.1 + ROME.UCI 172800 A 192.5.19.31 + + + + +Mockapetris [Page 38] + +RFC 1034 Domain Concepts and Facilities November 1987 + + + ISI 172800 NS VAXA.ISI + 172800 NS A.ISI + 172800 NS VENERA.ISI.EDU. + VAXA.ISI 172800 A 10.2.0.27 + 172800 A 128.9.0.33 + VENERA.ISI.EDU. 172800 A 10.1.0.52 + 172800 A 128.9.0.32 + A.ISI 172800 A 26.3.0.103 + + UDEL.EDU. 172800 NS LOUIE.UDEL.EDU. + 172800 NS UMN-REI-UC.ARPA. + LOUIE.UDEL.EDU. 172800 A 10.0.0.96 + 172800 A 192.5.39.3 + + YALE.EDU. 172800 NS YALE.ARPA. + YALE.EDU. 172800 NS YALE-BULLDOG.ARPA. + + MIT.EDU. 43200 NS XX.LCS.MIT.EDU. + 43200 NS ACHILLES.MIT.EDU. + XX.LCS.MIT.EDU. 43200 A 10.0.0.44 + ACHILLES.MIT.EDU. 43200 A 18.72.0.8 + +Note the use of relative names here. The owner name for the ISI.EDU. is +stated using a relative name, as are two of the name server RR contents. +Relative and absolute domain names may be freely intermixed in a master + +6.2. Example standard queries + +The following queries and responses illustrate name server behavior. +Unless otherwise noted, the queries do not have recursion desired (RD) +in the header. Note that the answers to non-recursive queries do depend +on the server being asked, but do not depend on the identity of the +requester. + + + + + + + + + + + + + + + + + + +Mockapetris [Page 39] + +RFC 1034 Domain Concepts and Facilities November 1987 + + +6.2.1. QNAME=SRI-NIC.ARPA, QTYPE=A + +The query would look like: + + +---------------------------------------------------+ + Header | OPCODE=SQUERY | + +---------------------------------------------------+ + Question | QNAME=SRI-NIC.ARPA., QCLASS=IN, QTYPE=A | + +---------------------------------------------------+ + Answer | <empty> | + +---------------------------------------------------+ + Authority | <empty> | + +---------------------------------------------------+ + Additional | <empty> | + +---------------------------------------------------+ + +The response from C.ISI.EDU would be: + + +---------------------------------------------------+ + Header | OPCODE=SQUERY, RESPONSE, AA | + +---------------------------------------------------+ + Question | QNAME=SRI-NIC.ARPA., QCLASS=IN, QTYPE=A | + +---------------------------------------------------+ + Answer | SRI-NIC.ARPA. 86400 IN A 26.0.0.73 | + | 86400 IN A 10.0.0.51 | + +---------------------------------------------------+ + Authority | <empty> | + +---------------------------------------------------+ + Additional | <empty> | + +---------------------------------------------------+ + +The header of the response looks like the header of the query, except +that the RESPONSE bit is set, indicating that this message is a +response, not a query, and the Authoritative Answer (AA) bit is set +indicating that the address RRs in the answer section are from +authoritative data. The question section of the response matches the +question section of the query. + + + + + + + + + + + + + + +Mockapetris [Page 40] + +RFC 1034 Domain Concepts and Facilities November 1987 + + +If the same query was sent to some other server which was not +authoritative for SRI-NIC.ARPA, the response might be: + + +---------------------------------------------------+ + Header | OPCODE=SQUERY,RESPONSE | + +---------------------------------------------------+ + Question | QNAME=SRI-NIC.ARPA., QCLASS=IN, QTYPE=A | + +---------------------------------------------------+ + Answer | SRI-NIC.ARPA. 1777 IN A 10.0.0.51 | + | 1777 IN A 26.0.0.73 | + +---------------------------------------------------+ + Authority | <empty> | + +---------------------------------------------------+ + Additional | <empty> | + +---------------------------------------------------+ + +This response is different from the previous one in two ways: the header +does not have AA set, and the TTLs are different. The inference is that +the data did not come from a zone, but from a cache. The difference +between the authoritative TTL and the TTL here is due to aging of the +data in a cache. The difference in ordering of the RRs in the answer +section is not significant. + +6.2.2. QNAME=SRI-NIC.ARPA, QTYPE=* + +A query similar to the previous one, but using a QTYPE of *, would +receive the following response from C.ISI.EDU: + + +---------------------------------------------------+ + Header | OPCODE=SQUERY, RESPONSE, AA | + +---------------------------------------------------+ + Question | QNAME=SRI-NIC.ARPA., QCLASS=IN, QTYPE=* | + +---------------------------------------------------+ + Answer | SRI-NIC.ARPA. 86400 IN A 26.0.0.73 | + | A 10.0.0.51 | + | MX 0 SRI-NIC.ARPA. | + | HINFO DEC-2060 TOPS20 | + +---------------------------------------------------+ + Authority | <empty> | + +---------------------------------------------------+ + Additional | <empty> | + +---------------------------------------------------+ + + + + + + + + + +Mockapetris [Page 41] + +RFC 1034 Domain Concepts and Facilities November 1987 + + +If a similar query was directed to two name servers which are not +authoritative for SRI-NIC.ARPA, the responses might be: + + +---------------------------------------------------+ + Header | OPCODE=SQUERY, RESPONSE | + +---------------------------------------------------+ + Question | QNAME=SRI-NIC.ARPA., QCLASS=IN, QTYPE=* | + +---------------------------------------------------+ + Answer | SRI-NIC.ARPA. 12345 IN A 26.0.0.73 | + | A 10.0.0.51 | + +---------------------------------------------------+ + Authority | <empty> | + +---------------------------------------------------+ + Additional | <empty> | + +---------------------------------------------------+ + +and + + +---------------------------------------------------+ + Header | OPCODE=SQUERY, RESPONSE | + +---------------------------------------------------+ + Question | QNAME=SRI-NIC.ARPA., QCLASS=IN, QTYPE=* | + +---------------------------------------------------+ + Answer | SRI-NIC.ARPA. 1290 IN HINFO DEC-2060 TOPS20 | + +---------------------------------------------------+ + Authority | <empty> | + +---------------------------------------------------+ + Additional | <empty> | + +---------------------------------------------------+ + +Neither of these answers have AA set, so neither response comes from +authoritative data. The different contents and different TTLs suggest +that the two servers cached data at different times, and that the first +server cached the response to a QTYPE=A query and the second cached the +response to a HINFO query. + + + + + + + + + + + + + + + + +Mockapetris [Page 42] + +RFC 1034 Domain Concepts and Facilities November 1987 + + +6.2.3. QNAME=SRI-NIC.ARPA, QTYPE=MX + +This type of query might be result from a mailer trying to look up +routing information for the mail destination HOSTMASTER@SRI-NIC.ARPA. +The response from C.ISI.EDU would be: + + +---------------------------------------------------+ + Header | OPCODE=SQUERY, RESPONSE, AA | + +---------------------------------------------------+ + Question | QNAME=SRI-NIC.ARPA., QCLASS=IN, QTYPE=MX | + +---------------------------------------------------+ + Answer | SRI-NIC.ARPA. 86400 IN MX 0 SRI-NIC.ARPA.| + +---------------------------------------------------+ + Authority | <empty> | + +---------------------------------------------------+ + Additional | SRI-NIC.ARPA. 86400 IN A 26.0.0.73 | + | A 10.0.0.51 | + +---------------------------------------------------+ + +This response contains the MX RR in the answer section of the response. +The additional section contains the address RRs because the name server +at C.ISI.EDU guesses that the requester will need the addresses in order +to properly use the information carried by the MX. + +6.2.4. QNAME=SRI-NIC.ARPA, QTYPE=NS + +C.ISI.EDU would reply to this query with: + + +---------------------------------------------------+ + Header | OPCODE=SQUERY, RESPONSE, AA | + +---------------------------------------------------+ + Question | QNAME=SRI-NIC.ARPA., QCLASS=IN, QTYPE=NS | + +---------------------------------------------------+ + Answer | <empty> | + +---------------------------------------------------+ + Authority | <empty> | + +---------------------------------------------------+ + Additional | <empty> | + +---------------------------------------------------+ + +The only difference between the response and the query is the AA and +RESPONSE bits in the header. The interpretation of this response is +that the server is authoritative for the name, and the name exists, but +no RRs of type NS are present there. + +6.2.5. QNAME=SIR-NIC.ARPA, QTYPE=A + +If a user mistyped a host name, we might see this type of query. + + + +Mockapetris [Page 43] + +RFC 1034 Domain Concepts and Facilities November 1987 + + +C.ISI.EDU would answer it with: + + +---------------------------------------------------+ + Header | OPCODE=SQUERY, RESPONSE, AA, RCODE=NE | + +---------------------------------------------------+ + Question | QNAME=SIR-NIC.ARPA., QCLASS=IN, QTYPE=A | + +---------------------------------------------------+ + Answer | <empty> | + +---------------------------------------------------+ + Authority | . SOA SRI-NIC.ARPA. HOSTMASTER.SRI-NIC.ARPA. | + | 870611 1800 300 604800 86400 | + +---------------------------------------------------+ + Additional | <empty> | + +---------------------------------------------------+ + +This response states that the name does not exist. This condition is +signalled in the response code (RCODE) section of the header. + +The SOA RR in the authority section is the optional negative caching +information which allows the resolver using this response to assume that +the name will not exist for the SOA MINIMUM (86400) seconds. + +6.2.6. QNAME=BRL.MIL, QTYPE=A + +If this query is sent to C.ISI.EDU, the reply would be: + + +---------------------------------------------------+ + Header | OPCODE=SQUERY, RESPONSE | + +---------------------------------------------------+ + Question | QNAME=BRL.MIL, QCLASS=IN, QTYPE=A | + +---------------------------------------------------+ + Answer | <empty> | + +---------------------------------------------------+ + Authority | MIL. 86400 IN NS SRI-NIC.ARPA. | + | 86400 NS A.ISI.EDU. | + +---------------------------------------------------+ + Additional | A.ISI.EDU. A 26.3.0.103 | + | SRI-NIC.ARPA. A 26.0.0.73 | + | A 10.0.0.51 | + +---------------------------------------------------+ + +This response has an empty answer section, but is not authoritative, so +it is a referral. The name server on C.ISI.EDU, realizing that it is +not authoritative for the MIL domain, has referred the requester to +servers on A.ISI.EDU and SRI-NIC.ARPA, which it knows are authoritative +for the MIL domain. + + + + + +Mockapetris [Page 44] + +RFC 1034 Domain Concepts and Facilities November 1987 + + +6.2.7. QNAME=USC-ISIC.ARPA, QTYPE=A + +The response to this query from A.ISI.EDU would be: + + +---------------------------------------------------+ + Header | OPCODE=SQUERY, RESPONSE, AA | + +---------------------------------------------------+ + Question | QNAME=USC-ISIC.ARPA., QCLASS=IN, QTYPE=A | + +---------------------------------------------------+ + Answer | USC-ISIC.ARPA. 86400 IN CNAME C.ISI.EDU. | + | C.ISI.EDU. 86400 IN A 10.0.0.52 | + +---------------------------------------------------+ + Authority | <empty> | + +---------------------------------------------------+ + Additional | <empty> | + +---------------------------------------------------+ + +Note that the AA bit in the header guarantees that the data matching +QNAME is authoritative, but does not say anything about whether the data +for C.ISI.EDU is authoritative. This complete reply is possible because +A.ISI.EDU happens to be authoritative for both the ARPA domain where +USC-ISIC.ARPA is found and the ISI.EDU domain where C.ISI.EDU data is +found. + +If the same query was sent to C.ISI.EDU, its response might be the same +as shown above if it had its own address in its cache, but might also +be: + + + + + + + + + + + + + + + + + + + + + + + + +Mockapetris [Page 45] + +RFC 1034 Domain Concepts and Facilities November 1987 + + + +---------------------------------------------------+ + Header | OPCODE=SQUERY, RESPONSE, AA | + +---------------------------------------------------+ + Question | QNAME=USC-ISIC.ARPA., QCLASS=IN, QTYPE=A | + +---------------------------------------------------+ + Answer | USC-ISIC.ARPA. 86400 IN CNAME C.ISI.EDU. | + +---------------------------------------------------+ + Authority | ISI.EDU. 172800 IN NS VAXA.ISI.EDU. | + | NS A.ISI.EDU. | + | NS VENERA.ISI.EDU. | + +---------------------------------------------------+ + Additional | VAXA.ISI.EDU. 172800 A 10.2.0.27 | + | 172800 A 128.9.0.33 | + | VENERA.ISI.EDU. 172800 A 10.1.0.52 | + | 172800 A 128.9.0.32 | + | A.ISI.EDU. 172800 A 26.3.0.103 | + +---------------------------------------------------+ + +This reply contains an authoritative reply for the alias USC-ISIC.ARPA, +plus a referral to the name servers for ISI.EDU. This sort of reply +isn't very likely given that the query is for the host name of the name +server being asked, but would be common for other aliases. + +6.2.8. QNAME=USC-ISIC.ARPA, QTYPE=CNAME + +If this query is sent to either A.ISI.EDU or C.ISI.EDU, the reply would +be: + + +---------------------------------------------------+ + Header | OPCODE=SQUERY, RESPONSE, AA | + +---------------------------------------------------+ + Question | QNAME=USC-ISIC.ARPA., QCLASS=IN, QTYPE=A | + +---------------------------------------------------+ + Answer | USC-ISIC.ARPA. 86400 IN CNAME C.ISI.EDU. | + +---------------------------------------------------+ + Authority | <empty> | + +---------------------------------------------------+ + Additional | <empty> | + +---------------------------------------------------+ + +Because QTYPE=CNAME, the CNAME RR itself answers the query, and the name +server doesn't attempt to look up anything for C.ISI.EDU. (Except +possibly for the additional section.) + +6.3. Example resolution + +The following examples illustrate the operations a resolver must perform +for its client. We assume that the resolver is starting without a + + + +Mockapetris [Page 46] + +RFC 1034 Domain Concepts and Facilities November 1987 + + +cache, as might be the case after system boot. We further assume that +the system is not one of the hosts in the data and that the host is +located somewhere on net 26, and that its safety belt (SBELT) data +structure has the following information: + + Match count = -1 + SRI-NIC.ARPA. 26.0.0.73 10.0.0.51 + A.ISI.EDU. 26.3.0.103 + +This information specifies servers to try, their addresses, and a match +count of -1, which says that the servers aren't very close to the +target. Note that the -1 isn't supposed to be an accurate closeness +measure, just a value so that later stages of the algorithm will work. + +The following examples illustrate the use of a cache, so each example +assumes that previous requests have completed. + +6.3.1. Resolve MX for ISI.EDU. + +Suppose the first request to the resolver comes from the local mailer, +which has mail for PVM@ISI.EDU. The mailer might then ask for type MX +RRs for the domain name ISI.EDU. + +The resolver would look in its cache for MX RRs at ISI.EDU, but the +empty cache wouldn't be helpful. The resolver would recognize that it +needed to query foreign servers and try to determine the best servers to +query. This search would look for NS RRs for the domains ISI.EDU, EDU, +and the root. These searches of the cache would also fail. As a last +resort, the resolver would use the information from the SBELT, copying +it into its SLIST structure. + +At this point the resolver would need to pick one of the three available +addresses to try. Given that the resolver is on net 26, it should +choose either 26.0.0.73 or 26.3.0.103 as its first choice. It would +then send off a query of the form: + + + + + + + + + + + + + + + + +Mockapetris [Page 47] + +RFC 1034 Domain Concepts and Facilities November 1987 + + + +---------------------------------------------------+ + Header | OPCODE=SQUERY | + +---------------------------------------------------+ + Question | QNAME=ISI.EDU., QCLASS=IN, QTYPE=MX | + +---------------------------------------------------+ + Answer | <empty> | + +---------------------------------------------------+ + Authority | <empty> | + +---------------------------------------------------+ + Additional | <empty> | + +---------------------------------------------------+ + +The resolver would then wait for a response to its query or a timeout. +If the timeout occurs, it would try different servers, then different +addresses of the same servers, lastly retrying addresses already tried. +It might eventually receive a reply from SRI-NIC.ARPA: + + +---------------------------------------------------+ + Header | OPCODE=SQUERY, RESPONSE | + +---------------------------------------------------+ + Question | QNAME=ISI.EDU., QCLASS=IN, QTYPE=MX | + +---------------------------------------------------+ + Answer | <empty> | + +---------------------------------------------------+ + Authority | ISI.EDU. 172800 IN NS VAXA.ISI.EDU. | + | NS A.ISI.EDU. | + | NS VENERA.ISI.EDU.| + +---------------------------------------------------+ + Additional | VAXA.ISI.EDU. 172800 A 10.2.0.27 | + | 172800 A 128.9.0.33 | + | VENERA.ISI.EDU. 172800 A 10.1.0.52 | + | 172800 A 128.9.0.32 | + | A.ISI.EDU. 172800 A 26.3.0.103 | + +---------------------------------------------------+ + +The resolver would notice that the information in the response gave a +closer delegation to ISI.EDU than its existing SLIST (since it matches +three labels). The resolver would then cache the information in this +response and use it to set up a new SLIST: + + Match count = 3 + A.ISI.EDU. 26.3.0.103 + VAXA.ISI.EDU. 10.2.0.27 128.9.0.33 + VENERA.ISI.EDU. 10.1.0.52 128.9.0.32 + +A.ISI.EDU appears on this list as well as the previous one, but that is +purely coincidental. The resolver would again start transmitting and +waiting for responses. Eventually it would get an answer: + + + +Mockapetris [Page 48] + +RFC 1034 Domain Concepts and Facilities November 1987 + + + +---------------------------------------------------+ + Header | OPCODE=SQUERY, RESPONSE, AA | + +---------------------------------------------------+ + Question | QNAME=ISI.EDU., QCLASS=IN, QTYPE=MX | + +---------------------------------------------------+ + Answer | ISI.EDU. MX 10 VENERA.ISI.EDU. | + | MX 20 VAXA.ISI.EDU. | + +---------------------------------------------------+ + Authority | <empty> | + +---------------------------------------------------+ + Additional | VAXA.ISI.EDU. 172800 A 10.2.0.27 | + | 172800 A 128.9.0.33 | + | VENERA.ISI.EDU. 172800 A 10.1.0.52 | + | 172800 A 128.9.0.32 | + +---------------------------------------------------+ + +The resolver would add this information to its cache, and return the MX +RRs to its client. + +6.3.2. Get the host name for address 26.6.0.65 + +The resolver would translate this into a request for PTR RRs for +65.0.6.26.IN-ADDR.ARPA. This information is not in the cache, so the +resolver would look for foreign servers to ask. No servers would match, +so it would use SBELT again. (Note that the servers for the ISI.EDU +domain are in the cache, but ISI.EDU is not an ancestor of +65.0.6.26.IN-ADDR.ARPA, so the SBELT is used.) + +Since this request is within the authoritative data of both servers in +SBELT, eventually one would return: + + + + + + + + + + + + + + + + + + + + + +Mockapetris [Page 49] + +RFC 1034 Domain Concepts and Facilities November 1987 + + + +---------------------------------------------------+ + Header | OPCODE=SQUERY, RESPONSE, AA | + +---------------------------------------------------+ + Question | QNAME=65.0.6.26.IN-ADDR.ARPA.,QCLASS=IN,QTYPE=PTR | + +---------------------------------------------------+ + Answer | 65.0.6.26.IN-ADDR.ARPA. PTR ACC.ARPA. | + +---------------------------------------------------+ + Authority | <empty> | + +---------------------------------------------------+ + Additional | <empty> | + +---------------------------------------------------+ + +6.3.3. Get the host address of poneria.ISI.EDU + +This request would translate into a type A request for poneria.ISI.EDU. +The resolver would not find any cached data for this name, but would +find the NS RRs in the cache for ISI.EDU when it looks for foreign +servers to ask. Using this data, it would construct a SLIST of the +form: + + Match count = 3 + + A.ISI.EDU. 26.3.0.103 + VAXA.ISI.EDU. 10.2.0.27 128.9.0.33 + VENERA.ISI.EDU. 10.1.0.52 + +A.ISI.EDU is listed first on the assumption that the resolver orders its +choices by preference, and A.ISI.EDU is on the same network. + +One of these servers would answer the query. + +7. REFERENCES and BIBLIOGRAPHY + +[Dyer 87] Dyer, S., and F. Hsu, "Hesiod", Project Athena + Technical Plan - Name Service, April 1987, version 1.9. + + Describes the fundamentals of the Hesiod name service. + +[IEN-116] J. Postel, "Internet Name Server", IEN-116, + USC/Information Sciences Institute, August 1979. + + A name service obsoleted by the Domain Name System, but + still in use. + + + + + + + + +Mockapetris [Page 50] + +RFC 1034 Domain Concepts and Facilities November 1987 + + +[Quarterman 86] Quarterman, J., and J. Hoskins, "Notable Computer + Networks",Communications of the ACM, October 1986, + volume 29, number 10. + +[RFC-742] K. Harrenstien, "NAME/FINGER", RFC-742, Network + Information Center, SRI International, December 1977. + +[RFC-768] J. Postel, "User Datagram Protocol", RFC-768, + USC/Information Sciences Institute, August 1980. + +[RFC-793] J. Postel, "Transmission Control Protocol", RFC-793, + USC/Information Sciences Institute, September 1981. + +[RFC-799] D. Mills, "Internet Name Domains", RFC-799, COMSAT, + September 1981. + + Suggests introduction of a hierarchy in place of a flat + name space for the Internet. + +[RFC-805] J. Postel, "Computer Mail Meeting Notes", RFC-805, + USC/Information Sciences Institute, February 1982. + +[RFC-810] E. Feinler, K. Harrenstien, Z. Su, and V. White, "DOD + Internet Host Table Specification", RFC-810, Network + Information Center, SRI International, March 1982. + + Obsolete. See RFC-952. + +[RFC-811] K. Harrenstien, V. White, and E. Feinler, "Hostnames + Server", RFC-811, Network Information Center, SRI + International, March 1982. + + Obsolete. See RFC-953. + +[RFC-812] K. Harrenstien, and V. White, "NICNAME/WHOIS", RFC-812, + Network Information Center, SRI International, March + 1982. + +[RFC-819] Z. Su, and J. Postel, "The Domain Naming Convention for + Internet User Applications", RFC-819, Network + Information Center, SRI International, August 1982. + + Early thoughts on the design of the domain system. + Current implementation is completely different. + +[RFC-821] J. Postel, "Simple Mail Transfer Protocol", RFC-821, + USC/Information Sciences Institute, August 1980. + + + + +Mockapetris [Page 51] + +RFC 1034 Domain Concepts and Facilities November 1987 + + +[RFC-830] Z. Su, "A Distributed System for Internet Name Service", + RFC-830, Network Information Center, SRI International, + October 1982. + + Early thoughts on the design of the domain system. + Current implementation is completely different. + +[RFC-882] P. Mockapetris, "Domain names - Concepts and + Facilities," RFC-882, USC/Information Sciences + Institute, November 1983. + + Superceeded by this memo. + +[RFC-883] P. Mockapetris, "Domain names - Implementation and + Specification," RFC-883, USC/Information Sciences + Institute, November 1983. + + Superceeded by this memo. + +[RFC-920] J. Postel and J. Reynolds, "Domain Requirements", + RFC-920, USC/Information Sciences Institute + October 1984. + + Explains the naming scheme for top level domains. + +[RFC-952] K. Harrenstien, M. Stahl, E. Feinler, "DoD Internet Host + Table Specification", RFC-952, SRI, October 1985. + + Specifies the format of HOSTS.TXT, the host/address + table replaced by the DNS. + +[RFC-953] K. Harrenstien, M. Stahl, E. Feinler, "HOSTNAME Server", + RFC-953, SRI, October 1985. + + This RFC contains the official specification of the + hostname server protocol, which is obsoleted by the DNS. + This TCP based protocol accesses information stored in + the RFC-952 format, and is used to obtain copies of the + host table. + +[RFC-973] P. Mockapetris, "Domain System Changes and + Observations", RFC-973, USC/Information Sciences + Institute, January 1986. + + Describes changes to RFC-882 and RFC-883 and reasons for + them. Now obsolete. + + + + + +Mockapetris [Page 52] + +RFC 1034 Domain Concepts and Facilities November 1987 + + +[RFC-974] C. Partridge, "Mail routing and the domain system", + RFC-974, CSNET CIC BBN Labs, January 1986. + + Describes the transition from HOSTS.TXT based mail + addressing to the more powerful MX system used with the + domain system. + +[RFC-1001] NetBIOS Working Group, "Protocol standard for a NetBIOS + service on a TCP/UDP transport: Concepts and Methods", + RFC-1001, March 1987. + + This RFC and RFC-1002 are a preliminary design for + NETBIOS on top of TCP/IP which proposes to base NetBIOS + name service on top of the DNS. + +[RFC-1002] NetBIOS Working Group, "Protocol standard for a NetBIOS + service on a TCP/UDP transport: Detailed + Specifications", RFC-1002, March 1987. + +[RFC-1010] J. Reynolds and J. Postel, "Assigned Numbers", RFC-1010, + USC/Information Sciences Institute, May 1987 + + Contains socket numbers and mnemonics for host names, + operating systems, etc. + +[RFC-1031] W. Lazear, "MILNET Name Domain Transition", RFC-1031, + November 1987. + + Describes a plan for converting the MILNET to the DNS. + +[RFC-1032] M. K. Stahl, "Establishing a Domain - Guidelines for + Administrators", RFC-1032, November 1987. + + Describes the registration policies used by the NIC to + administer the top level domains and delegate subzones. + +[RFC-1033] M. K. Lottor, "Domain Administrators Operations Guide", + RFC-1033, November 1987. + + A cookbook for domain administrators. + +[Solomon 82] M. Solomon, L. Landweber, and D. Neuhengen, "The CSNET + Name Server", Computer Networks, vol 6, nr 3, July 1982. + + Describes a name service for CSNET which is independent + from the DNS and DNS use in the CSNET. + + + + + +Mockapetris [Page 53] + +RFC 1034 Domain Concepts and Facilities November 1987 + + +Index + + A 12 + Absolute names 8 + Aliases 14, 31 + Authority 6 + AXFR 17 + + Case of characters 7 + CH 12 + CNAME 12, 13, 31 + Completion queries 18 + + Domain name 6, 7 + + Glue RRs 20 + + HINFO 12 + + IN 12 + Inverse queries 16 + Iterative 4 + + Label 7 + + Mailbox names 9 + MX 12 + + Name error 27, 36 + Name servers 5, 17 + NE 30 + Negative caching 44 + NS 12 + + Opcode 16 + + PTR 12 + + QCLASS 16 + QTYPE 16 + + RDATA 13 + Recursive 4 + Recursive service 22 + Relative names 7 + Resolvers 6 + RR 12 + + + + +Mockapetris [Page 54] + +RFC 1034 Domain Concepts and Facilities November 1987 + + + Safety belt 33 + Sections 16 + SOA 12 + Standard queries 22 + + Status queries 18 + Stub resolvers 32 + + TTL 12, 13 + + Wildcards 25 + + Zone transfers 28 + Zones 19 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Mockapetris [Page 55] + diff --git a/usr.sbin/named/doc/rfc/rfc1035 b/usr.sbin/named/doc/rfc/rfc1035 new file mode 100644 index 00000000000..b1a9bf5a94b --- /dev/null +++ b/usr.sbin/named/doc/rfc/rfc1035 @@ -0,0 +1,3077 @@ +Network Working Group P. Mockapetris +Request for Comments: 1035 ISI + November 1987 +Obsoletes: RFCs 882, 883, 973 + + DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION + + +1. STATUS OF THIS MEMO + +This RFC describes the details of the domain system and protocol, and +assumes that the reader is familiar with the concepts discussed in a +companion RFC, "Domain Names - Concepts and Facilities" [RFC-1034]. + +The domain system is a mixture of functions and data types which are an +official protocol and functions and data types which are still +experimental. Since the domain system is intentionally extensible, new +data types and experimental behavior should always be expected in parts +of the system beyond the official protocol. The official protocol parts +include standard queries, responses and the Internet class RR data +formats (e.g., host addresses). Since the previous RFC set, several +definitions have changed, so some previous definitions are obsolete. + +Experimental or obsolete features are clearly marked in these RFCs, and +such information should be used with caution. + +The reader is especially cautioned not to depend on the values which +appear in examples to be current or complete, since their purpose is +primarily pedagogical. Distribution of this memo is unlimited. + + Table of Contents + + 1. STATUS OF THIS MEMO 1 + 2. INTRODUCTION 3 + 2.1. Overview 3 + 2.2. Common configurations 4 + 2.3. Conventions 7 + 2.3.1. Preferred name syntax 7 + 2.3.2. Data Transmission Order 8 + 2.3.3. Character Case 9 + 2.3.4. Size limits 10 + 3. DOMAIN NAME SPACE AND RR DEFINITIONS 10 + 3.1. Name space definitions 10 + 3.2. RR definitions 11 + 3.2.1. Format 11 + 3.2.2. TYPE values 12 + 3.2.3. QTYPE values 12 + 3.2.4. CLASS values 13 + + + +Mockapetris [Page 1] + +RFC 1035 Domain Implementation and Specification November 1987 + + + 3.2.5. QCLASS values 13 + 3.3. Standard RRs 13 + 3.3.1. CNAME RDATA format 14 + 3.3.2. HINFO RDATA format 14 + 3.3.3. MB RDATA format (EXPERIMENTAL) 14 + 3.3.4. MD RDATA format (Obsolete) 15 + 3.3.5. MF RDATA format (Obsolete) 15 + 3.3.6. MG RDATA format (EXPERIMENTAL) 16 + 3.3.7. MINFO RDATA format (EXPERIMENTAL) 16 + 3.3.8. MR RDATA format (EXPERIMENTAL) 17 + 3.3.9. MX RDATA format 17 + 3.3.10. NULL RDATA format (EXPERIMENTAL) 17 + 3.3.11. NS RDATA format 18 + 3.3.12. PTR RDATA format 18 + 3.3.13. SOA RDATA format 19 + 3.3.14. TXT RDATA format 20 + 3.4. ARPA Internet specific RRs 20 + 3.4.1. A RDATA format 20 + 3.4.2. WKS RDATA format 21 + 3.5. IN-ADDR.ARPA domain 22 + 3.6. Defining new types, classes, and special namespaces 24 + 4. MESSAGES 25 + 4.1. Format 25 + 4.1.1. Header section format 26 + 4.1.2. Question section format 28 + 4.1.3. Resource record format 29 + 4.1.4. Message compression 30 + 4.2. Transport 32 + 4.2.1. UDP usage 32 + 4.2.2. TCP usage 32 + 5. MASTER FILES 33 + 5.1. Format 33 + 5.2. Use of master files to define zones 35 + 5.3. Master file example 36 + 6. NAME SERVER IMPLEMENTATION 37 + 6.1. Architecture 37 + 6.1.1. Control 37 + 6.1.2. Database 37 + 6.1.3. Time 39 + 6.2. Standard query processing 39 + 6.3. Zone refresh and reload processing 39 + 6.4. Inverse queries (Optional) 40 + 6.4.1. The contents of inverse queries and responses 40 + 6.4.2. Inverse query and response example 41 + 6.4.3. Inverse query processing 42 + + + + + + +Mockapetris [Page 2] + +RFC 1035 Domain Implementation and Specification November 1987 + + + 6.5. Completion queries and responses 42 + 7. RESOLVER IMPLEMENTATION 43 + 7.1. Transforming a user request into a query 43 + 7.2. Sending the queries 44 + 7.3. Processing responses 46 + 7.4. Using the cache 47 + 8. MAIL SUPPORT 47 + 8.1. Mail exchange binding 48 + 8.2. Mailbox binding (Experimental) 48 + 9. REFERENCES and BIBLIOGRAPHY 50 + Index 54 + +2. INTRODUCTION + +2.1. Overview + +The goal of domain names is to provide a mechanism for naming resources +in such a way that the names are usable in different hosts, networks, +protocol families, internets, and administrative organizations. + +From the user's point of view, domain names are useful as arguments to a +local agent, called a resolver, which retrieves information associated +with the domain name. Thus a user might ask for the host address or +mail information associated with a particular domain name. To enable +the user to request a particular type of information, an appropriate +query type is passed to the resolver with the domain name. To the user, +the domain tree is a single information space; the resolver is +responsible for hiding the distribution of data among name servers from +the user. + +From the resolver's point of view, the database that makes up the domain +space is distributed among various name servers. Different parts of the +domain space are stored in different name servers, although a particular +data item will be stored redundantly in two or more name servers. The +resolver starts with knowledge of at least one name server. When the +resolver processes a user query it asks a known name server for the +information; in return, the resolver either receives the desired +information or a referral to another name server. Using these +referrals, resolvers learn the identities and contents of other name +servers. Resolvers are responsible for dealing with the distribution of +the domain space and dealing with the effects of name server failure by +consulting redundant databases in other servers. + +Name servers manage two kinds of data. The first kind of data held in +sets called zones; each zone is the complete database for a particular +"pruned" subtree of the domain space. This data is called +authoritative. A name server periodically checks to make sure that its +zones are up to date, and if not, obtains a new copy of updated zones + + + +Mockapetris [Page 3] + +RFC 1035 Domain Implementation and Specification November 1987 + + +from master files stored locally or in another name server. The second +kind of data is cached data which was acquired by a local resolver. +This data may be incomplete, but improves the performance of the +retrieval process when non-local data is repeatedly accessed. Cached +data is eventually discarded by a timeout mechanism. + +This functional structure isolates the problems of user interface, +failure recovery, and distribution in the resolvers and isolates the +database update and refresh problems in the name servers. + +2.2. Common configurations + +A host can participate in the domain name system in a number of ways, +depending on whether the host runs programs that retrieve information +from the domain system, name servers that answer queries from other +hosts, or various combinations of both functions. The simplest, and +perhaps most typical, configuration is shown below: + + Local Host | Foreign + | + +---------+ +----------+ | +--------+ + | | user queries | |queries | | | + | User |-------------->| |---------|->|Foreign | + | Program | | Resolver | | | Name | + | |<--------------| |<--------|--| Server | + | | user responses| |responses| | | + +---------+ +----------+ | +--------+ + | A | + cache additions | | references | + V | | + +----------+ | + | cache | | + +----------+ | + +User programs interact with the domain name space through resolvers; the +format of user queries and user responses is specific to the host and +its operating system. User queries will typically be operating system +calls, and the resolver and its cache will be part of the host operating +system. Less capable hosts may choose to implement the resolver as a +subroutine to be linked in with every program that needs its services. +Resolvers answer user queries with information they acquire via queries +to foreign name servers and the local cache. + +Note that the resolver may have to make several queries to several +different foreign name servers to answer a particular user query, and +hence the resolution of a user query may involve several network +accesses and an arbitrary amount of time. The queries to foreign name +servers and the corresponding responses have a standard format described + + + +Mockapetris [Page 4] + +RFC 1035 Domain Implementation and Specification November 1987 + + +in this memo, and may be datagrams. + +Depending on its capabilities, a name server could be a stand alone +program on a dedicated machine or a process or processes on a large +timeshared host. A simple configuration might be: + + Local Host | Foreign + | + +---------+ | + / /| | + +---------+ | +----------+ | +--------+ + | | | | |responses| | | + | | | | Name |---------|->|Foreign | + | Master |-------------->| Server | | |Resolver| + | files | | | |<--------|--| | + | |/ | | queries | +--------+ + +---------+ +----------+ | + +Here a primary name server acquires information about one or more zones +by reading master files from its local file system, and answers queries +about those zones that arrive from foreign resolvers. + +The DNS requires that all zones be redundantly supported by more than +one name server. Designated secondary servers can acquire zones and +check for updates from the primary server using the zone transfer +protocol of the DNS. This configuration is shown below: + + Local Host | Foreign + | + +---------+ | + / /| | + +---------+ | +----------+ | +--------+ + | | | | |responses| | | + | | | | Name |---------|->|Foreign | + | Master |-------------->| Server | | |Resolver| + | files | | | |<--------|--| | + | |/ | | queries | +--------+ + +---------+ +----------+ | + A |maintenance | +--------+ + | +------------|->| | + | queries | |Foreign | + | | | Name | + +------------------|--| Server | + maintenance responses | +--------+ + +In this configuration, the name server periodically establishes a +virtual circuit to a foreign name server to acquire a copy of a zone or +to check that an existing copy has not changed. The messages sent for + + + +Mockapetris [Page 5] + +RFC 1035 Domain Implementation and Specification November 1987 + + +these maintenance activities follow the same form as queries and +responses, but the message sequences are somewhat different. + +The information flow in a host that supports all aspects of the domain +name system is shown below: + + Local Host | Foreign + | + +---------+ +----------+ | +--------+ + | | user queries | |queries | | | + | User |-------------->| |---------|->|Foreign | + | Program | | Resolver | | | Name | + | |<--------------| |<--------|--| Server | + | | user responses| |responses| | | + +---------+ +----------+ | +--------+ + | A | + cache additions | | references | + V | | + +----------+ | + | Shared | | + | database | | + +----------+ | + A | | + +---------+ refreshes | | references | + / /| | V | + +---------+ | +----------+ | +--------+ + | | | | |responses| | | + | | | | Name |---------|->|Foreign | + | Master |-------------->| Server | | |Resolver| + | files | | | |<--------|--| | + | |/ | | queries | +--------+ + +---------+ +----------+ | + A |maintenance | +--------+ + | +------------|->| | + | queries | |Foreign | + | | | Name | + +------------------|--| Server | + maintenance responses | +--------+ + +The shared database holds domain space data for the local name server +and resolver. The contents of the shared database will typically be a +mixture of authoritative data maintained by the periodic refresh +operations of the name server and cached data from previous resolver +requests. The structure of the domain data and the necessity for +synchronization between name servers and resolvers imply the general +characteristics of this database, but the actual format is up to the +local implementor. + + + + +Mockapetris [Page 6] + +RFC 1035 Domain Implementation and Specification November 1987 + + +Information flow can also be tailored so that a group of hosts act +together to optimize activities. Sometimes this is done to offload less +capable hosts so that they do not have to implement a full resolver. +This can be appropriate for PCs or hosts which want to minimize the +amount of new network code which is required. This scheme can also +allow a group of hosts can share a small number of caches rather than +maintaining a large number of separate caches, on the premise that the +centralized caches will have a higher hit ratio. In either case, +resolvers are replaced with stub resolvers which act as front ends to +resolvers located in a recursive server in one or more name servers +known to perform that service: + + Local Hosts | Foreign + | + +---------+ | + | | responses | + | Stub |<--------------------+ | + | Resolver| | | + | |----------------+ | | + +---------+ recursive | | | + queries | | | + V | | + +---------+ recursive +----------+ | +--------+ + | | queries | |queries | | | + | Stub |-------------->| Recursive|---------|->|Foreign | + | Resolver| | Server | | | Name | + | |<--------------| |<--------|--| Server | + +---------+ responses | |responses| | | + +----------+ | +--------+ + | Central | | + | cache | | + +----------+ | + +In any case, note that domain components are always replicated for +reliability whenever possible. + +2.3. Conventions + +The domain system has several conventions dealing with low-level, but +fundamental, issues. While the implementor is free to violate these +conventions WITHIN HIS OWN SYSTEM, he must observe these conventions in +ALL behavior observed from other hosts. + +2.3.1. Preferred name syntax + +The DNS specifications attempt to be as general as possible in the rules +for constructing domain names. The idea is that the name of any +existing object can be expressed as a domain name with minimal changes. + + + +Mockapetris [Page 7] + +RFC 1035 Domain Implementation and Specification November 1987 + + +However, when assigning a domain name for an object, the prudent user +will select a name which satisfies both the rules of the domain system +and any existing rules for the object, whether these rules are published +or implied by existing programs. + +For example, when naming a mail domain, the user should satisfy both the +rules of this memo and those in RFC-822. When creating a new host name, +the old rules for HOSTS.TXT should be followed. This avoids problems +when old software is converted to use domain names. + +The following syntax will result in fewer problems with many + +applications that use domain names (e.g., mail, TELNET). + +<domain> ::= <subdomain> | " " + +<subdomain> ::= <label> | <subdomain> "." <label> + +<label> ::= <letter> [ [ <ldh-str> ] <let-dig> ] + +<ldh-str> ::= <let-dig-hyp> | <let-dig-hyp> <ldh-str> + +<let-dig-hyp> ::= <let-dig> | "-" + +<let-dig> ::= <letter> | <digit> + +<letter> ::= any one of the 52 alphabetic characters A through Z in +upper case and a through z in lower case + +<digit> ::= any one of the ten digits 0 through 9 + +Note that while upper and lower case letters are allowed in domain +names, no significance is attached to the case. That is, two names with +the same spelling but different case are to be treated as if identical. + +The labels must follow the rules for ARPANET host names. They must +start with a letter, end with a letter or digit, and have as interior +characters only letters, digits, and hyphen. There are also some +restrictions on the length. Labels must be 63 characters or less. + +For example, the following strings identify hosts in the Internet: + +A.ISI.EDU XX.LCS.MIT.EDU SRI-NIC.ARPA + +2.3.2. Data Transmission Order + +The order of transmission of the header and data described in this +document is resolved to the octet level. Whenever a diagram shows a + + + +Mockapetris [Page 8] + +RFC 1035 Domain Implementation and Specification November 1987 + + +group of octets, the order of transmission of those octets is the normal +order in which they are read in English. For example, in the following +diagram, the octets are transmitted in the order they are numbered. + + 0 1 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | 1 | 2 | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | 3 | 4 | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | 5 | 6 | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + +Whenever an octet represents a numeric quantity, the left most bit in +the diagram is the high order or most significant bit. That is, the bit +labeled 0 is the most significant bit. For example, the following +diagram represents the value 170 (decimal). + + 0 1 2 3 4 5 6 7 + +-+-+-+-+-+-+-+-+ + |1 0 1 0 1 0 1 0| + +-+-+-+-+-+-+-+-+ + +Similarly, whenever a multi-octet field represents a numeric quantity +the left most bit of the whole field is the most significant bit. When +a multi-octet quantity is transmitted the most significant octet is +transmitted first. + +2.3.3. Character Case + +For all parts of the DNS that are part of the official protocol, all +comparisons between character strings (e.g., labels, domain names, etc.) +are done in a case-insensitive manner. At present, this rule is in +force throughout the domain system without exception. However, future +additions beyond current usage may need to use the full binary octet +capabilities in names, so attempts to store domain names in 7-bit ASCII +or use of special bytes to terminate labels, etc., should be avoided. + +When data enters the domain system, its original case should be +preserved whenever possible. In certain circumstances this cannot be +done. For example, if two RRs are stored in a database, one at x.y and +one at X.Y, they are actually stored at the same place in the database, +and hence only one casing would be preserved. The basic rule is that +case can be discarded only when data is used to define structure in a +database, and two names are identical when compared in a case +insensitive manner. + + + + +Mockapetris [Page 9] + +RFC 1035 Domain Implementation and Specification November 1987 + + +Loss of case sensitive data must be minimized. Thus while data for x.y +and X.Y may both be stored under a single location x.y or X.Y, data for +a.x and B.X would never be stored under A.x, A.X, b.x, or b.X. In +general, this preserves the case of the first label of a domain name, +but forces standardization of interior node labels. + +Systems administrators who enter data into the domain database should +take care to represent the data they supply to the domain system in a +case-consistent manner if their system is case-sensitive. The data +distribution system in the domain system will ensure that consistent +representations are preserved. + +2.3.4. Size limits + +Various objects and parameters in the DNS have size limits. They are +listed below. Some could be easily changed, others are more +fundamental. + +labels 63 octets or less + +names 255 octets or less + +TTL positive values of a signed 32 bit number. + +UDP messages 512 octets or less + +3. DOMAIN NAME SPACE AND RR DEFINITIONS + +3.1. Name space definitions + +Domain names in messages are expressed in terms of a sequence of labels. +Each label is represented as a one octet length field followed by that +number of octets. Since every domain name ends with the null label of +the root, a domain name is terminated by a length byte of zero. The +high order two bits of every length octet must be zero, and the +remaining six bits of the length field limit the label to 63 octets or +less. + +To simplify implementations, the total length of a domain name (i.e., +label octets and label length octets) is restricted to 255 octets or +less. + +Although labels can contain any 8 bit values in octets that make up a +label, it is strongly recommended that labels follow the preferred +syntax described elsewhere in this memo, which is compatible with +existing host naming conventions. Name servers and resolvers must +compare labels in a case-insensitive manner (i.e., A=a), assuming ASCII +with zero parity. Non-alphabetic codes must match exactly. + + + +Mockapetris [Page 10] + +RFC 1035 Domain Implementation and Specification November 1987 + + +3.2. RR definitions + +3.2.1. Format + +All RRs have the same top level format shown below: + + 1 1 1 1 1 1 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | | + / / + / NAME / + | | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | TYPE | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | CLASS | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | TTL | + | | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | RDLENGTH | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--| + / RDATA / + / / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + + +where: + +NAME an owner name, i.e., the name of the node to which this + resource record pertains. + +TYPE two octets containing one of the RR TYPE codes. + +CLASS two octets containing one of the RR CLASS codes. + +TTL a 32 bit signed integer that specifies the time interval + that the resource record may be cached before the source + of the information should again be consulted. Zero + values are interpreted to mean that the RR can only be + used for the transaction in progress, and should not be + cached. For example, SOA records are always distributed + with a zero TTL to prohibit caching. Zero values can + also be used for extremely volatile data. + +RDLENGTH an unsigned 16 bit integer that specifies the length in + octets of the RDATA field. + + + +Mockapetris [Page 11] + +RFC 1035 Domain Implementation and Specification November 1987 + + +RDATA a variable length string of octets that describes the + resource. The format of this information varies + according to the TYPE and CLASS of the resource record. + +3.2.2. TYPE values + +TYPE fields are used in resource records. Note that these types are a +subset of QTYPEs. + +TYPE value and meaning + +A 1 a host address + +NS 2 an authoritative name server + +MD 3 a mail destination (Obsolete - use MX) + +MF 4 a mail forwarder (Obsolete - use MX) + +CNAME 5 the canonical name for an alias + +SOA 6 marks the start of a zone of authority + +MB 7 a mailbox domain name (EXPERIMENTAL) + +MG 8 a mail group member (EXPERIMENTAL) + +MR 9 a mail rename domain name (EXPERIMENTAL) + +NULL 10 a null RR (EXPERIMENTAL) + +WKS 11 a well known service description + +PTR 12 a domain name pointer + +HINFO 13 host information + +MINFO 14 mailbox or mail list information + +MX 15 mail exchange + +TXT 16 text strings + +3.2.3. QTYPE values + +QTYPE fields appear in the question part of a query. QTYPES are a +superset of TYPEs, hence all TYPEs are valid QTYPEs. In addition, the +following QTYPEs are defined: + + + +Mockapetris [Page 12] + +RFC 1035 Domain Implementation and Specification November 1987 + + +AXFR 252 A request for a transfer of an entire zone + +MAILB 253 A request for mailbox-related records (MB, MG or MR) + +MAILA 254 A request for mail agent RRs (Obsolete - see MX) + +* 255 A request for all records + +3.2.4. CLASS values + +CLASS fields appear in resource records. The following CLASS mnemonics +and values are defined: + +IN 1 the Internet + +CS 2 the CSNET class (Obsolete - used only for examples in + some obsolete RFCs) + +CH 3 the CHAOS class + +HS 4 Hesiod [Dyer 87] + +3.2.5. QCLASS values + +QCLASS fields appear in the question section of a query. QCLASS values +are a superset of CLASS values; every CLASS is a valid QCLASS. In +addition to CLASS values, the following QCLASSes are defined: + +* 255 any class + +3.3. Standard RRs + +The following RR definitions are expected to occur, at least +potentially, in all classes. In particular, NS, SOA, CNAME, and PTR +will be used in all classes, and have the same format in all classes. +Because their RDATA format is known, all domain names in the RDATA +section of these RRs may be compressed. + +<domain-name> is a domain name represented as a series of labels, and +terminated by a label with zero length. <character-string> is a single +length octet followed by that number of characters. <character-string> +is treated as binary information, and can be up to 256 characters in +length (including the length octet). + + + + + + + + +Mockapetris [Page 13] + +RFC 1035 Domain Implementation and Specification November 1987 + + +3.3.1. CNAME RDATA format + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + / CNAME / + / / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +CNAME A <domain-name> which specifies the canonical or primary + name for the owner. The owner name is an alias. + +CNAME RRs cause no additional section processing, but name servers may +choose to restart the query at the canonical name in certain cases. See +the description of name server logic in [RFC-1034] for details. + +3.3.2. HINFO RDATA format + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + / CPU / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + / OS / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +CPU A <character-string> which specifies the CPU type. + +OS A <character-string> which specifies the operating + system type. + +Standard values for CPU and OS can be found in [RFC-1010]. + +HINFO records are used to acquire general information about a host. The +main use is for protocols such as FTP that can use special procedures +when talking between machines or operating systems of the same type. + +3.3.3. MB RDATA format (EXPERIMENTAL) + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + / MADNAME / + / / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +MADNAME A <domain-name> which specifies a host which has the + specified mailbox. + + + +Mockapetris [Page 14] + +RFC 1035 Domain Implementation and Specification November 1987 + + +MB records cause additional section processing which looks up an A type +RRs corresponding to MADNAME. + +3.3.4. MD RDATA format (Obsolete) + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + / MADNAME / + / / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +MADNAME A <domain-name> which specifies a host which has a mail + agent for the domain which should be able to deliver + mail for the domain. + +MD records cause additional section processing which looks up an A type +record corresponding to MADNAME. + +MD is obsolete. See the definition of MX and [RFC-974] for details of +the new scheme. The recommended policy for dealing with MD RRs found in +a master file is to reject them, or to convert them to MX RRs with a +preference of 0. + +3.3.5. MF RDATA format (Obsolete) + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + / MADNAME / + / / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +MADNAME A <domain-name> which specifies a host which has a mail + agent for the domain which will accept mail for + forwarding to the domain. + +MF records cause additional section processing which looks up an A type +record corresponding to MADNAME. + +MF is obsolete. See the definition of MX and [RFC-974] for details ofw +the new scheme. The recommended policy for dealing with MD RRs found in +a master file is to reject them, or to convert them to MX RRs with a +preference of 10. + + + + + + + +Mockapetris [Page 15] + +RFC 1035 Domain Implementation and Specification November 1987 + + +3.3.6. MG RDATA format (EXPERIMENTAL) + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + / MGMNAME / + / / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +MGMNAME A <domain-name> which specifies a mailbox which is a + member of the mail group specified by the domain name. + +MG records cause no additional section processing. + +3.3.7. MINFO RDATA format (EXPERIMENTAL) + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + / RMAILBX / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + / EMAILBX / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +RMAILBX A <domain-name> which specifies a mailbox which is + responsible for the mailing list or mailbox. If this + domain name names the root, the owner of the MINFO RR is + responsible for itself. Note that many existing mailing + lists use a mailbox X-request for the RMAILBX field of + mailing list X, e.g., Msgroup-request for Msgroup. This + field provides a more general mechanism. + + +EMAILBX A <domain-name> which specifies a mailbox which is to + receive error messages related to the mailing list or + mailbox specified by the owner of the MINFO RR (similar + to the ERRORS-TO: field which has been proposed). If + this domain name names the root, errors should be + returned to the sender of the message. + +MINFO records cause no additional section processing. Although these +records can be associated with a simple mailbox, they are usually used +with a mailing list. + + + + + + + + +Mockapetris [Page 16] + +RFC 1035 Domain Implementation and Specification November 1987 + + +3.3.8. MR RDATA format (EXPERIMENTAL) + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + / NEWNAME / + / / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +NEWNAME A <domain-name> which specifies a mailbox which is the + proper rename of the specified mailbox. + +MR records cause no additional section processing. The main use for MR +is as a forwarding entry for a user who has moved to a different +mailbox. + +3.3.9. MX RDATA format + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | PREFERENCE | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + / EXCHANGE / + / / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +PREFERENCE A 16 bit integer which specifies the preference given to + this RR among others at the same owner. Lower values + are preferred. + +EXCHANGE A <domain-name> which specifies a host willing to act as + a mail exchange for the owner name. + +MX records cause type A additional section processing for the host +specified by EXCHANGE. The use of MX RRs is explained in detail in +[RFC-974]. + +3.3.10. NULL RDATA format (EXPERIMENTAL) + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + / <anything> / + / / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +Anything at all may be in the RDATA field so long as it is 65535 octets +or less. + + + + +Mockapetris [Page 17] + +RFC 1035 Domain Implementation and Specification November 1987 + + +NULL records cause no additional section processing. NULL RRs are not +allowed in master files. NULLs are used as placeholders in some +experimental extensions of the DNS. + +3.3.11. NS RDATA format + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + / NSDNAME / + / / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +NSDNAME A <domain-name> which specifies a host which should be + authoritative for the specified class and domain. + +NS records cause both the usual additional section processing to locate +a type A record, and, when used in a referral, a special search of the +zone in which they reside for glue information. + +The NS RR states that the named host should be expected to have a zone +starting at owner name of the specified class. Note that the class may +not indicate the protocol family which should be used to communicate +with the host, although it is typically a strong hint. For example, +hosts which are name servers for either Internet (IN) or Hesiod (HS) +class information are normally queried using IN class protocols. + +3.3.12. PTR RDATA format + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + / PTRDNAME / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +PTRDNAME A <domain-name> which points to some location in the + domain name space. + +PTR records cause no additional section processing. These RRs are used +in special domains to point to some other location in the domain space. +These records are simple data, and don't imply any special processing +similar to that performed by CNAME, which identifies aliases. See the +description of the IN-ADDR.ARPA domain for an example. + + + + + + + + +Mockapetris [Page 18] + +RFC 1035 Domain Implementation and Specification November 1987 + + +3.3.13. SOA RDATA format + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + / MNAME / + / / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + / RNAME / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | SERIAL | + | | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | REFRESH | + | | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | RETRY | + | | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | EXPIRE | + | | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | MINIMUM | + | | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +MNAME The <domain-name> of the name server that was the + original or primary source of data for this zone. + +RNAME A <domain-name> which specifies the mailbox of the + person responsible for this zone. + +SERIAL The unsigned 32 bit version number of the original copy + of the zone. Zone transfers preserve this value. This + value wraps and should be compared using sequence space + arithmetic. + +REFRESH A 32 bit time interval before the zone should be + refreshed. + +RETRY A 32 bit time interval that should elapse before a + failed refresh should be retried. + +EXPIRE A 32 bit time value that specifies the upper limit on + the time interval that can elapse before the zone is no + longer authoritative. + + + + + +Mockapetris [Page 19] + +RFC 1035 Domain Implementation and Specification November 1987 + + +MINIMUM The unsigned 32 bit minimum TTL field that should be + exported with any RR from this zone. + +SOA records cause no additional section processing. + +All times are in units of seconds. + +Most of these fields are pertinent only for name server maintenance +operations. However, MINIMUM is used in all query operations that +retrieve RRs from a zone. Whenever a RR is sent in a response to a +query, the TTL field is set to the maximum of the TTL field from the RR +and the MINIMUM field in the appropriate SOA. Thus MINIMUM is a lower +bound on the TTL field for all RRs in a zone. Note that this use of +MINIMUM should occur when the RRs are copied into the response and not +when the zone is loaded from a master file or via a zone transfer. The +reason for this provison is to allow future dynamic update facilities to +change the SOA RR with known semantics. + + +3.3.14. TXT RDATA format + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + / TXT-DATA / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +TXT-DATA One or more <character-string>s. + +TXT RRs are used to hold descriptive text. The semantics of the text +depends on the domain where it is found. + +3.4. Internet specific RRs + +3.4.1. A RDATA format + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | ADDRESS | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +ADDRESS A 32 bit Internet address. + +Hosts that have multiple Internet addresses will have multiple A +records. + + + + + +Mockapetris [Page 20] + +RFC 1035 Domain Implementation and Specification November 1987 + + +A records cause no additional section processing. The RDATA section of +an A line in a master file is an Internet address expressed as four +decimal numbers separated by dots without any imbedded spaces (e.g., +"10.2.0.52" or "192.0.5.6"). + +3.4.2. WKS RDATA format + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | ADDRESS | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | PROTOCOL | | + +--+--+--+--+--+--+--+--+ | + | | + / <BIT MAP> / + / / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +ADDRESS An 32 bit Internet address + +PROTOCOL An 8 bit IP protocol number + +<BIT MAP> A variable length bit map. The bit map must be a + multiple of 8 bits long. + +The WKS record is used to describe the well known services supported by +a particular protocol on a particular internet address. The PROTOCOL +field specifies an IP protocol number, and the bit map has one bit per +port of the specified protocol. The first bit corresponds to port 0, +the second to port 1, etc. If the bit map does not include a bit for a +protocol of interest, that bit is assumed zero. The appropriate values +and mnemonics for ports and protocols are specified in [RFC-1010]. + +For example, if PROTOCOL=TCP (6), the 26th bit corresponds to TCP port +25 (SMTP). If this bit is set, a SMTP server should be listening on TCP +port 25; if zero, SMTP service is not supported on the specified +address. + +The purpose of WKS RRs is to provide availability information for +servers for TCP and UDP. If a server supports both TCP and UDP, or has +multiple Internet addresses, then multiple WKS RRs are used. + +WKS RRs cause no additional section processing. + +In master files, both ports and protocols are expressed using mnemonics +or decimal numbers. + + + + +Mockapetris [Page 21] + +RFC 1035 Domain Implementation and Specification November 1987 + + +3.5. IN-ADDR.ARPA domain + +The Internet uses a special domain to support gateway location and +Internet address to host mapping. Other classes may employ a similar +strategy in other domains. The intent of this domain is to provide a +guaranteed method to perform host address to host name mapping, and to +facilitate queries to locate all gateways on a particular network in the +Internet. + +Note that both of these services are similar to functions that could be +performed by inverse queries; the difference is that this part of the +domain name space is structured according to address, and hence can +guarantee that the appropriate data can be located without an exhaustive +search of the domain space. + +The domain begins at IN-ADDR.ARPA and has a substructure which follows +the Internet addressing structure. + +Domain names in the IN-ADDR.ARPA domain are defined to have up to four +labels in addition to the IN-ADDR.ARPA suffix. Each label represents +one octet of an Internet address, and is expressed as a character string +for a decimal value in the range 0-255 (with leading zeros omitted +except in the case of a zero octet which is represented by a single +zero). + +Host addresses are represented by domain names that have all four labels +specified. Thus data for Internet address 10.2.0.52 is located at +domain name 52.0.2.10.IN-ADDR.ARPA. The reversal, though awkward to +read, allows zones to be delegated which are exactly one network of +address space. For example, 10.IN-ADDR.ARPA can be a zone containing +data for the ARPANET, while 26.IN-ADDR.ARPA can be a separate zone for +MILNET. Address nodes are used to hold pointers to primary host names +in the normal domain space. + +Network numbers correspond to some non-terminal nodes at various depths +in the IN-ADDR.ARPA domain, since Internet network numbers are either 1, +2, or 3 octets. Network nodes are used to hold pointers to the primary +host names of gateways attached to that network. Since a gateway is, by +definition, on more than one network, it will typically have two or more +network nodes which point at it. Gateways will also have host level +pointers at their fully qualified addresses. + +Both the gateway pointers at network nodes and the normal host pointers +at full address nodes use the PTR RR to point back to the primary domain +names of the corresponding hosts. + +For example, the IN-ADDR.ARPA domain will contain information about the +ISI gateway between net 10 and 26, an MIT gateway from net 10 to MIT's + + + +Mockapetris [Page 22] + +RFC 1035 Domain Implementation and Specification November 1987 + + +net 18, and hosts A.ISI.EDU and MULTICS.MIT.EDU. Assuming that ISI +gateway has addresses 10.2.0.22 and 26.0.0.103, and a name MILNET- +GW.ISI.EDU, and the MIT gateway has addresses 10.0.0.77 and 18.10.0.4 +and a name GW.LCS.MIT.EDU, the domain database would contain: + + 10.IN-ADDR.ARPA. PTR MILNET-GW.ISI.EDU. + 10.IN-ADDR.ARPA. PTR GW.LCS.MIT.EDU. + 18.IN-ADDR.ARPA. PTR GW.LCS.MIT.EDU. + 26.IN-ADDR.ARPA. PTR MILNET-GW.ISI.EDU. + 22.0.2.10.IN-ADDR.ARPA. PTR MILNET-GW.ISI.EDU. + 103.0.0.26.IN-ADDR.ARPA. PTR MILNET-GW.ISI.EDU. + 77.0.0.10.IN-ADDR.ARPA. PTR GW.LCS.MIT.EDU. + 4.0.10.18.IN-ADDR.ARPA. PTR GW.LCS.MIT.EDU. + 103.0.3.26.IN-ADDR.ARPA. PTR A.ISI.EDU. + 6.0.0.10.IN-ADDR.ARPA. PTR MULTICS.MIT.EDU. + +Thus a program which wanted to locate gateways on net 10 would originate +a query of the form QTYPE=PTR, QCLASS=IN, QNAME=10.IN-ADDR.ARPA. It +would receive two RRs in response: + + 10.IN-ADDR.ARPA. PTR MILNET-GW.ISI.EDU. + 10.IN-ADDR.ARPA. PTR GW.LCS.MIT.EDU. + +The program could then originate QTYPE=A, QCLASS=IN queries for MILNET- +GW.ISI.EDU. and GW.LCS.MIT.EDU. to discover the Internet addresses of +these gateways. + +A resolver which wanted to find the host name corresponding to Internet +host address 10.0.0.6 would pursue a query of the form QTYPE=PTR, +QCLASS=IN, QNAME=6.0.0.10.IN-ADDR.ARPA, and would receive: + + 6.0.0.10.IN-ADDR.ARPA. PTR MULTICS.MIT.EDU. + +Several cautions apply to the use of these services: + - Since the IN-ADDR.ARPA special domain and the normal domain + for a particular host or gateway will be in different zones, + the possibility exists that that the data may be inconsistent. + + - Gateways will often have two names in separate domains, only + one of which can be primary. + + - Systems that use the domain database to initialize their + routing tables must start with enough gateway information to + guarantee that they can access the appropriate name server. + + - The gateway data only reflects the existence of a gateway in a + manner equivalent to the current HOSTS.TXT file. It doesn't + replace the dynamic availability information from GGP or EGP. + + + +Mockapetris [Page 23] + +RFC 1035 Domain Implementation and Specification November 1987 + + +3.6. Defining new types, classes, and special namespaces + +The previously defined types and classes are the ones in use as of the +date of this memo. New definitions should be expected. This section +makes some recommendations to designers considering additions to the +existing facilities. The mailing list NAMEDROPPERS@SRI-NIC.ARPA is the +forum where general discussion of design issues takes place. + +In general, a new type is appropriate when new information is to be +added to the database about an existing object, or we need new data +formats for some totally new object. Designers should attempt to define +types and their RDATA formats that are generally applicable to all +classes, and which avoid duplication of information. New classes are +appropriate when the DNS is to be used for a new protocol, etc which +requires new class-specific data formats, or when a copy of the existing +name space is desired, but a separate management domain is necessary. + +New types and classes need mnemonics for master files; the format of the +master files requires that the mnemonics for type and class be disjoint. + +TYPE and CLASS values must be a proper subset of QTYPEs and QCLASSes +respectively. + +The present system uses multiple RRs to represent multiple values of a +type rather than storing multiple values in the RDATA section of a +single RR. This is less efficient for most applications, but does keep +RRs shorter. The multiple RRs assumption is incorporated in some +experimental work on dynamic update methods. + +The present system attempts to minimize the duplication of data in the +database in order to insure consistency. Thus, in order to find the +address of the host for a mail exchange, you map the mail domain name to +a host name, then the host name to addresses, rather than a direct +mapping to host address. This approach is preferred because it avoids +the opportunity for inconsistency. + +In defining a new type of data, multiple RR types should not be used to +create an ordering between entries or express different formats for +equivalent bindings, instead this information should be carried in the +body of the RR and a single type used. This policy avoids problems with +caching multiple types and defining QTYPEs to match multiple types. + +For example, the original form of mail exchange binding used two RR +types one to represent a "closer" exchange (MD) and one to represent a +"less close" exchange (MF). The difficulty is that the presence of one +RR type in a cache doesn't convey any information about the other +because the query which acquired the cached information might have used +a QTYPE of MF, MD, or MAILA (which matched both). The redesigned + + + +Mockapetris [Page 24] + +RFC 1035 Domain Implementation and Specification November 1987 + + +service used a single type (MX) with a "preference" value in the RDATA +section which can order different RRs. However, if any MX RRs are found +in the cache, then all should be there. + +4. MESSAGES + +4.1. Format + +All communications inside of the domain protocol are carried in a single +format called a message. The top level format of message is divided +into 5 sections (some of which are empty in certain cases) shown below: + + +---------------------+ + | Header | + +---------------------+ + | Question | the question for the name server + +---------------------+ + | Answer | RRs answering the question + +---------------------+ + | Authority | RRs pointing toward an authority + +---------------------+ + | Additional | RRs holding additional information + +---------------------+ + +The header section is always present. The header includes fields that +specify which of the remaining sections are present, and also specify +whether the message is a query or a response, a standard query or some +other opcode, etc. + +The names of the sections after the header are derived from their use in +standard queries. The question section contains fields that describe a +question to a name server. These fields are a query type (QTYPE), a +query class (QCLASS), and a query domain name (QNAME). The last three +sections have the same format: a possibly empty list of concatenated +resource records (RRs). The answer section contains RRs that answer the +question; the authority section contains RRs that point toward an +authoritative name server; the additional records section contains RRs +which relate to the query, but are not strictly answers for the +question. + + + + + + + + + + + + +Mockapetris [Page 25] + +RFC 1035 Domain Implementation and Specification November 1987 + + +4.1.1. Header section format + +The header contains the following fields: + + 1 1 1 1 1 1 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | ID | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + |QR| Opcode |AA|TC|RD|RA| Z | RCODE | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | QDCOUNT | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | ANCOUNT | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | NSCOUNT | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | ARCOUNT | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +ID A 16 bit identifier assigned by the program that + generates any kind of query. This identifier is copied + the corresponding reply and can be used by the requester + to match up replies to outstanding queries. + +QR A one bit field that specifies whether this message is a + query (0), or a response (1). + +OPCODE A four bit field that specifies kind of query in this + message. This value is set by the originator of a query + and copied into the response. The values are: + + 0 a standard query (QUERY) + + 1 an inverse query (IQUERY) + + 2 a server status request (STATUS) + + 3-15 reserved for future use + +AA Authoritative Answer - this bit is valid in responses, + and specifies that the responding name server is an + authority for the domain name in question section. + + Note that the contents of the answer section may have + multiple owner names because of aliases. The AA bit + + + +Mockapetris [Page 26] + +RFC 1035 Domain Implementation and Specification November 1987 + + + corresponds to the name which matches the query name, or + the first owner name in the answer section. + +TC TrunCation - specifies that this message was truncated + due to length greater than that permitted on the + transmission channel. + +RD Recursion Desired - this bit may be set in a query and + is copied into the response. If RD is set, it directs + the name server to pursue the query recursively. + Recursive query support is optional. + +RA Recursion Available - this be is set or cleared in a + response, and denotes whether recursive query support is + available in the name server. + +Z Reserved for future use. Must be zero in all queries + and responses. + +RCODE Response code - this 4 bit field is set as part of + responses. The values have the following + interpretation: + + 0 No error condition + + 1 Format error - The name server was + unable to interpret the query. + + 2 Server failure - The name server was + unable to process this query due to a + problem with the name server. + + 3 Name Error - Meaningful only for + responses from an authoritative name + server, this code signifies that the + domain name referenced in the query does + not exist. + + 4 Not Implemented - The name server does + not support the requested kind of query. + + 5 Refused - The name server refuses to + perform the specified operation for + policy reasons. For example, a name + server may not wish to provide the + information to the particular requester, + or a name server may not wish to perform + a particular operation (e.g., zone + + + +Mockapetris [Page 27] + +RFC 1035 Domain Implementation and Specification November 1987 + + + transfer) for particular data. + + 6-15 Reserved for future use. + +QDCOUNT an unsigned 16 bit integer specifying the number of + entries in the question section. + +ANCOUNT an unsigned 16 bit integer specifying the number of + resource records in the answer section. + +NSCOUNT an unsigned 16 bit integer specifying the number of name + server resource records in the authority records + section. + +ARCOUNT an unsigned 16 bit integer specifying the number of + resource records in the additional records section. + +4.1.2. Question section format + +The question section is used to carry the "question" in most queries, +i.e., the parameters that define what is being asked. The section +contains QDCOUNT (usually 1) entries, each of the following format: + + 1 1 1 1 1 1 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | | + / QNAME / + / / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | QTYPE | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | QCLASS | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +QNAME a domain name represented as a sequence of labels, where + each label consists of a length octet followed by that + number of octets. The domain name terminates with the + zero length octet for the null label of the root. Note + that this field may be an odd number of octets; no + padding is used. + +QTYPE a two octet code which specifies the type of the query. + The values for this field include all codes valid for a + TYPE field, together with some more general codes which + can match more than one type of RR. + + + +Mockapetris [Page 28] + +RFC 1035 Domain Implementation and Specification November 1987 + + +QCLASS a two octet code that specifies the class of the query. + For example, the QCLASS field is IN for the Internet. + +4.1.3. Resource record format + +The answer, authority, and additional sections all share the same +format: a variable number of resource records, where the number of +records is specified in the corresponding count field in the header. +Each resource record has the following format: + 1 1 1 1 1 1 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | | + / / + / NAME / + | | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | TYPE | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | CLASS | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | TTL | + | | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | RDLENGTH | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--| + / RDATA / + / / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +NAME a domain name to which this resource record pertains. + +TYPE two octets containing one of the RR type codes. This + field specifies the meaning of the data in the RDATA + field. + +CLASS two octets which specify the class of the data in the + RDATA field. + +TTL a 32 bit unsigned integer that specifies the time + interval (in seconds) that the resource record may be + cached before it should be discarded. Zero values are + interpreted to mean that the RR can only be used for the + transaction in progress, and should not be cached. + + + + + +Mockapetris [Page 29] + +RFC 1035 Domain Implementation and Specification November 1987 + + +RDLENGTH an unsigned 16 bit integer that specifies the length in + octets of the RDATA field. + +RDATA a variable length string of octets that describes the + resource. The format of this information varies + according to the TYPE and CLASS of the resource record. + For example, the if the TYPE is A and the CLASS is IN, + the RDATA field is a 4 octet ARPA Internet address. + +4.1.4. Message compression + +In order to reduce the size of messages, the domain system utilizes a +compression scheme which eliminates the repetition of domain names in a +message. In this scheme, an entire domain name or a list of labels at +the end of a domain name is replaced with a pointer to a prior occurance +of the same name. + +The pointer takes the form of a two octet sequence: + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | 1 1| OFFSET | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +The first two bits are ones. This allows a pointer to be distinguished +from a label, since the label must begin with two zero bits because +labels are restricted to 63 octets or less. (The 10 and 01 combinations +are reserved for future use.) The OFFSET field specifies an offset from +the start of the message (i.e., the first octet of the ID field in the +domain header). A zero offset specifies the first byte of the ID field, +etc. + +The compression scheme allows a domain name in a message to be +represented as either: + + - a sequence of labels ending in a zero octet + + - a pointer + + - a sequence of labels ending with a pointer + +Pointers can only be used for occurances of a domain name where the +format is not class specific. If this were not the case, a name server +or resolver would be required to know the format of all RRs it handled. +As yet, there are no such cases, but they may occur in future RDATA +formats. + +If a domain name is contained in a part of the message subject to a +length field (such as the RDATA section of an RR), and compression is + + + +Mockapetris [Page 30] + +RFC 1035 Domain Implementation and Specification November 1987 + + +used, the length of the compressed name is used in the length +calculation, rather than the length of the expanded name. + +Programs are free to avoid using pointers in messages they generate, +although this will reduce datagram capacity, and may cause truncation. +However all programs are required to understand arriving messages that +contain pointers. + +For example, a datagram might need to use the domain names F.ISI.ARPA, +FOO.F.ISI.ARPA, ARPA, and the root. Ignoring the other fields of the +message, these domain names might be represented as: + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + 20 | 1 | F | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + 22 | 3 | I | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + 24 | S | I | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + 26 | 4 | A | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + 28 | R | P | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + 30 | A | 0 | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + 40 | 3 | F | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + 42 | O | O | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + 44 | 1 1| 20 | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + 64 | 1 1| 26 | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + 92 | 0 | | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +The domain name for F.ISI.ARPA is shown at offset 20. The domain name +FOO.F.ISI.ARPA is shown at offset 40; this definition uses a pointer to +concatenate a label for FOO to the previously defined F.ISI.ARPA. The +domain name ARPA is defined at offset 64 using a pointer to the ARPA +component of the name F.ISI.ARPA at 20; note that this pointer relies on +ARPA being the last label in the string at 20. The root domain name is + + + +Mockapetris [Page 31] + +RFC 1035 Domain Implementation and Specification November 1987 + + +defined by a single octet of zeros at 92; the root domain name has no +labels. + +4.2. Transport + +The DNS assumes that messages will be transmitted as datagrams or in a +byte stream carried by a virtual circuit. While virtual circuits can be +used for any DNS activity, datagrams are preferred for queries due to +their lower overhead and better performance. Zone refresh activities +must use virtual circuits because of the need for reliable transfer. + +The Internet supports name server access using TCP [RFC-793] on server +port 53 (decimal) as well as datagram access using UDP [RFC-768] on UDP +port 53 (decimal). + +4.2.1. UDP usage + +Messages sent using UDP user server port 53 (decimal). + +Messages carried by UDP are restricted to 512 bytes (not counting the IP +or UDP headers). Longer messages are truncated and the TC bit is set in +the header. + +UDP is not acceptable for zone transfers, but is the recommended method +for standard queries in the Internet. Queries sent using UDP may be +lost, and hence a retransmission strategy is required. Queries or their +responses may be reordered by the network, or by processing in name +servers, so resolvers should not depend on them being returned in order. + +The optimal UDP retransmission policy will vary with performance of the +Internet and the needs of the client, but the following are recommended: + + - The client should try other servers and server addresses + before repeating a query to a specific address of a server. + + - The retransmission interval should be based on prior + statistics if possible. Too aggressive retransmission can + easily slow responses for the community at large. Depending + on how well connected the client is to its expected servers, + the minimum retransmission interval should be 2-5 seconds. + +More suggestions on server selection and retransmission policy can be +found in the resolver section of this memo. + +4.2.2. TCP usage + +Messages sent over TCP connections use server port 53 (decimal). The +message is prefixed with a two byte length field which gives the message + + + +Mockapetris [Page 32] + +RFC 1035 Domain Implementation and Specification November 1987 + + +length, excluding the two byte length field. This length field allows +the low-level processing to assemble a complete message before beginning +to parse it. + +Several connection management policies are recommended: + + - The server should not block other activities waiting for TCP + data. + + - The server should support multiple connections. + + - The server should assume that the client will initiate + connection closing, and should delay closing its end of the + connection until all outstanding client requests have been + satisfied. + + - If the server needs to close a dormant connection to reclaim + resources, it should wait until the connection has been idle + for a period on the order of two minutes. In particular, the + server should allow the SOA and AXFR request sequence (which + begins a refresh operation) to be made on a single connection. + Since the server would be unable to answer queries anyway, a + unilateral close or reset may be used instead of a graceful + close. + +5. MASTER FILES + +Master files are text files that contain RRs in text form. Since the +contents of a zone can be expressed in the form of a list of RRs a +master file is most often used to define a zone, though it can be used +to list a cache's contents. Hence, this section first discusses the +format of RRs in a master file, and then the special considerations when +a master file is used to create a zone in some name server. + +5.1. Format + +The format of these files is a sequence of entries. Entries are +predominantly line-oriented, though parentheses can be used to continue +a list of items across a line boundary, and text literals can contain +CRLF within the text. Any combination of tabs and spaces act as a +delimiter between the separate items that make up an entry. The end of +any line in the master file can end with a comment. The comment starts +with a ";" (semicolon). + +The following entries are defined: + + <blank>[<comment>] + + + + +Mockapetris [Page 33] + +RFC 1035 Domain Implementation and Specification November 1987 + + + $ORIGIN <domain-name> [<comment>] + + $INCLUDE <file-name> [<domain-name>] [<comment>] + + <domain-name><rr> [<comment>] + + <blank><rr> [<comment>] + +Blank lines, with or without comments, are allowed anywhere in the file. + +Two control entries are defined: $ORIGIN and $INCLUDE. $ORIGIN is +followed by a domain name, and resets the current origin for relative +domain names to the stated name. $INCLUDE inserts the named file into +the current file, and may optionally specify a domain name that sets the +relative domain name origin for the included file. $INCLUDE may also +have a comment. Note that a $INCLUDE entry never changes the relative +origin of the parent file, regardless of changes to the relative origin +made within the included file. + +The last two forms represent RRs. If an entry for an RR begins with a +blank, then the RR is assumed to be owned by the last stated owner. If +an RR entry begins with a <domain-name>, then the owner name is reset. + +<rr> contents take one of the following forms: + + [<TTL>] [<class>] <type> <RDATA> + + [<class>] [<TTL>] <type> <RDATA> + +The RR begins with optional TTL and class fields, followed by a type and +RDATA field appropriate to the type and class. Class and type use the +standard mnemonics, TTL is a decimal integer. Omitted class and TTL +values are default to the last explicitly stated values. Since type and +class mnemonics are disjoint, the parse is unique. (Note that this +order is different from the order used in examples and the order used in +the actual RRs; the given order allows easier parsing and defaulting.) + +<domain-name>s make up a large share of the data in the master file. +The labels in the domain name are expressed as character strings and +separated by dots. Quoting conventions allow arbitrary characters to be +stored in domain names. Domain names that end in a dot are called +absolute, and are taken as complete. Domain names which do not end in a +dot are called relative; the actual domain name is the concatenation of +the relative part with an origin specified in a $ORIGIN, $INCLUDE, or as +an argument to the master file loading routine. A relative name is an +error when no origin is available. + + + + + +Mockapetris [Page 34] + +RFC 1035 Domain Implementation and Specification November 1987 + + +<character-string> is expressed in one or two ways: as a contiguous set +of characters without interior spaces, or as a string beginning with a " +and ending with a ". Inside a " delimited string any character can +occur, except for a " itself, which must be quoted using \ (back slash). + +Because these files are text files several special encodings are +necessary to allow arbitrary data to be loaded. In particular: + + of the root. + +@ A free standing @ is used to denote the current origin. + +\X where X is any character other than a digit (0-9), is + used to quote that character so that its special meaning + does not apply. For example, "\." can be used to place + a dot character in a label. + +\DDD where each D is a digit is the octet corresponding to + the decimal number described by DDD. The resulting + octet is assumed to be text and is not checked for + special meaning. + +( ) Parentheses are used to group data that crosses a line + boundary. In effect, line terminations are not + recognized within parentheses. + +; Semicolon is used to start a comment; the remainder of + the line is ignored. + +5.2. Use of master files to define zones + +When a master file is used to load a zone, the operation should be +suppressed if any errors are encountered in the master file. The +rationale for this is that a single error can have widespread +consequences. For example, suppose that the RRs defining a delegation +have syntax errors; then the server will return authoritative name +errors for all names in the subzone (except in the case where the +subzone is also present on the server). + +Several other validity checks that should be performed in addition to +insuring that the file is syntactically correct: + + 1. All RRs in the file should have the same class. + + 2. Exactly one SOA RR should be present at the top of the zone. + + 3. If delegations are present and glue information is required, + it should be present. + + + +Mockapetris [Page 35] + +RFC 1035 Domain Implementation and Specification November 1987 + + + 4. Information present outside of the authoritative nodes in the + zone should be glue information, rather than the result of an + origin or similar error. + +5.3. Master file example + +The following is an example file which might be used to define the +ISI.EDU zone.and is loaded with an origin of ISI.EDU: + +@ IN SOA VENERA Action\.domains ( + 20 ; SERIAL + 7200 ; REFRESH + 600 ; RETRY + 3600000; EXPIRE + 60) ; MINIMUM + + NS A.ISI.EDU. + NS VENERA + NS VAXA + MX 10 VENERA + MX 20 VAXA + +A A 26.3.0.103 + +VENERA A 10.1.0.52 + A 128.9.0.32 + +VAXA A 10.2.0.27 + A 128.9.0.33 + + +$INCLUDE <SUBSYS>ISI-MAILBOXES.TXT + +Where the file <SUBSYS>ISI-MAILBOXES.TXT is: + + MOE MB A.ISI.EDU. + LARRY MB A.ISI.EDU. + CURLEY MB A.ISI.EDU. + STOOGES MG MOE + MG LARRY + MG CURLEY + +Note the use of the \ character in the SOA RR to specify the responsible +person mailbox "Action.domains@E.ISI.EDU". + + + + + + + +Mockapetris [Page 36] + +RFC 1035 Domain Implementation and Specification November 1987 + + +6. NAME SERVER IMPLEMENTATION + +6.1. Architecture + +The optimal structure for the name server will depend on the host +operating system and whether the name server is integrated with resolver +operations, either by supporting recursive service, or by sharing its +database with a resolver. This section discusses implementation +considerations for a name server which shares a database with a +resolver, but most of these concerns are present in any name server. + +6.1.1. Control + +A name server must employ multiple concurrent activities, whether they +are implemented as separate tasks in the host's OS or multiplexing +inside a single name server program. It is simply not acceptable for a +name server to block the service of UDP requests while it waits for TCP +data for refreshing or query activities. Similarly, a name server +should not attempt to provide recursive service without processing such +requests in parallel, though it may choose to serialize requests from a +single client, or to regard identical requests from the same client as +duplicates. A name server should not substantially delay requests while +it reloads a zone from master files or while it incorporates a newly +refreshed zone into its database. + +6.1.2. Database + +While name server implementations are free to use any internal data +structures they choose, the suggested structure consists of three major +parts: + + - A "catalog" data structure which lists the zones available to + this server, and a "pointer" to the zone data structure. The + main purpose of this structure is to find the nearest ancestor + zone, if any, for arriving standard queries. + + - Separate data structures for each of the zones held by the + name server. + + - A data structure for cached data. (or perhaps separate caches + for different classes) + +All of these data structures can be implemented an identical tree +structure format, with different data chained off the nodes in different +parts: in the catalog the data is pointers to zones, while in the zone +and cache data structures, the data will be RRs. In designing the tree +framework the designer should recognize that query processing will need +to traverse the tree using case-insensitive label comparisons; and that + + + +Mockapetris [Page 37] + +RFC 1035 Domain Implementation and Specification November 1987 + + +in real data, a few nodes have a very high branching factor (100-1000 or +more), but the vast majority have a very low branching factor (0-1). + +One way to solve the case problem is to store the labels for each node +in two pieces: a standardized-case representation of the label where all +ASCII characters are in a single case, together with a bit mask that +denotes which characters are actually of a different case. The +branching factor diversity can be handled using a simple linked list for +a node until the branching factor exceeds some threshold, and +transitioning to a hash structure after the threshold is exceeded. In +any case, hash structures used to store tree sections must insure that +hash functions and procedures preserve the casing conventions of the +DNS. + +The use of separate structures for the different parts of the database +is motivated by several factors: + + - The catalog structure can be an almost static structure that + need change only when the system administrator changes the + zones supported by the server. This structure can also be + used to store parameters used to control refreshing + activities. + + - The individual data structures for zones allow a zone to be + replaced simply by changing a pointer in the catalog. Zone + refresh operations can build a new structure and, when + complete, splice it into the database via a simple pointer + replacement. It is very important that when a zone is + refreshed, queries should not use old and new data + simultaneously. + + - With the proper search procedures, authoritative data in zones + will always "hide", and hence take precedence over, cached + data. + + - Errors in zone definitions that cause overlapping zones, etc., + may cause erroneous responses to queries, but problem + determination is simplified, and the contents of one "bad" + zone can't corrupt another. + + - Since the cache is most frequently updated, it is most + vulnerable to corruption during system restarts. It can also + become full of expired RR data. In either case, it can easily + be discarded without disturbing zone data. + +A major aspect of database design is selecting a structure which allows +the name server to deal with crashes of the name server's host. State +information which a name server should save across system crashes + + + +Mockapetris [Page 38] + +RFC 1035 Domain Implementation and Specification November 1987 + + +includes the catalog structure (including the state of refreshing for +each zone) and the zone data itself. + +6.1.3. Time + +Both the TTL data for RRs and the timing data for refreshing activities +depends on 32 bit timers in units of seconds. Inside the database, +refresh timers and TTLs for cached data conceptually "count down", while +data in the zone stays with constant TTLs. + +A recommended implementation strategy is to store time in two ways: as +a relative increment and as an absolute time. One way to do this is to +use positive 32 bit numbers for one type and negative numbers for the +other. The RRs in zones use relative times; the refresh timers and +cache data use absolute times. Absolute numbers are taken with respect +to some known origin and converted to relative values when placed in the +response to a query. When an absolute TTL is negative after conversion +to relative, then the data is expired and should be ignored. + +6.2. Standard query processing + +The major algorithm for standard query processing is presented in +[RFC-1034]. + +When processing queries with QCLASS=*, or some other QCLASS which +matches multiple classes, the response should never be authoritative +unless the server can guarantee that the response covers all classes. + +When composing a response, RRs which are to be inserted in the +additional section, but duplicate RRs in the answer or authority +sections, may be omitted from the additional section. + +When a response is so long that truncation is required, the truncation +should start at the end of the response and work forward in the +datagram. Thus if there is any data for the authority section, the +answer section is guaranteed to be unique. + +The MINIMUM value in the SOA should be used to set a floor on the TTL of +data distributed from a zone. This floor function should be done when +the data is copied into a response. This will allow future dynamic +update protocols to change the SOA MINIMUM field without ambiguous +semantics. + +6.3. Zone refresh and reload processing + +In spite of a server's best efforts, it may be unable to load zone data +from a master file due to syntax errors, etc., or be unable to refresh a +zone within the its expiration parameter. In this case, the name server + + + +Mockapetris [Page 39] + +RFC 1035 Domain Implementation and Specification November 1987 + + +should answer queries as if it were not supposed to possess the zone. + +If a master is sending a zone out via AXFR, and a new version is created +during the transfer, the master should continue to send the old version +if possible. In any case, it should never send part of one version and +part of another. If completion is not possible, the master should reset +the connection on which the zone transfer is taking place. + +6.4. Inverse queries (Optional) + +Inverse queries are an optional part of the DNS. Name servers are not +required to support any form of inverse queries. If a name server +receives an inverse query that it does not support, it returns an error +response with the "Not Implemented" error set in the header. While +inverse query support is optional, all name servers must be at least +able to return the error response. + +6.4.1. The contents of inverse queries and responses Inverse +queries reverse the mappings performed by standard query operations; +while a standard query maps a domain name to a resource, an inverse +query maps a resource to a domain name. For example, a standard query +might bind a domain name to a host address; the corresponding inverse +query binds the host address to a domain name. + +Inverse queries take the form of a single RR in the answer section of +the message, with an empty question section. The owner name of the +query RR and its TTL are not significant. The response carries +questions in the question section which identify all names possessing +the query RR WHICH THE NAME SERVER KNOWS. Since no name server knows +about all of the domain name space, the response can never be assumed to +be complete. Thus inverse queries are primarily useful for database +management and debugging activities. Inverse queries are NOT an +acceptable method of mapping host addresses to host names; use the IN- +ADDR.ARPA domain instead. + +Where possible, name servers should provide case-insensitive comparisons +for inverse queries. Thus an inverse query asking for an MX RR of +"Venera.isi.edu" should get the same response as a query for +"VENERA.ISI.EDU"; an inverse query for HINFO RR "IBM-PC UNIX" should +produce the same result as an inverse query for "IBM-pc unix". However, +this cannot be guaranteed because name servers may possess RRs that +contain character strings but the name server does not know that the +data is character. + +When a name server processes an inverse query, it either returns: + + 1. zero, one, or multiple domain names for the specified + resource as QNAMEs in the question section + + + +Mockapetris [Page 40] + +RFC 1035 Domain Implementation and Specification November 1987 + + + 2. an error code indicating that the name server doesn't support + inverse mapping of the specified resource type. + +When the response to an inverse query contains one or more QNAMEs, the +owner name and TTL of the RR in the answer section which defines the +inverse query is modified to exactly match an RR found at the first +QNAME. + +RRs returned in the inverse queries cannot be cached using the same +mechanism as is used for the replies to standard queries. One reason +for this is that a name might have multiple RRs of the same type, and +only one would appear. For example, an inverse query for a single +address of a multiply homed host might create the impression that only +one address existed. + +6.4.2. Inverse query and response example The overall structure +of an inverse query for retrieving the domain name that corresponds to +Internet address 10.1.0.52 is shown below: + + +-----------------------------------------+ + Header | OPCODE=IQUERY, ID=997 | + +-----------------------------------------+ + Question | <empty> | + +-----------------------------------------+ + Answer | <anyname> A IN 10.1.0.52 | + +-----------------------------------------+ + Authority | <empty> | + +-----------------------------------------+ + Additional | <empty> | + +-----------------------------------------+ + +This query asks for a question whose answer is the Internet style +address 10.1.0.52. Since the owner name is not known, any domain name +can be used as a placeholder (and is ignored). A single octet of zero, +signifying the root, is usually used because it minimizes the length of +the message. The TTL of the RR is not significant. The response to +this query might be: + + + + + + + + + + + + + + +Mockapetris [Page 41] + +RFC 1035 Domain Implementation and Specification November 1987 + + + +-----------------------------------------+ + Header | OPCODE=RESPONSE, ID=997 | + +-----------------------------------------+ + Question |QTYPE=A, QCLASS=IN, QNAME=VENERA.ISI.EDU | + +-----------------------------------------+ + Answer | VENERA.ISI.EDU A IN 10.1.0.52 | + +-----------------------------------------+ + Authority | <empty> | + +-----------------------------------------+ + Additional | <empty> | + +-----------------------------------------+ + +Note that the QTYPE in a response to an inverse query is the same as the +TYPE field in the answer section of the inverse query. Responses to +inverse queries may contain multiple questions when the inverse is not +unique. If the question section in the response is not empty, then the +RR in the answer section is modified to correspond to be an exact copy +of an RR at the first QNAME. + +6.4.3. Inverse query processing + +Name servers that support inverse queries can support these operations +through exhaustive searches of their databases, but this becomes +impractical as the size of the database increases. An alternative +approach is to invert the database according to the search key. + +For name servers that support multiple zones and a large amount of data, +the recommended approach is separate inversions for each zone. When a +particular zone is changed during a refresh, only its inversions need to +be redone. + +Support for transfer of this type of inversion may be included in future +versions of the domain system, but is not supported in this version. + +6.5. Completion queries and responses + +The optional completion services described in RFC-882 and RFC-883 have +been deleted. Redesigned services may become available in the future. + + + + + + + + + + + + + +Mockapetris [Page 42] + +RFC 1035 Domain Implementation and Specification November 1987 + + +7. RESOLVER IMPLEMENTATION + +The top levels of the recommended resolver algorithm are discussed in +[RFC-1034]. This section discusses implementation details assuming the +database structure suggested in the name server implementation section +of this memo. + +7.1. Transforming a user request into a query + +The first step a resolver takes is to transform the client's request, +stated in a format suitable to the local OS, into a search specification +for RRs at a specific name which match a specific QTYPE and QCLASS. +Where possible, the QTYPE and QCLASS should correspond to a single type +and a single class, because this makes the use of cached data much +simpler. The reason for this is that the presence of data of one type +in a cache doesn't confirm the existence or non-existence of data of +other types, hence the only way to be sure is to consult an +authoritative source. If QCLASS=* is used, then authoritative answers +won't be available. + +Since a resolver must be able to multiplex multiple requests if it is to +perform its function efficiently, each pending request is usually +represented in some block of state information. This state block will +typically contain: + + - A timestamp indicating the time the request began. + The timestamp is used to decide whether RRs in the database + can be used or are out of date. This timestamp uses the + absolute time format previously discussed for RR storage in + zones and caches. Note that when an RRs TTL indicates a + relative time, the RR must be timely, since it is part of a + zone. When the RR has an absolute time, it is part of a + cache, and the TTL of the RR is compared against the timestamp + for the start of the request. + + Note that using the timestamp is superior to using a current + time, since it allows RRs with TTLs of zero to be entered in + the cache in the usual manner, but still used by the current + request, even after intervals of many seconds due to system + load, query retransmission timeouts, etc. + + - Some sort of parameters to limit the amount of work which will + be performed for this request. + + The amount of work which a resolver will do in response to a + client request must be limited to guard against errors in the + database, such as circular CNAME references, and operational + problems, such as network partition which prevents the + + + +Mockapetris [Page 43] + +RFC 1035 Domain Implementation and Specification November 1987 + + + resolver from accessing the name servers it needs. While + local limits on the number of times a resolver will retransmit + a particular query to a particular name server address are + essential, the resolver should have a global per-request + counter to limit work on a single request. The counter should + be set to some initial value and decremented whenever the + resolver performs any action (retransmission timeout, + retransmission, etc.) If the counter passes zero, the request + is terminated with a temporary error. + + Note that if the resolver structure allows one request to + start others in parallel, such as when the need to access a + name server for one request causes a parallel resolve for the + name server's addresses, the spawned request should be started + with a lower counter. This prevents circular references in + the database from starting a chain reaction of resolver + activity. + + - The SLIST data structure discussed in [RFC-1034]. + + This structure keeps track of the state of a request if it + must wait for answers from foreign name servers. + +7.2. Sending the queries + +As described in [RFC-1034], the basic task of the resolver is to +formulate a query which will answer the client's request and direct that +query to name servers which can provide the information. The resolver +will usually only have very strong hints about which servers to ask, in +the form of NS RRs, and may have to revise the query, in response to +CNAMEs, or revise the set of name servers the resolver is asking, in +response to delegation responses which point the resolver to name +servers closer to the desired information. In addition to the +information requested by the client, the resolver may have to call upon +its own services to determine the address of name servers it wishes to +contact. + +In any case, the model used in this memo assumes that the resolver is +multiplexing attention between multiple requests, some from the client, +and some internally generated. Each request is represented by some +state information, and the desired behavior is that the resolver +transmit queries to name servers in a way that maximizes the probability +that the request is answered, minimizes the time that the request takes, +and avoids excessive transmissions. The key algorithm uses the state +information of the request to select the next name server address to +query, and also computes a timeout which will cause the next action +should a response not arrive. The next action will usually be a +transmission to some other server, but may be a temporary error to the + + + +Mockapetris [Page 44] + +RFC 1035 Domain Implementation and Specification November 1987 + + +client. + +The resolver always starts with a list of server names to query (SLIST). +This list will be all NS RRs which correspond to the nearest ancestor +zone that the resolver knows about. To avoid startup problems, the +resolver should have a set of default servers which it will ask should +it have no current NS RRs which are appropriate. The resolver then adds +to SLIST all of the known addresses for the name servers, and may start +parallel requests to acquire the addresses of the servers when the +resolver has the name, but no addresses, for the name servers. + +To complete initialization of SLIST, the resolver attaches whatever +history information it has to the each address in SLIST. This will +usually consist of some sort of weighted averages for the response time +of the address, and the batting average of the address (i.e., how often +the address responded at all to the request). Note that this +information should be kept on a per address basis, rather than on a per +name server basis, because the response time and batting average of a +particular server may vary considerably from address to address. Note +also that this information is actually specific to a resolver address / +server address pair, so a resolver with multiple addresses may wish to +keep separate histories for each of its addresses. Part of this step +must deal with addresses which have no such history; in this case an +expected round trip time of 5-10 seconds should be the worst case, with +lower estimates for the same local network, etc. + +Note that whenever a delegation is followed, the resolver algorithm +reinitializes SLIST. + +The information establishes a partial ranking of the available name +server addresses. Each time an address is chosen and the state should +be altered to prevent its selection again until all other addresses have +been tried. The timeout for each transmission should be 50-100% greater +than the average predicted value to allow for variance in response. + +Some fine points: + + - The resolver may encounter a situation where no addresses are + available for any of the name servers named in SLIST, and + where the servers in the list are precisely those which would + normally be used to look up their own addresses. This + situation typically occurs when the glue address RRs have a + smaller TTL than the NS RRs marking delegation, or when the + resolver caches the result of a NS search. The resolver + should detect this condition and restart the search at the + next ancestor zone, or alternatively at the root. + + + + + +Mockapetris [Page 45] + +RFC 1035 Domain Implementation and Specification November 1987 + + + - If a resolver gets a server error or other bizarre response + from a name server, it should remove it from SLIST, and may + wish to schedule an immediate transmission to the next + candidate server address. + +7.3. Processing responses + +The first step in processing arriving response datagrams is to parse the +response. This procedure should include: + + - Check the header for reasonableness. Discard datagrams which + are queries when responses are expected. + + - Parse the sections of the message, and insure that all RRs are + correctly formatted. + + - As an optional step, check the TTLs of arriving data looking + for RRs with excessively long TTLs. If a RR has an + excessively long TTL, say greater than 1 week, either discard + the whole response, or limit all TTLs in the response to 1 + week. + +The next step is to match the response to a current resolver request. +The recommended strategy is to do a preliminary matching using the ID +field in the domain header, and then to verify that the question section +corresponds to the information currently desired. This requires that +the transmission algorithm devote several bits of the domain ID field to +a request identifier of some sort. This step has several fine points: + + - Some name servers send their responses from different + addresses than the one used to receive the query. That is, a + resolver cannot rely that a response will come from the same + address which it sent the corresponding query to. This name + server bug is typically encountered in UNIX systems. + + - If the resolver retransmits a particular request to a name + server it should be able to use a response from any of the + transmissions. However, if it is using the response to sample + the round trip time to access the name server, it must be able + to determine which transmission matches the response (and keep + transmission times for each outgoing message), or only + calculate round trip times based on initial transmissions. + + - A name server will occasionally not have a current copy of a + zone which it should have according to some NS RRs. The + resolver should simply remove the name server from the current + SLIST, and continue. + + + + +Mockapetris [Page 46] + +RFC 1035 Domain Implementation and Specification November 1987 + + +7.4. Using the cache + +In general, we expect a resolver to cache all data which it receives in +responses since it may be useful in answering future client requests. +However, there are several types of data which should not be cached: + + - When several RRs of the same type are available for a + particular owner name, the resolver should either cache them + all or none at all. When a response is truncated, and a + resolver doesn't know whether it has a complete set, it should + not cache a possibly partial set of RRs. + + - Cached data should never be used in preference to + authoritative data, so if caching would cause this to happen + the data should not be cached. + + - The results of an inverse query should not be cached. + + - The results of standard queries where the QNAME contains "*" + labels if the data might be used to construct wildcards. The + reason is that the cache does not necessarily contain existing + RRs or zone boundary information which is necessary to + restrict the application of the wildcard RRs. + + - RR data in responses of dubious reliability. When a resolver + receives unsolicited responses or RR data other than that + requested, it should discard it without caching it. The basic + implication is that all sanity checks on a packet should be + performed before any of it is cached. + +In a similar vein, when a resolver has a set of RRs for some name in a +response, and wants to cache the RRs, it should check its cache for +already existing RRs. Depending on the circumstances, either the data +in the response or the cache is preferred, but the two should never be +combined. If the data in the response is from authoritative data in the +answer section, it is always preferred. + +8. MAIL SUPPORT + +The domain system defines a standard for mapping mailboxes into domain +names, and two methods for using the mailbox information to derive mail +routing information. The first method is called mail exchange binding +and the other method is mailbox binding. The mailbox encoding standard +and mail exchange binding are part of the DNS official protocol, and are +the recommended method for mail routing in the Internet. Mailbox +binding is an experimental feature which is still under development and +subject to change. + + + + +Mockapetris [Page 47] + +RFC 1035 Domain Implementation and Specification November 1987 + + +The mailbox encoding standard assumes a mailbox name of the form +"<local-part>@<mail-domain>". While the syntax allowed in each of these +sections varies substantially between the various mail internets, the +preferred syntax for the ARPA Internet is given in [RFC-822]. + +The DNS encodes the <local-part> as a single label, and encodes the +<mail-domain> as a domain name. The single label from the <local-part> +is prefaced to the domain name from <mail-domain> to form the domain +name corresponding to the mailbox. Thus the mailbox HOSTMASTER@SRI- +NIC.ARPA is mapped into the domain name HOSTMASTER.SRI-NIC.ARPA. If the +<local-part> contains dots or other special characters, its +representation in a master file will require the use of backslash +quoting to ensure that the domain name is properly encoded. For +example, the mailbox Action.domains@ISI.EDU would be represented as +Action\.domains.ISI.EDU. + +8.1. Mail exchange binding + +Mail exchange binding uses the <mail-domain> part of a mailbox +specification to determine where mail should be sent. The <local-part> +is not even consulted. [RFC-974] specifies this method in detail, and +should be consulted before attempting to use mail exchange support. + +One of the advantages of this method is that it decouples mail +destination naming from the hosts used to support mail service, at the +cost of another layer of indirection in the lookup function. However, +the addition layer should eliminate the need for complicated "%", "!", +etc encodings in <local-part>. + +The essence of the method is that the <mail-domain> is used as a domain +name to locate type MX RRs which list hosts willing to accept mail for +<mail-domain>, together with preference values which rank the hosts +according to an order specified by the administrators for <mail-domain>. + +In this memo, the <mail-domain> ISI.EDU is used in examples, together +with the hosts VENERA.ISI.EDU and VAXA.ISI.EDU as mail exchanges for +ISI.EDU. If a mailer had a message for Mockapetris@ISI.EDU, it would +route it by looking up MX RRs for ISI.EDU. The MX RRs at ISI.EDU name +VENERA.ISI.EDU and VAXA.ISI.EDU, and type A queries can find the host +addresses. + +8.2. Mailbox binding (Experimental) + +In mailbox binding, the mailer uses the entire mail destination +specification to construct a domain name. The encoded domain name for +the mailbox is used as the QNAME field in a QTYPE=MAILB query. + +Several outcomes are possible for this query: + + + +Mockapetris [Page 48] + +RFC 1035 Domain Implementation and Specification November 1987 + + + 1. The query can return a name error indicating that the mailbox + does not exist as a domain name. + + In the long term, this would indicate that the specified + mailbox doesn't exist. However, until the use of mailbox + binding is universal, this error condition should be + interpreted to mean that the organization identified by the + global part does not support mailbox binding. The + appropriate procedure is to revert to exchange binding at + this point. + + 2. The query can return a Mail Rename (MR) RR. + + The MR RR carries new mailbox specification in its RDATA + field. The mailer should replace the old mailbox with the + new one and retry the operation. + + 3. The query can return a MB RR. + + The MB RR carries a domain name for a host in its RDATA + field. The mailer should deliver the message to that host + via whatever protocol is applicable, e.g., b,SMTP. + + 4. The query can return one or more Mail Group (MG) RRs. + + This condition means that the mailbox was actually a mailing + list or mail group, rather than a single mailbox. Each MG RR + has a RDATA field that identifies a mailbox that is a member + of the group. The mailer should deliver a copy of the + message to each member. + + 5. The query can return a MB RR as well as one or more MG RRs. + + This condition means the the mailbox was actually a mailing + list. The mailer can either deliver the message to the host + specified by the MB RR, which will in turn do the delivery to + all members, or the mailer can use the MG RRs to do the + expansion itself. + +In any of these cases, the response may include a Mail Information +(MINFO) RR. This RR is usually associated with a mail group, but is +legal with a MB. The MINFO RR identifies two mailboxes. One of these +identifies a responsible person for the original mailbox name. This +mailbox should be used for requests to be added to a mail group, etc. +The second mailbox name in the MINFO RR identifies a mailbox that should +receive error messages for mail failures. This is particularly +appropriate for mailing lists when errors in member names should be +reported to a person other than the one who sends a message to the list. + + + +Mockapetris [Page 49] + +RFC 1035 Domain Implementation and Specification November 1987 + + +New fields may be added to this RR in the future. + + +9. REFERENCES and BIBLIOGRAPHY + +[Dyer 87] S. Dyer, F. Hsu, "Hesiod", Project Athena + Technical Plan - Name Service, April 1987, version 1.9. + + Describes the fundamentals of the Hesiod name service. + +[IEN-116] J. Postel, "Internet Name Server", IEN-116, + USC/Information Sciences Institute, August 1979. + + A name service obsoleted by the Domain Name System, but + still in use. + +[Quarterman 86] J. Quarterman, and J. Hoskins, "Notable Computer Networks", + Communications of the ACM, October 1986, volume 29, number + 10. + +[RFC-742] K. Harrenstien, "NAME/FINGER", RFC-742, Network + Information Center, SRI International, December 1977. + +[RFC-768] J. Postel, "User Datagram Protocol", RFC-768, + USC/Information Sciences Institute, August 1980. + +[RFC-793] J. Postel, "Transmission Control Protocol", RFC-793, + USC/Information Sciences Institute, September 1981. + +[RFC-799] D. Mills, "Internet Name Domains", RFC-799, COMSAT, + September 1981. + + Suggests introduction of a hierarchy in place of a flat + name space for the Internet. + +[RFC-805] J. Postel, "Computer Mail Meeting Notes", RFC-805, + USC/Information Sciences Institute, February 1982. + +[RFC-810] E. Feinler, K. Harrenstien, Z. Su, and V. White, "DOD + Internet Host Table Specification", RFC-810, Network + Information Center, SRI International, March 1982. + + Obsolete. See RFC-952. + +[RFC-811] K. Harrenstien, V. White, and E. Feinler, "Hostnames + Server", RFC-811, Network Information Center, SRI + International, March 1982. + + + + +Mockapetris [Page 50] + +RFC 1035 Domain Implementation and Specification November 1987 + + + Obsolete. See RFC-953. + +[RFC-812] K. Harrenstien, and V. White, "NICNAME/WHOIS", RFC-812, + Network Information Center, SRI International, March + 1982. + +[RFC-819] Z. Su, and J. Postel, "The Domain Naming Convention for + Internet User Applications", RFC-819, Network + Information Center, SRI International, August 1982. + + Early thoughts on the design of the domain system. + Current implementation is completely different. + +[RFC-821] J. Postel, "Simple Mail Transfer Protocol", RFC-821, + USC/Information Sciences Institute, August 1980. + +[RFC-830] Z. Su, "A Distributed System for Internet Name Service", + RFC-830, Network Information Center, SRI International, + October 1982. + + Early thoughts on the design of the domain system. + Current implementation is completely different. + +[RFC-882] P. Mockapetris, "Domain names - Concepts and + Facilities," RFC-882, USC/Information Sciences + Institute, November 1983. + + Superceeded by this memo. + +[RFC-883] P. Mockapetris, "Domain names - Implementation and + Specification," RFC-883, USC/Information Sciences + Institute, November 1983. + + Superceeded by this memo. + +[RFC-920] J. Postel and J. Reynolds, "Domain Requirements", + RFC-920, USC/Information Sciences Institute, + October 1984. + + Explains the naming scheme for top level domains. + +[RFC-952] K. Harrenstien, M. Stahl, E. Feinler, "DoD Internet Host + Table Specification", RFC-952, SRI, October 1985. + + Specifies the format of HOSTS.TXT, the host/address + table replaced by the DNS. + + + + + +Mockapetris [Page 51] + +RFC 1035 Domain Implementation and Specification November 1987 + + +[RFC-953] K. Harrenstien, M. Stahl, E. Feinler, "HOSTNAME Server", + RFC-953, SRI, October 1985. + + This RFC contains the official specification of the + hostname server protocol, which is obsoleted by the DNS. + This TCP based protocol accesses information stored in + the RFC-952 format, and is used to obtain copies of the + host table. + +[RFC-973] P. Mockapetris, "Domain System Changes and + Observations", RFC-973, USC/Information Sciences + Institute, January 1986. + + Describes changes to RFC-882 and RFC-883 and reasons for + them. + +[RFC-974] C. Partridge, "Mail routing and the domain system", + RFC-974, CSNET CIC BBN Labs, January 1986. + + Describes the transition from HOSTS.TXT based mail + addressing to the more powerful MX system used with the + domain system. + +[RFC-1001] NetBIOS Working Group, "Protocol standard for a NetBIOS + service on a TCP/UDP transport: Concepts and Methods", + RFC-1001, March 1987. + + This RFC and RFC-1002 are a preliminary design for + NETBIOS on top of TCP/IP which proposes to base NetBIOS + name service on top of the DNS. + +[RFC-1002] NetBIOS Working Group, "Protocol standard for a NetBIOS + service on a TCP/UDP transport: Detailed + Specifications", RFC-1002, March 1987. + +[RFC-1010] J. Reynolds, and J. Postel, "Assigned Numbers", RFC-1010, + USC/Information Sciences Institute, May 1987. + + Contains socket numbers and mnemonics for host names, + operating systems, etc. + +[RFC-1031] W. Lazear, "MILNET Name Domain Transition", RFC-1031, + November 1987. + + Describes a plan for converting the MILNET to the DNS. + +[RFC-1032] M. Stahl, "Establishing a Domain - Guidelines for + Administrators", RFC-1032, November 1987. + + + +Mockapetris [Page 52] + +RFC 1035 Domain Implementation and Specification November 1987 + + + Describes the registration policies used by the NIC to + administer the top level domains and delegate subzones. + +[RFC-1033] M. Lottor, "Domain Administrators Operations Guide", + RFC-1033, November 1987. + + A cookbook for domain administrators. + +[Solomon 82] M. Solomon, L. Landweber, and D. Neuhengen, "The CSNET + Name Server", Computer Networks, vol 6, nr 3, July 1982. + + Describes a name service for CSNET which is independent + from the DNS and DNS use in the CSNET. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Mockapetris [Page 53] + +RFC 1035 Domain Implementation and Specification November 1987 + + +Index + + * 13 + + ; 33, 35 + + <character-string> 35 + <domain-name> 34 + + @ 35 + + \ 35 + + A 12 + + Byte order 8 + + CH 13 + Character case 9 + CLASS 11 + CNAME 12 + Completion 42 + CS 13 + + Hesiod 13 + HINFO 12 + HS 13 + + IN 13 + IN-ADDR.ARPA domain 22 + Inverse queries 40 + + Mailbox names 47 + MB 12 + MD 12 + MF 12 + MG 12 + MINFO 12 + MINIMUM 20 + MR 12 + MX 12 + + NS 12 + NULL 12 + + Port numbers 32 + Primary server 5 + PTR 12, 18 + + + +Mockapetris [Page 54] + +RFC 1035 Domain Implementation and Specification November 1987 + + + QCLASS 13 + QTYPE 12 + + RDATA 12 + RDLENGTH 11 + + Secondary server 5 + SOA 12 + Stub resolvers 7 + + TCP 32 + TXT 12 + TYPE 11 + + UDP 32 + + WKS 12 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Mockapetris [Page 55] + diff --git a/usr.sbin/named/doc/rfc/rfc1101 b/usr.sbin/named/doc/rfc/rfc1101 new file mode 100644 index 00000000000..66c9d8b813b --- /dev/null +++ b/usr.sbin/named/doc/rfc/rfc1101 @@ -0,0 +1,787 @@ + + + + + + +Network Working Group P. Mockapetris +Request for Comments: 1101 ISI +Updates: RFCs 1034, 1035 April 1989 + + + DNS Encoding of Network Names and Other Types + + +1. STATUS OF THIS MEMO + + This RFC proposes two extensions to the Domain Name System: + + - A specific method for entering and retrieving RRs which map + between network names and numbers. + + - Ideas for a general method for describing mappings between + arbitrary identifiers and numbers. + + The method for mapping between network names and addresses is a + proposed standard, the ideas for a general method are experimental. + + This RFC assumes that the reader is familiar with the DNS [RFC 1034, + RFC 1035] and its use. The data shown is for pedagogical use and + does not necessarily reflect the real Internet. + + Distribution of this memo is unlimited. + +2. INTRODUCTION + + The DNS is extensible and can be used for a virtually unlimited + number of data types, name spaces, etc. New type definitions are + occasionally necessary as are revisions or deletions of old types + (e.g., MX replacement of MD and MF [RFC 974]), and changes described + in [RFC 973]. This RFC describes changes due to the general need to + map between identifiers and values, and a specific need for network + name support. + + Users wish to be able to use the DNS to map between network names and + numbers. This need is the only capability found in HOSTS.TXT which + is not available from the DNS. In designing a method to do this, + there were two major areas of concern: + + - Several tradeoffs involving control of network names, the + syntax of network names, backward compatibility, etc. + + - A desire to create a method which would be sufficiently + general to set a good precedent for future mappings, + for example, between TCP-port names and numbers, + + + +Mockapetris [Page 1] + +RFC 1101 DNS Encoding of Network Names and Other Types April 1989 + + + autonomous system names and numbers, X.500 Relative + Distinguished Names (RDNs) and their servers, or whatever. + + It was impossible to reconcile these two areas of concern for network + names because of the desire to unify network number support within + existing IP address to host name support. The existing support is + the IN-ADDR.ARPA section of the DNS name space. As a result this RFC + describes one structure for network names which builds on the + existing support for host names, and another family of structures for + future yellow pages (YP) functions such as conversions between TCP- + port numbers and mnemonics. + + Both structures are described in following sections. Each structure + has a discussion of design issues and specific structure + recommendations. + + We wish to avoid defining structures and methods which can work but + do not because of indifference or errors on the part of system + administrators when maintaining the database. The WKS RR is an + example. Thus, while we favor distribution as a general method, we + also recognize that centrally maintained tables (such as HOSTS.TXT) + are usually more consistent though less maintainable and timely. + Hence we recommend both specific methods for mapping network names, + addresses, and subnets, as well as an instance of the general method + for mapping between allocated network numbers and network names. + (Allocation is centrally performed by the SRI Network Information + Center, aka the NIC). + +3. NETWORK NAME ISSUES AND DISCUSSION + + The issues involved in the design were the definition of network name + syntax, the mappings to be provided, and possible support for similar + functions at the subnet level. + +3.1. Network name syntax + + The current syntax for network names, as defined by [RFC 952] is an + alphanumeric string of up to 24 characters, which begins with an + alpha, and may include "." and "-" except as first and last + characters. This is the format which was also used for host names + before the DNS. Upward compatibility with existing names might be a + goal of any new scheme. + + However, the present syntax has been used to define a flat name + space, and hence would prohibit the same distributed name allocation + method used for host names. There is some sentiment for allowing the + NIC to continue to allocate and regulate network names, much as it + allocates numbers, but the majority opinion favors local control of + + + +Mockapetris [Page 2] + +RFC 1101 DNS Encoding of Network Names and Other Types April 1989 + + + network names. Although it would be possible to provide a flat space + or a name space in which, for example, the last label of a domain + name captured the old-style network name, any such approach would add + complexity to the method and create different rules for network names + and host names. + + For these reasons, we assume that the syntax of network names will be + the same as the expanded syntax for host names permitted in [HR]. + The new syntax expands the set of names to allow leading digits, so + long as the resulting representations do not conflict with IP + addresses in decimal octet form. For example, 3Com.COM and 3M.COM + are now legal, although 26.0.0.73.COM is not. See [HR] for details. + + The price is that network names will get as complicated as host + names. An administrator will be able to create network names in any + domain under his control, and also create network number to name + entries in IN-ADDR.ARPA domains under his control. Thus, the name + for the ARPANET might become NET.ARPA, ARPANET.ARPA or Arpa- + network.MIL., depending on the preferences of the owner. + +3.2. Mappings + + The desired mappings, ranked by priority with most important first, + are: + + - Mapping a IP address or network number to a network name. + + This mapping is for use in debugging tools and status displays + of various sorts. The conversion from IP address to network + number is well known for class A, B, and C IP addresses, and + involves a simple mask operation. The needs of other classes + are not yet defined and are ignored for the rest of this RFC. + + - Mapping a network name to a network address. + + This facility is of less obvious application, but a + symmetrical mapping seems desirable. + + - Mapping an organization to its network names and numbers. + + This facility is useful because it may not always be possible + to guess the local choice for network names, but the + organization name is often well known. + + - Similar mappings for subnets, even when nested. + + The primary application is to be able to identify all of the + subnets involved in a particular IP address. A secondary + + + +Mockapetris [Page 3] + +RFC 1101 DNS Encoding of Network Names and Other Types April 1989 + + + requirement is to retrieve address mask information. + +3.3. Network address section of the name space + + The network name syntax discussed above can provide domain names + which will contain mappings from network names to various quantities, + but we also need a section of the name space, organized by network + and subnet number to hold the inverse mappings. + + The choices include: + + - The same network number slots already assigned and delegated + in the IN-ADDR.ARPA section of the name space. + + For example, 10.IN-ADDR.ARPA for class A net 10, + 2.128.IN-ADDR.ARPA for class B net 128.2, etc. + + - Host-zero addresses in the IN-ADDR.ARPA tree. (A host field + of all zero in an IP address is prohibited because of + confusion related to broadcast addresses, et al.) + + For example, 0.0.0.10.IN-ADDR.ARPA for class A net 10, + 0.0.2.128.IN-ADDR.arpa for class B net 128.2, etc. Like the + first scheme, it uses in-place name space delegations to + distribute control. + + The main advantage of this scheme over the first is that it + allows convenient names for subnets as well as networks. A + secondary advantage is that it uses names which are not in use + already, and hence it is possible to test whether an + organization has entered this information in its domain + database. + + - Some new section of the name space. + + While this option provides the most opportunities, it creates + a need to delegate a whole new name space. Since the IP + address space is so closely related to the network number + space, most believe that the overhead of creating such a new + space is overwhelming and would lead to the WKS syndrome. (As + of February, 1989, approximately 400 sections of the + IN-ADDR.ARPA tree are already delegated, usually at network + boundaries.) + + + + + + + + +Mockapetris [Page 4] + +RFC 1101 DNS Encoding of Network Names and Other Types April 1989 + + +4. SPECIFICS FOR NETWORK NAME MAPPINGS + + The proposed solution uses information stored at: + + - Names in the IN-ADDR.ARPA tree that correspond to host-zero IP + addresses. The same method is used for subnets in a nested + fashion. For example, 0.0.0.10.IN-ADDR.ARPA. for net 10. + + Two types of information are stored here: PTR RRs which point + to the network name in their data sections, and A RRs, which + are present if the network (or subnet) is subnetted further. + If a type A RR is present, then it has the address mask as its + data. The general form is: + + <reversed-host-zero-number>.IN-ADDR.ARPA. PTR <network-name> + <reversed-host-zero-number>.IN-ADDR.ARPA. A <subnet-mask> + + For example: + + 0.0.0.10.IN-ADDR.ARPA. PTR ARPANET.ARPA. + + or + + 0.0.2.128.IN-ADDR.ARPA. PTR cmu-net.cmu.edu. + A 255.255.255.0 + + In general, this information will be added to an existing + master file for some IN-ADDR.ARPA domain for each network + involved. Similar RRs can be used at host-zero subnet + entries. + + - Names which are network names. + + The data stored here is PTR RRs pointing at the host-zero + entries. The general form is: + + <network-name> ptr <reversed-host-zero-number>.IN-ADDR.ARPA + + For example: + + ARPANET.ARPA. PTR 0.0.0.10.IN-ADDR.ARPA. + + or + + isi-net.isi.edu. PTR 0.0.9.128.IN-ADDR.ARPA. + + In general, this information will be inserted in the master + file for the domain name of the organization; this is a + + + +Mockapetris [Page 5] + +RFC 1101 DNS Encoding of Network Names and Other Types April 1989 + + + different file from that which holds the information below + IN-ADDR.ARPA. Similar PTR RRs can be used at subnet names. + + - Names corresponding to organizations. + + The data here is one or more PTR RRs pointing at the + IN-ADDR.ARPA names corresponding to host-zero entries for + networks. + + For example: + + ISI.EDU. PTR 0.0.9.128.IN-ADDR.ARPA. + + MCC.COM. PTR 0.167.5.192.IN-ADDR.ARPA. + PTR 0.168.5.192.IN-ADDR.ARPA. + PTR 0.169.5.192.IN-ADDR.ARPA. + PTR 0.0.62.128.IN-ADDR.ARPA. + +4.1. A simple example + + The ARPANET is a Class A network without subnets. The RRs which + would be added, assuming the ARPANET.ARPA was selected as a network + name, would be: + + ARPA. PTR 0.0.0.10.IN-ADDR.ARPA. + + ARPANET.ARPA. PTR 0.0.0.10.IN-ADDR.ARPA. + + 0.0.0.10.IN-ADDR.ARPA. PTR ARPANET.ARPA. + + The first RR states that the organization named ARPA owns net 10 (It + might also own more network numbers, and these would be represented + with an additional RR per net.) The second states that the network + name ARPANET.ARPA. maps to net 10. The last states that net 10 is + named ARPANET.ARPA. + + Note that all of the usual host and corresponding IN-ADDR.ARPA + entries would still be required. + +4.2. A complicated, subnetted example + + The ISI network is 128.9, a class B number. Suppose the ISI network + was organized into two levels of subnet, with the first level using + an additional 8 bits of address, and the second level using 4 bits, + for address masks of x'FFFFFF00' and X'FFFFFFF0'. + + Then the following RRs would be entered in ISI's master file for the + ISI.EDU zone: + + + +Mockapetris [Page 6] + +RFC 1101 DNS Encoding of Network Names and Other Types April 1989 + + + ; Define network entry + isi-net.isi.edu. PTR 0.0.9.128.IN-ADDR.ARPA. + + ; Define first level subnets + div1-subnet.isi.edu. PTR 0.1.9.128.IN-ADDR.ARPA. + div2-subnet.isi.edu. PTR 0.2.9.128.IN-ADDR.ARPA. + + ; Define second level subnets + inc-subsubnet.isi.edu. PTR 16.2.9.128.IN-ADDR.ARPA. + + in the 9.128.IN-ADDR.ARPA zone: + + ; Define network number and address mask + 0.0.9.128.IN-ADDR.ARPA. PTR isi-net.isi.edu. + A 255.255.255.0 ;aka X'FFFFFF00' + + ; Define one of the first level subnet numbers and masks + 0.1.9.128.IN-ADDR.ARPA. PTR div1-subnet.isi.edu. + A 255.255.255.240 ;aka X'FFFFFFF0' + + ; Define another first level subnet number and mask + 0.2.9.128.IN-ADDR.ARPA. PTR div2-subnet.isi.edu. + A 255.255.255.240 ;aka X'FFFFFFF0' + + ; Define second level subnet number + 16.2.9.128.IN-ADDR.ARPA. PTR inc-subsubnet.isi.edu. + + This assumes that the ISI network is named isi-net.isi.edu., first + level subnets are named div1-subnet.isi.edu. and div2- + subnet.isi.edu., and a second level subnet is called inc- + subsubnet.isi.edu. (In a real system as complicated as this there + would be more first and second level subnets defined, but we have + shown enough to illustrate the ideas.) + +4.3. Procedure for using an IP address to get network name + + Depending on whether the IP address is class A, B, or C, mask off the + high one, two, or three bytes, respectively. Reverse the octets, + suffix IN-ADDR.ARPA, and do a PTR query. + + For example, suppose the IP address is 10.0.0.51. + + 1. Since this is a class A address, use a mask x'FF000000' and + get 10.0.0.0. + + 2. Construct the name 0.0.0.10.IN-ADDR.ARPA. + + 3. Do a PTR query. Get back + + + +Mockapetris [Page 7] + +RFC 1101 DNS Encoding of Network Names and Other Types April 1989 + + + 0.0.0.10.IN-ADDR.ARPA. PTR ARPANET.ARPA. + + 4. Conclude that the network name is "ARPANET.ARPA." + + Suppose that the IP address is 128.9.2.17. + + 1. Since this is a class B address, use a mask of x'FFFF0000' + and get 128.9.0.0. + + 2. Construct the name 0.0.9.128.IN-ADDR.ARPA. + + 3. Do a PTR query. Get back + + 0.0.9.128.IN-ADDR.ARPA. PTR isi-net.isi.edu + + 4. Conclude that the network name is "isi-net.isi.edu." + +4.4. Procedure for finding all subnets involved with an IP address + + This is a simple extension of the IP address to network name method. + When the network entry is located, do a lookup for a possible A RR. + If the A RR is found, look up the next level of subnet using the + original IP address and the mask in the A RR. Repeat this procedure + until no A RR is found. + + For example, repeating the use of 128.9.2.17. + + 1. As before construct a query for 0.0.9.128.IN-ADDR.ARPA. + Retrieve: + + 0.0.9.128.IN-ADDR.ARPA. PTR isi-net.isi.edu. + A 255.255.255.0 + + 2. Since an A RR was found, repeat using mask from RR + (255.255.255.0), constructing a query for + 0.2.9.128.IN-ADDR.ARPA. Retrieve: + + 0.2.9.128.IN-ADDR.ARPA. PTR div2-subnet.isi.edu. + A 255.255.255.240 + + 3. Since another A RR was found, repeat using mask + 255.255.255.240 (x'FFFFFFF0'). constructing a query for + 16.2.9.128.IN-ADDR.ARPA. Retrieve: + + 16.2.9.128.IN-ADDR.ARPA. PTR inc-subsubnet.isi.edu. + + 4. Since no A RR is present at 16.2.9.128.IN-ADDR.ARPA., there + are no more subnet levels. + + + +Mockapetris [Page 8] + +RFC 1101 DNS Encoding of Network Names and Other Types April 1989 + + +5. YP ISSUES AND DISCUSSION + + The term "Yellow Pages" is used in almost as many ways as the term + "domain", so it is useful to define what is meant herein by YP. The + general problem to be solved is to create a method for creating + mappings from one kind of identifier to another, often with an + inverse capability. The traditional methods are to search or use a + precomputed index of some kind. + + Searching is impractical when the search is too large, and + precomputed indexes are possible only when it is possible to specify + search criteria in advance, and pay for the resources necessary to + build the index. For example, it is impractical to search the entire + domain tree to find a particular address RR, so we build the IN- + ADDR.ARPA YP. Similarly, we could never build an Internet-wide index + of "hosts with a load average of less than 2" in less time than it + would take for the data to change, so indexes are a useless approach + for that problem. + + Such a precomputed index is what we mean by YP, and we regard the + IN-ADDR.ARPA domain as the first instance of a YP in the DNS. + Although a single, centrally-managed YP for well-known values such as + TCP-port is desirable, we regard organization-specific YPs for, say, + locally defined TCP ports as a natural extension, as are combinations + of YPs using search lists to merge the two. + + In examining Internet Numbers [RFC 997] and Assigned Numbers [RFC + 1010], it is clear that there are several mappings which might be of + value. For example: + + <assigned-network-name> <==> <IP-address> + <autonomous-system-id> <==> <number> + <protocol-id> <==> <number> + <port-id> <==> <number> + <ethernet-type> <==> <number> + <public-data-net> <==> <IP-address> + + Following the IN-ADDR example, the YP takes the form of a domain tree + organized to optimize retrieval by search key and distribution via + normal DNS rules. The name used as a key must include: + + 1. A well known origin. For example, IN-ADDR.ARPA is the + current IP-address to host name YP. + + 2. A "from" data type. This identifies the input type of the + mapping. This is necessary because we may be mapping + something as anonymous as a number to any number of + mnemonics, etc. + + + +Mockapetris [Page 9] + +RFC 1101 DNS Encoding of Network Names and Other Types April 1989 + + + 3. A "to" data type. Since we assume several symmetrical + mnemonic <==> number mappings, this is also necessary. + + This ordering reflects the natural scoping of control, and hence the + order of the components in a domain name. Thus domain names would be + of the form: + + <from-value>.<to-data-type>.<from-data-type>.<YP-origin> + + To make this work, we need to define well-know strings for each of + these metavariables, as well as encoding rules for converting a + <from-value> into a domain name. We might define: + + <YP-origin> :=YP + <from-data-type>:=TCP-port | IN-ADDR | Number | + Assigned-network-number | Name + <to-data-type> :=<from-data-type> + + Note that "YP" is NOT a valid country code under [ISO 3166] (although + we may want to worry about the future), and the existence of a + syntactically valid <to-data-type>.<from-data-type> pair does not + imply that a meaningful mapping exists, or is even possible. + + The encoding rules might be: + + TCP-port Six character alphanumeric + + IN-ADDR Reversed 4-octet decimal string + + Number decimal integer + + Assigned-network-number + Reversed 4-octet decimal string + + Name Domain name + +6. SPECIFICS FOR YP MAPPINGS + +6.1. TCP-PORT + + $origin Number.TCP-port.YP. + + 23 PTR TELNET.TCP-port.Number.YP. + 25 PTR SMTP.TCP-port.Number.YP. + + $origin TCP-port.Number.YP. + + TELNET PTR 23.Number.TCP-port.YP. + + + +Mockapetris [Page 10] + +RFC 1101 DNS Encoding of Network Names and Other Types April 1989 + + + SMTP PTR 25.Number.TCP-port.YP. + + Thus the mapping between 23 and TELNET is represented by a pair of + PTR RRs, one for each direction of the mapping. + +6.2. Assigned networks + + Network numbers are assigned by the NIC and reported in "Internet + Numbers" RFCs. To create a YP, the NIC would set up two domains: + + Name.Assigned-network-number.YP and Assigned-network-number.YP + + The first would contain entries of the form: + + $origin Name.Assigned-network-number.YP. + + 0.0.0.4 PTR SATNET.Assigned-network-number.Name.YP. + 0.0.0.10 PTR ARPANET.Assigned-network-number.Name.YP. + + The second would contain entries of the form: + + $origin Assigned-network-number.Name.YP. + + SATNET. PTR 0.0.0.4.Name.Assigned-network-number.YP. + ARPANET. PTR 0.0.0.10.Name.Assigned-network-number.YP. + + These YPs are not in conflict with the network name support described + in the first half of this RFC since they map between ASSIGNED network + names and numbers, not those allocated by the organizations + themselves. That is, they document the NIC's decisions about + allocating network numbers but do not automatically track any + renaming performed by the new owners. + + As a practical matter, we might want to create both of these domains + to enable users on the Internet to experiment with centrally + maintained support as well as the distributed version, or might want + to implement only the allocated number to name mapping and request + organizations to convert their allocated network names to the network + names described in the distributed model. + +6.3. Operational improvements + + We could imagine that all conversion routines using these YPs might + be instructed to use "YP.<local-domain>" followed by "YP." as a + search list. Thus, if the organization ISI.EDU wished to define + locally meaningful TCP-PORT, it would define the domains: + + <TCP-port.Number.YP.ISI.EDU> and <Number.TCP-port.YP.ISI.EDU>. + + + +Mockapetris [Page 11] + +RFC 1101 DNS Encoding of Network Names and Other Types April 1989 + + + We could add another level of indirection in the YP lookup, defining + the <to-data-type>.<from-data-type>.<YP-origin> nodes to point to the + YP tree, rather than being the YP tree directly. This would enable + entries of the form: + + IN-ADDR.Netname.YP. PTR IN-ADDR.ARPA. + + to splice in YPs from other origins or existing spaces. + + Another possibility would be to shorten the RDATA section of the RRs + which map back and forth by deleting the origin. This could be done + either by allowing the domain name in the RDATA portion to not + identify a real domain name, or by defining a new RR which used a + simple text string rather than a domain name. + + Thus, we might replace + + $origin Assigned-network-number.Name.YP. + + SATNET. PTR 0.0.0.4.Name.Assigned-network-number.YP. + ARPANET. PTR 0.0.0.10.Name.Assigned-network-number.YP. + + with + + $origin Assigned-network-number.Name.YP. + + SATNET. PTR 0.0.0.4. + ARPANET. PTR 0.0.0.10. + + or + + $origin Assigned-network-number.Name.YP. + + SATNET. PTT "0.0.0.4" + ARPANET. PTT "0.0.0.10" + + where PTT is a new type whose RDATA section is a text string. + +7. ACKNOWLEDGMENTS + + Drew Perkins, Mark Lottor, and Rob Austein contributed several of the + ideas in this RFC. Numerous contributions, criticisms, and + compromises were produced in the IETF Domain working group and the + NAMEDROPPERS mailing list. + + + + + + + +Mockapetris [Page 12] + +RFC 1101 DNS Encoding of Network Names and Other Types April 1989 + + +8. REFERENCES + + [HR] Braden, B., editor, "Requirements for Internet Hosts", + RFC in preparation. + + [ISO 3166] ISO, "Codes for the Representation of Names of + Countries", 1981. + + [RFC 882] Mockapetris, P., "Domain names - Concepts and + Facilities", RFC 882, USC/Information Sciences Institute, + November 1983. + + Superseded by RFC 1034. + + [RFC 883] Mockapetris, P.,"Domain names - Implementation and + Specification", RFC 883, USC/Information Sciences + Institute, November 1983. + + Superceeded by RFC 1035. + + [RFC 920] Postel, J. and J. Reynolds, "Domain Requirements", RFC + 920, October 1984. + + Explains the naming scheme for top level domains. + + [RFC 952] Harrenstien, K., M. Stahl, and E. Feinler, "DoD Internet + Host Table Specification", RFC 952, SRI, October 1985. + + Specifies the format of HOSTS.TXT, the host/address table + replaced by the DNS + + [RFC 973] Mockapetris, P., "Domain System Changes and + Observations", RFC 973, USC/Information Sciences + Institute, January 1986. + + Describes changes to RFCs 882 and 883 and reasons for + them. + + [RFC 974] Partridge, C., "Mail routing and the domain system", RFC + 974, CSNET CIC BBN Labs, January 1986. + + Describes the transition from HOSTS.TXT based mail + addressing to the more powerful MX system used with the + domain system. + + + + + + + +Mockapetris [Page 13] + +RFC 1101 DNS Encoding of Network Names and Other Types April 1989 + + + [RFC 997] Reynolds, J., and J. Postel, "Internet Numbers", RFC 997, + USC/Information Sciences Institute, March 1987 + + Contains network numbers, autonomous system numbers, etc. + + [RFC 1010] Reynolds, J., and J. Postel, "Assigned Numbers", RFC + 1010, USC/Information Sciences Institute, May 1987 + + Contains socket numbers and mnemonics for host names, + operating systems, etc. + + + [RFC 1034] Mockapetris, P., "Domain names - Concepts and + Facilities", RFC 1034, USC/Information Sciences + Institute, November 1987. + + Introduction/overview of the DNS. + + [RFC 1035] Mockapetris, P., "Domain names - Implementation and + Specification", RFC 1035, USC/Information Sciences + Institute, November 1987. + + DNS implementation instructions. + +Author's Address: + + Paul Mockapetris + USC/Information Sciences Institute + 4676 Admiralty Way + Marina del Rey, CA 90292 + + Phone: (213) 822-1511 + + Email: PVM@ISI.EDU + + + + + + + + + + + + + + + + + +Mockapetris [Page 14] +
\ No newline at end of file diff --git a/usr.sbin/named/doc/rfc/rfc1122 b/usr.sbin/named/doc/rfc/rfc1122 new file mode 100644 index 00000000000..c14f2e50a31 --- /dev/null +++ b/usr.sbin/named/doc/rfc/rfc1122 @@ -0,0 +1,6844 @@ + + + + + + +Network Working Group Internet Engineering Task Force +Request for Comments: 1122 R. Braden, Editor + October 1989 + + + Requirements for Internet Hosts -- Communication Layers + + +Status of This Memo + + This RFC is an official specification for the Internet community. It + incorporates by reference, amends, corrects, and supplements the + primary protocol standards documents relating to hosts. Distribution + of this document is unlimited. + +Summary + + This is one RFC of a pair that defines and discusses the requirements + for Internet host software. This RFC covers the communications + protocol layers: link layer, IP layer, and transport layer; its + companion RFC-1123 covers the application and support protocols. + + + + Table of Contents + + + + + 1. INTRODUCTION ............................................... 5 + 1.1 The Internet Architecture .............................. 6 + 1.1.1 Internet Hosts .................................... 6 + 1.1.2 Architectural Assumptions ......................... 7 + 1.1.3 Internet Protocol Suite ........................... 8 + 1.1.4 Embedded Gateway Code ............................. 10 + 1.2 General Considerations ................................. 12 + 1.2.1 Continuing Internet Evolution ..................... 12 + 1.2.2 Robustness Principle .............................. 12 + 1.2.3 Error Logging ..................................... 13 + 1.2.4 Configuration ..................................... 14 + 1.3 Reading this Document .................................. 15 + 1.3.1 Organization ...................................... 15 + 1.3.2 Requirements ...................................... 16 + 1.3.3 Terminology ....................................... 17 + 1.4 Acknowledgments ........................................ 20 + + 2. LINK LAYER .................................................. 21 + 2.1 INTRODUCTION ........................................... 21 + + + +Internet Engineering Task Force [Page 1] + + + + +RFC1122 INTRODUCTION October 1989 + + + 2.2 PROTOCOL WALK-THROUGH .................................. 21 + 2.3 SPECIFIC ISSUES ........................................ 21 + 2.3.1 Trailer Protocol Negotiation ...................... 21 + 2.3.2 Address Resolution Protocol -- ARP ................ 22 + 2.3.2.1 ARP Cache Validation ......................... 22 + 2.3.2.2 ARP Packet Queue ............................. 24 + 2.3.3 Ethernet and IEEE 802 Encapsulation ............... 24 + 2.4 LINK/INTERNET LAYER INTERFACE .......................... 25 + 2.5 LINK LAYER REQUIREMENTS SUMMARY ........................ 26 + + 3. INTERNET LAYER PROTOCOLS .................................... 27 + 3.1 INTRODUCTION ............................................ 27 + 3.2 PROTOCOL WALK-THROUGH .................................. 29 + 3.2.1 Internet Protocol -- IP ............................ 29 + 3.2.1.1 Version Number ............................... 29 + 3.2.1.2 Checksum ..................................... 29 + 3.2.1.3 Addressing ................................... 29 + 3.2.1.4 Fragmentation and Reassembly ................. 32 + 3.2.1.5 Identification ............................... 32 + 3.2.1.6 Type-of-Service .............................. 33 + 3.2.1.7 Time-to-Live ................................. 34 + 3.2.1.8 Options ...................................... 35 + 3.2.2 Internet Control Message Protocol -- ICMP .......... 38 + 3.2.2.1 Destination Unreachable ...................... 39 + 3.2.2.2 Redirect ..................................... 40 + 3.2.2.3 Source Quench ................................ 41 + 3.2.2.4 Time Exceeded ................................ 41 + 3.2.2.5 Parameter Problem ............................ 42 + 3.2.2.6 Echo Request/Reply ........................... 42 + 3.2.2.7 Information Request/Reply .................... 43 + 3.2.2.8 Timestamp and Timestamp Reply ................ 43 + 3.2.2.9 Address Mask Request/Reply ................... 45 + 3.2.3 Internet Group Management Protocol IGMP ........... 47 + 3.3 SPECIFIC ISSUES ........................................ 47 + 3.3.1 Routing Outbound Datagrams ........................ 47 + 3.3.1.1 Local/Remote Decision ........................ 47 + 3.3.1.2 Gateway Selection ............................ 48 + 3.3.1.3 Route Cache .................................. 49 + 3.3.1.4 Dead Gateway Detection ....................... 51 + 3.3.1.5 New Gateway Selection ........................ 55 + 3.3.1.6 Initialization ............................... 56 + 3.3.2 Reassembly ........................................ 56 + 3.3.3 Fragmentation ..................................... 58 + 3.3.4 Local Multihoming ................................. 60 + 3.3.4.1 Introduction ................................. 60 + 3.3.4.2 Multihoming Requirements ..................... 61 + 3.3.4.3 Choosing a Source Address .................... 64 + 3.3.5 Source Route Forwarding ........................... 65 + + + +Internet Engineering Task Force [Page 2] + + + + +RFC1122 INTRODUCTION October 1989 + + + 3.3.6 Broadcasts ........................................ 66 + 3.3.7 IP Multicasting ................................... 67 + 3.3.8 Error Reporting ................................... 69 + 3.4 INTERNET/TRANSPORT LAYER INTERFACE ..................... 69 + 3.5 INTERNET LAYER REQUIREMENTS SUMMARY .................... 72 + + 4. TRANSPORT PROTOCOLS ......................................... 77 + 4.1 USER DATAGRAM PROTOCOL -- UDP .......................... 77 + 4.1.1 INTRODUCTION ...................................... 77 + 4.1.2 PROTOCOL WALK-THROUGH ............................. 77 + 4.1.3 SPECIFIC ISSUES ................................... 77 + 4.1.3.1 Ports ........................................ 77 + 4.1.3.2 IP Options ................................... 77 + 4.1.3.3 ICMP Messages ................................ 78 + 4.1.3.4 UDP Checksums ................................ 78 + 4.1.3.5 UDP Multihoming .............................. 79 + 4.1.3.6 Invalid Addresses ............................ 79 + 4.1.4 UDP/APPLICATION LAYER INTERFACE ................... 79 + 4.1.5 UDP REQUIREMENTS SUMMARY .......................... 80 + 4.2 TRANSMISSION CONTROL PROTOCOL -- TCP ................... 82 + 4.2.1 INTRODUCTION ...................................... 82 + 4.2.2 PROTOCOL WALK-THROUGH ............................. 82 + 4.2.2.1 Well-Known Ports ............................. 82 + 4.2.2.2 Use of Push .................................. 82 + 4.2.2.3 Window Size .................................. 83 + 4.2.2.4 Urgent Pointer ............................... 84 + 4.2.2.5 TCP Options .................................. 85 + 4.2.2.6 Maximum Segment Size Option .................. 85 + 4.2.2.7 TCP Checksum ................................. 86 + 4.2.2.8 TCP Connection State Diagram ................. 86 + 4.2.2.9 Initial Sequence Number Selection ............ 87 + 4.2.2.10 Simultaneous Open Attempts .................. 87 + 4.2.2.11 Recovery from Old Duplicate SYN ............. 87 + 4.2.2.12 RST Segment ................................. 87 + 4.2.2.13 Closing a Connection ........................ 87 + 4.2.2.14 Data Communication .......................... 89 + 4.2.2.15 Retransmission Timeout ...................... 90 + 4.2.2.16 Managing the Window ......................... 91 + 4.2.2.17 Probing Zero Windows ........................ 92 + 4.2.2.18 Passive OPEN Calls .......................... 92 + 4.2.2.19 Time to Live ................................ 93 + 4.2.2.20 Event Processing ............................ 93 + 4.2.2.21 Acknowledging Queued Segments ............... 94 + 4.2.3 SPECIFIC ISSUES ................................... 95 + 4.2.3.1 Retransmission Timeout Calculation ........... 95 + 4.2.3.2 When to Send an ACK Segment .................. 96 + 4.2.3.3 When to Send a Window Update ................. 97 + 4.2.3.4 When to Send Data ............................ 98 + + + +Internet Engineering Task Force [Page 3] + + + + +RFC1122 INTRODUCTION October 1989 + + + 4.2.3.5 TCP Connection Failures ...................... 100 + 4.2.3.6 TCP Keep-Alives .............................. 101 + 4.2.3.7 TCP Multihoming .............................. 103 + 4.2.3.8 IP Options ................................... 103 + 4.2.3.9 ICMP Messages ................................ 103 + 4.2.3.10 Remote Address Validation ................... 104 + 4.2.3.11 TCP Traffic Patterns ........................ 104 + 4.2.3.12 Efficiency .................................. 105 + 4.2.4 TCP/APPLICATION LAYER INTERFACE ................... 106 + 4.2.4.1 Asynchronous Reports ......................... 106 + 4.2.4.2 Type-of-Service .............................. 107 + 4.2.4.3 Flush Call ................................... 107 + 4.2.4.4 Multihoming .................................. 108 + 4.2.5 TCP REQUIREMENT SUMMARY ........................... 108 + + 5. REFERENCES ................................................. 112 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Internet Engineering Task Force [Page 4] + + + + +RFC1122 INTRODUCTION October 1989 + + +1. INTRODUCTION + + This document is one of a pair that defines and discusses the + requirements for host system implementations of the Internet protocol + suite. This RFC covers the communication protocol layers: link + layer, IP layer, and transport layer. Its companion RFC, + "Requirements for Internet Hosts -- Application and Support" + [INTRO:1], covers the application layer protocols. This document + should also be read in conjunction with "Requirements for Internet + Gateways" [INTRO:2]. + + These documents are intended to provide guidance for vendors, + implementors, and users of Internet communication software. They + represent the consensus of a large body of technical experience and + wisdom, contributed by the members of the Internet research and + vendor communities. + + This RFC enumerates standard protocols that a host connected to the + Internet must use, and it incorporates by reference the RFCs and + other documents describing the current specifications for these + protocols. It corrects errors in the referenced documents and adds + additional discussion and guidance for an implementor. + + For each protocol, this document also contains an explicit set of + requirements, recommendations, and options. The reader must + understand that the list of requirements in this document is + incomplete by itself; the complete set of requirements for an + Internet host is primarily defined in the standard protocol + specification documents, with the corrections, amendments, and + supplements contained in this RFC. + + A good-faith implementation of the protocols that was produced after + careful reading of the RFC's and with some interaction with the + Internet technical community, and that followed good communications + software engineering practices, should differ from the requirements + of this document in only minor ways. Thus, in many cases, the + "requirements" in this RFC are already stated or implied in the + standard protocol documents, so that their inclusion here is, in a + sense, redundant. However, they were included because some past + implementation has made the wrong choice, causing problems of + interoperability, performance, and/or robustness. + + This document includes discussion and explanation of many of the + requirements and recommendations. A simple list of requirements + would be dangerous, because: + + o Some required features are more important than others, and some + features are optional. + + + +Internet Engineering Task Force [Page 5] + + + + +RFC1122 INTRODUCTION October 1989 + + + o There may be valid reasons why particular vendor products that + are designed for restricted contexts might choose to use + different specifications. + + However, the specifications of this document must be followed to meet + the general goal of arbitrary host interoperation across the + diversity and complexity of the Internet system. Although most + current implementations fail to meet these requirements in various + ways, some minor and some major, this specification is the ideal + towards which we need to move. + + These requirements are based on the current level of Internet + architecture. This document will be updated as required to provide + additional clarifications or to include additional information in + those areas in which specifications are still evolving. + + This introductory section begins with a brief overview of the + Internet architecture as it relates to hosts, and then gives some + general advice to host software vendors. Finally, there is some + guidance on reading the rest of the document and some terminology. + + 1.1 The Internet Architecture + + General background and discussion on the Internet architecture and + supporting protocol suite can be found in the DDN Protocol + Handbook [INTRO:3]; for background see for example [INTRO:9], + [INTRO:10], and [INTRO:11]. Reference [INTRO:5] describes the + procedure for obtaining Internet protocol documents, while + [INTRO:6] contains a list of the numbers assigned within Internet + protocols. + + 1.1.1 Internet Hosts + + A host computer, or simply "host," is the ultimate consumer of + communication services. A host generally executes application + programs on behalf of user(s), employing network and/or + Internet communication services in support of this function. + An Internet host corresponds to the concept of an "End-System" + used in the OSI protocol suite [INTRO:13]. + + An Internet communication system consists of interconnected + packet networks supporting communication among host computers + using the Internet protocols. The networks are interconnected + using packet-switching computers called "gateways" or "IP + routers" by the Internet community, and "Intermediate Systems" + by the OSI world [INTRO:13]. The RFC "Requirements for + Internet Gateways" [INTRO:2] contains the official + specifications for Internet gateways. That RFC together with + + + +Internet Engineering Task Force [Page 6] + + + + +RFC1122 INTRODUCTION October 1989 + + + the present document and its companion [INTRO:1] define the + rules for the current realization of the Internet architecture. + + Internet hosts span a wide range of size, speed, and function. + They range in size from small microprocessors through + workstations to mainframes and supercomputers. In function, + they range from single-purpose hosts (such as terminal servers) + to full-service hosts that support a variety of online network + services, typically including remote login, file transfer, and + electronic mail. + + A host is generally said to be multihomed if it has more than + one interface to the same or to different networks. See + Section 1.1.3 on "Terminology". + + 1.1.2 Architectural Assumptions + + The current Internet architecture is based on a set of + assumptions about the communication system. The assumptions + most relevant to hosts are as follows: + + (a) The Internet is a network of networks. + + Each host is directly connected to some particular + network(s); its connection to the Internet is only + conceptual. Two hosts on the same network communicate + with each other using the same set of protocols that they + would use to communicate with hosts on distant networks. + + (b) Gateways don't keep connection state information. + + To improve robustness of the communication system, + gateways are designed to be stateless, forwarding each IP + datagram independently of other datagrams. As a result, + redundant paths can be exploited to provide robust service + in spite of failures of intervening gateways and networks. + + All state information required for end-to-end flow control + and reliability is implemented in the hosts, in the + transport layer or in application programs. All + connection control information is thus co-located with the + end points of the communication, so it will be lost only + if an end point fails. + + (c) Routing complexity should be in the gateways. + + Routing is a complex and difficult problem, and ought to + be performed by the gateways, not the hosts. An important + + + +Internet Engineering Task Force [Page 7] + + + + +RFC1122 INTRODUCTION October 1989 + + + objective is to insulate host software from changes caused + by the inevitable evolution of the Internet routing + architecture. + + (d) The System must tolerate wide network variation. + + A basic objective of the Internet design is to tolerate a + wide range of network characteristics -- e.g., bandwidth, + delay, packet loss, packet reordering, and maximum packet + size. Another objective is robustness against failure of + individual networks, gateways, and hosts, using whatever + bandwidth is still available. Finally, the goal is full + "open system interconnection": an Internet host must be + able to interoperate robustly and effectively with any + other Internet host, across diverse Internet paths. + + Sometimes host implementors have designed for less + ambitious goals. For example, the LAN environment is + typically much more benign than the Internet as a whole; + LANs have low packet loss and delay and do not reorder + packets. Some vendors have fielded host implementations + that are adequate for a simple LAN environment, but work + badly for general interoperation. The vendor justifies + such a product as being economical within the restricted + LAN market. However, isolated LANs seldom stay isolated + for long; they are soon gatewayed to each other, to + organization-wide internets, and eventually to the global + Internet system. In the end, neither the customer nor the + vendor is served by incomplete or substandard Internet + host software. + + The requirements spelled out in this document are designed + for a full-function Internet host, capable of full + interoperation over an arbitrary Internet path. + + + 1.1.3 Internet Protocol Suite + + To communicate using the Internet system, a host must implement + the layered set of protocols comprising the Internet protocol + suite. A host typically must implement at least one protocol + from each layer. + + The protocol layers used in the Internet architecture are as + follows [INTRO:4]: + + + o Application Layer + + + +Internet Engineering Task Force [Page 8] + + + + +RFC1122 INTRODUCTION October 1989 + + + The application layer is the top layer of the Internet + protocol suite. The Internet suite does not further + subdivide the application layer, although some of the + Internet application layer protocols do contain some + internal sub-layering. The application layer of the + Internet suite essentially combines the functions of the + top two layers -- Presentation and Application -- of the + OSI reference model. + + We distinguish two categories of application layer + protocols: user protocols that provide service directly + to users, and support protocols that provide common system + functions. Requirements for user and support protocols + will be found in the companion RFC [INTRO:1]. + + The most common Internet user protocols are: + + o Telnet (remote login) + o FTP (file transfer) + o SMTP (electronic mail delivery) + + There are a number of other standardized user protocols + [INTRO:4] and many private user protocols. + + Support protocols, used for host name mapping, booting, + and management, include SNMP, BOOTP, RARP, and the Domain + Name System (DNS) protocols. + + + o Transport Layer + + The transport layer provides end-to-end communication + services for applications. There are two primary + transport layer protocols at present: + + o Transmission Control Protocol (TCP) + o User Datagram Protocol (UDP) + + TCP is a reliable connection-oriented transport service + that provides end-to-end reliability, resequencing, and + flow control. UDP is a connectionless ("datagram") + transport service. + + Other transport protocols have been developed by the + research community, and the set of official Internet + transport protocols may be expanded in the future. + + Transport layer protocols are discussed in Chapter 4. + + + +Internet Engineering Task Force [Page 9] + + + + +RFC1122 INTRODUCTION October 1989 + + + o Internet Layer + + All Internet transport protocols use the Internet Protocol + (IP) to carry data from source host to destination host. + IP is a connectionless or datagram internetwork service, + providing no end-to-end delivery guarantees. Thus, IP + datagrams may arrive at the destination host damaged, + duplicated, out of order, or not at all. The layers above + IP are responsible for reliable delivery service when it + is required. The IP protocol includes provision for + addressing, type-of-service specification, fragmentation + and reassembly, and security information. + + The datagram or connectionless nature of the IP protocol + is a fundamental and characteristic feature of the + Internet architecture. Internet IP was the model for the + OSI Connectionless Network Protocol [INTRO:12]. + + ICMP is a control protocol that is considered to be an + integral part of IP, although it is architecturally + layered upon IP, i.e., it uses IP to carry its data end- + to-end just as a transport protocol like TCP or UDP does. + ICMP provides error reporting, congestion reporting, and + first-hop gateway redirection. + + IGMP is an Internet layer protocol used for establishing + dynamic host groups for IP multicasting. + + The Internet layer protocols IP, ICMP, and IGMP are + discussed in Chapter 3. + + + o Link Layer + + To communicate on its directly-connected network, a host + must implement the communication protocol used to + interface to that network. We call this a link layer or + media-access layer protocol. + + There is a wide variety of link layer protocols, + corresponding to the many different types of networks. + See Chapter 2. + + + 1.1.4 Embedded Gateway Code + + Some Internet host software includes embedded gateway + functionality, so that these hosts can forward packets as a + + + +Internet Engineering Task Force [Page 10] + + + + +RFC1122 INTRODUCTION October 1989 + + + gateway would, while still performing the application layer + functions of a host. + + Such dual-purpose systems must follow the Gateway Requirements + RFC [INTRO:2] with respect to their gateway functions, and + must follow the present document with respect to their host + functions. In all overlapping cases, the two specifications + should be in agreement. + + There are varying opinions in the Internet community about + embedded gateway functionality. The main arguments are as + follows: + + o Pro: in a local network environment where networking is + informal, or in isolated internets, it may be convenient + and economical to use existing host systems as gateways. + + There is also an architectural argument for embedded + gateway functionality: multihoming is much more common + than originally foreseen, and multihoming forces a host to + make routing decisions as if it were a gateway. If the + multihomed host contains an embedded gateway, it will + have full routing knowledge and as a result will be able + to make more optimal routing decisions. + + o Con: Gateway algorithms and protocols are still changing, + and they will continue to change as the Internet system + grows larger. Attempting to include a general gateway + function within the host IP layer will force host system + maintainers to track these (more frequent) changes. Also, + a larger pool of gateway implementations will make + coordinating the changes more difficult. Finally, the + complexity of a gateway IP layer is somewhat greater than + that of a host, making the implementation and operation + tasks more complex. + + In addition, the style of operation of some hosts is not + appropriate for providing stable and robust gateway + service. + + There is considerable merit in both of these viewpoints. One + conclusion can be drawn: an host administrator must have + conscious control over whether or not a given host acts as a + gateway. See Section 3.1 for the detailed requirements. + + + + + + + +Internet Engineering Task Force [Page 11] + + + + +RFC1122 INTRODUCTION October 1989 + + + 1.2 General Considerations + + There are two important lessons that vendors of Internet host + software have learned and which a new vendor should consider + seriously. + + 1.2.1 Continuing Internet Evolution + + The enormous growth of the Internet has revealed problems of + management and scaling in a large datagram-based packet + communication system. These problems are being addressed, and + as a result there will be continuing evolution of the + specifications described in this document. These changes will + be carefully planned and controlled, since there is extensive + participation in this planning by the vendors and by the + organizations responsible for operations of the networks. + + Development, evolution, and revision are characteristic of + computer network protocols today, and this situation will + persist for some years. A vendor who develops computer + communication software for the Internet protocol suite (or any + other protocol suite!) and then fails to maintain and update + that software for changing specifications is going to leave a + trail of unhappy customers. The Internet is a large + communication network, and the users are in constant contact + through it. Experience has shown that knowledge of + deficiencies in vendor software propagates quickly through the + Internet technical community. + + 1.2.2 Robustness Principle + + At every layer of the protocols, there is a general rule whose + application can lead to enormous benefits in robustness and + interoperability [IP:1]: + + "Be liberal in what you accept, and + conservative in what you send" + + Software should be written to deal with every conceivable + error, no matter how unlikely; sooner or later a packet will + come in with that particular combination of errors and + attributes, and unless the software is prepared, chaos can + ensue. In general, it is best to assume that the network is + filled with malevolent entities that will send in packets + designed to have the worst possible effect. This assumption + will lead to suitable protective design, although the most + serious problems in the Internet have been caused by + unenvisaged mechanisms triggered by low-probability events; + + + +Internet Engineering Task Force [Page 12] + + + + +RFC1122 INTRODUCTION October 1989 + + + mere human malice would never have taken so devious a course! + + Adaptability to change must be designed into all levels of + Internet host software. As a simple example, consider a + protocol specification that contains an enumeration of values + for a particular header field -- e.g., a type field, a port + number, or an error code; this enumeration must be assumed to + be incomplete. Thus, if a protocol specification defines four + possible error codes, the software must not break when a fifth + code shows up. An undefined code might be logged (see below), + but it must not cause a failure. + + The second part of the principle is almost as important: + software on other hosts may contain deficiencies that make it + unwise to exploit legal but obscure protocol features. It is + unwise to stray far from the obvious and simple, lest untoward + effects result elsewhere. A corollary of this is "watch out + for misbehaving hosts"; host software should be prepared, not + just to survive other misbehaving hosts, but also to cooperate + to limit the amount of disruption such hosts can cause to the + shared communication facility. + + 1.2.3 Error Logging + + The Internet includes a great variety of host and gateway + systems, each implementing many protocols and protocol layers, + and some of these contain bugs and mis-features in their + Internet protocol software. As a result of complexity, + diversity, and distribution of function, the diagnosis of + Internet problems is often very difficult. + + Problem diagnosis will be aided if host implementations include + a carefully designed facility for logging erroneous or + "strange" protocol events. It is important to include as much + diagnostic information as possible when an error is logged. In + particular, it is often useful to record the header(s) of a + packet that caused an error. However, care must be taken to + ensure that error logging does not consume prohibitive amounts + of resources or otherwise interfere with the operation of the + host. + + There is a tendency for abnormal but harmless protocol events + to overflow error logging files; this can be avoided by using a + "circular" log, or by enabling logging only while diagnosing a + known failure. It may be useful to filter and count duplicate + successive messages. One strategy that seems to work well is: + (1) always count abnormalities and make such counts accessible + through the management protocol (see [INTRO:1]); and (2) allow + + + +Internet Engineering Task Force [Page 13] + + + + +RFC1122 INTRODUCTION October 1989 + + + the logging of a great variety of events to be selectively + enabled. For example, it might useful to be able to "log + everything" or to "log everything for host X". + + Note that different managements may have differing policies + about the amount of error logging that they want normally + enabled in a host. Some will say, "if it doesn't hurt me, I + don't want to know about it", while others will want to take a + more watchful and aggressive attitude about detecting and + removing protocol abnormalities. + + 1.2.4 Configuration + + It would be ideal if a host implementation of the Internet + protocol suite could be entirely self-configuring. This would + allow the whole suite to be implemented in ROM or cast into + silicon, it would simplify diskless workstations, and it would + be an immense boon to harried LAN administrators as well as + system vendors. We have not reached this ideal; in fact, we + are not even close. + + At many points in this document, you will find a requirement + that a parameter be a configurable option. There are several + different reasons behind such requirements. In a few cases, + there is current uncertainty or disagreement about the best + value, and it may be necessary to update the recommended value + in the future. In other cases, the value really depends on + external factors -- e.g., the size of the host and the + distribution of its communication load, or the speeds and + topology of nearby networks -- and self-tuning algorithms are + unavailable and may be insufficient. In some cases, + configurability is needed because of administrative + requirements. + + Finally, some configuration options are required to communicate + with obsolete or incorrect implementations of the protocols, + distributed without sources, that unfortunately persist in many + parts of the Internet. To make correct systems coexist with + these faulty systems, administrators often have to "mis- + configure" the correct systems. This problem will correct + itself gradually as the faulty systems are retired, but it + cannot be ignored by vendors. + + When we say that a parameter must be configurable, we do not + intend to require that its value be explicitly read from a + configuration file at every boot time. We recommend that + implementors set up a default for each parameter, so a + configuration file is only necessary to override those defaults + + + +Internet Engineering Task Force [Page 14] + + + + +RFC1122 INTRODUCTION October 1989 + + + that are inappropriate in a particular installation. Thus, the + configurability requirement is an assurance that it will be + POSSIBLE to override the default when necessary, even in a + binary-only or ROM-based product. + + This document requires a particular value for such defaults in + some cases. The choice of default is a sensitive issue when + the configuration item controls the accommodation to existing + faulty systems. If the Internet is to converge successfully to + complete interoperability, the default values built into + implementations must implement the official protocol, not + "mis-configurations" to accommodate faulty implementations. + Although marketing considerations have led some vendors to + choose mis-configuration defaults, we urge vendors to choose + defaults that will conform to the standard. + + Finally, we note that a vendor needs to provide adequate + documentation on all configuration parameters, their limits and + effects. + + + 1.3 Reading this Document + + 1.3.1 Organization + + Protocol layering, which is generally used as an organizing + principle in implementing network software, has also been used + to organize this document. In describing the rules, we assume + that an implementation does strictly mirror the layering of the + protocols. Thus, the following three major sections specify + the requirements for the link layer, the internet layer, and + the transport layer, respectively. A companion RFC [INTRO:1] + covers application level software. This layerist organization + was chosen for simplicity and clarity. + + However, strict layering is an imperfect model, both for the + protocol suite and for recommended implementation approaches. + Protocols in different layers interact in complex and sometimes + subtle ways, and particular functions often involve multiple + layers. There are many design choices in an implementation, + many of which involve creative "breaking" of strict layering. + Every implementor is urged to read references [INTRO:7] and + [INTRO:8]. + + This document describes the conceptual service interface + between layers using a functional ("procedure call") notation, + like that used in the TCP specification [TCP:1]. A host + implementation must support the logical information flow + + + +Internet Engineering Task Force [Page 15] + + + + +RFC1122 INTRODUCTION October 1989 + + + implied by these calls, but need not literally implement the + calls themselves. For example, many implementations reflect + the coupling between the transport layer and the IP layer by + giving them shared access to common data structures. These + data structures, rather than explicit procedure calls, are then + the agency for passing much of the information that is + required. + + In general, each major section of this document is organized + into the following subsections: + + (1) Introduction + + (2) Protocol Walk-Through -- considers the protocol + specification documents section-by-section, correcting + errors, stating requirements that may be ambiguous or + ill-defined, and providing further clarification or + explanation. + + (3) Specific Issues -- discusses protocol design and + implementation issues that were not included in the walk- + through. + + (4) Interfaces -- discusses the service interface to the next + higher layer. + + (5) Summary -- contains a summary of the requirements of the + section. + + + Under many of the individual topics in this document, there is + parenthetical material labeled "DISCUSSION" or + "IMPLEMENTATION". This material is intended to give + clarification and explanation of the preceding requirements + text. It also includes some suggestions on possible future + directions or developments. The implementation material + contains suggested approaches that an implementor may want to + consider. + + The summary sections are intended to be guides and indexes to + the text, but are necessarily cryptic and incomplete. The + summaries should never be used or referenced separately from + the complete RFC. + + 1.3.2 Requirements + + In this document, the words that are used to define the + significance of each particular requirement are capitalized. + + + +Internet Engineering Task Force [Page 16] + + + + +RFC1122 INTRODUCTION October 1989 + + + These words are: + + * "MUST" + + This word or the adjective "REQUIRED" means that the item + is an absolute requirement of the specification. + + * "SHOULD" + + This word or the adjective "RECOMMENDED" means that there + may exist valid reasons in particular circumstances to + ignore this item, but the full implications should be + understood and the case carefully weighed before choosing + a different course. + + * "MAY" + + This word or the adjective "OPTIONAL" means that this item + is truly optional. One vendor may choose to include the + item because a particular marketplace requires it or + because it enhances the product, for example; another + vendor may omit the same item. + + + An implementation is not compliant if it fails to satisfy one + or more of the MUST requirements for the protocols it + implements. An implementation that satisfies all the MUST and + all the SHOULD requirements for its protocols is said to be + "unconditionally compliant"; one that satisfies all the MUST + requirements but not all the SHOULD requirements for its + protocols is said to be "conditionally compliant". + + 1.3.3 Terminology + + This document uses the following technical terms: + + Segment + A segment is the unit of end-to-end transmission in the + TCP protocol. A segment consists of a TCP header followed + by application data. A segment is transmitted by + encapsulation inside an IP datagram. + + Message + In this description of the lower-layer protocols, a + message is the unit of transmission in a transport layer + protocol. In particular, a TCP segment is a message. A + message consists of a transport protocol header followed + by application protocol data. To be transmitted end-to- + + + +Internet Engineering Task Force [Page 17] + + + + +RFC1122 INTRODUCTION October 1989 + + + end through the Internet, a message must be encapsulated + inside a datagram. + + IP Datagram + An IP datagram is the unit of end-to-end transmission in + the IP protocol. An IP datagram consists of an IP header + followed by transport layer data, i.e., of an IP header + followed by a message. + + In the description of the internet layer (Section 3), the + unqualified term "datagram" should be understood to refer + to an IP datagram. + + Packet + A packet is the unit of data passed across the interface + between the internet layer and the link layer. It + includes an IP header and data. A packet may be a + complete IP datagram or a fragment of an IP datagram. + + Frame + A frame is the unit of transmission in a link layer + protocol, and consists of a link-layer header followed by + a packet. + + Connected Network + A network to which a host is interfaced is often known as + the "local network" or the "subnetwork" relative to that + host. However, these terms can cause confusion, and + therefore we use the term "connected network" in this + document. + + Multihomed + A host is said to be multihomed if it has multiple IP + addresses. For a discussion of multihoming, see Section + 3.3.4 below. + + Physical network interface + This is a physical interface to a connected network and + has a (possibly unique) link-layer address. Multiple + physical network interfaces on a single host may share the + same link-layer address, but the address must be unique + for different hosts on the same physical network. + + Logical [network] interface + We define a logical [network] interface to be a logical + path, distinguished by a unique IP address, to a connected + network. See Section 3.3.4. + + + + +Internet Engineering Task Force [Page 18] + + + + +RFC1122 INTRODUCTION October 1989 + + + Specific-destination address + This is the effective destination address of a datagram, + even if it is broadcast or multicast; see Section 3.2.1.3. + + Path + At a given moment, all the IP datagrams from a particular + source host to a particular destination host will + typically traverse the same sequence of gateways. We use + the term "path" for this sequence. Note that a path is + uni-directional; it is not unusual to have different paths + in the two directions between a given host pair. + + MTU + The maximum transmission unit, i.e., the size of the + largest packet that can be transmitted. + + + The terms frame, packet, datagram, message, and segment are + illustrated by the following schematic diagrams: + + A. Transmission on connected network: + _______________________________________________ + | LL hdr | IP hdr | (data) | + |________|________|_____________________________| + + <---------- Frame -----------------------------> + <----------Packet --------------------> + + + B. Before IP fragmentation or after IP reassembly: + ______________________________________ + | IP hdr | transport| Application Data | + |________|____hdr___|__________________| + + <-------- Datagram ------------------> + <-------- Message -----------> + or, for TCP: + ______________________________________ + | IP hdr | TCP hdr | Application Data | + |________|__________|__________________| + + <-------- Datagram ------------------> + <-------- Segment -----------> + + + + + + + + +Internet Engineering Task Force [Page 19] + + + + +RFC1122 INTRODUCTION October 1989 + + + 1.4 Acknowledgments + + This document incorporates contributions and comments from a large + group of Internet protocol experts, including representatives of + university and research labs, vendors, and government agencies. + It was assembled primarily by the Host Requirements Working Group + of the Internet Engineering Task Force (IETF). + + The Editor would especially like to acknowledge the tireless + dedication of the following people, who attended many long + meetings and generated 3 million bytes of electronic mail over the + past 18 months in pursuit of this document: Philip Almquist, Dave + Borman (Cray Research), Noel Chiappa, Dave Crocker (DEC), Steve + Deering (Stanford), Mike Karels (Berkeley), Phil Karn (Bellcore), + John Lekashman (NASA), Charles Lynn (BBN), Keith McCloghrie (TWG), + Paul Mockapetris (ISI), Thomas Narten (Purdue), Craig Partridge + (BBN), Drew Perkins (CMU), and James Van Bokkelen (FTP Software). + + In addition, the following people made major contributions to the + effort: Bill Barns (Mitre), Steve Bellovin (AT&T), Mike Brescia + (BBN), Ed Cain (DCA), Annette DeSchon (ISI), Martin Gross (DCA), + Phill Gross (NRI), Charles Hedrick (Rutgers), Van Jacobson (LBL), + John Klensin (MIT), Mark Lottor (SRI), Milo Medin (NASA), Bill + Melohn (Sun Microsystems), Greg Minshall (Kinetics), Jeff Mogul + (DEC), John Mullen (CMC), Jon Postel (ISI), John Romkey (Epilogue + Technology), and Mike StJohns (DCA). The following also made + significant contributions to particular areas: Eric Allman + (Berkeley), Rob Austein (MIT), Art Berggreen (ACC), Keith Bostic + (Berkeley), Vint Cerf (NRI), Wayne Hathaway (NASA), Matt Korn + (IBM), Erik Naggum (Naggum Software, Norway), Robert Ullmann + (Prime Computer), David Waitzman (BBN), Frank Wancho (USA), Arun + Welch (Ohio State), Bill Westfield (Cisco), and Rayan Zachariassen + (Toronto). + + We are grateful to all, including any contributors who may have + been inadvertently omitted from this list. + + + + + + + + + + + + + + + +Internet Engineering Task Force [Page 20] + + + + +RFC1122 LINK LAYER October 1989 + + +2. LINK LAYER + + 2.1 INTRODUCTION + + All Internet systems, both hosts and gateways, have the same + requirements for link layer protocols. These requirements are + given in Chapter 3 of "Requirements for Internet Gateways" + [INTRO:2], augmented with the material in this section. + + 2.2 PROTOCOL WALK-THROUGH + + None. + + 2.3 SPECIFIC ISSUES + + 2.3.1 Trailer Protocol Negotiation + + The trailer protocol [LINK:1] for link-layer encapsulation MAY + be used, but only when it has been verified that both systems + (host or gateway) involved in the link-layer communication + implement trailers. If the system does not dynamically + negotiate use of the trailer protocol on a per-destination + basis, the default configuration MUST disable the protocol. + + DISCUSSION: + The trailer protocol is a link-layer encapsulation + technique that rearranges the data contents of packets + sent on the physical network. In some cases, trailers + improve the throughput of higher layer protocols by + reducing the amount of data copying within the operating + system. Higher layer protocols are unaware of trailer + use, but both the sending and receiving host MUST + understand the protocol if it is used. + + Improper use of trailers can result in very confusing + symptoms. Only packets with specific size attributes are + encapsulated using trailers, and typically only a small + fraction of the packets being exchanged have these + attributes. Thus, if a system using trailers exchanges + packets with a system that does not, some packets + disappear into a black hole while others are delivered + successfully. + + IMPLEMENTATION: + On an Ethernet, packets encapsulated with trailers use a + distinct Ethernet type [LINK:1], and trailer negotiation + is performed at the time that ARP is used to discover the + link-layer address of a destination system. + + + +Internet Engineering Task Force [Page 21] + + + + +RFC1122 LINK LAYER October 1989 + + + Specifically, the ARP exchange is completed in the usual + manner using the normal IP protocol type, but a host that + wants to speak trailers will send an additional "trailer + ARP reply" packet, i.e., an ARP reply that specifies the + trailer encapsulation protocol type but otherwise has the + format of a normal ARP reply. If a host configured to use + trailers receives a trailer ARP reply message from a + remote machine, it can add that machine to the list of + machines that understand trailers, e.g., by marking the + corresponding entry in the ARP cache. + + Hosts wishing to receive trailer encapsulations send + trailer ARP replies whenever they complete exchanges of + normal ARP messages for IP. Thus, a host that received an + ARP request for its IP protocol address would send a + trailer ARP reply in addition to the normal IP ARP reply; + a host that sent the IP ARP request would send a trailer + ARP reply when it received the corresponding IP ARP reply. + In this way, either the requesting or responding host in + an IP ARP exchange may request that it receive trailer + encapsulations. + + This scheme, using extra trailer ARP reply packets rather + than sending an ARP request for the trailer protocol type, + was designed to avoid a continuous exchange of ARP packets + with a misbehaving host that, contrary to any + specification or common sense, responded to an ARP reply + for trailers with another ARP reply for IP. This problem + is avoided by sending a trailer ARP reply in response to + an IP ARP reply only when the IP ARP reply answers an + outstanding request; this is true when the hardware + address for the host is still unknown when the IP ARP + reply is received. A trailer ARP reply may always be sent + along with an IP ARP reply responding to an IP ARP + request. + + 2.3.2 Address Resolution Protocol -- ARP + + 2.3.2.1 ARP Cache Validation + + An implementation of the Address Resolution Protocol (ARP) + [LINK:2] MUST provide a mechanism to flush out-of-date cache + entries. If this mechanism involves a timeout, it SHOULD be + possible to configure the timeout value. + + A mechanism to prevent ARP flooding (repeatedly sending an + ARP Request for the same IP address, at a high rate) MUST be + included. The recommended maximum rate is 1 per second per + + + +Internet Engineering Task Force [Page 22] + + + + +RFC1122 LINK LAYER October 1989 + + + destination. + + DISCUSSION: + The ARP specification [LINK:2] suggests but does not + require a timeout mechanism to invalidate cache entries + when hosts change their Ethernet addresses. The + prevalence of proxy ARP (see Section 2.4 of [INTRO:2]) + has significantly increased the likelihood that cache + entries in hosts will become invalid, and therefore + some ARP-cache invalidation mechanism is now required + for hosts. Even in the absence of proxy ARP, a long- + period cache timeout is useful in order to + automatically correct any bad ARP data that might have + been cached. + + IMPLEMENTATION: + Four mechanisms have been used, sometimes in + combination, to flush out-of-date cache entries. + + (1) Timeout -- Periodically time out cache entries, + even if they are in use. Note that this timeout + should be restarted when the cache entry is + "refreshed" (by observing the source fields, + regardless of target address, of an ARP broadcast + from the system in question). For proxy ARP + situations, the timeout needs to be on the order + of a minute. + + (2) Unicast Poll -- Actively poll the remote host by + periodically sending a point-to-point ARP Request + to it, and delete the entry if no ARP Reply is + received from N successive polls. Again, the + timeout should be on the order of a minute, and + typically N is 2. + + (3) Link-Layer Advice -- If the link-layer driver + detects a delivery problem, flush the + corresponding ARP cache entry. + + (4) Higher-layer Advice -- Provide a call from the + Internet layer to the link layer to indicate a + delivery problem. The effect of this call would + be to invalidate the corresponding cache entry. + This call would be analogous to the + "ADVISE_DELIVPROB()" call from the transport layer + to the Internet layer (see Section 3.4), and in + fact the ADVISE_DELIVPROB routine might in turn + call the link-layer advice routine to invalidate + + + +Internet Engineering Task Force [Page 23] + + + + +RFC1122 LINK LAYER October 1989 + + + the ARP cache entry. + + Approaches (1) and (2) involve ARP cache timeouts on + the order of a minute or less. In the absence of proxy + ARP, a timeout this short could create noticeable + overhead traffic on a very large Ethernet. Therefore, + it may be necessary to configure a host to lengthen the + ARP cache timeout. + + 2.3.2.2 ARP Packet Queue + + The link layer SHOULD save (rather than discard) at least + one (the latest) packet of each set of packets destined to + the same unresolved IP address, and transmit the saved + packet when the address has been resolved. + + DISCUSSION: + Failure to follow this recommendation causes the first + packet of every exchange to be lost. Although higher- + layer protocols can generally cope with packet loss by + retransmission, packet loss does impact performance. + For example, loss of a TCP open request causes the + initial round-trip time estimate to be inflated. UDP- + based applications such as the Domain Name System are + more seriously affected. + + 2.3.3 Ethernet and IEEE 802 Encapsulation + + The IP encapsulation for Ethernets is described in RFC-894 + [LINK:3], while RFC-1042 [LINK:4] describes the IP + encapsulation for IEEE 802 networks. RFC-1042 elaborates and + replaces the discussion in Section 3.4 of [INTRO:2]. + + Every Internet host connected to a 10Mbps Ethernet cable: + + o MUST be able to send and receive packets using RFC-894 + encapsulation; + + o SHOULD be able to receive RFC-1042 packets, intermixed + with RFC-894 packets; and + + o MAY be able to send packets using RFC-1042 encapsulation. + + + An Internet host that implements sending both the RFC-894 and + the RFC-1042 encapsulations MUST provide a configuration switch + to select which is sent, and this switch MUST default to RFC- + 894. + + + +Internet Engineering Task Force [Page 24] + + + + +RFC1122 LINK LAYER October 1989 + + + Note that the standard IP encapsulation in RFC-1042 does not + use the protocol id value (K1=6) that IEEE reserved for IP; + instead, it uses a value (K1=170) that implies an extension + (the "SNAP") which can be used to hold the Ether-Type field. + An Internet system MUST NOT send 802 packets using K1=6. + + Address translation from Internet addresses to link-layer + addresses on Ethernet and IEEE 802 networks MUST be managed by + the Address Resolution Protocol (ARP). + + The MTU for an Ethernet is 1500 and for 802.3 is 1492. + + DISCUSSION: + The IEEE 802.3 specification provides for operation over a + 10Mbps Ethernet cable, in which case Ethernet and IEEE + 802.3 frames can be physically intermixed. A receiver can + distinguish Ethernet and 802.3 frames by the value of the + 802.3 Length field; this two-octet field coincides in the + header with the Ether-Type field of an Ethernet frame. In + particular, the 802.3 Length field must be less than or + equal to 1500, while all valid Ether-Type values are + greater than 1500. + + Another compatibility problem arises with link-layer + broadcasts. A broadcast sent with one framing will not be + seen by hosts that can receive only the other framing. + + The provisions of this section were designed to provide + direct interoperation between 894-capable and 1042-capable + systems on the same cable, to the maximum extent possible. + It is intended to support the present situation where + 894-only systems predominate, while providing an easy + transition to a possible future in which 1042-capable + systems become common. + + Note that 894-only systems cannot interoperate directly + with 1042-only systems. If the two system types are set + up as two different logical networks on the same cable, + they can communicate only through an IP gateway. + Furthermore, it is not useful or even possible for a + dual-format host to discover automatically which format to + send, because of the problem of link-layer broadcasts. + + 2.4 LINK/INTERNET LAYER INTERFACE + + The packet receive interface between the IP layer and the link + layer MUST include a flag to indicate whether the incoming packet + was addressed to a link-layer broadcast address. + + + +Internet Engineering Task Force [Page 25] + + + + +RFC1122 LINK LAYER October 1989 + + + DISCUSSION + Although the IP layer does not generally know link layer + addresses (since every different network medium typically has + a different address format), the broadcast address on a + broadcast-capable medium is an important special case. See + Section 3.2.2, especially the DISCUSSION concerning broadcast + storms. + + The packet send interface between the IP and link layers MUST + include the 5-bit TOS field (see Section 3.2.1.6). + + The link layer MUST NOT report a Destination Unreachable error to + IP solely because there is no ARP cache entry for a destination. + + 2.5 LINK LAYER REQUIREMENTS SUMMARY + + | | | | |S| | + | | | | |H| |F + | | | | |O|M|o + | | |S| |U|U|o + | | |H| |L|S|t + | |M|O| |D|T|n + | |U|U|M| | |o + | |S|L|A|N|N|t + | |T|D|Y|O|O|t +FEATURE |SECTION| | | |T|T|e +--------------------------------------------------|-------|-|-|-|-|-|-- + | | | | | | | +Trailer encapsulation |2.3.1 | | |x| | | +Send Trailers by default without negotiation |2.3.1 | | | | |x| +ARP |2.3.2 | | | | | | + Flush out-of-date ARP cache entries |2.3.2.1|x| | | | | + Prevent ARP floods |2.3.2.1|x| | | | | + Cache timeout configurable |2.3.2.1| |x| | | | + Save at least one (latest) unresolved pkt |2.3.2.2| |x| | | | +Ethernet and IEEE 802 Encapsulation |2.3.3 | | | | | | + Host able to: |2.3.3 | | | | | | + Send & receive RFC-894 encapsulation |2.3.3 |x| | | | | + Receive RFC-1042 encapsulation |2.3.3 | |x| | | | + Send RFC-1042 encapsulation |2.3.3 | | |x| | | + Then config. sw. to select, RFC-894 dflt |2.3.3 |x| | | | | + Send K1=6 encapsulation |2.3.3 | | | | |x| + Use ARP on Ethernet and IEEE 802 nets |2.3.3 |x| | | | | +Link layer report b'casts to IP layer |2.4 |x| | | | | +IP layer pass TOS to link layer |2.4 |x| | | | | +No ARP cache entry treated as Dest. Unreach. |2.4 | | | | |x| + + + + + +Internet Engineering Task Force [Page 26] + + + + +RFC1122 INTERNET LAYER October 1989 + + +3. INTERNET LAYER PROTOCOLS + + 3.1 INTRODUCTION + + The Robustness Principle: "Be liberal in what you accept, and + conservative in what you send" is particularly important in the + Internet layer, where one misbehaving host can deny Internet + service to many other hosts. + + The protocol standards used in the Internet layer are: + + o RFC-791 [IP:1] defines the IP protocol and gives an + introduction to the architecture of the Internet. + + o RFC-792 [IP:2] defines ICMP, which provides routing, + diagnostic and error functionality for IP. Although ICMP + messages are encapsulated within IP datagrams, ICMP + processing is considered to be (and is typically implemented + as) part of the IP layer. See Section 3.2.2. + + o RFC-950 [IP:3] defines the mandatory subnet extension to the + addressing architecture. + + o RFC-1112 [IP:4] defines the Internet Group Management + Protocol IGMP, as part of a recommended extension to hosts + and to the host-gateway interface to support Internet-wide + multicasting at the IP level. See Section 3.2.3. + + The target of an IP multicast may be an arbitrary group of + Internet hosts. IP multicasting is designed as a natural + extension of the link-layer multicasting facilities of some + networks, and it provides a standard means for local access + to such link-layer multicasting facilities. + + Other important references are listed in Section 5 of this + document. + + The Internet layer of host software MUST implement both IP and + ICMP. See Section 3.3.7 for the requirements on support of IGMP. + + The host IP layer has two basic functions: (1) choose the "next + hop" gateway or host for outgoing IP datagrams and (2) reassemble + incoming IP datagrams. The IP layer may also (3) implement + intentional fragmentation of outgoing datagrams. Finally, the IP + layer must (4) provide diagnostic and error functionality. We + expect that IP layer functions may increase somewhat in the + future, as further Internet control and management facilities are + developed. + + + +Internet Engineering Task Force [Page 27] + + + + +RFC1122 INTERNET LAYER October 1989 + + + For normal datagrams, the processing is straightforward. For + incoming datagrams, the IP layer: + + (1) verifies that the datagram is correctly formatted; + + (2) verifies that it is destined to the local host; + + (3) processes options; + + (4) reassembles the datagram if necessary; and + + (5) passes the encapsulated message to the appropriate + transport-layer protocol module. + + For outgoing datagrams, the IP layer: + + (1) sets any fields not set by the transport layer; + + (2) selects the correct first hop on the connected network (a + process called "routing"); + + (3) fragments the datagram if necessary and if intentional + fragmentation is implemented (see Section 3.3.3); and + + (4) passes the packet(s) to the appropriate link-layer driver. + + + A host is said to be multihomed if it has multiple IP addresses. + Multihoming introduces considerable confusion and complexity into + the protocol suite, and it is an area in which the Internet + architecture falls seriously short of solving all problems. There + are two distinct problem areas in multihoming: + + (1) Local multihoming -- the host itself is multihomed; or + + (2) Remote multihoming -- the local host needs to communicate + with a remote multihomed host. + + At present, remote multihoming MUST be handled at the application + layer, as discussed in the companion RFC [INTRO:1]. A host MAY + support local multihoming, which is discussed in this document, + and in particular in Section 3.3.4. + + Any host that forwards datagrams generated by another host is + acting as a gateway and MUST also meet the specifications laid out + in the gateway requirements RFC [INTRO:2]. An Internet host that + includes embedded gateway code MUST have a configuration switch to + disable the gateway function, and this switch MUST default to the + + + +Internet Engineering Task Force [Page 28] + + + + +RFC1122 INTERNET LAYER October 1989 + + + non-gateway mode. In this mode, a datagram arriving through one + interface will not be forwarded to another host or gateway (unless + it is source-routed), regardless of whether the host is single- + homed or multihomed. The host software MUST NOT automatically + move into gateway mode if the host has more than one interface, as + the operator of the machine may neither want to provide that + service nor be competent to do so. + + In the following, the action specified in certain cases is to + "silently discard" a received datagram. This means that the + datagram will be discarded without further processing and that the + host will not send any ICMP error message (see Section 3.2.2) as a + result. However, for diagnosis of problems a host SHOULD provide + the capability of logging the error (see Section 1.2.3), including + the contents of the silently-discarded datagram, and SHOULD record + the event in a statistics counter. + + DISCUSSION: + Silent discard of erroneous datagrams is generally intended + to prevent "broadcast storms". + + 3.2 PROTOCOL WALK-THROUGH + + 3.2.1 Internet Protocol -- IP + + 3.2.1.1 Version Number: RFC-791 Section 3.1 + + A datagram whose version number is not 4 MUST be silently + discarded. + + 3.2.1.2 Checksum: RFC-791 Section 3.1 + + A host MUST verify the IP header checksum on every received + datagram and silently discard every datagram that has a bad + checksum. + + 3.2.1.3 Addressing: RFC-791 Section 3.2 + + There are now five classes of IP addresses: Class A through + Class E. Class D addresses are used for IP multicasting + [IP:4], while Class E addresses are reserved for + experimental use. + + A multicast (Class D) address is a 28-bit logical address + that stands for a group of hosts, and may be either + permanent or transient. Permanent multicast addresses are + allocated by the Internet Assigned Number Authority + [INTRO:6], while transient addresses may be allocated + + + +Internet Engineering Task Force [Page 29] + + + + +RFC1122 INTERNET LAYER October 1989 + + + dynamically to transient groups. Group membership is + determined dynamically using IGMP [IP:4]. + + We now summarize the important special cases for Class A, B, + and C IP addresses, using the following notation for an IP + address: + + { <Network-number>, <Host-number> } + + or + { <Network-number>, <Subnet-number>, <Host-number> } + + and the notation "-1" for a field that contains all 1 bits. + This notation is not intended to imply that the 1-bits in an + address mask need be contiguous. + + (a) { 0, 0 } + + This host on this network. MUST NOT be sent, except as + a source address as part of an initialization procedure + by which the host learns its own IP address. + + See also Section 3.3.6 for a non-standard use of {0,0}. + + (b) { 0, <Host-number> } + + Specified host on this network. It MUST NOT be sent, + except as a source address as part of an initialization + procedure by which the host learns its full IP address. + + (c) { -1, -1 } + + Limited broadcast. It MUST NOT be used as a source + address. + + A datagram with this destination address will be + received by every host on the connected physical + network but will not be forwarded outside that network. + + (d) { <Network-number>, -1 } + + Directed broadcast to the specified network. It MUST + NOT be used as a source address. + + (e) { <Network-number>, <Subnet-number>, -1 } + + Directed broadcast to the specified subnet. It MUST + NOT be used as a source address. + + + +Internet Engineering Task Force [Page 30] + + + + +RFC1122 INTERNET LAYER October 1989 + + + (f) { <Network-number>, -1, -1 } + + Directed broadcast to all subnets of the specified + subnetted network. It MUST NOT be used as a source + address. + + (g) { 127, <any> } + + Internal host loopback address. Addresses of this form + MUST NOT appear outside a host. + + The <Network-number> is administratively assigned so that + its value will be unique in the entire world. + + IP addresses are not permitted to have the value 0 or -1 for + any of the <Host-number>, <Network-number>, or <Subnet- + number> fields (except in the special cases listed above). + This implies that each of these fields will be at least two + bits long. + + For further discussion of broadcast addresses, see Section + 3.3.6. + + A host MUST support the subnet extensions to IP [IP:3]. As + a result, there will be an address mask of the form: + {-1, -1, 0} associated with each of the host's local IP + addresses; see Sections 3.2.2.9 and 3.3.1.1. + + When a host sends any datagram, the IP source address MUST + be one of its own IP addresses (but not a broadcast or + multicast address). + + A host MUST silently discard an incoming datagram that is + not destined for the host. An incoming datagram is destined + for the host if the datagram's destination address field is: + + (1) (one of) the host's IP address(es); or + + (2) an IP broadcast address valid for the connected + network; or + + (3) the address for a multicast group of which the host is + a member on the incoming physical interface. + + For most purposes, a datagram addressed to a broadcast or + multicast destination is processed as if it had been + addressed to one of the host's IP addresses; we use the term + "specific-destination address" for the equivalent local IP + + + +Internet Engineering Task Force [Page 31] + + + + +RFC1122 INTERNET LAYER October 1989 + + + address of the host. The specific-destination address is + defined to be the destination address in the IP header + unless the header contains a broadcast or multicast address, + in which case the specific-destination is an IP address + assigned to the physical interface on which the datagram + arrived. + + A host MUST silently discard an incoming datagram containing + an IP source address that is invalid by the rules of this + section. This validation could be done in either the IP + layer or by each protocol in the transport layer. + + DISCUSSION: + A mis-addressed datagram might be caused by a link- + layer broadcast of a unicast datagram or by a gateway + or host that is confused or mis-configured. + + An architectural goal for Internet hosts was to allow + IP addresses to be featureless 32-bit numbers, avoiding + algorithms that required a knowledge of the IP address + format. Otherwise, any future change in the format or + interpretation of IP addresses will require host + software changes. However, validation of broadcast and + multicast addresses violates this goal; a few other + violations are described elsewhere in this document. + + Implementers should be aware that applications + depending upon the all-subnets directed broadcast + address (f) may be unusable on some networks. All- + subnets broadcast is not widely implemented in vendor + gateways at present, and even when it is implemented, a + particular network administration may disable it in the + gateway configuration. + + 3.2.1.4 Fragmentation and Reassembly: RFC-791 Section 3.2 + + The Internet model requires that every host support + reassembly. See Sections 3.3.2 and 3.3.3 for the + requirements on fragmentation and reassembly. + + 3.2.1.5 Identification: RFC-791 Section 3.2 + + When sending an identical copy of an earlier datagram, a + host MAY optionally retain the same Identification field in + the copy. + + + + + + +Internet Engineering Task Force [Page 32] + + + + +RFC1122 INTERNET LAYER October 1989 + + + DISCUSSION: + Some Internet protocol experts have maintained that + when a host sends an identical copy of an earlier + datagram, the new copy should contain the same + Identification value as the original. There are two + suggested advantages: (1) if the datagrams are + fragmented and some of the fragments are lost, the + receiver may be able to reconstruct a complete datagram + from fragments of the original and the copies; (2) a + congested gateway might use the IP Identification field + (and Fragment Offset) to discard duplicate datagrams + from the queue. + + However, the observed patterns of datagram loss in the + Internet do not favor the probability of retransmitted + fragments filling reassembly gaps, while other + mechanisms (e.g., TCP repacketizing upon + retransmission) tend to prevent retransmission of an + identical datagram [IP:9]. Therefore, we believe that + retransmitting the same Identification field is not + useful. Also, a connectionless transport protocol like + UDP would require the cooperation of the application + programs to retain the same Identification value in + identical datagrams. + + 3.2.1.6 Type-of-Service: RFC-791 Section 3.2 + + The "Type-of-Service" byte in the IP header is divided into + two sections: the Precedence field (high-order 3 bits), and + a field that is customarily called "Type-of-Service" or + "TOS" (low-order 5 bits). In this document, all references + to "TOS" or the "TOS field" refer to the low-order 5 bits + only. + + The Precedence field is intended for Department of Defense + applications of the Internet protocols. The use of non-zero + values in this field is outside the scope of this document + and the IP standard specification. Vendors should consult + the Defense Communication Agency (DCA) for guidance on the + IP Precedence field and its implications for other protocol + layers. However, vendors should note that the use of + precedence will most likely require that its value be passed + between protocol layers in just the same way as the TOS + field is passed. + + The IP layer MUST provide a means for the transport layer to + set the TOS field of every datagram that is sent; the + default is all zero bits. The IP layer SHOULD pass received + + + +Internet Engineering Task Force [Page 33] + + + + +RFC1122 INTERNET LAYER October 1989 + + + TOS values up to the transport layer. + + The particular link-layer mappings of TOS contained in RFC- + 795 SHOULD NOT be implemented. + + DISCUSSION: + While the TOS field has been little used in the past, + it is expected to play an increasing role in the near + future. The TOS field is expected to be used to + control two aspects of gateway operations: routing and + queueing algorithms. See Section 2 of [INTRO:1] for + the requirements on application programs to specify TOS + values. + + The TOS field may also be mapped into link-layer + service selectors. This has been applied to provide + effective sharing of serial lines by different classes + of TCP traffic, for example. However, the mappings + suggested in RFC-795 for networks that were included in + the Internet as of 1981 are now obsolete. + + 3.2.1.7 Time-to-Live: RFC-791 Section 3.2 + + A host MUST NOT send a datagram with a Time-to-Live (TTL) + value of zero. + + A host MUST NOT discard a datagram just because it was + received with TTL less than 2. + + The IP layer MUST provide a means for the transport layer to + set the TTL field of every datagram that is sent. When a + fixed TTL value is used, it MUST be configurable. The + current suggested value will be published in the "Assigned + Numbers" RFC. + + DISCUSSION: + The TTL field has two functions: limit the lifetime of + TCP segments (see RFC-793 [TCP:1], p. 28), and + terminate Internet routing loops. Although TTL is a + time in seconds, it also has some attributes of a hop- + count, since each gateway is required to reduce the TTL + field by at least one. + + The intent is that TTL expiration will cause a datagram + to be discarded by a gateway but not by the destination + host; however, hosts that act as gateways by forwarding + datagrams must follow the gateway rules for TTL. + + + + +Internet Engineering Task Force [Page 34] + + + + +RFC1122 INTERNET LAYER October 1989 + + + A higher-layer protocol may want to set the TTL in + order to implement an "expanding scope" search for some + Internet resource. This is used by some diagnostic + tools, and is expected to be useful for locating the + "nearest" server of a given class using IP + multicasting, for example. A particular transport + protocol may also want to specify its own TTL bound on + maximum datagram lifetime. + + A fixed value must be at least big enough for the + Internet "diameter," i.e., the longest possible path. + A reasonable value is about twice the diameter, to + allow for continued Internet growth. + + 3.2.1.8 Options: RFC-791 Section 3.2 + + There MUST be a means for the transport layer to specify IP + options to be included in transmitted IP datagrams (see + Section 3.4). + + All IP options (except NOP or END-OF-LIST) received in + datagrams MUST be passed to the transport layer (or to ICMP + processing when the datagram is an ICMP message). The IP + and transport layer MUST each interpret those IP options + that they understand and silently ignore the others. + + Later sections of this document discuss specific IP option + support required by each of ICMP, TCP, and UDP. + + DISCUSSION: + Passing all received IP options to the transport layer + is a deliberate "violation of strict layering" that is + designed to ease the introduction of new transport- + relevant IP options in the future. Each layer must + pick out any options that are relevant to its own + processing and ignore the rest. For this purpose, + every IP option except NOP and END-OF-LIST will include + a specification of its own length. + + This document does not define the order in which a + receiver must process multiple options in the same IP + header. Hosts sending multiple options must be aware + that this introduces an ambiguity in the meaning of + certain options when combined with a source-route + option. + + IMPLEMENTATION: + The IP layer must not crash as the result of an option + + + +Internet Engineering Task Force [Page 35] + + + + +RFC1122 INTERNET LAYER October 1989 + + + length that is outside the possible range. For + example, erroneous option lengths have been observed to + put some IP implementations into infinite loops. + + Here are the requirements for specific IP options: + + + (a) Security Option + + Some environments require the Security option in every + datagram; such a requirement is outside the scope of + this document and the IP standard specification. Note, + however, that the security options described in RFC-791 + and RFC-1038 are obsolete. For DoD applications, + vendors should consult [IP:8] for guidance. + + + (b) Stream Identifier Option + + This option is obsolete; it SHOULD NOT be sent, and it + MUST be silently ignored if received. + + + (c) Source Route Options + + A host MUST support originating a source route and MUST + be able to act as the final destination of a source + route. + + If host receives a datagram containing a completed + source route (i.e., the pointer points beyond the last + field), the datagram has reached its final destination; + the option as received (the recorded route) MUST be + passed up to the transport layer (or to ICMP message + processing). This recorded route will be reversed and + used to form a return source route for reply datagrams + (see discussion of IP Options in Section 4). When a + return source route is built, it MUST be correctly + formed even if the recorded route included the source + host (see case (B) in the discussion below). + + An IP header containing more than one Source Route + option MUST NOT be sent; the effect on routing of + multiple Source Route options is implementation- + specific. + + Section 3.3.5 presents the rules for a host acting as + an intermediate hop in a source route, i.e., forwarding + + + +Internet Engineering Task Force [Page 36] + + + + +RFC1122 INTERNET LAYER October 1989 + + + a source-routed datagram. + + DISCUSSION: + If a source-routed datagram is fragmented, each + fragment will contain a copy of the source route. + Since the processing of IP options (including a + source route) must precede reassembly, the + original datagram will not be reassembled until + the final destination is reached. + + Suppose a source routed datagram is to be routed + from host S to host D via gateways G1, G2, ... Gn. + There was an ambiguity in the specification over + whether the source route option in a datagram sent + out by S should be (A) or (B): + + (A): {>>G2, G3, ... Gn, D} <--- CORRECT + + (B): {S, >>G2, G3, ... Gn, D} <---- WRONG + + (where >> represents the pointer). If (A) is + sent, the datagram received at D will contain the + option: {G1, G2, ... Gn >>}, with S and D as the + IP source and destination addresses. If (B) were + sent, the datagram received at D would again + contain S and D as the same IP source and + destination addresses, but the option would be: + {S, G1, ...Gn >>}; i.e., the originating host + would be the first hop in the route. + + + (d) Record Route Option + + Implementation of originating and processing the Record + Route option is OPTIONAL. + + + (e) Timestamp Option + + Implementation of originating and processing the + Timestamp option is OPTIONAL. If it is implemented, + the following rules apply: + + o The originating host MUST record a timestamp in a + Timestamp option whose Internet address fields are + not pre-specified or whose first pre-specified + address is the host's interface address. + + + + +Internet Engineering Task Force [Page 37] + + + + +RFC1122 INTERNET LAYER October 1989 + + + o The destination host MUST (if possible) add the + current timestamp to a Timestamp option before + passing the option to the transport layer or to + ICMP for processing. + + o A timestamp value MUST follow the rules given in + Section 3.2.2.8 for the ICMP Timestamp message. + + + 3.2.2 Internet Control Message Protocol -- ICMP + + ICMP messages are grouped into two classes. + + * + ICMP error messages: + + Destination Unreachable (see Section 3.2.2.1) + Redirect (see Section 3.2.2.2) + Source Quench (see Section 3.2.2.3) + Time Exceeded (see Section 3.2.2.4) + Parameter Problem (see Section 3.2.2.5) + + + * + ICMP query messages: + + Echo (see Section 3.2.2.6) + Information (see Section 3.2.2.7) + Timestamp (see Section 3.2.2.8) + Address Mask (see Section 3.2.2.9) + + + If an ICMP message of unknown type is received, it MUST be + silently discarded. + + Every ICMP error message includes the Internet header and at + least the first 8 data octets of the datagram that triggered + the error; more than 8 octets MAY be sent; this header and data + MUST be unchanged from the received datagram. + + In those cases where the Internet layer is required to pass an + ICMP error message to the transport layer, the IP protocol + number MUST be extracted from the original header and used to + select the appropriate transport protocol entity to handle the + error. + + An ICMP error message SHOULD be sent with normal (i.e., zero) + TOS bits. + + + +Internet Engineering Task Force [Page 38] + + + + +RFC1122 INTERNET LAYER October 1989 + + + An ICMP error message MUST NOT be sent as the result of + receiving: + + * an ICMP error message, or + + * a datagram destined to an IP broadcast or IP multicast + address, or + + * a datagram sent as a link-layer broadcast, or + + * a non-initial fragment, or + + * a datagram whose source address does not define a single + host -- e.g., a zero address, a loopback address, a + broadcast address, a multicast address, or a Class E + address. + + NOTE: THESE RESTRICTIONS TAKE PRECEDENCE OVER ANY REQUIREMENT + ELSEWHERE IN THIS DOCUMENT FOR SENDING ICMP ERROR MESSAGES. + + DISCUSSION: + These rules will prevent the "broadcast storms" that have + resulted from hosts returning ICMP error messages in + response to broadcast datagrams. For example, a broadcast + UDP segment to a non-existent port could trigger a flood + of ICMP Destination Unreachable datagrams from all + machines that do not have a client for that destination + port. On a large Ethernet, the resulting collisions can + render the network useless for a second or more. + + Every datagram that is broadcast on the connected network + should have a valid IP broadcast address as its IP + destination (see Section 3.3.6). However, some hosts + violate this rule. To be certain to detect broadcast + datagrams, therefore, hosts are required to check for a + link-layer broadcast as well as an IP-layer broadcast + address. + + IMPLEMENTATION: + This requires that the link layer inform the IP layer when + a link-layer broadcast datagram has been received; see + Section 2.4. + + 3.2.2.1 Destination Unreachable: RFC-792 + + The following additional codes are hereby defined: + + 6 = destination network unknown + + + +Internet Engineering Task Force [Page 39] + + + + +RFC1122 INTERNET LAYER October 1989 + + + 7 = destination host unknown + + 8 = source host isolated + + 9 = communication with destination network + administratively prohibited + + 10 = communication with destination host + administratively prohibited + + 11 = network unreachable for type of service + + 12 = host unreachable for type of service + + A host SHOULD generate Destination Unreachable messages with + code: + + 2 (Protocol Unreachable), when the designated transport + protocol is not supported; or + + 3 (Port Unreachable), when the designated transport + protocol (e.g., UDP) is unable to demultiplex the + datagram but has no protocol mechanism to inform the + sender. + + A Destination Unreachable message that is received MUST be + reported to the transport layer. The transport layer SHOULD + use the information appropriately; for example, see Sections + 4.1.3.3, 4.2.3.9, and 4.2.4 below. A transport protocol + that has its own mechanism for notifying the sender that a + port is unreachable (e.g., TCP, which sends RST segments) + MUST nevertheless accept an ICMP Port Unreachable for the + same purpose. + + A Destination Unreachable message that is received with code + 0 (Net), 1 (Host), or 5 (Bad Source Route) may result from a + routing transient and MUST therefore be interpreted as only + a hint, not proof, that the specified destination is + unreachable [IP:11]. For example, it MUST NOT be used as + proof of a dead gateway (see Section 3.3.1). + + 3.2.2.2 Redirect: RFC-792 + + A host SHOULD NOT send an ICMP Redirect message; Redirects + are to be sent only by gateways. + + A host receiving a Redirect message MUST update its routing + information accordingly. Every host MUST be prepared to + + + +Internet Engineering Task Force [Page 40] + + + + +RFC1122 INTERNET LAYER October 1989 + + + accept both Host and Network Redirects and to process them + as described in Section 3.3.1.2 below. + + A Redirect message SHOULD be silently discarded if the new + gateway address it specifies is not on the same connected + (sub-) net through which the Redirect arrived [INTRO:2, + Appendix A], or if the source of the Redirect is not the + current first-hop gateway for the specified destination (see + Section 3.3.1). + + 3.2.2.3 Source Quench: RFC-792 + + A host MAY send a Source Quench message if it is + approaching, or has reached, the point at which it is forced + to discard incoming datagrams due to a shortage of + reassembly buffers or other resources. See Section 2.2.3 of + [INTRO:2] for suggestions on when to send Source Quench. + + If a Source Quench message is received, the IP layer MUST + report it to the transport layer (or ICMP processing). In + general, the transport or application layer SHOULD implement + a mechanism to respond to Source Quench for any protocol + that can send a sequence of datagrams to the same + destination and which can reasonably be expected to maintain + enough state information to make this feasible. See Section + 4 for the handling of Source Quench by TCP and UDP. + + DISCUSSION: + A Source Quench may be generated by the target host or + by some gateway in the path of a datagram. The host + receiving a Source Quench should throttle itself back + for a period of time, then gradually increase the + transmission rate again. The mechanism to respond to + Source Quench may be in the transport layer (for + connection-oriented protocols like TCP) or in the + application layer (for protocols that are built on top + of UDP). + + A mechanism has been proposed [IP:14] to make the IP + layer respond directly to Source Quench by controlling + the rate at which datagrams are sent, however, this + proposal is currently experimental and not currently + recommended. + + 3.2.2.4 Time Exceeded: RFC-792 + + An incoming Time Exceeded message MUST be passed to the + transport layer. + + + +Internet Engineering Task Force [Page 41] + + + + +RFC1122 INTERNET LAYER October 1989 + + + DISCUSSION: + A gateway will send a Time Exceeded Code 0 (In Transit) + message when it discards a datagram due to an expired + TTL field. This indicates either a gateway routing + loop or too small an initial TTL value. + + A host may receive a Time Exceeded Code 1 (Reassembly + Timeout) message from a destination host that has timed + out and discarded an incomplete datagram; see Section + 3.3.2 below. In the future, receipt of this message + might be part of some "MTU discovery" procedure, to + discover the maximum datagram size that can be sent on + the path without fragmentation. + + 3.2.2.5 Parameter Problem: RFC-792 + + A host SHOULD generate Parameter Problem messages. An + incoming Parameter Problem message MUST be passed to the + transport layer, and it MAY be reported to the user. + + DISCUSSION: + The ICMP Parameter Problem message is sent to the + source host for any problem not specifically covered by + another ICMP message. Receipt of a Parameter Problem + message generally indicates some local or remote + implementation error. + + A new variant on the Parameter Problem message is hereby + defined: + Code 1 = required option is missing. + + DISCUSSION: + This variant is currently in use in the military + community for a missing security option. + + 3.2.2.6 Echo Request/Reply: RFC-792 + + Every host MUST implement an ICMP Echo server function that + receives Echo Requests and sends corresponding Echo Replies. + A host SHOULD also implement an application-layer interface + for sending an Echo Request and receiving an Echo Reply, for + diagnostic purposes. + + An ICMP Echo Request destined to an IP broadcast or IP + multicast address MAY be silently discarded. + + + + + + +Internet Engineering Task Force [Page 42] + + + + +RFC1122 INTERNET LAYER October 1989 + + + DISCUSSION: + This neutral provision results from a passionate debate + between those who feel that ICMP Echo to a broadcast + address provides a valuable diagnostic capability and + those who feel that misuse of this feature can too + easily create packet storms. + + The IP source address in an ICMP Echo Reply MUST be the same + as the specific-destination address (defined in Section + 3.2.1.3) of the corresponding ICMP Echo Request message. + + Data received in an ICMP Echo Request MUST be entirely + included in the resulting Echo Reply. However, if sending + the Echo Reply requires intentional fragmentation that is + not implemented, the datagram MUST be truncated to maximum + transmission size (see Section 3.3.3) and sent. + + Echo Reply messages MUST be passed to the ICMP user + interface, unless the corresponding Echo Request originated + in the IP layer. + + If a Record Route and/or Time Stamp option is received in an + ICMP Echo Request, this option (these options) SHOULD be + updated to include the current host and included in the IP + header of the Echo Reply message, without "truncation". + Thus, the recorded route will be for the entire round trip. + + If a Source Route option is received in an ICMP Echo + Request, the return route MUST be reversed and used as a + Source Route option for the Echo Reply message. + + 3.2.2.7 Information Request/Reply: RFC-792 + + A host SHOULD NOT implement these messages. + + DISCUSSION: + The Information Request/Reply pair was intended to + support self-configuring systems such as diskless + workstations, to allow them to discover their IP + network numbers at boot time. However, the RARP and + BOOTP protocols provide better mechanisms for a host to + discover its own IP address. + + 3.2.2.8 Timestamp and Timestamp Reply: RFC-792 + + A host MAY implement Timestamp and Timestamp Reply. If they + are implemented, the following rules MUST be followed. + + + + +Internet Engineering Task Force [Page 43] + + + + +RFC1122 INTERNET LAYER October 1989 + + + o The ICMP Timestamp server function returns a Timestamp + Reply to every Timestamp message that is received. If + this function is implemented, it SHOULD be designed for + minimum variability in delay (e.g., implemented in the + kernel to avoid delay in scheduling a user process). + + The following cases for Timestamp are to be handled + according to the corresponding rules for ICMP Echo: + + o An ICMP Timestamp Request message to an IP broadcast or + IP multicast address MAY be silently discarded. + + o The IP source address in an ICMP Timestamp Reply MUST + be the same as the specific-destination address of the + corresponding Timestamp Request message. + + o If a Source-route option is received in an ICMP Echo + Request, the return route MUST be reversed and used as + a Source Route option for the Timestamp Reply message. + + o If a Record Route and/or Timestamp option is received + in a Timestamp Request, this (these) option(s) SHOULD + be updated to include the current host and included in + the IP header of the Timestamp Reply message. + + o Incoming Timestamp Reply messages MUST be passed up to + the ICMP user interface. + + The preferred form for a timestamp value (the "standard + value") is in units of milliseconds since midnight Universal + Time. However, it may be difficult to provide this value + with millisecond resolution. For example, many systems use + clocks that update only at line frequency, 50 or 60 times + per second. Therefore, some latitude is allowed in a + "standard value": + + (a) A "standard value" MUST be updated at least 15 times + per second (i.e., at most the six low-order bits of the + value may be undefined). + + (b) The accuracy of a "standard value" MUST approximate + that of operator-set CPU clocks, i.e., correct within a + few minutes. + + + + + + + + +Internet Engineering Task Force [Page 44] + + + + +RFC1122 INTERNET LAYER October 1989 + + + 3.2.2.9 Address Mask Request/Reply: RFC-950 + + A host MUST support the first, and MAY implement all three, + of the following methods for determining the address mask(s) + corresponding to its IP address(es): + + (1) static configuration information; + + (2) obtaining the address mask(s) dynamically as a side- + effect of the system initialization process (see + [INTRO:1]); and + + (3) sending ICMP Address Mask Request(s) and receiving ICMP + Address Mask Reply(s). + + The choice of method to be used in a particular host MUST be + configurable. + + When method (3), the use of Address Mask messages, is + enabled, then: + + (a) When it initializes, the host MUST broadcast an Address + Mask Request message on the connected network + corresponding to the IP address. It MUST retransmit + this message a small number of times if it does not + receive an immediate Address Mask Reply. + + (b) Until it has received an Address Mask Reply, the host + SHOULD assume a mask appropriate for the address class + of the IP address, i.e., assume that the connected + network is not subnetted. + + (c) The first Address Mask Reply message received MUST be + used to set the address mask corresponding to the + particular local IP address. This is true even if the + first Address Mask Reply message is "unsolicited", in + which case it will have been broadcast and may arrive + after the host has ceased to retransmit Address Mask + Requests. Once the mask has been set by an Address + Mask Reply, later Address Mask Reply messages MUST be + (silently) ignored. + + Conversely, if Address Mask messages are disabled, then no + ICMP Address Mask Requests will be sent, and any ICMP + Address Mask Replies received for that local IP address MUST + be (silently) ignored. + + A host SHOULD make some reasonableness check on any address + + + +Internet Engineering Task Force [Page 45] + + + + +RFC1122 INTERNET LAYER October 1989 + + + mask it installs; see IMPLEMENTATION section below. + + A system MUST NOT send an Address Mask Reply unless it is an + authoritative agent for address masks. An authoritative + agent may be a host or a gateway, but it MUST be explicitly + configured as a address mask agent. Receiving an address + mask via an Address Mask Reply does not give the receiver + authority and MUST NOT be used as the basis for issuing + Address Mask Replies. + + With a statically configured address mask, there SHOULD be + an additional configuration flag that determines whether the + host is to act as an authoritative agent for this mask, + i.e., whether it will answer Address Mask Request messages + using this mask. + + If it is configured as an agent, the host MUST broadcast an + Address Mask Reply for the mask on the appropriate interface + when it initializes. + + See "System Initialization" in [INTRO:1] for more + information about the use of Address Mask Request/Reply + messages. + + DISCUSSION + Hosts that casually send Address Mask Replies with + invalid address masks have often been a serious + nuisance. To prevent this, Address Mask Replies ought + to be sent only by authoritative agents that have been + selected by explicit administrative action. + + When an authoritative agent receives an Address Mask + Request message, it will send a unicast Address Mask + Reply to the source IP address. If the network part of + this address is zero (see (a) and (b) in 3.2.1.3), the + Reply will be broadcast. + + Getting no reply to its Address Mask Request messages, + a host will assume there is no agent and use an + unsubnetted mask, but the agent may be only temporarily + unreachable. An agent will broadcast an unsolicited + Address Mask Reply whenever it initializes, in order to + update the masks of all hosts that have initialized in + the meantime. + + IMPLEMENTATION: + The following reasonableness check on an address mask + is suggested: the mask is not all 1 bits, and it is + + + +Internet Engineering Task Force [Page 46] + + + + +RFC1122 INTERNET LAYER October 1989 + + + either zero or else the 8 highest-order bits are on. + + 3.2.3 Internet Group Management Protocol IGMP + + IGMP [IP:4] is a protocol used between hosts and gateways on a + single network to establish hosts' membership in particular + multicast groups. The gateways use this information, in + conjunction with a multicast routing protocol, to support IP + multicasting across the Internet. + + At this time, implementation of IGMP is OPTIONAL; see Section + 3.3.7 for more information. Without IGMP, a host can still + participate in multicasting local to its connected networks. + + 3.3 SPECIFIC ISSUES + + 3.3.1 Routing Outbound Datagrams + + The IP layer chooses the correct next hop for each datagram it + sends. If the destination is on a connected network, the + datagram is sent directly to the destination host; otherwise, + it has to be routed to a gateway on a connected network. + + 3.3.1.1 Local/Remote Decision + + To decide if the destination is on a connected network, the + following algorithm MUST be used [see IP:3]: + + (a) The address mask (particular to a local IP address for + a multihomed host) is a 32-bit mask that selects the + network number and subnet number fields of the + corresponding IP address. + + (b) If the IP destination address bits extracted by the + address mask match the IP source address bits extracted + by the same mask, then the destination is on the + corresponding connected network, and the datagram is to + be transmitted directly to the destination host. + + (c) If not, then the destination is accessible only through + a gateway. Selection of a gateway is described below + (3.3.1.2). + + A special-case destination address is handled as follows: + + * For a limited broadcast or a multicast address, simply + pass the datagram to the link layer for the appropriate + interface. + + + +Internet Engineering Task Force [Page 47] + + + + +RFC1122 INTERNET LAYER October 1989 + + + * For a (network or subnet) directed broadcast, the + datagram can use the standard routing algorithms. + + The host IP layer MUST operate correctly in a minimal + network environment, and in particular, when there are no + gateways. For example, if the IP layer of a host insists on + finding at least one gateway to initialize, the host will be + unable to operate on a single isolated broadcast net. + + 3.3.1.2 Gateway Selection + + To efficiently route a series of datagrams to the same + destination, the source host MUST keep a "route cache" of + mappings to next-hop gateways. A host uses the following + basic algorithm on this cache to route a datagram; this + algorithm is designed to put the primary routing burden on + the gateways [IP:11]. + + (a) If the route cache contains no information for a + particular destination, the host chooses a "default" + gateway and sends the datagram to it. It also builds a + corresponding Route Cache entry. + + (b) If that gateway is not the best next hop to the + destination, the gateway will forward the datagram to + the best next-hop gateway and return an ICMP Redirect + message to the source host. + + (c) When it receives a Redirect, the host updates the + next-hop gateway in the appropriate route cache entry, + so later datagrams to the same destination will go + directly to the best gateway. + + Since the subnet mask appropriate to the destination address + is generally not known, a Network Redirect message SHOULD be + treated identically to a Host Redirect message; i.e., the + cache entry for the destination host (only) would be updated + (or created, if an entry for that host did not exist) for + the new gateway. + + DISCUSSION: + This recommendation is to protect against gateways that + erroneously send Network Redirects for a subnetted + network, in violation of the gateway requirements + [INTRO:2]. + + When there is no route cache entry for the destination host + address (and the destination is not on the connected + + + +Internet Engineering Task Force [Page 48] + + + + +RFC1122 INTERNET LAYER October 1989 + + + network), the IP layer MUST pick a gateway from its list of + "default" gateways. The IP layer MUST support multiple + default gateways. + + As an extra feature, a host IP layer MAY implement a table + of "static routes". Each such static route MAY include a + flag specifying whether it may be overridden by ICMP + Redirects. + + DISCUSSION: + A host generally needs to know at least one default + gateway to get started. This information can be + obtained from a configuration file or else from the + host startup sequence, e.g., the BOOTP protocol (see + [INTRO:1]). + + It has been suggested that a host can augment its list + of default gateways by recording any new gateways it + learns about. For example, it can record every gateway + to which it is ever redirected. Such a feature, while + possibly useful in some circumstances, may cause + problems in other cases (e.g., gateways are not all + equal), and it is not recommended. + + A static route is typically a particular preset mapping + from destination host or network into a particular + next-hop gateway; it might also depend on the Type-of- + Service (see next section). Static routes would be set + up by system administrators to override the normal + automatic routing mechanism, to handle exceptional + situations. However, any static routing information is + a potential source of failure as configurations change + or equipment fails. + + 3.3.1.3 Route Cache + + Each route cache entry needs to include the following + fields: + + (1) Local IP address (for a multihomed host) + + (2) Destination IP address + + (3) Type(s)-of-Service + + (4) Next-hop gateway IP address + + Field (2) MAY be the full IP address of the destination + + + +Internet Engineering Task Force [Page 49] + + + + +RFC1122 INTERNET LAYER October 1989 + + + host, or only the destination network number. Field (3), + the TOS, SHOULD be included. + + See Section 3.3.4.2 for a discussion of the implications of + multihoming for the lookup procedure in this cache. + + DISCUSSION: + Including the Type-of-Service field in the route cache + and considering it in the host route algorithm will + provide the necessary mechanism for the future when + Type-of-Service routing is commonly used in the + Internet. See Section 3.2.1.6. + + Each route cache entry defines the endpoints of an + Internet path. Although the connecting path may change + dynamically in an arbitrary way, the transmission + characteristics of the path tend to remain + approximately constant over a time period longer than a + single typical host-host transport connection. + Therefore, a route cache entry is a natural place to + cache data on the properties of the path. Examples of + such properties might be the maximum unfragmented + datagram size (see Section 3.3.3), or the average + round-trip delay measured by a transport protocol. + This data will generally be both gathered and used by a + higher layer protocol, e.g., by TCP, or by an + application using UDP. Experiments are currently in + progress on caching path properties in this manner. + + There is no consensus on whether the route cache should + be keyed on destination host addresses alone, or allow + both host and network addresses. Those who favor the + use of only host addresses argue that: + + (1) As required in Section 3.3.1.2, Redirect messages + will generally result in entries keyed on + destination host addresses; the simplest and most + general scheme would be to use host addresses + always. + + (2) The IP layer may not always know the address mask + for a network address in a complex subnetted + environment. + + (3) The use of only host addresses allows the + destination address to be used as a pure 32-bit + number, which may allow the Internet architecture + to be more easily extended in the future without + + + +Internet Engineering Task Force [Page 50] + + + + +RFC1122 INTERNET LAYER October 1989 + + + any change to the hosts. + + The opposing view is that allowing a mixture of + destination hosts and networks in the route cache: + + (1) Saves memory space. + + (2) Leads to a simpler data structure, easily + combining the cache with the tables of default and + static routes (see below). + + (3) Provides a more useful place to cache path + properties, as discussed earlier. + + + IMPLEMENTATION: + The cache needs to be large enough to include entries + for the maximum number of destination hosts that may be + in use at one time. + + A route cache entry may also include control + information used to choose an entry for replacement. + This might take the form of a "recently used" bit, a + use count, or a last-used timestamp, for example. It + is recommended that it include the time of last + modification of the entry, for diagnostic purposes. + + An implementation may wish to reduce the overhead of + scanning the route cache for every datagram to be + transmitted. This may be accomplished with a hash + table to speed the lookup, or by giving a connection- + oriented transport protocol a "hint" or temporary + handle on the appropriate cache entry, to be passed to + the IP layer with each subsequent datagram. + + Although we have described the route cache, the lists + of default gateways, and a table of static routes as + conceptually distinct, in practice they may be combined + into a single "routing table" data structure. + + 3.3.1.4 Dead Gateway Detection + + The IP layer MUST be able to detect the failure of a "next- + hop" gateway that is listed in its route cache and to choose + an alternate gateway (see Section 3.3.1.5). + + Dead gateway detection is covered in some detail in RFC-816 + [IP:11]. Experience to date has not produced a complete + + + +Internet Engineering Task Force [Page 51] + + + + +RFC1122 INTERNET LAYER October 1989 + + + algorithm which is totally satisfactory, though it has + identified several forbidden paths and promising techniques. + + * A particular gateway SHOULD NOT be used indefinitely in + the absence of positive indications that it is + functioning. + + * Active probes such as "pinging" (i.e., using an ICMP + Echo Request/Reply exchange) are expensive and scale + poorly. In particular, hosts MUST NOT actively check + the status of a first-hop gateway by simply pinging the + gateway continuously. + + * Even when it is the only effective way to verify a + gateway's status, pinging MUST be used only when + traffic is being sent to the gateway and when there is + no other positive indication to suggest that the + gateway is functioning. + + * To avoid pinging, the layers above and/or below the + Internet layer SHOULD be able to give "advice" on the + status of route cache entries when either positive + (gateway OK) or negative (gateway dead) information is + available. + + + DISCUSSION: + If an implementation does not include an adequate + mechanism for detecting a dead gateway and re-routing, + a gateway failure may cause datagrams to apparently + vanish into a "black hole". This failure can be + extremely confusing for users and difficult for network + personnel to debug. + + The dead-gateway detection mechanism must not cause + unacceptable load on the host, on connected networks, + or on first-hop gateway(s). The exact constraints on + the timeliness of dead gateway detection and on + acceptable load may vary somewhat depending on the + nature of the host's mission, but a host generally + needs to detect a failed first-hop gateway quickly + enough that transport-layer connections will not break + before an alternate gateway can be selected. + + Passing advice from other layers of the protocol stack + complicates the interfaces between the layers, but it + is the preferred approach to dead gateway detection. + Advice can come from almost any part of the IP/TCP + + + +Internet Engineering Task Force [Page 52] + + + + +RFC1122 INTERNET LAYER October 1989 + + + architecture, but it is expected to come primarily from + the transport and link layers. Here are some possible + sources for gateway advice: + + o TCP or any connection-oriented transport protocol + should be able to give negative advice, e.g., + triggered by excessive retransmissions. + + o TCP may give positive advice when (new) data is + acknowledged. Even though the route may be + asymmetric, an ACK for new data proves that the + acknowleged data must have been transmitted + successfully. + + o An ICMP Redirect message from a particular gateway + should be used as positive advice about that + gateway. + + o Link-layer information that reliably detects and + reports host failures (e.g., ARPANET Destination + Dead messages) should be used as negative advice. + + o Failure to ARP or to re-validate ARP mappings may + be used as negative advice for the corresponding + IP address. + + o Packets arriving from a particular link-layer + address are evidence that the system at this + address is alive. However, turning this + information into advice about gateways requires + mapping the link-layer address into an IP address, + and then checking that IP address against the + gateways pointed to by the route cache. This is + probably prohibitively inefficient. + + Note that positive advice that is given for every + datagram received may cause unacceptable overhead in + the implementation. + + While advice might be passed using required arguments + in all interfaces to the IP layer, some transport and + application layer protocols cannot deduce the correct + advice. These interfaces must therefore allow a + neutral value for advice, since either always-positive + or always-negative advice leads to incorrect behavior. + + There is another technique for dead gateway detection + that has been commonly used but is not recommended. + + + +Internet Engineering Task Force [Page 53] + + + + +RFC1122 INTERNET LAYER October 1989 + + + This technique depends upon the host passively + receiving ("wiretapping") the Interior Gateway Protocol + (IGP) datagrams that the gateways are broadcasting to + each other. This approach has the drawback that a host + needs to recognize all the interior gateway protocols + that gateways may use (see [INTRO:2]). In addition, it + only works on a broadcast network. + + At present, pinging (i.e., using ICMP Echo messages) is + the mechanism for gateway probing when absolutely + required. A successful ping guarantees that the + addressed interface and its associated machine are up, + but it does not guarantee that the machine is a gateway + as opposed to a host. The normal inference is that if + a Redirect or other evidence indicates that a machine + was a gateway, successful pings will indicate that the + machine is still up and hence still a gateway. + However, since a host silently discards packets that a + gateway would forward or redirect, this assumption + could sometimes fail. To avoid this problem, a new + ICMP message under development will ask "are you a + gateway?" + + IMPLEMENTATION: + The following specific algorithm has been suggested: + + o Associate a "reroute timer" with each gateway + pointed to by the route cache. Initialize the + timer to a value Tr, which must be small enough to + allow detection of a dead gateway before transport + connections time out. + + o Positive advice would reset the reroute timer to + Tr. Negative advice would reduce or zero the + reroute timer. + + o Whenever the IP layer used a particular gateway to + route a datagram, it would check the corresponding + reroute timer. If the timer had expired (reached + zero), the IP layer would send a ping to the + gateway, followed immediately by the datagram. + + o The ping (ICMP Echo) would be sent again if + necessary, up to N times. If no ping reply was + received in N tries, the gateway would be assumed + to have failed, and a new first-hop gateway would + be chosen for all cache entries pointing to the + failed gateway. + + + +Internet Engineering Task Force [Page 54] + + + + +RFC1122 INTERNET LAYER October 1989 + + + Note that the size of Tr is inversely related to the + amount of advice available. Tr should be large enough + to insure that: + + * Any pinging will be at a low level (e.g., <10%) of + all packets sent to a gateway from the host, AND + + * pinging is infrequent (e.g., every 3 minutes) + + Since the recommended algorithm is concerned with the + gateways pointed to by route cache entries, rather than + the cache entries themselves, a two level data + structure (perhaps coordinated with ARP or similar + caches) may be desirable for implementing a route + cache. + + 3.3.1.5 New Gateway Selection + + If the failed gateway is not the current default, the IP + layer can immediately switch to a default gateway. If it is + the current default that failed, the IP layer MUST select a + different default gateway (assuming more than one default is + known) for the failed route and for establishing new routes. + + DISCUSSION: + When a gateway does fail, the other gateways on the + connected network will learn of the failure through + some inter-gateway routing protocol. However, this + will not happen instantaneously, since gateway routing + protocols typically have a settling time of 30-60 + seconds. If the host switches to an alternative + gateway before the gateways have agreed on the failure, + the new target gateway will probably forward the + datagram to the failed gateway and send a Redirect back + to the host pointing to the failed gateway (!). The + result is likely to be a rapid oscillation in the + contents of the host's route cache during the gateway + settling period. It has been proposed that the dead- + gateway logic should include some hysteresis mechanism + to prevent such oscillations. However, experience has + not shown any harm from such oscillations, since + service cannot be restored to the host until the + gateways' routing information does settle down. + + IMPLEMENTATION: + One implementation technique for choosing a new default + gateway is to simply round-robin among the default + gateways in the host's list. Another is to rank the + + + +Internet Engineering Task Force [Page 55] + + + + +RFC1122 INTERNET LAYER October 1989 + + + gateways in priority order, and when the current + default gateway is not the highest priority one, to + "ping" the higher-priority gateways slowly to detect + when they return to service. This pinging can be at a + very low rate, e.g., 0.005 per second. + + 3.3.1.6 Initialization + + The following information MUST be configurable: + + (1) IP address(es). + + (2) Address mask(s). + + (3) A list of default gateways, with a preference level. + + A manual method of entering this configuration data MUST be + provided. In addition, a variety of methods can be used to + determine this information dynamically; see the section on + "Host Initialization" in [INTRO:1]. + + DISCUSSION: + Some host implementations use "wiretapping" of gateway + protocols on a broadcast network to learn what gateways + exist. A standard method for default gateway discovery + is under development. + + 3.3.2 Reassembly + + The IP layer MUST implement reassembly of IP datagrams. + + We designate the largest datagram size that can be reassembled + by EMTU_R ("Effective MTU to receive"); this is sometimes + called the "reassembly buffer size". EMTU_R MUST be greater + than or equal to 576, SHOULD be either configurable or + indefinite, and SHOULD be greater than or equal to the MTU of + the connected network(s). + + DISCUSSION: + A fixed EMTU_R limit should not be built into the code + because some application layer protocols require EMTU_R + values larger than 576. + + IMPLEMENTATION: + An implementation may use a contiguous reassembly buffer + for each datagram, or it may use a more complex data + structure that places no definite limit on the reassembled + datagram size; in the latter case, EMTU_R is said to be + + + +Internet Engineering Task Force [Page 56] + + + + +RFC1122 INTERNET LAYER October 1989 + + + "indefinite". + + Logically, reassembly is performed by simply copying each + fragment into the packet buffer at the proper offset. + Note that fragments may overlap if successive + retransmissions use different packetizing but the same + reassembly Id. + + The tricky part of reassembly is the bookkeeping to + determine when all bytes of the datagram have been + reassembled. We recommend Clark's algorithm [IP:10] that + requires no additional data space for the bookkeeping. + However, note that, contrary to [IP:10], the first + fragment header needs to be saved for inclusion in a + possible ICMP Time Exceeded (Reassembly Timeout) message. + + There MUST be a mechanism by which the transport layer can + learn MMS_R, the maximum message size that can be received and + reassembled in an IP datagram (see GET_MAXSIZES calls in + Section 3.4). If EMTU_R is not indefinite, then the value of + MMS_R is given by: + + MMS_R = EMTU_R - 20 + + since 20 is the minimum size of an IP header. + + There MUST be a reassembly timeout. The reassembly timeout + value SHOULD be a fixed value, not set from the remaining TTL. + It is recommended that the value lie between 60 seconds and 120 + seconds. If this timeout expires, the partially-reassembled + datagram MUST be discarded and an ICMP Time Exceeded message + sent to the source host (if fragment zero has been received). + + DISCUSSION: + The IP specification says that the reassembly timeout + should be the remaining TTL from the IP header, but this + does not work well because gateways generally treat TTL as + a simple hop count rather than an elapsed time. If the + reassembly timeout is too small, datagrams will be + discarded unnecessarily, and communication may fail. The + timeout needs to be at least as large as the typical + maximum delay across the Internet. A realistic minimum + reassembly timeout would be 60 seconds. + + It has been suggested that a cache might be kept of + round-trip times measured by transport protocols for + various destinations, and that these values might be used + to dynamically determine a reasonable reassembly timeout + + + +Internet Engineering Task Force [Page 57] + + + + +RFC1122 INTERNET LAYER October 1989 + + + value. Further investigation of this approach is + required. + + If the reassembly timeout is set too high, buffer + resources in the receiving host will be tied up too long, + and the MSL (Maximum Segment Lifetime) [TCP:1] will be + larger than necessary. The MSL controls the maximum rate + at which fragmented datagrams can be sent using distinct + values of the 16-bit Ident field; a larger MSL lowers the + maximum rate. The TCP specification [TCP:1] arbitrarily + assumes a value of 2 minutes for MSL. This sets an upper + limit on a reasonable reassembly timeout value. + + 3.3.3 Fragmentation + + Optionally, the IP layer MAY implement a mechanism to fragment + outgoing datagrams intentionally. + + We designate by EMTU_S ("Effective MTU for sending") the + maximum IP datagram size that may be sent, for a particular + combination of IP source and destination addresses and perhaps + TOS. + + A host MUST implement a mechanism to allow the transport layer + to learn MMS_S, the maximum transport-layer message size that + may be sent for a given {source, destination, TOS} triplet (see + GET_MAXSIZES call in Section 3.4). If no local fragmentation + is performed, the value of MMS_S will be: + + MMS_S = EMTU_S - <IP header size> + + and EMTU_S must be less than or equal to the MTU of the network + interface corresponding to the source address of the datagram. + Note that <IP header size> in this equation will be 20, unless + the IP reserves space to insert IP options for its own purposes + in addition to any options inserted by the transport layer. + + A host that does not implement local fragmentation MUST ensure + that the transport layer (for TCP) or the application layer + (for UDP) obtains MMS_S from the IP layer and does not send a + datagram exceeding MMS_S in size. + + It is generally desirable to avoid local fragmentation and to + choose EMTU_S low enough to avoid fragmentation in any gateway + along the path. In the absence of actual knowledge of the + minimum MTU along the path, the IP layer SHOULD use + EMTU_S <= 576 whenever the destination address is not on a + connected network, and otherwise use the connected network's + + + +Internet Engineering Task Force [Page 58] + + + + +RFC1122 INTERNET LAYER October 1989 + + + MTU. + + The MTU of each physical interface MUST be configurable. + + A host IP layer implementation MAY have a configuration flag + "All-Subnets-MTU", indicating that the MTU of the connected + network is to be used for destinations on different subnets + within the same network, but not for other networks. Thus, + this flag causes the network class mask, rather than the subnet + address mask, to be used to choose an EMTU_S. For a multihomed + host, an "All-Subnets-MTU" flag is needed for each network + interface. + + DISCUSSION: + Picking the correct datagram size to use when sending data + is a complex topic [IP:9]. + + (a) In general, no host is required to accept an IP + datagram larger than 576 bytes (including header and + data), so a host must not send a larger datagram + without explicit knowledge or prior arrangement with + the destination host. Thus, MMS_S is only an upper + bound on the datagram size that a transport protocol + may send; even when MMS_S exceeds 556, the transport + layer must limit its messages to 556 bytes in the + absence of other knowledge about the destination + host. + + (b) Some transport protocols (e.g., TCP) provide a way to + explicitly inform the sender about the largest + datagram the other end can receive and reassemble + [IP:7]. There is no corresponding mechanism in the + IP layer. + + A transport protocol that assumes an EMTU_R larger + than 576 (see Section 3.3.2), can send a datagram of + this larger size to another host that implements the + same protocol. + + (c) Hosts should ideally limit their EMTU_S for a given + destination to the minimum MTU of all the networks + along the path, to avoid any fragmentation. IP + fragmentation, while formally correct, can create a + serious transport protocol performance problem, + because loss of a single fragment means all the + fragments in the segment must be retransmitted + [IP:9]. + + + + +Internet Engineering Task Force [Page 59] + + + + +RFC1122 INTERNET LAYER October 1989 + + + Since nearly all networks in the Internet currently + support an MTU of 576 or greater, we strongly recommend + the use of 576 for datagrams sent to non-local networks. + + It has been suggested that a host could determine the MTU + over a given path by sending a zero-offset datagram + fragment and waiting for the receiver to time out the + reassembly (which cannot complete!) and return an ICMP + Time Exceeded message. This message would include the + largest remaining fragment header in its body. More + direct mechanisms are being experimented with, but have + not yet been adopted (see e.g., RFC-1063). + + 3.3.4 Local Multihoming + + 3.3.4.1 Introduction + + A multihomed host has multiple IP addresses, which we may + think of as "logical interfaces". These logical interfaces + may be associated with one or more physical interfaces, and + these physical interfaces may be connected to the same or + different networks. + + Here are some important cases of multihoming: + + (a) Multiple Logical Networks + + The Internet architects envisioned that each physical + network would have a single unique IP network (or + subnet) number. However, LAN administrators have + sometimes found it useful to violate this assumption, + operating a LAN with multiple logical networks per + physical connected network. + + If a host connected to such a physical network is + configured to handle traffic for each of N different + logical networks, then the host will have N logical + interfaces. These could share a single physical + interface, or might use N physical interfaces to the + same network. + + (b) Multiple Logical Hosts + + When a host has multiple IP addresses that all have the + same <Network-number> part (and the same <Subnet- + number> part, if any), the logical interfaces are known + as "logical hosts". These logical interfaces might + share a single physical interface or might use separate + + + +Internet Engineering Task Force [Page 60] + + + + +RFC1122 INTERNET LAYER October 1989 + + + physical interfaces to the same physical network. + + (c) Simple Multihoming + + In this case, each logical interface is mapped into a + separate physical interface and each physical interface + is connected to a different physical network. The term + "multihoming" was originally applied only to this case, + but it is now applied more generally. + + A host with embedded gateway functionality will + typically fall into the simple multihoming case. Note, + however, that a host may be simply multihomed without + containing an embedded gateway, i.e., without + forwarding datagrams from one connected network to + another. + + This case presents the most difficult routing problems. + The choice of interface (i.e., the choice of first-hop + network) may significantly affect performance or even + reachability of remote parts of the Internet. + + + Finally, we note another possibility that is NOT + multihoming: one logical interface may be bound to multiple + physical interfaces, in order to increase the reliability or + throughput between directly connected machines by providing + alternative physical paths between them. For instance, two + systems might be connected by multiple point-to-point links. + We call this "link-layer multiplexing". With link-layer + multiplexing, the protocols above the link layer are unaware + that multiple physical interfaces are present; the link- + layer device driver is responsible for multiplexing and + routing packets across the physical interfaces. + + In the Internet protocol architecture, a transport protocol + instance ("entity") has no address of its own, but instead + uses a single Internet Protocol (IP) address. This has + implications for the IP, transport, and application layers, + and for the interfaces between them. In particular, the + application software may have to be aware of the multiple IP + addresses of a multihomed host; in other cases, the choice + can be made within the network software. + + 3.3.4.2 Multihoming Requirements + + The following general rules apply to the selection of an IP + source address for sending a datagram from a multihomed + + + +Internet Engineering Task Force [Page 61] + + + + +RFC1122 INTERNET LAYER October 1989 + + + host. + + (1) If the datagram is sent in response to a received + datagram, the source address for the response SHOULD be + the specific-destination address of the request. See + Sections 4.1.3.5 and 4.2.3.7 and the "General Issues" + section of [INTRO:1] for more specific requirements on + higher layers. + + Otherwise, a source address must be selected. + + (2) An application MUST be able to explicitly specify the + source address for initiating a connection or a + request. + + (3) In the absence of such a specification, the networking + software MUST choose a source address. Rules for this + choice are described below. + + + There are two key requirement issues related to multihoming: + + (A) A host MAY silently discard an incoming datagram whose + destination address does not correspond to the physical + interface through which it is received. + + (B) A host MAY restrict itself to sending (non-source- + routed) IP datagrams only through the physical + interface that corresponds to the IP source address of + the datagrams. + + + DISCUSSION: + Internet host implementors have used two different + conceptual models for multihoming, briefly summarized + in the following discussion. This document takes no + stand on which model is preferred; each seems to have a + place. This ambivalence is reflected in the issues (A) + and (B) being optional. + + o Strong ES Model + + The Strong ES (End System, i.e., host) model + emphasizes the host/gateway (ES/IS) distinction, + and would therefore substitute MUST for MAY in + issues (A) and (B) above. It tends to model a + multihomed host as a set of logical hosts within + the same physical host. + + + +Internet Engineering Task Force [Page 62] + + + + +RFC1122 INTERNET LAYER October 1989 + + + With respect to (A), proponents of the Strong ES + model note that automatic Internet routing + mechanisms could not route a datagram to a + physical interface that did not correspond to the + destination address. + + Under the Strong ES model, the route computation + for an outgoing datagram is the mapping: + + route(src IP addr, dest IP addr, TOS) + -> gateway + + Here the source address is included as a parameter + in order to select a gateway that is directly + reachable on the corresponding physical interface. + Note that this model logically requires that in + general there be at least one default gateway, and + preferably multiple defaults, for each IP source + address. + + o Weak ES Model + + This view de-emphasizes the ES/IS distinction, and + would therefore substitute MUST NOT for MAY in + issues (A) and (B). This model may be the more + natural one for hosts that wiretap gateway routing + protocols, and is necessary for hosts that have + embedded gateway functionality. + + The Weak ES Model may cause the Redirect mechanism + to fail. If a datagram is sent out a physical + interface that does not correspond to the + destination address, the first-hop gateway will + not realize when it needs to send a Redirect. On + the other hand, if the host has embedded gateway + functionality, then it has routing information + without listening to Redirects. + + In the Weak ES model, the route computation for an + outgoing datagram is the mapping: + + route(dest IP addr, TOS) -> gateway, interface + + + + + + + + + +Internet Engineering Task Force [Page 63] + + + + +RFC1122 INTERNET LAYER October 1989 + + + 3.3.4.3 Choosing a Source Address + + DISCUSSION: + When it sends an initial connection request (e.g., a + TCP "SYN" segment) or a datagram service request (e.g., + a UDP-based query), the transport layer on a multihomed + host needs to know which source address to use. If the + application does not specify it, the transport layer + must ask the IP layer to perform the conceptual + mapping: + + GET_SRCADDR(remote IP addr, TOS) + -> local IP address + + Here TOS is the Type-of-Service value (see Section + 3.2.1.6), and the result is the desired source address. + The following rules are suggested for implementing this + mapping: + + (a) If the remote Internet address lies on one of the + (sub-) nets to which the host is directly + connected, a corresponding source address may be + chosen, unless the corresponding interface is + known to be down. + + (b) The route cache may be consulted, to see if there + is an active route to the specified destination + network through any network interface; if so, a + local IP address corresponding to that interface + may be chosen. + + (c) The table of static routes, if any (see Section + 3.3.1.2) may be similarly consulted. + + (d) The default gateways may be consulted. If these + gateways are assigned to different interfaces, the + interface corresponding to the gateway with the + highest preference may be chosen. + + In the future, there may be a defined way for a + multihomed host to ask the gateways on all connected + networks for advice about the best network to use for a + given destination. + + IMPLEMENTATION: + It will be noted that this process is essentially the + same as datagram routing (see Section 3.3.1), and + therefore hosts may be able to combine the + + + +Internet Engineering Task Force [Page 64] + + + + +RFC1122 INTERNET LAYER October 1989 + + + implementation of the two functions. + + 3.3.5 Source Route Forwarding + + Subject to restrictions given below, a host MAY be able to act + as an intermediate hop in a source route, forwarding a source- + routed datagram to the next specified hop. + + However, in performing this gateway-like function, the host + MUST obey all the relevant rules for a gateway forwarding + source-routed datagrams [INTRO:2]. This includes the following + specific provisions, which override the corresponding host + provisions given earlier in this document: + + (A) TTL (ref. Section 3.2.1.7) + + The TTL field MUST be decremented and the datagram perhaps + discarded as specified for a gateway in [INTRO:2]. + + (B) ICMP Destination Unreachable (ref. Section 3.2.2.1) + + A host MUST be able to generate Destination Unreachable + messages with the following codes: + + 4 (Fragmentation Required but DF Set) when a source- + routed datagram cannot be fragmented to fit into the + target network; + + 5 (Source Route Failed) when a source-routed datagram + cannot be forwarded, e.g., because of a routing + problem or because the next hop of a strict source + route is not on a connected network. + + (C) IP Source Address (ref. Section 3.2.1.3) + + A source-routed datagram being forwarded MAY (and normally + will) have a source address that is not one of the IP + addresses of the forwarding host. + + (D) Record Route Option (ref. Section 3.2.1.8d) + + A host that is forwarding a source-routed datagram + containing a Record Route option MUST update that option, + if it has room. + + (E) Timestamp Option (ref. Section 3.2.1.8e) + + A host that is forwarding a source-routed datagram + + + +Internet Engineering Task Force [Page 65] + + + + +RFC1122 INTERNET LAYER October 1989 + + + containing a Timestamp Option MUST add the current + timestamp to that option, according to the rules for this + option. + + To define the rules restricting host forwarding of source- + routed datagrams, we use the term "local source-routing" if the + next hop will be through the same physical interface through + which the datagram arrived; otherwise, it is "non-local + source-routing". + + o A host is permitted to perform local source-routing + without restriction. + + o A host that supports non-local source-routing MUST have a + configurable switch to disable forwarding, and this switch + MUST default to disabled. + + o The host MUST satisfy all gateway requirements for + configurable policy filters [INTRO:2] restricting non- + local forwarding. + + If a host receives a datagram with an incomplete source route + but does not forward it for some reason, the host SHOULD return + an ICMP Destination Unreachable (code 5, Source Route Failed) + message, unless the datagram was itself an ICMP error message. + + 3.3.6 Broadcasts + + Section 3.2.1.3 defined the four standard IP broadcast address + forms: + + Limited Broadcast: {-1, -1} + + Directed Broadcast: {<Network-number>,-1} + + Subnet Directed Broadcast: + {<Network-number>,<Subnet-number>,-1} + + All-Subnets Directed Broadcast: {<Network-number>,-1,-1} + + A host MUST recognize any of these forms in the destination + address of an incoming datagram. + + There is a class of hosts* that use non-standard broadcast + address forms, substituting 0 for -1. All hosts SHOULD +_________________________ +*4.2BSD Unix and its derivatives, but not 4.3BSD. + + + + +Internet Engineering Task Force [Page 66] + + + + +RFC1122 INTERNET LAYER October 1989 + + + recognize and accept any of these non-standard broadcast + addresses as the destination address of an incoming datagram. + A host MAY optionally have a configuration option to choose the + 0 or the -1 form of broadcast address, for each physical + interface, but this option SHOULD default to the standard (-1) + form. + + When a host sends a datagram to a link-layer broadcast address, + the IP destination address MUST be a legal IP broadcast or IP + multicast address. + + A host SHOULD silently discard a datagram that is received via + a link-layer broadcast (see Section 2.4) but does not specify + an IP multicast or broadcast destination address. + + Hosts SHOULD use the Limited Broadcast address to broadcast to + a connected network. + + + DISCUSSION: + Using the Limited Broadcast address instead of a Directed + Broadcast address may improve system robustness. Problems + are often caused by machines that do not understand the + plethora of broadcast addresses (see Section 3.2.1.3), or + that may have different ideas about which broadcast + addresses are in use. The prime example of the latter is + machines that do not understand subnetting but are + attached to a subnetted net. Sending a Subnet Broadcast + for the connected network will confuse those machines, + which will see it as a message to some other host. + + There has been discussion on whether a datagram addressed + to the Limited Broadcast address ought to be sent from all + the interfaces of a multihomed host. This specification + takes no stand on the issue. + + 3.3.7 IP Multicasting + + A host SHOULD support local IP multicasting on all connected + networks for which a mapping from Class D IP addresses to + link-layer addresses has been specified (see below). Support + for local IP multicasting includes sending multicast datagrams, + joining multicast groups and receiving multicast datagrams, and + leaving multicast groups. This implies support for all of + [IP:4] except the IGMP protocol itself, which is OPTIONAL. + + + + + + +Internet Engineering Task Force [Page 67] + + + + +RFC1122 INTERNET LAYER October 1989 + + + DISCUSSION: + IGMP provides gateways that are capable of multicast + routing with the information required to support IP + multicasting across multiple networks. At this time, + multicast-routing gateways are in the experimental stage + and are not widely available. For hosts that are not + connected to networks with multicast-routing gateways or + that do not need to receive multicast datagrams + originating on other networks, IGMP serves no purpose and + is therefore optional for now. However, the rest of + [IP:4] is currently recommended for the purpose of + providing IP-layer access to local network multicast + addressing, as a preferable alternative to local broadcast + addressing. It is expected that IGMP will become + recommended at some future date, when multicast-routing + gateways have become more widely available. + + If IGMP is not implemented, a host SHOULD still join the "all- + hosts" group (224.0.0.1) when the IP layer is initialized and + remain a member for as long as the IP layer is active. + + DISCUSSION: + Joining the "all-hosts" group will support strictly local + uses of multicasting, e.g., a gateway discovery protocol, + even if IGMP is not implemented. + + The mapping of IP Class D addresses to local addresses is + currently specified for the following types of networks: + + o Ethernet/IEEE 802.3, as defined in [IP:4]. + + o Any network that supports broadcast but not multicast, + addressing: all IP Class D addresses map to the local + broadcast address. + + o Any type of point-to-point link (e.g., SLIP or HDLC + links): no mapping required. All IP multicast datagrams + are sent as-is, inside the local framing. + + Mappings for other types of networks will be specified in the + future. + + A host SHOULD provide a way for higher-layer protocols or + applications to determine which of the host's connected + network(s) support IP multicast addressing. + + + + + + +Internet Engineering Task Force [Page 68] + + + + +RFC1122 INTERNET LAYER October 1989 + + + 3.3.8 Error Reporting + + Wherever practical, hosts MUST return ICMP error datagrams on + detection of an error, except in those cases where returning an + ICMP error message is specifically prohibited. + + DISCUSSION: + A common phenomenon in datagram networks is the "black + hole disease": datagrams are sent out, but nothing comes + back. Without any error datagrams, it is difficult for + the user to figure out what the problem is. + + 3.4 INTERNET/TRANSPORT LAYER INTERFACE + + The interface between the IP layer and the transport layer MUST + provide full access to all the mechanisms of the IP layer, + including options, Type-of-Service, and Time-to-Live. The + transport layer MUST either have mechanisms to set these interface + parameters, or provide a path to pass them through from an + application, or both. + + DISCUSSION: + Applications are urged to make use of these mechanisms where + applicable, even when the mechanisms are not currently + effective in the Internet (e.g., TOS). This will allow these + mechanisms to be immediately useful when they do become + effective, without a large amount of retrofitting of host + software. + + We now describe a conceptual interface between the transport layer + and the IP layer, as a set of procedure calls. This is an + extension of the information in Section 3.3 of RFC-791 [IP:1]. + + + * Send Datagram + + SEND(src, dst, prot, TOS, TTL, BufPTR, len, Id, DF, opt + => result ) + + where the parameters are defined in RFC-791. Passing an Id + parameter is optional; see Section 3.2.1.5. + + + * Receive Datagram + + RECV(BufPTR, prot + => result, src, dst, SpecDest, TOS, len, opt) + + + + +Internet Engineering Task Force [Page 69] + + + + +RFC1122 INTERNET LAYER October 1989 + + + All the parameters are defined in RFC-791, except for: + + SpecDest = specific-destination address of datagram + (defined in Section 3.2.1.3) + + The result parameter dst contains the datagram's destination + address. Since this may be a broadcast or multicast address, + the SpecDest parameter (not shown in RFC-791) MUST be passed. + The parameter opt contains all the IP options received in the + datagram; these MUST also be passed to the transport layer. + + + * Select Source Address + + GET_SRCADDR(remote, TOS) -> local + + remote = remote IP address + TOS = Type-of-Service + local = local IP address + + See Section 3.3.4.3. + + + * Find Maximum Datagram Sizes + + GET_MAXSIZES(local, remote, TOS) -> MMS_R, MMS_S + + MMS_R = maximum receive transport-message size. + MMS_S = maximum send transport-message size. + (local, remote, TOS defined above) + + See Sections 3.3.2 and 3.3.3. + + + * Advice on Delivery Success + + ADVISE_DELIVPROB(sense, local, remote, TOS) + + Here the parameter sense is a 1-bit flag indicating whether + positive or negative advice is being given; see the + discussion in Section 3.3.1.4. The other parameters were + defined earlier. + + + * Send ICMP Message + + SEND_ICMP(src, dst, TOS, TTL, BufPTR, len, Id, DF, opt) + -> result + + + +Internet Engineering Task Force [Page 70] + + + + +RFC1122 INTERNET LAYER October 1989 + + + (Parameters defined in RFC-791). + + Passing an Id parameter is optional; see Section 3.2.1.5. + The transport layer MUST be able to send certain ICMP + messages: Port Unreachable or any of the query-type + messages. This function could be considered to be a special + case of the SEND() call, of course; we describe it separately + for clarity. + + + * Receive ICMP Message + + RECV_ICMP(BufPTR ) -> result, src, dst, len, opt + + (Parameters defined in RFC-791). + + The IP layer MUST pass certain ICMP messages up to the + appropriate transport-layer routine. This function could be + considered to be a special case of the RECV() call, of + course; we describe it separately for clarity. + + For an ICMP error message, the data that is passed up MUST + include the original Internet header plus all the octets of + the original message that are included in the ICMP message. + This data will be used by the transport layer to locate the + connection state information, if any. + + In particular, the following ICMP messages are to be passed + up: + + o Destination Unreachable + + o Source Quench + + o Echo Reply (to ICMP user interface, unless the Echo + Request originated in the IP layer) + + o Timestamp Reply (to ICMP user interface) + + o Time Exceeded + + + DISCUSSION: + In the future, there may be additions to this interface to + pass path data (see Section 3.3.1.3) between the IP and + transport layers. + + + + + +Internet Engineering Task Force [Page 71] + + + + +RFC1122 INTERNET LAYER October 1989 + + + 3.5 INTERNET LAYER REQUIREMENTS SUMMARY + + + | | | | |S| | + | | | | |H| |F + | | | | |O|M|o + | | |S| |U|U|o + | | |H| |L|S|t + | |M|O| |D|T|n + | |U|U|M| | |o + | |S|L|A|N|N|t + | |T|D|Y|O|O|t +FEATURE |SECTION | | | |T|T|e +-------------------------------------------------|--------|-|-|-|-|-|-- + | | | | | | | +Implement IP and ICMP |3.1 |x| | | | | +Handle remote multihoming in application layer |3.1 |x| | | | | +Support local multihoming |3.1 | | |x| | | +Meet gateway specs if forward datagrams |3.1 |x| | | | | +Configuration switch for embedded gateway |3.1 |x| | | | |1 + Config switch default to non-gateway |3.1 |x| | | | |1 + Auto-config based on number of interfaces |3.1 | | | | |x|1 +Able to log discarded datagrams |3.1 | |x| | | | + Record in counter |3.1 | |x| | | | + | | | | | | | +Silently discard Version != 4 |3.2.1.1 |x| | | | | +Verify IP checksum, silently discard bad dgram |3.2.1.2 |x| | | | | +Addressing: | | | | | | | + Subnet addressing (RFC-950) |3.2.1.3 |x| | | | | + Src address must be host's own IP address |3.2.1.3 |x| | | | | + Silently discard datagram with bad dest addr |3.2.1.3 |x| | | | | + Silently discard datagram with bad src addr |3.2.1.3 |x| | | | | +Support reassembly |3.2.1.4 |x| | | | | +Retain same Id field in identical datagram |3.2.1.5 | | |x| | | + | | | | | | | +TOS: | | | | | | | + Allow transport layer to set TOS |3.2.1.6 |x| | | | | + Pass received TOS up to transport layer |3.2.1.6 | |x| | | | + Use RFC-795 link-layer mappings for TOS |3.2.1.6 | | | |x| | +TTL: | | | | | | | + Send packet with TTL of 0 |3.2.1.7 | | | | |x| + Discard received packets with TTL < 2 |3.2.1.7 | | | | |x| + Allow transport layer to set TTL |3.2.1.7 |x| | | | | + Fixed TTL is configurable |3.2.1.7 |x| | | | | + | | | | | | | +IP Options: | | | | | | | + Allow transport layer to send IP options |3.2.1.8 |x| | | | | + Pass all IP options rcvd to higher layer |3.2.1.8 |x| | | | | + + + +Internet Engineering Task Force [Page 72] + + + + +RFC1122 INTERNET LAYER October 1989 + + + IP layer silently ignore unknown options |3.2.1.8 |x| | | | | + Security option |3.2.1.8a| | |x| | | + Send Stream Identifier option |3.2.1.8b| | | |x| | + Silently ignore Stream Identifer option |3.2.1.8b|x| | | | | + Record Route option |3.2.1.8d| | |x| | | + Timestamp option |3.2.1.8e| | |x| | | +Source Route Option: | | | | | | | + Originate & terminate Source Route options |3.2.1.8c|x| | | | | + Datagram with completed SR passed up to TL |3.2.1.8c|x| | | | | + Build correct (non-redundant) return route |3.2.1.8c|x| | | | | + Send multiple SR options in one header |3.2.1.8c| | | | |x| + | | | | | | | +ICMP: | | | | | | | + Silently discard ICMP msg with unknown type |3.2.2 |x| | | | | + Include more than 8 octets of orig datagram |3.2.2 | | |x| | | + Included octets same as received |3.2.2 |x| | | | | + Demux ICMP Error to transport protocol |3.2.2 |x| | | | | + Send ICMP error message with TOS=0 |3.2.2 | |x| | | | + Send ICMP error message for: | | | | | | | + - ICMP error msg |3.2.2 | | | | |x| + - IP b'cast or IP m'cast |3.2.2 | | | | |x| + - Link-layer b'cast |3.2.2 | | | | |x| + - Non-initial fragment |3.2.2 | | | | |x| + - Datagram with non-unique src address |3.2.2 | | | | |x| + Return ICMP error msgs (when not prohibited) |3.3.8 |x| | | | | + | | | | | | | + Dest Unreachable: | | | | | | | + Generate Dest Unreachable (code 2/3) |3.2.2.1 | |x| | | | + Pass ICMP Dest Unreachable to higher layer |3.2.2.1 |x| | | | | + Higher layer act on Dest Unreach |3.2.2.1 | |x| | | | + Interpret Dest Unreach as only hint |3.2.2.1 |x| | | | | + Redirect: | | | | | | | + Host send Redirect |3.2.2.2 | | | |x| | + Update route cache when recv Redirect |3.2.2.2 |x| | | | | + Handle both Host and Net Redirects |3.2.2.2 |x| | | | | + Discard illegal Redirect |3.2.2.2 | |x| | | | + Source Quench: | | | | | | | + Send Source Quench if buffering exceeded |3.2.2.3 | | |x| | | + Pass Source Quench to higher layer |3.2.2.3 |x| | | | | + Higher layer act on Source Quench |3.2.2.3 | |x| | | | + Time Exceeded: pass to higher layer |3.2.2.4 |x| | | | | + Parameter Problem: | | | | | | | + Send Parameter Problem messages |3.2.2.5 | |x| | | | + Pass Parameter Problem to higher layer |3.2.2.5 |x| | | | | + Report Parameter Problem to user |3.2.2.5 | | |x| | | + | | | | | | | + ICMP Echo Request or Reply: | | | | | | | + Echo server and Echo client |3.2.2.6 |x| | | | | + + + +Internet Engineering Task Force [Page 73] + + + + +RFC1122 INTERNET LAYER October 1989 + + + Echo client |3.2.2.6 | |x| | | | + Discard Echo Request to broadcast address |3.2.2.6 | | |x| | | + Discard Echo Request to multicast address |3.2.2.6 | | |x| | | + Use specific-dest addr as Echo Reply src |3.2.2.6 |x| | | | | + Send same data in Echo Reply |3.2.2.6 |x| | | | | + Pass Echo Reply to higher layer |3.2.2.6 |x| | | | | + Reflect Record Route, Time Stamp options |3.2.2.6 | |x| | | | + Reverse and reflect Source Route option |3.2.2.6 |x| | | | | + | | | | | | | + ICMP Information Request or Reply: |3.2.2.7 | | | |x| | + ICMP Timestamp and Timestamp Reply: |3.2.2.8 | | |x| | | + Minimize delay variability |3.2.2.8 | |x| | | |1 + Silently discard b'cast Timestamp |3.2.2.8 | | |x| | |1 + Silently discard m'cast Timestamp |3.2.2.8 | | |x| | |1 + Use specific-dest addr as TS Reply src |3.2.2.8 |x| | | | |1 + Reflect Record Route, Time Stamp options |3.2.2.6 | |x| | | |1 + Reverse and reflect Source Route option |3.2.2.8 |x| | | | |1 + Pass Timestamp Reply to higher layer |3.2.2.8 |x| | | | |1 + Obey rules for "standard value" |3.2.2.8 |x| | | | |1 + | | | | | | | + ICMP Address Mask Request and Reply: | | | | | | | + Addr Mask source configurable |3.2.2.9 |x| | | | | + Support static configuration of addr mask |3.2.2.9 |x| | | | | + Get addr mask dynamically during booting |3.2.2.9 | | |x| | | + Get addr via ICMP Addr Mask Request/Reply |3.2.2.9 | | |x| | | + Retransmit Addr Mask Req if no Reply |3.2.2.9 |x| | | | |3 + Assume default mask if no Reply |3.2.2.9 | |x| | | |3 + Update address mask from first Reply only |3.2.2.9 |x| | | | |3 + Reasonableness check on Addr Mask |3.2.2.9 | |x| | | | + Send unauthorized Addr Mask Reply msgs |3.2.2.9 | | | | |x| + Explicitly configured to be agent |3.2.2.9 |x| | | | | + Static config=> Addr-Mask-Authoritative flag |3.2.2.9 | |x| | | | + Broadcast Addr Mask Reply when init. |3.2.2.9 |x| | | | |3 + | | | | | | | +ROUTING OUTBOUND DATAGRAMS: | | | | | | | + Use address mask in local/remote decision |3.3.1.1 |x| | | | | + Operate with no gateways on conn network |3.3.1.1 |x| | | | | + Maintain "route cache" of next-hop gateways |3.3.1.2 |x| | | | | + Treat Host and Net Redirect the same |3.3.1.2 | |x| | | | + If no cache entry, use default gateway |3.3.1.2 |x| | | | | + Support multiple default gateways |3.3.1.2 |x| | | | | + Provide table of static routes |3.3.1.2 | | |x| | | + Flag: route overridable by Redirects |3.3.1.2 | | |x| | | + Key route cache on host, not net address |3.3.1.3 | | |x| | | + Include TOS in route cache |3.3.1.3 | |x| | | | + | | | | | | | + Able to detect failure of next-hop gateway |3.3.1.4 |x| | | | | + Assume route is good forever |3.3.1.4 | | | |x| | + + + +Internet Engineering Task Force [Page 74] + + + + +RFC1122 INTERNET LAYER October 1989 + + + Ping gateways continuously |3.3.1.4 | | | | |x| + Ping only when traffic being sent |3.3.1.4 |x| | | | | + Ping only when no positive indication |3.3.1.4 |x| | | | | + Higher and lower layers give advice |3.3.1.4 | |x| | | | + Switch from failed default g'way to another |3.3.1.5 |x| | | | | + Manual method of entering config info |3.3.1.6 |x| | | | | + | | | | | | | +REASSEMBLY and FRAGMENTATION: | | | | | | | + Able to reassemble incoming datagrams |3.3.2 |x| | | | | + At least 576 byte datagrams |3.3.2 |x| | | | | + EMTU_R configurable or indefinite |3.3.2 | |x| | | | + Transport layer able to learn MMS_R |3.3.2 |x| | | | | + Send ICMP Time Exceeded on reassembly timeout |3.3.2 |x| | | | | + Fixed reassembly timeout value |3.3.2 | |x| | | | + | | | | | | | + Pass MMS_S to higher layers |3.3.3 |x| | | | | + Local fragmentation of outgoing packets |3.3.3 | | |x| | | + Else don't send bigger than MMS_S |3.3.3 |x| | | | | + Send max 576 to off-net destination |3.3.3 | |x| | | | + All-Subnets-MTU configuration flag |3.3.3 | | |x| | | + | | | | | | | +MULTIHOMING: | | | | | | | + Reply with same addr as spec-dest addr |3.3.4.2 | |x| | | | + Allow application to choose local IP addr |3.3.4.2 |x| | | | | + Silently discard d'gram in "wrong" interface |3.3.4.2 | | |x| | | + Only send d'gram through "right" interface |3.3.4.2 | | |x| | |4 + | | | | | | | +SOURCE-ROUTE FORWARDING: | | | | | | | + Forward datagram with Source Route option |3.3.5 | | |x| | |1 + Obey corresponding gateway rules |3.3.5 |x| | | | |1 + Update TTL by gateway rules |3.3.5 |x| | | | |1 + Able to generate ICMP err code 4, 5 |3.3.5 |x| | | | |1 + IP src addr not local host |3.3.5 | | |x| | |1 + Update Timestamp, Record Route options |3.3.5 |x| | | | |1 + Configurable switch for non-local SRing |3.3.5 |x| | | | |1 + Defaults to OFF |3.3.5 |x| | | | |1 + Satisfy gwy access rules for non-local SRing |3.3.5 |x| | | | |1 + If not forward, send Dest Unreach (cd 5) |3.3.5 | |x| | | |2 + | | | | | | | +BROADCAST: | | | | | | | + Broadcast addr as IP source addr |3.2.1.3 | | | | |x| + Receive 0 or -1 broadcast formats OK |3.3.6 | |x| | | | + Config'ble option to send 0 or -1 b'cast |3.3.6 | | |x| | | + Default to -1 broadcast |3.3.6 | |x| | | | + Recognize all broadcast address formats |3.3.6 |x| | | | | + Use IP b'cast/m'cast addr in link-layer b'cast |3.3.6 |x| | | | | + Silently discard link-layer-only b'cast dg's |3.3.6 | |x| | | | + Use Limited Broadcast addr for connected net |3.3.6 | |x| | | | + + + +Internet Engineering Task Force [Page 75] + + + + +RFC1122 INTERNET LAYER October 1989 + + + | | | | | | | +MULTICAST: | | | | | | | + Support local IP multicasting (RFC-1112) |3.3.7 | |x| | | | + Support IGMP (RFC-1112) |3.3.7 | | |x| | | + Join all-hosts group at startup |3.3.7 | |x| | | | + Higher layers learn i'face m'cast capability |3.3.7 | |x| | | | + | | | | | | | +INTERFACE: | | | | | | | + Allow transport layer to use all IP mechanisms |3.4 |x| | | | | + Pass interface ident up to transport layer |3.4 |x| | | | | + Pass all IP options up to transport layer |3.4 |x| | | | | + Transport layer can send certain ICMP messages |3.4 |x| | | | | + Pass spec'd ICMP messages up to transp. layer |3.4 |x| | | | | + Include IP hdr+8 octets or more from orig. |3.4 |x| | | | | + Able to leap tall buildings at a single bound |3.5 | |x| | | | + +Footnotes: + +(1) Only if feature is implemented. + +(2) This requirement is overruled if datagram is an ICMP error message. + +(3) Only if feature is implemented and is configured "on". + +(4) Unless has embedded gateway functionality or is source routed. + + + + + + + + + + + + + + + + + + + + + + + + + + +Internet Engineering Task Force [Page 76] + + + + +RFC1122 TRANSPORT LAYER -- UDP October 1989 + + +4. TRANSPORT PROTOCOLS + + 4.1 USER DATAGRAM PROTOCOL -- UDP + + 4.1.1 INTRODUCTION + + The User Datagram Protocol UDP [UDP:1] offers only a minimal + transport service -- non-guaranteed datagram delivery -- and + gives applications direct access to the datagram service of the + IP layer. UDP is used by applications that do not require the + level of service of TCP or that wish to use communications + services (e.g., multicast or broadcast delivery) not available + from TCP. + + UDP is almost a null protocol; the only services it provides + over IP are checksumming of data and multiplexing by port + number. Therefore, an application program running over UDP + must deal directly with end-to-end communication problems that + a connection-oriented protocol would have handled -- e.g., + retransmission for reliable delivery, packetization and + reassembly, flow control, congestion avoidance, etc., when + these are required. The fairly complex coupling between IP and + TCP will be mirrored in the coupling between UDP and many + applications using UDP. + + 4.1.2 PROTOCOL WALK-THROUGH + + There are no known errors in the specification of UDP. + + 4.1.3 SPECIFIC ISSUES + + 4.1.3.1 Ports + + UDP well-known ports follow the same rules as TCP well-known + ports; see Section 4.2.2.1 below. + + If a datagram arrives addressed to a UDP port for which + there is no pending LISTEN call, UDP SHOULD send an ICMP + Port Unreachable message. + + 4.1.3.2 IP Options + + UDP MUST pass any IP option that it receives from the IP + layer transparently to the application layer. + + An application MUST be able to specify IP options to be sent + in its UDP datagrams, and UDP MUST pass these options to the + IP layer. + + + +Internet Engineering Task Force [Page 77] + + + + +RFC1122 TRANSPORT LAYER -- UDP October 1989 + + + DISCUSSION: + At present, the only options that need be passed + through UDP are Source Route, Record Route, and Time + Stamp. However, new options may be defined in the + future, and UDP need not and should not make any + assumptions about the format or content of options it + passes to or from the application; an exception to this + might be an IP-layer security option. + + An application based on UDP will need to obtain a + source route from a request datagram and supply a + reversed route for sending the corresponding reply. + + 4.1.3.3 ICMP Messages + + UDP MUST pass to the application layer all ICMP error + messages that it receives from the IP layer. Conceptually + at least, this may be accomplished with an upcall to the + ERROR_REPORT routine (see Section 4.2.4.1). + + DISCUSSION: + Note that ICMP error messages resulting from sending a + UDP datagram are received asynchronously. A UDP-based + application that wants to receive ICMP error messages + is responsible for maintaining the state necessary to + demultiplex these messages when they arrive; for + example, the application may keep a pending receive + operation for this purpose. The application is also + responsible to avoid confusion from a delayed ICMP + error message resulting from an earlier use of the same + port(s). + + 4.1.3.4 UDP Checksums + + A host MUST implement the facility to generate and validate + UDP checksums. An application MAY optionally be able to + control whether a UDP checksum will be generated, but it + MUST default to checksumming on. + + If a UDP datagram is received with a checksum that is non- + zero and invalid, UDP MUST silently discard the datagram. + An application MAY optionally be able to control whether UDP + datagrams without checksums should be discarded or passed to + the application. + + DISCUSSION: + Some applications that normally run only across local + area networks have chosen to turn off UDP checksums for + + + +Internet Engineering Task Force [Page 78] + + + + +RFC1122 TRANSPORT LAYER -- UDP October 1989 + + + efficiency. As a result, numerous cases of undetected + errors have been reported. The advisability of ever + turning off UDP checksumming is very controversial. + + IMPLEMENTATION: + There is a common implementation error in UDP + checksums. Unlike the TCP checksum, the UDP checksum + is optional; the value zero is transmitted in the + checksum field of a UDP header to indicate the absence + of a checksum. If the transmitter really calculates a + UDP checksum of zero, it must transmit the checksum as + all 1's (65535). No special action is required at the + receiver, since zero and 65535 are equivalent in 1's + complement arithmetic. + + 4.1.3.5 UDP Multihoming + + When a UDP datagram is received, its specific-destination + address MUST be passed up to the application layer. + + An application program MUST be able to specify the IP source + address to be used for sending a UDP datagram or to leave it + unspecified (in which case the networking software will + choose an appropriate source address). There SHOULD be a + way to communicate the chosen source address up to the + application layer (e.g, so that the application can later + receive a reply datagram only from the corresponding + interface). + + DISCUSSION: + A request/response application that uses UDP should use + a source address for the response that is the same as + the specific destination address of the request. See + the "General Issues" section of [INTRO:1]. + + 4.1.3.6 Invalid Addresses + + A UDP datagram received with an invalid IP source address + (e.g., a broadcast or multicast address) must be discarded + by UDP or by the IP layer (see Section 3.2.1.3). + + When a host sends a UDP datagram, the source address MUST be + (one of) the IP address(es) of the host. + + 4.1.4 UDP/APPLICATION LAYER INTERFACE + + The application interface to UDP MUST provide the full services + of the IP/transport interface described in Section 3.4 of this + + + +Internet Engineering Task Force [Page 79] + + + + +RFC1122 TRANSPORT LAYER -- UDP October 1989 + + + document. Thus, an application using UDP needs the functions + of the GET_SRCADDR(), GET_MAXSIZES(), ADVISE_DELIVPROB(), and + RECV_ICMP() calls described in Section 3.4. For example, + GET_MAXSIZES() can be used to learn the effective maximum UDP + maximum datagram size for a particular {interface,remote + host,TOS} triplet. + + An application-layer program MUST be able to set the TTL and + TOS values as well as IP options for sending a UDP datagram, + and these values must be passed transparently to the IP layer. + UDP MAY pass the received TOS up to the application layer. + + 4.1.5 UDP REQUIREMENTS SUMMARY + + + | | | | |S| | + | | | | |H| |F + | | | | |O|M|o + | | |S| |U|U|o + | | |H| |L|S|t + | |M|O| |D|T|n + | |U|U|M| | |o + | |S|L|A|N|N|t + | |T|D|Y|O|O|t +FEATURE |SECTION | | | |T|T|e +-------------------------------------------------|--------|-|-|-|-|-|-- + | | | | | | | + UDP | | | | | | | +-------------------------------------------------|--------|-|-|-|-|-|-- + | | | | | | | +UDP send Port Unreachable |4.1.3.1 | |x| | | | + | | | | | | | +IP Options in UDP | | | | | | | + - Pass rcv'd IP options to applic layer |4.1.3.2 |x| | | | | + - Applic layer can specify IP options in Send |4.1.3.2 |x| | | | | + - UDP passes IP options down to IP layer |4.1.3.2 |x| | | | | + | | | | | | | +Pass ICMP msgs up to applic layer |4.1.3.3 |x| | | | | + | | | | | | | +UDP checksums: | | | | | | | + - Able to generate/check checksum |4.1.3.4 |x| | | | | + - Silently discard bad checksum |4.1.3.4 |x| | | | | + - Sender Option to not generate checksum |4.1.3.4 | | |x| | | + - Default is to checksum |4.1.3.4 |x| | | | | + - Receiver Option to require checksum |4.1.3.4 | | |x| | | + | | | | | | | +UDP Multihoming | | | | | | | + - Pass spec-dest addr to application |4.1.3.5 |x| | | | | + + + +Internet Engineering Task Force [Page 80] + + + + +RFC1122 TRANSPORT LAYER -- UDP October 1989 + + + - Applic layer can specify Local IP addr |4.1.3.5 |x| | | | | + - Applic layer specify wild Local IP addr |4.1.3.5 |x| | | | | + - Applic layer notified of Local IP addr used |4.1.3.5 | |x| | | | + | | | | | | | +Bad IP src addr silently discarded by UDP/IP |4.1.3.6 |x| | | | | +Only send valid IP source address |4.1.3.6 |x| | | | | +UDP Application Interface Services | | | | | | | +Full IP interface of 3.4 for application |4.1.4 |x| | | | | + - Able to spec TTL, TOS, IP opts when send dg |4.1.4 |x| | | | | + - Pass received TOS up to applic layer |4.1.4 | | |x| | | + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Internet Engineering Task Force [Page 81] + + + + +RFC1122 TRANSPORT LAYER -- TCP October 1989 + + + 4.2 TRANSMISSION CONTROL PROTOCOL -- TCP + + 4.2.1 INTRODUCTION + + The Transmission Control Protocol TCP [TCP:1] is the primary + virtual-circuit transport protocol for the Internet suite. TCP + provides reliable, in-sequence delivery of a full-duplex stream + of octets (8-bit bytes). TCP is used by those applications + needing reliable, connection-oriented transport service, e.g., + mail (SMTP), file transfer (FTP), and virtual terminal service + (Telnet); requirements for these application-layer protocols + are described in [INTRO:1]. + + 4.2.2 PROTOCOL WALK-THROUGH + + 4.2.2.1 Well-Known Ports: RFC-793 Section 2.7 + + DISCUSSION: + TCP reserves port numbers in the range 0-255 for + "well-known" ports, used to access services that are + standardized across the Internet. The remainder of the + port space can be freely allocated to application + processes. Current well-known port definitions are + listed in the RFC entitled "Assigned Numbers" + [INTRO:6]. A prerequisite for defining a new well- + known port is an RFC documenting the proposed service + in enough detail to allow new implementations. + + Some systems extend this notion by adding a third + subdivision of the TCP port space: reserved ports, + which are generally used for operating-system-specific + services. For example, reserved ports might fall + between 256 and some system-dependent upper limit. + Some systems further choose to protect well-known and + reserved ports by permitting only privileged users to + open TCP connections with those port values. This is + perfectly reasonable as long as the host does not + assume that all hosts protect their low-numbered ports + in this manner. + + 4.2.2.2 Use of Push: RFC-793 Section 2.8 + + When an application issues a series of SEND calls without + setting the PUSH flag, the TCP MAY aggregate the data + internally without sending it. Similarly, when a series of + segments is received without the PSH bit, a TCP MAY queue + the data internally without passing it to the receiving + application. + + + +Internet Engineering Task Force [Page 82] + + + + +RFC1122 TRANSPORT LAYER -- TCP October 1989 + + + The PSH bit is not a record marker and is independent of + segment boundaries. The transmitter SHOULD collapse + successive PSH bits when it packetizes data, to send the + largest possible segment. + + A TCP MAY implement PUSH flags on SEND calls. If PUSH flags + are not implemented, then the sending TCP: (1) must not + buffer data indefinitely, and (2) MUST set the PSH bit in + the last buffered segment (i.e., when there is no more + queued data to be sent). + + The discussion in RFC-793 on pages 48, 50, and 74 + erroneously implies that a received PSH flag must be passed + to the application layer. Passing a received PSH flag to + the application layer is now OPTIONAL. + + An application program is logically required to set the PUSH + flag in a SEND call whenever it needs to force delivery of + the data to avoid a communication deadlock. However, a TCP + SHOULD send a maximum-sized segment whenever possible, to + improve performance (see Section 4.2.3.4). + + DISCUSSION: + When the PUSH flag is not implemented on SEND calls, + i.e., when the application/TCP interface uses a pure + streaming model, responsibility for aggregating any + tiny data fragments to form reasonable sized segments + is partially borne by the application layer. + + Generally, an interactive application protocol must set + the PUSH flag at least in the last SEND call in each + command or response sequence. A bulk transfer protocol + like FTP should set the PUSH flag on the last segment + of a file or when necessary to prevent buffer deadlock. + + At the receiver, the PSH bit forces buffered data to be + delivered to the application (even if less than a full + buffer has been received). Conversely, the lack of a + PSH bit can be used to avoid unnecessary wakeup calls + to the application process; this can be an important + performance optimization for large timesharing hosts. + Passing the PSH bit to the receiving application allows + an analogous optimization within the application. + + 4.2.2.3 Window Size: RFC-793 Section 3.1 + + The window size MUST be treated as an unsigned number, or + else large window sizes will appear like negative windows + + + +Internet Engineering Task Force [Page 83] + + + + +RFC1122 TRANSPORT LAYER -- TCP October 1989 + + + and TCP will not work. It is RECOMMENDED that + implementations reserve 32-bit fields for the send and + receive window sizes in the connection record and do all + window computations with 32 bits. + + DISCUSSION: + It is known that the window field in the TCP header is + too small for high-speed, long-delay paths. + Experimental TCP options have been defined to extend + the window size; see for example [TCP:11]. In + anticipation of the adoption of such an extension, TCP + implementors should treat windows as 32 bits. + + 4.2.2.4 Urgent Pointer: RFC-793 Section 3.1 + + The second sentence is in error: the urgent pointer points + to the sequence number of the LAST octet (not LAST+1) in a + sequence of urgent data. The description on page 56 (last + sentence) is correct. + + A TCP MUST support a sequence of urgent data of any length. + + A TCP MUST inform the application layer asynchronously + whenever it receives an Urgent pointer and there was + previously no pending urgent data, or whenever the Urgent + pointer advances in the data stream. There MUST be a way + for the application to learn how much urgent data remains to + be read from the connection, or at least to determine + whether or not more urgent data remains to be read. + + DISCUSSION: + Although the Urgent mechanism may be used for any + application, it is normally used to send "interrupt"- + type commands to a Telnet program (see "Using Telnet + Synch Sequence" section in [INTRO:1]). + + The asynchronous or "out-of-band" notification will + allow the application to go into "urgent mode", reading + data from the TCP connection. This allows control + commands to be sent to an application whose normal + input buffers are full of unprocessed data. + + IMPLEMENTATION: + The generic ERROR-REPORT() upcall described in Section + 4.2.4.1 is a possible mechanism for informing the + application of the arrival of urgent data. + + + + + +Internet Engineering Task Force [Page 84] + + + + +RFC1122 TRANSPORT LAYER -- TCP October 1989 + + + 4.2.2.5 TCP Options: RFC-793 Section 3.1 + + A TCP MUST be able to receive a TCP option in any segment. + A TCP MUST ignore without error any TCP option it does not + implement, assuming that the option has a length field (all + TCP options defined in the future will have length fields). + TCP MUST be prepared to handle an illegal option length + (e.g., zero) without crashing; a suggested procedure is to + reset the connection and log the reason. + + 4.2.2.6 Maximum Segment Size Option: RFC-793 Section 3.1 + + TCP MUST implement both sending and receiving the Maximum + Segment Size option [TCP:4]. + + TCP SHOULD send an MSS (Maximum Segment Size) option in + every SYN segment when its receive MSS differs from the + default 536, and MAY send it always. + + If an MSS option is not received at connection setup, TCP + MUST assume a default send MSS of 536 (576-40) [TCP:4]. + + The maximum size of a segment that TCP really sends, the + "effective send MSS," MUST be the smaller of the send MSS + (which reflects the available reassembly buffer size at the + remote host) and the largest size permitted by the IP layer: + + Eff.snd.MSS = + + min(SendMSS+20, MMS_S) - TCPhdrsize - IPoptionsize + + where: + + * SendMSS is the MSS value received from the remote host, + or the default 536 if no MSS option is received. + + * MMS_S is the maximum size for a transport-layer message + that TCP may send. + + * TCPhdrsize is the size of the TCP header; this is + normally 20, but may be larger if TCP options are to be + sent. + + * IPoptionsize is the size of any IP options that TCP + will pass to the IP layer with the current message. + + + The MSS value to be sent in an MSS option must be less than + + + +Internet Engineering Task Force [Page 85] + + + + +RFC1122 TRANSPORT LAYER -- TCP October 1989 + + + or equal to: + + MMS_R - 20 + + where MMS_R is the maximum size for a transport-layer + message that can be received (and reassembled). TCP obtains + MMS_R and MMS_S from the IP layer; see the generic call + GET_MAXSIZES in Section 3.4. + + DISCUSSION: + The choice of TCP segment size has a strong effect on + performance. Larger segments increase throughput by + amortizing header size and per-datagram processing + overhead over more data bytes; however, if the packet + is so large that it causes IP fragmentation, efficiency + drops sharply if any fragments are lost [IP:9]. + + Some TCP implementations send an MSS option only if the + destination host is on a non-connected network. + However, in general the TCP layer may not have the + appropriate information to make this decision, so it is + preferable to leave to the IP layer the task of + determining a suitable MTU for the Internet path. We + therefore recommend that TCP always send the option (if + not 536) and that the IP layer determine MMS_R as + specified in 3.3.3 and 3.4. A proposed IP-layer + mechanism to measure the MTU would then modify the IP + layer without changing TCP. + + 4.2.2.7 TCP Checksum: RFC-793 Section 3.1 + + Unlike the UDP checksum (see Section 4.1.3.4), the TCP + checksum is never optional. The sender MUST generate it and + the receiver MUST check it. + + 4.2.2.8 TCP Connection State Diagram: RFC-793 Section 3.2, + page 23 + + There are several problems with this diagram: + + (a) The arrow from SYN-SENT to SYN-RCVD should be labeled + with "snd SYN,ACK", to agree with the text on page 68 + and with Figure 8. + + (b) There could be an arrow from SYN-RCVD state to LISTEN + state, conditioned on receiving a RST after a passive + open (see text page 70). + + + + +Internet Engineering Task Force [Page 86] + + + + +RFC1122 TRANSPORT LAYER -- TCP October 1989 + + + (c) It is possible to go directly from FIN-WAIT-1 to the + TIME-WAIT state (see page 75 of the spec). + + + 4.2.2.9 Initial Sequence Number Selection: RFC-793 Section + 3.3, page 27 + + A TCP MUST use the specified clock-driven selection of + initial sequence numbers. + + 4.2.2.10 Simultaneous Open Attempts: RFC-793 Section 3.4, page + 32 + + There is an error in Figure 8: the packet on line 7 should + be identical to the packet on line 5. + + A TCP MUST support simultaneous open attempts. + + DISCUSSION: + It sometimes surprises implementors that if two + applications attempt to simultaneously connect to each + other, only one connection is generated instead of two. + This was an intentional design decision; don't try to + "fix" it. + + 4.2.2.11 Recovery from Old Duplicate SYN: RFC-793 Section 3.4, + page 33 + + Note that a TCP implementation MUST keep track of whether a + connection has reached SYN_RCVD state as the result of a + passive OPEN or an active OPEN. + + 4.2.2.12 RST Segment: RFC-793 Section 3.4 + + A TCP SHOULD allow a received RST segment to include data. + + DISCUSSION + It has been suggested that a RST segment could contain + ASCII text that encoded and explained the cause of the + RST. No standard has yet been established for such + data. + + 4.2.2.13 Closing a Connection: RFC-793 Section 3.5 + + A TCP connection may terminate in two ways: (1) the normal + TCP close sequence using a FIN handshake, and (2) an "abort" + in which one or more RST segments are sent and the + connection state is immediately discarded. If a TCP + + + +Internet Engineering Task Force [Page 87] + + + + +RFC1122 TRANSPORT LAYER -- TCP October 1989 + + + connection is closed by the remote site, the local + application MUST be informed whether it closed normally or + was aborted. + + The normal TCP close sequence delivers buffered data + reliably in both directions. Since the two directions of a + TCP connection are closed independently, it is possible for + a connection to be "half closed," i.e., closed in only one + direction, and a host is permitted to continue sending data + in the open direction on a half-closed connection. + + A host MAY implement a "half-duplex" TCP close sequence, so + that an application that has called CLOSE cannot continue to + read data from the connection. If such a host issues a + CLOSE call while received data is still pending in TCP, or + if new data is received after CLOSE is called, its TCP + SHOULD send a RST to show that data was lost. + + When a connection is closed actively, it MUST linger in + TIME-WAIT state for a time 2xMSL (Maximum Segment Lifetime). + However, it MAY accept a new SYN from the remote TCP to + reopen the connection directly from TIME-WAIT state, if it: + + (1) assigns its initial sequence number for the new + connection to be larger than the largest sequence + number it used on the previous connection incarnation, + and + + (2) returns to TIME-WAIT state if the SYN turns out to be + an old duplicate. + + + DISCUSSION: + TCP's full-duplex data-preserving close is a feature + that is not included in the analogous ISO transport + protocol TP4. + + Some systems have not implemented half-closed + connections, presumably because they do not fit into + the I/O model of their particular operating system. On + these systems, once an application has called CLOSE, it + can no longer read input data from the connection; this + is referred to as a "half-duplex" TCP close sequence. + + The graceful close algorithm of TCP requires that the + connection state remain defined on (at least) one end + of the connection, for a timeout period of 2xMSL, i.e., + 4 minutes. During this period, the (remote socket, + + + +Internet Engineering Task Force [Page 88] + + + + +RFC1122 TRANSPORT LAYER -- TCP October 1989 + + + local socket) pair that defines the connection is busy + and cannot be reused. To shorten the time that a given + port pair is tied up, some TCPs allow a new SYN to be + accepted in TIME-WAIT state. + + 4.2.2.14 Data Communication: RFC-793 Section 3.7, page 40 + + Since RFC-793 was written, there has been extensive work on + TCP algorithms to achieve efficient data communication. + Later sections of the present document describe required and + recommended TCP algorithms to determine when to send data + (Section 4.2.3.4), when to send an acknowledgment (Section + 4.2.3.2), and when to update the window (Section 4.2.3.3). + + DISCUSSION: + One important performance issue is "Silly Window + Syndrome" or "SWS" [TCP:5], a stable pattern of small + incremental window movements resulting in extremely + poor TCP performance. Algorithms to avoid SWS are + described below for both the sending side (Section + 4.2.3.4) and the receiving side (Section 4.2.3.3). + + In brief, SWS is caused by the receiver advancing the + right window edge whenever it has any new buffer space + available to receive data and by the sender using any + incremental window, no matter how small, to send more + data [TCP:5]. The result can be a stable pattern of + sending tiny data segments, even though both sender and + receiver have a large total buffer space for the + connection. SWS can only occur during the transmission + of a large amount of data; if the connection goes + quiescent, the problem will disappear. It is caused by + typical straightforward implementation of window + management, but the sender and receiver algorithms + given below will avoid it. + + Another important TCP performance issue is that some + applications, especially remote login to character-at- + a-time hosts, tend to send streams of one-octet data + segments. To avoid deadlocks, every TCP SEND call from + such applications must be "pushed", either explicitly + by the application or else implicitly by TCP. The + result may be a stream of TCP segments that contain one + data octet each, which makes very inefficient use of + the Internet and contributes to Internet congestion. + The Nagle Algorithm described in Section 4.2.3.4 + provides a simple and effective solution to this + problem. It does have the effect of clumping + + + +Internet Engineering Task Force [Page 89] + + + + +RFC1122 TRANSPORT LAYER -- TCP October 1989 + + + characters over Telnet connections; this may initially + surprise users accustomed to single-character echo, but + user acceptance has not been a problem. + + Note that the Nagle algorithm and the send SWS + avoidance algorithm play complementary roles in + improving performance. The Nagle algorithm discourages + sending tiny segments when the data to be sent + increases in small increments, while the SWS avoidance + algorithm discourages small segments resulting from the + right window edge advancing in small increments. + + A careless implementation can send two or more + acknowledgment segments per data segment received. For + example, suppose the receiver acknowledges every data + segment immediately. When the application program + subsequently consumes the data and increases the + available receive buffer space again, the receiver may + send a second acknowledgment segment to update the + window at the sender. The extreme case occurs with + single-character segments on TCP connections using the + Telnet protocol for remote login service. Some + implementations have been observed in which each + incoming 1-character segment generates three return + segments: (1) the acknowledgment, (2) a one byte + increase in the window, and (3) the echoed character, + respectively. + + 4.2.2.15 Retransmission Timeout: RFC-793 Section 3.7, page 41 + + The algorithm suggested in RFC-793 for calculating the + retransmission timeout is now known to be inadequate; see + Section 4.2.3.1 below. + + Recent work by Jacobson [TCP:7] on Internet congestion and + TCP retransmission stability has produced a transmission + algorithm combining "slow start" with "congestion + avoidance". A TCP MUST implement this algorithm. + + If a retransmitted packet is identical to the original + packet (which implies not only that the data boundaries have + not changed, but also that the window and acknowledgment + fields of the header have not changed), then the same IP + Identification field MAY be used (see Section 3.2.1.5). + + IMPLEMENTATION: + Some TCP implementors have chosen to "packetize" the + data stream, i.e., to pick segment boundaries when + + + +Internet Engineering Task Force [Page 90] + + + + +RFC1122 TRANSPORT LAYER -- TCP October 1989 + + + segments are originally sent and to queue these + segments in a "retransmission queue" until they are + acknowledged. Another design (which may be simpler) is + to defer packetizing until each time data is + transmitted or retransmitted, so there will be no + segment retransmission queue. + + In an implementation with a segment retransmission + queue, TCP performance may be enhanced by repacketizing + the segments awaiting acknowledgment when the first + retransmission timeout occurs. That is, the + outstanding segments that fitted would be combined into + one maximum-sized segment, with a new IP Identification + value. The TCP would then retain this combined segment + in the retransmit queue until it was acknowledged. + However, if the first two segments in the + retransmission queue totalled more than one maximum- + sized segment, the TCP would retransmit only the first + segment using the original IP Identification field. + + 4.2.2.16 Managing the Window: RFC-793 Section 3.7, page 41 + + A TCP receiver SHOULD NOT shrink the window, i.e., move the + right window edge to the left. However, a sending TCP MUST + be robust against window shrinking, which may cause the + "useable window" (see Section 4.2.3.4) to become negative. + + If this happens, the sender SHOULD NOT send new data, but + SHOULD retransmit normally the old unacknowledged data + between SND.UNA and SND.UNA+SND.WND. The sender MAY also + retransmit old data beyond SND.UNA+SND.WND, but SHOULD NOT + time out the connection if data beyond the right window edge + is not acknowledged. If the window shrinks to zero, the TCP + MUST probe it in the standard way (see next Section). + + DISCUSSION: + Many TCP implementations become confused if the window + shrinks from the right after data has been sent into a + larger window. Note that TCP has a heuristic to select + the latest window update despite possible datagram + reordering; as a result, it may ignore a window update + with a smaller window than previously offered if + neither the sequence number nor the acknowledgment + number is increased. + + + + + + + +Internet Engineering Task Force [Page 91] + + + + +RFC1122 TRANSPORT LAYER -- TCP October 1989 + + + 4.2.2.17 Probing Zero Windows: RFC-793 Section 3.7, page 42 + + Probing of zero (offered) windows MUST be supported. + + A TCP MAY keep its offered receive window closed + indefinitely. As long as the receiving TCP continues to + send acknowledgments in response to the probe segments, the + sending TCP MUST allow the connection to stay open. + + DISCUSSION: + It is extremely important to remember that ACK + (acknowledgment) segments that contain no data are not + reliably transmitted by TCP. If zero window probing is + not supported, a connection may hang forever when an + ACK segment that re-opens the window is lost. + + The delay in opening a zero window generally occurs + when the receiving application stops taking data from + its TCP. For example, consider a printer daemon + application, stopped because the printer ran out of + paper. + + The transmitting host SHOULD send the first zero-window + probe when a zero window has existed for the retransmission + timeout period (see Section 4.2.2.15), and SHOULD increase + exponentially the interval between successive probes. + + DISCUSSION: + This procedure minimizes delay if the zero-window + condition is due to a lost ACK segment containing a + window-opening update. Exponential backoff is + recommended, possibly with some maximum interval not + specified here. This procedure is similar to that of + the retransmission algorithm, and it may be possible to + combine the two procedures in the implementation. + + 4.2.2.18 Passive OPEN Calls: RFC-793 Section 3.8 + + Every passive OPEN call either creates a new connection + record in LISTEN state, or it returns an error; it MUST NOT + affect any previously created connection record. + + A TCP that supports multiple concurrent users MUST provide + an OPEN call that will functionally allow an application to + LISTEN on a port while a connection block with the same + local port is in SYN-SENT or SYN-RECEIVED state. + + DISCUSSION: + + + +Internet Engineering Task Force [Page 92] + + + + +RFC1122 TRANSPORT LAYER -- TCP October 1989 + + + Some applications (e.g., SMTP servers) may need to + handle multiple connection attempts at about the same + time. The probability of a connection attempt failing + is reduced by giving the application some means of + listening for a new connection at the same time that an + earlier connection attempt is going through the three- + way handshake. + + IMPLEMENTATION: + Acceptable implementations of concurrent opens may + permit multiple passive OPEN calls, or they may allow + "cloning" of LISTEN-state connections from a single + passive OPEN call. + + 4.2.2.19 Time to Live: RFC-793 Section 3.9, page 52 + + RFC-793 specified that TCP was to request the IP layer to + send TCP segments with TTL = 60. This is obsolete; the TTL + value used to send TCP segments MUST be configurable. See + Section 3.2.1.7 for discussion. + + 4.2.2.20 Event Processing: RFC-793 Section 3.9 + + While it is not strictly required, a TCP SHOULD be capable + of queueing out-of-order TCP segments. Change the "may" in + the last sentence of the first paragraph on page 70 to + "should". + + DISCUSSION: + Some small-host implementations have omitted segment + queueing because of limited buffer space. This + omission may be expected to adversely affect TCP + throughput, since loss of a single segment causes all + later segments to appear to be "out of sequence". + + In general, the processing of received segments MUST be + implemented to aggregate ACK segments whenever possible. + For example, if the TCP is processing a series of queued + segments, it MUST process them all before sending any ACK + segments. + + Here are some detailed error corrections and notes on the + Event Processing section of RFC-793. + + (a) CLOSE Call, CLOSE-WAIT state, p. 61: enter LAST-ACK + state, not CLOSING. + + (b) LISTEN state, check for SYN (pp. 65, 66): With a SYN + + + +Internet Engineering Task Force [Page 93] + + + + +RFC1122 TRANSPORT LAYER -- TCP October 1989 + + + bit, if the security/compartment or the precedence is + wrong for the segment, a reset is sent. The wrong form + of reset is shown in the text; it should be: + + <SEQ=0><ACK=SEG.SEQ+SEG.LEN><CTL=RST,ACK> + + + (c) SYN-SENT state, Check for SYN, p. 68: When the + connection enters ESTABLISHED state, the following + variables must be set: + SND.WND <- SEG.WND + SND.WL1 <- SEG.SEQ + SND.WL2 <- SEG.ACK + + + (d) Check security and precedence, p. 71: The first heading + "ESTABLISHED STATE" should really be a list of all + states other than SYN-RECEIVED: ESTABLISHED, FIN-WAIT- + 1, FIN-WAIT-2, CLOSE-WAIT, CLOSING, LAST-ACK, and + TIME-WAIT. + + (e) Check SYN bit, p. 71: "In SYN-RECEIVED state and if + the connection was initiated with a passive OPEN, then + return this connection to the LISTEN state and return. + Otherwise...". + + (f) Check ACK field, SYN-RECEIVED state, p. 72: When the + connection enters ESTABLISHED state, the variables + listed in (c) must be set. + + (g) Check ACK field, ESTABLISHED state, p. 72: The ACK is a + duplicate if SEG.ACK =< SND.UNA (the = was omitted). + Similarly, the window should be updated if: SND.UNA =< + SEG.ACK =< SND.NXT. + + (h) USER TIMEOUT, p. 77: + + It would be better to notify the application of the + timeout rather than letting TCP force the connection + closed. However, see also Section 4.2.3.5. + + + 4.2.2.21 Acknowledging Queued Segments: RFC-793 Section 3.9 + + A TCP MAY send an ACK segment acknowledging RCV.NXT when a + valid segment arrives that is in the window but not at the + left window edge. + + + + +Internet Engineering Task Force [Page 94] + + + + +RFC1122 TRANSPORT LAYER -- TCP October 1989 + + + DISCUSSION: + RFC-793 (see page 74) was ambiguous about whether or + not an ACK segment should be sent when an out-of-order + segment was received, i.e., when SEG.SEQ was unequal to + RCV.NXT. + + One reason for ACKing out-of-order segments might be to + support an experimental algorithm known as "fast + retransmit". With this algorithm, the sender uses the + "redundant" ACK's to deduce that a segment has been + lost before the retransmission timer has expired. It + counts the number of times an ACK has been received + with the same value of SEG.ACK and with the same right + window edge. If more than a threshold number of such + ACK's is received, then the segment containing the + octets starting at SEG.ACK is assumed to have been lost + and is retransmitted, without awaiting a timeout. The + threshold is chosen to compensate for the maximum + likely segment reordering in the Internet. There is + not yet enough experience with the fast retransmit + algorithm to determine how useful it is. + + 4.2.3 SPECIFIC ISSUES + + 4.2.3.1 Retransmission Timeout Calculation + + A host TCP MUST implement Karn's algorithm and Jacobson's + algorithm for computing the retransmission timeout ("RTO"). + + o Jacobson's algorithm for computing the smoothed round- + trip ("RTT") time incorporates a simple measure of the + variance [TCP:7]. + + o Karn's algorithm for selecting RTT measurements ensures + that ambiguous round-trip times will not corrupt the + calculation of the smoothed round-trip time [TCP:6]. + + This implementation also MUST include "exponential backoff" + for successive RTO values for the same segment. + Retransmission of SYN segments SHOULD use the same algorithm + as data segments. + + DISCUSSION: + There were two known problems with the RTO calculations + specified in RFC-793. First, the accurate measurement + of RTTs is difficult when there are retransmissions. + Second, the algorithm to compute the smoothed round- + trip time is inadequate [TCP:7], because it incorrectly + + + +Internet Engineering Task Force [Page 95] + + + + +RFC1122 TRANSPORT LAYER -- TCP October 1989 + + + assumed that the variance in RTT values would be small + and constant. These problems were solved by Karn's and + Jacobson's algorithm, respectively. + + The performance increase resulting from the use of + these improvements varies from noticeable to dramatic. + Jacobson's algorithm for incorporating the measured RTT + variance is especially important on a low-speed link, + where the natural variation of packet sizes causes a + large variation in RTT. One vendor found link + utilization on a 9.6kb line went from 10% to 90% as a + result of implementing Jacobson's variance algorithm in + TCP. + + The following values SHOULD be used to initialize the + estimation parameters for a new connection: + + (a) RTT = 0 seconds. + + (b) RTO = 3 seconds. (The smoothed variance is to be + initialized to the value that will result in this RTO). + + The recommended upper and lower bounds on the RTO are known + to be inadequate on large internets. The lower bound SHOULD + be measured in fractions of a second (to accommodate high + speed LANs) and the upper bound should be 2*MSL, i.e., 240 + seconds. + + DISCUSSION: + Experience has shown that these initialization values + are reasonable, and that in any case the Karn and + Jacobson algorithms make TCP behavior reasonably + insensitive to the initial parameter choices. + + 4.2.3.2 When to Send an ACK Segment + + A host that is receiving a stream of TCP data segments can + increase efficiency in both the Internet and the hosts by + sending fewer than one ACK (acknowledgment) segment per data + segment received; this is known as a "delayed ACK" [TCP:5]. + + A TCP SHOULD implement a delayed ACK, but an ACK should not + be excessively delayed; in particular, the delay MUST be + less than 0.5 seconds, and in a stream of full-sized + segments there SHOULD be an ACK for at least every second + segment. + + DISCUSSION: + + + +Internet Engineering Task Force [Page 96] + + + + +RFC1122 TRANSPORT LAYER -- TCP October 1989 + + + A delayed ACK gives the application an opportunity to + update the window and perhaps to send an immediate + response. In particular, in the case of character-mode + remote login, a delayed ACK can reduce the number of + segments sent by the server by a factor of 3 (ACK, + window update, and echo character all combined in one + segment). + + In addition, on some large multi-user hosts, a delayed + ACK can substantially reduce protocol processing + overhead by reducing the total number of packets to be + processed [TCP:5]. However, excessive delays on ACK's + can disturb the round-trip timing and packet "clocking" + algorithms [TCP:7]. + + 4.2.3.3 When to Send a Window Update + + A TCP MUST include a SWS avoidance algorithm in the receiver + [TCP:5]. + + IMPLEMENTATION: + The receiver's SWS avoidance algorithm determines when + the right window edge may be advanced; this is + customarily known as "updating the window". This + algorithm combines with the delayed ACK algorithm (see + Section 4.2.3.2) to determine when an ACK segment + containing the current window will really be sent to + the receiver. We use the notation of RFC-793; see + Figures 4 and 5 in that document. + + The solution to receiver SWS is to avoid advancing the + right window edge RCV.NXT+RCV.WND in small increments, + even if data is received from the network in small + segments. + + Suppose the total receive buffer space is RCV.BUFF. At + any given moment, RCV.USER octets of this total may be + tied up with data that has been received and + acknowledged but which the user process has not yet + consumed. When the connection is quiescent, RCV.WND = + RCV.BUFF and RCV.USER = 0. + + Keeping the right window edge fixed as data arrives and + is acknowledged requires that the receiver offer less + than its full buffer space, i.e., the receiver must + specify a RCV.WND that keeps RCV.NXT+RCV.WND constant + as RCV.NXT increases. Thus, the total buffer space + RCV.BUFF is generally divided into three parts: + + + +Internet Engineering Task Force [Page 97] + + + + +RFC1122 TRANSPORT LAYER -- TCP October 1989 + + + + |<------- RCV.BUFF ---------------->| + 1 2 3 + ----|---------|------------------|------|---- + RCV.NXT ^ + (Fixed) + + 1 - RCV.USER = data received but not yet consumed; + 2 - RCV.WND = space advertised to sender; + 3 - Reduction = space available but not yet + advertised. + + + The suggested SWS avoidance algorithm for the receiver + is to keep RCV.NXT+RCV.WND fixed until the reduction + satisfies: + + RCV.BUFF - RCV.USER - RCV.WND >= + + min( Fr * RCV.BUFF, Eff.snd.MSS ) + + where Fr is a fraction whose recommended value is 1/2, + and Eff.snd.MSS is the effective send MSS for the + connection (see Section 4.2.2.6). When the inequality + is satisfied, RCV.WND is set to RCV.BUFF-RCV.USER. + + Note that the general effect of this algorithm is to + advance RCV.WND in increments of Eff.snd.MSS (for + realistic receive buffers: Eff.snd.MSS < RCV.BUFF/2). + Note also that the receiver must use its own + Eff.snd.MSS, assuming it is the same as the sender's. + + 4.2.3.4 When to Send Data + + A TCP MUST include a SWS avoidance algorithm in the sender. + + A TCP SHOULD implement the Nagle Algorithm [TCP:9] to + coalesce short segments. However, there MUST be a way for + an application to disable the Nagle algorithm on an + individual connection. In all cases, sending data is also + subject to the limitation imposed by the Slow Start + algorithm (Section 4.2.2.15). + + DISCUSSION: + The Nagle algorithm is generally as follows: + + If there is unacknowledged data (i.e., SND.NXT > + SND.UNA), then the sending TCP buffers all user + + + +Internet Engineering Task Force [Page 98] + + + + +RFC1122 TRANSPORT LAYER -- TCP October 1989 + + + data (regardless of the PSH bit), until the + outstanding data has been acknowledged or until + the TCP can send a full-sized segment (Eff.snd.MSS + bytes; see Section 4.2.2.6). + + Some applications (e.g., real-time display window + updates) require that the Nagle algorithm be turned + off, so small data segments can be streamed out at the + maximum rate. + + IMPLEMENTATION: + The sender's SWS avoidance algorithm is more difficult + than the receivers's, because the sender does not know + (directly) the receiver's total buffer space RCV.BUFF. + An approach which has been found to work well is for + the sender to calculate Max(SND.WND), the maximum send + window it has seen so far on the connection, and to use + this value as an estimate of RCV.BUFF. Unfortunately, + this can only be an estimate; the receiver may at any + time reduce the size of RCV.BUFF. To avoid a resulting + deadlock, it is necessary to have a timeout to force + transmission of data, overriding the SWS avoidance + algorithm. In practice, this timeout should seldom + occur. + + The "useable window" [TCP:5] is: + + U = SND.UNA + SND.WND - SND.NXT + + i.e., the offered window less the amount of data sent + but not acknowledged. If D is the amount of data + queued in the sending TCP but not yet sent, then the + following set of rules is recommended. + + Send data: + + (1) if a maximum-sized segment can be sent, i.e, if: + + min(D,U) >= Eff.snd.MSS; + + + (2) or if the data is pushed and all queued data can + be sent now, i.e., if: + + [SND.NXT = SND.UNA and] PUSHED and D <= U + + (the bracketed condition is imposed by the Nagle + algorithm); + + + +Internet Engineering Task Force [Page 99] + + + + +RFC1122 TRANSPORT LAYER -- TCP October 1989 + + + (3) or if at least a fraction Fs of the maximum window + can be sent, i.e., if: + + [SND.NXT = SND.UNA and] + + min(D.U) >= Fs * Max(SND.WND); + + + (4) or if data is PUSHed and the override timeout + occurs. + + Here Fs is a fraction whose recommended value is 1/2. + The override timeout should be in the range 0.1 - 1.0 + seconds. It may be convenient to combine this timer + with the timer used to probe zero windows (Section + 4.2.2.17). + + Finally, note that the SWS avoidance algorithm just + specified is to be used instead of the sender-side + algorithm contained in [TCP:5]. + + 4.2.3.5 TCP Connection Failures + + Excessive retransmission of the same segment by TCP + indicates some failure of the remote host or the Internet + path. This failure may be of short or long duration. The + following procedure MUST be used to handle excessive + retransmissions of data segments [IP:11]: + + (a) There are two thresholds R1 and R2 measuring the amount + of retransmission that has occurred for the same + segment. R1 and R2 might be measured in time units or + as a count of retransmissions. + + (b) When the number of transmissions of the same segment + reaches or exceeds threshold R1, pass negative advice + (see Section 3.3.1.4) to the IP layer, to trigger + dead-gateway diagnosis. + + (c) When the number of transmissions of the same segment + reaches a threshold R2 greater than R1, close the + connection. + + (d) An application MUST be able to set the value for R2 for + a particular connection. For example, an interactive + application might set R2 to "infinity," giving the user + control over when to disconnect. + + + + +Internet Engineering Task Force [Page 100] + + + + +RFC1122 TRANSPORT LAYER -- TCP October 1989 + + + (d) TCP SHOULD inform the application of the delivery + problem (unless such information has been disabled by + the application; see Section 4.2.4.1), when R1 is + reached and before R2. This will allow a remote login + (User Telnet) application program to inform the user, + for example. + + The value of R1 SHOULD correspond to at least 3 + retransmissions, at the current RTO. The value of R2 SHOULD + correspond to at least 100 seconds. + + An attempt to open a TCP connection could fail with + excessive retransmissions of the SYN segment or by receipt + of a RST segment or an ICMP Port Unreachable. SYN + retransmissions MUST be handled in the general way just + described for data retransmissions, including notification + of the application layer. + + However, the values of R1 and R2 may be different for SYN + and data segments. In particular, R2 for a SYN segment MUST + be set large enough to provide retransmission of the segment + for at least 3 minutes. The application can close the + connection (i.e., give up on the open attempt) sooner, of + course. + + DISCUSSION: + Some Internet paths have significant setup times, and + the number of such paths is likely to increase in the + future. + + 4.2.3.6 TCP Keep-Alives + + Implementors MAY include "keep-alives" in their TCP + implementations, although this practice is not universally + accepted. If keep-alives are included, the application MUST + be able to turn them on or off for each TCP connection, and + they MUST default to off. + + Keep-alive packets MUST only be sent when no data or + acknowledgement packets have been received for the + connection within an interval. This interval MUST be + configurable and MUST default to no less than two hours. + + It is extremely important to remember that ACK segments that + contain no data are not reliably transmitted by TCP. + Consequently, if a keep-alive mechanism is implemented it + MUST NOT interpret failure to respond to any specific probe + as a dead connection. + + + +Internet Engineering Task Force [Page 101] + + + + +RFC1122 TRANSPORT LAYER -- TCP October 1989 + + + An implementation SHOULD send a keep-alive segment with no + data; however, it MAY be configurable to send a keep-alive + segment containing one garbage octet, for compatibility with + erroneous TCP implementations. + + DISCUSSION: + A "keep-alive" mechanism periodically probes the other + end of a connection when the connection is otherwise + idle, even when there is no data to be sent. The TCP + specification does not include a keep-alive mechanism + because it could: (1) cause perfectly good connections + to break during transient Internet failures; (2) + consume unnecessary bandwidth ("if no one is using the + connection, who cares if it is still good?"); and (3) + cost money for an Internet path that charges for + packets. + + Some TCP implementations, however, have included a + keep-alive mechanism. To confirm that an idle + connection is still active, these implementations send + a probe segment designed to elicit a response from the + peer TCP. Such a segment generally contains SEG.SEQ = + SND.NXT-1 and may or may not contain one garbage octet + of data. Note that on a quiet connection SND.NXT = + RCV.NXT, so that this SEG.SEQ will be outside the + window. Therefore, the probe causes the receiver to + return an acknowledgment segment, confirming that the + connection is still live. If the peer has dropped the + connection due to a network partition or a crash, it + will respond with a RST instead of an acknowledgment + segment. + + Unfortunately, some misbehaved TCP implementations fail + to respond to a segment with SEG.SEQ = SND.NXT-1 unless + the segment contains data. Alternatively, an + implementation could determine whether a peer responded + correctly to keep-alive packets with no garbage data + octet. + + A TCP keep-alive mechanism should only be invoked in + server applications that might otherwise hang + indefinitely and consume resources unnecessarily if a + client crashes or aborts a connection during a network + failure. + + + + + + + +Internet Engineering Task Force [Page 102] + + + + +RFC1122 TRANSPORT LAYER -- TCP October 1989 + + + 4.2.3.7 TCP Multihoming + + If an application on a multihomed host does not specify the + local IP address when actively opening a TCP connection, + then the TCP MUST ask the IP layer to select a local IP + address before sending the (first) SYN. See the function + GET_SRCADDR() in Section 3.4. + + At all other times, a previous segment has either been sent + or received on this connection, and TCP MUST use the same + local address is used that was used in those previous + segments. + + 4.2.3.8 IP Options + + When received options are passed up to TCP from the IP + layer, TCP MUST ignore options that it does not understand. + + A TCP MAY support the Time Stamp and Record Route options. + + An application MUST be able to specify a source route when + it actively opens a TCP connection, and this MUST take + precedence over a source route received in a datagram. + + When a TCP connection is OPENed passively and a packet + arrives with a completed IP Source Route option (containing + a return route), TCP MUST save the return route and use it + for all segments sent on this connection. If a different + source route arrives in a later segment, the later + definition SHOULD override the earlier one. + + 4.2.3.9 ICMP Messages + + TCP MUST act on an ICMP error message passed up from the IP + layer, directing it to the connection that created the + error. The necessary demultiplexing information can be + found in the IP header contained within the ICMP message. + + o Source Quench + + TCP MUST react to a Source Quench by slowing + transmission on the connection. The RECOMMENDED + procedure is for a Source Quench to trigger a "slow + start," as if a retransmission timeout had occurred. + + o Destination Unreachable -- codes 0, 1, 5 + + Since these Unreachable messages indicate soft error + + + +Internet Engineering Task Force [Page 103] + + + + +RFC1122 TRANSPORT LAYER -- TCP October 1989 + + + conditions, TCP MUST NOT abort the connection, and it + SHOULD make the information available to the + application. + + DISCUSSION: + TCP could report the soft error condition directly + to the application layer with an upcall to the + ERROR_REPORT routine, or it could merely note the + message and report it to the application only when + and if the TCP connection times out. + + o Destination Unreachable -- codes 2-4 + + These are hard error conditions, so TCP SHOULD abort + the connection. + + o Time Exceeded -- codes 0, 1 + + This should be handled the same way as Destination + Unreachable codes 0, 1, 5 (see above). + + o Parameter Problem + + This should be handled the same way as Destination + Unreachable codes 0, 1, 5 (see above). + + + 4.2.3.10 Remote Address Validation + + A TCP implementation MUST reject as an error a local OPEN + call for an invalid remote IP address (e.g., a broadcast or + multicast address). + + An incoming SYN with an invalid source address must be + ignored either by TCP or by the IP layer (see Section + 3.2.1.3). + + A TCP implementation MUST silently discard an incoming SYN + segment that is addressed to a broadcast or multicast + address. + + 4.2.3.11 TCP Traffic Patterns + + IMPLEMENTATION: + The TCP protocol specification [TCP:1] gives the + implementor much freedom in designing the algorithms + that control the message flow over the connection -- + packetizing, managing the window, sending + + + +Internet Engineering Task Force [Page 104] + + + + +RFC1122 TRANSPORT LAYER -- TCP October 1989 + + + acknowledgments, etc. These design decisions are + difficult because a TCP must adapt to a wide range of + traffic patterns. Experience has shown that a TCP + implementor needs to verify the design on two extreme + traffic patterns: + + o Single-character Segments + + Even if the sender is using the Nagle Algorithm, + when a TCP connection carries remote login traffic + across a low-delay LAN the receiver will generally + get a stream of single-character segments. If + remote terminal echo mode is in effect, the + receiver's system will generally echo each + character as it is received. + + o Bulk Transfer + + When TCP is used for bulk transfer, the data + stream should be made up (almost) entirely of + segments of the size of the effective MSS. + Although TCP uses a sequence number space with + byte (octet) granularity, in bulk-transfer mode + its operation should be as if TCP used a sequence + space that counted only segments. + + Experience has furthermore shown that a single TCP can + effectively and efficiently handle these two extremes. + + The most important tool for verifying a new TCP + implementation is a packet trace program. There is a + large volume of experience showing the importance of + tracing a variety of traffic patterns with other TCP + implementations and studying the results carefully. + + + 4.2.3.12 Efficiency + + IMPLEMENTATION: + Extensive experience has led to the following + suggestions for efficient implementation of TCP: + + (a) Don't Copy Data + + In bulk data transfer, the primary CPU-intensive + tasks are copying data from one place to another + and checksumming the data. It is vital to + minimize the number of copies of TCP data. Since + + + +Internet Engineering Task Force [Page 105] + + + + +RFC1122 TRANSPORT LAYER -- TCP October 1989 + + + the ultimate speed limitation may be fetching data + across the memory bus, it may be useful to combine + the copy with checksumming, doing both with a + single memory fetch. + + (b) Hand-Craft the Checksum Routine + + A good TCP checksumming routine is typically two + to five times faster than a simple and direct + implementation of the definition. Great care and + clever coding are often required and advisable to + make the checksumming code "blazing fast". See + [TCP:10]. + + (c) Code for the Common Case + + TCP protocol processing can be complicated, but + for most segments there are only a few simple + decisions to be made. Per-segment processing will + be greatly speeded up by coding the main line to + minimize the number of decisions in the most + common case. + + + 4.2.4 TCP/APPLICATION LAYER INTERFACE + + 4.2.4.1 Asynchronous Reports + + There MUST be a mechanism for reporting soft TCP error + conditions to the application. Generically, we assume this + takes the form of an application-supplied ERROR_REPORT + routine that may be upcalled [INTRO:7] asynchronously from + the transport layer: + + ERROR_REPORT(local connection name, reason, subreason) + + The precise encoding of the reason and subreason parameters + is not specified here. However, the conditions that are + reported asynchronously to the application MUST include: + + * ICMP error message arrived (see 4.2.3.9) + + * Excessive retransmissions (see 4.2.3.5) + + * Urgent pointer advance (see 4.2.2.4). + + However, an application program that does not want to + receive such ERROR_REPORT calls SHOULD be able to + + + +Internet Engineering Task Force [Page 106] + + + + +RFC1122 TRANSPORT LAYER -- TCP October 1989 + + + effectively disable these calls. + + DISCUSSION: + These error reports generally reflect soft errors that + can be ignored without harm by many applications. It + has been suggested that these error report calls should + default to "disabled," but this is not required. + + 4.2.4.2 Type-of-Service + + The application layer MUST be able to specify the Type-of- + Service (TOS) for segments that are sent on a connection. + It not required, but the application SHOULD be able to + change the TOS during the connection lifetime. TCP SHOULD + pass the current TOS value without change to the IP layer, + when it sends segments on the connection. + + The TOS will be specified independently in each direction on + the connection, so that the receiver application will + specify the TOS used for ACK segments. + + TCP MAY pass the most recently received TOS up to the + application. + + DISCUSSION + Some applications (e.g., SMTP) change the nature of + their communication during the lifetime of a + connection, and therefore would like to change the TOS + specification. + + Note also that the OPEN call specified in RFC-793 + includes a parameter ("options") in which the caller + can specify IP options such as source route, record + route, or timestamp. + + 4.2.4.3 Flush Call + + Some TCP implementations have included a FLUSH call, which + will empty the TCP send queue of any data for which the user + has issued SEND calls but which is still to the right of the + current send window. That is, it flushes as much queued + send data as possible without losing sequence number + synchronization. This is useful for implementing the "abort + output" function of Telnet. + + + + + + + +Internet Engineering Task Force [Page 107] + + + + +RFC1122 TRANSPORT LAYER -- TCP October 1989 + + + 4.2.4.4 Multihoming + + The user interface outlined in sections 2.7 and 3.8 of RFC- + 793 needs to be extended for multihoming. The OPEN call + MUST have an optional parameter: + + OPEN( ... [local IP address,] ... ) + + to allow the specification of the local IP address. + + DISCUSSION: + Some TCP-based applications need to specify the local + IP address to be used to open a particular connection; + FTP is an example. + + IMPLEMENTATION: + A passive OPEN call with a specified "local IP address" + parameter will await an incoming connection request to + that address. If the parameter is unspecified, a + passive OPEN will await an incoming connection request + to any local IP address, and then bind the local IP + address of the connection to the particular address + that is used. + + For an active OPEN call, a specified "local IP address" + parameter will be used for opening the connection. If + the parameter is unspecified, the networking software + will choose an appropriate local IP address (see + Section 3.3.4.2) for the connection + + 4.2.5 TCP REQUIREMENT SUMMARY + + | | | | |S| | + | | | | |H| |F + | | | | |O|M|o + | | |S| |U|U|o + | | |H| |L|S|t + | |M|O| |D|T|n + | |U|U|M| | |o + | |S|L|A|N|N|t + | |T|D|Y|O|O|t +FEATURE |SECTION | | | |T|T|e +-------------------------------------------------|--------|-|-|-|-|-|-- + | | | | | | | +Push flag | | | | | | | + Aggregate or queue un-pushed data |4.2.2.2 | | |x| | | + Sender collapse successive PSH flags |4.2.2.2 | |x| | | | + SEND call can specify PUSH |4.2.2.2 | | |x| | | + + + +Internet Engineering Task Force [Page 108] + + + + +RFC1122 TRANSPORT LAYER -- TCP October 1989 + + + If cannot: sender buffer indefinitely |4.2.2.2 | | | | |x| + If cannot: PSH last segment |4.2.2.2 |x| | | | | + Notify receiving ALP of PSH |4.2.2.2 | | |x| | |1 + Send max size segment when possible |4.2.2.2 | |x| | | | + | | | | | | | +Window | | | | | | | + Treat as unsigned number |4.2.2.3 |x| | | | | + Handle as 32-bit number |4.2.2.3 | |x| | | | + Shrink window from right |4.2.2.16| | | |x| | + Robust against shrinking window |4.2.2.16|x| | | | | + Receiver's window closed indefinitely |4.2.2.17| | |x| | | + Sender probe zero window |4.2.2.17|x| | | | | + First probe after RTO |4.2.2.17| |x| | | | + Exponential backoff |4.2.2.17| |x| | | | + Allow window stay zero indefinitely |4.2.2.17|x| | | | | + Sender timeout OK conn with zero wind |4.2.2.17| | | | |x| + | | | | | | | +Urgent Data | | | | | | | + Pointer points to last octet |4.2.2.4 |x| | | | | + Arbitrary length urgent data sequence |4.2.2.4 |x| | | | | + Inform ALP asynchronously of urgent data |4.2.2.4 |x| | | | |1 + ALP can learn if/how much urgent data Q'd |4.2.2.4 |x| | | | |1 + | | | | | | | +TCP Options | | | | | | | + Receive TCP option in any segment |4.2.2.5 |x| | | | | + Ignore unsupported options |4.2.2.5 |x| | | | | + Cope with illegal option length |4.2.2.5 |x| | | | | + Implement sending & receiving MSS option |4.2.2.6 |x| | | | | + Send MSS option unless 536 |4.2.2.6 | |x| | | | + Send MSS option always |4.2.2.6 | | |x| | | + Send-MSS default is 536 |4.2.2.6 |x| | | | | + Calculate effective send seg size |4.2.2.6 |x| | | | | + | | | | | | | +TCP Checksums | | | | | | | + Sender compute checksum |4.2.2.7 |x| | | | | + Receiver check checksum |4.2.2.7 |x| | | | | + | | | | | | | +Use clock-driven ISN selection |4.2.2.9 |x| | | | | + | | | | | | | +Opening Connections | | | | | | | + Support simultaneous open attempts |4.2.2.10|x| | | | | + SYN-RCVD remembers last state |4.2.2.11|x| | | | | + Passive Open call interfere with others |4.2.2.18| | | | |x| + Function: simultan. LISTENs for same port |4.2.2.18|x| | | | | + Ask IP for src address for SYN if necc. |4.2.3.7 |x| | | | | + Otherwise, use local addr of conn. |4.2.3.7 |x| | | | | + OPEN to broadcast/multicast IP Address |4.2.3.14| | | | |x| + Silently discard seg to bcast/mcast addr |4.2.3.14|x| | | | | + + + +Internet Engineering Task Force [Page 109] + + + + +RFC1122 TRANSPORT LAYER -- TCP October 1989 + + + | | | | | | | +Closing Connections | | | | | | | + RST can contain data |4.2.2.12| |x| | | | + Inform application of aborted conn |4.2.2.13|x| | | | | + Half-duplex close connections |4.2.2.13| | |x| | | + Send RST to indicate data lost |4.2.2.13| |x| | | | + In TIME-WAIT state for 2xMSL seconds |4.2.2.13|x| | | | | + Accept SYN from TIME-WAIT state |4.2.2.13| | |x| | | + | | | | | | | +Retransmissions | | | | | | | + Jacobson Slow Start algorithm |4.2.2.15|x| | | | | + Jacobson Congestion-Avoidance algorithm |4.2.2.15|x| | | | | + Retransmit with same IP ident |4.2.2.15| | |x| | | + Karn's algorithm |4.2.3.1 |x| | | | | + Jacobson's RTO estimation alg. |4.2.3.1 |x| | | | | + Exponential backoff |4.2.3.1 |x| | | | | + SYN RTO calc same as data |4.2.3.1 | |x| | | | + Recommended initial values and bounds |4.2.3.1 | |x| | | | + | | | | | | | +Generating ACK's: | | | | | | | + Queue out-of-order segments |4.2.2.20| |x| | | | + Process all Q'd before send ACK |4.2.2.20|x| | | | | + Send ACK for out-of-order segment |4.2.2.21| | |x| | | + Delayed ACK's |4.2.3.2 | |x| | | | + Delay < 0.5 seconds |4.2.3.2 |x| | | | | + Every 2nd full-sized segment ACK'd |4.2.3.2 |x| | | | | + Receiver SWS-Avoidance Algorithm |4.2.3.3 |x| | | | | + | | | | | | | +Sending data | | | | | | | + Configurable TTL |4.2.2.19|x| | | | | + Sender SWS-Avoidance Algorithm |4.2.3.4 |x| | | | | + Nagle algorithm |4.2.3.4 | |x| | | | + Application can disable Nagle algorithm |4.2.3.4 |x| | | | | + | | | | | | | +Connection Failures: | | | | | | | + Negative advice to IP on R1 retxs |4.2.3.5 |x| | | | | + Close connection on R2 retxs |4.2.3.5 |x| | | | | + ALP can set R2 |4.2.3.5 |x| | | | |1 + Inform ALP of R1<=retxs<R2 |4.2.3.5 | |x| | | |1 + Recommended values for R1, R2 |4.2.3.5 | |x| | | | + Same mechanism for SYNs |4.2.3.5 |x| | | | | + R2 at least 3 minutes for SYN |4.2.3.5 |x| | | | | + | | | | | | | +Send Keep-alive Packets: |4.2.3.6 | | |x| | | + - Application can request |4.2.3.6 |x| | | | | + - Default is "off" |4.2.3.6 |x| | | | | + - Only send if idle for interval |4.2.3.6 |x| | | | | + - Interval configurable |4.2.3.6 |x| | | | | + + + +Internet Engineering Task Force [Page 110] + + + + +RFC1122 TRANSPORT LAYER -- TCP October 1989 + + + - Default at least 2 hrs. |4.2.3.6 |x| | | | | + - Tolerant of lost ACK's |4.2.3.6 |x| | | | | + | | | | | | | +IP Options | | | | | | | + Ignore options TCP doesn't understand |4.2.3.8 |x| | | | | + Time Stamp support |4.2.3.8 | | |x| | | + Record Route support |4.2.3.8 | | |x| | | + Source Route: | | | | | | | + ALP can specify |4.2.3.8 |x| | | | |1 + Overrides src rt in datagram |4.2.3.8 |x| | | | | + Build return route from src rt |4.2.3.8 |x| | | | | + Later src route overrides |4.2.3.8 | |x| | | | + | | | | | | | +Receiving ICMP Messages from IP |4.2.3.9 |x| | | | | + Dest. Unreach (0,1,5) => inform ALP |4.2.3.9 | |x| | | | + Dest. Unreach (0,1,5) => abort conn |4.2.3.9 | | | | |x| + Dest. Unreach (2-4) => abort conn |4.2.3.9 | |x| | | | + Source Quench => slow start |4.2.3.9 | |x| | | | + Time Exceeded => tell ALP, don't abort |4.2.3.9 | |x| | | | + Param Problem => tell ALP, don't abort |4.2.3.9 | |x| | | | + | | | | | | | +Address Validation | | | | | | | + Reject OPEN call to invalid IP address |4.2.3.10|x| | | | | + Reject SYN from invalid IP address |4.2.3.10|x| | | | | + Silently discard SYN to bcast/mcast addr |4.2.3.10|x| | | | | + | | | | | | | +TCP/ALP Interface Services | | | | | | | + Error Report mechanism |4.2.4.1 |x| | | | | + ALP can disable Error Report Routine |4.2.4.1 | |x| | | | + ALP can specify TOS for sending |4.2.4.2 |x| | | | | + Passed unchanged to IP |4.2.4.2 | |x| | | | + ALP can change TOS during connection |4.2.4.2 | |x| | | | + Pass received TOS up to ALP |4.2.4.2 | | |x| | | + FLUSH call |4.2.4.3 | | |x| | | + Optional local IP addr parm. in OPEN |4.2.4.4 |x| | | | | +-------------------------------------------------|--------|-|-|-|-|-|-- +-------------------------------------------------|--------|-|-|-|-|-|-- + +FOOTNOTES: + +(1) "ALP" means Application-Layer program. + + + + + + + + + + +Internet Engineering Task Force [Page 111] + + + + +RFC1122 TRANSPORT LAYER -- TCP October 1989 + + +5. REFERENCES + +INTRODUCTORY REFERENCES + + +[INTRO:1] "Requirements for Internet Hosts -- Application and Support," + IETF Host Requirements Working Group, R. Braden, Ed., RFC-1123, + October 1989. + +[INTRO:2] "Requirements for Internet Gateways," R. Braden and J. + Postel, RFC-1009, June 1987. + +[INTRO:3] "DDN Protocol Handbook," NIC-50004, NIC-50005, NIC-50006, + (three volumes), SRI International, December 1985. + +[INTRO:4] "Official Internet Protocols," J. Reynolds and J. Postel, + RFC-1011, May 1987. + + This document is republished periodically with new RFC numbers; the + latest version must be used. + +[INTRO:5] "Protocol Document Order Information," O. Jacobsen and J. + Postel, RFC-980, March 1986. + +[INTRO:6] "Assigned Numbers," J. Reynolds and J. Postel, RFC-1010, May + 1987. + + This document is republished periodically with new RFC numbers; the + latest version must be used. + +[INTRO:7] "Modularity and Efficiency in Protocol Implementations," D. + Clark, RFC-817, July 1982. + +[INTRO:8] "The Structuring of Systems Using Upcalls," D. Clark, 10th ACM + SOSP, Orcas Island, Washington, December 1985. + + +Secondary References: + + +[INTRO:9] "A Protocol for Packet Network Intercommunication," V. Cerf + and R. Kahn, IEEE Transactions on Communication, May 1974. + +[INTRO:10] "The ARPA Internet Protocol," J. Postel, C. Sunshine, and D. + Cohen, Computer Networks, Vol. 5, No. 4, July 1981. + +[INTRO:11] "The DARPA Internet Protocol Suite," B. Leiner, J. Postel, + R. Cole and D. Mills, Proceedings INFOCOM 85, IEEE, Washington DC, + + + +Internet Engineering Task Force [Page 112] + + + + +RFC1122 TRANSPORT LAYER -- TCP October 1989 + + + March 1985. Also in: IEEE Communications Magazine, March 1985. + Also available as ISI-RS-85-153. + +[INTRO:12] "Final Text of DIS8473, Protocol for Providing the + Connectionless Mode Network Service," ANSI, published as RFC-994, + March 1986. + +[INTRO:13] "End System to Intermediate System Routing Exchange + Protocol," ANSI X3S3.3, published as RFC-995, April 1986. + + +LINK LAYER REFERENCES + + +[LINK:1] "Trailer Encapsulations," S. Leffler and M. Karels, RFC-893, + April 1984. + +[LINK:2] "An Ethernet Address Resolution Protocol," D. Plummer, RFC-826, + November 1982. + +[LINK:3] "A Standard for the Transmission of IP Datagrams over Ethernet + Networks," C. Hornig, RFC-894, April 1984. + +[LINK:4] "A Standard for the Transmission of IP Datagrams over IEEE 802 + "Networks," J. Postel and J. Reynolds, RFC-1042, February 1988. + + This RFC contains a great deal of information of importance to + Internet implementers planning to use IEEE 802 networks. + + +IP LAYER REFERENCES + + +[IP:1] "Internet Protocol (IP)," J. Postel, RFC-791, September 1981. + +[IP:2] "Internet Control Message Protocol (ICMP)," J. Postel, RFC-792, + September 1981. + +[IP:3] "Internet Standard Subnetting Procedure," J. Mogul and J. Postel, + RFC-950, August 1985. + +[IP:4] "Host Extensions for IP Multicasting," S. Deering, RFC-1112, + August 1989. + +[IP:5] "Military Standard Internet Protocol," MIL-STD-1777, Department + of Defense, August 1983. + + This specification, as amended by RFC-963, is intended to describe + + + +Internet Engineering Task Force [Page 113] + + + + +RFC1122 TRANSPORT LAYER -- TCP October 1989 + + + the Internet Protocol but has some serious omissions (e.g., the + mandatory subnet extension [IP:3] and the optional multicasting + extension [IP:4]). It is also out of date. If there is a + conflict, RFC-791, RFC-792, and RFC-950 must be taken as + authoritative, while the present document is authoritative over + all. + +[IP:6] "Some Problems with the Specification of the Military Standard + Internet Protocol," D. Sidhu, RFC-963, November 1985. + +[IP:7] "The TCP Maximum Segment Size and Related Topics," J. Postel, + RFC-879, November 1983. + + Discusses and clarifies the relationship between the TCP Maximum + Segment Size option and the IP datagram size. + +[IP:8] "Internet Protocol Security Options," B. Schofield, RFC-1108, + October 1989. + +[IP:9] "Fragmentation Considered Harmful," C. Kent and J. Mogul, ACM + SIGCOMM-87, August 1987. Published as ACM Comp Comm Review, Vol. + 17, no. 5. + + This useful paper discusses the problems created by Internet + fragmentation and presents alternative solutions. + +[IP:10] "IP Datagram Reassembly Algorithms," D. Clark, RFC-815, July + 1982. + + This and the following paper should be read by every implementor. + +[IP:11] "Fault Isolation and Recovery," D. Clark, RFC-816, July 1982. + +SECONDARY IP REFERENCES: + + +[IP:12] "Broadcasting Internet Datagrams in the Presence of Subnets," J. + Mogul, RFC-922, October 1984. + +[IP:13] "Name, Addresses, Ports, and Routes," D. Clark, RFC-814, July + 1982. + +[IP:14] "Something a Host Could Do with Source Quench: The Source Quench + Introduced Delay (SQUID)," W. Prue and J. Postel, RFC-1016, July + 1987. + + This RFC first described directed broadcast addresses. However, + the bulk of the RFC is concerned with gateways, not hosts. + + + +Internet Engineering Task Force [Page 114] + + + + +RFC1122 TRANSPORT LAYER -- TCP October 1989 + + +UDP REFERENCES: + + +[UDP:1] "User Datagram Protocol," J. Postel, RFC-768, August 1980. + + +TCP REFERENCES: + + +[TCP:1] "Transmission Control Protocol," J. Postel, RFC-793, September + 1981. + + +[TCP:2] "Transmission Control Protocol," MIL-STD-1778, US Department of + Defense, August 1984. + + This specification as amended by RFC-964 is intended to describe + the same protocol as RFC-793 [TCP:1]. If there is a conflict, + RFC-793 takes precedence, and the present document is authoritative + over both. + + +[TCP:3] "Some Problems with the Specification of the Military Standard + Transmission Control Protocol," D. Sidhu and T. Blumer, RFC-964, + November 1985. + + +[TCP:4] "The TCP Maximum Segment Size and Related Topics," J. Postel, + RFC-879, November 1983. + + +[TCP:5] "Window and Acknowledgment Strategy in TCP," D. Clark, RFC-813, + July 1982. + + +[TCP:6] "Round Trip Time Estimation," P. Karn & C. Partridge, ACM + SIGCOMM-87, August 1987. + + +[TCP:7] "Congestion Avoidance and Control," V. Jacobson, ACM SIGCOMM-88, + August 1988. + + +SECONDARY TCP REFERENCES: + + +[TCP:8] "Modularity and Efficiency in Protocol Implementation," D. + Clark, RFC-817, July 1982. + + + +Internet Engineering Task Force [Page 115] + + + + +RFC1122 TRANSPORT LAYER -- TCP October 1989 + + +[TCP:9] "Congestion Control in IP/TCP," J. Nagle, RFC-896, January 1984. + + +[TCP:10] "Computing the Internet Checksum," R. Braden, D. Borman, and C. + Partridge, RFC-1071, September 1988. + + +[TCP:11] "TCP Extensions for Long-Delay Paths," V. Jacobson & R. Braden, + RFC-1072, October 1988. + + +Security Considerations + + There are many security issues in the communication layers of host + software, but a full discussion is beyond the scope of this RFC. + + The Internet architecture generally provides little protection + against spoofing of IP source addresses, so any security mechanism + that is based upon verifying the IP source address of a datagram + should be treated with suspicion. However, in restricted + environments some source-address checking may be possible. For + example, there might be a secure LAN whose gateway to the rest of the + Internet discarded any incoming datagram with a source address that + spoofed the LAN address. In this case, a host on the LAN could use + the source address to test for local vs. remote source. This problem + is complicated by source routing, and some have suggested that + source-routed datagram forwarding by hosts (see Section 3.3.5) should + be outlawed for security reasons. + + Security-related issues are mentioned in sections concerning the IP + Security option (Section 3.2.1.8), the ICMP Parameter Problem message + (Section 3.2.2.5), IP options in UDP datagrams (Section 4.1.3.2), and + reserved TCP ports (Section 4.2.2.1). + +Author's Address + + Robert Braden + USC/Information Sciences Institute + 4676 Admiralty Way + Marina del Rey, CA 90292-6695 + + Phone: (213) 822 1511 + + EMail: Braden@ISI.EDU + + + + + + + +Internet Engineering Task Force [Page 116] + diff --git a/usr.sbin/named/doc/rfc/rfc1123 b/usr.sbin/named/doc/rfc/rfc1123 new file mode 100644 index 00000000000..51cdf83c984 --- /dev/null +++ b/usr.sbin/named/doc/rfc/rfc1123 @@ -0,0 +1,5782 @@ + + + + + + +Network Working Group Internet Engineering Task Force +Request for Comments: 1123 R. Braden, Editor + October 1989 + + + Requirements for Internet Hosts -- Application and Support + +Status of This Memo + + This RFC is an official specification for the Internet community. It + incorporates by reference, amends, corrects, and supplements the + primary protocol standards documents relating to hosts. Distribution + of this document is unlimited. + +Summary + + This RFC is one of a pair that defines and discusses the requirements + for Internet host software. This RFC covers the application and + support protocols; its companion RFC-1122 covers the communication + protocol layers: link layer, IP layer, and transport layer. + + + + Table of Contents + + + + + 1. INTRODUCTION ............................................... 5 + 1.1 The Internet Architecture .............................. 6 + 1.2 General Considerations ................................. 6 + 1.2.1 Continuing Internet Evolution ..................... 6 + 1.2.2 Robustness Principle .............................. 7 + 1.2.3 Error Logging ..................................... 8 + 1.2.4 Configuration ..................................... 8 + 1.3 Reading this Document .................................. 10 + 1.3.1 Organization ...................................... 10 + 1.3.2 Requirements ...................................... 10 + 1.3.3 Terminology ....................................... 11 + 1.4 Acknowledgments ........................................ 12 + + 2. GENERAL ISSUES ............................................. 13 + 2.1 Host Names and Numbers ................................. 13 + 2.2 Using Domain Name Service .............................. 13 + 2.3 Applications on Multihomed hosts ....................... 14 + 2.4 Type-of-Service ........................................ 14 + 2.5 GENERAL APPLICATION REQUIREMENTS SUMMARY ............... 15 + + + + +Internet Engineering Task Force [Page 1] + + + + +RFC1123 INTRODUCTION October 1989 + + + 3. REMOTE LOGIN -- TELNET PROTOCOL ............................ 16 + 3.1 INTRODUCTION ........................................... 16 + 3.2 PROTOCOL WALK-THROUGH .................................. 16 + 3.2.1 Option Negotiation ................................ 16 + 3.2.2 Telnet Go-Ahead Function .......................... 16 + 3.2.3 Control Functions ................................. 17 + 3.2.4 Telnet "Synch" Signal ............................. 18 + 3.2.5 NVT Printer and Keyboard .......................... 19 + 3.2.6 Telnet Command Structure .......................... 20 + 3.2.7 Telnet Binary Option .............................. 20 + 3.2.8 Telnet Terminal-Type Option ....................... 20 + 3.3 SPECIFIC ISSUES ........................................ 21 + 3.3.1 Telnet End-of-Line Convention ..................... 21 + 3.3.2 Data Entry Terminals .............................. 23 + 3.3.3 Option Requirements ............................... 24 + 3.3.4 Option Initiation ................................. 24 + 3.3.5 Telnet Linemode Option ............................ 25 + 3.4 TELNET/USER INTERFACE .................................. 25 + 3.4.1 Character Set Transparency ........................ 25 + 3.4.2 Telnet Commands ................................... 26 + 3.4.3 TCP Connection Errors ............................. 26 + 3.4.4 Non-Default Telnet Contact Port ................... 26 + 3.4.5 Flushing Output ................................... 26 + 3.5. TELNET REQUIREMENTS SUMMARY ........................... 27 + + 4. FILE TRANSFER .............................................. 29 + 4.1 FILE TRANSFER PROTOCOL -- FTP .......................... 29 + 4.1.1 INTRODUCTION ...................................... 29 + 4.1.2. PROTOCOL WALK-THROUGH ............................ 29 + 4.1.2.1 LOCAL Type ................................... 29 + 4.1.2.2 Telnet Format Control ........................ 30 + 4.1.2.3 Page Structure ............................... 30 + 4.1.2.4 Data Structure Transformations ............... 30 + 4.1.2.5 Data Connection Management ................... 31 + 4.1.2.6 PASV Command ................................. 31 + 4.1.2.7 LIST and NLST Commands ....................... 31 + 4.1.2.8 SITE Command ................................. 32 + 4.1.2.9 STOU Command ................................. 32 + 4.1.2.10 Telnet End-of-line Code ..................... 32 + 4.1.2.11 FTP Replies ................................. 33 + 4.1.2.12 Connections ................................. 34 + 4.1.2.13 Minimum Implementation; RFC-959 Section ..... 34 + 4.1.3 SPECIFIC ISSUES ................................... 35 + 4.1.3.1 Non-standard Command Verbs ................... 35 + 4.1.3.2 Idle Timeout ................................. 36 + 4.1.3.3 Concurrency of Data and Control .............. 36 + 4.1.3.4 FTP Restart Mechanism ........................ 36 + 4.1.4 FTP/USER INTERFACE ................................ 39 + + + +Internet Engineering Task Force [Page 2] + + + + +RFC1123 INTRODUCTION October 1989 + + + 4.1.4.1 Pathname Specification ....................... 39 + 4.1.4.2 "QUOTE" Command .............................. 40 + 4.1.4.3 Displaying Replies to User ................... 40 + 4.1.4.4 Maintaining Synchronization .................. 40 + 4.1.5 FTP REQUIREMENTS SUMMARY ......................... 41 + 4.2 TRIVIAL FILE TRANSFER PROTOCOL -- TFTP ................. 44 + 4.2.1 INTRODUCTION ...................................... 44 + 4.2.2 PROTOCOL WALK-THROUGH ............................. 44 + 4.2.2.1 Transfer Modes ............................... 44 + 4.2.2.2 UDP Header ................................... 44 + 4.2.3 SPECIFIC ISSUES ................................... 44 + 4.2.3.1 Sorcerer's Apprentice Syndrome ............... 44 + 4.2.3.2 Timeout Algorithms ........................... 46 + 4.2.3.3 Extensions ................................... 46 + 4.2.3.4 Access Control ............................... 46 + 4.2.3.5 Broadcast Request ............................ 46 + 4.2.4 TFTP REQUIREMENTS SUMMARY ......................... 47 + + 5. ELECTRONIC MAIL -- SMTP and RFC-822 ........................ 48 + 5.1 INTRODUCTION ........................................... 48 + 5.2 PROTOCOL WALK-THROUGH .................................. 48 + 5.2.1 The SMTP Model .................................... 48 + 5.2.2 Canonicalization .................................. 49 + 5.2.3 VRFY and EXPN Commands ............................ 50 + 5.2.4 SEND, SOML, and SAML Commands ..................... 50 + 5.2.5 HELO Command ...................................... 50 + 5.2.6 Mail Relay ........................................ 51 + 5.2.7 RCPT Command ...................................... 52 + 5.2.8 DATA Command ...................................... 53 + 5.2.9 Command Syntax .................................... 54 + 5.2.10 SMTP Replies ..................................... 54 + 5.2.11 Transparency ..................................... 55 + 5.2.12 WKS Use in MX Processing ......................... 55 + 5.2.13 RFC-822 Message Specification .................... 55 + 5.2.14 RFC-822 Date and Time Specification .............. 55 + 5.2.15 RFC-822 Syntax Change ............................ 56 + 5.2.16 RFC-822 Local-part .............................. 56 + 5.2.17 Domain Literals .................................. 57 + 5.2.18 Common Address Formatting Errors ................. 58 + 5.2.19 Explicit Source Routes ........................... 58 + 5.3 SPECIFIC ISSUES ........................................ 59 + 5.3.1 SMTP Queueing Strategies .......................... 59 + 5.3.1.1 Sending Strategy .............................. 59 + 5.3.1.2 Receiving strategy ........................... 61 + 5.3.2 Timeouts in SMTP .................................. 61 + 5.3.3 Reliable Mail Receipt ............................. 63 + 5.3.4 Reliable Mail Transmission ........................ 63 + 5.3.5 Domain Name Support ............................... 65 + + + +Internet Engineering Task Force [Page 3] + + + + +RFC1123 INTRODUCTION October 1989 + + + 5.3.6 Mailing Lists and Aliases ......................... 65 + 5.3.7 Mail Gatewaying ................................... 66 + 5.3.8 Maximum Message Size .............................. 68 + 5.4 SMTP REQUIREMENTS SUMMARY .............................. 69 + + 6. SUPPORT SERVICES ............................................ 72 + 6.1 DOMAIN NAME TRANSLATION ................................. 72 + 6.1.1 INTRODUCTION ....................................... 72 + 6.1.2 PROTOCOL WALK-THROUGH ............................. 72 + 6.1.2.1 Resource Records with Zero TTL ............... 73 + 6.1.2.2 QCLASS Values ................................ 73 + 6.1.2.3 Unused Fields ................................ 73 + 6.1.2.4 Compression .................................. 73 + 6.1.2.5 Misusing Configuration Info .................. 73 + 6.1.3 SPECIFIC ISSUES ................................... 74 + 6.1.3.1 Resolver Implementation ...................... 74 + 6.1.3.2 Transport Protocols .......................... 75 + 6.1.3.3 Efficient Resource Usage ..................... 77 + 6.1.3.4 Multihomed Hosts ............................. 78 + 6.1.3.5 Extensibility ................................ 79 + 6.1.3.6 Status of RR Types ........................... 79 + 6.1.3.7 Robustness ................................... 80 + 6.1.3.8 Local Host Table ............................. 80 + 6.1.4 DNS USER INTERFACE ................................ 81 + 6.1.4.1 DNS Administration ........................... 81 + 6.1.4.2 DNS User Interface ........................... 81 + 6.1.4.3 Interface Abbreviation Facilities ............. 82 + 6.1.5 DOMAIN NAME SYSTEM REQUIREMENTS SUMMARY ........... 84 + 6.2 HOST INITIALIZATION .................................... 87 + 6.2.1 INTRODUCTION ...................................... 87 + 6.2.2 REQUIREMENTS ...................................... 87 + 6.2.2.1 Dynamic Configuration ........................ 87 + 6.2.2.2 Loading Phase ................................ 89 + 6.3 REMOTE MANAGEMENT ...................................... 90 + 6.3.1 INTRODUCTION ...................................... 90 + 6.3.2 PROTOCOL WALK-THROUGH ............................. 90 + 6.3.3 MANAGEMENT REQUIREMENTS SUMMARY ................... 92 + + 7. REFERENCES ................................................. 93 + + + + + + + + + + + + +Internet Engineering Task Force [Page 4] + + + + +RFC1123 INTRODUCTION October 1989 + + +1. INTRODUCTION + + This document is one of a pair that defines and discusses the + requirements for host system implementations of the Internet protocol + suite. This RFC covers the applications layer and support protocols. + Its companion RFC, "Requirements for Internet Hosts -- Communications + Layers" [INTRO:1] covers the lower layer protocols: transport layer, + IP layer, and link layer. + + These documents are intended to provide guidance for vendors, + implementors, and users of Internet communication software. They + represent the consensus of a large body of technical experience and + wisdom, contributed by members of the Internet research and vendor + communities. + + This RFC enumerates standard protocols that a host connected to the + Internet must use, and it incorporates by reference the RFCs and + other documents describing the current specifications for these + protocols. It corrects errors in the referenced documents and adds + additional discussion and guidance for an implementor. + + For each protocol, this document also contains an explicit set of + requirements, recommendations, and options. The reader must + understand that the list of requirements in this document is + incomplete by itself; the complete set of requirements for an + Internet host is primarily defined in the standard protocol + specification documents, with the corrections, amendments, and + supplements contained in this RFC. + + A good-faith implementation of the protocols that was produced after + careful reading of the RFC's and with some interaction with the + Internet technical community, and that followed good communications + software engineering practices, should differ from the requirements + of this document in only minor ways. Thus, in many cases, the + "requirements" in this RFC are already stated or implied in the + standard protocol documents, so that their inclusion here is, in a + sense, redundant. However, they were included because some past + implementation has made the wrong choice, causing problems of + interoperability, performance, and/or robustness. + + This document includes discussion and explanation of many of the + requirements and recommendations. A simple list of requirements + would be dangerous, because: + + o Some required features are more important than others, and some + features are optional. + + o There may be valid reasons why particular vendor products that + + + +Internet Engineering Task Force [Page 5] + + + + +RFC1123 INTRODUCTION October 1989 + + + are designed for restricted contexts might choose to use + different specifications. + + However, the specifications of this document must be followed to meet + the general goal of arbitrary host interoperation across the + diversity and complexity of the Internet system. Although most + current implementations fail to meet these requirements in various + ways, some minor and some major, this specification is the ideal + towards which we need to move. + + These requirements are based on the current level of Internet + architecture. This document will be updated as required to provide + additional clarifications or to include additional information in + those areas in which specifications are still evolving. + + This introductory section begins with general advice to host software + vendors, and then gives some guidance on reading the rest of the + document. Section 2 contains general requirements that may be + applicable to all application and support protocols. Sections 3, 4, + and 5 contain the requirements on protocols for the three major + applications: Telnet, file transfer, and electronic mail, + respectively. Section 6 covers the support applications: the domain + name system, system initialization, and management. Finally, all + references will be found in Section 7. + + 1.1 The Internet Architecture + + For a brief introduction to the Internet architecture from a host + viewpoint, see Section 1.1 of [INTRO:1]. That section also + contains recommended references for general background on the + Internet architecture. + + 1.2 General Considerations + + There are two important lessons that vendors of Internet host + software have learned and which a new vendor should consider + seriously. + + 1.2.1 Continuing Internet Evolution + + The enormous growth of the Internet has revealed problems of + management and scaling in a large datagram-based packet + communication system. These problems are being addressed, and + as a result there will be continuing evolution of the + specifications described in this document. These changes will + be carefully planned and controlled, since there is extensive + participation in this planning by the vendors and by the + organizations responsible for operations of the networks. + + + +Internet Engineering Task Force [Page 6] + + + + +RFC1123 INTRODUCTION October 1989 + + + Development, evolution, and revision are characteristic of + computer network protocols today, and this situation will + persist for some years. A vendor who develops computer + communication software for the Internet protocol suite (or any + other protocol suite!) and then fails to maintain and update + that software for changing specifications is going to leave a + trail of unhappy customers. The Internet is a large + communication network, and the users are in constant contact + through it. Experience has shown that knowledge of + deficiencies in vendor software propagates quickly through the + Internet technical community. + + 1.2.2 Robustness Principle + + At every layer of the protocols, there is a general rule whose + application can lead to enormous benefits in robustness and + interoperability: + + "Be liberal in what you accept, and + conservative in what you send" + + Software should be written to deal with every conceivable + error, no matter how unlikely; sooner or later a packet will + come in with that particular combination of errors and + attributes, and unless the software is prepared, chaos can + ensue. In general, it is best to assume that the network is + filled with malevolent entities that will send in packets + designed to have the worst possible effect. This assumption + will lead to suitable protective design, although the most + serious problems in the Internet have been caused by + unenvisaged mechanisms triggered by low-probability events; + mere human malice would never have taken so devious a course! + + Adaptability to change must be designed into all levels of + Internet host software. As a simple example, consider a + protocol specification that contains an enumeration of values + for a particular header field -- e.g., a type field, a port + number, or an error code; this enumeration must be assumed to + be incomplete. Thus, if a protocol specification defines four + possible error codes, the software must not break when a fifth + code shows up. An undefined code might be logged (see below), + but it must not cause a failure. + + The second part of the principle is almost as important: + software on other hosts may contain deficiencies that make it + unwise to exploit legal but obscure protocol features. It is + unwise to stray far from the obvious and simple, lest untoward + effects result elsewhere. A corollary of this is "watch out + + + +Internet Engineering Task Force [Page 7] + + + + +RFC1123 INTRODUCTION October 1989 + + + for misbehaving hosts"; host software should be prepared, not + just to survive other misbehaving hosts, but also to cooperate + to limit the amount of disruption such hosts can cause to the + shared communication facility. + + 1.2.3 Error Logging + + The Internet includes a great variety of host and gateway + systems, each implementing many protocols and protocol layers, + and some of these contain bugs and mis-features in their + Internet protocol software. As a result of complexity, + diversity, and distribution of function, the diagnosis of user + problems is often very difficult. + + Problem diagnosis will be aided if host implementations include + a carefully designed facility for logging erroneous or + "strange" protocol events. It is important to include as much + diagnostic information as possible when an error is logged. In + particular, it is often useful to record the header(s) of a + packet that caused an error. However, care must be taken to + ensure that error logging does not consume prohibitive amounts + of resources or otherwise interfere with the operation of the + host. + + There is a tendency for abnormal but harmless protocol events + to overflow error logging files; this can be avoided by using a + "circular" log, or by enabling logging only while diagnosing a + known failure. It may be useful to filter and count duplicate + successive messages. One strategy that seems to work well is: + (1) always count abnormalities and make such counts accessible + through the management protocol (see Section 6.3); and (2) + allow the logging of a great variety of events to be + selectively enabled. For example, it might useful to be able + to "log everything" or to "log everything for host X". + + Note that different managements may have differing policies + about the amount of error logging that they want normally + enabled in a host. Some will say, "if it doesn't hurt me, I + don't want to know about it", while others will want to take a + more watchful and aggressive attitude about detecting and + removing protocol abnormalities. + + 1.2.4 Configuration + + It would be ideal if a host implementation of the Internet + protocol suite could be entirely self-configuring. This would + allow the whole suite to be implemented in ROM or cast into + silicon, it would simplify diskless workstations, and it would + + + +Internet Engineering Task Force [Page 8] + + + + +RFC1123 INTRODUCTION October 1989 + + + be an immense boon to harried LAN administrators as well as + system vendors. We have not reached this ideal; in fact, we + are not even close. + + At many points in this document, you will find a requirement + that a parameter be a configurable option. There are several + different reasons behind such requirements. In a few cases, + there is current uncertainty or disagreement about the best + value, and it may be necessary to update the recommended value + in the future. In other cases, the value really depends on + external factors -- e.g., the size of the host and the + distribution of its communication load, or the speeds and + topology of nearby networks -- and self-tuning algorithms are + unavailable and may be insufficient. In some cases, + configurability is needed because of administrative + requirements. + + Finally, some configuration options are required to communicate + with obsolete or incorrect implementations of the protocols, + distributed without sources, that unfortunately persist in many + parts of the Internet. To make correct systems coexist with + these faulty systems, administrators often have to "mis- + configure" the correct systems. This problem will correct + itself gradually as the faulty systems are retired, but it + cannot be ignored by vendors. + + When we say that a parameter must be configurable, we do not + intend to require that its value be explicitly read from a + configuration file at every boot time. We recommend that + implementors set up a default for each parameter, so a + configuration file is only necessary to override those defaults + that are inappropriate in a particular installation. Thus, the + configurability requirement is an assurance that it will be + POSSIBLE to override the default when necessary, even in a + binary-only or ROM-based product. + + This document requires a particular value for such defaults in + some cases. The choice of default is a sensitive issue when + the configuration item controls the accommodation to existing + faulty systems. If the Internet is to converge successfully to + complete interoperability, the default values built into + implementations must implement the official protocol, not + "mis-configurations" to accommodate faulty implementations. + Although marketing considerations have led some vendors to + choose mis-configuration defaults, we urge vendors to choose + defaults that will conform to the standard. + + Finally, we note that a vendor needs to provide adequate + + + +Internet Engineering Task Force [Page 9] + + + + +RFC1123 INTRODUCTION October 1989 + + + documentation on all configuration parameters, their limits and + effects. + + + 1.3 Reading this Document + + 1.3.1 Organization + + In general, each major section is organized into the following + subsections: + + (1) Introduction + + (2) Protocol Walk-Through -- considers the protocol + specification documents section-by-section, correcting + errors, stating requirements that may be ambiguous or + ill-defined, and providing further clarification or + explanation. + + (3) Specific Issues -- discusses protocol design and + implementation issues that were not included in the walk- + through. + + (4) Interfaces -- discusses the service interface to the next + higher layer. + + (5) Summary -- contains a summary of the requirements of the + section. + + Under many of the individual topics in this document, there is + parenthetical material labeled "DISCUSSION" or + "IMPLEMENTATION". This material is intended to give + clarification and explanation of the preceding requirements + text. It also includes some suggestions on possible future + directions or developments. The implementation material + contains suggested approaches that an implementor may want to + consider. + + The summary sections are intended to be guides and indexes to + the text, but are necessarily cryptic and incomplete. The + summaries should never be used or referenced separately from + the complete RFC. + + 1.3.2 Requirements + + In this document, the words that are used to define the + significance of each particular requirement are capitalized. + These words are: + + + +Internet Engineering Task Force [Page 10] + + + + +RFC1123 INTRODUCTION October 1989 + + + * "MUST" + + This word or the adjective "REQUIRED" means that the item + is an absolute requirement of the specification. + + * "SHOULD" + + This word or the adjective "RECOMMENDED" means that there + may exist valid reasons in particular circumstances to + ignore this item, but the full implications should be + understood and the case carefully weighed before choosing + a different course. + + * "MAY" + + This word or the adjective "OPTIONAL" means that this item + is truly optional. One vendor may choose to include the + item because a particular marketplace requires it or + because it enhances the product, for example; another + vendor may omit the same item. + + + An implementation is not compliant if it fails to satisfy one + or more of the MUST requirements for the protocols it + implements. An implementation that satisfies all the MUST and + all the SHOULD requirements for its protocols is said to be + "unconditionally compliant"; one that satisfies all the MUST + requirements but not all the SHOULD requirements for its + protocols is said to be "conditionally compliant". + + 1.3.3 Terminology + + This document uses the following technical terms: + + Segment + A segment is the unit of end-to-end transmission in the + TCP protocol. A segment consists of a TCP header followed + by application data. A segment is transmitted by + encapsulation in an IP datagram. + + Message + This term is used by some application layer protocols + (particularly SMTP) for an application data unit. + + Datagram + A [UDP] datagram is the unit of end-to-end transmission in + the UDP protocol. + + + + +Internet Engineering Task Force [Page 11] + + + + +RFC1123 INTRODUCTION October 1989 + + + Multihomed + A host is said to be multihomed if it has multiple IP + addresses to connected networks. + + + + 1.4 Acknowledgments + + This document incorporates contributions and comments from a large + group of Internet protocol experts, including representatives of + university and research labs, vendors, and government agencies. + It was assembled primarily by the Host Requirements Working Group + of the Internet Engineering Task Force (IETF). + + The Editor would especially like to acknowledge the tireless + dedication of the following people, who attended many long + meetings and generated 3 million bytes of electronic mail over the + past 18 months in pursuit of this document: Philip Almquist, Dave + Borman (Cray Research), Noel Chiappa, Dave Crocker (DEC), Steve + Deering (Stanford), Mike Karels (Berkeley), Phil Karn (Bellcore), + John Lekashman (NASA), Charles Lynn (BBN), Keith McCloghrie (TWG), + Paul Mockapetris (ISI), Thomas Narten (Purdue), Craig Partridge + (BBN), Drew Perkins (CMU), and James Van Bokkelen (FTP Software). + + In addition, the following people made major contributions to the + effort: Bill Barns (Mitre), Steve Bellovin (AT&T), Mike Brescia + (BBN), Ed Cain (DCA), Annette DeSchon (ISI), Martin Gross (DCA), + Phill Gross (NRI), Charles Hedrick (Rutgers), Van Jacobson (LBL), + John Klensin (MIT), Mark Lottor (SRI), Milo Medin (NASA), Bill + Melohn (Sun Microsystems), Greg Minshall (Kinetics), Jeff Mogul + (DEC), John Mullen (CMC), Jon Postel (ISI), John Romkey (Epilogue + Technology), and Mike StJohns (DCA). The following also made + significant contributions to particular areas: Eric Allman + (Berkeley), Rob Austein (MIT), Art Berggreen (ACC), Keith Bostic + (Berkeley), Vint Cerf (NRI), Wayne Hathaway (NASA), Matt Korn + (IBM), Erik Naggum (Naggum Software, Norway), Robert Ullmann + (Prime Computer), David Waitzman (BBN), Frank Wancho (USA), Arun + Welch (Ohio State), Bill Westfield (Cisco), and Rayan Zachariassen + (Toronto). + + We are grateful to all, including any contributors who may have + been inadvertently omitted from this list. + + + + + + + + + +Internet Engineering Task Force [Page 12] + + + + +RFC1123 APPLICATIONS LAYER -- GENERAL October 1989 + + +2. GENERAL ISSUES + + This section contains general requirements that may be applicable to + all application-layer protocols. + + 2.1 Host Names and Numbers + + The syntax of a legal Internet host name was specified in RFC-952 + [DNS:4]. One aspect of host name syntax is hereby changed: the + restriction on the first character is relaxed to allow either a + letter or a digit. Host software MUST support this more liberal + syntax. + + Host software MUST handle host names of up to 63 characters and + SHOULD handle host names of up to 255 characters. + + Whenever a user inputs the identity of an Internet host, it SHOULD + be possible to enter either (1) a host domain name or (2) an IP + address in dotted-decimal ("#.#.#.#") form. The host SHOULD check + the string syntactically for a dotted-decimal number before + looking it up in the Domain Name System. + + DISCUSSION: + This last requirement is not intended to specify the complete + syntactic form for entering a dotted-decimal host number; + that is considered to be a user-interface issue. For + example, a dotted-decimal number must be enclosed within + "[ ]" brackets for SMTP mail (see Section 5.2.17). This + notation could be made universal within a host system, + simplifying the syntactic checking for a dotted-decimal + number. + + If a dotted-decimal number can be entered without such + identifying delimiters, then a full syntactic check must be + made, because a segment of a host domain name is now allowed + to begin with a digit and could legally be entirely numeric + (see Section 6.1.2.4). However, a valid host name can never + have the dotted-decimal form #.#.#.#, since at least the + highest-level component label will be alphabetic. + + 2.2 Using Domain Name Service + + Host domain names MUST be translated to IP addresses as described + in Section 6.1. + + Applications using domain name services MUST be able to cope with + soft error conditions. Applications MUST wait a reasonable + interval between successive retries due to a soft error, and MUST + + + +Internet Engineering Task Force [Page 13] + + + + +RFC1123 APPLICATIONS LAYER -- GENERAL October 1989 + + + allow for the possibility that network problems may deny service + for hours or even days. + + An application SHOULD NOT rely on the ability to locate a WKS + record containing an accurate listing of all services at a + particular host address, since the WKS RR type is not often used + by Internet sites. To confirm that a service is present, simply + attempt to use it. + + 2.3 Applications on Multihomed hosts + + When the remote host is multihomed, the name-to-address + translation will return a list of alternative IP addresses. As + specified in Section 6.1.3.4, this list should be in order of + decreasing preference. Application protocol implementations + SHOULD be prepared to try multiple addresses from the list until + success is obtained. More specific requirements for SMTP are + given in Section 5.3.4. + + When the local host is multihomed, a UDP-based request/response + application SHOULD send the response with an IP source address + that is the same as the specific destination address of the UDP + request datagram. The "specific destination address" is defined + in the "IP Addressing" section of the companion RFC [INTRO:1]. + + Similarly, a server application that opens multiple TCP + connections to the same client SHOULD use the same local IP + address for all. + + 2.4 Type-of-Service + + Applications MUST select appropriate TOS values when they invoke + transport layer services, and these values MUST be configurable. + Note that a TOS value contains 5 bits, of which only the most- + significant 3 bits are currently defined; the other two bits MUST + be zero. + + DISCUSSION: + As gateway algorithms are developed to implement Type-of- + Service, the recommended values for various application + protocols may change. In addition, it is likely that + particular combinations of users and Internet paths will want + non-standard TOS values. For these reasons, the TOS values + must be configurable. + + See the latest version of the "Assigned Numbers" RFC + [INTRO:5] for the recommended TOS values for the major + application protocols. + + + +Internet Engineering Task Force [Page 14] + + + + +RFC1123 APPLICATIONS LAYER -- GENERAL October 1989 + + + 2.5 GENERAL APPLICATION REQUIREMENTS SUMMARY + + | | | | |S| | + | | | | |H| |F + | | | | |O|M|o + | | |S| |U|U|o + | | |H| |L|S|t + | |M|O| |D|T|n + | |U|U|M| | |o + | |S|L|A|N|N|t + | |T|D|Y|O|O|t +FEATURE |SECTION | | | |T|T|e +-----------------------------------------------|----------|-|-|-|-|-|-- + | | | | | | | +User interfaces: | | | | | | | + Allow host name to begin with digit |2.1 |x| | | | | + Host names of up to 635 characters |2.1 |x| | | | | + Host names of up to 255 characters |2.1 | |x| | | | + Support dotted-decimal host numbers |2.1 | |x| | | | + Check syntactically for dotted-dec first |2.1 | |x| | | | + | | | | | | | +Map domain names per Section 6.1 |2.2 |x| | | | | +Cope with soft DNS errors |2.2 |x| | | | | + Reasonable interval between retries |2.2 |x| | | | | + Allow for long outages |2.2 |x| | | | | +Expect WKS records to be available |2.2 | | | |x| | + | | | | | | | +Try multiple addr's for remote multihomed host |2.3 | |x| | | | +UDP reply src addr is specific dest of request |2.3 | |x| | | | +Use same IP addr for related TCP connections |2.3 | |x| | | | +Specify appropriate TOS values |2.4 |x| | | | | + TOS values configurable |2.4 |x| | | | | + Unused TOS bits zero |2.4 |x| | | | | + | | | | | | | + | | | | | | | + + + + + + + + + + + + + + + + +Internet Engineering Task Force [Page 15] + + + + +RFC1123 REMOTE LOGIN -- TELNET October 1989 + + +3. REMOTE LOGIN -- TELNET PROTOCOL + + 3.1 INTRODUCTION + + Telnet is the standard Internet application protocol for remote + login. It provides the encoding rules to link a user's + keyboard/display on a client ("user") system with a command + interpreter on a remote server system. A subset of the Telnet + protocol is also incorporated within other application protocols, + e.g., FTP and SMTP. + + Telnet uses a single TCP connection, and its normal data stream + ("Network Virtual Terminal" or "NVT" mode) is 7-bit ASCII with + escape sequences to embed control functions. Telnet also allows + the negotiation of many optional modes and functions. + + The primary Telnet specification is to be found in RFC-854 + [TELNET:1], while the options are defined in many other RFCs; see + Section 7 for references. + + 3.2 PROTOCOL WALK-THROUGH + + 3.2.1 Option Negotiation: RFC-854, pp. 2-3 + + Every Telnet implementation MUST include option negotiation and + subnegotiation machinery [TELNET:2]. + + A host MUST carefully follow the rules of RFC-854 to avoid + option-negotiation loops. A host MUST refuse (i.e, reply + WONT/DONT to a DO/WILL) an unsupported option. Option + negotiation SHOULD continue to function (even if all requests + are refused) throughout the lifetime of a Telnet connection. + + If all option negotiations fail, a Telnet implementation MUST + default to, and support, an NVT. + + DISCUSSION: + Even though more sophisticated "terminals" and supporting + option negotiations are becoming the norm, all + implementations must be prepared to support an NVT for any + user-server communication. + + 3.2.2 Telnet Go-Ahead Function: RFC-854, p. 5, and RFC-858 + + On a host that never sends the Telnet command Go Ahead (GA), + the Telnet Server MUST attempt to negotiate the Suppress Go + Ahead option (i.e., send "WILL Suppress Go Ahead"). A User or + Server Telnet MUST always accept negotiation of the Suppress Go + + + +Internet Engineering Task Force [Page 16] + + + + +RFC1123 REMOTE LOGIN -- TELNET October 1989 + + + Ahead option. + + When it is driving a full-duplex terminal for which GA has no + meaning, a User Telnet implementation MAY ignore GA commands. + + DISCUSSION: + Half-duplex ("locked-keyboard") line-at-a-time terminals + for which the Go-Ahead mechanism was designed have largely + disappeared from the scene. It turned out to be difficult + to implement sending the Go-Ahead signal in many operating + systems, even some systems that support native half-duplex + terminals. The difficulty is typically that the Telnet + server code does not have access to information about + whether the user process is blocked awaiting input from + the Telnet connection, i.e., it cannot reliably determine + when to send a GA command. Therefore, most Telnet Server + hosts do not send GA commands. + + The effect of the rules in this section is to allow either + end of a Telnet connection to veto the use of GA commands. + + There is a class of half-duplex terminals that is still + commercially important: "data entry terminals," which + interact in a full-screen manner. However, supporting + data entry terminals using the Telnet protocol does not + require the Go Ahead signal; see Section 3.3.2. + + 3.2.3 Control Functions: RFC-854, pp. 7-8 + + The list of Telnet commands has been extended to include EOR + (End-of-Record), with code 239 [TELNET:9]. + + Both User and Server Telnets MAY support the control functions + EOR, EC, EL, and Break, and MUST support AO, AYT, DM, IP, NOP, + SB, and SE. + + A host MUST be able to receive and ignore any Telnet control + functions that it does not support. + + DISCUSSION: + Note that a Server Telnet is required to support the + Telnet IP (Interrupt Process) function, even if the server + host has an equivalent in-stream function (e.g., Control-C + in many systems). The Telnet IP function may be stronger + than an in-stream interrupt command, because of the out- + of-band effect of TCP urgent data. + + The EOR control function may be used to delimit the + + + +Internet Engineering Task Force [Page 17] + + + + +RFC1123 REMOTE LOGIN -- TELNET October 1989 + + + stream. An important application is data entry terminal + support (see Section 3.3.2). There was concern that since + EOR had not been defined in RFC-854, a host that was not + prepared to correctly ignore unknown Telnet commands might + crash if it received an EOR. To protect such hosts, the + End-of-Record option [TELNET:9] was introduced; however, a + properly implemented Telnet program will not require this + protection. + + 3.2.4 Telnet "Synch" Signal: RFC-854, pp. 8-10 + + When it receives "urgent" TCP data, a User or Server Telnet + MUST discard all data except Telnet commands until the DM (and + end of urgent) is reached. + + When it sends Telnet IP (Interrupt Process), a User Telnet + SHOULD follow it by the Telnet "Synch" sequence, i.e., send as + TCP urgent data the sequence "IAC IP IAC DM". The TCP urgent + pointer points to the DM octet. + + When it receives a Telnet IP command, a Server Telnet MAY send + a Telnet "Synch" sequence back to the user, to flush the output + stream. The choice ought to be consistent with the way the + server operating system behaves when a local user interrupts a + process. + + When it receives a Telnet AO command, a Server Telnet MUST send + a Telnet "Synch" sequence back to the user, to flush the output + stream. + + A User Telnet SHOULD have the capability of flushing output + when it sends a Telnet IP; see also Section 3.4.5. + + DISCUSSION: + There are three possible ways for a User Telnet to flush + the stream of server output data: + + (1) Send AO after IP. + + This will cause the server host to send a "flush- + buffered-output" signal to its operating system. + However, the AO may not take effect locally, i.e., + stop terminal output at the User Telnet end, until + the Server Telnet has received and processed the AO + and has sent back a "Synch". + + (2) Send DO TIMING-MARK [TELNET:7] after IP, and discard + all output locally until a WILL/WONT TIMING-MARK is + + + +Internet Engineering Task Force [Page 18] + + + + +RFC1123 REMOTE LOGIN -- TELNET October 1989 + + + received from the Server Telnet. + + Since the DO TIMING-MARK will be processed after the + IP at the server, the reply to it should be in the + right place in the output data stream. However, the + TIMING-MARK will not send a "flush buffered output" + signal to the server operating system. Whether or + not this is needed is dependent upon the server + system. + + (3) Do both. + + The best method is not entirely clear, since it must + accommodate a number of existing server hosts that do not + follow the Telnet standards in various ways. The safest + approach is probably to provide a user-controllable option + to select (1), (2), or (3). + + 3.2.5 NVT Printer and Keyboard: RFC-854, p. 11 + + In NVT mode, a Telnet SHOULD NOT send characters with the + high-order bit 1, and MUST NOT send it as a parity bit. + Implementations that pass the high-order bit to applications + SHOULD negotiate binary mode (see Section 3.2.6). + + + DISCUSSION: + Implementors should be aware that a strict reading of + RFC-854 allows a client or server expecting NVT ASCII to + ignore characters with the high-order bit set. In + general, binary mode is expected to be used for + transmission of an extended (beyond 7-bit) character set + with Telnet. + + However, there exist applications that really need an 8- + bit NVT mode, which is currently not defined, and these + existing applications do set the high-order bit during + part or all of the life of a Telnet connection. Note that + binary mode is not the same as 8-bit NVT mode, since + binary mode turns off end-of-line processing. For this + reason, the requirements on the high-order bit are stated + as SHOULD, not MUST. + + RFC-854 defines a minimal set of properties of a "network + virtual terminal" or NVT; this is not meant to preclude + additional features in a real terminal. A Telnet + connection is fully transparent to all 7-bit ASCII + characters, including arbitrary ASCII control characters. + + + +Internet Engineering Task Force [Page 19] + + + + +RFC1123 REMOTE LOGIN -- TELNET October 1989 + + + For example, a terminal might support full-screen commands + coded as ASCII escape sequences; a Telnet implementation + would pass these sequences as uninterpreted data. Thus, + an NVT should not be conceived as a terminal type of a + highly-restricted device. + + 3.2.6 Telnet Command Structure: RFC-854, p. 13 + + Since options may appear at any point in the data stream, a + Telnet escape character (known as IAC, with the value 255) to + be sent as data MUST be doubled. + + 3.2.7 Telnet Binary Option: RFC-856 + + When the Binary option has been successfully negotiated, + arbitrary 8-bit characters are allowed. However, the data + stream MUST still be scanned for IAC characters, any embedded + Telnet commands MUST be obeyed, and data bytes equal to IAC + MUST be doubled. Other character processing (e.g., replacing + CR by CR NUL or by CR LF) MUST NOT be done. In particular, + there is no end-of-line convention (see Section 3.3.1) in + binary mode. + + DISCUSSION: + The Binary option is normally negotiated in both + directions, to change the Telnet connection from NVT mode + to "binary mode". + + The sequence IAC EOR can be used to delimit blocks of data + within a binary-mode Telnet stream. + + 3.2.8 Telnet Terminal-Type Option: RFC-1091 + + The Terminal-Type option MUST use the terminal type names + officially defined in the Assigned Numbers RFC [INTRO:5], when + they are available for the particular terminal. However, the + receiver of a Terminal-Type option MUST accept any name. + + DISCUSSION: + RFC-1091 [TELNET:10] updates an earlier version of the + Terminal-Type option defined in RFC-930. The earlier + version allowed a server host capable of supporting + multiple terminal types to learn the type of a particular + client's terminal, assuming that each physical terminal + had an intrinsic type. However, today a "terminal" is + often really a terminal emulator program running in a PC, + perhaps capable of emulating a range of terminal types. + Therefore, RFC-1091 extends the specification to allow a + + + +Internet Engineering Task Force [Page 20] + + + + +RFC1123 REMOTE LOGIN -- TELNET October 1989 + + + more general terminal-type negotiation between User and + Server Telnets. + + 3.3 SPECIFIC ISSUES + + 3.3.1 Telnet End-of-Line Convention + + The Telnet protocol defines the sequence CR LF to mean "end- + of-line". For terminal input, this corresponds to a command- + completion or "end-of-line" key being pressed on a user + terminal; on an ASCII terminal, this is the CR key, but it may + also be labelled "Return" or "Enter". + + When a Server Telnet receives the Telnet end-of-line sequence + CR LF as input from a remote terminal, the effect MUST be the + same as if the user had pressed the "end-of-line" key on a + local terminal. On server hosts that use ASCII, in particular, + receipt of the Telnet sequence CR LF must cause the same effect + as a local user pressing the CR key on a local terminal. Thus, + CR LF and CR NUL MUST have the same effect on an ASCII server + host when received as input over a Telnet connection. + + A User Telnet MUST be able to send any of the forms: CR LF, CR + NUL, and LF. A User Telnet on an ASCII host SHOULD have a + user-controllable mode to send either CR LF or CR NUL when the + user presses the "end-of-line" key, and CR LF SHOULD be the + default. + + The Telnet end-of-line sequence CR LF MUST be used to send + Telnet data that is not terminal-to-computer (e.g., for Server + Telnet sending output, or the Telnet protocol incorporated + another application protocol). + + DISCUSSION: + To allow interoperability between arbitrary Telnet clients + and servers, the Telnet protocol defined a standard + representation for a line terminator. Since the ASCII + character set includes no explicit end-of-line character, + systems have chosen various representations, e.g., CR, LF, + and the sequence CR LF. The Telnet protocol chose the CR + LF sequence as the standard for network transmission. + + Unfortunately, the Telnet protocol specification in RFC- + 854 [TELNET:1] has turned out to be somewhat ambiguous on + what character(s) should be sent from client to server for + the "end-of-line" key. The result has been a massive and + continuing interoperability headache, made worse by + various faulty implementations of both User and Server + + + +Internet Engineering Task Force [Page 21] + + + + +RFC1123 REMOTE LOGIN -- TELNET October 1989 + + + Telnets. + + Although the Telnet protocol is based on a perfectly + symmetric model, in a remote login session the role of the + user at a terminal differs from the role of the server + host. For example, RFC-854 defines the meaning of CR, LF, + and CR LF as output from the server, but does not specify + what the User Telnet should send when the user presses the + "end-of-line" key on the terminal; this turns out to be + the point at issue. + + When a user presses the "end-of-line" key, some User + Telnet implementations send CR LF, while others send CR + NUL (based on a different interpretation of the same + sentence in RFC-854). These will be equivalent for a + correctly-implemented ASCII server host, as discussed + above. For other servers, a mode in the User Telnet is + needed. + + The existence of User Telnets that send only CR NUL when + CR is pressed creates a dilemma for non-ASCII hosts: they + can either treat CR NUL as equivalent to CR LF in input, + thus precluding the possibility of entering a "bare" CR, + or else lose complete interworking. + + Suppose a user on host A uses Telnet to log into a server + host B, and then execute B's User Telnet program to log + into server host C. It is desirable for the Server/User + Telnet combination on B to be as transparent as possible, + i.e., to appear as if A were connected directly to C. In + particular, correct implementation will make B transparent + to Telnet end-of-line sequences, except that CR LF may be + translated to CR NUL or vice versa. + + IMPLEMENTATION: + To understand Telnet end-of-line issues, one must have at + least a general model of the relationship of Telnet to the + local operating system. The Server Telnet process is + typically coupled into the terminal driver software of the + operating system as a pseudo-terminal. A Telnet end-of- + line sequence received by the Server Telnet must have the + same effect as pressing the end-of-line key on a real + locally-connected terminal. + + Operating systems that support interactive character-at- + a-time applications (e.g., editors) typically have two + internal modes for their terminal I/O: a formatted mode, + in which local conventions for end-of-line and other + + + +Internet Engineering Task Force [Page 22] + + + + +RFC1123 REMOTE LOGIN -- TELNET October 1989 + + + formatting rules have been applied to the data stream, and + a "raw" mode, in which the application has direct access + to every character as it was entered. A Server Telnet + must be implemented in such a way that these modes have + the same effect for remote as for local terminals. For + example, suppose a CR LF or CR NUL is received by the + Server Telnet on an ASCII host. In raw mode, a CR + character is passed to the application; in formatted mode, + the local system's end-of-line convention is used. + + 3.3.2 Data Entry Terminals + + DISCUSSION: + In addition to the line-oriented and character-oriented + ASCII terminals for which Telnet was designed, there are + several families of video display terminals that are + sometimes known as "data entry terminals" or DETs. The + IBM 3270 family is a well-known example. + + Two Internet protocols have been designed to support + generic DETs: SUPDUP [TELNET:16, TELNET:17], and the DET + option [TELNET:18, TELNET:19]. The DET option drives a + data entry terminal over a Telnet connection using (sub-) + negotiation. SUPDUP is a completely separate terminal + protocol, which can be entered from Telnet by negotiation. + Although both SUPDUP and the DET option have been used + successfully in particular environments, neither has + gained general acceptance or wide implementation. + + A different approach to DET interaction has been developed + for supporting the IBM 3270 family through Telnet, + although the same approach would be applicable to any DET. + The idea is to enter a "native DET" mode, in which the + native DET input/output stream is sent as binary data. + The Telnet EOR command is used to delimit logical records + (e.g., "screens") within this binary stream. + + IMPLEMENTATION: + The rules for entering and leaving native DET mode are as + follows: + + o The Server uses the Terminal-Type option [TELNET:10] + to learn that the client is a DET. + + o It is conventional, but not required, that both ends + negotiate the EOR option [TELNET:9]. + + o Both ends negotiate the Binary option [TELNET:3] to + + + +Internet Engineering Task Force [Page 23] + + + + +RFC1123 REMOTE LOGIN -- TELNET October 1989 + + + enter native DET mode. + + o When either end negotiates out of binary mode, the + other end does too, and the mode then reverts to + normal NVT. + + + 3.3.3 Option Requirements + + Every Telnet implementation MUST support the Binary option + [TELNET:3] and the Suppress Go Ahead option [TELNET:5], and + SHOULD support the Echo [TELNET:4], Status [TELNET:6], End-of- + Record [TELNET:9], and Extended Options List [TELNET:8] + options. + + A User or Server Telnet SHOULD support the Window Size Option + [TELNET:12] if the local operating system provides the + corresponding capability. + + DISCUSSION: + Note that the End-of-Record option only signifies that a + Telnet can receive a Telnet EOR without crashing; + therefore, every Telnet ought to be willing to accept + negotiation of the End-of-Record option. See also the + discussion in Section 3.2.3. + + 3.3.4 Option Initiation + + When the Telnet protocol is used in a client/server situation, + the server SHOULD initiate negotiation of the terminal + interaction mode it expects. + + DISCUSSION: + The Telnet protocol was defined to be perfectly + symmetrical, but its application is generally asymmetric. + Remote login has been known to fail because NEITHER side + initiated negotiation of the required non-default terminal + modes. It is generally the server that determines the + preferred mode, so the server needs to initiate the + negotiation; since the negotiation is symmetric, the user + can also initiate it. + + A client (User Telnet) SHOULD provide a means for users to + enable and disable the initiation of option negotiation. + + DISCUSSION: + A user sometimes needs to connect to an application + service (e.g., FTP or SMTP) that uses Telnet for its + + + +Internet Engineering Task Force [Page 24] + + + + +RFC1123 REMOTE LOGIN -- TELNET October 1989 + + + control stream but does not support Telnet options. User + Telnet may be used for this purpose if initiation of + option negotiation is disabled. + + 3.3.5 Telnet Linemode Option + + DISCUSSION: + An important new Telnet option, LINEMODE [TELNET:12], has + been proposed. The LINEMODE option provides a standard + way for a User Telnet and a Server Telnet to agree that + the client rather than the server will perform terminal + character processing. When the client has prepared a + complete line of text, it will send it to the server in + (usually) one TCP packet. This option will greatly + decrease the packet cost of Telnet sessions and will also + give much better user response over congested or long- + delay networks. + + The LINEMODE option allows dynamic switching between local + and remote character processing. For example, the Telnet + connection will automatically negotiate into single- + character mode while a full screen editor is running, and + then return to linemode when the editor is finished. + + We expect that when this RFC is released, hosts should + implement the client side of this option, and may + implement the server side of this option. To properly + implement the server side, the server needs to be able to + tell the local system not to do any input character + processing, but to remember its current terminal state and + notify the Server Telnet process whenever the state + changes. This will allow password echoing and full screen + editors to be handled properly, for example. + + 3.4 TELNET/USER INTERFACE + + 3.4.1 Character Set Transparency + + User Telnet implementations SHOULD be able to send or receive + any 7-bit ASCII character. Where possible, any special + character interpretations by the user host's operating system + SHOULD be bypassed so that these characters can conveniently be + sent and received on the connection. + + Some character value MUST be reserved as "escape to command + mode"; conventionally, doubling this character allows it to be + entered as data. The specific character used SHOULD be user + selectable. + + + +Internet Engineering Task Force [Page 25] + + + + +RFC1123 REMOTE LOGIN -- TELNET October 1989 + + + On binary-mode connections, a User Telnet program MAY provide + an escape mechanism for entering arbitrary 8-bit values, if the + host operating system doesn't allow them to be entered directly + from the keyboard. + + IMPLEMENTATION: + The transparency issues are less pressing on servers, but + implementors should take care in dealing with issues like: + masking off parity bits (sent by an older, non-conforming + client) before they reach programs that expect only NVT + ASCII, and properly handling programs that request 8-bit + data streams. + + 3.4.2 Telnet Commands + + A User Telnet program MUST provide a user the capability of + entering any of the Telnet control functions IP, AO, or AYT, + and SHOULD provide the capability of entering EC, EL, and + Break. + + 3.4.3 TCP Connection Errors + + A User Telnet program SHOULD report to the user any TCP errors + that are reported by the transport layer (see "TCP/Application + Layer Interface" section in [INTRO:1]). + + 3.4.4 Non-Default Telnet Contact Port + + A User Telnet program SHOULD allow the user to optionally + specify a non-standard contact port number at the Server Telnet + host. + + 3.4.5 Flushing Output + + A User Telnet program SHOULD provide the user the ability to + specify whether or not output should be flushed when an IP is + sent; see Section 3.2.4. + + For any output flushing scheme that causes the User Telnet to + flush output locally until a Telnet signal is received from the + Server, there SHOULD be a way for the user to manually restore + normal output, in case the Server fails to send the expected + signal. + + + + + + + + +Internet Engineering Task Force [Page 26] + + + + +RFC1123 REMOTE LOGIN -- TELNET October 1989 + + + 3.5. TELNET REQUIREMENTS SUMMARY + + + | | | | |S| | + | | | | |H| |F + | | | | |O|M|o + | | |S| |U|U|o + | | |H| |L|S|t + | |M|O| |D|T|n + | |U|U|M| | |o + | |S|L|A|N|N|t + | |T|D|Y|O|O|t +FEATURE |SECTION | | | |T|T|e +-------------------------------------------------|--------|-|-|-|-|-|-- + | | | | | | | +Option Negotiation |3.2.1 |x| | | | | + Avoid negotiation loops |3.2.1 |x| | | | | + Refuse unsupported options |3.2.1 |x| | | | | + Negotiation OK anytime on connection |3.2.1 | |x| | | | + Default to NVT |3.2.1 |x| | | | | + Send official name in Term-Type option |3.2.8 |x| | | | | + Accept any name in Term-Type option |3.2.8 |x| | | | | + Implement Binary, Suppress-GA options |3.3.3 |x| | | | | + Echo, Status, EOL, Ext-Opt-List options |3.3.3 | |x| | | | + Implement Window-Size option if appropriate |3.3.3 | |x| | | | + Server initiate mode negotiations |3.3.4 | |x| | | | + User can enable/disable init negotiations |3.3.4 | |x| | | | + | | | | | | | +Go-Aheads | | | | | | | + Non-GA server negotiate SUPPRESS-GA option |3.2.2 |x| | | | | + User or Server accept SUPPRESS-GA option |3.2.2 |x| | | | | + User Telnet ignore GA's |3.2.2 | | |x| | | + | | | | | | | +Control Functions | | | | | | | + Support SE NOP DM IP AO AYT SB |3.2.3 |x| | | | | + Support EOR EC EL Break |3.2.3 | | |x| | | + Ignore unsupported control functions |3.2.3 |x| | | | | + User, Server discard urgent data up to DM |3.2.4 |x| | | | | + User Telnet send "Synch" after IP, AO, AYT |3.2.4 | |x| | | | + Server Telnet reply Synch to IP |3.2.4 | | |x| | | + Server Telnet reply Synch to AO |3.2.4 |x| | | | | + User Telnet can flush output when send IP |3.2.4 | |x| | | | + | | | | | | | +Encoding | | | | | | | + Send high-order bit in NVT mode |3.2.5 | | | |x| | + Send high-order bit as parity bit |3.2.5 | | | | |x| + Negot. BINARY if pass high-ord. bit to applic |3.2.5 | |x| | | | + Always double IAC data byte |3.2.6 |x| | | | | + + + +Internet Engineering Task Force [Page 27] + + + + +RFC1123 REMOTE LOGIN -- TELNET October 1989 + + + Double IAC data byte in binary mode |3.2.7 |x| | | | | + Obey Telnet cmds in binary mode |3.2.7 |x| | | | | + End-of-line, CR NUL in binary mode |3.2.7 | | | | |x| + | | | | | | | +End-of-Line | | | | | | | + EOL at Server same as local end-of-line |3.3.1 |x| | | | | + ASCII Server accept CR LF or CR NUL for EOL |3.3.1 |x| | | | | + User Telnet able to send CR LF, CR NUL, or LF |3.3.1 |x| | | | | + ASCII user able to select CR LF/CR NUL |3.3.1 | |x| | | | + User Telnet default mode is CR LF |3.3.1 | |x| | | | + Non-interactive uses CR LF for EOL |3.3.1 |x| | | | | + | | | | | | | +User Telnet interface | | | | | | | + Input & output all 7-bit characters |3.4.1 | |x| | | | + Bypass local op sys interpretation |3.4.1 | |x| | | | + Escape character |3.4.1 |x| | | | | + User-settable escape character |3.4.1 | |x| | | | + Escape to enter 8-bit values |3.4.1 | | |x| | | + Can input IP, AO, AYT |3.4.2 |x| | | | | + Can input EC, EL, Break |3.4.2 | |x| | | | + Report TCP connection errors to user |3.4.3 | |x| | | | + Optional non-default contact port |3.4.4 | |x| | | | + Can spec: output flushed when IP sent |3.4.5 | |x| | | | + Can manually restore output mode |3.4.5 | |x| | | | + | | | | | | | + + + + + + + + + + + + + + + + + + + + + + + + + + +Internet Engineering Task Force [Page 28] + + + + +RFC1123 FILE TRANSFER -- FTP October 1989 + + +4. FILE TRANSFER + + 4.1 FILE TRANSFER PROTOCOL -- FTP + + 4.1.1 INTRODUCTION + + The File Transfer Protocol FTP is the primary Internet standard + for file transfer. The current specification is contained in + RFC-959 [FTP:1]. + + FTP uses separate simultaneous TCP connections for control and + for data transfer. The FTP protocol includes many features, + some of which are not commonly implemented. However, for every + feature in FTP, there exists at least one implementation. The + minimum implementation defined in RFC-959 was too small, so a + somewhat larger minimum implementation is defined here. + + Internet users have been unnecessarily burdened for years by + deficient FTP implementations. Protocol implementors have + suffered from the erroneous opinion that implementing FTP ought + to be a small and trivial task. This is wrong, because FTP has + a user interface, because it has to deal (correctly) with the + whole variety of communication and operating system errors that + may occur, and because it has to handle the great diversity of + real file systems in the world. + + 4.1.2. PROTOCOL WALK-THROUGH + + 4.1.2.1 LOCAL Type: RFC-959 Section 3.1.1.4 + + An FTP program MUST support TYPE I ("IMAGE" or binary type) + as well as TYPE L 8 ("LOCAL" type with logical byte size 8). + A machine whose memory is organized into m-bit words, where + m is not a multiple of 8, MAY also support TYPE L m. + + DISCUSSION: + The command "TYPE L 8" is often required to transfer + binary data between a machine whose memory is organized + into (e.g.) 36-bit words and a machine with an 8-bit + byte organization. For an 8-bit byte machine, TYPE L 8 + is equivalent to IMAGE. + + "TYPE L m" is sometimes specified to the FTP programs + on two m-bit word machines to ensure the correct + transfer of a native-mode binary file from one machine + to the other. However, this command should have the + same effect on these machines as "TYPE I". + + + + +Internet Engineering Task Force [Page 29] + + + + +RFC1123 FILE TRANSFER -- FTP October 1989 + + + 4.1.2.2 Telnet Format Control: RFC-959 Section 3.1.1.5.2 + + A host that makes no distinction between TYPE N and TYPE T + SHOULD implement TYPE T to be identical to TYPE N. + + DISCUSSION: + This provision should ease interoperation with hosts + that do make this distinction. + + Many hosts represent text files internally as strings + of ASCII characters, using the embedded ASCII format + effector characters (LF, BS, FF, ...) to control the + format when a file is printed. For such hosts, there + is no distinction between "print" files and other + files. However, systems that use record structured + files typically need a special format for printable + files (e.g., ASA carriage control). For the latter + hosts, FTP allows a choice of TYPE N or TYPE T. + + 4.1.2.3 Page Structure: RFC-959 Section 3.1.2.3 and Appendix I + + Implementation of page structure is NOT RECOMMENDED in + general. However, if a host system does need to implement + FTP for "random access" or "holey" files, it MUST use the + defined page structure format rather than define a new + private FTP format. + + 4.1.2.4 Data Structure Transformations: RFC-959 Section 3.1.2 + + An FTP transformation between record-structure and file- + structure SHOULD be invertible, to the extent possible while + making the result useful on the target host. + + DISCUSSION: + RFC-959 required strict invertibility between record- + structure and file-structure, but in practice, + efficiency and convenience often preclude it. + Therefore, the requirement is being relaxed. There are + two different objectives for transferring a file: + processing it on the target host, or just storage. For + storage, strict invertibility is important. For + processing, the file created on the target host needs + to be in the format expected by application programs on + that host. + + As an example of the conflict, imagine a record- + oriented operating system that requires some data files + to have exactly 80 bytes in each record. While STORing + + + +Internet Engineering Task Force [Page 30] + + + + +RFC1123 FILE TRANSFER -- FTP October 1989 + + + a file on such a host, an FTP Server must be able to + pad each line or record to 80 bytes; a later retrieval + of such a file cannot be strictly invertible. + + 4.1.2.5 Data Connection Management: RFC-959 Section 3.3 + + A User-FTP that uses STREAM mode SHOULD send a PORT command + to assign a non-default data port before each transfer + command is issued. + + DISCUSSION: + This is required because of the long delay after a TCP + connection is closed until its socket pair can be + reused, to allow multiple transfers during a single FTP + session. Sending a port command can avoided if a + transfer mode other than stream is used, by leaving the + data transfer connection open between transfers. + + 4.1.2.6 PASV Command: RFC-959 Section 4.1.2 + + A server-FTP MUST implement the PASV command. + + If multiple third-party transfers are to be executed during + the same session, a new PASV command MUST be issued before + each transfer command, to obtain a unique port pair. + + IMPLEMENTATION: + The format of the 227 reply to a PASV command is not + well standardized. In particular, an FTP client cannot + assume that the parentheses shown on page 40 of RFC-959 + will be present (and in fact, Figure 3 on page 43 omits + them). Therefore, a User-FTP program that interprets + the PASV reply must scan the reply for the first digit + of the host and port numbers. + + Note that the host number h1,h2,h3,h4 is the IP address + of the server host that is sending the reply, and that + p1,p2 is a non-default data transfer port that PASV has + assigned. + + 4.1.2.7 LIST and NLST Commands: RFC-959 Section 4.1.3 + + The data returned by an NLST command MUST contain only a + simple list of legal pathnames, such that the server can use + them directly as the arguments of subsequent data transfer + commands for the individual files. + + The data returned by a LIST or NLST command SHOULD use an + + + +Internet Engineering Task Force [Page 31] + + + + +RFC1123 FILE TRANSFER -- FTP October 1989 + + + implied TYPE AN, unless the current type is EBCDIC, in which + case an implied TYPE EN SHOULD be used. + + DISCUSSION: + Many FTP clients support macro-commands that will get + or put files matching a wildcard specification, using + NLST to obtain a list of pathnames. The expansion of + "multiple-put" is local to the client, but "multiple- + get" requires cooperation by the server. + + The implied type for LIST and NLST is designed to + provide compatibility with existing User-FTPs, and in + particular with multiple-get commands. + + 4.1.2.8 SITE Command: RFC-959 Section 4.1.3 + + A Server-FTP SHOULD use the SITE command for non-standard + features, rather than invent new private commands or + unstandardized extensions to existing commands. + + 4.1.2.9 STOU Command: RFC-959 Section 4.1.3 + + The STOU command stores into a uniquely named file. When it + receives an STOU command, a Server-FTP MUST return the + actual file name in the "125 Transfer Starting" or the "150 + Opening Data Connection" message that precedes the transfer + (the 250 reply code mentioned in RFC-959 is incorrect). The + exact format of these messages is hereby defined to be as + follows: + + 125 FILE: pppp + 150 FILE: pppp + + where pppp represents the unique pathname of the file that + will be written. + + 4.1.2.10 Telnet End-of-line Code: RFC-959, Page 34 + + Implementors MUST NOT assume any correspondence between READ + boundaries on the control connection and the Telnet EOL + sequences (CR LF). + + DISCUSSION: + Thus, a server-FTP (or User-FTP) must continue reading + characters from the control connection until a complete + Telnet EOL sequence is encountered, before processing + the command (or response, respectively). Conversely, a + single READ from the control connection may include + + + +Internet Engineering Task Force [Page 32] + + + + +RFC1123 FILE TRANSFER -- FTP October 1989 + + + more than one FTP command. + + 4.1.2.11 FTP Replies: RFC-959 Section 4.2, Page 35 + + A Server-FTP MUST send only correctly formatted replies on + the control connection. Note that RFC-959 (unlike earlier + versions of the FTP spec) contains no provision for a + "spontaneous" reply message. + + A Server-FTP SHOULD use the reply codes defined in RFC-959 + whenever they apply. However, a server-FTP MAY use a + different reply code when needed, as long as the general + rules of Section 4.2 are followed. When the implementor has + a choice between a 4xx and 5xx reply code, a Server-FTP + SHOULD send a 4xx (temporary failure) code when there is any + reasonable possibility that a failed FTP will succeed a few + hours later. + + A User-FTP SHOULD generally use only the highest-order digit + of a 3-digit reply code for making a procedural decision, to + prevent difficulties when a Server-FTP uses non-standard + reply codes. + + A User-FTP MUST be able to handle multi-line replies. If + the implementation imposes a limit on the number of lines + and if this limit is exceeded, the User-FTP MUST recover, + e.g., by ignoring the excess lines until the end of the + multi-line reply is reached. + + A User-FTP SHOULD NOT interpret a 421 reply code ("Service + not available, closing control connection") specially, but + SHOULD detect closing of the control connection by the + server. + + DISCUSSION: + Server implementations that fail to strictly follow the + reply rules often cause FTP user programs to hang. + Note that RFC-959 resolved ambiguities in the reply + rules found in earlier FTP specifications and must be + followed. + + It is important to choose FTP reply codes that properly + distinguish between temporary and permanent failures, + to allow the successful use of file transfer client + daemons. These programs depend on the reply codes to + decide whether or not to retry a failed transfer; using + a permanent failure code (5xx) for a temporary error + will cause these programs to give up unnecessarily. + + + +Internet Engineering Task Force [Page 33] + + + + +RFC1123 FILE TRANSFER -- FTP October 1989 + + + When the meaning of a reply matches exactly the text + shown in RFC-959, uniformity will be enhanced by using + the RFC-959 text verbatim. However, a Server-FTP + implementor is encouraged to choose reply text that + conveys specific system-dependent information, when + appropriate. + + 4.1.2.12 Connections: RFC-959 Section 5.2 + + The words "and the port used" in the second paragraph of + this section of RFC-959 are erroneous (historical), and they + should be ignored. + + On a multihomed server host, the default data transfer port + (L-1) MUST be associated with the same local IP address as + the corresponding control connection to port L. + + A user-FTP MUST NOT send any Telnet controls other than + SYNCH and IP on an FTP control connection. In particular, it + MUST NOT attempt to negotiate Telnet options on the control + connection. However, a server-FTP MUST be capable of + accepting and refusing Telnet negotiations (i.e., sending + DONT/WONT). + + DISCUSSION: + Although the RFC says: "Server- and User- processes + should follow the conventions for the Telnet + protocol...[on the control connection]", it is not the + intent that Telnet option negotiation is to be + employed. + + 4.1.2.13 Minimum Implementation; RFC-959 Section 5.1 + + The following commands and options MUST be supported by + every server-FTP and user-FTP, except in cases where the + underlying file system or operating system does not allow or + support a particular command. + + Type: ASCII Non-print, IMAGE, LOCAL 8 + Mode: Stream + Structure: File, Record* + Commands: + USER, PASS, ACCT, + PORT, PASV, + TYPE, MODE, STRU, + RETR, STOR, APPE, + RNFR, RNTO, DELE, + CWD, CDUP, RMD, MKD, PWD, + + + +Internet Engineering Task Force [Page 34] + + + + +RFC1123 FILE TRANSFER -- FTP October 1989 + + + LIST, NLST, + SYST, STAT, + HELP, NOOP, QUIT. + + *Record structure is REQUIRED only for hosts whose file + systems support record structure. + + DISCUSSION: + Vendors are encouraged to implement a larger subset of + the protocol. For example, there are important + robustness features in the protocol (e.g., Restart, + ABOR, block mode) that would be an aid to some Internet + users but are not widely implemented. + + A host that does not have record structures in its file + system may still accept files with STRU R, recording + the byte stream literally. + + 4.1.3 SPECIFIC ISSUES + + 4.1.3.1 Non-standard Command Verbs + + FTP allows "experimental" commands, whose names begin with + "X". If these commands are subsequently adopted as + standards, there may still be existing implementations using + the "X" form. At present, this is true for the directory + commands: + + RFC-959 "Experimental" + + MKD XMKD + RMD XRMD + PWD XPWD + CDUP XCUP + CWD XCWD + + All FTP implementations SHOULD recognize both forms of these + commands, by simply equating them with extra entries in the + command lookup table. + + IMPLEMENTATION: + A User-FTP can access a server that supports only the + "X" forms by implementing a mode switch, or + automatically using the following procedure: if the + RFC-959 form of one of the above commands is rejected + with a 500 or 502 response code, then try the + experimental form; any other response would be passed + to the user. + + + +Internet Engineering Task Force [Page 35] + + + + +RFC1123 FILE TRANSFER -- FTP October 1989 + + + 4.1.3.2 Idle Timeout + + A Server-FTP process SHOULD have an idle timeout, which will + terminate the process and close the control connection if + the server is inactive (i.e., no command or data transfer in + progress) for a long period of time. The idle timeout time + SHOULD be configurable, and the default should be at least 5 + minutes. + + A client FTP process ("User-PI" in RFC-959) will need + timeouts on responses only if it is invoked from a program. + + DISCUSSION: + Without a timeout, a Server-FTP process may be left + pending indefinitely if the corresponding client + crashes without closing the control connection. + + 4.1.3.3 Concurrency of Data and Control + + DISCUSSION: + The intent of the designers of FTP was that a user + should be able to send a STAT command at any time while + data transfer was in progress and that the server-FTP + would reply immediately with status -- e.g., the number + of bytes transferred so far. Similarly, an ABOR + command should be possible at any time during a data + transfer. + + Unfortunately, some small-machine operating systems + make such concurrent programming difficult, and some + other implementers seek minimal solutions, so some FTP + implementations do not allow concurrent use of the data + and control connections. Even such a minimal server + must be prepared to accept and defer a STAT or ABOR + command that arrives during data transfer. + + 4.1.3.4 FTP Restart Mechanism + + The description of the 110 reply on pp. 40-41 of RFC-959 is + incorrect; the correct description is as follows. A restart + reply message, sent over the control connection from the + receiving FTP to the User-FTP, has the format: + + 110 MARK ssss = rrrr + + Here: + + * ssss is a text string that appeared in a Restart Marker + + + +Internet Engineering Task Force [Page 36] + + + + +RFC1123 FILE TRANSFER -- FTP October 1989 + + + in the data stream and encodes a position in the + sender's file system; + + * rrrr encodes the corresponding position in the + receiver's file system. + + The encoding, which is specific to a particular file system + and network implementation, is always generated and + interpreted by the same system, either sender or receiver. + + When an FTP that implements restart receives a Restart + Marker in the data stream, it SHOULD force the data to that + point to be written to stable storage before encoding the + corresponding position rrrr. An FTP sending Restart Markers + MUST NOT assume that 110 replies will be returned + synchronously with the data, i.e., it must not await a 110 + reply before sending more data. + + Two new reply codes are hereby defined for errors + encountered in restarting a transfer: + + 554 Requested action not taken: invalid REST parameter. + + A 554 reply may result from a FTP service command that + follows a REST command. The reply indicates that the + existing file at the Server-FTP cannot be repositioned + as specified in the REST. + + 555 Requested action not taken: type or stru mismatch. + + A 555 reply may result from an APPE command or from any + FTP service command following a REST command. The + reply indicates that there is some mismatch between the + current transfer parameters (type and stru) and the + attributes of the existing file. + + DISCUSSION: + Note that the FTP Restart mechanism requires that Block + or Compressed mode be used for data transfer, to allow + the Restart Markers to be included within the data + stream. The frequency of Restart Markers can be low. + + Restart Markers mark a place in the data stream, but + the receiver may be performing some transformation on + the data as it is stored into stable storage. In + general, the receiver's encoding must include any state + information necessary to restart this transformation at + any point of the FTP data stream. For example, in TYPE + + + +Internet Engineering Task Force [Page 37] + + + + +RFC1123 FILE TRANSFER -- FTP October 1989 + + + A transfers, some receiver hosts transform CR LF + sequences into a single LF character on disk. If a + Restart Marker happens to fall between CR and LF, the + receiver must encode in rrrr that the transfer must be + restarted in a "CR has been seen and discarded" state. + + Note that the Restart Marker is required to be encoded + as a string of printable ASCII characters, regardless + of the type of the data. + + RFC-959 says that restart information is to be returned + "to the user". This should not be taken literally. In + general, the User-FTP should save the restart + information (ssss,rrrr) in stable storage, e.g., append + it to a restart control file. An empty restart control + file should be created when the transfer first starts + and deleted automatically when the transfer completes + successfully. It is suggested that this file have a + name derived in an easily-identifiable manner from the + name of the file being transferred and the remote host + name; this is analogous to the means used by many text + editors for naming "backup" files. + + There are three cases for FTP restart. + + (1) User-to-Server Transfer + + The User-FTP puts Restart Markers <ssss> at + convenient places in the data stream. When the + Server-FTP receives a Marker, it writes all prior + data to disk, encodes its file system position and + transformation state as rrrr, and returns a "110 + MARK ssss = rrrr" reply over the control + connection. The User-FTP appends the pair + (ssss,rrrr) to its restart control file. + + To restart the transfer, the User-FTP fetches the + last (ssss,rrrr) pair from the restart control + file, repositions its local file system and + transformation state using ssss, and sends the + command "REST rrrr" to the Server-FTP. + + (2) Server-to-User Transfer + + The Server-FTP puts Restart Markers <ssss> at + convenient places in the data stream. When the + User-FTP receives a Marker, it writes all prior + data to disk, encodes its file system position and + + + +Internet Engineering Task Force [Page 38] + + + + +RFC1123 FILE TRANSFER -- FTP October 1989 + + + transformation state as rrrr, and appends the pair + (rrrr,ssss) to its restart control file. + + To restart the transfer, the User-FTP fetches the + last (rrrr,ssss) pair from the restart control + file, repositions its local file system and + transformation state using rrrr, and sends the + command "REST ssss" to the Server-FTP. + + (3) Server-to-Server ("Third-Party") Transfer + + The sending Server-FTP puts Restart Markers <ssss> + at convenient places in the data stream. When it + receives a Marker, the receiving Server-FTP writes + all prior data to disk, encodes its file system + position and transformation state as rrrr, and + sends a "110 MARK ssss = rrrr" reply over the + control connection to the User. The User-FTP + appends the pair (ssss,rrrr) to its restart + control file. + + To restart the transfer, the User-FTP fetches the + last (ssss,rrrr) pair from the restart control + file, sends "REST ssss" to the sending Server-FTP, + and sends "REST rrrr" to the receiving Server-FTP. + + + 4.1.4 FTP/USER INTERFACE + + This section discusses the user interface for a User-FTP + program. + + 4.1.4.1 Pathname Specification + + Since FTP is intended for use in a heterogeneous + environment, User-FTP implementations MUST support remote + pathnames as arbitrary character strings, so that their form + and content are not limited by the conventions of the local + operating system. + + DISCUSSION: + In particular, remote pathnames can be of arbitrary + length, and all the printing ASCII characters as well + as space (0x20) must be allowed. RFC-959 allows a + pathname to contain any 7-bit ASCII character except CR + or LF. + + + + + +Internet Engineering Task Force [Page 39] + + + + +RFC1123 FILE TRANSFER -- FTP October 1989 + + + 4.1.4.2 "QUOTE" Command + + A User-FTP program MUST implement a "QUOTE" command that + will pass an arbitrary character string to the server and + display all resulting response messages to the user. + + To make the "QUOTE" command useful, a User-FTP SHOULD send + transfer control commands to the server as the user enters + them, rather than saving all the commands and sending them + to the server only when a data transfer is started. + + DISCUSSION: + The "QUOTE" command is essential to allow the user to + access servers that require system-specific commands + (e.g., SITE or ALLO), or to invoke new or optional + features that are not implemented by the User-FTP. For + example, "QUOTE" may be used to specify "TYPE A T" to + send a print file to hosts that require the + distinction, even if the User-FTP does not recognize + that TYPE. + + 4.1.4.3 Displaying Replies to User + + A User-FTP SHOULD display to the user the full text of all + error reply messages it receives. It SHOULD have a + "verbose" mode in which all commands it sends and the full + text and reply codes it receives are displayed, for + diagnosis of problems. + + 4.1.4.4 Maintaining Synchronization + + The state machine in a User-FTP SHOULD be forgiving of + missing and unexpected reply messages, in order to maintain + command synchronization with the server. + + + + + + + + + + + + + + + + + +Internet Engineering Task Force [Page 40] + + + + +RFC1123 FILE TRANSFER -- FTP October 1989 + + + 4.1.5 FTP REQUIREMENTS SUMMARY + + | | | | |S| | + | | | | |H| |F + | | | | |O|M|o + | | |S| |U|U|o + | | |H| |L|S|t + | |M|O| |D|T|n + | |U|U|M| | |o + | |S|L|A|N|N|t + | |T|D|Y|O|O|t +FEATURE |SECTION | | | |T|T|e +-------------------------------------------|---------------|-|-|-|-|-|-- +Implement TYPE T if same as TYPE N |4.1.2.2 | |x| | | | +File/Record transform invertible if poss. |4.1.2.4 | |x| | | | +User-FTP send PORT cmd for stream mode |4.1.2.5 | |x| | | | +Server-FTP implement PASV |4.1.2.6 |x| | | | | + PASV is per-transfer |4.1.2.6 |x| | | | | +NLST reply usable in RETR cmds |4.1.2.7 |x| | | | | +Implied type for LIST and NLST |4.1.2.7 | |x| | | | +SITE cmd for non-standard features |4.1.2.8 | |x| | | | +STOU cmd return pathname as specified |4.1.2.9 |x| | | | | +Use TCP READ boundaries on control conn. |4.1.2.10 | | | | |x| + | | | | | | | +Server-FTP send only correct reply format |4.1.2.11 |x| | | | | +Server-FTP use defined reply code if poss. |4.1.2.11 | |x| | | | + New reply code following Section 4.2 |4.1.2.11 | | |x| | | +User-FTP use only high digit of reply |4.1.2.11 | |x| | | | +User-FTP handle multi-line reply lines |4.1.2.11 |x| | | | | +User-FTP handle 421 reply specially |4.1.2.11 | | | |x| | + | | | | | | | +Default data port same IP addr as ctl conn |4.1.2.12 |x| | | | | +User-FTP send Telnet cmds exc. SYNCH, IP |4.1.2.12 | | | | |x| +User-FTP negotiate Telnet options |4.1.2.12 | | | | |x| +Server-FTP handle Telnet options |4.1.2.12 |x| | | | | +Handle "Experimental" directory cmds |4.1.3.1 | |x| | | | +Idle timeout in server-FTP |4.1.3.2 | |x| | | | + Configurable idle timeout |4.1.3.2 | |x| | | | +Receiver checkpoint data at Restart Marker |4.1.3.4 | |x| | | | +Sender assume 110 replies are synchronous |4.1.3.4 | | | | |x| + | | | | | | | +Support TYPE: | | | | | | | + ASCII - Non-Print (AN) |4.1.2.13 |x| | | | | + ASCII - Telnet (AT) -- if same as AN |4.1.2.2 | |x| | | | + ASCII - Carriage Control (AC) |959 3.1.1.5.2 | | |x| | | + EBCDIC - (any form) |959 3.1.1.2 | | |x| | | + IMAGE |4.1.2.1 |x| | | | | + LOCAL 8 |4.1.2.1 |x| | | | | + + + +Internet Engineering Task Force [Page 41] + + + + +RFC1123 FILE TRANSFER -- FTP October 1989 + + + LOCAL m |4.1.2.1 | | |x| | |2 + | | | | | | | +Support MODE: | | | | | | | + Stream |4.1.2.13 |x| | | | | + Block |959 3.4.2 | | |x| | | + | | | | | | | +Support STRUCTURE: | | | | | | | + File |4.1.2.13 |x| | | | | + Record |4.1.2.13 |x| | | | |3 + Page |4.1.2.3 | | | |x| | + | | | | | | | +Support commands: | | | | | | | + USER |4.1.2.13 |x| | | | | + PASS |4.1.2.13 |x| | | | | + ACCT |4.1.2.13 |x| | | | | + CWD |4.1.2.13 |x| | | | | + CDUP |4.1.2.13 |x| | | | | + SMNT |959 5.3.1 | | |x| | | + REIN |959 5.3.1 | | |x| | | + QUIT |4.1.2.13 |x| | | | | + | | | | | | | + PORT |4.1.2.13 |x| | | | | + PASV |4.1.2.6 |x| | | | | + TYPE |4.1.2.13 |x| | | | |1 + STRU |4.1.2.13 |x| | | | |1 + MODE |4.1.2.13 |x| | | | |1 + | | | | | | | + RETR |4.1.2.13 |x| | | | | + STOR |4.1.2.13 |x| | | | | + STOU |959 5.3.1 | | |x| | | + APPE |4.1.2.13 |x| | | | | + ALLO |959 5.3.1 | | |x| | | + REST |959 5.3.1 | | |x| | | + RNFR |4.1.2.13 |x| | | | | + RNTO |4.1.2.13 |x| | | | | + ABOR |959 5.3.1 | | |x| | | + DELE |4.1.2.13 |x| | | | | + RMD |4.1.2.13 |x| | | | | + MKD |4.1.2.13 |x| | | | | + PWD |4.1.2.13 |x| | | | | + LIST |4.1.2.13 |x| | | | | + NLST |4.1.2.13 |x| | | | | + SITE |4.1.2.8 | | |x| | | + STAT |4.1.2.13 |x| | | | | + SYST |4.1.2.13 |x| | | | | + HELP |4.1.2.13 |x| | | | | + NOOP |4.1.2.13 |x| | | | | + | | | | | | | + + + +Internet Engineering Task Force [Page 42] + + + + +RFC1123 FILE TRANSFER -- FTP October 1989 + + +User Interface: | | | | | | | + Arbitrary pathnames |4.1.4.1 |x| | | | | + Implement "QUOTE" command |4.1.4.2 |x| | | | | + Transfer control commands immediately |4.1.4.2 | |x| | | | + Display error messages to user |4.1.4.3 | |x| | | | + Verbose mode |4.1.4.3 | |x| | | | + Maintain synchronization with server |4.1.4.4 | |x| | | | + +Footnotes: + +(1) For the values shown earlier. + +(2) Here m is number of bits in a memory word. + +(3) Required for host with record-structured file system, optional + otherwise. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Internet Engineering Task Force [Page 43] + + + + +RFC1123 FILE TRANSFER -- TFTP October 1989 + + + 4.2 TRIVIAL FILE TRANSFER PROTOCOL -- TFTP + + 4.2.1 INTRODUCTION + + The Trivial File Transfer Protocol TFTP is defined in RFC-783 + [TFTP:1]. + + TFTP provides its own reliable delivery with UDP as its + transport protocol, using a simple stop-and-wait acknowledgment + system. Since TFTP has an effective window of only one 512 + octet segment, it can provide good performance only over paths + that have a small delay*bandwidth product. The TFTP file + interface is very simple, providing no access control or + security. + + TFTP's most important application is bootstrapping a host over + a local network, since it is simple and small enough to be + easily implemented in EPROM [BOOT:1, BOOT:2]. Vendors are + urged to support TFTP for booting. + + 4.2.2 PROTOCOL WALK-THROUGH + + The TFTP specification [TFTP:1] is written in an open style, + and does not fully specify many parts of the protocol. + + 4.2.2.1 Transfer Modes: RFC-783, Page 3 + + The transfer mode "mail" SHOULD NOT be supported. + + 4.2.2.2 UDP Header: RFC-783, Page 17 + + The Length field of a UDP header is incorrectly defined; it + includes the UDP header length (8). + + 4.2.3 SPECIFIC ISSUES + + 4.2.3.1 Sorcerer's Apprentice Syndrome + + There is a serious bug, known as the "Sorcerer's Apprentice + Syndrome," in the protocol specification. While it does not + cause incorrect operation of the transfer (the file will + always be transferred correctly if the transfer completes), + this bug may cause excessive retransmission, which may cause + the transfer to time out. + + Implementations MUST contain the fix for this problem: the + sender (i.e., the side originating the DATA packets) must + never resend the current DATA packet on receipt of a + + + +Internet Engineering Task Force [Page 44] + + + + +RFC1123 FILE TRANSFER -- TFTP October 1989 + + + duplicate ACK. + + DISCUSSION: + The bug is caused by the protocol rule that either + side, on receiving an old duplicate datagram, may + resend the current datagram. If a packet is delayed in + the network but later successfully delivered after + either side has timed out and retransmitted a packet, a + duplicate copy of the response may be generated. If + the other side responds to this duplicate with a + duplicate of its own, then every datagram will be sent + in duplicate for the remainder of the transfer (unless + a datagram is lost, breaking the repetition). Worse + yet, since the delay is often caused by congestion, + this duplicate transmission will usually causes more + congestion, leading to more delayed packets, etc. + + The following example may help to clarify this problem. + + TFTP A TFTP B + + (1) Receive ACK X-1 + Send DATA X + (2) Receive DATA X + Send ACK X + (ACK X is delayed in network, + and A times out): + (3) Retransmit DATA X + + (4) Receive DATA X again + Send ACK X again + (5) Receive (delayed) ACK X + Send DATA X+1 + (6) Receive DATA X+1 + Send ACK X+1 + (7) Receive ACK X again + Send DATA X+1 again + (8) Receive DATA X+1 again + Send ACK X+1 again + (9) Receive ACK X+1 + Send DATA X+2 + (10) Receive DATA X+2 + Send ACK X+3 + (11) Receive ACK X+1 again + Send DATA X+2 again + (12) Receive DATA X+2 again + Send ACK X+3 again + + + + +Internet Engineering Task Force [Page 45] + + + + +RFC1123 FILE TRANSFER -- TFTP October 1989 + + + Notice that once the delayed ACK arrives, the protocol + settles down to duplicate all further packets + (sequences 5-8 and 9-12). The problem is caused not by + either side timing out, but by both sides + retransmitting the current packet when they receive a + duplicate. + + The fix is to break the retransmission loop, as + indicated above. This is analogous to the behavior of + TCP. It is then possible to remove the retransmission + timer on the receiver, since the resent ACK will never + cause any action; this is a useful simplification where + TFTP is used in a bootstrap program. It is OK to allow + the timer to remain, and it may be helpful if the + retransmitted ACK replaces one that was genuinely lost + in the network. The sender still requires a retransmit + timer, of course. + + 4.2.3.2 Timeout Algorithms + + A TFTP implementation MUST use an adaptive timeout. + + IMPLEMENTATION: + TCP retransmission algorithms provide a useful base to + work from. At least an exponential backoff of + retransmission timeout is necessary. + + 4.2.3.3 Extensions + + A variety of non-standard extensions have been made to TFTP, + including additional transfer modes and a secure operation + mode (with passwords). None of these have been + standardized. + + 4.2.3.4 Access Control + + A server TFTP implementation SHOULD include some + configurable access control over what pathnames are allowed + in TFTP operations. + + 4.2.3.5 Broadcast Request + + A TFTP request directed to a broadcast address SHOULD be + silently ignored. + + DISCUSSION: + Due to the weak access control capability of TFTP, + directed broadcasts of TFTP requests to random networks + + + +Internet Engineering Task Force [Page 46] + + + + +RFC1123 FILE TRANSFER -- TFTP October 1989 + + + could create a significant security hole. + + 4.2.4 TFTP REQUIREMENTS SUMMARY + + | | | | |S| | + | | | | |H| |F + | | | | |O|M|o + | | |S| |U|U|o + | | |H| |L|S|t + | |M|O| |D|T|n + | |U|U|M| | |o + | |S|L|A|N|N|t + | |T|D|Y|O|O|t +FEATURE |SECTION | | | |T|T|e +-------------------------------------------------|--------|-|-|-|-|-|-- +Fix Sorcerer's Apprentice Syndrome |4.2.3.1 |x| | | | | +Transfer modes: | | | | | | | + netascii |RFC-783 |x| | | | | + octet |RFC-783 |x| | | | | + mail |4.2.2.1 | | | |x| | + extensions |4.2.3.3 | | |x| | | +Use adaptive timeout |4.2.3.2 |x| | | | | +Configurable access control |4.2.3.4 | |x| | | | +Silently ignore broadcast request |4.2.3.5 | |x| | | | +-------------------------------------------------|--------|-|-|-|-|-|-- +-------------------------------------------------|--------|-|-|-|-|-|-- + + + + + + + + + + + + + + + + + + + + + + + + + +Internet Engineering Task Force [Page 47] + + + + +RFC1123 MAIL -- SMTP & RFC-822 October 1989 + + +5. ELECTRONIC MAIL -- SMTP and RFC-822 + + 5.1 INTRODUCTION + + In the TCP/IP protocol suite, electronic mail in a format + specified in RFC-822 [SMTP:2] is transmitted using the Simple Mail + Transfer Protocol (SMTP) defined in RFC-821 [SMTP:1]. + + While SMTP has remained unchanged over the years, the Internet + community has made several changes in the way SMTP is used. In + particular, the conversion to the Domain Name System (DNS) has + caused changes in address formats and in mail routing. In this + section, we assume familiarity with the concepts and terminology + of the DNS, whose requirements are given in Section 6.1. + + RFC-822 specifies the Internet standard format for electronic mail + messages. RFC-822 supercedes an older standard, RFC-733, that may + still be in use in a few places, although it is obsolete. The two + formats are sometimes referred to simply by number ("822" and + "733"). + + RFC-822 is used in some non-Internet mail environments with + different mail transfer protocols than SMTP, and SMTP has also + been adapted for use in some non-Internet environments. Note that + this document presents the rules for the use of SMTP and RFC-822 + for the Internet environment only; other mail environments that + use these protocols may be expected to have their own rules. + + 5.2 PROTOCOL WALK-THROUGH + + This section covers both RFC-821 and RFC-822. + + The SMTP specification in RFC-821 is clear and contains numerous + examples, so implementors should not find it difficult to + understand. This section simply updates or annotates portions of + RFC-821 to conform with current usage. + + RFC-822 is a long and dense document, defining a rich syntax. + Unfortunately, incomplete or defective implementations of RFC-822 + are common. In fact, nearly all of the many formats of RFC-822 + are actually used, so an implementation generally needs to + recognize and correctly interpret all of the RFC-822 syntax. + + 5.2.1 The SMTP Model: RFC-821 Section 2 + + DISCUSSION: + Mail is sent by a series of request/response transactions + between a client, the "sender-SMTP," and a server, the + + + +Internet Engineering Task Force [Page 48] + + + + +RFC1123 MAIL -- SMTP & RFC-822 October 1989 + + + "receiver-SMTP". These transactions pass (1) the message + proper, which is composed of header and body, and (2) SMTP + source and destination addresses, referred to as the + "envelope". + + The SMTP programs are analogous to Message Transfer Agents + (MTAs) of X.400. There will be another level of protocol + software, closer to the end user, that is responsible for + composing and analyzing RFC-822 message headers; this + component is known as the "User Agent" in X.400, and we + use that term in this document. There is a clear logical + distinction between the User Agent and the SMTP + implementation, since they operate on different levels of + protocol. Note, however, that this distinction is may not + be exactly reflected the structure of typical + implementations of Internet mail. Often there is a + program known as the "mailer" that implements SMTP and + also some of the User Agent functions; the rest of the + User Agent functions are included in a user interface used + for entering and reading mail. + + The SMTP envelope is constructed at the originating site, + typically by the User Agent when the message is first + queued for the Sender-SMTP program. The envelope + addresses may be derived from information in the message + header, supplied by the user interface (e.g., to implement + a bcc: request), or derived from local configuration + information (e.g., expansion of a mailing list). The SMTP + envelope cannot in general be re-derived from the header + at a later stage in message delivery, so the envelope is + transmitted separately from the message itself using the + MAIL and RCPT commands of SMTP. + + The text of RFC-821 suggests that mail is to be delivered + to an individual user at a host. With the advent of the + domain system and of mail routing using mail-exchange (MX) + resource records, implementors should now think of + delivering mail to a user at a domain, which may or may + not be a particular host. This DOES NOT change the fact + that SMTP is a host-to-host mail exchange protocol. + + 5.2.2 Canonicalization: RFC-821 Section 3.1 + + The domain names that a Sender-SMTP sends in MAIL and RCPT + commands MUST have been "canonicalized," i.e., they must be + fully-qualified principal names or domain literals, not + nicknames or domain abbreviations. A canonicalized name either + identifies a host directly or is an MX name; it cannot be a + + + +Internet Engineering Task Force [Page 49] + + + + +RFC1123 MAIL -- SMTP & RFC-822 October 1989 + + + CNAME. + + 5.2.3 VRFY and EXPN Commands: RFC-821 Section 3.3 + + A receiver-SMTP MUST implement VRFY and SHOULD implement EXPN + (this requirement overrides RFC-821). However, there MAY be + configuration information to disable VRFY and EXPN in a + particular installation; this might even allow EXPN to be + disabled for selected lists. + + A new reply code is defined for the VRFY command: + + 252 Cannot VRFY user (e.g., info is not local), but will + take message for this user and attempt delivery. + + DISCUSSION: + SMTP users and administrators make regular use of these + commands for diagnosing mail delivery problems. With the + increasing use of multi-level mailing list expansion + (sometimes more than two levels), EXPN has been + increasingly important for diagnosing inadvertent mail + loops. On the other hand, some feel that EXPN represents + a significant privacy, and perhaps even a security, + exposure. + + 5.2.4 SEND, SOML, and SAML Commands: RFC-821 Section 3.4 + + An SMTP MAY implement the commands to send a message to a + user's terminal: SEND, SOML, and SAML. + + DISCUSSION: + It has been suggested that the use of mail relaying + through an MX record is inconsistent with the intent of + SEND to deliver a message immediately and directly to a + user's terminal. However, an SMTP receiver that is unable + to write directly to the user terminal can return a "251 + User Not Local" reply to the RCPT following a SEND, to + inform the originator of possibly deferred delivery. + + 5.2.5 HELO Command: RFC-821 Section 3.5 + + The sender-SMTP MUST ensure that the <domain> parameter in a + HELO command is a valid principal host domain name for the + client host. As a result, the receiver-SMTP will not have to + perform MX resolution on this name in order to validate the + HELO parameter. + + The HELO receiver MAY verify that the HELO parameter really + + + +Internet Engineering Task Force [Page 50] + + + + +RFC1123 MAIL -- SMTP & RFC-822 October 1989 + + + corresponds to the IP address of the sender. However, the + receiver MUST NOT refuse to accept a message, even if the + sender's HELO command fails verification. + + DISCUSSION: + Verifying the HELO parameter requires a domain name lookup + and may therefore take considerable time. An alternative + tool for tracking bogus mail sources is suggested below + (see "DATA Command"). + + Note also that the HELO argument is still required to have + valid <domain> syntax, since it will appear in a Received: + line; otherwise, a 501 error is to be sent. + + IMPLEMENTATION: + When HELO parameter validation fails, a suggested + procedure is to insert a note about the unknown + authenticity of the sender into the message header (e.g., + in the "Received:" line). + + 5.2.6 Mail Relay: RFC-821 Section 3.6 + + We distinguish three types of mail (store-and-) forwarding: + + (1) A simple forwarder or "mail exchanger" forwards a message + using private knowledge about the recipient; see section + 3.2 of RFC-821. + + (2) An SMTP mail "relay" forwards a message within an SMTP + mail environment as the result of an explicit source route + (as defined in section 3.6 of RFC-821). The SMTP relay + function uses the "@...:" form of source route from RFC- + 822 (see Section 5.2.19 below). + + (3) A mail "gateway" passes a message between different + environments. The rules for mail gateways are discussed + below in Section 5.3.7. + + An Internet host that is forwarding a message but is not a + gateway to a different mail environment (i.e., it falls under + (1) or (2)) SHOULD NOT alter any existing header fields, + although the host will add an appropriate Received: line as + required in Section 5.2.8. + + A Sender-SMTP SHOULD NOT send a RCPT TO: command containing an + explicit source route using the "@...:" address form. Thus, + the relay function defined in section 3.6 of RFC-821 should + not be used. + + + +Internet Engineering Task Force [Page 51] + + + + +RFC1123 MAIL -- SMTP & RFC-822 October 1989 + + + DISCUSSION: + The intent is to discourage all source routing and to + abolish explicit source routing for mail delivery within + the Internet environment. Source-routing is unnecessary; + the simple target address "user@domain" should always + suffice. This is the result of an explicit architectural + decision to use universal naming rather than source + routing for mail. Thus, SMTP provides end-to-end + connectivity, and the DNS provides globally-unique, + location-independent names. MX records handle the major + case where source routing might otherwise be needed. + + A receiver-SMTP MUST accept the explicit source route syntax in + the envelope, but it MAY implement the relay function as + defined in section 3.6 of RFC-821. If it does not implement + the relay function, it SHOULD attempt to deliver the message + directly to the host to the right of the right-most "@" sign. + + DISCUSSION: + For example, suppose a host that does not implement the + relay function receives a message with the SMTP command: + "RCPT TO:<@ALPHA,@BETA:joe@GAMMA>", where ALPHA, BETA, and + GAMMA represent domain names. Rather than immediately + refusing the message with a 550 error reply as suggested + on page 20 of RFC-821, the host should try to forward the + message to GAMMA directly, using: "RCPT TO:<joe@GAMMA>". + Since this host does not support relaying, it is not + required to update the reverse path. + + Some have suggested that source routing may be needed + occasionally for manually routing mail around failures; + however, the reality and importance of this need is + controversial. The use of explicit SMTP mail relaying for + this purpose is discouraged, and in fact it may not be + successful, as many host systems do not support it. Some + have used the "%-hack" (see Section 5.2.16) for this + purpose. + + 5.2.7 RCPT Command: RFC-821 Section 4.1.1 + + A host that supports a receiver-SMTP MUST support the reserved + mailbox "Postmaster". + + The receiver-SMTP MAY verify RCPT parameters as they arrive; + however, RCPT responses MUST NOT be delayed beyond a reasonable + time (see Section 5.3.2). + + Therefore, a "250 OK" response to a RCPT does not necessarily + + + +Internet Engineering Task Force [Page 52] + + + + +RFC1123 MAIL -- SMTP & RFC-822 October 1989 + + + imply that the delivery address(es) are valid. Errors found + after message acceptance will be reported by mailing a + notification message to an appropriate address (see Section + 5.3.3). + + DISCUSSION: + The set of conditions under which a RCPT parameter can be + validated immediately is an engineering design choice. + Reporting destination mailbox errors to the Sender-SMTP + before mail is transferred is generally desirable to save + time and network bandwidth, but this advantage is lost if + RCPT verification is lengthy. + + For example, the receiver can verify immediately any + simple local reference, such as a single locally- + registered mailbox. On the other hand, the "reasonable + time" limitation generally implies deferring verification + of a mailing list until after the message has been + transferred and accepted, since verifying a large mailing + list can take a very long time. An implementation might + or might not choose to defer validation of addresses that + are non-local and therefore require a DNS lookup. If a + DNS lookup is performed but a soft domain system error + (e.g., timeout) occurs, validity must be assumed. + + 5.2.8 DATA Command: RFC-821 Section 4.1.1 + + Every receiver-SMTP (not just one that "accepts a message for + relaying or for final delivery" [SMTP:1]) MUST insert a + "Received:" line at the beginning of a message. In this line, + called a "time stamp line" in RFC-821: + + * The FROM field SHOULD contain both (1) the name of the + source host as presented in the HELO command and (2) a + domain literal containing the IP address of the source, + determined from the TCP connection. + + * The ID field MAY contain an "@" as suggested in RFC-822, + but this is not required. + + * The FOR field MAY contain a list of <path> entries when + multiple RCPT commands have been given. + + + An Internet mail program MUST NOT change a Received: line that + was previously added to the message header. + + + + + +Internet Engineering Task Force [Page 53] + + + + +RFC1123 MAIL -- SMTP & RFC-822 October 1989 + + + DISCUSSION: + Including both the source host and the IP source address + in the Received: line may provide enough information for + tracking illicit mail sources and eliminate a need to + explicitly verify the HELO parameter. + + Received: lines are primarily intended for humans tracing + mail routes, primarily of diagnosis of faults. See also + the discussion under 5.3.7. + + When the receiver-SMTP makes "final delivery" of a message, + then it MUST pass the MAIL FROM: address from the SMTP envelope + with the message, for use if an error notification message must + be sent later (see Section 5.3.3). There is an analogous + requirement when gatewaying from the Internet into a different + mail environment; see Section 5.3.7. + + DISCUSSION: + Note that the final reply to the DATA command depends only + upon the successful transfer and storage of the message. + Any problem with the destination address(es) must either + (1) have been reported in an SMTP error reply to the RCPT + command(s), or (2) be reported in a later error message + mailed to the originator. + + IMPLEMENTATION: + The MAIL FROM: information may be passed as a parameter or + in a Return-Path: line inserted at the beginning of the + message. + + 5.2.9 Command Syntax: RFC-821 Section 4.1.2 + + The syntax shown in RFC-821 for the MAIL FROM: command omits + the case of an empty path: "MAIL FROM: <>" (see RFC-821 Page + 15). An empty reverse path MUST be supported. + + 5.2.10 SMTP Replies: RFC-821 Section 4.2 + + A receiver-SMTP SHOULD send only the reply codes listed in + section 4.2.2 of RFC-821 or in this document. A receiver-SMTP + SHOULD use the text shown in examples in RFC-821 whenever + appropriate. + + A sender-SMTP MUST determine its actions only by the reply + code, not by the text (except for 251 and 551 replies); any + text, including no text at all, must be acceptable. The space + (blank) following the reply code is considered part of the + text. Whenever possible, a sender-SMTP SHOULD test only the + + + +Internet Engineering Task Force [Page 54] + + + + +RFC1123 MAIL -- SMTP & RFC-822 October 1989 + + + first digit of the reply code, as specified in Appendix E of + RFC-821. + + DISCUSSION: + Interoperability problems have arisen with SMTP systems + using reply codes that are not listed explicitly in RFC- + 821 Section 4.3 but are legal according to the theory of + reply codes explained in Appendix E. + + 5.2.11 Transparency: RFC-821 Section 4.5.2 + + Implementors MUST be sure that their mail systems always add + and delete periods to ensure message transparency. + + 5.2.12 WKS Use in MX Processing: RFC-974, p. 5 + + RFC-974 [SMTP:3] recommended that the domain system be queried + for WKS ("Well-Known Service") records, to verify that each + proposed mail target does support SMTP. Later experience has + shown that WKS is not widely supported, so the WKS step in MX + processing SHOULD NOT be used. + + The following are notes on RFC-822, organized by section of that + document. + + 5.2.13 RFC-822 Message Specification: RFC-822 Section 4 + + The syntax shown for the Return-path line omits the possibility + of a null return path, which is used to prevent looping of + error notifications (see Section 5.3.3). The complete syntax + is: + + return = "Return-path" ":" route-addr + / "Return-path" ":" "<" ">" + + The set of optional header fields is hereby expanded to include + the Content-Type field defined in RFC-1049 [SMTP:7]. This + field "allows mail reading systems to automatically identify + the type of a structured message body and to process it for + display accordingly". [SMTP:7] A User Agent MAY support this + field. + + 5.2.14 RFC-822 Date and Time Specification: RFC-822 Section 5 + + The syntax for the date is hereby changed to: + + date = 1*2DIGIT month 2*4DIGIT + + + + +Internet Engineering Task Force [Page 55] + + + + +RFC1123 MAIL -- SMTP & RFC-822 October 1989 + + + All mail software SHOULD use 4-digit years in dates, to ease + the transition to the next century. + + There is a strong trend towards the use of numeric timezone + indicators, and implementations SHOULD use numeric timezones + instead of timezone names. However, all implementations MUST + accept either notation. If timezone names are used, they MUST + be exactly as defined in RFC-822. + + The military time zones are specified incorrectly in RFC-822: + they count the wrong way from UT (the signs are reversed). As + a result, military time zones in RFC-822 headers carry no + information. + + Finally, note that there is a typo in the definition of "zone" + in the syntax summary of appendix D; the correct definition + occurs in Section 3 of RFC-822. + + 5.2.15 RFC-822 Syntax Change: RFC-822 Section 6.1 + + The syntactic definition of "mailbox" in RFC-822 is hereby + changed to: + + mailbox = addr-spec ; simple address + / [phrase] route-addr ; name & addr-spec + + That is, the phrase preceding a route address is now OPTIONAL. + This change makes the following header field legal, for + example: + + From: <craig@nnsc.nsf.net> + + 5.2.16 RFC-822 Local-part: RFC-822 Section 6.2 + + The basic mailbox address specification has the form: "local- + part@domain". Here "local-part", sometimes called the "left- + hand side" of the address, is domain-dependent. + + A host that is forwarding the message but is not the + destination host implied by the right-hand side "domain" MUST + NOT interpret or modify the "local-part" of the address. + + When mail is to be gatewayed from the Internet mail environment + into a foreign mail environment (see Section 5.3.7), routing + information for that foreign environment MAY be embedded within + the "local-part" of the address. The gateway will then + interpret this local part appropriately for the foreign mail + environment. + + + +Internet Engineering Task Force [Page 56] + + + + +RFC1123 MAIL -- SMTP & RFC-822 October 1989 + + + DISCUSSION: + Although source routes are discouraged within the Internet + (see Section 5.2.6), there are non-Internet mail + environments whose delivery mechanisms do depend upon + source routes. Source routes for extra-Internet + environments can generally be buried in the "local-part" + of the address (see Section 5.2.16) while mail traverses + the Internet. When the mail reaches the appropriate + Internet mail gateway, the gateway will interpret the + local-part and build the necessary address or route for + the target mail environment. + + For example, an Internet host might send mail to: + "a!b!c!user@gateway-domain". The complex local part + "a!b!c!user" would be uninterpreted within the Internet + domain, but could be parsed and understood by the + specified mail gateway. + + An embedded source route is sometimes encoded in the + "local-part" using "%" as a right-binding routing + operator. For example, in: + + user%domain%relay3%relay2@relay1 + + the "%" convention implies that the mail is to be routed + from "relay1" through "relay2", "relay3", and finally to + "user" at "domain". This is commonly known as the "%- + hack". It is suggested that "%" have lower precedence + than any other routing operator (e.g., "!") hidden in the + local-part; for example, "a!b%c" would be interpreted as + "(a!b)%c". + + Only the target host (in this case, "relay1") is permitted + to analyze the local-part "user%domain%relay3%relay2". + + 5.2.17 Domain Literals: RFC-822 Section 6.2.3 + + A mailer MUST be able to accept and parse an Internet domain + literal whose content ("dtext"; see RFC-822) is a dotted- + decimal host address. This satisfies the requirement of + Section 2.1 for the case of mail. + + An SMTP MUST accept and recognize a domain literal for any of + its own IP addresses. + + + + + + + +Internet Engineering Task Force [Page 57] + + + + +RFC1123 MAIL -- SMTP & RFC-822 October 1989 + + + 5.2.18 Common Address Formatting Errors: RFC-822 Section 6.1 + + Errors in formatting or parsing 822 addresses are unfortunately + common. This section mentions only the most common errors. A + User Agent MUST accept all valid RFC-822 address formats, and + MUST NOT generate illegal address syntax. + + o A common error is to leave out the semicolon after a group + identifier. + + o Some systems fail to fully-qualify domain names in + messages they generate. The right-hand side of an "@" + sign in a header address field MUST be a fully-qualified + domain name. + + For example, some systems fail to fully-qualify the From: + address; this prevents a "reply" command in the user + interface from automatically constructing a return + address. + + DISCUSSION: + Although RFC-822 allows the local use of abbreviated + domain names within a domain, the application of + RFC-822 in Internet mail does not allow this. The + intent is that an Internet host must not send an SMTP + message header containing an abbreviated domain name + in an address field. This allows the address fields + of the header to be passed without alteration across + the Internet, as required in Section 5.2.6. + + o Some systems mis-parse multiple-hop explicit source routes + such as: + + @relay1,@relay2,@relay3:user@domain. + + + o Some systems over-qualify domain names by adding a + trailing dot to some or all domain names in addresses or + message-ids. This violates RFC-822 syntax. + + + 5.2.19 Explicit Source Routes: RFC-822 Section 6.2.7 + + Internet host software SHOULD NOT create an RFC-822 header + containing an address with an explicit source route, but MUST + accept such headers for compatibility with earlier systems. + + DISCUSSION: + + + +Internet Engineering Task Force [Page 58] + + + + +RFC1123 MAIL -- SMTP & RFC-822 October 1989 + + + In an understatement, RFC-822 says "The use of explicit + source routing is discouraged". Many hosts implemented + RFC-822 source routes incorrectly, so the syntax cannot be + used unambiguously in practice. Many users feel the + syntax is ugly. Explicit source routes are not needed in + the mail envelope for delivery; see Section 5.2.6. For + all these reasons, explicit source routes using the RFC- + 822 notations are not to be used in Internet mail headers. + + As stated in Section 5.2.16, it is necessary to allow an + explicit source route to be buried in the local-part of an + address, e.g., using the "%-hack", in order to allow mail + to be gatewayed into another environment in which explicit + source routing is necessary. The vigilant will observe + that there is no way for a User Agent to detect and + prevent the use of such implicit source routing when the + destination is within the Internet. We can only + discourage source routing of any kind within the Internet, + as unnecessary and undesirable. + + 5.3 SPECIFIC ISSUES + + 5.3.1 SMTP Queueing Strategies + + The common structure of a host SMTP implementation includes + user mailboxes, one or more areas for queueing messages in + transit, and one or more daemon processes for sending and + receiving mail. The exact structure will vary depending on the + needs of the users on the host and the number and size of + mailing lists supported by the host. We describe several + optimizations that have proved helpful, particularly for + mailers supporting high traffic levels. + + Any queueing strategy MUST include: + + o Timeouts on all activities. See Section 5.3.2. + + o Never sending error messages in response to error + messages. + + + 5.3.1.1 Sending Strategy + + The general model of a sender-SMTP is one or more processes + that periodically attempt to transmit outgoing mail. In a + typical system, the program that composes a message has some + method for requesting immediate attention for a new piece of + outgoing mail, while mail that cannot be transmitted + + + +Internet Engineering Task Force [Page 59] + + + + +RFC1123 MAIL -- SMTP & RFC-822 October 1989 + + + immediately MUST be queued and periodically retried by the + sender. A mail queue entry will include not only the + message itself but also the envelope information. + + The sender MUST delay retrying a particular destination + after one attempt has failed. In general, the retry + interval SHOULD be at least 30 minutes; however, more + sophisticated and variable strategies will be beneficial + when the sender-SMTP can determine the reason for non- + delivery. + + Retries continue until the message is transmitted or the + sender gives up; the give-up time generally needs to be at + least 4-5 days. The parameters to the retry algorithm MUST + be configurable. + + A sender SHOULD keep a list of hosts it cannot reach and + corresponding timeouts, rather than just retrying queued + mail items. + + DISCUSSION: + Experience suggests that failures are typically + transient (the target system has crashed), favoring a + policy of two connection attempts in the first hour the + message is in the queue, and then backing off to once + every two or three hours. + + The sender-SMTP can shorten the queueing delay by + cooperation with the receiver-SMTP. In particular, if + mail is received from a particular address, it is good + evidence that any mail queued for that host can now be + sent. + + The strategy may be further modified as a result of + multiple addresses per host (see Section 5.3.4), to + optimize delivery time vs. resource usage. + + A sender-SMTP may have a large queue of messages for + each unavailable destination host, and if it retried + all these messages in every retry cycle, there would be + excessive Internet overhead and the daemon would be + blocked for a long period. Note that an SMTP can + generally determine that a delivery attempt has failed + only after a timeout of a minute or more; a one minute + timeout per connection will result in a very large + delay if it is repeated for dozens or even hundreds of + queued messages. + + + + +Internet Engineering Task Force [Page 60] + + + + +RFC1123 MAIL -- SMTP & RFC-822 October 1989 + + + When the same message is to be delivered to several users on + the same host, only one copy of the message SHOULD be + transmitted. That is, the sender-SMTP should use the + command sequence: RCPT, RCPT,... RCPT, DATA instead of the + sequence: RCPT, DATA, RCPT, DATA,... RCPT, DATA. + Implementation of this efficiency feature is strongly urged. + + Similarly, the sender-SMTP MAY support multiple concurrent + outgoing mail transactions to achieve timely delivery. + However, some limit SHOULD be imposed to protect the host + from devoting all its resources to mail. + + The use of the different addresses of a multihomed host is + discussed below. + + 5.3.1.2 Receiving strategy + + The receiver-SMTP SHOULD attempt to keep a pending listen on + the SMTP port at all times. This will require the support + of multiple incoming TCP connections for SMTP. Some limit + MAY be imposed. + + IMPLEMENTATION: + When the receiver-SMTP receives mail from a particular + host address, it could notify the sender-SMTP to retry + any mail pending for that host address. + + 5.3.2 Timeouts in SMTP + + There are two approaches to timeouts in the sender-SMTP: (a) + limit the time for each SMTP command separately, or (b) limit + the time for the entire SMTP dialogue for a single mail + message. A sender-SMTP SHOULD use option (a), per-command + timeouts. Timeouts SHOULD be easily reconfigurable, preferably + without recompiling the SMTP code. + + DISCUSSION: + Timeouts are an essential feature of an SMTP + implementation. If the timeouts are too long (or worse, + there are no timeouts), Internet communication failures or + software bugs in receiver-SMTP programs can tie up SMTP + processes indefinitely. If the timeouts are too short, + resources will be wasted with attempts that time out part + way through message delivery. + + If option (b) is used, the timeout has to be very large, + e.g., an hour, to allow time to expand very large mailing + lists. The timeout may also need to increase linearly + + + +Internet Engineering Task Force [Page 61] + + + + +RFC1123 MAIL -- SMTP & RFC-822 October 1989 + + + with the size of the message, to account for the time to + transmit a very large message. A large fixed timeout + leads to two problems: a failure can still tie up the + sender for a very long time, and very large messages may + still spuriously time out (which is a wasteful failure!). + + Using the recommended option (a), a timer is set for each + SMTP command and for each buffer of the data transfer. + The latter means that the overall timeout is inherently + proportional to the size of the message. + + Based on extensive experience with busy mail-relay hosts, the + minimum per-command timeout values SHOULD be as follows: + + o Initial 220 Message: 5 minutes + + A Sender-SMTP process needs to distinguish between a + failed TCP connection and a delay in receiving the initial + 220 greeting message. Many receiver-SMTPs will accept a + TCP connection but delay delivery of the 220 message until + their system load will permit more mail to be processed. + + o MAIL Command: 5 minutes + + + o RCPT Command: 5 minutes + + A longer timeout would be required if processing of + mailing lists and aliases were not deferred until after + the message was accepted. + + o DATA Initiation: 2 minutes + + This is while awaiting the "354 Start Input" reply to a + DATA command. + + o Data Block: 3 minutes + + This is while awaiting the completion of each TCP SEND + call transmitting a chunk of data. + + o DATA Termination: 10 minutes. + + This is while awaiting the "250 OK" reply. When the + receiver gets the final period terminating the message + data, it typically performs processing to deliver the + message to a user mailbox. A spurious timeout at this + point would be very wasteful, since the message has been + + + +Internet Engineering Task Force [Page 62] + + + + +RFC1123 MAIL -- SMTP & RFC-822 October 1989 + + + successfully sent. + + A receiver-SMTP SHOULD have a timeout of at least 5 minutes + while it is awaiting the next command from the sender. + + 5.3.3 Reliable Mail Receipt + + When the receiver-SMTP accepts a piece of mail (by sending a + "250 OK" message in response to DATA), it is accepting + responsibility for delivering or relaying the message. It must + take this responsibility seriously, i.e., it MUST NOT lose the + message for frivolous reasons, e.g., because the host later + crashes or because of a predictable resource shortage. + + If there is a delivery failure after acceptance of a message, + the receiver-SMTP MUST formulate and mail a notification + message. This notification MUST be sent using a null ("<>") + reverse path in the envelope; see Section 3.6 of RFC-821. The + recipient of this notification SHOULD be the address from the + envelope return path (or the Return-Path: line). However, if + this address is null ("<>"), the receiver-SMTP MUST NOT send a + notification. If the address is an explicit source route, it + SHOULD be stripped down to its final hop. + + DISCUSSION: + For example, suppose that an error notification must be + sent for a message that arrived with: + "MAIL FROM:<@a,@b:user@d>". The notification message + should be sent to: "RCPT TO:<user@d>". + + Some delivery failures after the message is accepted by + SMTP will be unavoidable. For example, it may be + impossible for the receiver-SMTP to validate all the + delivery addresses in RCPT command(s) due to a "soft" + domain system error or because the target is a mailing + list (see earlier discussion of RCPT). + + To avoid receiving duplicate messages as the result of + timeouts, a receiver-SMTP MUST seek to minimize the time + required to respond to the final "." that ends a message + transfer. See RFC-1047 [SMTP:4] for a discussion of this + problem. + + 5.3.4 Reliable Mail Transmission + + To transmit a message, a sender-SMTP determines the IP address + of the target host from the destination address in the + envelope. Specifically, it maps the string to the right of the + + + +Internet Engineering Task Force [Page 63] + + + + +RFC1123 MAIL -- SMTP & RFC-822 October 1989 + + + "@" sign into an IP address. This mapping or the transfer + itself may fail with a soft error, in which case the sender- + SMTP will requeue the outgoing mail for a later retry, as + required in Section 5.3.1.1. + + When it succeeds, the mapping can result in a list of + alternative delivery addresses rather than a single address, + because of (a) multiple MX records, (b) multihoming, or both. + To provide reliable mail transmission, the sender-SMTP MUST be + able to try (and retry) each of the addresses in this list in + order, until a delivery attempt succeeds. However, there MAY + also be a configurable limit on the number of alternate + addresses that can be tried. In any case, a host SHOULD try at + least two addresses. + + The following information is to be used to rank the host + addresses: + + (1) Multiple MX Records -- these contain a preference + indication that should be used in sorting. If there are + multiple destinations with the same preference and there + is no clear reason to favor one (e.g., by address + preference), then the sender-SMTP SHOULD pick one at + random to spread the load across multiple mail exchanges + for a specific organization; note that this is a + refinement of the procedure in [DNS:3]. + + (2) Multihomed host -- The destination host (perhaps taken + from the preferred MX record) may be multihomed, in which + case the domain name resolver will return a list of + alternative IP addresses. It is the responsibility of the + domain name resolver interface (see Section 6.1.3.4 below) + to have ordered this list by decreasing preference, and + SMTP MUST try them in the order presented. + + DISCUSSION: + Although the capability to try multiple alternative + addresses is required, there may be circumstances where + specific installations want to limit or disable the use of + alternative addresses. The question of whether a sender + should attempt retries using the different addresses of a + multihomed host has been controversial. The main argument + for using the multiple addresses is that it maximizes the + probability of timely delivery, and indeed sometimes the + probability of any delivery; the counter argument is that + it may result in unnecessary resource use. + + Note that resource use is also strongly determined by the + + + +Internet Engineering Task Force [Page 64] + + + + +RFC1123 MAIL -- SMTP & RFC-822 October 1989 + + + sending strategy discussed in Section 5.3.1. + + 5.3.5 Domain Name Support + + SMTP implementations MUST use the mechanism defined in Section + 6.1 for mapping between domain names and IP addresses. This + means that every Internet SMTP MUST include support for the + Internet DNS. + + In particular, a sender-SMTP MUST support the MX record scheme + [SMTP:3]. See also Section 7.4 of [DNS:2] for information on + domain name support for SMTP. + + 5.3.6 Mailing Lists and Aliases + + An SMTP-capable host SHOULD support both the alias and the list + form of address expansion for multiple delivery. When a + message is delivered or forwarded to each address of an + expanded list form, the return address in the envelope + ("MAIL FROM:") MUST be changed to be the address of a person + who administers the list, but the message header MUST be left + unchanged; in particular, the "From" field of the message is + unaffected. + + DISCUSSION: + An important mail facility is a mechanism for multi- + destination delivery of a single message, by transforming + or "expanding" a pseudo-mailbox address into a list of + destination mailbox addresses. When a message is sent to + such a pseudo-mailbox (sometimes called an "exploder"), + copies are forwarded or redistributed to each mailbox in + the expanded list. We classify such a pseudo-mailbox as + an "alias" or a "list", depending upon the expansion + rules: + + (a) Alias + + To expand an alias, the recipient mailer simply + replaces the pseudo-mailbox address in the envelope + with each of the expanded addresses in turn; the rest + of the envelope and the message body are left + unchanged. The message is then delivered or + forwarded to each expanded address. + + (b) List + + A mailing list may be said to operate by + "redistribution" rather than by "forwarding". To + + + +Internet Engineering Task Force [Page 65] + + + + +RFC1123 MAIL -- SMTP & RFC-822 October 1989 + + + expand a list, the recipient mailer replaces the + pseudo-mailbox address in the envelope with each of + the expanded addresses in turn. The return address in + the envelope is changed so that all error messages + generated by the final deliveries will be returned to + a list administrator, not to the message originator, + who generally has no control over the contents of the + list and will typically find error messages annoying. + + + 5.3.7 Mail Gatewaying + + Gatewaying mail between different mail environments, i.e., + different mail formats and protocols, is complex and does not + easily yield to standardization. See for example [SMTP:5a], + [SMTP:5b]. However, some general requirements may be given for + a gateway between the Internet and another mail environment. + + (A) Header fields MAY be rewritten when necessary as messages + are gatewayed across mail environment boundaries. + + DISCUSSION: + This may involve interpreting the local-part of the + destination address, as suggested in Section 5.2.16. + + The other mail systems gatewayed to the Internet + generally use a subset of RFC-822 headers, but some + of them do not have an equivalent to the SMTP + envelope. Therefore, when a message leaves the + Internet environment, it may be necessary to fold the + SMTP envelope information into the message header. A + possible solution would be to create new header + fields to carry the envelope information (e.g., "X- + SMTP-MAIL:" and "X-SMTP-RCPT:"); however, this would + require changes in mail programs in the foreign + environment. + + (B) When forwarding a message into or out of the Internet + environment, a gateway MUST prepend a Received: line, but + it MUST NOT alter in any way a Received: line that is + already in the header. + + DISCUSSION: + This requirement is a subset of the general + "Received:" line requirement of Section 5.2.8; it is + restated here for emphasis. + + Received: fields of messages originating from other + + + +Internet Engineering Task Force [Page 66] + + + + +RFC1123 MAIL -- SMTP & RFC-822 October 1989 + + + environments may not conform exactly to RFC822. + However, the most important use of Received: lines is + for debugging mail faults, and this debugging can be + severely hampered by well-meaning gateways that try + to "fix" a Received: line. + + The gateway is strongly encouraged to indicate the + environment and protocol in the "via" clauses of + Received field(s) that it supplies. + + (C) From the Internet side, the gateway SHOULD accept all + valid address formats in SMTP commands and in RFC-822 + headers, and all valid RFC-822 messages. Although a + gateway must accept an RFC-822 explicit source route + ("@...:" format) in either the RFC-822 header or in the + envelope, it MAY or may not act on the source route; see + Sections 5.2.6 and 5.2.19. + + DISCUSSION: + It is often tempting to restrict the range of + addresses accepted at the mail gateway to simplify + the translation into addresses for the remote + environment. This practice is based on the + assumption that mail users have control over the + addresses their mailers send to the mail gateway. In + practice, however, users have little control over the + addresses that are finally sent; their mailers are + free to change addresses into any legal RFC-822 + format. + + (D) The gateway MUST ensure that all header fields of a + message that it forwards into the Internet meet the + requirements for Internet mail. In particular, all + addresses in "From:", "To:", "Cc:", etc., fields must be + transformed (if necessary) to satisfy RFC-822 syntax, and + they must be effective and useful for sending replies. + + + (E) The translation algorithm used to convert mail from the + Internet protocols to another environment's protocol + SHOULD try to ensure that error messages from the foreign + mail environment are delivered to the return path from the + SMTP envelope, not to the sender listed in the "From:" + field of the RFC-822 message. + + DISCUSSION: + Internet mail lists usually place the address of the + mail list maintainer in the envelope but leave the + + + +Internet Engineering Task Force [Page 67] + + + + +RFC1123 MAIL -- SMTP & RFC-822 October 1989 + + + original message header intact (with the "From:" + field containing the original sender). This yields + the behavior the average recipient expects: a reply + to the header gets sent to the original sender, not + to a mail list maintainer; however, errors get sent + to the maintainer (who can fix the problem) and not + the sender (who probably cannot). + + (F) Similarly, when forwarding a message from another + environment into the Internet, the gateway SHOULD set the + envelope return path in accordance with an error message + return address, if any, supplied by the foreign + environment. + + + 5.3.8 Maximum Message Size + + Mailer software MUST be able to send and receive messages of at + least 64K bytes in length (including header), and a much larger + maximum size is highly desirable. + + DISCUSSION: + Although SMTP does not define the maximum size of a + message, many systems impose implementation limits. + + The current de facto minimum limit in the Internet is 64K + bytes. However, electronic mail is used for a variety of + purposes that create much larger messages. For example, + mail is often used instead of FTP for transmitting ASCII + files, and in particular to transmit entire documents. As + a result, messages can be 1 megabyte or even larger. We + note that the present document together with its lower- + layer companion contains 0.5 megabytes. + + + + + + + + + + + + + + + + + + +Internet Engineering Task Force [Page 68] + + + + +RFC1123 MAIL -- SMTP & RFC-822 October 1989 + + + 5.4 SMTP REQUIREMENTS SUMMARY + + | | | | |S| | + | | | | |H| |F + | | | | |O|M|o + | | |S| |U|U|o + | | |H| |L|S|t + | |M|O| |D|T|n + | |U|U|M| | |o + | |S|L|A|N|N|t + | |T|D|Y|O|O|t +FEATURE |SECTION | | | |T|T|e +-----------------------------------------------|----------|-|-|-|-|-|-- + | | | | | | | +RECEIVER-SMTP: | | | | | | | + Implement VRFY |5.2.3 |x| | | | | + Implement EXPN |5.2.3 | |x| | | | + EXPN, VRFY configurable |5.2.3 | | |x| | | + Implement SEND, SOML, SAML |5.2.4 | | |x| | | + Verify HELO parameter |5.2.5 | | |x| | | + Refuse message with bad HELO |5.2.5 | | | | |x| + Accept explicit src-route syntax in env. |5.2.6 |x| | | | | + Support "postmaster" |5.2.7 |x| | | | | + Process RCPT when received (except lists) |5.2.7 | | |x| | | + Long delay of RCPT responses |5.2.7 | | | | |x| + | | | | | | | + Add Received: line |5.2.8 |x| | | | | + Received: line include domain literal |5.2.8 | |x| | | | + Change previous Received: line |5.2.8 | | | | |x| + Pass Return-Path info (final deliv/gwy) |5.2.8 |x| | | | | + Support empty reverse path |5.2.9 |x| | | | | + Send only official reply codes |5.2.10 | |x| | | | + Send text from RFC-821 when appropriate |5.2.10 | |x| | | | + Delete "." for transparency |5.2.11 |x| | | | | + Accept and recognize self domain literal(s) |5.2.17 |x| | | | | + | | | | | | | + Error message about error message |5.3.1 | | | | |x| + Keep pending listen on SMTP port |5.3.1.2 | |x| | | | + Provide limit on recv concurrency |5.3.1.2 | | |x| | | + Wait at least 5 mins for next sender cmd |5.3.2 | |x| | | | + Avoidable delivery failure after "250 OK" |5.3.3 | | | | |x| + Send error notification msg after accept |5.3.3 |x| | | | | + Send using null return path |5.3.3 |x| | | | | + Send to envelope return path |5.3.3 | |x| | | | + Send to null address |5.3.3 | | | | |x| + Strip off explicit src route |5.3.3 | |x| | | | + Minimize acceptance delay (RFC-1047) |5.3.3 |x| | | | | +-----------------------------------------------|----------|-|-|-|-|-|-- + + + +Internet Engineering Task Force [Page 69] + + + + +RFC1123 MAIL -- SMTP & RFC-822 October 1989 + + + | | | | | | | +SENDER-SMTP: | | | | | | | + Canonicalized domain names in MAIL, RCPT |5.2.2 |x| | | | | + Implement SEND, SOML, SAML |5.2.4 | | |x| | | + Send valid principal host name in HELO |5.2.5 |x| | | | | + Send explicit source route in RCPT TO: |5.2.6 | | | |x| | + Use only reply code to determine action |5.2.10 |x| | | | | + Use only high digit of reply code when poss. |5.2.10 | |x| | | | + Add "." for transparency |5.2.11 |x| | | | | + | | | | | | | + Retry messages after soft failure |5.3.1.1 |x| | | | | + Delay before retry |5.3.1.1 |x| | | | | + Configurable retry parameters |5.3.1.1 |x| | | | | + Retry once per each queued dest host |5.3.1.1 | |x| | | | + Multiple RCPT's for same DATA |5.3.1.1 | |x| | | | + Support multiple concurrent transactions |5.3.1.1 | | |x| | | + Provide limit on concurrency |5.3.1.1 | |x| | | | + | | | | | | | + Timeouts on all activities |5.3.1 |x| | | | | + Per-command timeouts |5.3.2 | |x| | | | + Timeouts easily reconfigurable |5.3.2 | |x| | | | + Recommended times |5.3.2 | |x| | | | + Try alternate addr's in order |5.3.4 |x| | | | | + Configurable limit on alternate tries |5.3.4 | | |x| | | + Try at least two alternates |5.3.4 | |x| | | | + Load-split across equal MX alternates |5.3.4 | |x| | | | + Use the Domain Name System |5.3.5 |x| | | | | + Support MX records |5.3.5 |x| | | | | + Use WKS records in MX processing |5.2.12 | | | |x| | +-----------------------------------------------|----------|-|-|-|-|-|-- + | | | | | | | +MAIL FORWARDING: | | | | | | | + Alter existing header field(s) |5.2.6 | | | |x| | + Implement relay function: 821/section 3.6 |5.2.6 | | |x| | | + If not, deliver to RHS domain |5.2.6 | |x| | | | + Interpret 'local-part' of addr |5.2.16 | | | | |x| + | | | | | | | +MAILING LISTS AND ALIASES | | | | | | | + Support both |5.3.6 | |x| | | | + Report mail list error to local admin. |5.3.6 |x| | | | | + | | | | | | | +MAIL GATEWAYS: | | | | | | | + Embed foreign mail route in local-part |5.2.16 | | |x| | | + Rewrite header fields when necessary |5.3.7 | | |x| | | + Prepend Received: line |5.3.7 |x| | | | | + Change existing Received: line |5.3.7 | | | | |x| + Accept full RFC-822 on Internet side |5.3.7 | |x| | | | + Act on RFC-822 explicit source route |5.3.7 | | |x| | | + + + +Internet Engineering Task Force [Page 70] + + + + +RFC1123 MAIL -- SMTP & RFC-822 October 1989 + + + Send only valid RFC-822 on Internet side |5.3.7 |x| | | | | + Deliver error msgs to envelope addr |5.3.7 | |x| | | | + Set env return path from err return addr |5.3.7 | |x| | | | + | | | | | | | +USER AGENT -- RFC-822 | | | | | | | + Allow user to enter <route> address |5.2.6 | | | |x| | + Support RFC-1049 Content Type field |5.2.13 | | |x| | | + Use 4-digit years |5.2.14 | |x| | | | + Generate numeric timezones |5.2.14 | |x| | | | + Accept all timezones |5.2.14 |x| | | | | + Use non-num timezones from RFC-822 |5.2.14 |x| | | | | + Omit phrase before route-addr |5.2.15 | | |x| | | + Accept and parse dot.dec. domain literals |5.2.17 |x| | | | | + Accept all RFC-822 address formats |5.2.18 |x| | | | | + Generate invalid RFC-822 address format |5.2.18 | | | | |x| + Fully-qualified domain names in header |5.2.18 |x| | | | | + Create explicit src route in header |5.2.19 | | | |x| | + Accept explicit src route in header |5.2.19 |x| | | | | + | | | | | | | +Send/recv at least 64KB messages |5.3.8 |x| | | | | + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Internet Engineering Task Force [Page 71] + + + + +RFC1123 SUPPORT SERVICES -- DOMAINS October 1989 + + +6. SUPPORT SERVICES + + 6.1 DOMAIN NAME TRANSLATION + + 6.1.1 INTRODUCTION + + Every host MUST implement a resolver for the Domain Name System + (DNS), and it MUST implement a mechanism using this DNS + resolver to convert host names to IP addresses and vice-versa + [DNS:1, DNS:2]. + + In addition to the DNS, a host MAY also implement a host name + translation mechanism that searches a local Internet host + table. See Section 6.1.3.8 for more information on this + option. + + DISCUSSION: + Internet host name translation was originally performed by + searching local copies of a table of all hosts. This + table became too large to update and distribute in a + timely manner and too large to fit into many hosts, so the + DNS was invented. + + The DNS creates a distributed database used primarily for + the translation between host names and host addresses. + Implementation of DNS software is required. The DNS + consists of two logically distinct parts: name servers and + resolvers (although implementations often combine these + two logical parts in the interest of efficiency) [DNS:2]. + + Domain name servers store authoritative data about certain + sections of the database and answer queries about the + data. Domain resolvers query domain name servers for data + on behalf of user processes. Every host therefore needs a + DNS resolver; some host machines will also need to run + domain name servers. Since no name server has complete + information, in general it is necessary to obtain + information from more than one name server to resolve a + query. + + 6.1.2 PROTOCOL WALK-THROUGH + + An implementor must study references [DNS:1] and [DNS:2] + carefully. They provide a thorough description of the theory, + protocol, and implementation of the domain name system, and + reflect several years of experience. + + + + + +Internet Engineering Task Force [Page 72] + + + + +RFC1123 SUPPORT SERVICES -- DOMAINS October 1989 + + + 6.1.2.1 Resource Records with Zero TTL: RFC-1035 Section 3.2.1 + + All DNS name servers and resolvers MUST properly handle RRs + with a zero TTL: return the RR to the client but do not + cache it. + + DISCUSSION: + Zero TTL values are interpreted to mean that the RR can + only be used for the transaction in progress, and + should not be cached; they are useful for extremely + volatile data. + + 6.1.2.2 QCLASS Values: RFC-1035 Section 3.2.5 + + A query with "QCLASS=*" SHOULD NOT be used unless the + requestor is seeking data from more than one class. In + particular, if the requestor is only interested in Internet + data types, QCLASS=IN MUST be used. + + 6.1.2.3 Unused Fields: RFC-1035 Section 4.1.1 + + Unused fields in a query or response message MUST be zero. + + 6.1.2.4 Compression: RFC-1035 Section 4.1.4 + + Name servers MUST use compression in responses. + + DISCUSSION: + Compression is essential to avoid overflowing UDP + datagrams; see Section 6.1.3.2. + + 6.1.2.5 Misusing Configuration Info: RFC-1035 Section 6.1.2 + + Recursive name servers and full-service resolvers generally + have some configuration information containing hints about + the location of root or local name servers. An + implementation MUST NOT include any of these hints in a + response. + + DISCUSSION: + Many implementors have found it convenient to store + these hints as if they were cached data, but some + neglected to ensure that this "cached data" was not + included in responses. This has caused serious + problems in the Internet when the hints were obsolete + or incorrect. + + + + + +Internet Engineering Task Force [Page 73] + + + + +RFC1123 SUPPORT SERVICES -- DOMAINS October 1989 + + + 6.1.3 SPECIFIC ISSUES + + 6.1.3.1 Resolver Implementation + + A name resolver SHOULD be able to multiplex concurrent + requests if the host supports concurrent processes. + + In implementing a DNS resolver, one of two different models + MAY optionally be chosen: a full-service resolver, or a stub + resolver. + + + (A) Full-Service Resolver + + A full-service resolver is a complete implementation of + the resolver service, and is capable of dealing with + communication failures, failure of individual name + servers, location of the proper name server for a given + name, etc. It must satisfy the following requirements: + + o The resolver MUST implement a local caching + function to avoid repeated remote access for + identical requests, and MUST time out information + in the cache. + + o The resolver SHOULD be configurable with start-up + information pointing to multiple root name servers + and multiple name servers for the local domain. + This insures that the resolver will be able to + access the whole name space in normal cases, and + will be able to access local domain information + should the local network become disconnected from + the rest of the Internet. + + + (B) Stub Resolver + + A "stub resolver" relies on the services of a recursive + name server on the connected network or a "nearby" + network. This scheme allows the host to pass on the + burden of the resolver function to a name server on + another host. This model is often essential for less + capable hosts, such as PCs, and is also recommended + when the host is one of several workstations on a local + network, because it allows all of the workstations to + share the cache of the recursive name server and hence + reduce the number of domain requests exported by the + local network. + + + +Internet Engineering Task Force [Page 74] + + + + +RFC1123 SUPPORT SERVICES -- DOMAINS October 1989 + + + At a minimum, the stub resolver MUST be capable of + directing its requests to redundant recursive name + servers. Note that recursive name servers are allowed + to restrict the sources of requests that they will + honor, so the host administrator must verify that the + service will be provided. Stub resolvers MAY implement + caching if they choose, but if so, MUST timeout cached + information. + + + 6.1.3.2 Transport Protocols + + DNS resolvers and recursive servers MUST support UDP, and + SHOULD support TCP, for sending (non-zone-transfer) queries. + Specifically, a DNS resolver or server that is sending a + non-zone-transfer query MUST send a UDP query first. If the + Answer section of the response is truncated and if the + requester supports TCP, it SHOULD try the query again using + TCP. + + DNS servers MUST be able to service UDP queries and SHOULD + be able to service TCP queries. A name server MAY limit the + resources it devotes to TCP queries, but it SHOULD NOT + refuse to service a TCP query just because it would have + succeeded with UDP. + + Truncated responses MUST NOT be saved (cached) and later + used in such a way that the fact that they are truncated is + lost. + + DISCUSSION: + UDP is preferred over TCP for queries because UDP + queries have much lower overhead, both in packet count + and in connection state. The use of UDP is essential + for heavily-loaded servers, especially the root + servers. UDP also offers additional robustness, since + a resolver can attempt several UDP queries to different + servers for the cost of a single TCP query. + + It is possible for a DNS response to be truncated, + although this is a very rare occurrence in the present + Internet DNS. Practically speaking, truncation cannot + be predicted, since it is data-dependent. The + dependencies include the number of RRs in the answer, + the size of each RR, and the savings in space realized + by the name compression algorithm. As a rule of thumb, + truncation in NS and MX lists should not occur for + answers containing 15 or fewer RRs. + + + +Internet Engineering Task Force [Page 75] + + + + +RFC1123 SUPPORT SERVICES -- DOMAINS October 1989 + + + Whether it is possible to use a truncated answer + depends on the application. A mailer must not use a + truncated MX response, since this could lead to mail + loops. + + Responsible practices can make UDP suffice in the vast + majority of cases. Name servers must use compression + in responses. Resolvers must differentiate truncation + of the Additional section of a response (which only + loses extra information) from truncation of the Answer + section (which for MX records renders the response + unusable by mailers). Database administrators should + list only a reasonable number of primary names in lists + of name servers, MX alternatives, etc. + + However, it is also clear that some new DNS record + types defined in the future will contain information + exceeding the 512 byte limit that applies to UDP, and + hence will require TCP. Thus, resolvers and name + servers should implement TCP services as a backup to + UDP today, with the knowledge that they will require + the TCP service in the future. + + By private agreement, name servers and resolvers MAY arrange + to use TCP for all traffic between themselves. TCP MUST be + used for zone transfers. + + A DNS server MUST have sufficient internal concurrency that + it can continue to process UDP queries while awaiting a + response or performing a zone transfer on an open TCP + connection [DNS:2]. + + A server MAY support a UDP query that is delivered using an + IP broadcast or multicast address. However, the Recursion + Desired bit MUST NOT be set in a query that is multicast, + and MUST be ignored by name servers receiving queries via a + broadcast or multicast address. A host that sends broadcast + or multicast DNS queries SHOULD send them only as occasional + probes, caching the IP address(es) it obtains from the + response(s) so it can normally send unicast queries. + + DISCUSSION: + Broadcast or (especially) IP multicast can provide a + way to locate nearby name servers without knowing their + IP addresses in advance. However, general broadcasting + of recursive queries can result in excessive and + unnecessary load on both network and servers. + + + + +Internet Engineering Task Force [Page 76] + + + + +RFC1123 SUPPORT SERVICES -- DOMAINS October 1989 + + + 6.1.3.3 Efficient Resource Usage + + The following requirements on servers and resolvers are very + important to the health of the Internet as a whole, + particularly when DNS services are invoked repeatedly by + higher level automatic servers, such as mailers. + + (1) The resolver MUST implement retransmission controls to + insure that it does not waste communication bandwidth, + and MUST impose finite bounds on the resources consumed + to respond to a single request. See [DNS:2] pages 43- + 44 for specific recommendations. + + (2) After a query has been retransmitted several times + without a response, an implementation MUST give up and + return a soft error to the application. + + (3) All DNS name servers and resolvers SHOULD cache + temporary failures, with a timeout period of the order + of minutes. + + DISCUSSION: + This will prevent applications that immediately + retry soft failures (in violation of Section 2.2 + of this document) from generating excessive DNS + traffic. + + (4) All DNS name servers and resolvers SHOULD cache + negative responses that indicate the specified name, or + data of the specified type, does not exist, as + described in [DNS:2]. + + (5) When a DNS server or resolver retries a UDP query, the + retry interval SHOULD be constrained by an exponential + backoff algorithm, and SHOULD also have upper and lower + bounds. + + IMPLEMENTATION: + A measured RTT and variance (if available) should + be used to calculate an initial retransmission + interval. If this information is not available, a + default of no less than 5 seconds should be used. + Implementations may limit the retransmission + interval, but this limit must exceed twice the + Internet maximum segment lifetime plus service + delay at the name server. + + (6) When a resolver or server receives a Source Quench for + + + +Internet Engineering Task Force [Page 77] + + + + +RFC1123 SUPPORT SERVICES -- DOMAINS October 1989 + + + a query it has issued, it SHOULD take steps to reduce + the rate of querying that server in the near future. A + server MAY ignore a Source Quench that it receives as + the result of sending a response datagram. + + IMPLEMENTATION: + One recommended action to reduce the rate is to + send the next query attempt to an alternate + server, if there is one available. Another is to + backoff the retry interval for the same server. + + + 6.1.3.4 Multihomed Hosts + + When the host name-to-address function encounters a host + with multiple addresses, it SHOULD rank or sort the + addresses using knowledge of the immediately connected + network number(s) and any other applicable performance or + history information. + + DISCUSSION: + The different addresses of a multihomed host generally + imply different Internet paths, and some paths may be + preferable to others in performance, reliability, or + administrative restrictions. There is no general way + for the domain system to determine the best path. A + recommended approach is to base this decision on local + configuration information set by the system + administrator. + + IMPLEMENTATION: + The following scheme has been used successfully: + + (a) Incorporate into the host configuration data a + Network-Preference List, that is simply a list of + networks in preferred order. This list may be + empty if there is no preference. + + (b) When a host name is mapped into a list of IP + addresses, these addresses should be sorted by + network number, into the same order as the + corresponding networks in the Network-Preference + List. IP addresses whose networks do not appear + in the Network-Preference List should be placed at + the end of the list. + + + + + + +Internet Engineering Task Force [Page 78] + + + + +RFC1123 SUPPORT SERVICES -- DOMAINS October 1989 + + + 6.1.3.5 Extensibility + + DNS software MUST support all well-known, class-independent + formats [DNS:2], and SHOULD be written to minimize the + trauma associated with the introduction of new well-known + types and local experimentation with non-standard types. + + DISCUSSION: + The data types and classes used by the DNS are + extensible, and thus new types will be added and old + types deleted or redefined. Introduction of new data + types ought to be dependent only upon the rules for + compression of domain names inside DNS messages, and + the translation between printable (i.e., master file) + and internal formats for Resource Records (RRs). + + Compression relies on knowledge of the format of data + inside a particular RR. Hence compression must only be + used for the contents of well-known, class-independent + RRs, and must never be used for class-specific RRs or + RR types that are not well-known. The owner name of an + RR is always eligible for compression. + + A name server may acquire, via zone transfer, RRs that + the server doesn't know how to convert to printable + format. A resolver can receive similar information as + the result of queries. For proper operation, this data + must be preserved, and hence the implication is that + DNS software cannot use textual formats for internal + storage. + + The DNS defines domain name syntax very generally -- a + string of labels each containing up to 63 8-bit octets, + separated by dots, and with a maximum total of 255 + octets. Particular applications of the DNS are + permitted to further constrain the syntax of the domain + names they use, although the DNS deployment has led to + some applications allowing more general names. In + particular, Section 2.1 of this document liberalizes + slightly the syntax of a legal Internet host name that + was defined in RFC-952 [DNS:4]. + + 6.1.3.6 Status of RR Types + + Name servers MUST be able to load all RR types except MD and + MF from configuration files. The MD and MF types are + obsolete and MUST NOT be implemented; in particular, name + servers MUST NOT load these types from configuration files. + + + +Internet Engineering Task Force [Page 79] + + + + +RFC1123 SUPPORT SERVICES -- DOMAINS October 1989 + + + DISCUSSION: + The RR types MB, MG, MR, NULL, MINFO and RP are + considered experimental, and applications that use the + DNS cannot expect these RR types to be supported by + most domains. Furthermore these types are subject to + redefinition. + + The TXT and WKS RR types have not been widely used by + Internet sites; as a result, an application cannot rely + on the the existence of a TXT or WKS RR in most + domains. + + 6.1.3.7 Robustness + + DNS software may need to operate in environments where the + root servers or other servers are unavailable due to network + connectivity or other problems. In this situation, DNS name + servers and resolvers MUST continue to provide service for + the reachable part of the name space, while giving temporary + failures for the rest. + + DISCUSSION: + Although the DNS is meant to be used primarily in the + connected Internet, it should be possible to use the + system in networks which are unconnected to the + Internet. Hence implementations must not depend on + access to root servers before providing service for + local names. + + 6.1.3.8 Local Host Table + + DISCUSSION: + A host may use a local host table as a backup or + supplement to the DNS. This raises the question of + which takes precedence, the DNS or the host table; the + most flexible approach would make this a configuration + option. + + Typically, the contents of such a supplementary host + table will be determined locally by the site. However, + a publically-available table of Internet hosts is + maintained by the DDN Network Information Center (DDN + NIC), with a format documented in [DNS:4]. This table + can be retrieved from the DDN NIC using a protocol + described in [DNS:5]. It must be noted that this table + contains only a small fraction of all Internet hosts. + Hosts using this protocol to retrieve the DDN NIC host + table should use the VERSION command to check if the + + + +Internet Engineering Task Force [Page 80] + + + + +RFC1123 SUPPORT SERVICES -- DOMAINS October 1989 + + + table has changed before requesting the entire table + with the ALL command. The VERSION identifier should be + treated as an arbitrary string and tested only for + equality; no numerical sequence may be assumed. + + The DDN NIC host table includes administrative + information that is not needed for host operation and + is therefore not currently included in the DNS + database; examples include network and gateway entries. + However, much of this additional information will be + added to the DNS in the future. Conversely, the DNS + provides essential services (in particular, MX records) + that are not available from the DDN NIC host table. + + 6.1.4 DNS USER INTERFACE + + 6.1.4.1 DNS Administration + + This document is concerned with design and implementation + issues in host software, not with administrative or + operational issues. However, administrative issues are of + particular importance in the DNS, since errors in particular + segments of this large distributed database can cause poor + or erroneous performance for many sites. These issues are + discussed in [DNS:6] and [DNS:7]. + + 6.1.4.2 DNS User Interface + + Hosts MUST provide an interface to the DNS for all + application programs running on the host. This interface + will typically direct requests to a system process to + perform the resolver function [DNS:1, 6.1:2]. + + At a minimum, the basic interface MUST support a request for + all information of a specific type and class associated with + a specific name, and it MUST return either all of the + requested information, a hard error code, or a soft error + indication. When there is no error, the basic interface + returns the complete response information without + modification, deletion, or ordering, so that the basic + interface will not need to be changed to accommodate new + data types. + + DISCUSSION: + The soft error indication is an essential part of the + interface, since it may not always be possible to + access particular information from the DNS; see Section + 6.1.3.3. + + + +Internet Engineering Task Force [Page 81] + + + + +RFC1123 SUPPORT SERVICES -- DOMAINS October 1989 + + + A host MAY provide other DNS interfaces tailored to + particular functions, transforming the raw domain data into + formats more suited to these functions. In particular, a + host MUST provide a DNS interface to facilitate translation + between host addresses and host names. + + 6.1.4.3 Interface Abbreviation Facilities + + User interfaces MAY provide a method for users to enter + abbreviations for commonly-used names. Although the + definition of such methods is outside of the scope of the + DNS specification, certain rules are necessary to insure + that these methods allow access to the entire DNS name space + and to prevent excessive use of Internet resources. + + If an abbreviation method is provided, then: + + (a) There MUST be some convention for denoting that a name + is already complete, so that the abbreviation method(s) + are suppressed. A trailing dot is the usual method. + + (b) Abbreviation expansion MUST be done exactly once, and + MUST be done in the context in which the name was + entered. + + + DISCUSSION: + For example, if an abbreviation is used in a mail + program for a destination, the abbreviation should be + expanded into a full domain name and stored in the + queued message with an indication that it is already + complete. Otherwise, the abbreviation might be + expanded with a mail system search list, not the + user's, or a name could grow due to repeated + canonicalizations attempts interacting with wildcards. + + The two most common abbreviation methods are: + + (1) Interface-level aliases + + Interface-level aliases are conceptually implemented as + a list of alias/domain name pairs. The list can be + per-user or per-host, and separate lists can be + associated with different functions, e.g. one list for + host name-to-address translation, and a different list + for mail domains. When the user enters a name, the + interface attempts to match the name to the alias + component of a list entry, and if a matching entry can + + + +Internet Engineering Task Force [Page 82] + + + + +RFC1123 SUPPORT SERVICES -- DOMAINS October 1989 + + + be found, the name is replaced by the domain name found + in the pair. + + Note that interface-level aliases and CNAMEs are + completely separate mechanisms; interface-level aliases + are a local matter while CNAMEs are an Internet-wide + aliasing mechanism which is a required part of any DNS + implementation. + + (2) Search Lists + + A search list is conceptually implemented as an ordered + list of domain names. When the user enters a name, the + domain names in the search list are used as suffixes to + the user-supplied name, one by one, until a domain name + with the desired associated data is found, or the + search list is exhausted. Search lists often contain + the name of the local host's parent domain or other + ancestor domains. Search lists are often per-user or + per-process. + + It SHOULD be possible for an administrator to disable a + DNS search-list facility. Administrative denial may be + warranted in some cases, to prevent abuse of the DNS. + + There is danger that a search-list mechanism will + generate excessive queries to the root servers while + testing whether user input is a complete domain name, + lacking a final period to mark it as complete. A + search-list mechanism MUST have one of, and SHOULD have + both of, the following two provisions to prevent this: + + (a) The local resolver/name server can implement + caching of negative responses (see Section + 6.1.3.3). + + (b) The search list expander can require two or more + interior dots in a generated domain name before it + tries using the name in a query to non-local + domain servers, such as the root. + + DISCUSSION: + The intent of this requirement is to avoid + excessive delay for the user as the search list is + tested, and more importantly to prevent excessive + traffic to the root and other high-level servers. + For example, if the user supplied a name "X" and + the search list contained the root as a component, + + + +Internet Engineering Task Force [Page 83] + + + + +RFC1123 SUPPORT SERVICES -- DOMAINS October 1989 + + + a query would have to consult a root server before + the next search list alternative could be tried. + The resulting load seen by the root servers and + gateways near the root would be multiplied by the + number of hosts in the Internet. + + The negative caching alternative limits the effect + to the first time a name is used. The interior + dot rule is simpler to implement but can prevent + easy use of some top-level names. + + + 6.1.5 DOMAIN NAME SYSTEM REQUIREMENTS SUMMARY + + | | | | |S| | + | | | | |H| |F + | | | | |O|M|o + | | |S| |U|U|o + | | |H| |L|S|t + | |M|O| |D|T|n + | |U|U|M| | |o + | |S|L|A|N|N|t + | |T|D|Y|O|O|t +FEATURE |SECTION | | | |T|T|e +-----------------------------------------------|-----------|-|-|-|-|-|-- +GENERAL ISSUES | | | | | | | + | | | | | | | +Implement DNS name-to-address conversion |6.1.1 |x| | | | | +Implement DNS address-to-name conversion |6.1.1 |x| | | | | +Support conversions using host table |6.1.1 | | |x| | | +Properly handle RR with zero TTL |6.1.2.1 |x| | | | | +Use QCLASS=* unnecessarily |6.1.2.2 | |x| | | | + Use QCLASS=IN for Internet class |6.1.2.2 |x| | | | | +Unused fields zero |6.1.2.3 |x| | | | | +Use compression in responses |6.1.2.4 |x| | | | | + | | | | | | | +Include config info in responses |6.1.2.5 | | | | |x| +Support all well-known, class-indep. types |6.1.3.5 |x| | | | | +Easily expand type list |6.1.3.5 | |x| | | | +Load all RR types (except MD and MF) |6.1.3.6 |x| | | | | +Load MD or MF type |6.1.3.6 | | | | |x| +Operate when root servers, etc. unavailable |6.1.3.7 |x| | | | | +-----------------------------------------------|-----------|-|-|-|-|-|-- +RESOLVER ISSUES: | | | | | | | + | | | | | | | +Resolver support multiple concurrent requests |6.1.3.1 | |x| | | | +Full-service resolver: |6.1.3.1 | | |x| | | + Local caching |6.1.3.1 |x| | | | | + + + +Internet Engineering Task Force [Page 84] + + + + +RFC1123 SUPPORT SERVICES -- DOMAINS October 1989 + + + Information in local cache times out |6.1.3.1 |x| | | | | + Configurable with starting info |6.1.3.1 | |x| | | | +Stub resolver: |6.1.3.1 | | |x| | | + Use redundant recursive name servers |6.1.3.1 |x| | | | | + Local caching |6.1.3.1 | | |x| | | + Information in local cache times out |6.1.3.1 |x| | | | | +Support for remote multi-homed hosts: | | | | | | | + Sort multiple addresses by preference list |6.1.3.4 | |x| | | | + | | | | | | | +-----------------------------------------------|-----------|-|-|-|-|-|-- +TRANSPORT PROTOCOLS: | | | | | | | + | | | | | | | +Support UDP queries |6.1.3.2 |x| | | | | +Support TCP queries |6.1.3.2 | |x| | | | + Send query using UDP first |6.1.3.2 |x| | | | |1 + Try TCP if UDP answers are truncated |6.1.3.2 | |x| | | | +Name server limit TCP query resources |6.1.3.2 | | |x| | | + Punish unnecessary TCP query |6.1.3.2 | | | |x| | +Use truncated data as if it were not |6.1.3.2 | | | | |x| +Private agreement to use only TCP |6.1.3.2 | | |x| | | +Use TCP for zone transfers |6.1.3.2 |x| | | | | +TCP usage not block UDP queries |6.1.3.2 |x| | | | | +Support broadcast or multicast queries |6.1.3.2 | | |x| | | + RD bit set in query |6.1.3.2 | | | | |x| + RD bit ignored by server is b'cast/m'cast |6.1.3.2 |x| | | | | + Send only as occasional probe for addr's |6.1.3.2 | |x| | | | +-----------------------------------------------|-----------|-|-|-|-|-|-- +RESOURCE USAGE: | | | | | | | + | | | | | | | +Transmission controls, per [DNS:2] |6.1.3.3 |x| | | | | + Finite bounds per request |6.1.3.3 |x| | | | | +Failure after retries => soft error |6.1.3.3 |x| | | | | +Cache temporary failures |6.1.3.3 | |x| | | | +Cache negative responses |6.1.3.3 | |x| | | | +Retries use exponential backoff |6.1.3.3 | |x| | | | + Upper, lower bounds |6.1.3.3 | |x| | | | +Client handle Source Quench |6.1.3.3 | |x| | | | +Server ignore Source Quench |6.1.3.3 | | |x| | | +-----------------------------------------------|-----------|-|-|-|-|-|-- +USER INTERFACE: | | | | | | | + | | | | | | | +All programs have access to DNS interface |6.1.4.2 |x| | | | | +Able to request all info for given name |6.1.4.2 |x| | | | | +Returns complete info or error |6.1.4.2 |x| | | | | +Special interfaces |6.1.4.2 | | |x| | | + Name<->Address translation |6.1.4.2 |x| | | | | + | | | | | | | +Abbreviation Facilities: |6.1.4.3 | | |x| | | + + + +Internet Engineering Task Force [Page 85] + + + + +RFC1123 SUPPORT SERVICES -- DOMAINS October 1989 + + + Convention for complete names |6.1.4.3 |x| | | | | + Conversion exactly once |6.1.4.3 |x| | | | | + Conversion in proper context |6.1.4.3 |x| | | | | + Search list: |6.1.4.3 | | |x| | | + Administrator can disable |6.1.4.3 | |x| | | | + Prevention of excessive root queries |6.1.4.3 |x| | | | | + Both methods |6.1.4.3 | |x| | | | +-----------------------------------------------|-----------|-|-|-|-|-|-- +-----------------------------------------------|-----------|-|-|-|-|-|-- + +1. Unless there is private agreement between particular resolver and + particular server. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Internet Engineering Task Force [Page 86] + + + + +RFC1123 SUPPORT SERVICES -- INITIALIZATION October 1989 + + + 6.2 HOST INITIALIZATION + + 6.2.1 INTRODUCTION + + This section discusses the initialization of host software + across a connected network, or more generally across an + Internet path. This is necessary for a diskless host, and may + optionally be used for a host with disk drives. For a diskless + host, the initialization process is called "network booting" + and is controlled by a bootstrap program located in a boot ROM. + + To initialize a diskless host across the network, there are two + distinct phases: + + (1) Configure the IP layer. + + Diskless machines often have no permanent storage in which + to store network configuration information, so that + sufficient configuration information must be obtained + dynamically to support the loading phase that follows. + This information must include at least the IP addresses of + the host and of the boot server. To support booting + across a gateway, the address mask and a list of default + gateways are also required. + + (2) Load the host system code. + + During the loading phase, an appropriate file transfer + protocol is used to copy the system code across the + network from the boot server. + + A host with a disk may perform the first step, dynamic + configuration. This is important for microcomputers, whose + floppy disks allow network configuration information to be + mistakenly duplicated on more than one host. Also, + installation of new hosts is much simpler if they automatically + obtain their configuration information from a central server, + saving administrator time and decreasing the probability of + mistakes. + + 6.2.2 REQUIREMENTS + + 6.2.2.1 Dynamic Configuration + + A number of protocol provisions have been made for dynamic + configuration. + + o ICMP Information Request/Reply messages + + + +Internet Engineering Task Force [Page 87] + + + + +RFC1123 SUPPORT SERVICES -- INITIALIZATION October 1989 + + + This obsolete message pair was designed to allow a host + to find the number of the network it is on. + Unfortunately, it was useful only if the host already + knew the host number part of its IP address, + information that hosts requiring dynamic configuration + seldom had. + + o Reverse Address Resolution Protocol (RARP) [BOOT:4] + + RARP is a link-layer protocol for a broadcast medium + that allows a host to find its IP address given its + link layer address. Unfortunately, RARP does not work + across IP gateways and therefore requires a RARP server + on every network. In addition, RARP does not provide + any other configuration information. + + o ICMP Address Mask Request/Reply messages + + These ICMP messages allow a host to learn the address + mask for a particular network interface. + + o BOOTP Protocol [BOOT:2] + + This protocol allows a host to determine the IP + addresses of the local host and the boot server, the + name of an appropriate boot file, and optionally the + address mask and list of default gateways. To locate a + BOOTP server, the host broadcasts a BOOTP request using + UDP. Ad hoc gateway extensions have been used to + transmit the BOOTP broadcast through gateways, and in + the future the IP Multicasting facility will provide a + standard mechanism for this purpose. + + + The suggested approach to dynamic configuration is to use + the BOOTP protocol with the extensions defined in "BOOTP + Vendor Information Extensions" RFC-1084 [BOOT:3]. RFC-1084 + defines some important general (not vendor-specific) + extensions. In particular, these extensions allow the + address mask to be supplied in BOOTP; we RECOMMEND that the + address mask be supplied in this manner. + + DISCUSSION: + Historically, subnetting was defined long after IP, and + so a separate mechanism (ICMP Address Mask messages) + was designed to supply the address mask to a host. + However, the IP address mask and the corresponding IP + address conceptually form a pair, and for operational + + + +Internet Engineering Task Force [Page 88] + + + + +RFC1123 SUPPORT SERVICES -- INITIALIZATION October 1989 + + + simplicity they ought to be defined at the same time + and by the same mechanism, whether a configuration file + or a dynamic mechanism like BOOTP. + + Note that BOOTP is not sufficiently general to specify + the configurations of all interfaces of a multihomed + host. A multihomed host must either use BOOTP + separately for each interface, or configure one + interface using BOOTP to perform the loading, and + perform the complete initialization from a file later. + + Application layer configuration information is expected + to be obtained from files after loading of the system + code. + + 6.2.2.2 Loading Phase + + A suggested approach for the loading phase is to use TFTP + [BOOT:1] between the IP addresses established by BOOTP. + + TFTP to a broadcast address SHOULD NOT be used, for reasons + explained in Section 4.2.3.4. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Internet Engineering Task Force [Page 89] + + + + +RFC1123 SUPPORT SERVICES -- MANAGEMENT October 1989 + + + 6.3 REMOTE MANAGEMENT + + 6.3.1 INTRODUCTION + + The Internet community has recently put considerable effort + into the development of network management protocols. The + result has been a two-pronged approach [MGT:1, MGT:6]: the + Simple Network Management Protocol (SNMP) [MGT:4] and the + Common Management Information Protocol over TCP (CMOT) [MGT:5]. + + In order to be managed using SNMP or CMOT, a host will need to + implement an appropriate management agent. An Internet host + SHOULD include an agent for either SNMP or CMOT. + + Both SNMP and CMOT operate on a Management Information Base + (MIB) that defines a collection of management values. By + reading and setting these values, a remote application may + query and change the state of the managed system. + + A standard MIB [MGT:3] has been defined for use by both + management protocols, using data types defined by the Structure + of Management Information (SMI) defined in [MGT:2]. Additional + MIB variables can be introduced under the "enterprises" and + "experimental" subtrees of the MIB naming space [MGT:2]. + + Every protocol module in the host SHOULD implement the relevant + MIB variables. A host SHOULD implement the MIB variables as + defined in the most recent standard MIB, and MAY implement + other MIB variables when appropriate and useful. + + 6.3.2 PROTOCOL WALK-THROUGH + + The MIB is intended to cover both hosts and gateways, although + there may be detailed differences in MIB application to the two + cases. This section contains the appropriate interpretation of + the MIB for hosts. It is likely that later versions of the MIB + will include more entries for host management. + + A managed host must implement the following groups of MIB + object definitions: System, Interfaces, Address Translation, + IP, ICMP, TCP, and UDP. + + The following specific interpretations apply to hosts: + + o ipInHdrErrors + + Note that the error "time-to-live exceeded" can occur in a + host only when it is forwarding a source-routed datagram. + + + +Internet Engineering Task Force [Page 90] + + + + +RFC1123 SUPPORT SERVICES -- MANAGEMENT October 1989 + + + o ipOutNoRoutes + + This object counts datagrams discarded because no route + can be found. This may happen in a host if all the + default gateways in the host's configuration are down. + + o ipFragOKs, ipFragFails, ipFragCreates + + A host that does not implement intentional fragmentation + (see "Fragmentation" section of [INTRO:1]) MUST return the + value zero for these three objects. + + o icmpOutRedirects + + For a host, this object MUST always be zero, since hosts + do not send Redirects. + + o icmpOutAddrMaskReps + + For a host, this object MUST always be zero, unless the + host is an authoritative source of address mask + information. + + o ipAddrTable + + For a host, the "IP Address Table" object is effectively a + table of logical interfaces. + + o ipRoutingTable + + For a host, the "IP Routing Table" object is effectively a + combination of the host's Routing Cache and the static + route table described in "Routing Outbound Datagrams" + section of [INTRO:1]. + + Within each ipRouteEntry, ipRouteMetric1...4 normally will + have no meaning for a host and SHOULD always be -1, while + ipRouteType will normally have the value "remote". + + If destinations on the connected network do not appear in + the Route Cache (see "Routing Outbound Datagrams section + of [INTRO:1]), there will be no entries with ipRouteType + of "direct". + + + DISCUSSION: + The current MIB does not include Type-of-Service in an + ipRouteEntry, but a future revision is expected to make + + + +Internet Engineering Task Force [Page 91] + + + + +RFC1123 SUPPORT SERVICES -- MANAGEMENT October 1989 + + + this addition. + + We also expect the MIB to be expanded to allow the remote + management of applications (e.g., the ability to partially + reconfigure mail systems). Network service applications + such as mail systems should therefore be written with the + "hooks" for remote management. + + 6.3.3 MANAGEMENT REQUIREMENTS SUMMARY + + | | | | |S| | + | | | | |H| |F + | | | | |O|M|o + | | |S| |U|U|o + | | |H| |L|S|t + | |M|O| |D|T|n + | |U|U|M| | |o + | |S|L|A|N|N|t + | |T|D|Y|O|O|t +FEATURE |SECTION | | | |T|T|e +-----------------------------------------------|-----------|-|-|-|-|-|-- +Support SNMP or CMOT agent |6.3.1 | |x| | | | +Implement specified objects in standard MIB |6.3.1 | |x| | | | + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Internet Engineering Task Force [Page 92] + + + + +RFC1123 SUPPORT SERVICES -- MANAGEMENT October 1989 + + +7. REFERENCES + + This section lists the primary references with which every + implementer must be thoroughly familiar. It also lists some + secondary references that are suggested additional reading. + + INTRODUCTORY REFERENCES: + + + [INTRO:1] "Requirements for Internet Hosts -- Communication Layers," + IETF Host Requirements Working Group, R. Braden, Ed., RFC-1122, + October 1989. + + [INTRO:2] "DDN Protocol Handbook," NIC-50004, NIC-50005, NIC-50006, + (three volumes), SRI International, December 1985. + + [INTRO:3] "Official Internet Protocols," J. Reynolds and J. Postel, + RFC-1011, May 1987. + + This document is republished periodically with new RFC numbers; + the latest version must be used. + + [INTRO:4] "Protocol Document Order Information," O. Jacobsen and J. + Postel, RFC-980, March 1986. + + [INTRO:5] "Assigned Numbers," J. Reynolds and J. Postel, RFC-1010, + May 1987. + + This document is republished periodically with new RFC numbers; + the latest version must be used. + + + TELNET REFERENCES: + + + [TELNET:1] "Telnet Protocol Specification," J. Postel and J. + Reynolds, RFC-854, May 1983. + + [TELNET:2] "Telnet Option Specification," J. Postel and J. Reynolds, + RFC-855, May 1983. + + [TELNET:3] "Telnet Binary Transmission," J. Postel and J. Reynolds, + RFC-856, May 1983. + + [TELNET:4] "Telnet Echo Option," J. Postel and J. Reynolds, RFC-857, + May 1983. + + [TELNET:5] "Telnet Suppress Go Ahead Option," J. Postel and J. + + + +Internet Engineering Task Force [Page 93] + + + + +RFC1123 SUPPORT SERVICES -- MANAGEMENT October 1989 + + + Reynolds, RFC-858, May 1983. + + [TELNET:6] "Telnet Status Option," J. Postel and J. Reynolds, RFC- + 859, May 1983. + + [TELNET:7] "Telnet Timing Mark Option," J. Postel and J. Reynolds, + RFC-860, May 1983. + + [TELNET:8] "Telnet Extended Options List," J. Postel and J. + Reynolds, RFC-861, May 1983. + + [TELNET:9] "Telnet End-Of-Record Option," J. Postel, RFC-855, + December 1983. + + [TELNET:10] "Telnet Terminal-Type Option," J. VanBokkelen, RFC-1091, + February 1989. + + This document supercedes RFC-930. + + [TELNET:11] "Telnet Window Size Option," D. Waitzman, RFC-1073, + October 1988. + + [TELNET:12] "Telnet Linemode Option," D. Borman, RFC-1116, August + 1989. + + [TELNET:13] "Telnet Terminal Speed Option," C. Hedrick, RFC-1079, + December 1988. + + [TELNET:14] "Telnet Remote Flow Control Option," C. Hedrick, RFC- + 1080, November 1988. + + + SECONDARY TELNET REFERENCES: + + + [TELNET:15] "Telnet Protocol," MIL-STD-1782, U.S. Department of + Defense, May 1984. + + This document is intended to describe the same protocol as RFC- + 854. In case of conflict, RFC-854 takes precedence, and the + present document takes precedence over both. + + [TELNET:16] "SUPDUP Protocol," M. Crispin, RFC-734, October 1977. + + [TELNET:17] "Telnet SUPDUP Option," M. Crispin, RFC-736, October + 1977. + + [TELNET:18] "Data Entry Terminal Option," J. Day, RFC-732, June 1977. + + + +Internet Engineering Task Force [Page 94] + + + + +RFC1123 SUPPORT SERVICES -- MANAGEMENT October 1989 + + + [TELNET:19] "TELNET Data Entry Terminal option -- DODIIS + Implementation," A. Yasuda and T. Thompson, RFC-1043, February + 1988. + + + FTP REFERENCES: + + + [FTP:1] "File Transfer Protocol," J. Postel and J. Reynolds, RFC- + 959, October 1985. + + [FTP:2] "Document File Format Standards," J. Postel, RFC-678, + December 1974. + + [FTP:3] "File Transfer Protocol," MIL-STD-1780, U.S. Department of + Defense, May 1984. + + This document is based on an earlier version of the FTP + specification (RFC-765) and is obsolete. + + + TFTP REFERENCES: + + + [TFTP:1] "The TFTP Protocol Revision 2," K. Sollins, RFC-783, June + 1981. + + + MAIL REFERENCES: + + + [SMTP:1] "Simple Mail Transfer Protocol," J. Postel, RFC-821, August + 1982. + + [SMTP:2] "Standard For The Format of ARPA Internet Text Messages," + D. Crocker, RFC-822, August 1982. + + This document obsoleted an earlier specification, RFC-733. + + [SMTP:3] "Mail Routing and the Domain System," C. Partridge, RFC- + 974, January 1986. + + This RFC describes the use of MX records, a mandatory extension + to the mail delivery process. + + [SMTP:4] "Duplicate Messages and SMTP," C. Partridge, RFC-1047, + February 1988. + + + + +Internet Engineering Task Force [Page 95] + + + + +RFC1123 SUPPORT SERVICES -- MANAGEMENT October 1989 + + + [SMTP:5a] "Mapping between X.400 and RFC 822," S. Kille, RFC-987, + June 1986. + + [SMTP:5b] "Addendum to RFC-987," S. Kille, RFC-???, September 1987. + + The two preceding RFC's define a proposed standard for + gatewaying mail between the Internet and the X.400 environments. + + [SMTP:6] "Simple Mail Transfer Protocol," MIL-STD-1781, U.S. + Department of Defense, May 1984. + + This specification is intended to describe the same protocol as + does RFC-821. However, MIL-STD-1781 is incomplete; in + particular, it does not include MX records [SMTP:3]. + + [SMTP:7] "A Content-Type Field for Internet Messages," M. Sirbu, + RFC-1049, March 1988. + + + DOMAIN NAME SYSTEM REFERENCES: + + + [DNS:1] "Domain Names - Concepts and Facilities," P. Mockapetris, + RFC-1034, November 1987. + + This document and the following one obsolete RFC-882, RFC-883, + and RFC-973. + + [DNS:2] "Domain Names - Implementation and Specification," RFC-1035, + P. Mockapetris, November 1987. + + + [DNS:3] "Mail Routing and the Domain System," C. Partridge, RFC-974, + January 1986. + + + [DNS:4] "DoD Internet Host Table Specification," K. Harrenstein, + RFC-952, M. Stahl, E. Feinler, October 1985. + + SECONDARY DNS REFERENCES: + + + [DNS:5] "Hostname Server," K. Harrenstein, M. Stahl, E. Feinler, + RFC-953, October 1985. + + [DNS:6] "Domain Administrators Guide," M. Stahl, RFC-1032, November + 1987. + + + + +Internet Engineering Task Force [Page 96] + + + + +RFC1123 SUPPORT SERVICES -- MANAGEMENT October 1989 + + + [DNS:7] "Domain Administrators Operations Guide," M. Lottor, RFC- + 1033, November 1987. + + [DNS:8] "The Domain Name System Handbook," Vol. 4 of Internet + Protocol Handbook, NIC 50007, SRI Network Information Center, + August 1989. + + + SYSTEM INITIALIZATION REFERENCES: + + + [BOOT:1] "Bootstrap Loading Using TFTP," R. Finlayson, RFC-906, June + 1984. + + [BOOT:2] "Bootstrap Protocol (BOOTP)," W. Croft and J. Gilmore, RFC- + 951, September 1985. + + [BOOT:3] "BOOTP Vendor Information Extensions," J. Reynolds, RFC- + 1084, December 1988. + + Note: this RFC revised and obsoleted RFC-1048. + + [BOOT:4] "A Reverse Address Resolution Protocol," R. Finlayson, T. + Mann, J. Mogul, and M. Theimer, RFC-903, June 1984. + + + MANAGEMENT REFERENCES: + + + [MGT:1] "IAB Recommendations for the Development of Internet Network + Management Standards," V. Cerf, RFC-1052, April 1988. + + [MGT:2] "Structure and Identification of Management Information for + TCP/IP-based internets," M. Rose and K. McCloghrie, RFC-1065, + August 1988. + + [MGT:3] "Management Information Base for Network Management of + TCP/IP-based internets," M. Rose and K. McCloghrie, RFC-1066, + August 1988. + + [MGT:4] "A Simple Network Management Protocol," J. Case, M. Fedor, + M. Schoffstall, and C. Davin, RFC-1098, April 1989. + + [MGT:5] "The Common Management Information Services and Protocol + over TCP/IP," U. Warrier and L. Besaw, RFC-1095, April 1989. + + [MGT:6] "Report of the Second Ad Hoc Network Management Review + Group," V. Cerf, RFC-1109, August 1989. + + + +Internet Engineering Task Force [Page 97] + + + + +RFC1123 SUPPORT SERVICES -- MANAGEMENT October 1989 + + +Security Considerations + + There are many security issues in the application and support + programs of host software, but a full discussion is beyond the scope + of this RFC. Security-related issues are mentioned in sections + concerning TFTP (Sections 4.2.1, 4.2.3.4, 4.2.3.5), the SMTP VRFY and + EXPN commands (Section 5.2.3), the SMTP HELO command (5.2.5), and the + SMTP DATA command (Section 5.2.8). + +Author's Address + + Robert Braden + USC/Information Sciences Institute + 4676 Admiralty Way + Marina del Rey, CA 90292-6695 + + Phone: (213) 822 1511 + + EMail: Braden@ISI.EDU + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Internet Engineering Task Force [Page 98] + diff --git a/usr.sbin/named/doc/rfc/rfc1183 b/usr.sbin/named/doc/rfc/rfc1183 new file mode 100644 index 00000000000..6f080448bc7 --- /dev/null +++ b/usr.sbin/named/doc/rfc/rfc1183 @@ -0,0 +1,619 @@ + + + + + + +Network Working Group C. Everhart +Request for Comments: 1183 Transarc +Updates: RFCs 1034, 1035 L. Mamakos + University of Maryland + R. Ullmann + Prime Computer + P. Mockapetris, Editor + ISI + October 1990 + + + New DNS RR Definitions + +Status of this Memo + + This memo defines five new DNS types for experimental purposes. This + RFC describes an Experimental Protocol for the Internet community, + and requests discussion and suggestions for improvements. + Distribution of this memo is unlimited. + +Table of Contents + + Introduction.................................................... 1 + 1. AFS Data Base location....................................... 2 + 2. Responsible Person........................................... 3 + 2.1. Identification of the guilty party......................... 3 + 2.2. The Responsible Person RR.................................. 4 + 3. X.25 and ISDN addresses, Route Binding....................... 6 + 3.1. The X25 RR................................................. 6 + 3.2. The ISDN RR................................................ 7 + 3.3. The Route Through RR....................................... 8 + REFERENCES and BIBLIOGRAPHY..................................... 9 + Security Considerations......................................... 10 + Authors' Addresses.............................................. 11 + +Introduction + + This RFC defines the format of new Resource Records (RRs) for the + Domain Name System (DNS), and reserves corresponding DNS type + mnemonics and numerical codes. The definitions are in three + independent sections: (1) location of AFS database servers, (2) + location of responsible persons, and (3) representation of X.25 and + ISDN addresses and route binding. All are experimental. + + This RFC assumes that the reader is familiar with the DNS [3,4]. The + data shown is for pedagogical use and does not necessarily reflect + the real Internet. + + + + +Everhart, Mamakos, Ullmann & Mockapetris [Page 1] + +RFC 1183 New DNS RR Definitions October 1990 + + +1. AFS Data Base location + + This section defines an extension of the DNS to locate servers both + for AFS (AFS is a registered trademark of Transarc Corporation) and + for the Open Software Foundation's (OSF) Distributed Computing + Environment (DCE) authenticated naming system using HP/Apollo's NCA, + both to be components of the OSF DCE. The discussion assumes that + the reader is familiar with AFS [5] and NCA [6]. + + The AFS (originally the Andrew File System) system uses the DNS to + map from a domain name to the name of an AFS cell database server. + The DCE Naming service uses the DNS for a similar function: mapping + from the domain name of a cell to authenticated name servers for that + cell. The method uses a new RR type with mnemonic AFSDB and type + code of 18 (decimal). + + AFSDB has the following format: + + <owner> <ttl> <class> AFSDB <subtype> <hostname> + + Both RDATA fields are required in all AFSDB RRs. The <subtype> field + is a 16 bit integer. The <hostname> field is a domain name of a host + that has a server for the cell named by the owner name of the RR. + + The format of the AFSDB RR is class insensitive. AFSDB records cause + type A additional section processing for <hostname>. This, in fact, + is the rationale for using a new type code, rather than trying to + build the same functionality with TXT RRs. + + Note that the format of AFSDB in a master file is identical to MX. + For purposes of the DNS itself, the subtype is merely an integer. + The present subtype semantics are discussed below, but changes are + possible and will be announced in subsequent RFCs. + + In the case of subtype 1, the host has an AFS version 3.0 Volume + Location Server for the named AFS cell. In the case of subtype 2, + the host has an authenticated name server holding the cell-root + directory node for the named DCE/NCA cell. + + The use of subtypes is motivated by two considerations. First, the + space of DNS RR types is limited. Second, the services provided are + sufficiently distinct that it would continue to be confusing for a + client to attempt to connect to a cell's servers using the protocol + for one service, if the cell offered only the other service. + + As an example of the use of this RR, suppose that the Toaster + Corporation has deployed AFS 3.0 but not (yet) the OSF's DCE. Their + cell, named toaster.com, has three "AFS 3.0 cell database server" + + + +Everhart, Mamakos, Ullmann & Mockapetris [Page 2] + +RFC 1183 New DNS RR Definitions October 1990 + + + machines: bigbird.toaster.com, ernie.toaster.com, and + henson.toaster.com. These three machines would be listed in three + AFSDB RRs. These might appear in a master file as: + + toaster.com. AFSDB 1 bigbird.toaster.com. + toaster.com. AFSDB 1 ernie.toaster.com. + toaster.com. AFSDB 1 henson.toaster.com. + + As another example use of this RR, suppose that Femto College (domain + name femto.edu) has deployed DCE, and that their DCE cell root + directory is served by processes running on green.femto.edu and + turquoise.femto.edu. Furthermore, their DCE file servers also run + AFS 3.0-compatible volume location servers, on the hosts + turquoise.femto.edu and orange.femto.edu. These machines would be + listed in four AFSDB RRs, which might appear in a master file as: + + femto.edu. AFSDB 2 green.femto.edu. + femto.edu. AFSDB 2 turquoise.femto.edu. + femto.edu. AFSDB 1 turquoise.femto.edu. + femto.edu. AFSDB 1 orange.femto.edu. + +2. Responsible Person + + The purpose of this section is to provide a standard method for + associating responsible person identification to any name in the DNS. + + The domain name system functions as a distributed database which + contains many different form of information. For a particular name + or host, you can discover it's Internet address, mail forwarding + information, hardware type and operating system among others. + + A key aspect of the DNS is that the tree-structured namespace can be + divided into pieces, called zones, for purposes of distributing + control and responsibility. The responsible person for zone database + purposes is named in the SOA RR for that zone. This section + describes an extension which allows different responsible persons to + be specified for different names in a zone. + +2.1. Identification of the guilty party + + Often it is desirable to be able to identify the responsible entity + for a particular host. When that host is down or malfunctioning, it + is difficult to contact those parties which might resolve or repair + the host. Mail sent to POSTMASTER may not reach the person in a + timely fashion. If the host is one of a multitude of workstations, + there may be no responsible person which can be contacted on that + host. + + + + +Everhart, Mamakos, Ullmann & Mockapetris [Page 3] + +RFC 1183 New DNS RR Definitions October 1990 + + + The POSTMASTER mailbox on that host continues to be a good contact + point for mail problems, and the zone contact in the SOA record for + database problem, but the RP record allows us to associate a mailbox + to entities that don't receive mail or are not directly connected + (namespace-wise) to the problem (e.g., GATEWAY.ISI.EDU might want to + point at HOTLINE@BBN.COM, and GATEWAY doesn't get mail, nor does the + ISI zone administrator have a clue about fixing gateways). + +2.2. The Responsible Person RR + + The method uses a new RR type with mnemonic RP and type code of 17 + (decimal). + + RP has the following format: + + <owner> <ttl> <class> RP <mbox-dname> <txt-dname> + + Both RDATA fields are required in all RP RRs. + + The first field, <mbox-dname>, is a domain name that specifies the + mailbox for the responsible person. Its format in master files uses + the DNS convention for mailbox encoding, identical to that used for + the RNAME mailbox field in the SOA RR. The root domain name (just + ".") may be specified for <mbox-dname> to indicate that no mailbox is + available. + + The second field, <txt-dname>, is a domain name for which TXT RR's + exist. A subsequent query can be performed to retrieve the + associated TXT resource records at <txt-dname>. This provides a + level of indirection so that the entity can be referred to from + multiple places in the DNS. The root domain name (just ".") may be + specified for <txt-dname> to indicate that the TXT_DNAME is absent, + and no associated TXT RR exists. + + The format of the RP RR is class insensitive. RP records cause no + additional section processing. (TXT additional section processing + for <txt-dname> is allowed as an option, but only if it is disabled + for the root, i.e., "."). + + The Responsible Person RR can be associated with any node in the + Domain Name System hierarchy, not just at the leaves of the tree. + + The TXT RR associated with the TXT_DNAME contain free format text + suitable for humans. Refer to [4] for more details on the TXT RR. + + Multiple RP records at a single name may be present in the database. + They should have identical TTLs. + + + + +Everhart, Mamakos, Ullmann & Mockapetris [Page 4] + +RFC 1183 New DNS RR Definitions October 1990 + + + EXAMPLES + + Some examples of how the RP record might be used. + + sayshell.umd.edu. A 128.8.1.14 + MX 10 sayshell.umd.edu. + HINFO NeXT UNIX + WKS 128.8.1.14 tcp ftp telnet smtp + RP louie.trantor.umd.edu. LAM1.people.umd.edu. + + LAM1.people.umd.edu. TXT ( + "Louis A. Mamakos, (301) 454-2946, don't call me at home!" ) + + In this example, the responsible person's mailbox for the host + SAYSHELL.UMD.EDU is louie@trantor.umd.edu. The TXT RR at + LAM1.people.umd.edu provides additional information and advice. + + TERP.UMD.EDU. A 128.8.10.90 + MX 10 128.8.10.90 + HINFO MICROVAX-II UNIX + WKS 128.8.10.90 udp domain + WKS 128.8.10.90 tcp ftp telnet smtp domain + RP louie.trantor.umd.edu. LAM1.people.umd.edu. + RP root.terp.umd.edu. ops.CS.UMD.EDU. + + TRANTOR.UMD.EDU. A 128.8.10.14 + MX 10 trantor.umd.edu. + HINFO MICROVAX-II UNIX + WKS 128.8.10.14 udp domain + WKS 128.8.10.14 tcp ftp telnet smtp domain + RP louie.trantor.umd.edu. LAM1.people.umd.edu. + RP petry.netwolf.umd.edu. petry.people.UMD.EDU. + RP root.trantor.umd.edu. ops.CS.UMD.EDU. + RP gregh.sunset.umd.edu. . + + LAM1.people.umd.edu. TXT "Louis A. Mamakos (301) 454-2946" + petry.people.umd.edu. TXT "Michael G. Petry (301) 454-2946" + ops.CS.UMD.EDU. TXT "CS Operations Staff (301) 454-2943" + + This set of resource records has two hosts, TRANTOR.UMD.EDU and + TERP.UMD.EDU, as well as a number of TXT RRs. Note that TERP.UMD.EDU + and TRANTOR.UMD.EDU both reference the same pair of TXT resource + records, although the mail box names (root.terp.umd.edu and + root.trantor.umd.edu) differ. + + Here, we obviously care much more if the machine flakes out, as we've + specified four persons which might want to be notified of problems or + other events involving TRANTOR.UMD.EDU. In this example, the last RP + + + +Everhart, Mamakos, Ullmann & Mockapetris [Page 5] + +RFC 1183 New DNS RR Definitions October 1990 + + + RR for TRANTOR.UMD.EDU specifies a mailbox (gregh.sunset.umd.edu), + but no associated TXT RR. + +3. X.25 and ISDN addresses, Route Binding + + This section describes an experimental representation of X.25 and + ISDN addresses in the DNS, as well as a route binding method, + analogous to the MX for mail routing, for very large scale networks. + + There are several possible uses, all experimental at this time. + First, the RRs provide simple documentation of the correct addresses + to use in static configurations of IP/X.25 [11] and SMTP/X.25 [12]. + + The RRs could also be used automatically by an internet network-layer + router, typically IP. The procedure would be to map IP address to + domain name, then name to canonical name if needed, then following RT + records, and finally attempting an IP/X.25 call to the address found. + Alternately, configured domain names could be resolved to identify IP + to X.25/ISDN bindings for a static but periodically refreshed routing + table. + + This provides a function similar to ARP for wide area non-broadcast + networks that will scale well to a network with hundreds of millions + of hosts. + + Also, a standard address binding reference will facilitate other + experiments in the use of X.25 and ISDN, especially in serious + inter-operability testing. The majority of work in such a test is + establishing the n-squared entries in static tables. + + Finally, the RRs are intended for use in a proposal [13] by one of + the authors for a possible next-generation internet. + +3.1. The X25 RR + + The X25 RR is defined with mnemonic X25 and type code 19 (decimal). + + X25 has the following format: + + <owner> <ttl> <class> X25 <PSDN-address> + + <PSDN-address> is required in all X25 RRs. + + <PSDN-address> identifies the PSDN (Public Switched Data Network) + address in the X.121 [10] numbering plan associated with <owner>. + Its format in master files is a <character-string> syntactically + identical to that used in TXT and HINFO. + + + + +Everhart, Mamakos, Ullmann & Mockapetris [Page 6] + +RFC 1183 New DNS RR Definitions October 1990 + + + The format of X25 is class insensitive. X25 RRs cause no additional + section processing. + + The <PSDN-address> is a string of decimal digits, beginning with the + 4 digit DNIC (Data Network Identification Code), as specified in + X.121. National prefixes (such as a 0) MUST NOT be used. + + For example: + + Relay.Prime.COM. X25 311061700956 + +3.2. The ISDN RR + + The ISDN RR is defined with mnemonic ISDN and type code 20 (decimal). + + An ISDN (Integrated Service Digital Network) number is simply a + telephone number. The intent of the members of the CCITT is to + upgrade all telephone and data network service to a common service. + + The numbering plan (E.163/E.164) is the same as the familiar + international plan for POTS (an un-official acronym, meaning Plain + Old Telephone Service). In E.166, CCITT says "An E.163/E.164 + telephony subscriber may become an ISDN subscriber without a number + change." + + ISDN has the following format: + + <owner> <ttl> <class> ISDN <ISDN-address> <sa> + + The <ISDN-address> field is required; <sa> is optional. + + <ISDN-address> identifies the ISDN number of <owner> and DDI (Direct + Dial In) if any, as defined by E.164 [8] and E.163 [7], the ISDN and + PSTN (Public Switched Telephone Network) numbering plan. E.163 + defines the country codes, and E.164 the form of the addresses. Its + format in master files is a <character-string> syntactically + identical to that used in TXT and HINFO. + + <sa> specifies the subaddress (SA). The format of <sa> in master + files is a <character-string> syntactically identical to that used in + TXT and HINFO. + + The format of ISDN is class insensitive. ISDN RRs cause no + additional section processing. + + The <ISDN-address> is a string of characters, normally decimal + digits, beginning with the E.163 country code and ending with the DDI + if any. Note that ISDN, in Q.931, permits any IA5 character in the + + + +Everhart, Mamakos, Ullmann & Mockapetris [Page 7] + +RFC 1183 New DNS RR Definitions October 1990 + + + general case. + + The <sa> is a string of hexadecimal digits. For digits 0-9, the + concrete encoding in the Q.931 call setup information element is + identical to BCD. + + For example: + + Relay.Prime.COM. IN ISDN 150862028003217 + sh.Prime.COM. IN ISDN 150862028003217 004 + + (Note: "1" is the country code for the North American Integrated + Numbering Area, i.e., the system of "area codes" familiar to people + in those countries.) + + The RR data is the ASCII representation of the digits. It is encoded + as one or two <character-string>s, i.e., count followed by + characters. + + CCITT recommendation E.166 [9] defines prefix escape codes for the + representation of ISDN (E.163/E.164) addresses in X.121, and PSDN + (X.121) addresses in E.164. It specifies that the exact codes are a + "national matter", i.e., different on different networks. A host + connected to the ISDN may be able to use both the X25 and ISDN + addresses, with the local prefix added. + +3.3. The Route Through RR + + The Route Through RR is defined with mnemonic RT and type code 21 + (decimal). + + The RT resource record provides a route-through binding for hosts + that do not have their own direct wide area network addresses. It is + used in much the same way as the MX RR. + + RT has the following format: + + <owner> <ttl> <class> RT <preference> <intermediate-host> + + Both RDATA fields are required in all RT RRs. + + The first field, <preference>, is a 16 bit integer, representing the + preference of the route. Smaller numbers indicate more preferred + routes. + + <intermediate-host> is the domain name of a host which will serve as + an intermediate in reaching the host specified by <owner>. The DNS + RRs associated with <intermediate-host> are expected to include at + + + +Everhart, Mamakos, Ullmann & Mockapetris [Page 8] + +RFC 1183 New DNS RR Definitions October 1990 + + + least one A, X25, or ISDN record. + + The format of the RT RR is class insensitive. RT records cause type + X25, ISDN, and A additional section processing for <intermediate- + host>. + + For example, + + sh.prime.com. IN RT 2 Relay.Prime.COM. + IN RT 10 NET.Prime.COM. + *.prime.com. IN RT 90 Relay.Prime.COM. + + When a host is looking up DNS records to attempt to route a datagram, + it first looks for RT records for the destination host, which point + to hosts with address records (A, X25, ISDN) compatible with the wide + area networks available to the host. If it is itself in the set of + RT records, it discards any RTs with preferences higher or equal to + its own. If there are no (remaining) RTs, it can then use address + records of the destination itself. + + Wild-card RTs are used exactly as are wild-card MXs. RT's do not + "chain"; that is, it is not valid to use the RT RRs found for a host + referred to by an RT. + + The concrete encoding is identical to the MX RR. + +REFERENCES and BIBLIOGRAPHY + + [1] Stahl, M., "Domain Administrators Guide", RFC 1032, Network + Information Center, SRI International, November 1987. + + [2] Lottor, M., "Domain Administrators Operations Guide", RFC 1033, + Network Information Center, SRI International, November, 1987. + + [3] Mockapetris, P., "Domain Names - Concepts and Facilities", RFC + 1034, USC/Information Sciences Institute, November 1987. + + [4] Mockapetris, P., "Domain Names - Implementation and + Specification", RFC 1035, USC/Information Sciences Institute, + November 1987. + + [5] Spector A., and M. Kazar, "Uniting File Systems", UNIX Review, + 7(3), pp. 61-69, March 1989. + + [6] Zahn, et al., "Network Computing Architecture", Prentice-Hall, + 1989. + + [7] International Telegraph and Telephone Consultative Committee, + + + +Everhart, Mamakos, Ullmann & Mockapetris [Page 9] + +RFC 1183 New DNS RR Definitions October 1990 + + + "Numbering Plan for the International Telephone Service", CCITT + Recommendations E.163., IXth Plenary Assembly, Melbourne, 1988, + Fascicle II.2 ("Blue Book"). + + [8] International Telegraph and Telephone Consultative Committee, + "Numbering Plan for the ISDN Era", CCITT Recommendations E.164., + IXth Plenary Assembly, Melbourne, 1988, Fascicle II.2 ("Blue + Book"). + + [9] International Telegraph and Telephone Consultative Committee. + "Numbering Plan Interworking in the ISDN Era", CCITT + Recommendations E.166., IXth Plenary Assembly, Melbourne, 1988, + Fascicle II.2 ("Blue Book"). + + [10] International Telegraph and Telephone Consultative Committee, + "International Numbering Plan for the Public Data Networks", + CCITT Recommendations X.121., IXth Plenary Assembly, Melbourne, + 1988, Fascicle VIII.3 ("Blue Book"); provisional, Geneva, 1978; + amended, Geneva, 1980, Malaga-Torremolinos, 1984 and Melborne, + 1988. + + [11] Korb, J., "Standard for the Transmission of IP datagrams Over + Public Data Networks", RFC 877, Purdue University, September + 1983. + + [12] Ullmann, R., "SMTP on X.25", RFC 1090, Prime Computer, February + 1989. + + [13] Ullmann, R., "TP/IX: The Next Internet", Prime Computer + (unpublished), July 1990. + + [14] Mockapetris, P., "DNS Encoding of Network Names and Other Types", + RFC 1101, USC/Information Sciences Institute, April 1989. + +Security Considerations + + Security issues are not addressed in this memo. + + + + + + + + + + + + + + +Everhart, Mamakos, Ullmann & Mockapetris [Page 10] + +RFC 1183 New DNS RR Definitions October 1990 + + +Authors' Addresses + + Craig F. Everhart + Transarc Corporation + The Gulf Tower + 707 Grant Street + Pittsburgh, PA 15219 + + Phone: +1 412 338 4467 + + EMail: Craig_Everhart@transarc.com + + + Louis A. Mamakos + Network Infrastructure Group + Computer Science Center + University of Maryland + College Park, MD 20742-2411 + + Phone: +1-301-405-7836 + + Email: louie@Sayshell.UMD.EDU + + + Robert Ullmann 10-30 + Prime Computer, Inc. + 500 Old Connecticut Path + Framingham, MA 01701 + + Phone: +1 508 620 2800 ext 1736 + + Email: Ariel@Relay.Prime.COM + + + Paul Mockapetris + USC Information Sciences Institute + 4676 Admiralty Way + Marina del Rey, CA 90292 + + Phone: 213-822-1511 + + EMail: pvm@isi.edu + + + + + + + + + +Everhart, Mamakos, Ullmann & Mockapetris [Page 11] +
\ No newline at end of file diff --git a/usr.sbin/named/doc/rfc/rfc1535 b/usr.sbin/named/doc/rfc/rfc1535 new file mode 100644 index 00000000000..03bddeebedc --- /dev/null +++ b/usr.sbin/named/doc/rfc/rfc1535 @@ -0,0 +1,283 @@ + + + + + + +Network Working Group E. Gavron +Request for Comments: 1535 ACES Research Inc. +Category: Informational October 1993 + + + A Security Problem and Proposed Correction + With Widely Deployed DNS Software + +Status of this Memo + + This memo provides information for the Internet community. It does + not specify an Internet standard. Distribution of this memo is + unlimited. + +Abstract + + This document discusses a flaw in some of the currently distributed + name resolver clients. The flaw exposes a security weakness related + to the search heuristic invoked by these same resolvers when users + provide a partial domain name, and which is easy to exploit (although + not by the masses). This document points out the flaw, a case in + point, and a solution. + +Background + + Current Domain Name Server clients are designed to ease the burden of + remembering IP dotted quad addresses. As such they translate human- + readable names into addresses and other resource records. Part of + the translation process includes understanding and dealing with + hostnames that are not fully qualified domain names (FQDNs). + + An absolute "rooted" FQDN is of the format {name}{.} A non "rooted" + domain name is of the format {name} + + A domain name may have many parts and typically these include the + host, domain, and type. Example: foobar.company.com or + fooschool.university.edu. + +Flaw + + The problem with most widely distributed resolvers based on the BSD + BIND resolver is that they attempt to resolve a partial name by + processing a search list of partial domains to be added to portions + of the specified host name until a DNS record is found. This + "feature" is disabled by default in the official BIND 4.9.2 release. + + Example: A TELNET attempt by User@Machine.Tech.ACES.COM + to UnivHost.University.EDU + + + +Gavron [Page 1] + +RFC 1535 DNS Software Enhancements October 1993 + + + The resolver client will realize that since "UnivHost.University.EDU" + does not end with a ".", it is not an absolute "rooted" FQDN. It + will then try the following combinations until a resource record is + found: + + UnivHost.University.EDU.Tech.ACES.COM. + UnivHost.University.EDU.ACES.COM. + UnivHost.University.EDU.COM. + UnivHost.University.EDU. + +Security Issue + + After registering the EDU.COM domain, it was discovered that an + unliberal application of one wildcard CNAME record would cause *all* + connects from any .COM site to any .EDU site to terminate at one + target machine in the private edu.com sub-domain. + + Further, discussion reveals that specific hostnames registered in + this private subdomain, or any similarly named subdomain may be used + to spoof a host. + + Example: harvard.edu.com. CNAME targethost + + Thus all connects to Harvard.edu from all .com sites would end up at + targthost, a machine which could provide a Harvard.edu login banner. + + This is clearly unacceptable. Further, it could only be made worse + with domains like COM.EDU, MIL.GOV, GOV.COM, etc. + +Public vs. Local Name Space Administration + + The specification of the Domain Name System and the software that + implements it provides an undifferentiated hierarchy which permits + delegation of administration for subordinate portions of the name + space. Actual administration of the name space is divided between + "public" and "local" portions. Public administration pertains to all + top-level domains, such as .COM and .EDU. For some domains, it also + pertains to some number of sub-domain levels. The multi-level nature + of the public administration is most evident for top-level domains + for countries. For example in the Fully Qualified Domain Name, + dbc.mtview.ca.us., the portion "mtview.ca.us" represents three levels + of public administration. Only the left-most portion is subject to + local administration. + + + + + + + + +Gavron [Page 2] + +RFC 1535 DNS Software Enhancements October 1993 + + + The danger of the heuristic search common in current practise is that + it it is possible to "intercept" the search by matching against an + unintended value while walking up the search list. While this is + potentially dangerous at any level, it is entirely unacceptable when + the error impacts users outside of a local administration. + + When attempting to resolve a partial domain name, DNS resolvers use + the Domain Name of the searching host for deriving the search list. + Existing DNS resolvers do not distinguish the portion of that name + which is in the locally administered scope from the part that is + publically administered. + +Solution(s) + + At a minimum, DNS resolvers must honor the BOUNDARY between local and + public administration, by limiting any search lists to locally- + administered portions of the Domain Name space. This requires a + parameter which shows the scope of the name space controlled by the + local administrator. + + This would permit progressive searches from the most qualified to + less qualified up through the locally controlled domain, but not + beyond. + + For example, if the local user were trying to reach: + + User@chief.admin.DESERTU.EDU from + starburst,astro.DESERTU.EDU, + + it is reasonable to permit the user to enter just chief.admin, and + for the search to cover: + + chief.admin.astro.DESERTU.EDU + chief.admin.DESERTU.EDU + + but not + + chief.admin.EDU + + In this case, the value of "search" should be set to "DESERTU.EDU" + because that's the scope of the name space controlled by the local + DNS administrator. + + This is more than a mere optimization hack. The local administrator + has control over the assignment of names within the locally + administered domain, so the administrator can make sure that + abbreviations result in the right thing. Outside of the local + control, users are necessarily at risk. + + + +Gavron [Page 3] + +RFC 1535 DNS Software Enhancements October 1993 + + + A more stringent mechanism is implemented in BIND 4.9.2, to respond + to this problem: + + The DNS Name resolver clients narrows its IMPLICIT search list IF ANY + to only try the first and the last of the examples shown. + + Any additional search alternatives must be configured into the + resolver EXPLICITLY. + + DNS Name resolver software SHOULD NOT use implicit search lists in + attempts to resolve partial names into absolute FQDNs other than the + hosts's immediate parent domain. + + Resolvers which continue to use implicit search lists MUST limit + their scope to locally administered sub-domains. + + DNS Name resolver software SHOULD NOT come pre-configured with + explicit search lists that perpetuate this problem. + + Further, in any event where a "." exists in a specified name it + should be assumed to be a fully qualified domain name (FQDN) and + SHOULD be tried as a rooted name first. + + Example: Given user@a.b.c.d connecting to e.f.g.h only two tries + should be attempted as a result of using an implicit + search list: + + e.f.g.h. and e.f.g.h.b.c.d. + + Given user@a.b.c.d. connecting to host those same two + tries would appear as: + + x.b.c.d. and x. + + Some organizations make regular use of multi-part, partially + qualified Domain Names. For example, host foo.loc1.org.city.state.us + might be used to making references to bar.loc2, or mumble.loc3, all + of which refer to whatever.locN.org.city.state.us + + The stringent implicit search rules for BIND 4.9.2 will now cause + these searches to fail. To return the ability for them to succeed, + configuration of the client resolvers must be changed to include an + explicit search rule for org.city.state.us. That is, it must contain + an explicit rule for any -- and each -- portion of the locally- + administered sub-domain that it wishes to have as part of the search + list. + + + + + +Gavron [Page 4] + +RFC 1535 DNS Software Enhancements October 1993 + + +References + + [1] Mockapetris, P., "Domain Names Concepts and Facilities", STD 13, + RFC 1034, USC/Information Sciences Institute, November 1987. + + [2] Mockapetris, P., "Domain Names Implementation and Specification", + STD 13, RFC 1035, USC/Information Sciences Institute, November + 1987. + + [3] Partridge, C., "Mail Routing and the Domain System", STD 14, RFC + 974, CSNET CIC BBN, January 1986. + + [4] Kumar, A., Postel, J., Neuman, C., Danzig, P., and S. Miller, + "Common DNS Implementation Errors and Suggested Fixes", RFC 1536, + USC/Information Sciences Institute, USC, October 1993. + + [5] Beertema, P., "Common DNS Data File Configuration Errors", RFC + 1537, CWI, October 1993. + +Security Considerations + + This memo indicates vulnerabilities with all too-forgiving DNS + clients. It points out a correction that would eliminate the future + potential of the problem. + +Author's Address + + Ehud Gavron + ACES Research Inc. + PO Box 14546 + Tucson, AZ 85711 + + Phone: (602) 743-9841 + EMail: gavron@aces.com + + + + + + + + + + + + + + + + + +Gavron [Page 5] + diff --git a/usr.sbin/named/doc/rfc/rfc1536 b/usr.sbin/named/doc/rfc/rfc1536 new file mode 100644 index 00000000000..5ff2b25d037 --- /dev/null +++ b/usr.sbin/named/doc/rfc/rfc1536 @@ -0,0 +1,675 @@ + + + + + + +Network Working Group A. Kumar +Request for Comments: 1536 J. Postel +Category: Informational C. Neuman + ISI + P. Danzig + S. Miller + USC + October 1993 + + + Common DNS Implementation Errors and Suggested Fixes + +Status of this Memo + + This memo provides information for the Internet community. It does + not specify an Internet standard. Distribution of this memo is + unlimited. + +Abstract + + This memo describes common errors seen in DNS implementations and + suggests some fixes. Where applicable, violations of recommendations + from STD 13, RFC 1034 and STD 13, RFC 1035 are mentioned. The memo + also describes, where relevant, the algorithms followed in BIND + (versions 4.8.3 and 4.9 which the authors referred to) to serve as an + example. + +Introduction + + The last few years have seen, virtually, an explosion of DNS traffic + on the NSFnet backbone. Various DNS implementations and various + versions of these implementations interact with each other, producing + huge amounts of unnecessary traffic. Attempts are being made by + researchers all over the internet, to document the nature of these + interactions, the symptomatic traffic patterns and to devise remedies + for the sick pieces of software. + + This draft is an attempt to document fixes for known DNS problems so + people know what problems to watch out for and how to repair broken + software. + +1. Fast Retransmissions + + DNS implements the classic request-response scheme of client-server + interaction. UDP is, therefore, the chosen protocol for communication + though TCP is used for zone transfers. The onus of requerying in case + no response is seen in a "reasonable" period of time, lies with the + client. Although RFC 1034 and 1035 do not recommend any + + + +Kumar, Postel, Neuman, Danzig & Miller [Page 1] + +RFC 1536 Common DNS Implementation Errors October 1993 + + + retransmission policy, RFC 1035 does recommend that the resolvers + should cycle through a list of servers. Both name servers and stub + resolvers should, therefore, implement some kind of a retransmission + policy based on round trip time estimates of the name servers. The + client should back-off exponentially, probably to a maximum timeout + value. + + However, clients might not implement either of the two. They might + not wait a sufficient amount of time before retransmitting or they + might not back-off their inter-query times sufficiently. + + Thus, what the server would see will be a series of queries from the + same querying entity, spaced very close together. Of course, a + correctly implemented server discards all duplicate queries but the + queries contribute to wide-area traffic, nevertheless. + + We classify a retransmission of a query as a pure Fast retry timeout + problem when a series of query packets meet the following conditions. + + a. Query packets are seen within a time less than a "reasonable + waiting period" of each other. + + b. No response to the original query was seen i.e., we see two or + more queries, back to back. + + c. The query packets share the same query identifier. + + d. The server eventually responds to the query. + +A GOOD IMPLEMENTATION: + + BIND (we looked at versions 4.8.3 and 4.9) implements a good + retransmission algorithm which solves or limits all of these + problems. The Berkeley stub-resolver queries servers at an interval + that starts at the greater of 4 seconds and 5 seconds divided by the + number of servers the resolver queries. The resolver cycles through + servers and at the end of a cycle, backs off the time out + exponentially. + + The Berkeley full-service resolver (built in with the program + "named") starts with a time-out equal to the greater of 4 seconds and + two times the round-trip time estimate of the server. The time-out + is backed off with each cycle, exponentially, to a ceiling value of + 45 seconds. + + + + + + + +Kumar, Postel, Neuman, Danzig & Miller [Page 2] + +RFC 1536 Common DNS Implementation Errors October 1993 + + +FIXES: + + a. Estimate round-trip times or set a reasonably high initial + time-out. + + b. Back-off timeout periods exponentially. + + c. Yet another fundamental though difficult fix is to send the + client an acknowledgement of a query, with a round-trip time + estimate. + + Since UDP is used, no response is expected by the client until the + query is complete. Thus, it is less likely to have information about + previous packets on which to estimate its back-off time. Unless, you + maintain state across queries, so subsequent queries to the same + server use information from previous queries. Unfortunately, such + estimates are likely to be inaccurate for chained requests since the + variance is likely to be high. + + The fix chosen in the ARDP library used by Prospero is that the + server will send an initial acknowledgement to the client in those + cases where the server expects the query to take a long time (as + might be the case for chained queries). This initial acknowledgement + can include an expected time to wait before retrying. + + This fix is more difficult since it requires that the client software + also be trained to expect the acknowledgement packet. This, in an + internet of millions of hosts is at best a hard problem. + +2. Recursion Bugs + + When a server receives a client request, it first looks up its zone + data and the cache to check if the query can be answered. If the + answer is unavailable in either place, the server seeks names of + servers that are more likely to have the information, in its cache or + zone data. It then does one of two things. If the client desires the + server to recurse and the server architecture allows recursion, the + server chains this request to these known servers closest to the + queried name. If the client doesn't seek recursion or if the server + cannot handle recursion, it returns the list of name servers to the + client assuming the client knows what to do with these records. + + The client queries this new list of name servers to get either the + answer, or names of another set of name servers to query. This + process repeats until the client is satisfied. Servers might also go + through this chaining process if the server returns a CNAME record + for the queried name. Some servers reprocess this name to try and get + the desired record type. + + + +Kumar, Postel, Neuman, Danzig & Miller [Page 3] + +RFC 1536 Common DNS Implementation Errors October 1993 + + + However, in certain cases, this chain of events may not be good. For + example, a broken or malicious name server might list itself as one + of the name servers to query again. The unsuspecting client resends + the same query to the same server. + + In another situation, more difficult to detect, a set of servers + might form a loop wherein A refers to B and B refers to A. This loop + might involve more than two servers. + + Yet another error is where the client does not know how to process + the list of name servers returned, and requeries the same server + since that is one (of the few) servers it knows. + + We, therefore, classify recursion bugs into three distinct + categories: + + a. Ignored referral: Client did not know how to handle NS records + in the AUTHORITY section. + + b. Too many referrals: Client called on a server too many times, + beyond a "reasonable" number, with same query. This is + different from a Fast retransmission problem and a Server + Failure detection problem in that a response is seen for every + query. Also, the identifiers are always different. It implies + client is in a loop and should have detected that and broken + it. (RFC 1035 mentions that client should not recurse beyond + a certain depth.) + + c. Malicious Server: a server refers to itself in the authority + section. If a server does not have an answer now, it is very + unlikely it will be any better the next time you query it, + specially when it claims to be authoritative over a domain. + + RFC 1034 warns against such situations, on page 35. + + "Bound the amount of work (packets sent, parallel processes + started) so that a request can't get into an infinite loop or + start off a chain reaction of requests or queries with other + implementations EVEN IF SOMEONE HAS INCORRECTLY CONFIGURED + SOME DATA." + +A GOOD IMPLEMENTATION: + + BIND fixes at least one of these problems. It places an upper limit + on the number of recursive queries it will make, to answer a + question. It chases a maximum of 20 referral links and 8 canonical + name translations. + + + + +Kumar, Postel, Neuman, Danzig & Miller [Page 4] + +RFC 1536 Common DNS Implementation Errors October 1993 + + +FIXES: + + a. Set an upper limit on the number of referral links and CNAME + links you are willing to chase. + + Note that this is not guaranteed to break only recursion loops. + It could, in a rare case, prune off a very long search path, + prematurely. We know, however, with high probability, that if + the number of links cross a certain metric (two times the depth + of the DNS tree), it is a recursion problem. + + b. Watch out for self-referring servers. Avoid them whenever + possible. + + c. Make sure you never pass off an authority NS record with your + own name on it! + + d. Fix clients to accept iterative answers from servers not built + to provide recursion. Such clients should either be happy with + the non-authoritative answer or be willing to chase the + referral links themselves. + +3. Zero Answer Bugs: + + Name servers sometimes return an authoritative NOERROR with no + ANSWER, AUTHORITY or ADDITIONAL records. This happens when the + queried name is valid but it does not have a record of the desired + type. Of course, the server has authority over the domain. + + However, once again, some implementations of resolvers do not + interpret this kind of a response reasonably. They always expect an + answer record when they see an authoritative NOERROR. These entities + continue to resend their queries, possibly endlessly. + +A GOOD IMPLEMENTATION + + BIND resolver code does not query a server more than 3 times. If it + is unable to get an answer from 4 servers, querying them three times + each, it returns error. + + Of course, it treats a zero-answer response the way it should be + treated; with respect! + +FIXES: + + a. Set an upper limit on the number of retransmissions for a given + query, at the very least. + + + + +Kumar, Postel, Neuman, Danzig & Miller [Page 5] + +RFC 1536 Common DNS Implementation Errors October 1993 + + + b. Fix resolvers to interpret such a response as an authoritative + statement of non-existence of the record type for the given + name. + +4. Inability to detect server failure: + + Servers in the internet are not very reliable (they go down every + once in a while) and resolvers are expected to adapt to the changed + scenario by not querying the server for a while. Thus, when a server + does not respond to a query, resolvers should try another server. + Also, non-stub resolvers should update their round trip time estimate + for the server to a large value so that server is not tried again + before other, faster servers. + + Stub resolvers, however, cycle through a fixed set of servers and if, + unfortunately, a server is down while others do not respond for other + reasons (high load, recursive resolution of query is taking more time + than the resolver's time-out, ....), the resolver queries the dead + server again! In fact, some resolvers might not set an upper limit on + the number of query retransmissions they will send and continue to + query dead servers indefinitely. + + Name servers running system or chained queries might also suffer from + the same problem. They store names of servers they should query for a + given domain. They cycle through these names and in case none of them + answers, hit each one more than one. It is, once again, important + that there be an upper limit on the number of retransmissions, to + prevent network overload. + + This behavior is clearly in violation of the dictum in RFC 1035 (page + 46) + + "If a resolver gets a server error or other bizarre response + from a name server, it should remove it from SLIST, and may + wish to schedule an immediate transmission to the next + candidate server address." + + Removal from SLIST implies that the server is not queried again for + some time. + + Correctly implemented full-service resolvers should, as pointed out + before, update round trip time values for servers that do not respond + and query them only after other, good servers. Full-service resolvers + might, however, not follow any of these common sense directives. They + query dead servers, and they query them endlessly. + + + + + + +Kumar, Postel, Neuman, Danzig & Miller [Page 6] + +RFC 1536 Common DNS Implementation Errors October 1993 + + +A GOOD IMPLEMENTATION: + + BIND places an upper limit on the number of times it queries a + server. Both the stub-resolver and the full-service resolver code do + this. Also, since the full-service resolver estimates round-trip + times and sorts name server addresses by these estimates, it does not + query a dead server again, until and unless all the other servers in + the list are dead too! Further, BIND implements exponential back-off + too. + +FIXES: + + a. Set an upper limit on number of retransmissions. + + b. Measure round-trip time from servers (some estimate is better + than none). Treat no response as a "very large" round-trip + time. + + c. Maintain a weighted rtt estimate and decay the "large" value + slowly, with time, so that the server is eventually tested + again, but not after an indefinitely long period. + + d. Follow an exponential back-off scheme so that even if you do + not restrict the number of queries, you do not overload the + net excessively. + +5. Cache Leaks: + + Every resource record returned by a server is cached for TTL seconds, + where the TTL value is returned with the RR. Full-service (or stub) + resolvers cache the RR and answer any queries based on this cached + information, in the future, until the TTL expires. After that, one + more query to the wide-area network gets the RR in cache again. + + Full-service resolvers might not implement this caching mechanism + well. They might impose a limit on the cache size or might not + interpret the TTL value correctly. In either case, queries repeated + within a TTL period of a RR constitute a cache leak. + +A GOOD/BAD IMPLEMENTATION: + + BIND has no restriction on the cache size and the size is governed by + the limits on the virtual address space of the machine it is running + on. BIND caches RRs for the duration of the TTL returned with each + record. + + It does, however, not follow the RFCs with respect to interpretation + of a 0 TTL value. If a record has a TTL value of 0 seconds, BIND uses + + + +Kumar, Postel, Neuman, Danzig & Miller [Page 7] + +RFC 1536 Common DNS Implementation Errors October 1993 + + + the minimum TTL value, for that zone, from the SOA record and caches + it for that duration. This, though it saves some traffic on the + wide-area network, is not correct behavior. + +FIXES: + + a. Look over your caching mechanism to ensure TTLs are interpreted + correctly. + + b. Do not restrict cache sizes (come on, memory is cheap!). + Expired entries are reclaimed periodically, anyway. Of course, + the cache size is bound to have some physical limit. But, when + possible, this limit should be large (run your name server on + a machine with a large amount of physical memory). + + c. Possibly, a mechanism is needed to flush the cache, when it is + known or even suspected that the information has changed. + +6. Name Error Bugs: + + This bug is very similar to the Zero Answer bug. A server returns an + authoritative NXDOMAIN when the queried name is known to be bad, by + the server authoritative for the domain, in the absence of negative + caching. This authoritative NXDOMAIN response is usually accompanied + by the SOA record for the domain, in the authority section. + + Resolvers should recognize that the name they queried for was a bad + name and should stop querying further. + + Some resolvers might, however, not interpret this correctly and + continue to query servers, expecting an answer record. + + Some applications, in fact, prompt NXDOMAIN answers! When given a + perfectly good name to resolve, they append the local domain to it + e.g., an application in the domain "foo.bar.com", when trying to + resolve the name "usc.edu" first tries "usc.edu.foo.bar.com", then + "usc.edu.bar.com" and finally the good name "usc.edu". This causes at + least two queries that return NXDOMAIN, for every good query. The + problem is aggravated since the negative answers from the previous + queries are not cached. When the same name is sought again, the + process repeats. + + Some DNS resolver implementations suffer from this problem, too. They + append successive sub-parts of the local domain using an implicit + searchlist mechanism, when certain conditions are satisfied and try + the original name, only when this first set of iterations fails. This + behavior recently caused pandemonium in the Internet when the domain + "edu.com" was registered and a wildcard "CNAME" record placed at the + + + +Kumar, Postel, Neuman, Danzig & Miller [Page 8] + +RFC 1536 Common DNS Implementation Errors October 1993 + + + top level. All machines from "com" domains trying to connect to hosts + in the "edu" domain ended up with connections to the local machine in + the "edu.com" domain! + +GOOD/BAD IMPLEMENTATIONS: + + Some local versions of BIND already implement negative caching. They + typically cache negative answers with a very small TTL, sufficient to + answer a burst of queries spaced close together, as is typically + seen. + + The next official public release of BIND (4.9.2) will have negative + caching as an ifdef'd feature. + + The BIND resolver appends local domain to the given name, when one of + two conditions is met: + + i. The name has no periods and the flag RES_DEFNAME is set. + ii. There is no trailing period and the flag RES_DNSRCH is set. + + The flags RES_DEFNAME and RES_DNSRCH are default resolver options, in + BIND, but can be changed at compile time. + + Only if the name, so generated, returns an NXDOMAIN is the original + name tried as a Fully Qualified Domain Name. And only if it contains + at least one period. + +FIXES: + + a. Fix the resolver code. + + b. Negative Caching. Negative caching servers will restrict the + traffic seen on the wide-area network, even if not curb it + altogether. + + c. Applications and resolvers should not append the local domain to + names they seek to resolve, as far as possible. Names + interspersed with periods should be treated as Fully Qualified + Domain Names. + + In other words, Use searchlists only when explicitly specified. + No implicit searchlists should be used. A name that contains + any dots should first be tried as a FQDN and if that fails, with + the local domain name (or searchlist if specified) appended. A + name containing no dots can be appended with the searchlist right + away, but once again, no implicit searchlists should be used. + + + + + +Kumar, Postel, Neuman, Danzig & Miller [Page 9] + +RFC 1536 Common DNS Implementation Errors October 1993 + + + Associated with the name error bug is another problem where a server + might return an authoritative NXDOMAIN, although the name is valid. A + secondary server, on start-up, reads the zone information from the + primary, through a zone transfer. While it is in the process of + loading the zones, it does not have information about them, although + it is authoritative for them. Thus, any query for a name in that + domain is answered with an NXDOMAIN response code. This problem might + not be disastrous were it not for negative caching servers that cache + this answer and so propagate incorrect information over the internet. + +BAD IMPLEMENTATION: + + BIND apparently suffers from this problem. + + Also, a new name added to the primary database will take a while to + propagate to the secondaries. Until that time, they will return + NXDOMAIN answers for a good name. Negative caching servers store this + answer, too and aggravate this problem further. This is probably a + more general DNS problem but is apparently more harmful in this + situation. + +FIX: + + a. Servers should start answering only after loading all the zone + data. A failed server is better than a server handing out + incorrect information. + + b. Negative cache records for a very small time, sufficient only + to ward off a burst of requests for the same bad name. This + could be related to the round-trip time of the server from + which the negative answer was received. Alternatively, a + statistical measure of the amount of time for which queries + for such names are received could be used. Minimum TTL value + from the SOA record is not advisable since they tend to be + pretty large. + + c. A "PUSH" (or, at least, a "NOTIFY") mechanism should be allowed + and implemented, to allow the primary server to inform + secondaries that the database has been modified since it last + transferred zone data. To alleviate the problem of "too many + zone transfers" that this might cause, Incremental Zone + Transfers should also be part of DNS. Also, the primary should + not NOTIFY/PUSH with every update but bunch a good number + together. + + + + + + + +Kumar, Postel, Neuman, Danzig & Miller [Page 10] + +RFC 1536 Common DNS Implementation Errors October 1993 + + +7. Format Errors: + + Some resolvers issue query packets that do not necessarily conform to + standards as laid out in the relevant RFCs. This unnecessarily + increases net traffic and wastes server time. + +FIXES: + + a. Fix resolvers. + + b. Each resolver verify format of packets before sending them out, + using a mechanism outside of the resolver. This is, obviously, + needed only if step 1 cannot be followed. + +References + + [1] Mockapetris, P., "Domain Names Concepts and Facilities", STD 13, + RFC 1034, USC/Information Sciences Institute, November 1987. + + [2] Mockapetris, P., "Domain Names Implementation and Specification", + STD 13, RFC 1035, USC/Information Sciences Institute, November + 1987. + + [3] Partridge, C., "Mail Routing and the Domain System", STD 14, RFC + 974, CSNET CIC BBN, January 1986. + + [4] Gavron, E., "A Security Problem and Proposed Correction With + Widely Deployed DNS Software", RFC 1535, ACES Research Inc., + October 1993. + + [5] Beertema, P., "Common DNS Data File Configuration Errors", RFC + 1537, CWI, October 1993. + +Security Considerations + + Security issues are not discussed in this memo. + + + + + + + + + + + + + + + +Kumar, Postel, Neuman, Danzig & Miller [Page 11] + +RFC 1536 Common DNS Implementation Errors October 1993 + + +Authors' Addresses + + Anant Kumar + USC Information Sciences Institute + 4676 Admiralty Way + Marina Del Rey CA 90292-6695 + + Phone:(310) 822-1511 + FAX: (310) 823-6741 + EMail: anant@isi.edu + + + Jon Postel + USC Information Sciences Institute + 4676 Admiralty Way + Marina Del Rey CA 90292-6695 + + Phone:(310) 822-1511 + FAX: (310) 823-6714 + EMail: postel@isi.edu + + + Cliff Neuman + USC Information Sciences Institute + 4676 Admiralty Way + Marina Del Rey CA 90292-6695 + + Phone:(310) 822-1511 + FAX: (310) 823-6714 + EMail: bcn@isi.edu + + + Peter Danzig + Computer Science Department + University of Southern California + University Park + + EMail: danzig@caldera.usc.edu + + + Steve Miller + Computer Science Department + University of Southern California + University Park + Los Angeles CA 90089 + + EMail: smiller@caldera.usc.edu + + + + +Kumar, Postel, Neuman, Danzig & Miller [Page 12] + diff --git a/usr.sbin/named/doc/rfc/rfc1537 b/usr.sbin/named/doc/rfc/rfc1537 new file mode 100644 index 00000000000..81b97683156 --- /dev/null +++ b/usr.sbin/named/doc/rfc/rfc1537 @@ -0,0 +1,507 @@ + + + + + + +Network Working Group P. Beertema +Request for Comments: 1537 CWI +Category: Informational October 1993 + + + Common DNS Data File Configuration Errors + +Status of this Memo + + This memo provides information for the Internet community. It does + not specify an Internet standard. Distribution of this memo is + unlimited. + +Abstract + + This memo describes errors often found in DNS data files. It points + out common mistakes system administrators tend to make and why they + often go unnoticed for long periods of time. + +Introduction + + Due to the lack of extensive documentation and automated tools, DNS + zone files have mostly been configured by system administrators, by + hand. Some of the rules for writing the data files are rather subtle + and a few common mistakes are seen in domains worldwide. + + This document is an attempt to list "surprises" that administrators + might find hidden in their zone files. It describes the symptoms of + the malady and prescribes medicine to cure that. It also gives some + general recommendations and advice on specific nameserver and zone + file issues and on the (proper) use of the Domain Name System. + +1. SOA records + + A problem I've found in quite some nameservers is that the various + timers have been set (far) too low. Especially for top level domain + nameservers this causes unnecessary traffic over international and + intercontinental links. + + Unfortunately the examples given in the BIND manual, in RFC's and in + some expert documents give those very short timer values, and that's + most likely what people have modeled their SOA records after. + + First of all a short explanation of the timers used in the SOA + record: + + + + + + +Beertema [Page 1] + +RFC 1537 Common DNS Data File Configuration Errors October 1993 + + + - Refresh: The SOA record of the primary server is checked + every "refresh" time by the secondary servers; + if it has changed, a zone transfer is done. + + - Retry: If a secondary server cannot reach the primary + server, it tries it again every "retry" time. + + - Expire: If for "expire" time the primary server cannot + be reached, all information about the zone is + invalidated on the secondary servers (i.e., they + are no longer authoritative for that zone). + + - Minimum TTL: The default TTL value for all records in the + zone file; a different TTL value may be given + explicitly in a record when necessary. + (This timer is named "Minimum", and that's + what it's function should be according to + STD 13, RFC 1035, but most (all?) + implementations take it as the default value + exported with records without an explicit TTL + value). + + For top level domain servers I would recommend the following values: + + 86400 ; Refresh 24 hours + 7200 ; Retry 2 hours + 2592000 ; Expire 30 days + 345600 ; Minimum TTL 4 days + + For other servers I would suggest: + + 28800 ; Refresh 8 hours + 7200 ; Retry 2 hours + 604800 ; Expire 7 days + 86400 ; Minimum TTL 1 day + + but here the frequency of changes, the required speed of propagation, + the reachability of the primary server etc. play a role in optimizing + the timer values. + +2. Glue records + + Quite often, people put unnecessary glue (A) records in their zone + files. Even worse is that I've even seen *wrong* glue records for an + external host in a primary zone file! Glue records need only be in a + zone file if the server host is within the zone and there is no A + record for that host elsewhere in the zone file. + + + + +Beertema [Page 2] + +RFC 1537 Common DNS Data File Configuration Errors October 1993 + + + Old BIND versions ("native" 4.8.3 and older versions) showed the + problem that wrong glue records could enter secondary servers in a + zone transfer. + +3. "Secondary server surprise" + + I've seen it happen on various occasions that hosts got bombarded by + nameserver requests without knowing why. On investigation it turned + out then that such a host was supposed to (i.e., the information was + in the root servers) run secondary for some domain (or reverse (in- + addr.arpa)) domain, without that host's nameserver manager having + been asked or even been told so! + + Newer BIND versions (4.9 and later) solved this problem. At the same + time though the fix has the disadvantage that it's far less easy to + spot this problem. + + Practice has shown that most domain registrars accept registrations + of nameservers without checking if primary (!) and secondary servers + have been set up, informed, or even asked. It should also be noted + that a combination of long-lasting unreachability of primary + nameservers, (therefore) expiration of zone information, plus static + IP routing, can lead to massive network traffic that can fill up + lines completely. + +4. "MX records surprise" + + In a sense similar to point 3. Sometimes nameserver managers enter MX + records in their zone files that point to external hosts, without + first asking or even informing the systems managers of those external + hosts. This has to be fought out between the nameserver manager and + the systems managers involved. Only as a last resort, if really + nothing helps to get the offending records removed, can the systems + manager turn to the naming authority of the domain above the + offending domain to get the problem sorted out. + +5. "Name extension surprise" + + Sometimes one encounters weird names, which appear to be an external + name extended with a local domain. This is caused by forgetting to + terminate a name with a dot: names in zone files that don't end with + a dot are always expanded with the name of the current zone (the + domain that the zone file stands for or the last $ORIGIN). + + Example: zone file for foo.xx: + + pqr MX 100 relay.yy. + xyz MX 100 relay.yy (no trailing dot!) + + + +Beertema [Page 3] + +RFC 1537 Common DNS Data File Configuration Errors October 1993 + + + When fully written out this stands for: + + pqr.foo.xx. MX 100 relay.yy. + xyz.foo.xx. MX 100 relay.yy.foo.xx. (name extension!) + +6. Missing secondary servers + + It is required that there be a least 2 nameservers for a domain. For + obvious reasons the nameservers for top level domains need to be very + well reachable from all over the Internet. This implies that there + must be more than just 2 of them; besides, most of the (secondary) + servers should be placed at "strategic" locations, e.g., close to a + point where international and/or intercontinental lines come + together. To keep things manageable, there shouldn't be too many + servers for a domain either. + + Important aspects in selecting the location of primary and secondary + servers are reliability (network, host) and expedient contacts: in + case of problems, changes/fixes must be carried out quickly. It + should be considered logical that primary servers for European top + level domains should run on a host in Europe, preferably (if + possible) in the country itself. For each top level domain there + should be 2 secondary servers in Europe and 2 in the USA, but there + may of course be more on either side. An excessive number of + nameservers is not a good idea though; a recommended maximum is 7 + nameservers. In Europe, EUnet has offered to run secondary server + for each European top level domain. + +7. Wildcard MX records + + Wildcard MX records should be avoided where possible. They often + cause confusion and errors: especially beginning nameserver managers + tend to overlook the fact that a host/domain listed with ANY type of + record in a zone file is NOT covered by an overall wildcard MX record + in that zone; this goes not only for simple domain/host names, but + also for names that cover one or more domains. Take the following + example in zone foo.bar: + + * MX 100 mailhost + pqr MX 100 mailhost + abc.def MX 100 mailhost + + This makes pqr.foo.bar, def.foo.bar and abd.def.foo.bar valid + domains, but the wildcard MX record covers NONE of them, nor anything + below them. To cover everything by MX records, the required entries + are: + + + + + +Beertema [Page 4] + +RFC 1537 Common DNS Data File Configuration Errors October 1993 + + + * MX 100 mailhost + pqr MX 100 mailhost + *.pqr MX 100 mailhost + abc.def MX 100 mailhost + *.def MX 100 mailhost + *.abc.def MX 100 mailhost + + An overall wildcard MX record is almost never useful. + + In particular the zone file of a top level domain should NEVER + contain only an overall wildcard MX record (*.XX). The effect of such + a wildcard MX record can be that mail is unnecessarily sent across + possibly expensive links, only to fail at the destination or gateway + that the record points to. Top level domain zone files should + explicitly list at least all the officially registered primary + subdomains. + + Whereas overall wildcard MX records should be avoided, wildcard MX + records are acceptable as an explicit part of subdomain entries, + provided they are allowed under a given subdomain (to be determined + by the naming authority for that domain). + + Example: + + foo.xx. MX 100 gateway.xx. + MX 200 fallback.yy. + *.foo.xx. MX 100 gateway.xx. + MX 200 fallback.yy. +8. Hostnames + + People appear to sometimes look only at STD 11, RFC 822 to determine + whether a particular hostname is correct or not. Hostnames should + strictly conform to the syntax given in STD 13, RFC 1034 (page 11), + with *addresses* in addition conforming to RFC 822. As an example + take "c&w.blues" which is perfectly legal according to RFC 822, but + which can have quite surprising effects on particular systems, e.g., + "telnet c&w.blues" on a Unix system. + +9. HINFO records + + There appears to be a common misunderstanding that one of the data + fields (usually the second field) in HINFO records is optional. A + recent scan of all reachable nameservers in only one country revealed + some 300 incomplete HINFO records. Specifying two data fields in a + HINFO record is mandatory (RFC 1033), but note that this does *not* + mean that HINFO records themselves are mandatory. + + + + + +Beertema [Page 5] + +RFC 1537 Common DNS Data File Configuration Errors October 1993 + + +10. Safety measures and specialties + + Nameservers and resolvers aren't flawless. Bogus queries should be + kept from being forwarded to the root servers, since they'll only + lead to unnecessary intercontinental traffic. Known bogus queries + that can easily be dealt with locally are queries for 0 and broadcast + addresses. To catch such queries, every nameserver should run + primary for the 0.in-addr.arpa and 255.in-addr.arpa zones; the zone + files need only contain a SOA and an NS record. + + Also each nameserver should run primary for 0.0.127.in-addr.arpa; + that zone file should contain a SOA and NS record and an entry: + + 1 PTR localhost. + + There has been extensive discussion about whether or not to append + the local domain to it. The conclusion was that "localhost." would be + the best solution; reasons given were: + + - "localhost" itself is used and expected to work on some systems. + + - translating 127.0.0.1 into "localhost.my_domain" can cause some + software to connect to itself using the loopback interface when + it didn't want to. + + Note that all domains that contain hosts should have a "localhost" A + record in them. + + People maintaining zone files with the Serial number given in dotted + decimal notation (e.g., when SCCS is used to maintain the files) + should beware of a bug in all BIND versions: if the serial number is + in Release.Version (dotted decimal) notation, then it is virtually + impossible to change to a higher release: because of the wrong way + that notation is turned into an integer, it results in a serial + number that is LOWER than that of the former release. + + For this reason and because the Serial is an (unsigned) integer + according to STD 13, RFC 1035, it is recommended not to use the + dotted decimal notation. A recommended notation is to use the date + (yyyymmdd), if necessary with an extra digit (yyyymmddn) if there is + or can be more than one change per day in a zone file. + + Very old versions of DNS resolver code have a bug that causes queries + for A records with domain names like "192.16.184.3" to go out. This + happens when users type in IP addresses and the resolver code does + not catch this case before sending out a DNS query. This problem has + been fixed in all resolver implementations known to us but if it + still pops up it is very serious because all those queries will go to + + + +Beertema [Page 6] + +RFC 1537 Common DNS Data File Configuration Errors October 1993 + + + the root servers looking for top level domains like "3" etc. It is + strongly recommended to install the latest (publicly) available BIND + version plus all available patches to get rid of these and other + problems. + + Running secondary nameserver off another secondary nameserver is + possible, but not recommended unless really necessary: there are + known cases where it has led to problems like bogus TTL values. This + can be caused by older or flawed implementations, but secondary + nameservers in principle should always transfer their zones from the + official primary nameserver. + +11. Some general points + + The Domain Name System and nameserver are purely technical tools, not + meant in any way to exert control or impose politics. The function of + a naming authority is that of a clearing house. Anyone registering a + subdomain under a particular (top level) domain becomes naming + authority and therewith the sole responsible for that subdomain. + Requests to enter MX or NS records concerning such a subdomain + therefore always MUST be honored by the registrar of the next higher + domain. + + Examples of practices that are not allowed are: + + - imposing specific mail routing (MX records) when registering + a subdomain. + + - making registration of a subdomain dependent on to the use of + certain networks or services. + + - using TXT records as a means of (free) commercial advertising. + + In the latter case a network service provider could decide to cut off + a particular site until the offending TXT records have been removed + from the site's zone file. + + Of course there are obvious cases where a naming authority can refuse + to register a particular subdomain and can require a proposed name to + be changed in order to get it registered (think of DEC trying to + register a domain IBM.XX). + + There are also cases were one has to probe the authority of the + person: sending in the application - not every systems manager should + be able to register a domain name for a whole university. The naming + authority can impose certain extra rules as long as they don't + violate or conflict with the rights and interest of the registrars of + subdomains; a top level domain registrar may e.g., require that there + + + +Beertema [Page 7] + +RFC 1537 Common DNS Data File Configuration Errors October 1993 + + + be primary subdomain "ac" and "co" only and that subdomains be + registered under those primary subdomains. + + The naming authority can also interfere in exceptional cases like the + one mentioned in point 4, e.g., by temporarily removing a domain's + entry from the nameserver zone files; this of course should be done + only with extreme care and only as a last resort. + + When adding NS records for subdomains, top level domain nameserver + managers should realize that the people setting up the nameserver for + a subdomain often are rather inexperienced and can make mistakes that + can easily lead to the subdomain becoming completely unreachable or + that can cause unnecessary DNS traffic (see point 1). It is therefore + highly recommended that, prior to entering such an NS record, the + (top level) nameserver manager does a couple of sanity checks on the + new nameserver (SOA record and timers OK?, MX records present where + needed? No obvious errors made? Listed secondary servers + operational?). Things that cannot be caught though by such checks + are: + + - resolvers set up to use external hosts as nameservers + + - nameservers set up to use external hosts as forwarders + without permission from those hosts. + + Care should also be taken when registering 2-letter subdomains. + Although this is allowed, an implication is that abbreviated + addressing (see STD 11, RFC 822, paragraph 6.2.2) is not possible in + and under that subdomain. When requested to register such a domain, + one should always notify the people of this consequence. As an + example take the name "cs", which is commonly used for Computer + Science departments: it is also the name of the top level domain for + Czecho-Slovakia, so within the domain cs.foo.bar the user@host.cs is + ambiguous in that in can denote both a user on the host + host.cs.foo.bar and a user on the host "host" in Czecho-Slovakia. + (This example does not take into account the recent political changes + in the mentioned country). + +References + + [1] Mockapetris, P., "Domain Names Concepts and Facilities", STD 13, + RFC 1034, USC/Information Sciences Institute, November 1987. + + [2] Mockapetris, P., "Domain Names Implementation and Specification", + STD 13, RFC 1035, USC/Information Sciences Institute, November + 1987. + + + + + +Beertema [Page 8] + +RFC 1537 Common DNS Data File Configuration Errors October 1993 + + + [3] Partridge, C., "Mail Routing and the Domain System", STD 14, RFC + 974, CSNET CIC BBN, January 1986. + + [4] Gavron, E., "A Security Problem and Proposed Correction With + Widely Deployed DNS Software", RFC 1535, ACES Research Inc., + October 1993. + + [5] Kumar, A., Postel, J., Neuman, C., Danzig, P., and S. Miller, + "Common DNS Implementation Errors and Suggested Fixes", RFC 1536, + USC/Information Sciences Institute, USC, October 1993. + +Security Considerations + + Security issues are not discussed in this memo. + +Author's Address + + Piet Beertema + CWI + Kruislaan 413 + NL-1098 SJ Amsterdam + The Netherlands + + Phone: +31 20 592 4112 + FAX: +31 20 592 4199 + EMail: Piet.Beertema@cwi.nl + + +Editor's Address + + Anant Kumar + USC Information Sciences Institute + 4676 Admiralty Way + Marina Del Rey CA 90292-6695 + + Phone:(310) 822-1511 + FAX: (310) 823-6741 + EMail: anant@isi.edu + + + + + + + + + + + + + +Beertema [Page 9] +
\ No newline at end of file diff --git a/usr.sbin/named/doc/rfc/rfc1591 b/usr.sbin/named/doc/rfc/rfc1591 new file mode 100644 index 00000000000..89e0a254a23 --- /dev/null +++ b/usr.sbin/named/doc/rfc/rfc1591 @@ -0,0 +1,395 @@ + + + + + + +Network Working Group J. Postel +Request for Comments: 1591 ISI +Category: Informational March 1994 + + + Domain Name System Structure and Delegation + + +Status of this Memo + + This memo provides information for the Internet community. This memo + does not specify an Internet standard of any kind. Distribution of + this memo is unlimited. + +1. Introduction + + This memo provides some information on the structure of the names in + the Domain Name System (DNS), specifically the top-level domain + names; and on the administration of domains. The Internet Assigned + Numbers Authority (IANA) is the overall authority for the IP + Addresses, the Domain Names, and many other parameters, used in the + Internet. The day-to-day responsibility for the assignment of IP + Addresses, Autonomous System Numbers, and most top and second level + Domain Names are handled by the Internet Registry (IR) and regional + registries. + +2. The Top Level Structure of the Domain Names + + In the Domain Name System (DNS) naming of computers there is a + hierarchy of names. The root of system is unnamed. There are a set + of what are called "top-level domain names" (TLDs). These are the + generic TLDs (EDU, COM, NET, ORG, GOV, MIL, and INT), and the two + letter country codes from ISO-3166. It is extremely unlikely that + any other TLDs will be created. + + Under each TLD may be created a hierarchy of names. Generally, under + the generic TLDs the structure is very flat. That is, many + organizations are registered directly under the TLD, and any further + structure is up to the individual organizations. + + In the country TLDs, there is a wide variation in the structure, in + some countries the structure is very flat, in others there is + substantial structural organization. In some country domains the + second levels are generic categories (such as, AC, CO, GO, and RE), + in others they are based on political geography, and in still others, + organization names are listed directly under the country code. The + organization for the US country domain is described in RFC 1480 [1]. + + + + +Postel [Page 1] + +RFC 1591 Domain Name System Structure and Delegation March 1994 + + + Each of the generic TLDs was created for a general category of + organizations. The country code domains (for example, FR, NL, KR, + US) are each organized by an administrator for that country. These + administrators may further delegate the management of portions of the + naming tree. These administrators are performing a public service on + behalf of the Internet community. Descriptions of the generic + domains and the US country domain follow. + + Of these generic domains, five are international in nature, and two + are restricted to use by entities in the United States. + + World Wide Generic Domains: + + COM - This domain is intended for commercial entities, that is + companies. This domain has grown very large and there is + concern about the administrative load and system performance if + the current growth pattern is continued. Consideration is + being taken to subdivide the COM domain and only allow future + commercial registrations in the subdomains. + + EDU - This domain was originally intended for all educational + institutions. Many Universities, colleges, schools, + educational service organizations, and educational consortia + have registered here. More recently a decision has been taken + to limit further registrations to 4 year colleges and + universities. Schools and 2-year colleges will be registered + in the country domains (see US Domain, especially K12 and CC, + below). + + NET - This domain is intended to hold only the computers of network + providers, that is the NIC and NOC computers, the + administrative computers, and the network node computers. The + customers of the network provider would have domain names of + their own (not in the NET TLD). + + ORG - This domain is intended as the miscellaneous TLD for + organizations that didn't fit anywhere else. Some non- + government organizations may fit here. + + INT - This domain is for organizations established by international + treaties, or international databases. + + United States Only Generic Domains: + + GOV - This domain was originally intended for any kind of government + office or agency. More recently a decision was taken to + register only agencies of the US Federal government in this + domain. State and local agencies are registered in the country + + + +Postel [Page 2] + +RFC 1591 Domain Name System Structure and Delegation March 1994 + + + domains (see US Domain, below). + + MIL - This domain is used by the US military. + + Example country code Domain: + + US - As an example of a country domain, the US domain provides for + the registration of all kinds of entities in the United States + on the basis of political geography, that is, a hierarchy of + <entity-name>.<locality>.<state-code>.US. For example, + "IBM.Armonk.NY.US". In addition, branches of the US domain are + provided within each state for schools (K12), community colleges + (CC), technical schools (TEC), state government agencies + (STATE), councils of governments (COG),libraries (LIB), museums + (MUS), and several other generic types of entities (see RFC 1480 + for details [1]). + + To find a contact for a TLD use the "whois" program to access the + database on the host rs.internic.net. Append "-dom" to the name of + TLD you are interested in. For example: + + whois -h rs.internic.net us-dom + or + whois -h rs.internic.net edu-dom + +3. The Administration of Delegated Domains + + The Internet Assigned Numbers Authority (IANA) is responsible for the + overall coordination and management of the Domain Name System (DNS), + and especially the delegation of portions of the name space called + top-level domains. Most of these top-level domains are two-letter + country codes taken from the ISO standard 3166. + + A central Internet Registry (IR) has been selected and designated to + handled the bulk of the day-to-day administration of the Domain Name + System. Applications for new top-level domains (for example, country + code domains) are handled by the IR with consultation with the IANA. + The central IR is INTERNIC.NET. Second level domains in COM, EDU, + ORG, NET, and GOV are registered by the Internet Registry at the + InterNIC. The second level domains in the MIL are registered by the + DDN registry at NIC.DDN.MIL. Second level names in INT are + registered by the PVM at ISI.EDU. + + While all requests for new top-level domains must be sent to the + Internic (at hostmaster@internic.net), the regional registries are + often enlisted to assist in the administration of the DNS, especially + in solving problems with a country administration. Currently, the + RIPE NCC is the regional registry for Europe and the APNIC is the + + + +Postel [Page 3] + +RFC 1591 Domain Name System Structure and Delegation March 1994 + + + regional registry for the Asia-Pacific region, while the INTERNIC + administers the North America region, and all the as yet undelegated + regions. + + The contact mailboxes for these regional registries are: + + INTERNIC hostmaster@internic.net + APNIC hostmaster@apnic.net + RIPE NCC ncc@ripe.net + + The policy concerns involved when a new top-level domain is + established are described in the following. Also mentioned are + concerns raised when it is necessary to change the delegation of an + established domain from one party to another. + + A new top-level domain is usually created and its management + delegated to a "designated manager" all at once. + + Most of these same concerns are relevant when a sub-domain is + delegated and in general the principles described here apply + recursively to all delegations of the Internet DNS name space. + + The major concern in selecting a designated manager for a domain is + that it be able to carry out the necessary responsibilities, and have + the ability to do a equitable, just, honest, and competent job. + + 1) The key requirement is that for each domain there be a designated + manager for supervising that domain's name space. In the case of + top-level domains that are country codes this means that there is + a manager that supervises the domain names and operates the domain + name system in that country. + + The manager must, of course, be on the Internet. There must be + Internet Protocol (IP) connectivity to the nameservers and email + connectivity to the management and staff of the manager. + + There must be an administrative contact and a technical contact + for each domain. For top-level domains that are country codes at + least the administrative contact must reside in the country + involved. + + 2) These designated authorities are trustees for the delegated + domain, and have a duty to serve the community. + + The designated manager is the trustee of the top-level domain for + both the nation, in the case of a country code, and the global + Internet community. + + + + +Postel [Page 4] + +RFC 1591 Domain Name System Structure and Delegation March 1994 + + + Concerns about "rights" and "ownership" of domains are + inappropriate. It is appropriate to be concerned about + "responsibilities" and "service" to the community. + + 3) The designated manager must be equitable to all groups in the + domain that request domain names. + + This means that the same rules are applied to all requests, all + requests must be processed in a non-discriminatory fashion, and + academic and commercial (and other) users are treated on an equal + basis. No bias shall be shown regarding requests that may come + from customers of some other business related to the manager -- + e.g., no preferential service for customers of a particular data + network provider. There can be no requirement that a particular + mail system (or other application), protocol, or product be used. + + There are no requirements on subdomains of top-level domains + beyond the requirements on higher-level domains themselves. That + is, the requirements in this memo are applied recursively. In + particular, all subdomains shall be allowed to operate their own + domain name servers, providing in them whatever information the + subdomain manager sees fit (as long as it is true and correct). + + 4) Significantly interested parties in the domain should agree that + the designated manager is the appropriate party. + + The IANA tries to have any contending parties reach agreement + among themselves, and generally takes no action to change things + unless all the contending parties agree; only in cases where the + designated manager has substantially mis-behaved would the IANA + step in. + + However, it is also appropriate for interested parties to have + some voice in selecting the designated manager. + + There are two cases where the IANA and the central IR may + establish a new top-level domain and delegate only a portion of + it: (1) there are contending parties that cannot agree, or (2) the + applying party may not be able to represent or serve the whole + country. The later case sometimes arises when a party outside a + country is trying to be helpful in getting networking started in a + country -- this is sometimes called a "proxy" DNS service. + + The Internet DNS Names Review Board (IDNB), a committee + established by the IANA, will act as a review panel for cases in + which the parties can not reach agreement among themselves. The + IDNB's decisions will be binding. + + + + +Postel [Page 5] + +RFC 1591 Domain Name System Structure and Delegation March 1994 + + + 5) The designated manager must do a satisfactory job of operating the + DNS service for the domain. + + That is, the actual management of the assigning of domain names, + delegating subdomains and operating nameservers must be done with + technical competence. This includes keeping the central IR (in + the case of top-level domains) or other higher-level domain + manager advised of the status of the domain, responding to + requests in a timely manner, and operating the database with + accuracy, robustness, and resilience. + + There must be a primary and a secondary nameserver that have IP + connectivity to the Internet and can be easily checked for + operational status and database accuracy by the IR and the IANA. + + In cases when there are persistent problems with the proper + operation of a domain, the delegation may be revoked, and possibly + delegated to another designated manager. + + 6) For any transfer of the designated manager trusteeship from one + organization to another, the higher-level domain manager (the IANA + in the case of top-level domains) must receive communications from + both the old organization and the new organization that assure the + IANA that the transfer in mutually agreed, and that the new + organization understands its responsibilities. + + It is also very helpful for the IANA to receive communications + from other parties that may be concerned or affected by the + transfer. + +4. Rights to Names + + 1) Names and Trademarks + + In case of a dispute between domain name registrants as to the + rights to a particular name, the registration authority shall have + no role or responsibility other than to provide the contact + information to both parties. + + The registration of a domain name does not have any Trademark + status. It is up to the requestor to be sure he is not violating + anyone else's Trademark. + + 2) Country Codes + + The IANA is not in the business of deciding what is and what is + not a country. + + + + +Postel [Page 6] + +RFC 1591 Domain Name System Structure and Delegation March 1994 + + + The selection of the ISO 3166 list as a basis for country code + top-level domain names was made with the knowledge that ISO has a + procedure for determining which entities should be and should not + be on that list. + +5. Security Considerations + + Security issues are not discussed in this memo. + +6. Acknowledgements + + Many people have made comments on draft version of these descriptions + and procedures. Steve Goldstein and John Klensin have been + particularly helpful. + +7. Author's Address + + Jon Postel + USC/Information Sciences Institute + 4676 Admiralty Way + Marina del Rey, CA 90292 + + Phone: 310-822-1511 + Fax: 310-823-6714 + EMail: Postel@ISI.EDU + +7. References + + [1] Cooper, A., and J. Postel, "The US Domain", RFC 1480, + USC/Information Sciences Institute, June 1993. + + [2] Reynolds, J., and J. Postel, "Assigned Numbers", STD 2, RFC 1340, + USC/Information Sciences Institute, July 1992. + + [3] Mockapetris, P., "Domain Names - Concepts and Facilities", STD + 13, RFC 1034, USC/Information Sciences Institute, November 1987. + + [4] Mockapetris, P., "Domain Names - Implementation and + Specification", STD 13, RFC 1035, USC/Information Sciences + Institute, November 1987. + + [6] Partridge, C., "Mail Routing and the Domain System", STD 14, RFC + 974, CSNET CIC BBN, January 1986. + + [7] Braden, R., Editor, "Requirements for Internet Hosts -- + Application and Support", STD 3, RFC 1123, Internet Engineering + Task Force, October 1989. + + + + +Postel [Page 7] + diff --git a/usr.sbin/named/doc/rfc/rfc1597 b/usr.sbin/named/doc/rfc/rfc1597 new file mode 100644 index 00000000000..a9d747c06c5 --- /dev/null +++ b/usr.sbin/named/doc/rfc/rfc1597 @@ -0,0 +1,451 @@ + + + + + + +Network Working Group Y. Rekhter +Request for Comments: 1597 T.J. Watson Research Center, IBM Corp. +Category: Informational B. Moskowitz + Chrysler Corp. + D. Karrenberg + RIPE NCC + G. de Groot + RIPE NCC + March 1994 + + + Address Allocation for Private Internets + +Status of this Memo + + This memo provides information for the Internet community. This memo + does not specify an Internet standard of any kind. Distribution of + this memo is unlimited. + +1. Introduction + + This RFC describes methods to preserve IP address space by not + allocating globally unique IP addresses to hosts private to an + enterprise while still permitting full network layer connectivity + between all hosts inside an enterprise as well as between all public + hosts of different enterprises. The authors hope, that using these + methods, significant savings can be made on allocating IP address + space. + + For the purposes of this memo, an enterprise is an entity + autonomously operating a network using TCP/IP and in particular + determining the addressing plan and address assignments within that + network. + +2. Motivation + + With the proliferation of TCP/IP technology worldwide, including + outside the Internet itself, an increasing number of non-connected + enterprises use this technology and its addressing capabilities for + sole intra-enterprise communications, without any intention to ever + directly connect to other enterprises or the Internet itself. + + The current practice is to assign globally unique addresses to all + hosts that use TCP/IP. There is a growing concern that the finite IP + address space might become exhausted. Therefore, the guidelines for + assigning IP address space have been tightened in recent years [1]. + These rules are often more conservative than enterprises would like, + in order to implement and operate their networks. + + + +Rekhter, Moskowitz, Karrenberg & de Groot [Page 1] + +RFC 1597 Address Allocation for Private Internets March 1994 + + + Hosts within enterprises that use IP can be partitioned into three + categories: + + - hosts that do not require access to hosts in other enterprises + or the Internet at large; + + - hosts that need access to a limited set of outside services + (e.g., E-mail, FTP, netnews, remote login) which can be handled + by application layer gateways; + + - hosts that need network layer access outside the enterprise + (provided via IP connectivity); + + - hosts within the first category may use IP addresses that are + unambiguous within an enterprise, but may be ambiguous between + enterprises. + + For many hosts in the second category an unrestricted external access + (provided via IP connectivity) may be unnecessary and even + undesirable for privacy/security reasons. Just like hosts within the + first category, such hosts may use IP addresses that are unambiguous + within an enterprise, but may be ambiguous between enterprises. + + Only hosts in the last category require IP addresses that are + globally unambiguous. + + Many applications require connectivity only within one enterprise and + do not even need external connectivity for the majority of internal + hosts. In larger enterprises it is often easy to identify a + substantial number of hosts using TCP/IP that do not need network + layer connectivity outside the enterprise. + + Some examples, where external connectivity might not be required, + are: + + - A large airport which has its arrival/departure displays + individually addressable via TCP/IP. It is very unlikely that + these displays need to be directly accessible from other + networks. + + - Large organisations like banks and retail chains are switching + to TCP/IP for their internal communication. Large numbers of + local workstations like cash registers, money machines, and + equipment at clerical positions rarely need to have such + connectivity. + + + + + + +Rekhter, Moskowitz, Karrenberg & de Groot [Page 2] + +RFC 1597 Address Allocation for Private Internets March 1994 + + + - For security reasons, many enterprises use application layer + gateways (e.g., firewalls) to connect their internal network to + the Internet. The internal network usually does not have direct + access to the Internet, thus only one or more firewall hosts are + visible from the Internet. In this case, the internal network + can use non-unique IP numbers. + + - If two enterprises communicate over their own private link, + usually only a very limited set of hosts is mutually reachable + from the other enterprise over this link. Only those hosts need + globally unique IP numbers. + + - Interfaces of routers on an internal network usually do not + need to be directly accessible from outside the enterprise. + +3. Private Address Space + + The Internet Assigned Numbers Authority (IANA) has reserved the + following three blocks of the IP address space for private networks: + + 10.0.0.0 - 10.255.255.255 + 172.16.0.0 - 172.31.255.255 + 192.168.0.0 - 192.168.255.255 + + We will refer to the first block as "24-bit block", the second as + "20-bit block, and to the third as "16-bit" block. Note that the + first block is nothing but a single class A network number, while the + second block is a set of 16 contiguous class B network numbers, and + third block is a set of 255 contiguous class C network numbers. + + An enterprise that decides to use IP addresses out of the address + space defined in this document can do so without any coordination + with IANA or an Internet registry. The address space can thus be + used by many enterprises. Addresses within this private address + space will only be unique within the enterprise. + + As before, any enterprise that needs globally unique address space is + required to obtain such addresses from an Internet registry. An + enterprise that requests IP addresses for its external connectivity + will never be assigned addresses from the blocks defined above. + + In order to use private address space, an enterprise needs to + determine which hosts do not need to have network layer connectivity + outside the enterprise in the foreseeable future. Such hosts will be + called private hosts, and will use the private address space defined + above. Private hosts can communicate with all other hosts inside the + enterprise, both public and private. However, they cannot have IP + connectivity to any external host. While not having external network + + + +Rekhter, Moskowitz, Karrenberg & de Groot [Page 3] + +RFC 1597 Address Allocation for Private Internets March 1994 + + + layer connectivity private hosts can still have access to external + services via application layer relays. + + All other hosts will be called public and will use globally unique + address space assigned by an Internet Registry. Public hosts can + communicate with other hosts inside the enterprise both public and + private and can have IP connectivity to external public hosts. + Public hosts do not have connectivity to private hosts of other + enterprises. + + Moving a host from private to public or vice versa involves a change + of IP address. + + Because private addresses have no global meaning, routing information + about private networks shall not be propagated on inter-enterprise + links, and packets with private source or destination addresses + should not be forwarded across such links. Routers in networks not + using private address space, especially those of Internet service + providers, are expected to be configured to reject (filter out) + routing information about private networks. If such a router + receives such information the rejection shall not be treated as a + routing protocol error. + + Indirect references to such addresses should be contained within the + enterprise. Prominent examples of such references are DNS Resource + Records and other information referring to internal private + addresses. In particular, Internet service providers should take + measures to prevent such leakage. + +4. Advantages and Disadvantages of Using Private Address Space + + The obvious advantage of using private address space for the Internet + at large is to conserve the globally unique address space by not + using it where global uniqueness is not required. + + Enterprises themselves also enjoy a number of benefits from their + usage of private address space: They gain a lot of flexibility in + network design by having more address space at their disposal than + they could obtain from the globally unique pool. This enables + operationally and administratively convenient addressing schemes as + well as easier growth paths. + + For a variety of reasons the Internet has already encountered + situations where an enterprise that has not between connected to the + Internet had used IP address space for its hosts without getting this + space assigned from the IANA. In some cases this address space had + been already assigned to other enterprises. When such an enterprise + later connects to the Internet, it could potentially create very + + + +Rekhter, Moskowitz, Karrenberg & de Groot [Page 4] + +RFC 1597 Address Allocation for Private Internets March 1994 + + + serious problems, as IP routing cannot provide correct operations in + presence of ambiguous addressing. Using private address space + provides a safe choice for such enterprises, avoiding clashes once + outside connectivity is needed. + + One could argue that the potential need for renumbering represents a + significant drawback of using the addresses out of the block + allocated for private internets. However, we need to observe that + the need is only "potential", since many hosts may never move into + the third category, and an enterprise may never decide to + interconnect (at IP level) with another enterprise. + + But even if renumbering has to happen, we have to observe that with + Classless Inter-Domain Routing (CIDR) an enterprise that is connected + to the Internet may be encouraged to renumber its public hosts, as it + changes its Network Service Providers. Thus renumbering is likely to + happen more often in the future, regardless of whether an enterprise + does or does not use the addresses out of the block allocated for + private networks. Tools to facilitate renumbering (e.g., DHCP) would + certainly make it less of a concern. + + Also observe that the clear division of public and private hosts and + the resulting need to renumber makes uncontrolled outside + connectivity more difficult, so to some extend the need to renumber + could be viewed as an advantage. + +5. Operational Considerations + + A recommended strategy is to design the private part of the network + first and use private address space for all internal links. Then + plan public subnets at the locations needed and design the external + connectivity. + + This design is not fixed permanently. If a number of hosts require + to change status later this can be accomplished by renumbering only + the hosts involved and installing another physical subnet if + required. + + If a suitable subnetting scheme can be designed and is supported by + the equipment concerned, it is advisable to use the 24-bit block of + private address space and make an addressing plan with a good growth + path. If subnetting is a problem, the 16-bit class C block, which + consists of 255 contiguous class C network numbers, can be used. + + Using multiple IP (sub)nets on the same physical medium has many + pitfalls. We recommend to avoid it unless the operational problems + are well understood and it is proven that all equipment supports this + properly. + + + +Rekhter, Moskowitz, Karrenberg & de Groot [Page 5] + +RFC 1597 Address Allocation for Private Internets March 1994 + + + Moving a single host between private and public status will involve a + change of address and in most cases physical connectivity. In + locations where such changes can be foreseen (machine rooms etc.) it + may be advisable to configure separate physical media for public and + private subnets to facilitate such changes. + + Changing the status of all hosts on a whole (sub)network can be done + easily and without disruption for the enterprise network as a whole. + Consequently it is advisable to group hosts whose connectivity needs + might undergo similar changes in the future on their own subnets. + + It is strongly recommended that routers which connect enterprises to + external networks are set up with appropriate packet and routing + filters at both ends of the link in order to prevent packet and + routing information leakage. An enterprise should also filter any + private networks from inbound routing information in order to protect + itself from ambiguous routing situations which can occur if routes to + the private address space point outside the enterprise. + + Groups of organisations which foresee a big need for mutual + communication can consider forming an enterprise by designing a + common addressing plan supported by the necessary organisational + arrangements like a registry. + + If two sites of the same enterprise need to be connected using an + external service provider, they can consider using an IP tunnel to + prevent packet leaks form the private network. + + A possible approach to avoid leaking of DNS RRs is to run two + nameservers, one external server authoritative for all globally + unique IP addresses of the enterprise and one internal nameserver + authoritative for all IP addresses of the enterprise, both public and + private. In order to ensure consistency both these servers should be + configured from the same data of which the external nameserver only + receives a filtered version. + + The resolvers on all internal hosts, both public and private, query + only the internal nameserver. The external server resolves queries + from resolvers outside the enterprise and is linked into the global + DNS. The internal server forwards all queries for information + outside the enterprise to the external nameserver, so all internal + hosts can access the global DNS. This ensures that information about + private hosts does not reach resolvers and nameservers outside the + enterprise. + + + + + + + +Rekhter, Moskowitz, Karrenberg & de Groot [Page 6] + +RFC 1597 Address Allocation for Private Internets March 1994 + + +6. References + + [1] Gerich, E., "Guidelines for Management of IP Address Space", RFC + 1466, Merit Network, Inc., May 1993. + +7. Security Considerations + + While using private address space can improve security, it is not a + substitute for dedicated security measures. + +8. Conclusion + + With the described scheme many large enterprises will need only a + relatively small block of addresses from the globally unique IP + address space. The Internet at large benefits through conservation + of globally unique address space which will effectively lengthen the + lifetime of the IP address space. The enterprises benefit from the + increased flexibility provided by a relatively large private address + space. + +9. Acknowledgments + + We would like to thank Tony Bates (RIPE NCC), Jordan Becker (ANS), + Hans-Werner Braun (SDSC), Ross Callon (Wellfleet), John Curran + (NEARNET), Vince Fuller (Barrnet), Tony Li (cisco Systems), Anne Lord + (RIPE NCC), Milo Medin (NSI), Marten Terpstra (RIPE NCC), and Geza + Turchanyi (RIPE NCC) for their review and constructive comments. + + + + + + + + + + + + + + + + + + + + + + + + +Rekhter, Moskowitz, Karrenberg & de Groot [Page 7] + +RFC 1597 Address Allocation for Private Internets March 1994 + + +10. Authors' Addresses + + Yakov Rekhter + T.J. Watson Research Center, IBM Corp. + P.O. Box 218 + Yorktown Heights, NY, 10598 + + Phone: +1 914 945 3896 + Fax: +1 914 945 2141 + EMail: yakov@watson.ibm.com + + + Robert G Moskowitz + Chrysler Corporation + CIMS: 424-73-00 + 25999 Lawrence Ave + Center Line, MI 48015 + + Phone: +1 810 758 8212 + Fax: +1 810 758 8173 + EMail: 3858921@mcimail.com + + + Daniel Karrenberg + RIPE Network Coordination Centre + Kruislaan 409 + 1098 SJ Amsterdam, the Netherlands + + Phone: +31 20 592 5065 + Fax: +31 20 592 5090 + EMail: Daniel.Karrenberg@ripe.net + + + Geert Jan de Groot + RIPE Network Coordination Centre + Kruislaan 409 + 1098 SJ Amsterdam, the Netherlands + + Phone: +31 20 592 5065 + Fax: +31 20 592 5090 + EMail: GeertJan.deGroot@ripe.net + + + + + + + + + + +Rekhter, Moskowitz, Karrenberg & de Groot [Page 8] + diff --git a/usr.sbin/named/doc/rfc/rfc1627 b/usr.sbin/named/doc/rfc/rfc1627 new file mode 100644 index 00000000000..cbfc9fa244e --- /dev/null +++ b/usr.sbin/named/doc/rfc/rfc1627 @@ -0,0 +1,451 @@ + + + + + + +Network Working Group E. Lear +Request for Comments: 1627 Silicon Graphics, Inc. +Category: Informational E. Fair + Apple Computer, Inc. + D. Crocker + Silicon Graphics, Inc. + T. Kessler + Sun Microsystems, Inc. + July 1994 + + + Network 10 Considered Harmful + (Some Practices Shouldn't be Codified) + +Status of this Memo + + This memo provides information for the Internet community. This memo + does not specify an Internet standard of any kind. Distribution of + this memo is unlimited. + +SUMMARY + + Re-use of Internet addresses for private IP networks is the topic of + the recent RFC 1597 [1]. It reserves a set of IP network numbers, + for (re-)use by any number of organizations, so long as those + networks are not routed outside any single, private IP network. RFC + 1597 departs from the basic architectural rule that IP addresses must + be globally unique, and it does so without having had the benefit of + the usual, public review and approval by the IETF or IAB. This + document restates the arguments for maintaining a unique address + space. Concerns for Internet architecture and operations, as well as + IETF procedure, are explored. + +INTRODUCTION + + Growth in use of Internet technology and in attachments to the + Internet have taken us to the point that we now are in danger of + running out of unassigned IP network numbers. Initially, numbers + were formally assigned only when a network was about to be attached + to the Internet. This caused difficulties when initial use of IP + substantially preceded the decision and permission to attach to the + Internet. In particular, re-numbering was painful. The lesson that + we learned was that every IP address ought to be globally unique, + independent of its attachment to the Internet. This makes it + possible for any two network entities to communicate, no matter where + either might be located. This model is the result of a decades-long + evolution, through which the community realized how painful it can be + to convert a network of computers to use an assigned number after + + + +Lear, Fair, Crocker & Kessler [Page 1] + +RFC 1627 Network 10 Considered Harmful July 1994 + + + using random or default addresses found on computers just out of the + box. RFC 1597 abrogates this model without benefit of general IETF + community discussion and consensus, leaving policy and operational + questions unasked and unanswered. + +KEEP OUR EYES ON THE PRIZE: AN ARCHITECTURAL GOAL AND VIOLATION + + A common -- if not universal -- ideal for the future of IP is for + every system to be globally accessible, given the proper security + mechanisms. Whether such systems comprise toasters, light switches, + utility power poles, field medical equipment, or the classic examples + of "computers", our current model of assignment is to ensure that + they can interoperate. + + In order for such a model to work there must exist a globally unique + addressing system. A common complaint throughout the community is + that the existing security in host software does not allow for every + (or even many) hosts in a corporate environment to have direct IP + access. When this problem is addressed through proper privacy and + authentication standards, non-unique IP addresses will become a + bottleneck to easy deployment if the recommendations in RFC 1597 are + followed. + + The IP version 4 (IPv4) address space will be exhausted. The + question is simply: when? + + If we assert that all IP addresses must be unique globally, connected + or not, then we will run out of IP address space soon. + + If we assert that only IP addresses used on the world-wide Internet + need to be globally unique, then we will run out of IP address space + later. + + It is absolutely key to keep the Internet community's attention + focused on the efforts toward IP next generation (IPng), so that we + may transcend the limitations of IPv4. RFC 1597 produces apparent + relief from IPv4 address space exhaustion by masking those networks + that are not connecting to the Internet, today. However, this + apparent relief will likely produce two results: complacency on the + large part of the community that does not take the long term view, + and a very sudden IP address space exhaustion at some later date. + + Prior to IPng deployment, it is important to preserve all the + semantics that make both the Internet and Internet technology so very + valuable for interoperability. Apple Computer, IBM, and Motorola + could not collaborate as easily as they have to produce the PowerPC + without uniquely assigned IP addresses. The same can be said of the + Silicon Graphics merger with MIPS. There are many, many more examples + + + +Lear, Fair, Crocker & Kessler [Page 2] + +RFC 1627 Network 10 Considered Harmful July 1994 + + + that can be cited. + + It should be noted that a scheme similar to RFC 1597 can be + implemented at the time that we actually run out of assignable IPv4 + address space; it simply requires that those organizations which have + been assigned addresses but are not yet connected to the Internet + return their addresses to IANA. It is important that the IAB (and + IANA as its agent) reassert their ownership of the IP address space + now, to preclude challenges to this type of reassignment. + +OPERATIONAL ISSUES + +RFC 1597 Implementations + + Methods are needed to ensure that the remaining addresses are + allocated and used frugally. Due to the current problems, Internet + service providers have made it increasingly difficult for + organizations to acquire public IP network numbers. Private networks + have always had the option of using addresses not assigned to them by + appropriate authorities. We do not know how many such networks + exist, because by their nature they do not interact with the global + Internet. By using a random address, a company must take some care + to ensure it is able to route to the properly registered owner of + that network. + + RFC 1597 proposes to solve the routing problem by assigning numbers + that will never be used outside of private environments. Using such + standard numbers introduces a potential for clashes in another way. + If two private networks follow RFC 1597 and then later wish to + communicate with each other, one will have to renumber. The same + problem occurs if a private network wishes to become public. The + likely cost of renumbering is linear to the number of hosts on a + network. Thus, a large company with 10,000 hosts on a network could + incur considerable expense if it either merged with another company + or joined the Internet in such a way as to allow all hosts to + directly access the outside network. + + The probability of address clashes occurring over time approach 100% + with RFC 1597. Picking a random network number reduces the chances + of having to renumber hosts, but introduces the routing problems + described above. Best of all, retrieving assigned numbers from the + appropriate authority in the first place eliminates both existing and + potential address conflicts at the cost of using a part of the + address space. + + Apple Computer once believed that none of its internal systems would + ever speak IP directly to the outside world, and as such, network + operations picked IP class A network 90 out of thin air to use. + + + +Lear, Fair, Crocker & Kessler [Page 3] + +RFC 1627 Network 10 Considered Harmful July 1994 + + + Apple is only now recovering from this error, having renumbered some + 5,000 hosts to provide them with "desktop" Internet access. Unless + the Internet community reaffirms its commitment to a globally unique + address space, we condemn many thousands of organizations to similar + pain when they too attempt to answer the call of the global Internet. + + Another timely example of problems caused by RFC 1597 is Sun's use of + Internet multicasting. Sun selectively relays specific multicast + conferences. This has the effect of making many hosts at Sun visible + to the Internet, even though they are not addressable via IP unicast + routing. If they had non-global addresses this would not work at + all. It is not possible to predict which machines need global + addresses in advance. Silicon Graphics has a similar configuration, + as is likely for others, as well. + + Some might argue that assigning numbers to use for private networks + will prevent accidental leaks from occurring through some sort of + convention a'la Martian packets. While the proposal attempts to + create a standard for "private" address use, there is absolutely no + way to ensure that other addresses are not also used. + + Hence, the "standard" becomes nothing but a misleading heuristic. In + fact, it is essential that routers to the global Internet advertise + networks based only on explicit permission, rather than refusing to + advertise others based on implicit prohibition, as supported by the + policy formally created in RFC 1597. + +Security Issues + + Administrators will have a hard time spotting unauthorized networks, + when their network has been breached (either intentionally or + unintentionally) because the other networks might have the same + numbers as those normally in the routing tables. More over, an + inadvertent connection could possibly have a double whammy effect of + partitioning two operational networks. + + It is worth emphasizing that IP providers should filter out all but + authorized networks. Such a practice would not only prevent + accidents but also enhance the security of the Internet by reducing + the potential number of points of attack. + + Internet multicasting adds a new dimension to security. In some + cases it may possible to allow multicasting through firewalls that + completely restrict unicast routing. Otherwise unconnected networks + might well need unique addresses, as illustrated in the example + above. + + + + + +Lear, Fair, Crocker & Kessler [Page 4] + +RFC 1627 Network 10 Considered Harmful July 1994 + + +Problems with Examples + + RFC 1597 gives several examples of IP networks that need not have + globally unique address spaces. Each of those cases is plausible, + but that does not make it legitimate to ENCOURAGE non-uniqueness of + the addresses. In fact, it is equally plausible that globally unique + IP addresses will be required, for every one of the scenarios + described in RFC 1597: + + - Airport displays are public information and multicasting beyond the + airport might be useful. + + - An organization's machines which, today, do not need global + connectivity might need it tomorrow. Further, merging + organizations creates havoc when the addresses collide. + + - Current use of firewalls is an artifact of limitations in the + technology. Let's fix the problem, not the symptom. + + - Inter-organization private links do not generate benefit from being + any more correct in guessing which machines want to interact than + is true for general Internet access. + + This is another point that warrants repetition: the belief that + administrators can predict which machines will need Internet access + is quite simply wrong. We need to reduce or eliminate the penalties + associated with that error, in order to encourage as much Internet + connectivity as operational policies and technical security permit. + RFC 1597 works very much against this goal. + +Problems With "Advantages" And More Disadvantages + + RFC 1597 claims that Classless Inter-Domain Routing (CIDR) will + require enterprises to renumber their networks. In the general case, + this will only involve those networks that are routed outside of + enterprises. Since RFC 1597 addresses private enterprise networks, + this argument does not apply. + + The authors mention that DCHP-based tools [2] might help network + number transition. However, it is observed that by and large such + tools are currently only "potential" in nature. + + Additionally, with the onslaught of ISDN, slip, and PPP in host + implementations, the potential for a workstation to become a router + inadvertently has never been greater. Use of a common set of + addresses for private networks virtually assures administrators of + having their networks partitioned, if they do not take care to + carefully control modem connections. + + + +Lear, Fair, Crocker & Kessler [Page 5] + +RFC 1627 Network 10 Considered Harmful July 1994 + + + Finally, RFC 1597 implies that it may be simple to change a host's IP + address. For a variety of reasons this may not be the case, and it + is not the norm today. For example, a host may be well known within + a network. It may have long standing services such as NFS, which + would cause problems for clients were its address changed. A host + may have software licenses locked by IP address. Thus, migrating a + host from private to global addressing may prove difficult. At the + very least, one should be careful about addressing well known hosts. + +POLICY ISSUES + +IANA Has Overstepped Their Mandate + + For many years, IANA has followed an assignment policy based on the + expectation of Internet connectivity for ALL assignees. As such it + serves to encourage interconnectivity. IANA assignment of the + network numbers listed in RFC 1597 serves to formally authorize + behavior contrary to this accepted practice. Further, this change + was effected without benefit of community review and approval. + + RFC 1597 specifies a new operational requirement explicitly: network + service providers must filter the IANA assigned network numbers + listed in RFC 1597 from their routing tables. This address space + allocation is permanently removed from being used on the Internet. + + As we read RFC 1601 [3], this action is not within the purview of + IANA, which should only be assigning numbers within the current + standards and axioms that underlie the Internet. IP network numbers + are assigned uniquely under the assumption that they will be used on + the Internet at some future date. Such assignments violate that + axiom, and constitute an architectural change to the Internet. RFC + 1602 [4] and RFC 1310 [5] also contain identical wording to this + effect in the section that describes IANA. + + While RFC 1597 contains a view worthy of public debate, it is not + ready for formal authorization. Hence, we strongly encourage IANA to + withdraw its IP address assignments documented by RFC 1597 forthwith. + + The IAB should review the address assignment policies and procedures + that compose IANA's mandate, and reaffirm the commitment to a + globally unique IP address space. + +COMMENTS AND CONCLUSIONS + + The Internet technology and service is predicated on a global address + space. Members of the Internet community have already experienced + and understood the problems and pains associated with uncoordinated + private network number assignments. In effect the proposal attempts + + + +Lear, Fair, Crocker & Kessler [Page 6] + +RFC 1627 Network 10 Considered Harmful July 1994 + + + to codify uncoordinated behavior and alter the accepted Internet + addressing model. Hence, it needs to be considered much more + thoroughly. + + RFC 1597 gives the illusion of remedying a problem, by creating + formal structure to a long-standing informal practice. In fact, the + structure distracts us from the need to solve these very real + problems and does not even provide substantive aid in the near-term. + + In the past we have all dreaded the idea of having any part of the + address space re-used. Numerous luminaries have both written and + spoke at length, explaining why it is we want direct connections from + one host to another. Before straying from the current architectural + path, we as a community should revisit the reasoning behind the + preaching of unique addressing. While RFC 1597 attempts to change + this model, its costs and limitations for enterprises can be + enormous, both in the short and long term. + +REFERENCES + + [1] Rekhter, Y., Moskowitz, B., Karrenberg, D., and G. de Groot, + "Address Allocation for Private Internets", T.J. Watson Research + Center, IBM Corp., Chrysler Corp., RIPE NCC, RFC 1597, March + 1994. + + [2] Droms, R., "Dynamic Host Configuration Protocol", RFC 1541, + Bucknell University, October 1993. + + [3] Huitema, C., "Charter of the Internet Architecture Board (IAB)", + RFC 1601, IAB, March 1994. + + [4] Internet Architecture Board, Internet Engineering Steering + Group, "The Internet Standards Process -- Revision 2", IAB, + IESG, RFC 1602, March 1994. + + [5] Internet Activities Board, "The Internet Standards Process", RFC + 1310, IAB, March 1992. + + [6] Internet Activities Board, "Summary of Internet Architecture + Discussion", Notes available from ISI, [ftp.isi.edu: + pub/IAB/IABmins.jan91Arch.txt], IAB, January 1991. + +SECURITY CONSIDERATIONS + + See the section, "Security Issues". + + + + + + +Lear, Fair, Crocker & Kessler [Page 7] + +RFC 1627 Network 10 Considered Harmful July 1994 + + +AUTHORS' ADDRESSES + + Eliot Lear + Silicon Graphics, Inc. + 2011 N. Shoreline Blvd. + Mountain View, CA + 94043-1389 + + Phone: +1 415 390 2414 + EMail: lear@sgi.com + + + Erik Fair + Apple Computer, Inc. + 1 Infinite Loop + Cupertino, CA 95014 + + Phone: +1 408 974 1779 + EMail: fair@apple.com + + + Dave Crocker + Silicon Graphics, Inc. + 2011 N. Shoreline Blvd. + Mountain View, CA + 94043-1389 + + Phone: +1 415 390 1804 + EMail: dcrocker@sgi.com + + + Thomas Kessler + Sun Microsystems Inc. + Mail Stop MTV05-44 + 2550 Garcia Ave. + Mountain View, CA 94043 + + Phone: +1 415 336 3145 + EMail: kessler@eng.sun.com + + + + + + + + + + + + +Lear, Fair, Crocker & Kessler [Page 8] + diff --git a/usr.sbin/named/doc/rfc/rfc1637 b/usr.sbin/named/doc/rfc/rfc1637 new file mode 100644 index 00000000000..24f18b736ed --- /dev/null +++ b/usr.sbin/named/doc/rfc/rfc1637 @@ -0,0 +1,619 @@ + + + + + + +Network Working Group B. Manning +Request for Comments: 1637 Rice University +Obsoletes: 1348 R. Colella +Category: Experimental NIST + June 1994 + + + DNS NSAP Resource Records + + +Status of this Memo + + This memo defines an Experimental Protocol for the Internet + community. This memo does not specify an Internet standard of any + kind. Discussion and suggestions for improvement are requested. + Distribution of this memo is unlimited. + +Abstract + + The Internet is moving towards the deployment of an OSI lower layers + infrastructure. This infrastructure comprises the connectionless + network protocol (CLNP) and supporting routing protocols. Also + required as part of this infrastructure is support in the Domain Name + System (DNS) for mapping between names and NSAP addresses. + + This document defines the format of one new Resource Record (RR) for + the DNS for domain name-to-NSAP mapping. The RR may be used with any + NSAP address format. This document supercedes RFC 1348. + + NSAP-to-name translation is accomplished through use of the PTR RR + (see STD 13, RFC 1035 for a description of the PTR RR). This paper + describes how PTR RRs are used to support this translation. + + + + + + + + + + + + + + + + + + + +Manning & Colella [Page 1] + +RFC 1637 DNS NSAP RRs June 1994 + + +1. Introduction + + The Internet is moving towards the deployment of an OSI lower layers + infrastructure. This infrastructure comprises the connectionless + network protocol (CLNP) [6] and supporting routing protocols. Also + required as part of this infrastructure is support in the Domain Name + System (DNS) [8] [9] for mapping between domain names and OSI Network + Service Access Point (NSAP) addresses [7] [Note: NSAP and NSAP + address are used interchangeably throughout this memo]. + + This document defines the format of one new Resource Record (RR) for + the DNS for domain name-to-NSAP mapping. The RR may be used with any + NSAP address format. + + NSAP-to-name translation is accomplished through use of the PTR RR + (see RFC 1035 for a description of the PTR RR). This paper describes + how PTR RRs are used to support this translation. + + This memo assumes that the reader is familiar with the DNS. Some + familiarity with NSAPs is useful; see [2] or [7] for additional + information. + +2. Background + + The reason for defining DNS mappings for NSAPs is to support CLNP in + the Internet. Debugging with CLNP ping and traceroute is becoming + more difficult with only numeric NSAPs as the scale of deployment + increases. Current debugging is supported by maintaining and + exchanging a configuration file with name/NSAP mappings similar in + function to hosts.txt. This suffers from the lack of a central + coordinator for this file and also from the perspective of scaling. + The former is the most serious short-term problem. Scaling of a + hosts.txt-like solution has well-known long-term scaling + difficiencies. + + A second reason for this work is the proposal to use CLNP as an + alternative to IP: "TCP and UDP with Bigger Addresses (TUBA), A + Simple Proposal for Internet Addressing and Routing" [1]. For this to + be practical, the DNS must be capable of supporting CLNP addresses. + +3. Scope + + The methods defined in this paper are applicable to all NSAP formats. + This includes support for the notion of a custom-defined NSAP format + based on an AFI obtained by the IAB for use in the Internet. + + As a point of reference, there is a distinction between registration + and publication of addresses. For IP addresses, the IANA is the root + + + +Manning & Colella [Page 2] + +RFC 1637 DNS NSAP RRs June 1994 + + + registration authority and the DNS a publication method. For NSAPs, + addendum two of the network service definition, ISO8348/Ad2 [7] is + the root registration authority and this memo defines how the DNS is + used as a publication method. + +4. Structure of NSAPs + + NSAPs are hierarchically structured to allow distributed + administration and efficient routing. Distributed administration + permits subdelegated addressing authorities to, as allowed by the + delegator, further structure the portion of the NSAP space under + their delegated control. Accomodating this distributed authority + requires that there be little or no a priori knowledge of the + structure of NSAPs built into DNS resolvers and servers. + + For the purposes of this memo, NSAPs can be thought of as a tree of + identifiers. The root of the tree is ISO8348/Ad2 [7], and has as its + immediately registered subordinates the one-octet Authority and + Format Identifiers (AFIs) defined there. The size of subsequently- + defined fields depends on which branch of the tree is taken. The + depth of the tree varies according to the authority responsible for + defining subsequent fields. + + An example is the authority under which U.S. GOSIP defines NSAPs [3]. + Under the AFI of 47, NIST (National Institute of Standards and + Technology) obtained a value of 0005 (the AFI of 47 defines the next + field as being two octets consisting of four BCD digits from the + International Code Designator space [4]). NIST defined the subsequent + fields in [3], as shown in Figure 1. The field immediately following + 0005 is a format identifier for the rest of the U.S. GOSIP NSAP + structure, with a hex value of 80. Following this is the three-octet + field, values for which are allocated to network operators; the + registration authority for this field is delegated to GSA (General + Services Administration). + + The last octet of the NSAP is the NSelector (NSel). In practice, the + NSAP minus the NSel identifies the CLNP protocol machine on a given + system, and the NSel identifies the CLNP user. Since there can be + more than one CLNP user (meaning multiple NSel values for a given + "base" NSAP), the representation of the NSAP should be CLNP-user + independent. To achieve this, an NSel value of zero shall be used + with all NSAP values stored in the DNS. An NSAP with NSel=0 + identifies the network layer itself. It is left to the application + retrieving the NSAP to determine the appropriate value to use in that + instance of communication. + + + + + + +Manning & Colella [Page 3] + +RFC 1637 DNS NSAP RRs June 1994 + + + |--------------| + | <-- IDP --> | + |--------------|-------------------------------------| + | AFI | IDI | <-- DSP --> | + |-----|--------|-------------------------------------| + | 47 | 0005 | DFI | AA |Rsvd | RD |Area | ID |Sel | + |-----|--------|-----|----|-----|----|-----|----|----| + octets | 1 | 2 | 1 | 3 | 2 | 2 | 2 | 6 | 1 | + |-----|--------|-----|----|-----|----|-----|----|----| + + IDP Initial Domain Part + AFI Authority and Format Identifier + IDI Initial Domain Identifier + DSP Domain Specific Part + DFI DSP Format Identifier + AA Administrative Authority + Rsvd Reserved + RD Routing Domain Identifier + Area Area Identifier + ID System Identifier + SEL NSAP Selector + + Figure 1: GOSIP Version 2 NSAP structure. + + + When CLNP is used to support TCP and UDP services, the NSel value + used is the appropriate IP PROTO value as registered with the IANA. + For "standard" OSI, the selection of NSel values is left as a matter + of local administration. Administrators of systems that support the + OSI transport protocol [5] in addition to TCP/UDP must select NSels + for use by OSI Transport that do not conflict with the IP PROTO + values. + + In the NSAP RRs in Master Files and in the printed text in this memo, + NSAPs are often represented as a string of "."-separated hex values. + The values correspond to convenient divisions of the NSAP to make it + more readable. For example, the "."-separated fields might correspond + to the NSAP fields as defined by the appropriate authority (ISOC, + RARE, U.S. GOSIP, ANSI, etc.). The use of this notation is strictly + for readability. The "."s do not appear in DNS packets and DNS + servers can ignore them when reading Master Files. For example, a + printable representation of the first four fields of a U.S. GOSIP + NSAP might look like + + 47.0005.80.005a00 + + + + + + +Manning & Colella [Page 4] + +RFC 1637 DNS NSAP RRs June 1994 + + + and a full U.S. GOSIP NSAP might appear as + + 47.0005.80.005a00.0000.1000.0020.00800a123456.00. + + Other NSAP formats have different lengths and different + administratively defined field widths to accomodate different + requirements. For more information on NSAP formats in use see RFC + 1629 [2]. + +5. The NSAP RR + + The NSAP RR is defined with mnemonic "NSAP" and TYPE code 22 + (decimal) and is used to map from domain names to NSAPs. Name-to-NSAP + mapping in the DNS using the NSAP RR operates analogously to IP + address lookup. A query is generated by the resolver requesting an + NSAP RR for a provided domain name. + + NSAP RRs conform to the top level RR format and semantics as defined + in Section 3.2.1 of RFC 1035. + + 1 1 1 1 1 1 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | | + / / + / NAME / + | | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | TYPE = NSAP | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | CLASS = IN | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | TTL | + | | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | RDLENGTH | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + / RDATA / + / / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + + where: + + * NAME: an owner name, i.e., the name of the node to which this + resource record pertains. + + * TYPE: two octets containing the NSAP RR TYPE code of 22 (decimal). + + + + +Manning & Colella [Page 5] + +RFC 1637 DNS NSAP RRs June 1994 + + + * CLASS: two octets containing the RR IN CLASS code of 1. + + * TTL: a 32 bit signed integer that specifies the time interval in + seconds that the resource record may be cached before the source + of the information should again be consulted. Zero values are + interpreted to mean that the RR can only be used for the + transaction in progress, and should not be cached. For example, + SOA records are always distributed with a zero TTL to prohibit + caching. Zero values can also be used for extremely volatile data. + + * RDLENGTH: an unsigned 16 bit integer that specifies the length in + octets of the RDATA field. + + * RDATA: a variable length string of octets containing the NSAP. + The value is the binary encoding of the NSAP as it would appear in + the CLNP source or destination address field. A typical example of + such an NSAP (in hex) is shown below. For this NSAP, RDLENGTH is + 20 (decimal); "."s have been omitted to emphasize that they don't + appear in the DNS packets. + + 39840f80005a0000000001e13708002010726e00 + +5.1 Additional Section Processing + + [The specification in this section is necessary for completeness in + describing name server support for TUBA. For the time being, name + servers participating in TUBA demonstrations MAY ELECT to implement + this behavior; it SHOULD NOT be the default behavior of name servers + because the IPng sweepstakes are still outstanding and further + consideration is required for truncation and other issues.] + + RFC 1035 describes the additional section processing (ASP) required + when servers encounter NS records during query processing. From + Section 3.3.11, "NS RDATA format": + + NS records cause both the usual additional section processing to + locate a type A record, and, when used in a referral, a special + search of the zone in which they reside for glue information. + + For TUBA, identical ASP is required on type NSAP records to support + servers and resolvers that use CLNP, either because of preference or + because it is the only internetworking protocol available (i.e., in + the absense of IPv4). Thus, NS records cause ASP which locates a type + NSAP record in addition to a type A record. Both type A and NSAP + records should be returned, if available. + + + + + + +Manning & Colella [Page 6] + +RFC 1637 DNS NSAP RRs June 1994 + + +6. NSAP-to-name Mapping Using the PTR RR + + The PTR RR is defined in RFC 1035. This RR is typically used under + the "IN-ADDR.ARPA" domain to map from IPv4 addresses to domain names. + + Similarly, the PTR RR is used to map from NSAPs to domain names under + the "NSAP.INT" domain. A domain name is generated from the NSAP + according to the rules described below. A query is sent by the + resolver requesting a PTR RR for the provided domain name. + + A domain name is generated from an NSAP by reversing the hex nibbles + of the NSAP, treating each nibble as a separate subdomain, and + appending the top-level subdomain name "NSAP.INT" to it. For example, + the domain name used in the reverse lookup for the NSAP + + 47.0005.80.005a00.0000.0001.e133.ffffff000162.00 + + would appear as + + 0.0.2.6.1.0.0.0.f.f.f.f.f.f.3.3.1.e.1.0.0.0.0.0.0.0.0.0.a.5.0.0. \ + 0.8.5.0.0.0.7.4.NSAP.INT. + + [Implementation note: For sanity's sake user interfaces should be + designed to allow users to enter NSAPs using their natural order, + i.e., as they are typically written on paper. Also, arbitrary "."s + should be allowed (and ignored) on input.] + +7. Master File Format + + The format of NSAP RRs (and NSAP-related PTR RRs) in Master Files + conforms to Section 5, "Master Files," of RFC 1035. Below are + examples of the use of these RRs in Master Files to support name-to- + NSAP and NSAP-to-name mapping. + + The NSAP RR introduces a new hex string format for the RDATA field. + The format is "0x" (i.e., a zero followed by an 'x' character) + followed by a variable length string of hex characters (0 to 9, a to + f). The hex string is case-insensitive. "."s (i.e., periods) may be + inserted in the hex string anywhere after the "0x" for readability. + The "."s have no significance other than for readability and are not + propagated in the protocol (e.g., queries or zone transfers). + + + + + + + + + + +Manning & Colella [Page 7] + +RFC 1637 DNS NSAP RRs June 1994 + + + ;;;;;; + ;;;;;; Master File for domain nsap.nist.gov. + ;;;;;; + + + @ IN SOA emu.ncsl.nist.gov. root.emu.ncsl.nist.gov. ( + 1994041800 ; Serial - date + 1800 ; Refresh - 30 minutes + 300 ; Retry - 5 minutes + 604800 ; Expire - 7 days + 3600 ) ; Minimum - 1 hour + IN NS emu.ncsl.nist.gov. + IN NS tuba.nsap.lanl.gov. + ; + ; + $ORIGIN nsap.nist.gov. + ; + ; hosts + ; + bsdi1 IN NSAP 0x47.0005.80.005a00.0000.0001.e133.ffffff000161.00 + IN A 129.6.224.161 + IN HINFO PC_486 BSDi1.1(TUBA) + ; + bsdi2 IN NSAP 0x47.0005.80.005a00.0000.0001.e133.ffffff000162.00 + IN A 129.6.224.162 + IN HINFO PC_486 BSDi1.1(TUBA) + ; + cursive IN NSAP 0x47.0005.80.005a00.0000.0001.e133.ffffff000171.00 + IN A 129.6.224.171 + IN HINFO PC_386 DOS_5.0/NCSA_Telnet(TUBA) + ; + infidel IN NSAP 0x47.0005.80.005a00.0000.0001.e133.ffffff000164.00 + IN A 129.6.55.164 + IN HINFO PC/486 BSDi1.0(TUBA) + ; + ; routers + ; + cisco1 IN NSAP 0x47.0005.80.005a00.0000.0001.e133.aaaaaa000151.00 + IN A 129.6.224.151 + IN A 129.6.225.151 + IN A 129.6.229.151 + ; + 3com1 IN NSAP 0x47.0005.80.005a00.0000.0001.e133.aaaaaa000111.00 + IN A 129.6.224.111 + IN A 129.6.225.111 + IN A 129.6.228.111 + + + + + +Manning & Colella [Page 8] + +RFC 1637 DNS NSAP RRs June 1994 + + + ;;;;;; + ;;;;;; Master File for reverse mapping of NSAPs under the + ;;;;;; NSAP prefix: + ;;;;;; + ;;;;;; 47.0005.80.005a00.0000.0001.e133 + ;;;;;; + + + @ IN SOA emu.ncsl.nist.gov. root.emu.ncsl.nist.gov. ( + 1994041800 ; Serial - date + 1800 ; Refresh - 30 minutes + 300 ; Retry - 5 minutes + 604800 ; Expire - 7 days + 3600 ) ; Minimum - 1 hour + IN NS emu.ncsl.nist.gov. + IN NS tuba.nsap.lanl.gov. + ; + ; + $ORIGIN 3.3.1.e.1.0.0.0.0.0.0.0.0.0.a.5.0.0.0.8.5.0.0.0.7.4.NSAP.INT. + ; + 0.0.1.6.1.0.0.0.f.f.f.f.f.f IN PTR bsdi1.nsap.nist.gov. + ; + 0.0.2.6.1.0.0.0.f.f.f.f.f.f IN PTR bsdi2.nsap.nist.gov. + ; + 0.0.1.7.1.0.0.0.f.f.f.f.f.f IN PTR cursive.nsap.nist.gov. + ; + 0.0.4.6.1.0.0.0.f.f.f.f.f.f IN PTR infidel.nsap.nist.gov. + ; + 0.0.1.5.1.0.0.0.a.a.a.a.a.a IN PTR cisco1.nsap.nist.gov. + ; + 0.0.1.1.1.0.0.0.a.a.a.a.a.a IN PTR 3com1.nsap.nist.gov. + +8. Security Considerations + + Security issues are not discussed in this memo. + + + + + + + + + + + + + + + + +Manning & Colella [Page 9] + +RFC 1637 DNS NSAP RRs June 1994 + + +9. Authors' Addresses + + Bill Manning + Rice University -- ONCS + P.O. Box 1892 + 6100 South Main + Houston, Texas 77251-1892 + USA + + Phone: +1.713.285.5415 + EMail: bmanning@rice.edu + + + Richard Colella + National Institute of Standards and Technology + Technology/B217 + Gaithersburg, MD 20899 + USA + + Phone: +1 301-975-3627 + Fax: +1 301 590-0932 + EMail: colella@nist.gov + +10. References + + [1] Callon R., "TCP and UDP with Bigger Addresses (TUBA), A Simple + Proposal for Internet Addressing and Routing", RFC 1347, DEC, + June 1992. + + [2] Colella, R., Gardner, E., Callon, R., and Y. Rekhter, "Guidelines + for OSI NSAP Allocation inh the Internet", RFC 1629, NIST, + Wellfleet, Mitre, T.J. Watson Research Center, IBM Corp., May + 1994. + + [3] GOSIP Advanced Requirements Group. Government Open Systems + Interconnection Profile (GOSIP) Version 2. Federal Information + Processing Standard 146-1, U.S. Department of Commerce, National + Institute of Standards and Technology, Gaithersburg, MD, April + 1991. + + [4] ISO/IEC. Data interchange - structures for the identification of + organization. International Standard 6523, ISO/IEC JTC 1, + Switzerland, 1984. + + [5] ISO/IEC. Connection oriented transport protocol specification. + International Standard 8073, ISO/IEC JTC 1, Switzerland, 1986. + + + + + +Manning & Colella [Page 10] + +RFC 1637 DNS NSAP RRs June 1994 + + + [6] ISO/IEC. Protocol for Providing the Connectionless-mode Network + Service. International Standard 8473, ISO/IEC JTC 1, + Switzerland, 1986. + + [7] ISO/IEC. Information Processing Systems -- Data Communications -- + Network Service Definition Addendum 2: Network Layer Addressing. + International Standard 8348/Addendum 2, ISO/IEC JTC 1, + Switzerland, 1988. + + [8] Mockapetris, P., "Domain Names -- Concepts and Facilities", STD + 13, RFC 1034, USC/Information Sciences Institute, November 1987. + + [9] Mockapetris, P., "Domain Names -- Implementation and + Specification", STD 13, RFC 1035, USC/Information Sciences + Institute, November 1987. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Manning & Colella [Page 11] + diff --git a/usr.sbin/named/doc/rfc/rfc1713 b/usr.sbin/named/doc/rfc/rfc1713 new file mode 100644 index 00000000000..7562454e615 --- /dev/null +++ b/usr.sbin/named/doc/rfc/rfc1713 @@ -0,0 +1,731 @@ + + + + + + +Network Working Group A. Romao +Request for Comments: 1713 FCCN +FYI: 27 November 1994 +Category: Informational + + + Tools for DNS debugging + +Status of this Memo + + This memo provides information for the Internet community. This memo + does not specify an Internet standard of any kind. Distribution of + this memo is unlimited. + +Abstract + + Although widely used (and most of the times unnoticed), DNS (Domain + Name System) is too much overlooked, in the sense that people, + especially administrators, tend to ignore possible anomalies as long + as applications that need name-to-address mapping continue to work. + This document presents some tools available for domain administrators + to detect and correct those anomalies. + +1. Introduction + + Today more than 3,800,000 computers are inter-connected in a global + Internet [1], comprising several millions of end-users, able to reach + any of those machines just by naming it. This facility is possible + thanks to the world widest distributed database, the Domain Name + System, used to provide distributed applications various services, + the most notable one being translating names into IP addresses and + vice-versa. This happens when you do an FTP or Telnet, when your + gopher client follows a link to some remote server, when you click on + a hypertext item and have to reach a server as defined by the URL, + when you talk to someuser@some.host, when your mail has to be routed + through a set to gateways before it reaches the final recipient, when + you post an article to Usenet and want it propagated all over the + world. While these may be the most visible uses of DNS, a lot more + applications rely on this system to operate, e.g., network security, + monitoring and accounting tools, just to mention a few. + + DNS owes much of its success to its distributed administration. Each + component (called a zone, the same as a domain in most cases), is + seen as an independent entity, being responsible for what happens + inside its domain of authority, how and what information changes and + for letting the tree grow downwards, creating new components. + + + + + +Romao [Page 1] + +RFC 1713 Tools for DNS debugging November 1994 + + + On the other hand, many inconsistencies arise from this distributed + nature: many administrators make mistakes in the way they configure + their domains and when they delegate authority to sub-domains; many + of them don't even know how to do these things properly, letting + problems last and propagate. Also, many problems occur due to bad + implementations of both DNS clients and servers, especially very old + ones, either by not following the standards or by being error prone, + creating or allowing many of the above problems to happen. + + All these anomalies make DNS less efficient than it could be, causing + trouble to network operations, thus affecting the overall Internet. + This document tries to show how important it is to have DNS properly + managed, including what is already in place to help administrators + taking better care of their domains. + +2. DNS debugging + + To help finding problems in DNS configurations and/or implementations + there is a set of tools developed specifically for this purpose. + There is probably a lot of people in charge of domain administration + having no idea of these tools (and, worse, not aware of the anomalies + that may exist in their configurations). What follows is a + description of some of these programs, their scope, motivations and + availability, and is hoped to serve as an introduction to the subject + of DNS debugging, as well as a guide to those who are looking for + something to help them finding out how healthy their domains and + servers are. + + Some prior knowledge from the reader is assumed, both on DNS basics + and some other tools (e.g., dig and nslookup), which are not analyzed + in detail here; hopefully they are well-known enough from daily + usage. + +2.1. Host + + Host is a program used to retrieve DNS information from name servers. + This information may be used simply to get simple things like + address-to-name mapping, or some more advanced purposes, e.g., + performing sanity checks on the data. It was created at Rutgers + University, but then Eric Wassenaar from Nikhef did a major rewrite + and still seems to be actively working on improving it. The program + is available from ftp://ftp.nikhef.nl/pub/network/host_YYMMDD.tar.Z + (YYMMDD is the date of the latest release). + + By default, host just maps host names to Internet addresses, querying + the default servers or some specific one. It is possible, though, to + get any kind of data (resource records) by specifying different query + types and classes and asking for verbose or debugging output, from + + + +Romao [Page 2] + +RFC 1713 Tools for DNS debugging November 1994 + + + any name server. You can also control several parameters like + recursion, retry times, timeouts, use of virtual circuits vs. + datagrams, etc., when talking to name servers. This way you can + simulate a resolver behavior, in order to find any problems + associated with resolver operations (which is to say, any application + using the resolver library). As a query program it may be as + powerful as others like nslookup or dig. + + As a debugger, host analyzes some set of the DNS space (e.g., an + entire zone) and produces reports with the results of its operation. + To do this, host first performs a zone transfer, which may be + recursive, getting information from a zone and all its sub-zones. + This data is then analyzed as requested by the arguments given on the + command line. Note that zone transfers are done by contacting + authoritative name servers for that zone, so it must be possible to + make this kind of request from such servers: some of them refuse zone + transfers (except from secondaries) to avoid congestion. + + With host you may look for anomalies like those concerning authority + (e.g., lame delegations, described below) or some more exotic cases + like extrazone hosts (a host of the form host.some.dom.ain, where + some.dom.ain is not a delegated zone of dom.ain). These errors are + produced upon explicit request on the command line, but you may get a + variety of other error messages as a result of host's operations, + something like secondary effects. These may be mere warnings (which + may be suppressed) or serious errors - in fact, warning messages are + not that simple, most of them are due to misconfigured zones, so it + might not be a good idea to just ignore them. + + Error messages have to do with serious anomalies, either with the + packets exchanged with the queried servers (size errors, invalid + ancounts, nscounts and the like), or others related to the DNS + information itself (also called "status messages" in the program's + documentation): inconsistencies between SOA records as shown by + different servers for a domain, unexpected address-to-name mappings, + name servers not responding, not reachable, not running or not + existing at all, and so on. + + Host performs all its querying on-line, i.e., it only works with data + received from name servers, which means you have to query a name + server more than once if you want to get different kinds of reports + on some particular piece of data. You can always arrange arguments + in such a way that you get all information you want by running it + once, but if you forget something or for any reason have to run it + again, this means extra zone transfers, extra load on name servers, + extra DNS traffic. + + + + + +Romao [Page 3] + +RFC 1713 Tools for DNS debugging November 1994 + + + Host is an excellent tool, if used carefully. Like most other + querying programs it may generate lots of traffic, just by issuing a + simple command. Apart from that, its resolver simulation and debug + capabilities make it useful to find many common and some not so + common DNS configuration errors, as well as generate useful reports + and statistics about the DNS tree. As an example, RIPE (Reseaux IP + Europeens) NCC uses it to generate a monthly european hostcount, + giving an overview of the Internet usage evolution in Europe. Along + with these counts, error reports are generated, one per country, and + the whole information is made available in the RIPE archive. + +2.2. Dnswalk + + Dnswalk is a DNS debugger written in Perl by David Barr, from + Pennsylvania State University. You'll find the latest version at + ftp://ftp.pop.psu.edu/pub/src/dnswalk. With the software comes a + small document where the author points some useful advice so it may + be worth reading it. + + The program checks domain configurations stored locally, with data + arranged hierarchically in directories, resembling the DNS tree + organization of domains. To set up this information dnswalk may + first perform zone transfers from authoritative name servers. You can + have a recursive transfer of a domain and its sub-domains, though you + should be careful when doing this, as it may generate a great amount + of traffic. If the data is already present, dnswalk may skip these + transfers, provided that it is up to date. + + Dnswalk looks for inconsistencies in resource records, such as MX and + aliases pointing to aliases or to unknown hosts, incoherent PTR, A + and CNAME records, invalid characters in names, missing trailing + dots, unnecessary glue information, and so on. It also does some + checking on authority information, namely lame delegations and + domains with only one name server. It is easy to use, you only have + to specify the domain to analyze and some optional parameters and the + program does the rest. Only one domain (and its sub-domains, if + that's the case) can be checked at a time, though. + + While in the process of checking data, dnswalk uses dig and resolver + routines (gethostbyXXXX from the Perl library) a lot, to get such + data as authority information from the servers of the analyzed + domains, names from IP addresses so as to verify the existence of PTR + records, aliases and so on. So, besides the zone transfers you may + count on some more extra traffic (maybe not negligible if you are + debugging a relatively large amount of data and care about query + retries and timeouts), just by running the program. + + + + + +Romao [Page 4] + +RFC 1713 Tools for DNS debugging November 1994 + + +2.3. Lamers + + A lame delegation is a serious error in DNS configurations, yet a + (too) common one. It happens when a name server is listed in the NS + records for some domain and in fact it is not a server for that + domain. Queries are thus sent to the wrong servers, who don't know + nothing (at least not as expected) about the queried domain. + Furthermore, sometimes these hosts (if they exist!) don't even run + name servers. As a result, queries are timed out and resent, only to + fail, thus creating (more) unnecessary traffic. + + It's easy to create a lame delegation: the most common case happens + when an administrator changes the NS list for his domain, dropping + one or more servers from that list, without informing his parent + domain administration, who delegated him authority over the domain. + From now on the parent name server announces one or more servers for + the domain, which will receive queries for something they don't know + about. (On the other hand, servers may be added to the list without + the parent's servers knowing, thus hiding valuable information from + them - this is not a lame delegation, but shouldn't happen either.) + Other examples are the inclusion of a name in an NS list without + telling the administrator of that host, or when a server suddenly + stops providing name service for a domain. + + To detect and warn DNS administrators all over the world about this + kind of problem, Bryan Beecher from University of Michigan wrote + lamers, a program to analyze named (the well-known BIND name server) + logging information [2]. To produce useful logs, named was applied a + patch to detect and log lame delegations (this patch was originally + written by Don Lewis from Silicon Systems and is now part of the + latest release of BIND thanks to Bryan Beecher, so it is expected to + be widely available in the near future). Lamers is a small shell + script that simply scans these logs and reports the lame delegations + found. This reporting is done by sending mail to the hostmasters of + the affected domains, as stated in the SOA record for each of them. + If this is not possible, the message is sent to the affected name + servers' postmasters instead. Manual processing is needed in case of + bounces, caused by careless setup of those records or invalid + postmaster addresses. A report of the errors found by the U-M + servers is also posted twice a month on the USENET newsgroup + comp.protocols.tcp-ip.domains. + + If you ever receive such a report, you should study it carefully in + order to find and correct problems in your domain, or see if your + servers are being affected by the spreading of erroneous information. + Better yet, lamers could be run on your servers to detect more lame + delegations (U-M can't see them all!). Also, if you receive mail + reporting a lame delegation affecting your domain or some of your + + + +Romao [Page 5] + +RFC 1713 Tools for DNS debugging November 1994 + + + hosts, please don't just ignore it or flame the senders. They're + really trying to help! + + You can get lamers from ftp://terminator.cc.umich.edu/dns/lame- + delegations. + +2.4. DOC + + Authority information is one of the most significant parts of the DNS + data, as the whole mechanism depends on it to correctly traverse the + domain tree. Incorrect authority information leads to problems such + as lame delegations or even, in extreme cases, the inaccessibility of + a domain. Take the case where the information given about all its + name servers is incorrect: being unable to contact the real servers + you may end up being unable to reach anything inside that domain. + This may be exaggerated, but if you're on the DNS business long + enough you've probably have seen some enlightened examples of this + scenario. + + To look for this kind of problems Paul Mockapetris and Steve Hotz, + from the Information Sciences Institute, wrote a C-shell script + called DOC (Domain Obscenity Control), an automated domain testing + tool that uses dig to query the appropriate name servers about + authority for a domain and analyzes the responses. + + DOC limits its analysis to authority data since the authors + anticipated that people would complain about such things as invasion + of privacy. Also, at the time it was written most domains were so + messy that they thought there wouldn't be much point in checking + anything deeper until the basic problems weren't fixed. + + Only one domain is analyzed each time: the program checks if all the + servers for the parent domain agree about the delegation information + for the domain. DOC then picks a list of name servers for the domain + (obtained from one of the parent's servers) and starts checking on + their information, querying each of them: looks for the SOA record, + checks if the response is authoritative, compares the various records + retrieved, gets each one's list of NS, compares the lists (both among + these servers and the parent's), and for those servers inside the + domain the program looks for PTR records for them. + + Due to several factors, DOC seems to have frozen since its first + public release, back in 1990. Within the distribution there is an + RFC draft about automated domain testing, which was never published. + Nevertheless, it may provide useful reading. The software can be + fetched from ftp://ftp.uu.net/networking/ip/dns/doc.2.0.tar.Z. + + + + + +Romao [Page 6] + +RFC 1713 Tools for DNS debugging November 1994 + + +2.5. DDT + + DDT (Domain Debug Tools) is a package of programs to scan DNS + information for error detection, developed originally by Jorge Frazao + from PUUG - Portuguese UNIX Users Group and later rewritten by the + author, at the time at the Faculty of Sciences of University of + Lisbon. Each program is specialized in a given set of anomalies: you + have a checker for authority information, another for glue data, mail + exchangers, reverse-mappings and miscellaneous errors found in all + kinds of resource records. As a whole, they do a rather extensive + checking on DNS configurations. + + These tools work on cached DNS data, i.e., data stored locally after + performing zone transfers (presently done by a slightly modified + version of BIND's named-xfer, called ddt-xfer, which allows recursive + transfers) from the appropriate servers, rather than querying name + servers on-line each time they run. This option was taken for + several reasons [3]: (1) efficiency, since it reads data from disk, + avoiding network transit delays, (2) reduced network traffic, data + has to be fetched only once and then run the programs over it as many + times as you wish and (3) accessibility - in countries with limited + Internet access, as was the case in Portugal by the time DDT was in + its first stages, this may be the only practical way to use the + tools. + + Point (2) above deserves some special considerations: first, it is + not entirely true that there aren't additional queries while + processing the information, one of the tools, the authority checker, + queries (via dig) each domain's purported name servers in order to + test the consistency of the authority information they provide about + the domain. Second, it may be argued that when the actual tests are + done the information used may be out of date. While this is true, + you should note that this is the DNS nature, if you obtain some piece + of information you can't be sure that one second later it is still + valid. Furthermore, if your source was not the primary for the + domain then you can't even be sure of the validity in the exact + moment you got it in the first place. But experience shows that if + you see an error, it is likely to be there in the next version of the + domain information (and if it isn't, nothing was lost by having + detected it in the past). On the other side, of course there's + little point in checking one month old data... + + The list of errors looked for includes lame delegations, version + number mismatches between servers (this may be a transient problem), + non-existing servers, domains with only one server, unnecessary glue + information, MX records pointing to hosts not in the analyzed domain + (may not be an error, it's just to point possibly strange or + expensive mail-routing policies), MX records pointing to aliases, A + + + +Romao [Page 7] + +RFC 1713 Tools for DNS debugging November 1994 + + + records without the respective PTR and vice-versa, missing trailing + dots, hostnames with no data (A or CNAME records), aliases pointing + to aliases, and some more. Given the specialized nature of each + tool, it is possible to look for a well defined set of errors, + instead of having the data analyzed in all possible ways. + + Except for ddt-xfer, all the programs are written in Perl. A new + release may come into existence in a near future, after a thorough + review of the methods used, the set of errors checked for and some + bug fixing (in particular, a Perl version of ddt-xfer is expected). + In the mean time, the latest version is available from + ftp://ns.dns.pt/pub/dns/ddt-2.0.1.tar.gz. + +2.6. The Checker Project + + The problem of the huge amount of DNS traffic over the Internet is + getting researchers close attention for quite some time, mainly + because most of it is unnecessary. Observations have shown that DNS + consumes something like twenty times more bandwidth than it should + [4]. Some causes for this undoubtedly catastrophic scenario lie on + deficient resolver and name server implementations spread all over + the world, from personal to super-computers, running all sorts of + operating systems. + + While the panacea is yet to be found (claims are made that the latest + official version of BIND is a great step forward [5]), work has been + done in order to identify sources of anomalies, as a first approach + in the search for a solution. The Checker Project is one such + effort, developed at the University of Southern California [6]. It + consists of a set of C code patched into BIND's named, for monitoring + server activity, building a database with the history of that + operation (queries and responses). It is then possible to generate + reports from the database summarizing activity and identifying + behavioral patterns from client requests, looking for anomalies. The + named code alteration is small and simple unless you want do have PEC + checking enabled (see below). You may find sources and documentation + at ftp://catarina.usc.edu/pub/checker. + + Checker only does this kind of collection and reporting, it does not + try to enforce any rules on the administrators of the defective sites + by any means whatsoever. Authors hope that the simple exhibition of + the evidences is a reason strong enough for those administrators to + have their problems fixed. + + An interesting feature is PEC (proactive error checking): the server + pretends to be unresponsive for some queries by randomly choosing + some name and start refusing replies for queries on that name during + a pre-determined period. Those queries are recorded, though, to try + + + +Romao [Page 8] + +RFC 1713 Tools for DNS debugging November 1994 + + + to reason about the retry and timeout schemes used by name servers + and resolvers. It is expected that properly implemented clients will + choose another name server to query, while defective ones will keep + on trying with the same server. This feature seems to be still under + testing as it is not completely clear yet how to interpret the + results. A PEC-only error checker is available from USC that is much + simpler than the full error checker. It examines another name server + client every 30 minutes to see if this client causes excessive load. + + Presently Checker has been running on a secondary for the US domain + for more than a year with little trouble. Authors feel confident it + should run on any BSD platform (at least SunOS) without problems, and + is planned to be included as part of the BIND name server. + + Checker is part of a research project lead by Peter Danzig from USC, + aimed to implement probabilistic error checking mechanisms like PEC + on distributed systems [7]. DNS is one such system and it was chosen + as the platform for testing the validity of these techniques over the + NSFnet. It is hoped to achieve enough knowledge to provide means to + improve performance and reliability of distributed systems. + Anomalies like undetected server failures, query loops, bad + retransmission backoff algorithms, misconfigurations and resubmission + of requests after negative replies are some of the targets for these + checkers to detect. + +2.7. Others + + All the tools described above are the result of systematic work on + the issue of DNS debugging, some of them included in research + projects. For the sake of completeness several other programs are + mentioned here. These, though just as serious, seem to have been + developed in a somewhat ad-hoc fashion, without an implicit intention + of being used outside the environments where they were born. This + impression is, of course, arguable, nevertheless there was no + necessity of dedicating an entire section to any of them. This + doesn't mean they are not valuable contributions, in some cases they + may be just what you are looking for, without having to install a + complete package to do some testings on your domain. + + The reference taken was the contrib directory in the latest BIND + distribution (where some of the above programs can also be found). + There you will find tools for creating your DNS configuration files + and NIS maps from /etc/hosts and vice-versa or generate PTR from A + records (these things may be important as a means of avoiding common + typing errors and inconsistencies between those tables), syntax + checkers for zone files, programs for querying and monitoring name + servers, all the small programs presented in [8], and more. It is + worth spending some time looking at them, maybe you'll find that + + + +Romao [Page 9] + +RFC 1713 Tools for DNS debugging November 1994 + + + program you were planning to write yourself. The latest public + version of BIND can be found at + ftp://gatekeeper.dec.com/pub/misc/vixie/4.9.2-940221.tar.gz. As of + this writing BIND-4.9.3 is in its final beta stages and a public + release is expected soon, also at gatekeeper.dec.com. + + You may also want to consider using a version control system like + SCCS or RCS to maintain your configuration files consistent through + updates, or use tools like M4 macros to generate those files. As + stated above, it's important to avoid human-generated errors, + creating problems that are difficult to track down, since they're + often hidden behind some mistyped name. Errors like this may end up + in many queries for a non-existing name, just to mention the less + serious kind. See [9] for a description of the most common errors + made while configuring domains. + +3. Why look after DNS? + + Several pieces of software were presented to help people administer + and debug their name services. They exhibit many differences in + their way of doing things, scope and requirements and it may be + difficult just to choose one of them to work with. For one thing, + people's expectations from these tools vary according to their kind + of involvement with DNS. If you are responsible for a big domain, + e.g., a top-level one or a big institution with many hosts and sub- + domains, you probably want to see how well is the tree below your + node organized, since the consequences of errors tend to propagate + upwards, thus affecting your own domain and servers. For that you + need some program that recursively descends the domain tree and + analyzes each domain per se and the interdependencies between them + all. You will have to consider how deep you want your analysis to + be, the effects it will have on the network infrastructure, i.e., + will it generate traffic only inside a campus network, no matter how + big it is, or will it be spread over, say, a whole country (of + course, your kind of connectivity plays an important role here). + + You may simply want to perform some sanity checks on your own domain, + without any further concerns. Or you may want to participate in some + kind of global effort to monitor name server traffic, either for + research purposes or just to point out the "trouble-queries" that + flow around. + + Whatever your interest may be, you can almost surely find a tool to + suit it. Eliminating problems like those described in this document + is a major contribution for the efficiency of an important piece of + the Internet mechanism. Just to have an idea of this importance, + think of all the applications that depend on it, not just to get + addresses out of names. Many systems rely on DNS to store, retrieve + + + +Romao [Page 10] + +RFC 1713 Tools for DNS debugging November 1994 + + + and spread the information they need: Internet electronic mail was + already mentioned (see [10] for details) and work is in progress to + integrate X.400 operations with DNS [11]; others include "remote + printing" services [12], distributed file systems and network routing + purposes, among others. These features may be accomplished by some + standard, well-known resource records [13], or by new, experimental + ones [14, 15]. Even if some of them won't succeed, one may well + expect some more load on the DNS burden. + + The ubiquitous DNS thus deserves a great deal of attention, perhaps + much more than it generally has. One may say that it is a victim of + its own success: if a user triggers an excessive amount of queries + only to have one request satisfied, he won't worry about it (in fact, + he won't notice it), won't complain to his system administrator, and + things will just go on like this. Of course, DNS was designed to + resist and provide its services despite all these anomalies. But by + doing so it is frequently forgotten, as long as people can Telnet or + ftp. As DNS will be given new responsibilities, as pointed in the + above paragraph, the problems described in this text will grow more + serious and new ones may appear (notably security ones [16], with a + lot of work being presently in progress addressing security in DNS), + if nothing is done to purge them. + +References + + [1] Lottor, M., "Internet Domain Survey, October 1994", + http://www.nw.com/zone/WWW/report.html, October 1994. + + [2] Beecher, B., "Dealing With Lame Delegations", Univ. Michigan, + LISA VI, October 1992. + + [3] Frazao, J. and J. L. Martins, "Ddt - Domain Debug Tools, A + Package to Debug the DNS Tree", Dept. Informatica Faculdade + Ciencias Univ. Lisboa, DI-FCUL-1992-04, January 1992. + + [4] Danzig, P., "Probabilistic Error Checkers: Fixing DNS", Univ. + Southern California, Technical Report, February 1992. + + [5] Kumar, A., J. Postel, C. Neuman, P. Danzig and S. Miller, "Common + DNS Implementation Errors and Suggested Fixes", RFC 1536, + USC/Information Sciences Institute, October 1993. + + [6] Miller, S. and P. Danzig, "The Checker Project, Installation and + Operator's Manual", Univ. Southern California, TR CS94-560, 1994. + + [7] Danzig, P., K. Obraczka and A. Kumar, "An Analisys of Wide-Area + Name Server Traffic", Univ. Southern California, TR 92-504, 1992. + + + + +Romao [Page 11] + +RFC 1713 Tools for DNS debugging November 1994 + + + [8] Albitz, P. and C. Liu, "DNS and BIND", O'Reilly and Associates + Inc., October 1992. + + [9] Beertema, P., "Common DNS Data File Configuration Errors", RFC + 1537, CWI, October 1993. + + [10] Partridge, C., "Mail Routing and the Domain System", STD 14, RFC + 974, CSNET CIC BBN Laboratories Inc., January 1986. + + [11] Allocchio, C., A. Bonito, B. Cole, S. Giordano and R. Hagens, + "Using the Internet DNS to Distribute RFC1327 Mail Address + Mapping Tables", RFC 1664, GARR, Cisco Systems Inc., Centro + Svizzero Calcolo Scientifico, ANS, August 1994. + + [12] Malamud, C. and M. Rose, "Principles of Operation for the TPC.INT + Subdomain: General Principles and Policy", RFC 1530, Internet + Multicasting Service, Dover Beach Consulting Inc., October 1993. + + [13] Rosenbaum, R., "Using the Domain Name System to Store Arbitrary + String Attributes", RFC 1464, Digital Equipment Corporation, May + 1993. + + [14] Everhart, C., L. Mamakos, R. Ullmann and P. Mockapetris (Ed.), + "New DNS RR Definitions", RFC 1183, Transarc, Univ. Maryland, + Prime Computer, Information Sciences Institute, October 1990. + + [15] Manning, B., and R. Colella, "DNS NSAP Resource Records", RFC + 1706, USC/Information Sciences Institute, NIST, October 1994. + + [16] Gavron, E., "A Security Problem and Proposed Correction With + Widely Deployed DNS Software", RFC 1535, ACES Research Inc., + October 1993 + + + + + + + + + + + + + + + + + + + +Romao [Page 12] + +RFC 1713 Tools for DNS debugging November 1994 + + +Security Considerations + + Security issues are not discussed in this memo (although security is + briefly mentioned at the end of section 3). + +Author's Address + + Artur Romao + DI - Faculdade de Ciencias e Tecnologia + Universidade Nova de Lisboa + Quinta da Torre + P-2825 Monte de Caparica + Portugal + + Phone: +351 1 294 28 44 + Fax: +351 1 295 77 86 + EMail: artur@fct.unl.pt + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Romao [Page 13] + diff --git a/usr.sbin/named/doc/rfc/rfc1794 b/usr.sbin/named/doc/rfc/rfc1794 new file mode 100644 index 00000000000..53a98472fb3 --- /dev/null +++ b/usr.sbin/named/doc/rfc/rfc1794 @@ -0,0 +1,395 @@ + + + + + + +Network Working Group T. Brisco +Request for Comments: 1794 Rutgers University +Category: Informational April 1995 + + + DNS Support for Load Balancing + +Status of this Memo + + This memo provides information for the Internet community. This memo + does not specify an Internet standard of any kind. Distribution of + this memo is unlimited. + +1. Introduction + + This RFC is meant to first chronicle a foray into the IETF DNS + Working Group, discuss other possible alternatives to + provide/simulate load balancing support for DNS, and to provide an + ultimate, flexible solution for providing DNS support for balancing + loads of many types. + +2. History + + The history of this probably dates back well before my own time - so + undoubtedly some holes are here. Hopefully they can be filled in by + other authors. + + Initially; "load balancing" was intended to permit the Domain Name + System (DNS) [1] agents to support the concept of "clusters" (derived + from the VMS usage) of machines - where all machines were + functionally similar or the same, and it didn't particularly matter + which machine was picked - as long as the load of the processing was + reasonably well distributed across a series of actual different + hosts. Around 1986 a number of different schemes started surfacing + as hacks to the Berkeley Internet Name Domain server (BIND) + distribution. Probably the most widely distributed of these were the + "Shuffle Address" (SA) modifications by Bryan Beecher, or possibly + Marshall Rose's "Round Robin" code. + + The SA records, however, did a round-robin ordering of the Address + resource records, and didn't do much with regard to the particular + loads on the target machines. Matt Madison (of TGV) implemented some + changes that used VMS facilities to review the system loads, and + return A RRs in the order of least-loaded to most loaded. + + The problem was with SAs was that load was not actually a factor, and + TGV's relied on VMS specific facilities to order the records. The SA + RRs required changes to the DNS specification (in file syntax and in + + + +Brisco [Page 1] + +RFC 1794 DNS Support for Load Balancing April 1995 + + + record processing). These were both viewed as drawbacks and not as + general solutions. + + Most of the Internet waited in anticipation of an IETF approved + method for simulating "clusters". + + Through a few IETF DNS Working Group sessions (Chaired by Rob Austein + of Epilogue), it was collectively agreed upon that a number of + criteria must be met: + + A) Backwards compatibility with the existing DNS RFC. + + B) Information changes frequently. + + C) Multiple addresses should be sent out. + + D) Must interact with other RRs appropriately. + + E) Must be able to represent many types of "loads" + + F) Must be fast. + + (A) would ensure that the installed base of BIND and other DNS + implementations would continue to operate and interoperate properly. + + (B) would permit very fast update times - to enable modeling of + real-time data. Five minutes was thought as a normal interval, + though changes as fast as every sixty seconds could be imagined. + + (C) would cover the possibility of a host's address being advertised + as optimal, yet the machine crashed during the period within the TTL + of the RR. The second-most preferable address would be advertised + second, the third-most preferable third, and so on. This would allow + a reasonable stab at recovery during machine failures. + + (D) would ensure correct handling of all ancillary information - such + as MX, RP, and TXT information, as well as reverse lookup + information. It needed to be ensured that such processes as mail + handling continued to work in an unsurprising and predictable manner. + + (E) would ensure the flexibility that everyone wished. A breadth of + "loads" were wished to be represented by various members of the DNS + Working Group. Some "loads" were fairly eclectic - such as the + address ordering by the RTT to the host, some were pragmatic - such + as balancing the CPU load evenly across a series of hosts. All + represented valid concerns within their own context, and the idea of + having separate RR types for each was unthinkable (primarily; it + would violate goal A). + + + +Brisco [Page 2] + +RFC 1794 DNS Support for Load Balancing April 1995 + + + (F) needed to ensure a few things. Primarily that the time to + calculate the information to order the addressing information did not + exceed the TTL of the information distributed - i.e., that elements + with a TTL of five minutes didn't take six minutes to calculate. + Similarly; it seems a fairly clear goal in the DNS RFC that clients + should not be kept waiting - that request processing should continue + regardless of the state of any other processing occurring. + +3. Possible Alternatives + + During various discussions with the DNS Working Group and with the + Load Balancing Committee, it was noted that no existing solution + dealt with all wishes appropriately. One of the major successes of + the DNS is its flexibility - and it was felt that this needed to be + retained in all aspects. It was conceived that perhaps not only + address information would need to be changed rapidly, but other + records may also need to change rapidly (at least this could not be + ruled out - who knows what technologies lurk in the future). + + Of primary concern to many was the ability to interact with older + implementations of DNS. The DNS is implemented widely now, and + changes to critical portions of the protocol could cause havoc for + years. It became rapidly apparent through conversations with Jon + Postel and Dave Crocker (Area Director) that modifications to the + protocol would be viewed dimly. + +4. A Flexible Model + + During many hours of discussions, it arose upon suggestion from Rob + Austein that the changes could be implemented without changes to the + protocol; if zone transfer behavior could be subtly changed, then the + zone transfer process could accommodate the changing of various RR + information. What was needed was a smarter program to do the zone + transfers. Pursuant to this, changes were made to BIND that would + permit the specification of the program to do the zone transfers for + particular zones. + + There is no specification that a secondary has to receive updates + from its primary server in any specific manner - only that it needs + to check periodically, and obtain new zone copies when changes have + been made. Conceivably the zone transfer agent could obtain the + information from any number of sources (e.g., a load average daemon, + a round-robin sorter) and present the information back to the + nameserver for distribution. + + A number of questions arose from this concept, and all seem to have + been dealt with accordingly. Primarily, the DNS protocol doesn't + guarantee ordering. While the DNS protocol doesn't guarantee + + + +Brisco [Page 3] + +RFC 1794 DNS Support for Load Balancing April 1995 + + + ordering, it is clear that the ordering is predictive - that + information read in twice in the same order will be presented twice + in the same order to clients. Clients, of course, may reorder this + information, but that is deemed as a "local issue" as it is + configurable by the remote systems administrators (e.g., sortlists, + etc). The zone transfer agent would have to account for any "mis- + ordering" that may occur locally, but remote reordering (e.g., client + side sortlists) of RRs is is impossible to predict. Since local + mis-ordering is consistent, the zone transfer agents could easily + account for this. + + Secondarily, but perhaps more subtly, the problem arises that zone + transfers aren't used by primary nameservers, only by secondary + nameservers. To clarify this, the idea of "fast" or "volatile" + subzones must be dealt with. In a volatile environment (where + address or other RR ordering changes rapidly), the refresh rate of a + zone must be set very low, and the TTL of the RRs handed out must + similarly be very low. There is no use in handing out information + with TTLs of an hour, when the conditions for ordering the RRs + changes minutely. There must be a relatively close relationship + between the refresh rates and TTLs of the information. Of course, + with very low refresh rates, zone transfers between the primary and + secondary would have to occur frequently. Given that primary and + secondary nameservers should be topologically and geographically far + apart, moving that much data that frequently is seen as prohibitive. + Also; the longer the propagation time between the primary and + secondary, the larger the window in which circumstances can change - + thus invalidating the secondary's information. It is generally + thought that passing volatile information on to a secondary is fairly + useless - if secondaries want accurate information, then they should + calculate it themselves and not obtain it via zone transfers. This + avoids the problem with secondaries losing contact with the primaries + (but access to the targets of the volatile domain are still + reachable), but the secondary has information that is growing stale. + + What is essentially necessary is a secondary (with no primary) which + can calculate the necessary ordering of the RR data for itself (which + also avoids the problem of different versions of domain servers + predictively ordering RR information in different predictive + fashions). For a volatile zone, there is no primary DNS agent, but + rather a series of autonomous secondary agents. Each autonomous + secondary agent is, of course, capable of calculating the ordering or + content of the volatile RRs itself. + + + + + + + + +Brisco [Page 4] + +RFC 1794 DNS Support for Load Balancing April 1995 + + +5. Implementation + + With some help from Masataka Ohta (Tokyo Institute of Technology), I + implemented modifications to BIND to permit the specification of the + zone transfer program (zone transfer agent) for particular domains: + + transfer <domain-name> <program-name> + + Currently I define a separate subdomain that has a few hosts defined + in it - all volatile information. The zone has a refresh rate of + 300, and a minimum TTL of 300 indicated. The configuration file is + indicated as "volatile.hosts". Every 300 seconds a program "doAxfer" + is run to do the zone transfer. The program "doAxfer" reads the file + "volatile.hosts.template" and the file "volatile.hosts.list". The + addresses specified in volatile.hosts.list are rotated a random + number of times, and then substituted (in order) into + volatile.hosts.template to generate the file volatile.hosts. The + program "doAxfer" then exits with a value of 1 - to indicate to the + nameserver that the zone transfer was successful, and that the file + should be read in, and the information distributed. This results in + a host having multiple addresses, and the addresses are randomized + every five minutes (300 seconds). + + Two bugs continue to plague us in this endeavor. BIND currently + considers any TTL under 300 seconds as "irrational", and substitutes + in the value of 300 instead. This greatly hampers the functionality + of volatile zones. In the fastest of all cases - a 0 TTL - + information would be used once, and then thrown away. Presumably the + new RR information could be calculated every 5 seconds, and the RRs + handed out with a TTL of 0. It must be considered that one + limitation of the speed of a zone is going to be the ability of a + machine to calculate new information fast enough. + + The other bug that also effects this is that, as with TTLs, BIND + considers any zone refresh rate under 15 minutes to be similarly + irrational. Obviously zone refresh rates of 15 minutes is + unacceptable for this sort of applications. + + For a work-around, the current code sets these same hard-coded values + to 60 seconds. Sixty seconds is still large enough to avoid any + residual bugs associated with small timer values, but is also short + enough to allow fast subzones to be of use. + + This version of BIND is currently in release within Rutgers + University, operating in both "fast" and normal zones. + + + + + + +Brisco [Page 5] + +RFC 1794 DNS Support for Load Balancing April 1995 + + +6. Performance + + While the performance of fast zones isn't exactly stellar, it is not + much more than the normal CPU loads induced by BIND. Testing was + performed on a Sun Sparc-2 being used as a normal workstation, but no + resolvers were using the name server - essentially the nameserver was + idle. For a configuration with no fast subzones, BIND accrued 11 CPU + seconds in 24 hours. For a configuration with one fast zone, six + address records, and being refreshed every 300 seconds (5 minutes), + BIND accrued 1 minute 4 seconds CPU time. For the same previous + configuration, but being refreshed every sixty seconds, BIND accrued + 5 minutes and 38 seconds of CPU time. + + As is no great surprise, the CPU load on the serving machine was + linear to the frequency of the refresh time. The sixty second + refresh configuration used approximately five times as much CPU time + as did the 300 second refresh configuration. One can easily + extrapolate that the overall CPU utilization would be linear to the + number of zones and the frequency of the refresh period. All of this + is based on a shell script that always indicated that a zone update + was necessary, a more intelligent program should realize when the + reordering of the RRs was unnecessary and avoid such periodic zone + reloads. + +7. Acknowledgments + + Most of the ideas in this document are the results of conversations + and proposals from many, many people - including, but not limited to, + Robert Austein, Stuart Vance, Masataka Ohta, Marshall Rose, and the + members of the IETF DNS Working Group. + +8. References + + [1] Mockapetris, P., "Domain Names - Implementation and + Specification", STD 13, RFC 1035, USC/Information Sciences + Institute, November 1987. + + + + + + + + + + + + + + + +Brisco [Page 6] + +RFC 1794 DNS Support for Load Balancing April 1995 + + +9. Security Considerations + + Security issues are not discussed in this memo. + +10. Author's Address + + Thomas P. Brisco + Associate Director for Network Operations + Rutgers University + Computing Services, Telecommunications Division + Hill Center for the Mathematical Sciences + Busch Campus + Piscataway, New Jersey 08855-0879 + USA + + Phone: +1-908-445-2351 + EMail: brisco@rutgers.edu + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Brisco [Page 7] + diff --git a/usr.sbin/named/doc/rfc/rfc1876 b/usr.sbin/named/doc/rfc/rfc1876 new file mode 100644 index 00000000000..a289cffece2 --- /dev/null +++ b/usr.sbin/named/doc/rfc/rfc1876 @@ -0,0 +1,1011 @@ + + + + + + +Network Working Group C. Davis +Request for Comments: 1876 Kapor Enterprises +Updates: 1034, 1035 P. Vixie +Category: Experimental Vixie Enterprises + T. Goodwin + FORE Systems + I. Dickinson + University of Warwick + January 1996 + + + A Means for Expressing Location Information in the Domain Name System + +Status of this Memo + + This memo defines an Experimental Protocol for the Internet + community. This memo does not specify an Internet standard of any + kind. Discussion and suggestions for improvement are requested. + Distribution of this memo is unlimited. + +1. Abstract + + This memo defines a new DNS RR type for experimental purposes. This + RFC describes a mechanism to allow the DNS to carry location + information about hosts, networks, and subnets. Such information for + a small subset of hosts is currently contained in the flat-file UUCP + maps. However, just as the DNS replaced the use of HOSTS.TXT to + carry host and network address information, it is possible to replace + the UUCP maps as carriers of location information. + + This RFC defines the format of a new Resource Record (RR) for the + Domain Name System (DNS), and reserves a corresponding DNS type + mnemonic (LOC) and numerical code (29). + + This RFC assumes that the reader is familiar with the DNS [RFC 1034, + RFC 1035]. The data shown in our examples is for pedagogical use and + does not necessarily reflect the real Internet. + + + + + + + + + + + + + + +Davis, et al Experimental [Page 1] + +RFC 1876 Location Information in the DNS January 1996 + + +2. RDATA Format + + MSB LSB + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + 0| VERSION | SIZE | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + 2| HORIZ PRE | VERT PRE | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + 4| LATITUDE | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + 6| LATITUDE | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + 8| LONGITUDE | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + 10| LONGITUDE | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + 12| ALTITUDE | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + 14| ALTITUDE | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + (octet) + +where: + +VERSION Version number of the representation. This must be zero. + Implementations are required to check this field and make + no assumptions about the format of unrecognized versions. + +SIZE The diameter of a sphere enclosing the described entity, in + centimeters, expressed as a pair of four-bit unsigned + integers, each ranging from zero to nine, with the most + significant four bits representing the base and the second + number representing the power of ten by which to multiply + the base. This allows sizes from 0e0 (<1cm) to 9e9 + (90,000km) to be expressed. This representation was chosen + such that the hexadecimal representation can be read by + eye; 0x15 = 1e5. Four-bit values greater than 9 are + undefined, as are values with a base of zero and a non-zero + exponent. + + Since 20000000m (represented by the value 0x29) is greater + than the equatorial diameter of the WGS 84 ellipsoid + (12756274m), it is therefore suitable for use as a + "worldwide" size. + +HORIZ PRE The horizontal precision of the data, in centimeters, + expressed using the same representation as SIZE. This is + the diameter of the horizontal "circle of error", rather + + + +Davis, et al Experimental [Page 2] + +RFC 1876 Location Information in the DNS January 1996 + + + than a "plus or minus" value. (This was chosen to match + the interpretation of SIZE; to get a "plus or minus" value, + divide by 2.) + +VERT PRE The vertical precision of the data, in centimeters, + expressed using the sane representation as for SIZE. This + is the total potential vertical error, rather than a "plus + or minus" value. (This was chosen to match the + interpretation of SIZE; to get a "plus or minus" value, + divide by 2.) Note that if altitude above or below sea + level is used as an approximation for altitude relative to + the [WGS 84] ellipsoid, the precision value should be + adjusted. + +LATITUDE The latitude of the center of the sphere described by the + SIZE field, expressed as a 32-bit integer, most significant + octet first (network standard byte order), in thousandths + of a second of arc. 2^31 represents the equator; numbers + above that are north latitude. + +LONGITUDE The longitude of the center of the sphere described by the + SIZE field, expressed as a 32-bit integer, most significant + octet first (network standard byte order), in thousandths + of a second of arc, rounded away from the prime meridian. + 2^31 represents the prime meridian; numbers above that are + east longitude. + +ALTITUDE The altitude of the center of the sphere described by the + SIZE field, expressed as a 32-bit integer, most significant + octet first (network standard byte order), in centimeters, + from a base of 100,000m below the [WGS 84] reference + spheroid used by GPS (semimajor axis a=6378137.0, + reciprocal flattening rf=298.257223563). Altitude above + (or below) sea level may be used as an approximation of + altitude relative to the the [WGS 84] spheroid, though due + to the Earth's surface not being a perfect spheroid, there + will be differences. (For example, the geoid (which sea + level approximates) for the continental US ranges from 10 + meters to 50 meters below the [WGS 84] spheroid. + Adjustments to ALTITUDE and/or VERT PRE will be necessary + in most cases. The Defense Mapping Agency publishes geoid + height values relative to the [WGS 84] ellipsoid. + + + + + + + + + +Davis, et al Experimental [Page 3] + +RFC 1876 Location Information in the DNS January 1996 + + +3. Master File Format + + The LOC record is expressed in a master file in the following format: + + <owner> <TTL> <class> LOC ( d1 [m1 [s1]] {"N"|"S"} d2 [m2 [s2]] + {"E"|"W"} alt["m"] [siz["m"] [hp["m"] + [vp["m"]]]] ) + + (The parentheses are used for multi-line data as specified in [RFC + 1035] section 5.1.) + + where: + + d1: [0 .. 90] (degrees latitude) + d2: [0 .. 180] (degrees longitude) + m1, m2: [0 .. 59] (minutes latitude/longitude) + s1, s2: [0 .. 59.999] (seconds latitude/longitude) + alt: [-100000.00 .. 42849672.95] BY .01 (altitude in meters) + siz, hp, vp: [0 .. 90000000.00] (size/precision in meters) + + If omitted, minutes and seconds default to zero, size defaults to 1m, + horizontal precision defaults to 10000m, and vertical precision + defaults to 10m. These defaults are chosen to represent typical + ZIP/postal code area sizes, since it is often easy to find + approximate geographical location by ZIP/postal code. + +4. Example Data + +;;; +;;; note that these data would not all appear in one zone file +;;; + +;; network LOC RR derived from ZIP data. note use of precision defaults +cambridge-net.kei.com. LOC 42 21 54 N 71 06 18 W -24m 30m + +;; higher-precision host LOC RR. note use of vertical precision default +loiosh.kei.com. LOC 42 21 43.952 N 71 5 6.344 W + -24m 1m 200m + +pipex.net. LOC 52 14 05 N 00 08 50 E 10m + +curtin.edu.au. LOC 32 7 19 S 116 2 25 E 10m + +rwy04L.logan-airport.boston. LOC 42 21 28.764 N 71 00 51.617 W + -44m 2000m + + + + + + +Davis, et al Experimental [Page 4] + +RFC 1876 Location Information in the DNS January 1996 + + +5. Application use of the LOC RR + +5.1 Suggested Uses + + Some uses for the LOC RR have already been suggested, including the + USENET backbone flow maps, a "visual traceroute" application showing + the geographical path of an IP packet, and network management + applications that could use LOC RRs to generate a map of hosts and + routers being managed. + +5.2 Search Algorithms + + This section specifies how to use the DNS to translate domain names + and/or IP addresses into location information. + + If an application wishes to have a "fallback" behavior, displaying a + less precise or larger area when a host does not have an associated + LOC RR, it MAY support use of the algorithm in section 5.2.3, as + noted in sections 5.2.1 and 5.2.2. If fallback is desired, this + behaviour is the RECOMMENDED default, but in some cases it may need + to be modified based on the specific requirements of the application + involved. + + This search algorithm is designed to allow network administrators to + specify the location of a network or subnet without requiring LOC RR + data for each individual host. For example, a computer lab with 24 + workstations, all of which are on the same subnet and in basically + the same location, would only need a LOC RR for the subnet. + (However, if the file server's location has been more precisely + measured, a separate LOC RR for it can be placed in the DNS.) + +5.2.1 Searching by Name + + If the application is beginning with a name, rather than an IP + address (as the USENET backbone flow maps do), it MUST check for a + LOC RR associated with that name. (CNAME records should be followed + as for any other RR type.) + + If there is no LOC RR for that name, all A records (if any) + associated with the name MAY be checked for network (or subnet) LOC + RRs using the "Searching by Network or Subnet" algorithm (5.2.3). If + multiple A records exist and have associated network or subnet LOC + RRs, the application may choose to use any, some, or all of the LOC + RRs found, possibly in combination. It is suggested that multi-homed + hosts have LOC RRs for their name in the DNS to avoid any ambiguity + in these cases. + + + + + +Davis, et al Experimental [Page 5] + +RFC 1876 Location Information in the DNS January 1996 + + + Note that domain names that do not have associated A records must + have a LOC RR associated with their name in order for location + information to be accessible. + +5.2.2 Searching by Address + + If the application is beginning with an IP address (as a "visual + traceroute" application might be) it MUST first map the address to a + name using the IN-ADDR.ARPA namespace (see [RFC 1034], section + 5.2.1), then check for a LOC RR associated with that name. + + If there is no LOC RR for the name, the address MAY be checked for + network (or subnet) LOC RRs using the "Searching by Network or + Subnet" algorithm (5.2.3). + +5.2.3 Searching by Network or Subnet + + Even if a host's name does not have any associated LOC RRs, the + network(s) or subnet(s) it is on may. If the application wishes to + search for such less specific data, the following algorithm SHOULD be + followed to find a network or subnet LOC RR associated with the IP + address. This algorithm is adapted slightly from that specified in + [RFC 1101], sections 4.3 and 4.4. + + Since subnet LOC RRs are (if present) more specific than network LOC + RRs, it is best to use them if available. In order to do so, we + build a stack of network and subnet names found while performing the + [RFC 1101] search, then work our way down the stack until a LOC RR is + found. + + 1. create a host-zero address using the network portion of the IP + address (one, two, or three bytes for class A, B, or C networks, + respectively). For example, for the host 128.9.2.17, on the class + B network 128.9, this would result in the address "128.9.0.0". + + 2. Reverse the octets, suffix IN-ADDR.ARPA, and query for PTR and A + records. Retrieve: + + 0.0.9.128.IN-ADDR.ARPA. PTR isi-net.isi.edu. + A 255.255.255.0 + + Push the name "isi-net.isi.edu" onto the stack of names to be + searched for LOC RRs later. + + + + + + + + +Davis, et al Experimental [Page 6] + +RFC 1876 Location Information in the DNS January 1996 + + + 3. Since an A RR was found, repeat using mask from RR + (255.255.255.0), constructing a query for 0.2.9.128.IN-ADDR.ARPA. + Retrieve: + + 0.2.9.128.IN-ADDR.ARPA. PTR div2-subnet.isi.edu. + A 255.255.255.240 + + Push the name "div2-subnet.isi.edu" onto the stack of names to be + searched for LOC RRs later. + + 4. Since another A RR was found, repeat using mask 255.255.255.240 + (x'FFFFFFF0'), constructing a query for 16.2.9.128.IN-ADDR.ARPA. + Retrieve: + + 16.2.9.128.IN-ADDR.ARPA. PTR inc-subsubnet.isi.edu. + + Push the name "inc-subsubnet.isi.edu" onto the stack of names to + be searched for LOC RRs later. + + 5. Since no A RR is present at 16.2.9.128.IN-ADDR.ARPA., there are no + more subnet levels to search. We now pop the top name from the + stack and check for an associated LOC RR. Repeat until a LOC RR + is found. + + In this case, assume that inc-subsubnet.isi.edu does not have an + associated LOC RR, but that div2-subnet.isi.edu does. We will + then use div2-subnet.isi.edu's LOC RR as an approximation of this + host's location. (Note that even if isi-net.isi.edu has a LOC RR, + it will not be used if a subnet also has a LOC RR.) + +5.3 Applicability to non-IN Classes and non-IP Addresses + + The LOC record is defined for all RR classes, and may be used with + non-IN classes such as HS and CH. The semantics of such use are not + defined by this memo. + + The search algorithm in section 5.2.3 may be adapted to other + addressing schemes by extending [RFC 1101]'s encoding of network + names to cover those schemes. Such extensions are not defined by + this memo. + + + + + + + + + + + +Davis, et al Experimental [Page 7] + +RFC 1876 Location Information in the DNS January 1996 + + +6. References + + [RFC 1034] Mockapetris, P., "Domain Names - Concepts and Facilities", + STD 13, RFC 1034, USC/Information Sciences Institute, + November 1987. + + [RFC 1035] Mockapetris, P., "Domain Names - Implementation and + Specification", STD 13, RFC 1035, USC/Information Sciences + Institute, November 1987. + + [RFC 1101] Mockapetris, P., "DNS Encoding of Network Names and Other + Types", RFC 1101, USC/Information Sciences Institute, + April 1989. + + [WGS 84] United States Department of Defense; DoD WGS-1984 - Its + Definition and Relationships with Local Geodetic Systems; + Washington, D.C.; 1985; Report AD-A188 815 DMA; 6127; 7-R- + 138-R; CV, KV; + +7. Security Considerations + + High-precision LOC RR information could be used to plan a penetration + of physical security, leading to potential denial-of-machine attacks. + To avoid any appearance of suggesting this method to potential + attackers, we declined the opportunity to name this RR "ICBM". + +8. Authors' Addresses + + The authors as a group can be reached as <loc@pipex.net>. + + Christopher Davis + Kapor Enterprises, Inc. + 238 Main Street, Suite 400 + Cambridge, MA 02142 + + Phone: +1 617 576 4532 + EMail: ckd@kei.com + + + Paul Vixie + Vixie Enterprises + Star Route Box 159A + Woodside, CA 94062 + + Phone: +1 415 747 0204 + EMail: paul@vix.com + + + + + +Davis, et al Experimental [Page 8] + +RFC 1876 Location Information in the DNS January 1996 + + + Tim Goodwin + Public IP Exchange Ltd (PIPEX) + 216 The Science Park + Cambridge CB4 4WA + UK + + Phone: +44 1223 250250 + EMail: tim@pipex.net + + + Ian Dickinson + FORE Systems + 2475 The Crescent + Solihull Parkway + Birmingham Business Park + B37 7YE + UK + + Phone: +44 121 717 4444 + EMail: idickins@fore.co.uk + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Davis, et al Experimental [Page 9] + +RFC 1876 Location Information in the DNS January 1996 + + +Appendix A: Sample Conversion Routines + +/* + * routines to convert between on-the-wire RR format and zone file + * format. Does not contain conversion to/from decimal degrees; + * divide or multiply by 60*60*1000 for that. + */ + +static unsigned int poweroften[10] = {1, 10, 100, 1000, 10000, 100000, + 1000000,10000000,100000000,1000000000}; + +/* takes an XeY precision/size value, returns a string representation.*/ +static const char * +precsize_ntoa(prec) + u_int8_t prec; +{ + static char retbuf[sizeof("90000000.00")]; + unsigned long val; + int mantissa, exponent; + + mantissa = (int)((prec >> 4) & 0x0f) % 10; + exponent = (int)((prec >> 0) & 0x0f) % 10; + + val = mantissa * poweroften[exponent]; + + (void) sprintf(retbuf,"%d.%.2d", val/100, val%100); + return (retbuf); +} + +/* converts ascii size/precision X * 10**Y(cm) to 0xXY. moves pointer.*/ +static u_int8_t +precsize_aton(strptr) + char **strptr; +{ + unsigned int mval = 0, cmval = 0; + u_int8_t retval = 0; + register char *cp; + register int exponent; + register int mantissa; + + cp = *strptr; + + while (isdigit(*cp)) + mval = mval * 10 + (*cp++ - '0'); + + if (*cp == '.') { /* centimeters */ + cp++; + if (isdigit(*cp)) { + + + +Davis, et al Experimental [Page 10] + +RFC 1876 Location Information in the DNS January 1996 + + + cmval = (*cp++ - '0') * 10; + if (isdigit(*cp)) { + cmval += (*cp++ - '0'); + } + } + } + cmval = (mval * 100) + cmval; + + for (exponent = 0; exponent < 9; exponent++) + if (cmval < poweroften[exponent+1]) + break; + + mantissa = cmval / poweroften[exponent]; + if (mantissa > 9) + mantissa = 9; + + retval = (mantissa << 4) | exponent; + + *strptr = cp; + + return (retval); +} + +/* converts ascii lat/lon to unsigned encoded 32-bit number. + * moves pointer. */ +static u_int32_t +latlon2ul(latlonstrptr,which) + char **latlonstrptr; + int *which; +{ + register char *cp; + u_int32_t retval; + int deg = 0, min = 0, secs = 0, secsfrac = 0; + + cp = *latlonstrptr; + + while (isdigit(*cp)) + deg = deg * 10 + (*cp++ - '0'); + + while (isspace(*cp)) + cp++; + + if (!(isdigit(*cp))) + goto fndhemi; + + while (isdigit(*cp)) + min = min * 10 + (*cp++ - '0'); + + + + +Davis, et al Experimental [Page 11] + +RFC 1876 Location Information in the DNS January 1996 + + + while (isspace(*cp)) + cp++; + + if (!(isdigit(*cp))) + goto fndhemi; + + while (isdigit(*cp)) + secs = secs * 10 + (*cp++ - '0'); + + if (*cp == '.') { /* decimal seconds */ + cp++; + if (isdigit(*cp)) { + secsfrac = (*cp++ - '0') * 100; + if (isdigit(*cp)) { + secsfrac += (*cp++ - '0') * 10; + if (isdigit(*cp)) { + secsfrac += (*cp++ - '0'); + } + } + } + } + + while (!isspace(*cp)) /* if any trailing garbage */ + cp++; + + while (isspace(*cp)) + cp++; + + fndhemi: + switch (*cp) { + case 'N': case 'n': + case 'E': case 'e': + retval = ((unsigned)1<<31) + + (((((deg * 60) + min) * 60) + secs) * 1000) + + secsfrac; + break; + case 'S': case 's': + case 'W': case 'w': + retval = ((unsigned)1<<31) + - (((((deg * 60) + min) * 60) + secs) * 1000) + - secsfrac; + break; + default: + retval = 0; /* invalid value -- indicates error */ + break; + } + + switch (*cp) { + + + +Davis, et al Experimental [Page 12] + +RFC 1876 Location Information in the DNS January 1996 + + + case 'N': case 'n': + case 'S': case 's': + *which = 1; /* latitude */ + break; + case 'E': case 'e': + case 'W': case 'w': + *which = 2; /* longitude */ + break; + default: + *which = 0; /* error */ + break; + } + + cp++; /* skip the hemisphere */ + + while (!isspace(*cp)) /* if any trailing garbage */ + cp++; + + while (isspace(*cp)) /* move to next field */ + cp++; + + *latlonstrptr = cp; + + return (retval); +} + +/* converts a zone file representation in a string to an RDATA + * on-the-wire representation. */ +u_int32_t +loc_aton(ascii, binary) + const char *ascii; + u_char *binary; +{ + const char *cp, *maxcp; + u_char *bcp; + + u_int32_t latit = 0, longit = 0, alt = 0; + u_int32_t lltemp1 = 0, lltemp2 = 0; + int altmeters = 0, altfrac = 0, altsign = 1; + u_int8_t hp = 0x16; /* default = 1e6 cm = 10000.00m = 10km */ + u_int8_t vp = 0x13; /* default = 1e3 cm = 10.00m */ + u_int8_t siz = 0x12; /* default = 1e2 cm = 1.00m */ + int which1 = 0, which2 = 0; + + cp = ascii; + maxcp = cp + strlen(ascii); + + lltemp1 = latlon2ul(&cp, &which1); + + + +Davis, et al Experimental [Page 13] + +RFC 1876 Location Information in the DNS January 1996 + + + lltemp2 = latlon2ul(&cp, &which2); + + switch (which1 + which2) { + case 3: /* 1 + 2, the only valid combination */ + if ((which1 == 1) && (which2 == 2)) { /* normal case */ + latit = lltemp1; + longit = lltemp2; + } else if ((which1 == 2) && (which2 == 1)) {/*reversed*/ + longit = lltemp1; + latit = lltemp2; + } else { /* some kind of brokenness */ + return 0; + } + break; + default: /* we didn't get one of each */ + return 0; + } + + /* altitude */ + if (*cp == '-') { + altsign = -1; + cp++; + } + + if (*cp == '+') + cp++; + + while (isdigit(*cp)) + altmeters = altmeters * 10 + (*cp++ - '0'); + + if (*cp == '.') { /* decimal meters */ + cp++; + if (isdigit(*cp)) { + altfrac = (*cp++ - '0') * 10; + if (isdigit(*cp)) { + altfrac += (*cp++ - '0'); + } + } + } + + alt = (10000000 + (altsign * (altmeters * 100 + altfrac))); + + while (!isspace(*cp) && (cp < maxcp)) + /* if trailing garbage or m */ + cp++; + + while (isspace(*cp) && (cp < maxcp)) + cp++; + + + +Davis, et al Experimental [Page 14] + +RFC 1876 Location Information in the DNS January 1996 + + + if (cp >= maxcp) + goto defaults; + + siz = precsize_aton(&cp); + + while (!isspace(*cp) && (cp < maxcp))/*if trailing garbage or m*/ + cp++; + + while (isspace(*cp) && (cp < maxcp)) + cp++; + + if (cp >= maxcp) + goto defaults; + + hp = precsize_aton(&cp); + + while (!isspace(*cp) && (cp < maxcp))/*if trailing garbage or m*/ + cp++; + + while (isspace(*cp) && (cp < maxcp)) + cp++; + + if (cp >= maxcp) + goto defaults; + + vp = precsize_aton(&cp); + + defaults: + + bcp = binary; + *bcp++ = (u_int8_t) 0; /* version byte */ + *bcp++ = siz; + *bcp++ = hp; + *bcp++ = vp; + PUTLONG(latit,bcp); + PUTLONG(longit,bcp); + PUTLONG(alt,bcp); + + return (16); /* size of RR in octets */ +} + +/* takes an on-the-wire LOC RR and prints it in zone file + * (human readable) format. */ +char * +loc_ntoa(binary,ascii) + const u_char *binary; + char *ascii; +{ + + + +Davis, et al Experimental [Page 15] + +RFC 1876 Location Information in the DNS January 1996 + + + static char tmpbuf[255*3]; + + register char *cp; + register const u_char *rcp; + + int latdeg, latmin, latsec, latsecfrac; + int longdeg, longmin, longsec, longsecfrac; + char northsouth, eastwest; + int altmeters, altfrac, altsign; + + const int referencealt = 100000 * 100; + + int32_t latval, longval, altval; + u_int32_t templ; + u_int8_t sizeval, hpval, vpval, versionval; + + char *sizestr, *hpstr, *vpstr; + + rcp = binary; + if (ascii) + cp = ascii; + else { + cp = tmpbuf; + } + + versionval = *rcp++; + + if (versionval) { + sprintf(cp,"; error: unknown LOC RR version"); + return (cp); + } + + sizeval = *rcp++; + + hpval = *rcp++; + vpval = *rcp++; + + GETLONG(templ,rcp); + latval = (templ - ((unsigned)1<<31)); + + GETLONG(templ,rcp); + longval = (templ - ((unsigned)1<<31)); + + GETLONG(templ,rcp); + if (templ < referencealt) { /* below WGS 84 spheroid */ + altval = referencealt - templ; + altsign = -1; + } else { + + + +Davis, et al Experimental [Page 16] + +RFC 1876 Location Information in the DNS January 1996 + + + altval = templ - referencealt; + altsign = 1; + } + + if (latval < 0) { + northsouth = 'S'; + latval = -latval; + } + else + northsouth = 'N'; + + latsecfrac = latval % 1000; + latval = latval / 1000; + latsec = latval % 60; + latval = latval / 60; + latmin = latval % 60; + latval = latval / 60; + latdeg = latval; + + if (longval < 0) { + eastwest = 'W'; + longval = -longval; + } + else + eastwest = 'E'; + + longsecfrac = longval % 1000; + longval = longval / 1000; + longsec = longval % 60; + longval = longval / 60; + longmin = longval % 60; + longval = longval / 60; + longdeg = longval; + + altfrac = altval % 100; + altmeters = (altval / 100) * altsign; + + sizestr = savestr(precsize_ntoa(sizeval)); + hpstr = savestr(precsize_ntoa(hpval)); + vpstr = savestr(precsize_ntoa(vpval)); + + sprintf(cp, + "%d %.2d %.2d.%.3d %c %d %.2d %.2d.%.3d %c %d.%.2dm + %sm %sm %sm", + latdeg, latmin, latsec, latsecfrac, northsouth, + longdeg, longmin, longsec, longsecfrac, eastwest, + altmeters, altfrac, sizestr, hpstr, vpstr); + + + + +Davis, et al Experimental [Page 17] + +RFC 1876 Location Information in the DNS January 1996 + + + free(sizestr); + free(hpstr); + free(vpstr); + + return (cp); +} + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Davis, et al Experimental [Page 18] + diff --git a/usr.sbin/named/doc/rfc/rfc1884 b/usr.sbin/named/doc/rfc/rfc1884 new file mode 100644 index 00000000000..335a7ab543a --- /dev/null +++ b/usr.sbin/named/doc/rfc/rfc1884 @@ -0,0 +1,1011 @@ + + + + + + +Network Working Group R. Hinden, Ipsilon Networks +Request for Comments: 1884 S. Deering, Xerox PARC +Category: Standards Track Editors + December 1995 + + + IP Version 6 Addressing Architecture + + + + +Status of this Memo + + This document specifies an Internet standards track protocol for the + Internet community, and requests discussion and suggestions for + improvements. Please refer to the current edition of the "Internet + Official Protocol Standards" (STD 1) for the standardization state + and status of this protocol. Distribution of this memo is unlimited. + + +Abstract + + This specification defines the addressing architecture of the IP + Version 6 protocol [IPV6]. The document includes the IPv6 addressing + model, text representations of IPv6 addresses, definition of IPv6 + unicast addresses, anycast addresses, and multicast addresses, and an + IPv6 nodes required addresses. + + + + + + + + + + + + + + + + + + + + + + + + +Hinden & Deering Standards Track [Page 1] + +RFC 1884 IPv6 Addressing Architecture December 1995 + + +Table of Contents + + 1. Introduction................................................3 + + 2. IPv6 Addressing.............................................3 + 2.1 Addressing Model........................................4 + 2.2 Text Representation of Addresses........................4 + 2.3 Address Type Representation.............................5 + 2.4 Unicast Addresses.......................................7 + 2.4.1 Unicast Address Example.............................8 + 2.4.2 The Unspecified Address.............................9 + 2.4.3 The Loopback Address................................9 + 2.4.4 IPv6 Addresses with Embedded IPv4 Addresses.........9 + 2.4.5 NSAP Addresses......................................10 + 2.4.6 IPX Addresses.......................................10 + 2.4.7 Provider-Based Global Unicast Addresses.............10 + 2.4.8 Local-use IPv6 Unicast Addresses....................11 + 2.5 Anycast Addresses.......................................12 + 2.5.1 Required Anycast Address............................13 + 2.6 Multicast Addresses.....................................14 + 2.6.1 Pre-Defined Multicast Addresses.....................15 + 2.7 A Node's Required Addresses.............................17 + + REFERENCES.....................................................18 + + SECURITY CONSIDERATIONS........................................18 + + DOCUMENT EDITOR'S ADDRESSES....................................18 + + + + + + + + + + + + + + + + + + + + + + + +Hinden & Deering Standards Track [Page 2] + +RFC 1884 IPv6 Addressing Architecture December 1995 + + +1.0 INTRODUCTION + + This specification defines the addressing architecture of the IP + Version 6 protocol. It includes a detailed description of the + currently defined address formats for IPv6 [IPV6]. + + The editors would like to acknowledge the contributions of Paul + Francis, Jim Bound, Brian Carpenter, Deborah Estrin, Peter Ford, Bob + Gilligan, Christian Huitema, Tony Li, Greg Minshall, Erik Nordmark, + Yakov Rekhter, Bill Simpson, and Sue Thomson. + +2.0 IPv6 ADDRESSING + + IPv6 addresses are 128-bit identifiers for interfaces and sets of + interfaces. There are three types of addresses: + + + Unicast: An identifier for a single interface. A packet sent + to a unicast address is delivered to the interface + identified by that address. + + Anycast: An identifier for a set of interfaces (typically + belonging to different nodes). A packet sent to an + anycast address is delivered to one of the interfaces + identified by that address (the "nearest" one, + according to the routing protocols' measure of + distance). + + Multicast: An identifier for a set of interfaces (typically + belonging to different nodes). A packet sent to a + multicast address is delivered to all interfaces + identified by that address. + + There are no broadcast addresses in IPv6, their function being + superseded by multicast addresses. + + In this document, fields in addresses are given a specific name, for + example "subscriber". When this name is used with the term "ID" for + identifier after the name (e.g., "subscriber ID"), it refers to the + contents of the named field. When it is used with the term "prefix" + (e.g., "subscriber prefix") it refers to all of the address up to and + including this field. + + In IPv6, all zeros and all ones are legal values for any field, + unless specifically excluded. Specifically, prefixes may contain + zero-valued fields or end in zeros. + + + + + +Hinden & Deering Standards Track [Page 3] + +RFC 1884 IPv6 Addressing Architecture December 1995 + + + 2.1 Addressing Model + + IPv6 Addresses of all types are assigned to interfaces, not nodes. + Since each interface belongs to a single node, any of that node's + interfaces' unicast addresses may be used as an identifier for the + node. + + An IPv6 unicast address refers to a single interface. A single + interface may be assigned multiple IPv6 addresses of any type + (unicast, anycast, and multicast). There are two exceptions to this + model. These are: + + 1) A single address may be assigned to multiple physical interfaces + if the implementation treats the multiple physical interfaces as + one interface when presenting it to the internet layer. This is + useful for load-sharing over multiple physical interfaces. + + 2) Routers may have unnumbered interfaces (i.e., no IPv6 address + assigned to the interface) on point-to-point links to eliminate + the necessity to manually configure and advertise the addresses. + Addresses are not needed for point-to-point interfaces on + routers if those interfaces are not to be used as the origins or + destinations of any IPv6 datagrams. + + IPv6 continues the IPv4 model that a subnet is associated with one + link. Multiple subnets may be assigned to the same link. + + + 2.2 Text Representation of Addresses + + There are three conventional forms for representing IPv6 addresses as + text strings: + + 1. The preferred form is x:x:x:x:x:x:x:x, where the 'x's are the + hexadecimal values of the eight 16-bit pieces of the address. + Examples: + + FEDC:BA98:7654:3210:FEDC:BA98:7654:3210 + + 1080:0:0:0:8:800:200C:417A + + Note that it is not necessary to write the leading zeros in an + individual field, but there must be at least one numeral in + every field (except for the case described in 2.). + + 2. Due to the method of allocating certain styles of IPv6 + addresses, it will be common for addresses to contain long + strings of zero bits. In order to make writing addresses + + + +Hinden & Deering Standards Track [Page 4] + +RFC 1884 IPv6 Addressing Architecture December 1995 + + + containing zero bits easier a special syntax is available to + compress the zeros. The use of "::" indicates multiple groups + of 16-bits of zeros. The "::" can only appear once in an + address. The "::" can also be used to compress the leading + and/or trailing zeros in an address. + + For example the following addresses: + + 1080:0:0:0:8:800:200C:417A a unicast address + FF01:0:0:0:0:0:0:43 a multicast address + 0:0:0:0:0:0:0:1 the loopback address + 0:0:0:0:0:0:0:0 the unspecified addresses + + may be represented as: + + 1080::8:800:200C:417A a unicast address + FF01::43 a multicast address + ::1 the loopback address + :: the unspecified addresses + + 3. An alternative form that is sometimes more convenient when + dealing with a mixed environment of IPv4 and IPv6 nodes is + x:x:x:x:x:x:d.d.d.d, where the 'x's are the hexadecimal values + of the six high-order 16-bit pieces of the address, and the 'd's + are the decimal values of the four low-order 8-bit pieces of the + address (standard IPv4 representation). Examples: + + 0:0:0:0:0:0:13.1.68.3 + + 0:0:0:0:0:FFFF:129.144.52.38 + + or in compressed form: + + ::13.1.68.3 + + ::FFFF:129.144.52.38 + + + 2.3 Address Type Representation + + The specific type of an IPv6 address is indicated by the leading bits + in the address. The variable-length field comprising these leading + bits is called the Format Prefix (FP). The initial allocation of + these prefixes is as follows: + + + + + + + +Hinden & Deering Standards Track [Page 5] + +RFC 1884 IPv6 Addressing Architecture December 1995 + + + Allocation Prefix Fraction of + (binary) Address Space + ------------------------------- -------- ------------- + Reserved 0000 0000 1/256 + Unassigned 0000 0001 1/256 + + Reserved for NSAP Allocation 0000 001 1/128 + Reserved for IPX Allocation 0000 010 1/128 + + Unassigned 0000 011 1/128 + Unassigned 0000 1 1/32 + Unassigned 0001 1/16 + Unassigned 001 1/8 + + Provider-Based Unicast Address 010 1/8 + + Unassigned 011 1/8 + + Reserved for Geographic- + Based Unicast Addresses 100 1/8 + + Unassigned 101 1/8 + Unassigned 110 1/8 + Unassigned 1110 1/16 + Unassigned 1111 0 1/32 + Unassigned 1111 10 1/64 + Unassigned 1111 110 1/128 + + Unassigned 1111 1110 0 1/512 + + Link Local Use Addresses 1111 1110 10 1/1024 + Site Local Use Addresses 1111 1110 11 1/1024 + + Multicast Addresses 1111 1111 1/256 + + Note: The "unspecified address" (see section 2.4.2), the + loopback address (see section 2.4.3), and the IPv6 Addresses + with Embedded IPv4 Addresses (see section 2.4.4), are assigned + out of the 0000 0000 format prefix space. + + + This allocation supports the direct allocation of provider addresses, + local use addresses, and multicast addresses. Space is reserved for + NSAP addresses, IPX addresses, and geographic addresses. The + remainder of the address space is unassigned for future use. This + can be used for expansion of existing use (e.g., additional provider + addresses, etc.) or new uses (e.g., separate locators and + identifiers). Fifteen percent of the address space is initially + + + +Hinden & Deering Standards Track [Page 6] + +RFC 1884 IPv6 Addressing Architecture December 1995 + + + allocated. The remaining 85% is reserved for future use. + + Unicast addresses are distinguished from multicast addresses by the + value of the high-order octet of the addresses: a value of FF + (11111111) identifies an address as a multicast address; any other + value identifies an address as a unicast address. Anycast addresses + are taken from the unicast address space, and are not syntactically + distinguishable from unicast addresses. + + + 2.4 Unicast Addresses + + The IPv6 unicast address is contiguous bit-wise maskable, similar to + IPv4 addresses under Class-less Interdomain Routing [CIDR]. + + There are several forms of unicast address assignment in IPv6, + including the global provider based unicast address, the geographic + based unicast address, the NSAP address, the IPX hierarchical + address, the site-local-use address, the link-local-use address, and + the IPv4-capable host address. Additional address types can be + defined in the future. + + IPv6 nodes may have considerable or little knowledge of the internal + structure of the IPv6 address, depending on the role the node plays + (for instance, host versus router). At a minimum, a node may + consider that unicast addresses (including its own) have no internal + structure: + + | 128 bits | + +-----------------------------------------------------------------+ + | node address | + +-----------------------------------------------------------------+ + + + A slightly sophisticated host (but still rather simple) may + additionally be aware of subnet prefix(es) for the link(s) it is + attached to, where different addresses may have different values for + n: + + | n bits | 128-n bits | + +------------------------------------------------+----------------+ + | subnet prefix | interface ID | + +------------------------------------------------+----------------+ + + + Still more sophisticated hosts may be aware of other hierarchical + boundaries in the unicast address. Though a very simple router may + have no knowledge of the internal structure of IPv6 unicast + + + +Hinden & Deering Standards Track [Page 7] + +RFC 1884 IPv6 Addressing Architecture December 1995 + + + addresses, routers will more generally have knowledge of one or more + of the hierarchical boundaries for the operation of routing + protocols. The known boundaries will differ from router to router, + depending on what positions the router holds in the routing + hierarchy. + + + 2.4.1 Unicast Address Examples + + An example of a Unicast address format which will likely be common on + LANs and other environments where IEEE 802 MAC addresses are + available is: + + + | n bits | 80-n bits | 48 bits | + +--------------------------------+-----------+--------------------+ + | subscriber prefix | subnet ID | interface ID | + +--------------------------------+-----------+--------------------+ + + Where the 48-bit Interface ID is an IEEE-802 MAC address. The use of + IEEE 802 MAC addresses as a interface ID is expected to be very + common in environments where nodes have an IEEE 802 MAC address. In + other environments, where IEEE 802 MAC addresses are not available, + other types of link layer addresses can be used, such as E.164 + addresses, for the interface ID. + + The inclusion of a unique global interface identifier, such as an + IEEE MAC address, makes possible a very simple form of auto- + configuration of addresses. A node may discover a subnet ID by + listening to Router Advertisement messages sent by a router on its + attached link(s), and then fabricating an IPv6 address for itself by + using its IEEE MAC address as the interface ID on that subnet. + + Another unicast address format example is where a site or + organization requires additional layers of internal hierarchy. In + this example the subnet ID is divided into an area ID and a subnet + ID. Its format is: + + | s bits | n bits | m bits | 128-s-n-m bits | + +----------------------+---------+--------------+-----------------+ + | subscriber prefix | area ID | subnet ID | interface ID | + +----------------------+---------+--------------+-----------------+ + + This technique can be continued to allow a site or organization to + add additional layers of internal hierarchy. It may be desirable to + use an interface ID smaller than a 48-bit IEEE 802 MAC address to + allow more space for the additional layers of internal hierarchy. + These could be interface IDs which are administratively created by + + + +Hinden & Deering Standards Track [Page 8] + +RFC 1884 IPv6 Addressing Architecture December 1995 + + + the site or organization. + + + 2.4.2 The Unspecified Address + + The address 0:0:0:0:0:0:0:0 is called the unspecified address. It + must never be assigned to any node. It indicates the absence of an + address. One example of its use is in the Source Address field of + any IPv6 datagrams sent by an initializing host before it has learned + its own address. + + The unspecified address must not be used as the destination address + of IPv6 datagrams or in IPv6 Routing Headers. + + + 2.4.3 The Loopback Address + + The unicast address 0:0:0:0:0:0:0:1 is called the loopback address. + It may be used by a node to send an IPv6 datagram to itself. It may + never be assigned to any interface. + + The loopback address must not be used as the source address in IPv6 + datagrams that are sent outside of a single node. An IPv6 datagram + with a destination address of loopback must never be sent outside of + a single node. + + + 2.4.4 IPv6 Addresses with Embedded IPv4 Addresses + + The IPv6 transition mechanisms include a technique for hosts and + routers to dynamically tunnel IPv6 packets over IPv4 routing + infrastructure. IPv6 nodes that utilize this technique are assigned + special IPv6 unicast addresses that carry an IPv4 address in the + low-order 32-bits. This type of address is termed an "IPv4- + compatible IPv6 address" and has the format: + + + | 80 bits | 16 | 32 bits | + +--------------------------------------+--------------------------+ + |0000..............................0000|0000| IPv4 address | + +--------------------------------------+----+---------------------+ + + + A second type of IPv6 address which holds an embedded IPv4 address is + also defined. This address is used to represent the addresses of + IPv4-only nodes (those that *do not* support IPv6) as IPv6 addresses. + This type of address is termed an "IPv4-mapped IPv6 address" and has + the format: + + + +Hinden & Deering Standards Track [Page 9] + +RFC 1884 IPv6 Addressing Architecture December 1995 + + + + | 80 bits | 16 | 32 bits | + +--------------------------------------+--------------------------+ + |0000..............................0000|FFFF| IPv4 address | + +--------------------------------------+----+---------------------+ + + + + 2.4.5 NSAP Addresses + + This mapping of NSAP address into IPv6 addresses is as follows: + + + | 7 | 121 bits | + +-------+---------------------------------------------------------+ + |0000001| to be defined | + +-------+---------------------------------------------------------+ + + The draft definition, motivation, and usage are under study [NSAP]. + + + 2.4.6 IPX Addresses + + This mapping of IPX address into IPv6 addresses is as follows: + + + | 7 | 121 bits | + +-------+---------------------------------------------------------+ + |0000010| to be defined | + +-------+---------------------------------------------------------+ + + The draft definition, motivation, and usage are under study. + + + 2.4.7 Provider-Based Global Unicast Addresses + + The global provider-based unicast address is assigned as described in + [ALLOC]. This initial assignment plan for these unicast addresses is + similar to assignment of IPv4 addresses under the CIDR scheme [CIDR]. + The IPv6 global provider-based unicast address format is as follows: + + + | 3 | n bits | m bits | o bits | 125-n-m-o bits | + +---+-----------+-----------+-------------+--------------------+ + |010|registry ID|provider ID|subscriber ID| intra-subscriber | + +---+-----------+-----------+-------------+--------------------+ + + + + + +Hinden & Deering Standards Track [Page 10] + +RFC 1884 IPv6 Addressing Architecture December 1995 + + + The high-order part of the address is assigned to registries, who + then assign portions of the address space to providers, who then + assign portions of the address space to subscribers, etc. + + The registry ID identifies the registry which assigns the provider + portion of the address. The term "registry prefix" refers to the + high-order part of the address up to and including the registry ID. + + The provider ID identifies a specific provider which assigns the + subscriber portion of the address. The term "provider prefix" refers + to the high-order part of the address up to and including the + provider ID. + + The subscriber ID distinguishes among multiple subscribers attached + to the provider identified by the provider ID. The term "subscriber + prefix" refers to the high-order part of the address up to and + including the subscriber ID. + + The intra-subscriber portion of the address is defined by an + individual subscriber and is organized according to the subscribers + local internet topology. It is likely that many subscribers will + choose to divide the intra-subscriber portion of the address into a + subnet ID and an interface ID. In this case the subnet ID identifies + a specific physical link and the interface ID identifies a single + interface on that subnet. + + + 2.4.8 Local-use IPv6 Unicast Addresses + + There are two types of local-use unicast addresses defined. These + are Link-Local and Site-Local. The Link-Local is for use on a single + link and the Site-Local is for use in a single site. Link-Local + addresses have the following format: + + | 10 | + | bits | n bits | 118-n bits | + +----------+-------------------------+----------------------------+ + |1111111010| 0 | interface ID | + +----------+-------------------------+----------------------------+ + + Link-Local addresses are designed to be used for addressing on a + single link for purposes such as auto-address configuration, neighbor + discovery, or when no routers are present. + + Routers MUST not forward any packets with link-local source + addresses. + + + + + +Hinden & Deering Standards Track [Page 11] + +RFC 1884 IPv6 Addressing Architecture December 1995 + + + Site-Local addresses have the following format: + + | 10 | + | bits | n bits | m bits | 118-n-m bits | + +----------+---------+---------------+----------------------------+ + |1111111011| 0 | subnet ID | interface ID | + +----------+---------+---------------+----------------------------+ + + + Site-Local addresses may be used for sites or organizations that are + not (yet) connected to the global Internet. They do not need to + request or "steal" an address prefix from the global Internet address + space. IPv6 site-local addresses can be used instead. When the + organization connects to the global Internet, it can then form global + addresses by replacing the site-local prefix with a subscriber + prefix. + + Routers MUST not forward any packets with site-local source addresses + outside of the site. + + 2.5 Anycast Addresses + + An IPv6 anycast address is an address that is assigned to more than + one interface (typically belonging to different nodes), with the + property that a packet sent to an anycast address is routed to the + "nearest" interface having that address, according to the routing + protocols' measure of distance. + + Anycast addresses are allocated from the unicast address space, using + any of the defined unicast address formats. Thus, anycast addresses + are syntactically indistinguishable from unicast addresses. When a + unicast address is assigned to more than one interface, thus turning + it into an anycast address, the nodes to which the address is + assigned must be explicitly configured to know that it is an anycast + address. + + For any assigned anycast address, there is a longest address prefix P + that identifies the topological region in which all interfaces + belonging to that anycast address reside. Within the region + identified by P, each member of the anycast set must be advertised as + a separate entry in the routing system (commonly referred to as a + "host route"); outside the region identified by P, the anycast + address may be aggregated into the routing advertisement for prefix + P. + + Note that in, the worst case, the prefix P of an anycast set may be + the null prefix, i.e., the members of the set may have no topological + locality. In that case, the anycast address must be advertised as a + + + +Hinden & Deering Standards Track [Page 12] + +RFC 1884 IPv6 Addressing Architecture December 1995 + + + separate routing entry throughout the entire internet, which presents + a severe scaling limit on how many such "global" anycast sets may be + supported. Therefore, it is expected that support for global anycast + sets may be unavailable or very restricted. + + One expected use of anycast addresses is to identify the set of + routers belonging to an internet service provider. Such addresses + could be used as intermediate addresses in an IPv6 Routing header, to + cause a packet to be delivered via a particular provider or sequence + of providers. Some other possible uses are to identify the set of + routers attached to a particular subnet, or the set of routers + providing entry into a particular routing domain. + + There is little experience with widespread, arbitrary use of internet + anycast addresses, and some known complications and hazards when + using them in their full generality [ANYCST]. Until more experience + has been gained and solutions agreed upon for those problems, the + following restrictions are imposed on IPv6 anycast addresses: + + o An anycast address MUST NOT be used as the source address of an + IPv6 packet. + + o An anycast address MUST NOT be assigned to an IPv6 host, that + is, it may be assigned to an IPv6 router only. + + + 2.5.1 Required Anycast Address + + The Subnet-Router anycast address is predefined. It's format is as + follows: + + + | n bits | 128-n bits | + +------------------------------------------------+----------------+ + | subnet prefix | 00000000000000 | + +------------------------------------------------+----------------+ + + + The "subnet prefix" in an anycast address is the prefix which + identifies a specific link. This anycast address is syntactically + the same as a unicast address for an interface on the link with the + interface identifier set to zero. + + Packets sent to the Subnet-Router anycast address will be delivered + to one router on the subnet. All routers are required to support the + Subnet-Router anycast addresses for the subnets which they have + interfaces. + + + + +Hinden & Deering Standards Track [Page 13] + +RFC 1884 IPv6 Addressing Architecture December 1995 + + + The subnet-router anycast address is intended to be used for + applications where a node needs to communicate with one of a set of + routers on a remote subnet. For example when a mobile host needs to + communicate with one of the mobile agents on it's "home" subnet. + + + 2.6 Multicast Addresses + + An IPv6 multicast address is an identifier for a group of nodes. A + node may belong to any number of multicast groups. Multicast + addresses have the following format: + + | 8 | 4 | 4 | 112 bits | + +------ -+----+----+---------------------------------------------+ + |11111111|flgs|scop| group ID | + +--------+----+----+---------------------------------------------+ + + 11111111 at the start of the address identifies the address as + being a multicast address. + + +-+-+-+-+ + flgs is a set of 4 flags: |0|0|0|T| + +-+-+-+-+ + + The high-order 3 flags are reserved, and must be + initialized to 0. + + T = 0 indicates a permanently-assigned ("well-known") + multicast address, assigned by the global internet + numbering authority. + + T = 1 indicates a non-permanently-assigned ("transient") + multicast address. + + scop is a 4-bit multicast scope value used to limit the scope of + the multicast group. The values are: + + 0 reserved + 1 node-local scope + 2 link-local scope + 3 (unassigned) + 4 (unassigned) + 5 site-local scope + 6 (unassigned) + 7 (unassigned) + 8 organization-local scope + 9 (unassigned) + A (unassigned) + + + +Hinden & Deering Standards Track [Page 14] + +RFC 1884 IPv6 Addressing Architecture December 1995 + + + B (unassigned) + C (unassigned) + D (unassigned) + E global scope + F reserved + + group ID identifies the multicast group, either permanent or + transient, within the given scope. + + The "meaning" of a permanently-assigned multicast address is + independent of the scope value. For example, if the "NTP servers + group" is assigned a permanent multicast address with a group ID of + 43 (hex), then: + + FF01:0:0:0:0:0:0:43 means all NTP servers on the same node as + the sender. + + FF02:0:0:0:0:0:0:43 means all NTP servers on the same link as + the sender. + + FF05:0:0:0:0:0:0:43 means all NTP servers at the same site as + the sender. + + FF0E:0:0:0:0:0:0:43 means all NTP servers in the internet. + + Non-permanently-assigned multicast addresses are meaningful only + within a given scope. For example, a group identified by the non- + permanent, site-local multicast address FF15:0:0:0:0:0:0:43 at one + site bears no relationship to a group using the same address at a + different site, nor to a non-permanent group using the same group ID + with different scope, nor to a permanent group with the same group + ID. + + Multicast addresses must not be used as source addresses in IPv6 + datagrams or appear in any routing header. + + + 2.6.1 Pre-Defined Multicast Addresses + + The following well-known multicast addresses are pre-defined: + + Reserved Multicast Addresses: FF00:0:0:0:0:0:0:0 + FF01:0:0:0:0:0:0:0 + FF02:0:0:0:0:0:0:0 + FF03:0:0:0:0:0:0:0 + FF04:0:0:0:0:0:0:0 + FF05:0:0:0:0:0:0:0 + FF06:0:0:0:0:0:0:0 + + + +Hinden & Deering Standards Track [Page 15] + +RFC 1884 IPv6 Addressing Architecture December 1995 + + + FF07:0:0:0:0:0:0:0 + FF08:0:0:0:0:0:0:0 + FF09:0:0:0:0:0:0:0 + FF0A:0:0:0:0:0:0:0 + FF0B:0:0:0:0:0:0:0 + FF0C:0:0:0:0:0:0:0 + FF0D:0:0:0:0:0:0:0 + FF0E:0:0:0:0:0:0:0 + FF0F:0:0:0:0:0:0:0 + + The above multicast addresses are reserved and shall never be + assigned to any multicast group. + + All Nodes Addresses: FF01:0:0:0:0:0:0:1 + FF02:0:0:0:0:0:0:1 + + The above multicast addresses identify the group of all IPv6 nodes, + within scope 1 (node-local) or 2 (link-local). + + All Routers Addresses: FF01:0:0:0:0:0:0:2 + FF02:0:0:0:0:0:0:2 + + The above multicast addresses identify the group of all IPv6 routers, + within scope 1 (node-local) or 2 (link-local). + + DHCP Server/Relay-Agent: FF02:0:0:0:0:0:0:C + + The above multicast addresses identify the group of all IPv6 DHCP + Servers and Relay Agents within scope 2 (link-local). + + Solicited-Node Address: FF02:0:0:0:0:1:XXXX:XXXX + + The above multicast address is computed as a function of a node's + unicast and anycast addresses. The solicited-node multicast address + is formed by taking the low-order 32 bits of the address (unicast or + anycast) and appending those bits to the 96-bit prefix FF02:0:0:0:0:1 + resulting in a multicast address in the range + + FF02:0:0:0:0:1:0000:0000 + + to + + FF02:0:0:0:0:1:FFFF:FFFF + + For example, the solicited node multicast address corresponding to + the IPv6 address 4037::01:800:200E:8C6C is FF02::1:200E:8C6C. IPv6 + addresses that differ only in the high-order bits, e.g., due to + multiple high-order prefixes associated with different providers, + + + +Hinden & Deering Standards Track [Page 16] + +RFC 1884 IPv6 Addressing Architecture December 1995 + + + will map to the same solicited-node address thereby reducing the + number of multicast addresses a node must join. + + A node is required to compute and support a Solicited-Node multicast + addresses for every unicast and anycast address it is assigned. + + 2.7 A Node's Required Addresses + + A host is required to recognize the following addresses as + identifying itself: + + o Its Link-Local Address for each interface + o Assigned Unicast Addresses + o Loopback Address + o All-Nodes Multicast Address + o Solicited-Node Multicast Address for each of its assigned + unicast and anycast addresses + o Multicast Addresses of all other groups which the host belongs. + + A router is required to recognize the following addresses as + identifying itself: + + o Its Link-Local Address for each interface + o Assigned Unicast Addresses + o Loopback Address + o The Subnet-Router anycast addresses for the links it has + interfaces. + o All other Anycast addresses with which the router has been + configured. + o All-Nodes Multicast Address + o All-Router Multicast Address + o Solicited-Node Multicast Address for each of its assigned + unicast and anycast addresses + o Multicast Addresses of all other groups which the router + belongs. + + The only address prefixes which should be predefined in an + implementation are the: + + o Unspecified Address + o Loopback Address + o Multicast Prefix (FF) + o Local-Use Prefixes (Link-Local and Site-Local) + o Pre-Defined Multicast Addresses + o IPv4-Compatible Prefixes + + Implementations should assume all other addresses are unicast unless + specifically configured (e.g., anycast addresses). + + + +Hinden & Deering Standards Track [Page 17] + +RFC 1884 IPv6 Addressing Architecture December 1995 + + +REFERENCES + + [ALLOC] Rekhter, Y., and T. Li, "An Architecture for IPv6 Unicast + Address Allocation", RFC 1887, cisco Systems, December + 1995. + + [ANYCST] Partridge, C., Mendez, T., and W. Milliken, "Host + Anycasting Service", RFC 1546, BBN, November 1993. + + [CIDR] Fuller, V., Li, T., Varadhan, K., and J. Yu, "Supernetting: + an Address Assignment and Aggregation Strategy", RFC 1338, + BARRNet, cisco, Merit, OARnet, June 1992. + + [IPV6] Deering, S., and R. Hinden, Editors, "Internet Protocol, + Version 6 (IPv6) Specification", RFC 1883, Xerox PARC, + Ipsilon Networks, December 1995. + + [MULT] Deering, S., "Host Extensions for IP multicasting", STD 5, + RFC 1112, Stanford University, August 1989. + + [NSAP] Carpenter, B., Editor, "Mechanisms for OSIN SAPs, CLNP and + TP over IPv6", Work in Progress. + + + +SECURITY CONSIDERATIONS + + Security issues are not discussed in this document. + + +DOCUMENT EDITOR'S ADDRESSES + + Robert M. Hinden Stephen E. Deering + Ipsilon Networks, Inc. Xerox Palo Alto Research Center + 2191 E. Bayshore Road, Suite 100 3333 Coyote Hill Road + Palo Alto, CA 94303 Palo Alto, CA 94304 + USA USA + + Phone: +1 415 846 4604 Phone: +1 415 812 4839 + Fax: +1 415 855 1414 Fax: +1 415 812 4471 + EMail: hinden@ipsilon.com EMail: deering@parc.xerox.com + + + + + + + + + + +Hinden & Deering Standards Track [Page 18] + diff --git a/usr.sbin/named/doc/rfc/rfc1886 b/usr.sbin/named/doc/rfc/rfc1886 new file mode 100644 index 00000000000..9874fddb17a --- /dev/null +++ b/usr.sbin/named/doc/rfc/rfc1886 @@ -0,0 +1,268 @@ + + + + + + +Network Working Group S. Thomson +Request for Comments: 1886 Bellcore +Category: Standards Track C. Huitema + INRIA + December 1995 + + + DNS Extensions to support IP version 6 + + +Status of this Memo + + This document specifies an Internet standards track protocol for the + Internet community, and requests discussion and suggestions for + improvements. Please refer to the current edition of the "Internet + Official Protocol Standards" (STD 1) for the standardization state + and status of this protocol. Distribution of this memo is unlimited. + + +Abstract + + This document defines the changes that need to be made to the Domain + Name System to support hosts running IP version 6 (IPv6). The + changes include a new resource record type to store an IPv6 address, + a new domain to support lookups based on an IPv6 address, and updated + definitions of existing query types that return Internet addresses as + part of additional section processing. The extensions are designed + to be compatible with existing applications and, in particular, DNS + implementations themselves. + + + + + + + + + + + + + + + + + + + +Thompson & Huitema Standards Track [Page 1] + +RFC 1886 IPv6 DNS Extensions December 1995 + + +1. INTRODUCTION + + Current support for the storage of Internet addresses in the Domain + Name System (DNS)[1,2] cannot easily be extended to support IPv6 + addresses[3] since applications assume that address queries return + 32-bit IPv4 addresses only. + + To support the storage of IPv6 addresses we define the following + extensions: + + o A new resource record type is defined to map a domain name to an + IPv6 address. + + o A new domain is defined to support lookups based on address. + + o Existing queries that perform additional section processing to + locate IPv4 addresses are redefined to perform additional + section processing on both IPv4 and IPv6 addresses. + + The changes are designed to be compatible with existing software. The + existing support for IPv4 addresses is retained. Transition issues + related to the co-existence of both IPv4 and IPv6 addresses in DNS + are discussed in [4]. + + +2. NEW RESOURCE RECORD DEFINITION AND DOMAIN + + A new record type is defined to store a host's IPv6 address. A host + that has more than one IPv6 address must have more than one such + record. + + +2.1 AAAA record type + + The AAAA resource record type is a new record specific to the + Internet class that stores a single IPv6 address. + + The value of the type is 28 (decimal). + + +2.2 AAAA data format + + A 128 bit IPv6 address is encoded in the data portion of an AAAA + resource record in network byte order (high-order byte first). + + + + +Thompson & Huitema Standards Track [Page 2] + +RFC 1886 IPv6 DNS Extensions December 1995 + + +2.3 AAAA query + + An AAAA query for a specified domain name in the Internet class + returns all associated AAAA resource records in the answer section of + a response. + + A type AAAA query does not perform additional section processing. + + +2.4 Textual format of AAAA records + + The textual representation of the data portion of the AAAA resource + record used in a master database file is the textual representation + of a IPv6 address as defined in [3]. + + +2.5 IP6.INT Domain + + A special domain is defined to look up a record given an address. The + intent of this domain is to provide a way of mapping an IPv6 address + to a host name, although it may be used for other purposes as well. + The domain is rooted at IP6.INT. + + An IPv6 address is represented as a name in the IP6.INT domain by a + sequence of nibbles separated by dots with the suffix ".IP6.INT". The + sequence of nibbles is encoded in reverse order, i.e. the low-order + nibble is encoded first, followed by the next low-order nibble and so + on. Each nibble is represented by a hexadecimal digit. For example, + the inverse lookup domain name corresponding to the address + + 4321:0:1:2:3:4:567:89ab + + would be + +b.a.9.8.7.6.5.0.4.0.0.0.3.0.0.0.2.0.0.0.1.0.0.0.0.0.0.0.1.2.3.4.IP6.INT. + + + +3. MODIFICATIONS TO EXISTING QUERY TYPES + + All existing query types that perform type A additional section + processing, i.e. name server (NS), mail exchange (MX) and mailbox + (MB) query types, must be redefined to perform both type A and type + AAAA additional section processing. These new definitions mean that a + name server must add any relevant IPv4 addresses and any relevant + + + +Thompson & Huitema Standards Track [Page 3] + +RFC 1886 IPv6 DNS Extensions December 1995 + + + IPv6 addresses available locally to the additional section of a + response when processing any one of the above queries. + + +4. SECURITY CONSIDERATIONS + + Security issues are not discussed in this memo. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Thompson & Huitema Standards Track [Page 4] + +RFC 1886 IPv6 DNS Extensions December 1995 + + +5. REFERENCES + + + [1] Mockapetris, P., "Domain Names - Concepts and Facilities", STD + 13, RFC 1034, USC/Information Sciences Institute, November 1987. + + [2] Mockapetris, P., "Domain Names - Implementation and Specifica- + tion", STD 13, RFC 1035, USC/Information Sciences Institute, + November 1987. + + [3] Hinden, R., and S. Deering, Editors, "IP Version 6 Addressing + Architecture", RFC 1884, Ipsilon Networks, Xerox PARC, December + 1995. + + + [4] Gilligan, R., and E. Nordmark, "Transition Mechanisms for IPv6 + Hosts and Routers", Work in Progress. + + +Authors' Addresses + + Susan Thomson + Bellcore + MRE 2P343 + 445 South Street + Morristown, NJ 07960 + U.S.A. + + Phone: +1 201-829-4514 + EMail: set@thumper.bellcore.com + + + Christian Huitema + INRIA, Sophia-Antipolis + 2004 Route des Lucioles + BP 109 + F-06561 Valbonne Cedex + France + + Phone: +33 93 65 77 15 + EMail: Christian.Huitema@MIRSA.INRIA.FR + + + + + + + +Thompson & Huitema Standards Track [Page 5] + diff --git a/usr.sbin/named/doc/rfc/rfc1912 b/usr.sbin/named/doc/rfc/rfc1912 new file mode 100644 index 00000000000..8ace7d26748 --- /dev/null +++ b/usr.sbin/named/doc/rfc/rfc1912 @@ -0,0 +1,899 @@ + + + + + + +Network Working Group D. Barr +Request for Comments: 1912 The Pennsylvania State University +Obsoletes: 1537 February 1996 +Category: Informational + + + Common DNS Operational and Configuration Errors + +Status of this Memo + + This memo provides information for the Internet community. This memo + does not specify an Internet standard of any kind. Distribution of + this memo is unlimited. + +Abstract + + This memo describes errors often found in both the operation of + Domain Name System (DNS) servers, and in the data that these DNS + servers contain. This memo tries to summarize current Internet + requirements as well as common practice in the operation and + configuration of the DNS. This memo also tries to summarize or + expand upon issues raised in [RFC 1537]. + +1. Introduction + + Running a nameserver is not a trivial task. There are many things + that can go wrong, and many decisions have to be made about what data + to put in the DNS and how to set up servers. This memo attempts to + address many of the common mistakes and pitfalls that are made in DNS + data as well as in the operation of nameservers. Discussions are + also made regarding some other relevant issues such as server or + resolver bugs, and a few political issues with respect to the + operation of DNS on the Internet. + +2. DNS Data + + This section discusses problems people typically have with the DNS + data in their nameserver, as found in the zone data files that the + nameserver loads into memory. + +2.1 Inconsistent, Missing, or Bad Data + + Every Internet-reachable host should have a name. The consequences + of this are becoming more and more obvious. Many services available + on the Internet will not talk to you if you aren't correctly + registered in the DNS. + + + + + +Barr Informational [Page 1] + +RFC 1912 Common DNS Errors February 1996 + + + Make sure your PTR and A records match. For every IP address, there + should be a matching PTR record in the in-addr.arpa domain. If a + host is multi-homed, (more than one IP address) make sure that all IP + addresses have a corresponding PTR record (not just the first one). + Failure to have matching PTR and A records can cause loss of Internet + services similar to not being registered in the DNS at all. Also, + PTR records must point back to a valid A record, not a alias defined + by a CNAME. It is highly recommended that you use some software + which automates this checking, or generate your DNS data from a + database which automatically creates consistent data. + + DNS domain names consist of "labels" separated by single dots. The + DNS is very liberal in its rules for the allowable characters in a + domain name. However, if a domain name is used to name a host, it + should follow rules restricting host names. Further if a name is + used for mail, it must follow the naming rules for names in mail + addresses. + + Allowable characters in a label for a host name are only ASCII + letters, digits, and the `-' character. Labels may not be all + numbers, but may have a leading digit (e.g., 3com.com). Labels must + end and begin only with a letter or digit. See [RFC 1035] and [RFC + 1123]. (Labels were initially restricted in [RFC 1035] to start with + a letter, and some older hosts still reportedly have problems with + the relaxation in [RFC 1123].) Note there are some Internet + hostnames which violate this rule (411.org, 1776.com). The presence + of underscores in a label is allowed in [RFC 1033], except [RFC 1033] + is informational only and was not defining a standard. There is at + least one popular TCP/IP implementation which currently refuses to + talk to hosts named with underscores in them. It must be noted that + the language in [1035] is such that these rules are voluntary -- they + are there for those who wish to minimize problems. Note that the + rules for Internet host names also apply to hosts and addresses used + in SMTP (See RFC 821). + + If a domain name is to be used for mail (not involving SMTP), it must + follow the rules for mail in [RFC 822], which is actually more + liberal than the above rules. Labels for mail can be any ASCII + character except "specials", control characters, and whitespace + characters. "Specials" are specific symbols used in the parsing of + addresses. They are the characters "()<>@,;:\".[]". (The "!" + character wasn't in [RFC 822], however it also shouldn't be used due + to the conflict with UUCP mail as defined in RFC 976) However, since + today almost all names which are used for mail on the Internet are + also names used for hostnames, one rarely sees addresses using these + relaxed standard, but mail software should be made liberal and robust + enough to accept them. + + + + +Barr Informational [Page 2] + +RFC 1912 Common DNS Errors February 1996 + + + You should also be careful to not have addresses which are valid + alternate syntaxes to the inet_ntoa() library call. For example 0xe + is a valid name, but if you were to type "telnet 0xe", it would try + to connect to IP address 0.0.0.14. It is also rumored that there + exists some broken inet_ntoa() routines that treat an address like + x400 as an IP address. + + Certain operating systems have limitations on the length of their own + hostname. While not strictly of issue to the DNS, you should be + aware of your operating system's length limits before choosing the + name of a host. + + Remember that many resource records (abbreviated RR) take on more + than one argument. HINFO requires two arguments, as does RP. If you + don't supply enough arguments, servers sometime return garbage for + the missing fields. If you need to include whitespace within any + data, you must put the string in quotes. + +2.2 SOA records + + In the SOA record of every zone, remember to fill in the e-mail + address that will get to the person who maintains the DNS at your + site (commonly referred to as "hostmaster"). The `@' in the e-mail + must be replaced by a `.' first. Do not try to put an `@' sign in + this address. If the local part of the address already contains a + `.' (e.g., John.Smith@widget.xx), then you need to quote the `.' by + preceding it with `\' character. (e.g., to become + John\.Smith.widget.xx) Alternately (and preferred), you can just use + the generic name `hostmaster', and use a mail alias to redirect it to + the appropriate persons. There exists software which uses this field + to automatically generate the e-mail address for the zone contact. + This software will break if this field is improperly formatted. It + is imperative that this address get to one or more real persons, + because it is often used for everything from reporting bad DNS data + to reporting security incidents. + + Even though some BIND versions allow you to use a decimal in a serial + number, don't. A decimal serial number is converted to an unsigned + 32-bit integer internally anyway. The formula for a n.m serial + number is n*10^(3+int(0.9+log10(m))) + m which translates to + something rather unexpected. For example it's routinely possible + with a decimal serial number (perhaps automatically generated by + SCCS) to be incremented such that it is numerically larger, but after + the above conversion yield a serial number which is LOWER than + before. Decimal serial numbers have been officially deprecated in + recent BIND versions. The recommended syntax is YYYYMMDDnn + (YYYY=year, MM=month, DD=day, nn=revision number. This won't + overflow until the year 4294. + + + +Barr Informational [Page 3] + +RFC 1912 Common DNS Errors February 1996 + + + Choose logical values for the timer values in the SOA record (note + values below must be expressed as seconds in the zone data): + + Refresh: How often a secondary will poll the primary server to see + if the serial number for the zone has increased (so it knows + to request a new copy of the data for the zone). Set this to + how long your secondaries can comfortably contain out-of-date + data. You can keep it short (20 mins to 2 hours) if you + aren't worried about a small increase in bandwidth used, or + longer (2-12 hours) if your Internet connection is slow or is + started on demand. Recent BIND versions (4.9.3) have optional + code to automatically notify secondaries that data has + changed, allowing you to set this TTL to a long value (one + day, or more). + + Retry: If a secondary was unable to contact the primary at the + last refresh, wait the retry value before trying again. This + value isn't as important as others, unless the secondary is on + a distant network from the primary or the primary is more + prone to outages. It's typically some fraction of the refresh + interval. + + + Expire: How long a secondary will still treat its copy of the zone + data as valid if it can't contact the primary. This value + should be greater than how long a major outage would typically + last, and must be greater than the minimum and retry + intervals, to avoid having a secondary expire the data before + it gets a chance to get a new copy. After a zone is expired a + secondary will still continue to try to contact the primary, + but it will no longer provide nameservice for the zone. 2-4 + weeks are suggested values. + + Minimum: The default TTL (time-to-live) for resource records -- + how long data will remain in other nameservers' cache. ([RFC + 1035] defines this to be the minimum value, but servers seem + to always implement this as the default value) This is by far + the most important timer. Set this as large as is comfortable + given how often you update your nameserver. If you plan to + make major changes, it's a good idea to turn this value down + temporarily beforehand. Then wait the previous minimum value, + make your changes, verify their correctness, and turn this + value back up. 1-5 days are typical values. Remember this + value can be overridden on individual resource records. + + + + + + + +Barr Informational [Page 4] + +RFC 1912 Common DNS Errors February 1996 + + + As you can see, the typical values above for the timers vary widely. + Popular documentation like [RFC 1033] recommended a day for the + minimum TTL, which is now considered too low except for zones with + data that vary regularly. Once a DNS stabilizes, values on the order + of 3 or more days are recommended. It is also recommended that you + individually override the TTL on certain RRs which are often + referenced and don't often change to have very large values (1-2 + weeks). Good examples of this are the MX, A, and PTR records of your + mail host(s), the NS records of your zone, and the A records of your + nameservers. + +2.3 Glue A Records + + Glue records are A records that are associated with NS records to + provide "bootstrapping" information to the nameserver. For example: + + podunk.xx. in ns ns1.podunk.xx. + in ns ns2.podunk.xx. + ns1.podunk.xx. in a 1.2.3.4 + ns2.podunk.xx. in a 1.2.3.5 + + Here, the A records are referred to as "Glue records". + + Glue records are required only in forward zone files for nameservers + that are located in the subdomain of the current zone that is being + delegated. You shouldn't have any A records in an in-addr.arpa zone + file (unless you're using RFC 1101-style encoding of subnet masks). + + If your nameserver is multi-homed (has more than one IP address), you + must list all of its addresses in the glue to avoid cache + inconsistency due to differing TTL values, causing some lookups to + not find all addresses for your nameserver. + + Some people get in the bad habit of putting in a glue record whenever + they add an NS record "just to make sure". Having duplicate glue + records in your zone files just makes it harder when a nameserver + moves to a new IP address, or is removed. You'll spend hours trying + to figure out why random people still see the old IP address for some + host, because someone forgot to change or remove a glue record in + some other file. Newer BIND versions will ignore these extra glue + records in local zone files. + + Older BIND versions (4.8.3 and previous) have a problem where it + inserts these extra glue records in the zone transfer data to + secondaries. If one of these glues is wrong, the error can be + propagated to other nameservers. If two nameservers are secondaries + for other zones of each other, it's possible for one to continually + pass old glue records back to the other. The only way to get rid of + + + +Barr Informational [Page 5] + +RFC 1912 Common DNS Errors February 1996 + + + the old data is to kill both of them, remove the saved backup files, + and restart them. Combined with that those same versions also tend + to become infected more easily with bogus data found in other non- + secondary nameservers (like the root zone data). + +2.4 CNAME records + + A CNAME record is not allowed to coexist with any other data. In + other words, if suzy.podunk.xx is an alias for sue.podunk.xx, you + can't also have an MX record for suzy.podunk.edu, or an A record, or + even a TXT record. Especially do not try to combine CNAMEs and NS + records like this!: + + + podunk.xx. IN NS ns1 + IN NS ns2 + IN CNAME mary + mary IN A 1.2.3.4 + + + This is often attempted by inexperienced administrators as an obvious + way to allow your domain name to also be a host. However, DNS + servers like BIND will see the CNAME and refuse to add any other + resources for that name. Since no other records are allowed to + coexist with a CNAME, the NS entries are ignored. Therefore all the + hosts in the podunk.xx domain are ignored as well! + + If you want to have your domain also be a host, do the following: + + podunk.xx. IN NS ns1 + IN NS ns2 + IN A 1.2.3.4 + mary IN A 1.2.3.4 + + Don't go overboard with CNAMEs. Use them when renaming hosts, but + plan to get rid of them (and inform your users). However CNAMEs are + useful (and encouraged) for generalized names for servers -- `ftp' + for your ftp server, `www' for your Web server, `gopher' for your + Gopher server, `news' for your Usenet news server, etc. + + Don't forget to delete the CNAMEs associated with a host if you + delete the host it is an alias for. Such "stale CNAMEs" are a waste + of resources. + + + + + + + + +Barr Informational [Page 6] + +RFC 1912 Common DNS Errors February 1996 + + + Don't use CNAMEs in combination with RRs which point to other names + like MX, CNAME, PTR and NS. (PTR is an exception if you want to + implement classless in-addr delegation.) For example, this is + strongly discouraged: + + podunk.xx. IN MX mailhost + mailhost IN CNAME mary + mary IN A 1.2.3.4 + + + [RFC 1034] in section 3.6.2 says this should not be done, and [RFC + 974] explicitly states that MX records shall not point to an alias + defined by a CNAME. This results in unnecessary indirection in + accessing the data, and DNS resolvers and servers need to work more + to get the answer. If you really want to do this, you can accomplish + the same thing by using a preprocessor such as m4 on your host files. + + Also, having chained records such as CNAMEs pointing to CNAMEs may + make administration issues easier, but is known to tickle bugs in + some resolvers that fail to check loops correctly. As a result some + hosts may not be able to resolve such names. + + Having NS records pointing to a CNAME is bad and may conflict badly + with current BIND servers. In fact, current BIND implementations + will ignore such records, possibly leading to a lame delegation. + There is a certain amount of security checking done in BIND to + prevent spoofing DNS NS records. Also, older BIND servers reportedly + will get caught in an infinite query loop trying to figure out the + address for the aliased nameserver, causing a continuous stream of + DNS requests to be sent. + +2.5 MX records + + It is a good idea to give every host an MX record, even if it points + to itself! Some mailers will cache MX records, but will always need + to check for an MX before sending mail. If a site does not have an + MX, then every piece of mail may result in one more resolver query, + since the answer to the MX query often also contains the IP addresses + of the MX hosts. Internet SMTP mailers are required by [RFC 1123] to + support the MX mechanism. + + Put MX records even on hosts that aren't intended to send or receive + e-mail. If there is a security problem involving one of these hosts, + some people will mistakenly send mail to postmaster or root at the + site without checking first to see if it is a "real" host or just a + terminal or personal computer that's not set up to accept e-mail. If + you give it an MX record, then the e-mail can be redirected to a real + person. Otherwise mail can just sit in a queue for hours or days + + + +Barr Informational [Page 7] + +RFC 1912 Common DNS Errors February 1996 + + + until the mailer gives up trying to send it. + + Don't forget that whenever you add an MX record, you need to inform + the target mailer if it is to treat the first host as "local". (The + "Cw" flag in sendmail, for example) + + If you add an MX record which points to an external host (e.g., for + the purposes of backup mail routing) be sure to ask permission from + that site first. Otherwise that site could get rather upset and take + action (like throw your mail away, or appeal to higher authorities + like your parent DNS administrator or network provider.) + +2.6 Other Resource Records + +2.6.1 WKS + + WKS records are deprecated in [RFC 1123]. They serve no known useful + function, except internally among LISP machines. Don't use them. + +2.6.2 HINFO + + On the issue HINFO records, some will argue that these is a security + problem (by broadcasting what vendor hardware and operating system + you so people can run systematic attacks on known vendor security + holes). If you do use them, you should keep up to date with known + vendor security problems. However, they serve a useful purpose. + Don't forget that HINFO requires two arguments, the hardware type, + and the operating system. + + HINFO is sometimes abused to provide other information. The record + is meant to provide specific information about the machine itself. + If you need to express other information about the host in the DNS, + use TXT. + +2.6.3 TXT + + TXT records have no specific definition. You can put most anything + in them. Some use it for a generic description of the host, some put + specific information like its location, primary user, or maybe even a + phone number. + +2.6.4 RP + + RP records are relatively new. They are used to specify an e-mail + address (see first paragraph of section 2.2) of the "Responsible + Person" of the host, and the name of a TXT record where you can get + more information. See [RFC 1183]. + + + + +Barr Informational [Page 8] + +RFC 1912 Common DNS Errors February 1996 + + +2.7 Wildcard records + + Wildcard MXs are useful mostly for non IP-connected sites. A common + mistake is thinking that a wildcard MX for a zone will apply to all + hosts in the zone. A wildcard MX will apply only to names in the + zone which aren't listed in the DNS at all. e.g., + + podunk.xx. IN NS ns1 + IN NS ns2 + mary IN A 1.2.3.4 + *.podunk.xx. IN MX 5 sue + + Mail for mary.podunk.xx will be sent to itself for delivery. Only + mail for jane.podunk.xx or any hosts you don't see above will be sent + to the MX. For most Internet sites, wildcard MX records are not + useful. You need to put explicit MX records on every host. + + Wildcard MXs can be bad, because they make some operations succeed + when they should fail instead. Consider the case where someone in + the domain "widget.com" tries to send mail to "joe@larry". If the + host "larry" doesn't actually exist, the mail should in fact bounce + immediately. But because of domain searching the address gets + resolved to "larry.widget.com", and because of the wildcard MX this + is a valid address according to DNS. Or perhaps someone simply made + a typo in the hostname portion of the address. The mail message then + gets routed to the mail host, which then rejects the mail with + strange error messages like "I refuse to talk to myself" or "Local + configuration error". + + Wildcard MX records are good for when you have a large number of + hosts which are not directly Internet-connected (for example, behind + a firewall) and for administrative or political reasons it is too + difficult to have individual MX records for every host, or to force + all e-mail addresses to be "hidden" behind one or more domain names. + In that case, you must divide your DNS into two parts, an internal + DNS, and an external DNS. The external DNS will have only a few + hosts and explicit MX records, and one or more wildcard MXs for each + internal domain. Internally the DNS will be complete, with all + explicit MX records and no wildcards. + + Wildcard As and CNAMEs are possible too, and are really confusing to + users, and a potential nightmare if used without thinking first. It + could result (due again to domain searching) in any telnet/ftp + attempts from within the domain to unknown hosts to be directed to + one address. One such wildcard CNAME (in *.edu.com) caused + Internet-wide loss of services and potential security nightmares due + to unexpected interactions with domain searching. It resulted in + swift fixes, and even an RFC ([RFC 1535]) documenting the problem. + + + +Barr Informational [Page 9] + +RFC 1912 Common DNS Errors February 1996 + + +2.8 Authority and Delegation Errors (NS records) + + You are required to have at least two nameservers for every domain, + though more is preferred. Have secondaries outside your network. If + the secondary isn't under your control, periodically check up on them + and make sure they're getting current zone data from you. Queries to + their nameserver about your hosts should always result in an + "authoritative" response. If not, this is called a "lame + delegation". A lame delegations exists when a nameserver is + delegated responsibility for providing nameservice for a zone (via NS + records) but is not performing nameservice for that zone (usually + because it is not set up as a primary or secondary for the zone). + + The "classic" lame delegation can be illustrated in this example: + + podunk.xx. IN NS ns1.podunk.xx. + IN NS ns0.widget.com. + + "podunk.xx" is a new domain which has recently been created, and + "ns1.podunk.xx" has been set up to perform nameservice for the zone. + They haven't quite finished everything yet and haven't made sure that + the hostmaster at "ns0.widget.com" has set up to be a proper + secondary, and thus has no information about the podunk.xx domain, + even though the DNS says it is supposed to. Various things can + happen depending on which nameserver is used. At best, extra DNS + traffic will result from a lame delegation. At worst, you can get + unresolved hosts and bounced e-mail. + + Also, sometimes a nameserver is moved to another host or removed from + the list of secondaries. Unfortunately due to caching of NS records, + many sites will still think that a host is a secondary after that + host has stopped providing nameservice. In order to prevent lame + delegations while the cache is being aged, continue to provide + nameservice on the old nameserver for the length of the maximum of + the minimum plus refresh times for the zone and the parent zone. + (See section 2.2) + + Whenever a primary or secondary is removed or changed, it takes a + fair amount of human coordination among the parties involved. (The + site itself, it's parent, and the site hosting the secondary) When a + primary moves, make sure all secondaries have their named.boot files + updated and their servers reloaded. When a secondary moves, make + sure the address records at both the primary and parent level are + changed. + + It's also been reported that some distant sites like to pick popular + nameservers like "ns.uu.net" and just add it to their list of NS + records in hopes that they will magically perform additional + + + +Barr Informational [Page 10] + +RFC 1912 Common DNS Errors February 1996 + + + nameservice for them. This is an even worse form of lame delegation, + since this adds traffic to an already busy nameserver. Please + contact the hostmasters of sites which have lame delegations. + Various tools can be used to detect or actively find lame + delegations. See the list of contributed software in the BIND + distribution. + + Make sure your parent domain has the same NS records for your zone as + you do. (Don't forget your in-addr.arpa zones too!). Do not list + too many (7 is the recommended maximum), as this just makes things + harder to manage and is only really necessary for very popular top- + level or root zones. You also run the risk of overflowing the 512- + byte limit of a UDP packet in the response to an NS query. If this + happens, resolvers will "fall back" to using TCP requests, resulting + in increased load on your nameserver. + + It's important when picking geographic locations for secondary + nameservers to minimize latency as well as increase reliability. + Keep in mind network topologies. For example if your site is on the + other end of a slow local or international link, consider a secondary + on the other side of the link to decrease average latency. Contact + your Internet service provider or parent domain contact for more + information about secondaries which may be available to you. + +3. BIND operation + + This section discusses common problems people have in the actual + operation of the nameserver (specifically, BIND). Not only must the + data be correct as explained above, but the nameserver must be + operated correctly for the data to be made available. + +3.1 Serial numbers + + Each zone has a serial number associated with it. Its use is for + keeping track of who has the most current data. If and only if the + primary's serial number of the zone is greater will the secondary ask + the primary for a copy of the new zone data (see special case below). + + Don't forget to change the serial number when you change data! If + you don't, your secondaries will not transfer the new zone + information. Automating the incrementing of the serial number with + software is also a good idea. + + If you make a mistake and increment the serial number too high, and + you want to reset the serial number to a lower value, use the + following procedure: + + + + + +Barr Informational [Page 11] + +RFC 1912 Common DNS Errors February 1996 + + + Take the `incorrect' serial number and add 2147483647 to it. If + the number exceeds 4294967296, subtract 4294967296. Load the + resulting number. Then wait 2 refresh periods to allow the zone + to propagate to all servers. + + Repeat above until the resulting serial number is less than the + target serial number. + + Up the serial number to the target serial number. + + This procedure won't work if one of your secondaries is running an + old version of BIND (4.8.3 or earlier). In this case you'll have to + contact the hostmaster for that secondary and have them kill the + secondary servers, remove the saved backup file, and restart the + server. Be careful when editing the serial number -- DNS admins + don't like to kill and restart nameservers because you lose all that + cached data. + +3.2 Zone file style guide + + Here are some useful tips in structuring your zone files. Following + these will help you spot mistakes, and avoid making more. + + Be consistent with the style of entries in your DNS files. If your + $ORIGIN is podunk.xx., try not to write entries like: + + mary IN A 1.2.3.1 + sue.podunk.xx. IN A 1.2.3.2 + + or: + + bobbi IN A 1.2.3.2 + IN MX mary.podunk.xx. + + + Either use all FQDNs (Fully Qualified Domain Names) everywhere or + used unqualified names everywhere. Or have FQDNs all on the right- + hand side but unqualified names on the left. Above all, be + consistent. + + Use tabs between fields, and try to keep columns lined up. It makes + it easier to spot missing fields (note some fields such as "IN" are + inherited from the previous record and may be left out in certain + circumstances.) + + + + + + + +Barr Informational [Page 12] + +RFC 1912 Common DNS Errors February 1996 + + + Remember you don't need to repeat the name of the host when you are + defining multiple records for one host. Be sure also to keep all + records associated with a host together in the file. It will make + things more straightforward when it comes time to remove or rename a + host. + + Always remember your $ORIGIN. If you don't put a `.' at the end of + an FQDN, it's not recognized as an FQDN. If it is not an FQDN, then + the nameserver will append $ORIGIN to the name. Double check, triple + check, those trailing dots, especially in in-addr.arpa zone files, + where they are needed the most. + + Be careful with the syntax of the SOA and WKS records (the records + which use parentheses). BIND is not very flexible in how it parses + these records. See the documentation for BIND. + +3.3 Verifying data + + Verify the data you just entered or changed by querying the resolver + with dig (or your favorite DNS tool, many are included in the BIND + distribution) after a change. A few seconds spent double checking + can save hours of trouble, lost mail, and general headaches. Also be + sure to check syslog output when you reload the nameserver. If you + have grievous errors in your DNS data or boot file, named will report + it via syslog. + + It is also highly recommended that you automate this checking, either + with software which runs sanity checks on the data files before they + are loaded into the nameserver, or with software which checks the + data already loaded in the nameserver. Some contributed software to + do this is included in the BIND distribution. + +4. Miscellaneous Topics + +4.1 Boot file setup + + Certain zones should always be present in nameserver configurations: + + primary localhost localhost + primary 0.0.127.in-addr.arpa 127.0 + primary 255.in-addr.arpa 255 + primary 0.in-addr.arpa 0 + + These are set up to either provide nameservice for "special" + addresses, or to help eliminate accidental queries for broadcast or + local address to be sent off to the root nameservers. All of these + files will contain NS and SOA records just like the other zone files + you maintain, the exception being that you can probably make the SOA + + + +Barr Informational [Page 13] + +RFC 1912 Common DNS Errors February 1996 + + + timers very long, since this data will never change. + + The "localhost" address is a "special" address which always refers to + the local host. It should contain the following line: + + localhost. IN A 127.0.0.1 + + The "127.0" file should contain the line: + + 1 PTR localhost. + + There has been some extensive discussion about whether or not to + append the local domain to it. The conclusion is that "localhost." + would be the best solution. The reasons given include: + + "localhost" by itself is used and expected to work in some + systems. + + Translating 127.0.0.1 into "localhost.dom.ain" can cause some + software to connect back to the loopback interface when it didn't + want to because "localhost" is not equal to "localhost.dom.ain". + + The "255" and "0" files should not contain any additional data beyond + the NS and SOA records. + + Note that future BIND versions may include all or some of this data + automatically without additional configuration. + +4.2 Other Resolver and Server bugs + + Very old versions of the DNS resolver have a bug that cause queries + for names that look like IP addresses to go out, because the user + supplied an IP address and the software didn't realize that it didn't + need to be resolved. This has been fixed but occasionally it still + pops up. It's important because this bug means that these queries + will be sent directly to the root nameservers, adding to an already + heavy DNS load. + + While running a secondary nameserver off another secondary nameserver + is possible, it is not recommended unless necessary due to network + topologies. There are known cases where it has led to problems like + bogus TTL values. While this may be caused by older or flawed DNS + implementations, you should not chain secondaries off of one another + since this builds up additional reliability dependencies as well as + adds additional delays in updates of new zone data. + + + + + + +Barr Informational [Page 14] + +RFC 1912 Common DNS Errors February 1996 + + +4.3 Server issues + + DNS operates primarily via UDP (User Datagram Protocol) messages. + Some UNIX operating systems, in an effort to save CPU cycles, run + with UDP checksums turned off. The relative merits of this have long + been debated. However, with the increase in CPU speeds, the + performance considerations become less and less important. It is + strongly encouraged that you turn on UDP checksumming to avoid + corrupted data not only with DNS but with other services that use UDP + (like NFS). Check with your operating system documentation to verify + that UDP checksumming is enabled. + +References + + [RFC 974] Partridge, C., "Mail routing and the domain system", STD + 14, RFC 974, CSNET CIC BBN Laboratories Inc, January 1986. + + [RFC 1033] Lottor, M, "Domain Administrators Operations Guide", RFC + 1033, USC/Information Sciences Institute, November 1987. + + [RFC 1034] Mockapetris, P., "Domain Names - Concepts and Facilities", + STD 13, RFC 1034, USC/Information Sciences Institute, + November 1987. + + [RFC 1035] Mockapetris, P., "Domain Names - Implementation and + Specification", STD 13, RFC 1035, USC/Information Sciences + Institute, November 1987. + + [RFC 1123] Braden, R., "Requirements for Internet Hosts -- + Application and Support", STD 3, RFC 1123, IETF, October + 1989. + + [RFC 1178] Libes, D., "Choosing a Name for Your Computer", FYI 5, RFC + 1178, Integrated Systems Group/NIST, August 1990. + + [RFC 1183] Ullman, R., Mockapetris, P., Mamakos, L, and C. Everhart, + "New DNS RR Definitions", RFC 1183, October 1990. + + [RFC 1535] Gavron, E., "A Security Problem and Proposed Correction + With Widely Deployed DNS Software", RFC 1535, ACES + Research Inc., October 1993. + + [RFC 1536] Kumar, A., Postel, J., Neuman, C., Danzig, P., and S. + Miller, "Common DNS Implementation Errors and Suggested + Fixes", RFC 1536, USC/Information Sciences Institute, USC, + October 1993. + + + + + +Barr Informational [Page 15] + +RFC 1912 Common DNS Errors February 1996 + + + [RFC 1537] Beertema, P., "Common DNS Data File Configuration Errors", + RFC 1537, CWI, October 1993. + + [RFC 1713] A. Romao, "Tools for DNS debugging", RFC 1713, FCCN, + November 1994. + + [BOG] Vixie, P, et. al., "Name Server Operations Guide for BIND", + Vixie Enterprises, July 1994. + +5. Security Considerations + + Security issues are not discussed in this memo. + +6. Author's Address + + David Barr + The Pennsylvania State University + Department of Mathematics + 334 Whitmore Building + University Park, PA 16802 + + Voice: +1 814 863 7374 + Fax: +1 814 863-8311 + EMail: barr@math.psu.edu + + + + + + + + + + + + + + + + + + + + + + + + + + + +Barr Informational [Page 16] + diff --git a/usr.sbin/named/doc/rfc/rfc1995 b/usr.sbin/named/doc/rfc/rfc1995 new file mode 100644 index 00000000000..b50bdc60487 --- /dev/null +++ b/usr.sbin/named/doc/rfc/rfc1995 @@ -0,0 +1,451 @@ + + + + + + +Network Working Group M. Ohta +Request for Comments: 1995 Tokyo Institute of Technology +Updates: 1035 August 1996 +Category: Standards Track + + + Incremental Zone Transfer in DNS + +Status of this Memo + + This document specifies an Internet standards track protocol for the + Internet community, and requests discussion and suggestions for + improvements. Please refer to the current edition of the "Internet + Official Protocol Standards" (STD 1) for the standardization state + and status of this protocol. Distribution of this memo is unlimited. + +Abstract + + This document proposes extensions to the DNS protocols to provide an + incremental zone transfer (IXFR) mechanism. + +1. Introduction + + For rapid propagation of changes to a DNS database [STD13], it is + necessary to reduce latency by actively notifying servers of the + change. This is accomplished by the NOTIFY extension of the DNS + [NOTIFY]. + + The current full zone transfer mechanism (AXFR) is not an efficient + means to propagate changes to a small part of a zone, as it transfers + the entire zone file. + + Incremental transfer (IXFR) as proposed is a more efficient + mechanism, as it transfers only the changed portion(s) of a zone. + + In this document, a secondary name server which requests IXFR is + called an IXFR client and a primary or secondary name server which + responds to the request is called an IXFR server. + +2. Brief Description of the Protocol + + If an IXFR client, which likely has an older version of a zone, + thinks it needs new information about the zone (typically through SOA + refresh timeout or the NOTIFY mechanism), it sends an IXFR message + containing the SOA serial number of its, presumably outdated, copy of + the zone. + + + + + +Ohta Standards Track [Page 1] + +RFC 1995 Incremental Zone Transfer in DNS August 1996 + + + An IXFR server should keep record of the newest version of the zone + and the differences between that copy and several older versions. + When an IXFR request with an older version number is received, the + IXFR server needs to send only the differences required to make that + version current. Alternatively, the server may choose to transfer + the entire zone just as in a normal full zone transfer. + + When a zone has been updated, it should be saved in stable storage + before the new version is used to respond to IXFR (or AXFR) queries. + Otherwise, if the server crashes, data which is no longer available + may have been distributed to secondary servers, which can cause + persistent database inconsistencies. + + If an IXFR query with the same or newer version number than that of + the server is received, it is replied to with a single SOA record of + the server's current version, just as in AXFR. + + Transport of a query may be by either UDP or TCP. If an IXFR query + is via UDP, the IXFR server may attempt to reply using UDP if the + entire response can be contained in a single DNS packet. If the UDP + reply does not fit, the query is responded to with a single SOA + record of the server's current version to inform the client that a + TCP query should be initiated. + + Thus, a client should first make an IXFR query using UDP. If the + query type is not recognized by the server, an AXFR (preceded by a + UDP SOA query) should be tried, ensuring backward compatibility. If + the query response is a single packet with the entire new zone, or if + the server does not have a newer version than the client, everything + is done. Otherwise, a TCP IXFR query should be tried. + + To ensure integrity, servers should use UDP checksums for all UDP + responses. A cautious client which receives a UDP packet with a + checksum value of zero should ignore the result and try a TCP IXFR + instead. + + The query type value of IXFR assigned by IANA is 251. + +3. Query Format + + The IXFR query packet format is the same as that of a normal DNS + query, but with the query type being IXFR and the authority section + containing the SOA record of client's version of the zone. + + + + + + + + +Ohta Standards Track [Page 2] + +RFC 1995 Incremental Zone Transfer in DNS August 1996 + + +4. Response Format + + If incremental zone transfer is not available, the entire zone is + returned. The first and the last RR of the response is the SOA + record of the zone. I.e. the behavior is the same as an AXFR + response except the query type is IXFR. + + If incremental zone transfer is available, one or more difference + sequences is returned. The list of difference sequences is preceded + and followed by a copy of the server's current version of the SOA. + + Each difference sequence represents one update to the zone (one SOA + serial change) consisting of deleted RRs and added RRs. The first RR + of the deleted RRs is the older SOA RR and the first RR of the added + RRs is the newer SOA RR. + + Modification of an RR is performed first by removing the original RR + and then adding the modified one. + + The sequences of differential information are ordered oldest first + newest last. Thus, the differential sequences are the history of + changes made since the version known by the IXFR client up to the + server's current version. + + RRs in the incremental transfer messages may be partial. That is, if + a single RR of multiple RRs of the same RR type changes, only the + changed RR is transferred. + + An IXFR client, should only replace an older version with a newer + version after all the differences have been successfully processed. + + An incremental response is different from that of a non-incremental + response in that it begins with two SOA RRs, the server's current SOA + followed by the SOA of the client's version which is about to be + replaced. + + 5. Purging Strategy + + An IXFR server can not be required to hold all previous versions + forever and may delete them anytime. In general, there is a trade-off + between the size of storage space and the possibility of using IXFR. + + Information about older versions should be purged if the total length + of an IXFR response would be longer than that of an AXFR response. + Given that the purpose of IXFR is to reduce AXFR overhead, this + strategy is quite reasonable. The strategy assures that the amount + of storage required is at most twice that of the current zone + information. + + + +Ohta Standards Track [Page 3] + +RFC 1995 Incremental Zone Transfer in DNS August 1996 + + + Information older than the SOA expire period may also be purged. + +6. Optional Condensation of Multiple Versions + + An IXFR server may optionally condense multiple difference sequences + into a single difference sequence, thus, dropping information on + intermediate versions. + + This may be beneficial if a lot of versions, not all of which are + useful, are generated. For example, if multiple ftp servers share a + single DNS name and the IP address associated with the name is + changed once a minute to balance load between the ftp servers, it is + not so important to keep track of all the history of changes. + + But, this feature may not be so useful if an IXFR client has access + to two IXFR servers: A and B, with inconsistent condensation results. + The current version of the IXFR client, received from server A, may + be unknown to server B. In such a case, server B can not provide + incremental data from the unknown version and a full zone transfer is + necessary. + + Condensation is completely optional. Clients can't detect from the + response whether the server has condensed the reply or not. + + For interoperability, IXFR servers, including those without the + condensation feature, should not flag an error even if it receives a + client's IXFR request with a unknown version number and should, + instead, attempt to perform a full zone transfer. + +7. Example + + Given the following three generations of data with the current serial + number of 3, + + JAIN.AD.JP. IN SOA NS.JAIN.AD.JP. mohta.jain.ad.jp. ( + 1 600 600 3600000 604800) + IN NS NS.JAIN.AD.JP. + NS.JAIN.AD.JP. IN A 133.69.136.1 + NEZU.JAIN.AD.JP. IN A 133.69.136.5 + + NEZU.JAIN.AD.JP. is removed and JAIN-BB.JAIN.AD.JP. is added. + + jain.ad.jp. IN SOA ns.jain.ad.jp. mohta.jain.ad.jp. ( + 2 600 600 3600000 604800) + IN NS NS.JAIN.AD.JP. + NS.JAIN.AD.JP. IN A 133.69.136.1 + JAIN-BB.JAIN.AD.JP. IN A 133.69.136.4 + IN A 192.41.197.2 + + + +Ohta Standards Track [Page 4] + +RFC 1995 Incremental Zone Transfer in DNS August 1996 + + + One of the IP addresses of JAIN-BB.JAIN.AD.JP. is changed. + + JAIN.AD.JP. IN SOA ns.jain.ad.jp. mohta.jain.ad.jp. ( + 3 600 600 3600000 604800) + IN NS NS.JAIN.AD.JP. + NS.JAIN.AD.JP. IN A 133.69.136.1 + JAIN-BB.JAIN.AD.JP. IN A 133.69.136.3 + IN A 192.41.197.2 + + The following IXFR query + + +---------------------------------------------------+ + Header | OPCODE=SQUERY | + +---------------------------------------------------+ + Question | QNAME=JAIN.AD.JP., QCLASS=IN, QTYPE=IXFR | + +---------------------------------------------------+ + Answer | <empty> | + +---------------------------------------------------+ + Authority | JAIN.AD.JP. IN SOA serial=1 | + +---------------------------------------------------+ + Additional | <empty> | + +---------------------------------------------------+ + + could be replied to with the following full zone transfer message: + + +---------------------------------------------------+ + Header | OPCODE=SQUERY, RESPONSE | + +---------------------------------------------------+ + Question | QNAME=JAIN.AD.JP., QCLASS=IN, QTYPE=IXFR | + +---------------------------------------------------+ + Answer | JAIN.AD.JP. IN SOA serial=3 | + | JAIN.AD.JP. IN NS NS.JAIN.AD.JP. | + | NS.JAIN.AD.JP. IN A 133.69.136.1 | + | JAIN-BB.JAIN.AD.JP. IN A 133.69.136.3 | + | JAIN-BB.JAIN.AD.JP. IN A 192.41.197.2 | + | JAIN.AD.JP. IN SOA serial=3 | + +---------------------------------------------------+ + Authority | <empty> | + +---------------------------------------------------+ + Additional | <empty> | + +---------------------------------------------------+ + + + + + + + + + + +Ohta Standards Track [Page 5] + +RFC 1995 Incremental Zone Transfer in DNS August 1996 + + + or with the following incremental message: + + +---------------------------------------------------+ + Header | OPCODE=SQUERY, RESPONSE | + +---------------------------------------------------+ + Question | QNAME=JAIN.AD.JP., QCLASS=IN, QTYPE=IXFR | + +---------------------------------------------------+ + Answer | JAIN.AD.JP. IN SOA serial=3 | + | JAIN.AD.JP. IN SOA serial=1 | + | NEZU.JAIN.AD.JP. IN A 133.69.136.5 | + | JAIN.AD.JP. IN SOA serial=2 | + | JAIN-BB.JAIN.AD.JP. IN A 133.69.136.4 | + | JAIN-BB.JAIN.AD.JP. IN A 192.41.197.2 | + | JAIN.AD.JP. IN SOA serial=2 | + | JAIN-BB.JAIN.AD.JP. IN A 133.69.136.4 | + | JAIN.AD.JP. IN SOA serial=3 | + | JAIN-BB.JAIN.AD.JP. IN A 133.69.136.3 | + | JAIN.AD.JP. IN SOA serial=3 | + +---------------------------------------------------+ + Authority | <empty> | + +---------------------------------------------------+ + Additional | <empty> | + +---------------------------------------------------+ + + or with the following condensed incremental message: + + +---------------------------------------------------+ + Header | OPCODE=SQUERY, RESPONSE | + +---------------------------------------------------+ + Question | QNAME=JAIN.AD.JP., QCLASS=IN, QTYPE=IXFR | + +---------------------------------------------------+ + Answer | JAIN.AD.JP. IN SOA serial=3 | + | JAIN.AD.JP. IN SOA serial=1 | + | NEZU.JAIN.AD.JP. IN A 133.69.136.5 | + | JAIN.AD.JP. IN SOA serial=3 | + | JAIN-BB.JAIN.AD.JP. IN A 133.69.136.3 | + | JAIN-BB.JAIN.AD.JP. IN A 192.41.197.2 | + | JAIN.AD.JP. IN SOA serial=3 | + +---------------------------------------------------+ + Authority | <empty> | + +---------------------------------------------------+ + Additional | <empty> | + +---------------------------------------------------+ + + + + + + + + +Ohta Standards Track [Page 6] + +RFC 1995 Incremental Zone Transfer in DNS August 1996 + + + or, if UDP packet overflow occurs, with the following message: + + +---------------------------------------------------+ + Header | OPCODE=SQUERY, RESPONSE | + +---------------------------------------------------+ + Question | QNAME=JAIN.AD.JP., QCLASS=IN, QTYPE=IXFR | + +---------------------------------------------------+ + Answer | JAIN.AD.JP. IN SOA serial=3 | + +---------------------------------------------------+ + Authority | <empty> | + +---------------------------------------------------+ + Additional | <empty> | + +---------------------------------------------------+ + +8. Acknowledgements + + The original idea of IXFR was conceived by Anant Kumar, Steve Hotz + and Jon Postel. + + For the refinement of the protocol and documentation, many people + have contributed including, but not limited to, Anant Kumar, Robert + Austein, Paul Vixie, Randy Bush, Mark Andrews, Robert Elz and the + members of the IETF DNSIND working group. + +9. References + + [NOTIFY] Vixie, P., "DNS NOTIFY: A Mechanism for Prompt + Notification of Zone Changes", RFC 1996, August 1996. + + [STD13] Mockapetris, P., "Domain Name System", STD 13, RFC 1034 and + RFC 1035), November 1987. + +10. Security Considerations + + Though DNS is related to several security problems, no attempt is + made to fix them in this document. + + This document is believed to introduce no additional security + problems to the current DNS protocol. + + + + + + + + + + + + +Ohta Standards Track [Page 7] + +RFC 1995 Incremental Zone Transfer in DNS August 1996 + + +11. Author's Address + + Masataka Ohta + Computer Center + Tokyo Institute of Technology + 2-12-1, O-okayama, Meguro-ku, Tokyo 152, JAPAN + + Phone: +81-3-5734-3299 + Fax: +81-3-5734-3415 + EMail: mohta@necom830.hpcl.titech.ac.jp + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Ohta Standards Track [Page 8] + diff --git a/usr.sbin/named/doc/rfc/rfc1996 b/usr.sbin/named/doc/rfc/rfc1996 new file mode 100644 index 00000000000..b08f2007972 --- /dev/null +++ b/usr.sbin/named/doc/rfc/rfc1996 @@ -0,0 +1,395 @@ + + + + + + +Network Working Group P. Vixie +Request for Comments: 1996 ISC +Updates: 1035 August 1996 +Category: Standards Track + + + A Mechanism for Prompt Notification of Zone Changes (DNS NOTIFY) + +Status of this Memo + + This document specifies an Internet standards track protocol for the + Internet community, and requests discussion and suggestions for + improvements. Please refer to the current edition of the "Internet + Official Protocol Standards" (STD 1) for the standardization state + and status of this protocol. Distribution of this memo is unlimited. + +Abstract + + This memo describes the NOTIFY opcode for DNS, by which a master + server advises a set of slave servers that the master's data has been + changed and that a query should be initiated to discover the new + data. + +1. Rationale and Scope + + 1.1. Slow propagation of new and changed data in a DNS zone can be + due to a zone's relatively long refresh times. Longer refresh times + are beneficial in that they reduce load on the master servers, but + that benefit comes at the cost of long intervals of incoherence among + authority servers whenever the zone is updated. + + 1.2. The DNS NOTIFY transaction allows master servers to inform slave + servers when the zone has changed -- an interrupt as opposed to poll + model -- which it is hoped will reduce propagation delay while not + unduly increasing the masters' load. This specification only allows + slaves to be notified of SOA RR changes, but the architechture of + NOTIFY is intended to be extensible to other RR types. + + 1.3. This document intentionally gives more definition to the roles + of "Master," "Slave" and "Stealth" servers, their enumeration in NS + RRs, and the SOA MNAME field. In that sense, this document can be + considered an addendum to [RFC1035]. + + + + + + + + + +Vixie Standards Track [Page 1] + +RFC 1996 DNS NOTIFY August 1996 + + +2. Definitions and Invariants + + 2.1. The following definitions are used in this document: + + Slave an authoritative server which uses zone transfer to + retrieve the zone. All slave servers are named in + the NS RRs for the zone. + + Master any authoritative server configured to be the source + of zone transfer for one or more slave servers. + + Primary Master master server at the root of the zone transfer + dependency graph. The primary master is named in the + zone's SOA MNAME field and optionally by an NS RR. + There is by definition only one primary master server + per zone. + + Stealth like a slave server except not listed in an NS RR for + the zone. A stealth server, unless explicitly + configured to do otherwise, will set the AA bit in + responses and be capable of acting as a master. A + stealth server will only be known by other servers if + they are given static configuration data indicating + its existence. + + Notify Set set of servers to be notified of changes to some + zone. Default is all servers named in the NS RRset, + except for any server also named in the SOA MNAME. + Some implementations will permit the name server + administrator to override this set or add elements to + it (such as, for example, stealth servers). + + 2.2. The zone's servers must be organized into a dependency graph + such that there is a primary master, and all other servers must use + AXFR or IXFR either from the primary master or from some slave which + is also a master. No loops are permitted in the AXFR dependency + graph. + +3. NOTIFY Message + + 3.1. When a master has updated one or more RRs in which slave servers + may be interested, the master may send the changed RR's name, class, + type, and optionally, new RDATA(s), to each known slave server using + a best efforts protocol based on the NOTIFY opcode. + + 3.2. NOTIFY uses the DNS Message Format, although it uses only a + subset of the available fields. Fields not otherwise described + herein are to be filled with binary zero (0), and implementations + + + +Vixie Standards Track [Page 2] + +RFC 1996 DNS NOTIFY August 1996 + + + must ignore all messages for which this is not the case. + + 3.3. NOTIFY is similar to QUERY in that it has a request message with + the header QR flag "clear" and a response message with QR "set". The + response message contains no useful information, but its reception by + the master is an indication that the slave has received the NOTIFY + and that the master can remove the slave from any retry queue for + this NOTIFY event. + + 3.4. The transport protocol used for a NOTIFY transaction will be UDP + unless the master has reason to believe that TCP is necessary; for + example, if a firewall has been installed between master and slave, + and only TCP has been allowed; or, if the changed RR is too large to + fit in a UDP/DNS datagram. + + 3.5. If TCP is used, both master and slave must continue to offer + name service during the transaction, even when the TCP transaction is + not making progress. The NOTIFY request is sent once, and a + "timeout" is said to have occurred if no NOTIFY response is received + within a reasonable interval. + + 3.6. If UDP is used, a master periodically sends a NOTIFY request to + a slave until either too many copies have been sent (a "timeout"), an + ICMP message indicating that the port is unreachable, or until a + NOTIFY response is received from the slave with a matching query ID, + QNAME, IP source address, and UDP source port number. + + Note: + The interval between transmissions, and the total number of + retransmissions, should be operational parameters specifiable by + the name server administrator, perhaps on a per-zone basis. + Reasonable defaults are a 60 second interval (or timeout if + using TCP), and a maximum of 5 retransmissions (for UDP). It is + considered reasonable to use additive or exponential backoff for + the retry interval. + + 3.7. A NOTIFY request has QDCOUNT>0, ANCOUNT>=0, AUCOUNT>=0, + ADCOUNT>=0. If ANCOUNT>0, then the answer section represents an + unsecure hint at the new RRset for this <QNAME,QCLASS,QTYPE>. A + slave receiving such a hint is free to treat equivilence of this + answer section with its local data as a "no further work needs to be + done" indication. If ANCOUNT=0, or ANCOUNT>0 and the answer section + differs from the slave's local data, then the slave should query its + known masters to retrieve the new data. + + 3.8. In no case shall the answer section of a NOTIFY request be used + to update a slave's local data, or to indicate that a zone transfer + needs to be undertaken, or to change the slave's zone refresh timers. + + + +Vixie Standards Track [Page 3] + +RFC 1996 DNS NOTIFY August 1996 + + + Only a "data present; data same" condition can lead a slave to act + differently if ANCOUNT>0 than it would if ANCOUNT=0. + + 3.9. This version of the NOTIFY specification makes no use of the + authority or additional data sections, and so conforming + implementations should set AUCOUNT=0 and ADCOUNT=0 when transmitting + requests. Since a future revision of this specification may define a + backwards compatible use for either or both of these sections, + current implementations must ignore these sections, but not the + entire message, if AUCOUNT>0 and/or ADCOUNT>0. + + 3.10. If a slave receives a NOTIFY request from a host that is not a + known master for the zone containing the QNAME, it should ignore the + request and produce an error message in its operations log. + + Note: + This implies that slaves of a multihomed master must either know + their master by the "closest" of the master's interface + addresses, or must know all of the master's interface addresses. + Otherwise, a valid NOTIFY request might come from an address + that is not on the slave's state list of masters for the zone, + which would be an error. + + 3.11. The only defined NOTIFY event at this time is that the SOA RR + has changed. Upon completion of a NOTIFY transaction for QTYPE=SOA, + the slave should behave as though the zone given in the QNAME had + reached its REFRESH interval (see [RFC1035]), i.e., it should query + its masters for the SOA of the zone given in the NOTIFY QNAME, and + check the answer to see if the SOA SERIAL has been incremented since + the last time the zone was fetched. If so, a zone transfer (either + AXFR or IXFR) should be initiated. + + Note: + Because a deep server dependency graph may have multiple paths + from the primary master to any given slave, it is possible that + a slave will receive a NOTIFY from one of its known masters even + though the rest of its known masters have not yet updated their + copies of the zone. Therefore, when issuing a QUERY for the + zone's SOA, the query should be directed at the known master who + was the source of the NOTIFY event, and not at any of the other + known masters. This represents a departure from [RFC1035], + which specifies that upon expiry of the SOA REFRESH interval, + all known masters should be queried in turn. + + 3.12. If a NOTIFY request is received by a slave who does not + implement the NOTIFY opcode, it will respond with a NOTIMP + (unimplemented feature error) message. A master server who receives + such a NOTIMP should consider the NOTIFY transaction complete for + + + +Vixie Standards Track [Page 4] + +RFC 1996 DNS NOTIFY August 1996 + + + that slave. + +4. Details and Examples + + 4.1. Retaining query state information across host reboots is + optional, but it is reasonable to simply execute an SOA NOTIFY + transaction on each authority zone when a server first starts. + + 4.2. Each slave is likely to receive several copies of the same + NOTIFY request: One from the primary master, and one from each other + slave as that slave transfers the new zone and notifies its potential + peers. The NOTIFY protocol supports this multiplicity by requiring + that NOTIFY be sent by a slave/master only AFTER it has updated the + SOA RR or has determined that no update is necessary, which in + practice means after a successful zone transfer. Thus, barring + delivery reordering, the last NOTIFY any slave receives will be the + one indicating the latest change. Since a slave always requests SOAs + and AXFR/IXFRs only from its known masters, it will have an + opportunity to retry its QUERY for the SOA after each of its masters + have completed each zone update. + + 4.3. If a master server seeks to avoid causing a large number of + simultaneous outbound zone transfers, it may delay for an arbitrary + length of time before sending a NOTIFY message to any given slave. + It is expected that the time will be chosen at random, so that each + slave will begin its transfer at a unique time. The delay shall not + in any case be longer than the SOA REFRESH time. + + Note: + This delay should be a parameter that each primary master name + server can specify, perhaps on a per-zone basis. Random delays + of between 30 and 60 seconds would seem adequate if the servers + share a LAN and the zones are of moderate size. + + 4.4. A slave which receives a valid NOTIFY should defer action on any + subsequent NOTIFY with the same <QNAME,QCLASS,QTYPE> until it has + completed the transaction begun by the first NOTIFY. This duplicate + rejection is necessary to avoid having multiple notifications lead to + pummeling the master server. + + + + + + + + + + + + +Vixie Standards Track [Page 5] + +RFC 1996 DNS NOTIFY August 1996 + + + 4.5 Zone has Updated on Primary Master + + Primary master sends a NOTIFY request to all servers named in Notify + Set. The NOTIFY request has the following characteristics: + + query ID: (new) + op: NOTIFY (4) + resp: NOERROR + flags: AA + qcount: 1 + qname: (zone name) + qclass: (zone class) + qtype: T_SOA + + 4.6 Zone has Updated on a Slave that is also a Master + + As above in 4.5, except that this server's Notify Set may be + different from the Primary Master's due to optional static + specification of local stealth servers. + + 4.7 Slave Receives a NOTIFY Request from a Master + + When a slave server receives a NOTIFY request from one of its locally + designated masters for the zone enclosing the given QNAME, with + QTYPE=SOA and QR=0, it should enter the state it would if the zone's + refresh timer had expired. It will also send a NOTIFY response back + to the NOTIFY request's source, with the following characteristics: + + query ID: (same) + op: NOTIFY (4) + resp: NOERROR + flags: QR AA + qcount: 1 + qname: (zone name) + qclass: (zone class) + qtype: T_SOA + + This is intended to be identical to the NOTIFY request, except that + the QR bit is also set. The query ID of the response must be the + same as was received in the request. + + 4.8 Master Receives a NOTIFY Response from Slave + + When a master server receives a NOTIFY response, it deletes this + query from the retry queue, thus completing the "notification + process" of "this" RRset change to "that" server. + + + + + +Vixie Standards Track [Page 6] + +RFC 1996 DNS NOTIFY August 1996 + + +5. Security Considerations + + We believe that the NOTIFY operation's only security considerations + are: + + 1. That a NOTIFY request with a forged IP/UDP source address can + cause a slave to send spurious SOA queries to its masters, + leading to a benign denial of service attack if the forged + requests are sent very often. + + 2. That TCP spoofing could be used against a slave server given + NOTIFY as a means of synchronizing an SOA query and UDP/DNS + spoofing as a means of forcing a zone transfer. + +6. References + + [RFC1035] + Mockapetris, P., "Domain Names - Implementation and + Specification", STD 13, RFC 1035, November 1987. + + [IXFR] + Ohta, M., "Incremental Zone Transfer", RFC 1995, August 1996. + +7. Author's Address + + Paul Vixie + Internet Software Consortium + Star Route Box 159A + Woodside, CA 94062 + + Phone: +1 415 747 0204 + EMail: paul@vix.com + + + + + + + + + + + + + + + + + + + +Vixie Standards Track [Page 7] + diff --git a/usr.sbin/named/doc/rfc/rfc2010 b/usr.sbin/named/doc/rfc/rfc2010 new file mode 100644 index 00000000000..7e43bfce1d4 --- /dev/null +++ b/usr.sbin/named/doc/rfc/rfc2010 @@ -0,0 +1,395 @@ + + + + + + +Network Working Group B. Manning +Request for Comments: 2010 ISI +Category: Informational P. Vixie + ISC + October 1996 + + + Operational Criteria for Root Name Servers + +Status of this Memo + + This memo provides information for the Internet community. This memo + does not specify an Internet standard of any kind. Distribution of + this memo is unlimited. + +Abstract + + This document specifies the operational requirements of root name + servers, including host hardware capacities, name server software + revisions, network connectivity, and physical environment. + +1 - Rationale and Scope + + 1.1. Historically, the name servers responsible for the root (".") + zone have also been responsible for all international top-level + domains (iTLD's, for example: COM, EDU, INT, ARPA). These name + servers have been operated by a cadre of highly capable volunteers, + and their administration has been loosely coordinated by the NIC + (first SRI-NIC and now InterNIC). Ultimate responsibility for the + correct operation of these servers and for the content of the DNS + zones they served has always rested with the IANA. + + 1.2. As described in [Postel96], many new TLD's may be created + shortly. Servers for all new and existing iTLD's will be subject to + the operational requirements given in [Postel96]. The set of servers + for the root (".") zone is likely to become disjoint from the set of + servers for any TLD or group of TLD's, including those maintained by + the InterNIC. + + + + + + + + + + + + + +Manning & Vixie Informational [Page 1] + +RFC 2010 DNSSVR Criteria October 1996 + + + 1.3. In spite of the similarities in operational requirements between + the servers for the iTLD's and the servers for the root (".") zone, + they are in fact different server sets with different administrators + and slightly different operational requirements. It is likely that + many contry code tld servers will have even more divergent + operational requirements. That said, the requirements set down in + this document could be successfully applied to any name server + (whether root, top level, or any other level), but may be more + draconian than necessary for servers other than those of the root + (".") zone. + + Disclaimer: The selection of name server locations and + administrators, and the procedures for addressing + noncompliance with these stated operational + requirements, are outside the scope of this document. + + Definition: For the purpose of this document, the term "zone master" + shall be used to designate the administrative owner of + the content of a zone. This person is expected to have + final responsibility for the selection and correct + operation of all of the zone's servers. For the root + (".") zone, this is the IANA. + +2 - Operational Requirements + + 2.1. Name server software. The zone master shall initially and + periodically choose a name server package to run on all of the zone's + servers. It is expected that the BIND server will be used, at least + initially, and that new versions or other servers will be specified + from time to time. + + Rationale: This requirement is based on the wide and free + availability of BIND's source code, and the active + analysis and development it constantly receives from + several members of the IETF. + + Name server software upgrades will be specified and scheduled by the + zone master, and must occur on all of a zone's servers within a + specified 96 hour window. + + Rationale: In some cases it has proven necessary to "cold start" a + zone's servers in order to clear out oscillating bad + data. By forcing all software upgrades to happen at + about the same time, it will be possible to coordinate + a software change with a zone content change. + + + + + + +Manning & Vixie Informational [Page 2] + +RFC 2010 DNSSVR Criteria October 1996 + + + 2.2. UDP checksums. UDP checksums must be generated when sending + datagrams, and verified when receiving them. + + Rationale: Some vendors turn off UDP checksums for performance + reasons, citing the presence of MAC-level frame checks + (CRC, for example) as "strong enough." This has been + a disaster in actual practice. + + 2.3. Dedicated host. A name server host should have no other + function, and no login accounts other than for system or network + administrators. No other network protocols should be served by a + name server host (e.g., SMTP, NNTP, FTP, et al). If login is + permitted from other than the system console, then the login service + must be by encrypted channel (e.g., Kerberized and encrypted + rlogin/telnet, the secure shell (SSH), or an equivilent). + + Rationale: Each additional service performed by a host makes it + less reliable and potentially less secure, as well as + complicating fault isolation procedures. While name + service does not consume very much in the way of system + resources, it is thought best that a host do a few + things well rather than many things poorly. + + 2.4. Clock synchronization. A name server host should synchronize + its clock using the NTP protocol (currnet version) with + authentication. At least two NTP servers should be used. As an + exception to section 2.3 above, a name server host can be an NTP + server as well. + + Rationale: For distributed fault isolation reasons, synchronized + time stamps in system event logs are quite helpful. + NTP is easily spoofed by UDP blast attacks, thus the + requirement for authentication between the name server + host and its NTP servers. A name server host is + allowed to be an NTP server because it has been + observed that a single host running both name service + and stratum 1 NTP is still quite reliable and secure. + + 2.5. Network interfaces. Name servers must send UDP responses with + an IP source address (and UDP source port number) equal to the IP + destination address (and UDP destination port number) of the request. + Also, a name server might have multiple real interfaces, but only one + will be advertised in the zone's NS RRset and associated glue A RRs. + The advertised address should be that of the "best" interface on the + host, in terms of network performance and reliability to the largest + number of destinations. + + + + + +Manning & Vixie Informational [Page 3] + +RFC 2010 DNSSVR Criteria October 1996 + + + Rationale: While not required by [RFC1035], many extant DNS + implementations require the source address and port of + a reply to match the destination address and port to + which the request was sent. The number of advertised + addresses is limited to one (1) so that DNS delegation + responses containing this name server can be as short + as possible. + + 2.6. Physical environment. A name server host must be located in a + secure space such as a locked computer room or a data center with + restricted access. The power supply should be redundant, using + batteries, generators or some other means to protect against utility + power failures. Network connectivity should be redundant, so that a + single wide area line failure cannot completely isolate the name + server host from the rest of the network. + + 2.7. Network security. The system and network administrators should + educate themselves about potential threats, and stay current on CERT + bulletins regarding network breakins. The system staff should + periodically audit the name server host's activity logs and be able + to detect breakins during or after the fact. + + 2.8. Host performance. As of the time of this writing, a name server + must be able to answer 1,200 UDP transactions per second with less + than 5 milliseconds of average latency. Because the network is still + growing at a high rate, the ability to grow to 2,000 transactions per + second and still support a 5 millisecond latency is highly desirable. + Note that this requirement affects both the host and the network + infrastructure to which that host is attached. + + 2.9. Response time. The administrators responsible for a name server + will respond to e-mail trouble reports within 24 hours. Personnel + issues such as vacations and illness will cause responsibilities to + be delegated and/or reassigned rather than ignored. After hours + telephone numbers must be made available to the zone master for + nonpublished use in emergencies. An escalation contact name, e-mail + address, and telephone number will also be made available to the zone + master in the event of nonresponse through the normal channel. + + 2.10. Zone transfer access control. The name server shall be + configured so that outbound zone transfers are permitted only to + destinations on the server's local networks, and to whichever + networks the zone master designates for remote debugging purposes. + + + + + + + + +Manning & Vixie Informational [Page 4] + +RFC 2010 DNSSVR Criteria October 1996 + + + Rationale: Zone transfers can present a significant load on a name + server, especially if several transfers are started + simultaneously against the same server. There is no + operational reason to allow anyone outside the name + server's and zone's administrators to transfer the + entire zone. + + 2.11. Zone transfer protocol. DNS AXFR shall be used in preference + to FTP or any other non-DNS transfer protocol. DNS NOTIFY (see + [NOTIFY]) and DNS IXFR (see [IXFR]) shall be supported and enabled + when available. + + Rationale: Historically, the common implementations of DNS + (a.k.a., BIND) did not support zone transfer of the + root (".") zone due to programming errors. Thus, FTP + was used. In the future, DNS implementations which do + not support zone transfer of all zones will not be + considered suitable for use as root name servers. The + benefits of [IXFR] and [NOTIFY] should be obvious. + + 2.12. Recursion shall be disabled for queries. + + Rationale: Recursion is a major source of cache pollution, and can + be a major drain on name server performance. An + organization's recursive DNS needs should be served by + some other host than its root name server(s). An + exception is made for missing glue since it's possible + that glue needed for some delegations will not be + within or beneath any zone for which the server is + authoritative. Such glue must be fetched via + recursive lookups to other servers. + + 2.13. Outages shall be reported. All outages, scheduled or not, + shall be reported to the zone master via e-mail. If an outage is + unscheduled or if an outage is scheduled less than 24 hours in + advance, then an additional notification of the zone master shall be + made via telephone. Extended or repeated outages may beget special + handling by the zone master. + + 2.14. Inverse name lookups. The PTR RR associated with a server's + primary interface address (that is, the address shown in in the + zone's delegation) shall have its target specified by the zone + master. + + + + + + + + +Manning & Vixie Informational [Page 5] + +RFC 2010 DNSSVR Criteria October 1996 + + + Rationale: Since each organization has local control of their + network's PTR RRs, and since it is necessary for the + correct operation of some software that the forward and + reverse lookups have symmetrical results, it is left + up to the zone master to select the name for each + authority server's primary address. + +3 - Possible Selection Criteria + + 3.1. Host population. A server's location on the network should be + such that it has a low IP hop count to a high number of end hosts. + Duplication of service should be avoided, such that any given set of + end hosts needs to have a low IP hop count to at most one authority + server for any given zone. + + 3.2. Infrastructure diversity. A server's location on the network + should be such that most failures capable of isolating it from a + large number of end hosts are diverse from the failures capable of + similarly isolating other authority servers for the same zone(s). + +4 - Security Considerations + + See section 2.7. + +5 - References + + [RFC1035] + Mockapetris, P., "Domain Names - Implementation and Specification", + STD 13, RFC 1035, USC/Information Sciences Institute, November + 1987. + + [Postel96] + Postel, J., "New Registries and the Delegation of International Top + Level Domains", Work in Progress. + + [IXFR] + Ohta, M., "Incremental Zone Transfer", RFC 1995, August 1996. + + [NOTIFY] + Vixie, P., "A Mechanism for Prompt Notification of Zone Changes", + RFC 1996, August 1996. + +6 - Acknowledgements + + Constructive comments have been received from: Jon Postel, Michael + Patton, Andrew Partan, Michael Dillon, Don Mitchell Steven Doyle, + Owen DeLong and other members of the internet community. + + + + +Manning & Vixie Informational [Page 6] + +RFC 2010 DNSSVR Criteria October 1996 + + +7 - Authors' Addresses + + Bill Manning + USC/ISI + 4676 Admiralty Way + Marina del Rey, CA 90292 + + Phone: +1 310 822 1511 + EMail: bmanning@isi.edu + + + Paul Vixie + Internet Software Consortium + Star Route Box 159A + Woodside, CA 94062 + + Phone: +1 415 747 0204 + EMail: paul@vix.com + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Manning & Vixie Informational [Page 7] + diff --git a/usr.sbin/named/doc/rfc/rfc2052 b/usr.sbin/named/doc/rfc/rfc2052 new file mode 100644 index 00000000000..9fbccb627e3 --- /dev/null +++ b/usr.sbin/named/doc/rfc/rfc2052 @@ -0,0 +1,563 @@ + + + + + + +Network Working Group A. Gulbrandsen +Request for Comments: 2052 Troll Technologies +Updates: 1035, 1183 P. Vixie +Category: Experimental Vixie Enterprises + October 1996 + + + A DNS RR for specifying the location of services (DNS SRV) + +Status of this Memo + + This memo defines an Experimental Protocol for the Internet + community. This memo does not specify an Internet standard of any + kind. Discussion and suggestions for improvement are requested. + Distribution of this memo is unlimited. + +Abstract + + This document describes a DNS RR which specifies the location of the + server(s) for a specific protocol and domain (like a more general + form of MX). + +Overview and rationale + + Currently, one must either know the exact address of a server to + contact it, or broadcast a question. This has led to, for example, + ftp.whatever.com aliases, the SMTP-specific MX RR, and using MAC- + level broadcasts to locate servers. + + The SRV RR allows administrators to use several servers for a single + domain, to move services from host to host with little fuss, and to + designate some hosts as primary servers for a service and others as + backups. + + Clients ask for a specific service/protocol for a specific domain + (the word domain is used here in the strict RFC 1034 sense), and get + back the names of any available servers. + +Introductory example + + When a SRV-cognizant web-browser wants to retrieve + + http://www.asdf.com/ + + it does a lookup of + + http.tcp.www.asdf.com + + + + +Gulbrandsen & Vixie Experimental [Page 1] + +RFC 2052 DNS SRV RR October 1996 + + + and retrieves the document from one of the servers in the reply. The + example zone file near the end of the memo contains answering RRs for + this query. + +The format of the SRV RR + + Here is the format of the SRV RR, whose DNS type code is 33: + + Service.Proto.Name TTL Class SRV Priority Weight Port Target + + (There is an example near the end of this document.) + + Service + The symbolic name of the desired service, as defined in Assigned + Numbers or locally. + + Some widely used services, notably POP, don't have a single + universal name. If Assigned Numbers names the service + indicated, that name is the only name which is legal for SRV + lookups. Only locally defined services may be named locally. + The Service is case insensitive. + + Proto + TCP and UDP are at present the most useful values + for this field, though any name defined by Assigned Numbers or + locally may be used (as for Service). The Proto is case + insensitive. + + Name + The domain this RR refers to. The SRV RR is unique in that the + name one searches for is not this name; the example near the end + shows this clearly. + + TTL + Standard DNS meaning. + + Class + Standard DNS meaning. + + Priority + As for MX, the priority of this target host. A client MUST + attempt to contact the target host with the lowest-numbered + priority it can reach; target hosts with the same priority + SHOULD be tried in pseudorandom order. The range is 0-65535. + + + + + + + +Gulbrandsen & Vixie Experimental [Page 2] + +RFC 2052 DNS SRV RR October 1996 + + + Weight + Load balancing mechanism. When selecting a target host among + the those that have the same priority, the chance of trying this + one first SHOULD be proportional to its weight. The range of + this number is 1-65535. Domain administrators are urged to use + Weight 0 when there isn't any load balancing to do, to make the + RR easier to read for humans (less noisy). + + Port + The port on this target host of this service. The range is + 0-65535. This is often as specified in Assigned Numbers but + need not be. + + Target + As for MX, the domain name of the target host. There MUST be + one or more A records for this name. Implementors are urged, but + not required, to return the A record(s) in the Additional Data + section. Name compression is to be used for this field. + + A Target of "." means that the service is decidedly not + available at this domain. + +Domain administrator advice + + Asking everyone to update their telnet (for example) clients when the + first internet site adds a SRV RR for Telnet/TCP is futile (even if + desirable). Therefore SRV will have to coexist with A record lookups + for a long time, and DNS administrators should try to provide A + records to support old clients: + + - Where the services for a single domain are spread over several + hosts, it seems advisable to have a list of A RRs at the same + DNS node as the SRV RR, listing reasonable (if perhaps + suboptimal) fallback hosts for Telnet, NNTP and other protocols + likely to be used with this name. Note that some programs only + try the first address they get back from e.g. gethostbyname(), + and we don't know how widespread this behaviour is. + + - Where one service is provided by several hosts, one can either + provide A records for all the hosts (in which case the round- + robin mechanism, where available, will share the load equally) + or just for one (presumably the fastest). + + - If a host is intended to provide a service only when the main + server(s) is/are down, it probably shouldn't be listed in A + records. + + + + + +Gulbrandsen & Vixie Experimental [Page 3] + +RFC 2052 DNS SRV RR October 1996 + + + - Hosts that are referenced by backup A records must use the port + number specified in Assigned Numbers for the service. + + Currently there's a practical limit of 512 bytes for DNS replies. + Until all resolvers can handle larger responses, domain + administrators are strongly advised to keep their SRV replies below + 512 bytes. + + All round numbers, wrote Dr. Johnson, are false, and these numbers + are very round: A reply packet has a 30-byte overhead plus the name + of the service ("telnet.tcp.asdf.com" for instance); each SRV RR adds + 20 bytes plus the name of the target host; each NS RR in the NS + section is 15 bytes plus the name of the name server host; and + finally each A RR in the additional data section is 20 bytes or so, + and there are A's for each SRV and NS RR mentioned in the answer. + This size estimate is extremely crude, but shouldn't underestimate + the actual answer size by much. If an answer may be close to the + limit, using e.g. "dig" to look at the actual answer is a good idea. + +The "Weight" field + + Weight, the load balancing field, is not quite satisfactory, but the + actual load on typical servers changes much too quickly to be kept + around in DNS caches. It seems to the authors that offering + administrators a way to say "this machine is three times as fast as + that one" is the best that can practically be done. + + The only way the authors can see of getting a "better" load figure is + asking a separate server when the client selects a server and + contacts it. For short-lived services like SMTP an extra step in the + connection establishment seems too expensive, and for long-lived + services like telnet, the load figure may well be thrown off a minute + after the connection is established when someone else starts or + finishes a heavy job. + +The Port number + + Currently, the translation from service name to port number happens + at the client, often using a file such as /etc/services. + + Moving this information to the DNS makes it less necessary to update + these files on every single computer of the net every time a new + service is added, and makes it possible to move standard services out + of the "root-only" port range on unix. + + + + + + + +Gulbrandsen & Vixie Experimental [Page 4] + +RFC 2052 DNS SRV RR October 1996 + + +Usage rules + + A SRV-cognizant client SHOULD use this procedure to locate a list of + servers and connect to the preferred one: + + Do a lookup for QNAME=service.protocol.target, QCLASS=IN, + QTYPE=SRV. + + If the reply is NOERROR, ANCOUNT>0 and there is at least one SRV + RR which specifies the requested Service and Protocol in the + reply: + + If there is precisely one SRV RR, and its Target is "." + (the root domain), abort. + + Else, for all such RR's, build a list of (Priority, Weight, + Target) tuples + + Sort the list by priority (lowest number first) + + Create a new empty list + + For each distinct priority level + While there are still elements left at this priority + level + Select an element randomly, with probability + Weight, and move it to the tail of the new list + + For each element in the new list + + query the DNS for A RR's for the Target or use any + RR's found in the Additional Data secion of the + earlier SRV query. + + for each A RR found, try to connect to the (protocol, + address, service). + + else if the service desired is SMTP + + skip to RFC 974 (MX). + + else + + Do a lookup for QNAME=target, QCLASS=IN, QTYPE=A + + for each A RR found, try to connect to the (protocol, + address, service) + + + + +Gulbrandsen & Vixie Experimental [Page 5] + +RFC 2052 DNS SRV RR October 1996 + + + Notes: + + - Port numbers SHOULD NOT be used in place of the symbolic service + or protocol names (for the same reason why variant names cannot + be allowed: Applications would have to do two or more lookups). + + - If a truncated response comes back from an SRV query, and the + Additional Data section has at least one complete RR in it, the + answer MUST be considered complete and the client resolver + SHOULD NOT retry the query using TCP, but use normal UDP queries + for A RR's missing from the Additional Data section. + + - A client MAY use means other than Weight to choose among target + hosts with equal Priority. + + - A client MUST parse all of the RR's in the reply. + + - If the Additional Data section doesn't contain A RR's for all + the SRV RR's and the client may want to connect to the target + host(s) involved, the client MUST look up the A RR(s). (This + happens quite often when the A RR has shorter TTL than the SRV + or NS RR's.) + + - A future standard could specify that a SRV RR whose Protocol was + TCP and whose Service was SMTP would override RFC 974's rules + with regard to the use of an MX RR. This would allow firewalled + organizations with several SMTP relays to control the load + distribution using the Weight field. + + - Future protocols could be designed to use SRV RR lookups as the + means by which clients locate their servers. + +Fictional example + + This is (part of) the zone file for asdf.com, a still-unused domain: + + $ORIGIN asdf.com. + @ SOA server.asdf.com. root.asdf.com. ( + 1995032001 3600 3600 604800 86400 ) + NS server.asdf.com. + NS ns1.ip-provider.net. + NS ns2.ip-provider.net. + ftp.tcp SRV 0 0 21 server.asdf.com. + finger.tcp SRV 0 0 79 server.asdf.com. + ; telnet - use old-slow-box or new-fast-box if either is + ; available, make three quarters of the logins go to + ; new-fast-box. + telnet.tcp SRV 0 1 23 old-slow-box.asdf.com. + + + +Gulbrandsen & Vixie Experimental [Page 6] + +RFC 2052 DNS SRV RR October 1996 + + + SRV 0 3 23 new-fast-box.asdf.com. + ; if neither old-slow-box or new-fast-box is up, switch to + ; using the sysdmin's box and the server + SRV 1 0 23 sysadmins-box.asdf.com. + SRV 1 0 23 server.asdf.com. + ; HTTP - server is the main server, new-fast-box is the backup + ; (On new-fast-box, the HTTP daemon runs on port 8000) + http.tcp SRV 0 0 80 server.asdf.com. + SRV 10 0 8000 new-fast-box.asdf.com. + ; since we want to support both http://asdf.com/ and + ; http://www.asdf.com/ we need the next two RRs as well + http.tcp.www SRV 0 0 80 server.asdf.com. + SRV 10 0 8000 new-fast-box.asdf.com. + ; SMTP - mail goes to the server, and to the IP provider if + ; the net is down + smtp.tcp SRV 0 0 25 server.asdf.com. + SRV 1 0 25 mailhost.ip-provider.net. + @ MX 0 server.asdf.com. + MX 1 mailhost.ip-provider.net. + ; NNTP - use the IP providers's NNTP server + nntp.tcp SRV 0 0 119 nntphost.ip-provider.net. + ; IDB is an locally defined protocol + idb.tcp SRV 0 0 2025 new-fast-box.asdf.com. + ; addresses + server A 172.30.79.10 + old-slow-box A 172.30.79.11 + sysadmins-box A 172.30.79.12 + new-fast-box A 172.30.79.13 + ; backup A records - new-fast-box and old-slow-box are + ; included, naturally, and server is too, but might go + ; if the load got too bad + @ A 172.30.79.10 + A 172.30.79.11 + A 172.30.79.13 + ; backup A RR for www.asdf.com + www A 172.30.79.10 + ; NO other services are supported + *.tcp SRV 0 0 0 . + *.udp SRV 0 0 0 . + + In this example, a telnet connection to "asdf.com." needs an SRV + lookup of "telnet.tcp.asdf.com." and possibly A lookups of "new- + fast-box.asdf.com." and/or the other hosts named. The size of the + SRV reply is approximately 365 bytes: + + 30 bytes general overhead + 20 bytes for the query string, "telnet.tcp.asdf.com." + 130 bytes for 4 SRV RR's, 20 bytes each plus the lengths of "new- + + + +Gulbrandsen & Vixie Experimental [Page 7] + +RFC 2052 DNS SRV RR October 1996 + + + fast-box", "old-slow-box", "server" and "sysadmins-box" - + "asdf.com" in the query section is quoted here and doesn't + need to be counted again. + 75 bytes for 3 NS RRs, 15 bytes each plus the lengths of + "server", "ns1.ip-provider.net." and "ns2" - again, "ip- + provider.net." is quoted and only needs to be counted once. + 120 bytes for the 6 A RR's mentioned by the SRV and NS RR's. + +Refererences + + RFC 1918: Rekhter, Y., Moskowitz, R., Karrenberg, D., de Groot, G., + and E. Lear, "Address Allocation for Private Internets", + RFC 1918, February 1996. + + RFC 1916 Berkowitz, H., Ferguson, P, Leland, W. and P. Nesser, + "Enterprise Renumbering: Experience and Information + Solicitation", RFC 1916, February 1996. + + RFC 1912 Barr, D., "Common DNS Operational and Configuration + Errors", RFC 1912, February 1996. + + RFC 1900: Carpenter, B., and Y. Rekhter, "Renumbering Needs Work", + RFC 1900, February 1996. + + RFC 1920: Postel, J., "INTERNET OFFICIAL PROTOCOL STANDARDS", + STD 1, RFC 1920, March 1996. + + RFC 1814: Gerich, E., "Unique Addresses are Good", RFC 1814, June + 1995. + + RFC 1794: Brisco, T., "DNS Support for Load Balancing", April 1995. + + RFC 1713: Romao, A., "Tools for DNS debugging", November 1994. + + RFC 1712: Farrell, C., Schulze, M., Pleitner, S., and D. Baldoni, + "DNS Encoding of Geographical Location", RFC 1712, November + 1994. + + RFC 1706: Manning, B. and R. Colella, "DNS NSAP Resource Records", + RFC 1706, October 1994. + + RFC 1700: Reynolds, J., and J. Postel, "ASSIGNED NUMBERS", + STD 2, RFC 1700, October 1994. + + RFC 1183: Ullmann, R., Mockapetris, P., Mamakos, L., and + C. Everhart, "New DNS RR Definitions", RFC 1183, November + 1990. + + + + +Gulbrandsen & Vixie Experimental [Page 8] + +RFC 2052 DNS SRV RR October 1996 + + + RFC 1101: Mockapetris, P., "DNS encoding of network names and other + types", RFC 1101, April 1989. + + RFC 1035: Mockapetris, P., "Domain names - implementation and + specification", STD 13, RFC 1035, November 1987. + + RFC 1034: Mockapetris, P., "Domain names - concepts and + facilities", STD 13, RFC 1034, November 1987. + + RFC 1033: Lottor, M., "Domain administrators operations guide", + RFC 1033, November 1987. + + RFC 1032: Stahl, M., "Domain administrators guide", RFC 1032, + November 1987. + + RFC 974: Partridge, C., "Mail routing and the domain system", + STD 14, RFC 974, January 1986. + +Security Considerations + + The authors believes this RR to not cause any new security problems. + Some problems become more visible, though. + + - The ability to specify ports on a fine-grained basis obviously + changes how a router can filter packets. It becomes impossible + to block internal clients from accessing specific external + services, slightly harder to block internal users from running + unautorised services, and more important for the router + operations and DNS operations personnel to cooperate. + + - There is no way a site can keep its hosts from being referenced + as servers (as, indeed, some sites become unwilling secondary + MXes today). This could lead to denial of service. + + - With SRV, DNS spoofers can supply false port numbers, as well as + host names and addresses. The authors do not see any practical + effect of this. + + We assume that as the DNS-security people invent new features, DNS + servers will return the relevant RRs in the Additional Data section + when answering an SRV query. + + + + + + + + + + +Gulbrandsen & Vixie Experimental [Page 9] + +RFC 2052 DNS SRV RR October 1996 + + +Authors' Addresses + + Arnt Gulbrandsen + Troll Tech + Postboks 6133 Etterstad + N-0602 Oslo + Norway + + Phone: +47 22646966 + EMail: agulbra@troll.no + + + Paul Vixie + Vixie Enterprises + Star Route 159A + Woodside, CA 94062 + + Phone: (415) 747-0204 + EMail: paul@vix.com + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Gulbrandsen & Vixie Experimental [Page 10] + diff --git a/usr.sbin/named/doc/rfc/rfc819 b/usr.sbin/named/doc/rfc/rfc819 new file mode 100644 index 00000000000..d66f8d91448 --- /dev/null +++ b/usr.sbin/named/doc/rfc/rfc819 @@ -0,0 +1,1044 @@ + + +Network Working Group Zaw-Sing Su (SRI) +Request for Comments: 819 Jon Postel (ISI) + August 1982 + + + + The Domain Naming Convention for Internet User Applications + + + + +1. Introduction + + For many years, the naming convention "<user>@<host>" has served the + ARPANET user community for its mail system, and the substring + "<host>" has been used for other applications such as file transfer + (FTP) and terminal access (Telnet). With the advent of network + interconnection, this naming convention needs to be generalized to + accommodate internetworking. A decision has recently been reached to + replace the simple name field, "<host>", by a composite name field, + "<domain>" [2]. This note is an attempt to clarify this generalized + naming convention, the Internet Naming Convention, and to explore the + implications of its adoption for Internet name service and user + applications. + + The following example illustrates the changes in naming convention: + + ARPANET Convention: Fred@ISIF + Internet Convention: Fred@F.ISI.ARPA + + The intent is that the Internet names be used to form a + tree-structured administrative dependent, rather than a strictly + topology dependent, hierarchy. The left-to-right string of name + components proceeds from the most specific to the most general, that + is, the root of the tree, the administrative universe, is on the + right. + + The name service for realizing the Internet naming convention is + assumed to be application independent. It is not a part of any + particular application, but rather an independent name service serves + different user applications. + +2. The Structural Model + + The Internet naming convention is based on the domain concept. The + name of a domain consists of a concatenation of one or more <simple + names>. A domain can be considered as a region of jurisdiction for + name assignment and of responsibility for name-to-address + translation. The set of domains forms a hierarchy. + + Using a graph theory representation, this hierarchy may be modeled as + a directed graph. A directed graph consists of a set of nodes and a + + +Su & Postel [Page 1] + + + +RFC 819 August 1982; + + + collection of arcs, where arcs are identified by ordered pairs of + distinct nodes [1]. Each node of the graph represents a domain. An + ordered pair (B, A), an arc from B to A, indicates that B is a + subdomain of domain A, and B is a simple name unique within A. We + will refer to B as a child of A, and A a parent of B. The directed + graph that best describes the naming hierarchy is called an + "in-tree", which is a rooted tree with all arcs directed towards the + root (Figure 1). The root of the tree represents the naming universe, + ancestor of all domains. Endpoints (or leaves) of the tree are the + lowest-level domains. + + U + / | \ + / | \ U -- Naming Universe + ^ ^ ^ I -- Intermediate Domain + | | | E -- Endpoint Domain + I E I + / \ | + ^ ^ ^ + | | | + E E I + / | \ + ^ ^ ^ + | | | + E E E + + Figure 1 + The In-Tree Model for Domain Hierarchy + + The simple name of a child in this model is necessarily unique within + its parent domain. Since the simple name of the child's parent is + unique within the child's grandparent domain, the child can be + uniquely named in its grandparent domain by the concatenation of its + simple name followed by its parent's simple name. + + For example, if the simple name of a child is "C1" then no other + child of the same parent may be named "C1". Further, if the + parent of this child is named "P1", then "P1" is a unique simple + name in the child's grandparent domain. Thus, the concatenation + C1.P1 is unique in C1's grandparent domain. + + Similarly, each element of the hierarchy is uniquely named in the + universe by its complete name, the concatenation of its simple name + and those for the domains along the trail leading to the naming + universe. + + The hierarchical structure of the Internet naming convention supports + decentralization of naming authority and distribution of name service + capability. We assume a naming authority and a name server + + +Su & Postel [Page 2] + + + +RFC 819 August 1982; + + + associated with each domain. In Sections 5 and 6 respectively the + name service and the naming authority are discussed. + + Within an endpoint domain, unique names are assigned to <user> + representing user mailboxes. User mailboxes may be viewed as + children of their respective domains. + + In reality, anomalies may exist violating the in-tree model of naming + hierarchy. Overlapping domains imply multiple parentage, i.e., an + entity of the naming hierarchy being a child of more than one domain. + It is conceivable that ISI can be a member of the ARPA domain as well + as a member of the USC domain (Figure 2). Such a relation + constitutes an anomaly to the rule of one-connectivity between any + two points of a tree. The common child and the sub-tree below it + become descendants of both parent domains. + + U + / | \ + / . \ + . . ARPA + . . | \ + USC | \ + \ | . + \ | . + ISI + + Figure 2 + Anomaly in the In-Tree Model + + Some issues resulting from multiple parentage are addressed in + Appendix B. The general implications of multiple parentage are a + subject for further investigation. + +3. Advantage of Absolute Naming + + Absolute naming implies that the (complete) names are assigned with + respect to a universal reference point. The advantage of absolute + naming is that a name thus assigned can be universally interpreted + with respect to the universal reference point. The Internet naming + convention provides absolute naming with the naming universe as its + universal reference point. + + For relative naming, an entity is named depending upon the position + of the naming entity relative to that of the named entity. A set of + hosts running the "unix" operating system exchange mail using a + method called "uucp". The naming convention employed by uucp is an + example of relative naming. The mail recipient is typically named by + a source route identifying a chain of locally known hosts linking the + + + +Su & Postel [Page 3] + + + +RFC 819 August 1982; + + + sender's host to the recipient's. A destination name can be, for + example, + + "alpha!beta!gamma!john", + + where "alpha" is presumably known to the originating host, "beta" is + known to "alpha", and so on. + + The uucp mail system has demonstrated many of the problems inherent + to relative naming. When the host names are only locally + interpretable, routing optimization becomes impossible. A reply + message may have to traverse the reverse route to the original sender + in order to be forwarded to other parties. + + Furthermore, if a message is forwarded by one of the original + recipients or passed on as the text of another message, the frame of + reference of the relative source route can be completely lost. Such + relative naming schemes have severe problems for many of the uses + that we depend upon in the ARPA Internet community. + +4. Interoperability + + To allow interoperation with a different naming convention, the names + assigned by a foreign naming convention need to be accommodated. + Given the autonomous nature of domains, a foreign naming environment + may be incorporated as a domain anywhere in the hierarchy. Within + the naming universe, the name service for a domain is provided within + that domain. Thus, a foreign naming convention can be independent of + the Internet naming convention. What is implied here is that no + standard convention for naming needs to be imposed to allow + interoperations among heterogeneous naming environments. + + For example: + + There might be a naming convention, say, in the FOO world, + something like "<user>%<host>%<area>". Communications with an + entity in that environment can be achieved from the Internet + community by simply appending ".FOO" on the end of the name in + that foreign convention. + + John%ISI-Tops20-7%California.FOO + + Another example: + + One way of accommodating the "uucp world" described in the last + section is to declare it as a foreign system. Thus, a uucp + name + + "alpha!beta!gamma!john" + + +Su & Postel [Page 4] + + + +RFC 819 August 1982; + + + might be known in the Internet community as + + "alpha!beta!gamma!john.UUCP". + + Communicating with a complex subdomain is another case which can + be treated as interoperation. A complex subdomain is a domain + with complex internal naming structure presumably unknown to the + outside world (or the outside world does not care to be concerned + with its complexity). + + For the mail system application, the names embedded in the message + text are often used by the destination for such purpose as to reply + to the original message. Thus, the embedded names may need to be + converted for the benefit of the name server in the destination + environment. + + Conversion of names on the boundary between heterogeneous naming + environments is a complex subject. The following example illustrates + some of the involved issues. + + For example: + + A message is sent from the Internet community to the FOO + environment. It may bear the "From" and "To" fields as: + + From: Fred@F.ISI.ARPA + To: John%ISI-Tops20-7%California.FOO + + where "FOO" is a domain independent of the Internet naming + environment. The interface on the boundary of the two + environments may be represented by a software module. We may + assume this interface to be an entity of the Internet community + as well as an entity of the FOO community. For the benefit of + the FOO environment, the "From" and "To" fields need to be + modified upon the message's arrival at the boundary. One may + view naming as a separate layer of protocol, and treat + conversion as a protocol translation. The matter is + complicated when the message is sent to more than one + destination within different naming environments; or the + message is destined within an environment not sharing boundary + with the originating naming environment. + + While the general subject concerning conversion is beyond the scope + of this note, a few questions are raised in Appendix D. + + + + + + + +Su & Postel [Page 5] + + + +RFC 819 August 1982; + + +5. Name Service + + Name service is a network service providing name-to-address + translation. Such service may be achieved in a number of ways. For + a simple networking environment, it can be accomplished with a single + central database containing name-to-address correspondence for all + the pertinent network entities, such as hosts. + + In the case of the old ARPANET host names, a central database is + duplicated in each individual host. The originating module of an + application process would query the local name service (e.g., make a + system call) to obtain network address for the destination host. With + the proliferation of networks and an accelerating increase in the + number of hosts participating in networking, the ever growing size, + update frequency, and the dissemination of the central database makes + this approach unmanageable. + + The hierarchical structure of the Internet naming convention supports + decentralization of naming authority and distribution of name service + capability. It readily accommodates growth of the naming universe. + It allows an arbitrary number of hierarchical layers. The addition + of a new domain adds little complexity to an existing Internet + system. + + The name service at each domain is assumed to be provided by one or + more name servers. There are two models for how a name server + completes its work, these might be called "iterative" and + "recursive". + + For an iterative name server there may be two kinds of responses. + The first kind of response is a destination address. The second + kind of response is the address of another name server. If the + response is a destination address, then the query is satisfied. If + the response is the address of another name server, then the query + must be repeated using that name server, and so on until a + destination address is obtained. + + For a recursive name server there is only one kind of response -- + a destination address. This puts an obligation on the name server + to actually make the call on another name server if it can't + answer the query itself. + + It is noted that looping can be avoided since the names presented for + translation can only be of finite concatenation. However, care + should be taken in employing mechanisms such as a pointer to the next + simple name for resolution. + + We believe that some name servers will be recursive, but we don't + believe that all will be. This means that the caller must be + + +Su & Postel [Page 6] + + + +RFC 819 August 1982; + + + prepared for either type of server. Further discussion and examples + of name service is given in Appendix C. + + The basic name service at each domain is the translation of simple + names to addresses for all of its children. However, if only this + basic name service is provided, the use of complete (or fully + qualified) names would be required. Such requirement can be + unreasonable in practice. Thus, we propose the use of partial names + in the context in which their uniqueness is preserved. By + construction, naming uniqueness is preserved within the domain of a + common ancestry. Thus, a partially qualified name is constructed by + omitting from the complete name ancestors common to the communicating + parties. When a partially qualified name leaves its context of + uniqueness it must be additionally qualified. + + The use of partially qualified names places a requirement on the + Internet name service. To satisfy this requirement, the name service + at each domain must be capable of, in addition to the basic service, + resolving simple names for all of its ancestors (including itself) + and their children. In Appendix B, the required distinction among + simple names for such resolution is addressed. + +6. Naming Authority + + Associated with each domain there must be a naming authority to + assign simple names and ensure proper distinction among simple names. + + Note that if the use of partially qualified names is allowed in a + sub-domain, the uniqueness of simple names inside that sub-domain is + insufficient to avoid ambiguity with names outside the subdomain. + Appendix B discusses simple name assignment in a sub-domain that + would allow the use of partially qualified names without ambiguity. + + Administratively, associated with each domain there is a single + person (or office) called the registrar. The registrar of the naming + universe specifies the top-level set of domains and designates a + registrar for each of these domains. The registrar for any given + domain maintains the naming authority for that domain. + +7. Network-Oriented Applications + + For user applications such as file transfer and terminal access, the + remote host needs to be named. To be compatible with ARPANET naming + convention, a host can be treated as an endpoint domain. + + Many operating systems or programming language run-time environments + provide functions or calls (JSYSs, SVCs, UUOs, SYSs, etc.) for + standard services (e.g., time-of-day, account-of-logged-in-user, + convert-number-to-string). It is likely to be very helpful if such a + + +Su & Postel [Page 7] + + + +RFC 819 August 1982; + + + function or call is developed for translating a host name to an + address. Indeed, several systems on the ARPANET already have such + facilities for translating an ARPANET host name into an ARPANET + address based on internal tables. + + We recommend that this provision of a standard function or call for + translating names to addresses be extended to accept names of + Internet convention. This will promote a consistent interface to the + users of programs involving internetwork activities. The standard + facility for translating Internet names to Internet addresses should + include all the mechanisms available on the host, such as checking a + local table or cache of recently checked names, or consulting a name + server via the Internet. + +8. Mail Relaying + + Relaying is a feature adopted by more and more mail systems. + Relaying facilitates, among other things, interoperations between + heterogeneous mail systems. The term "relay" is used to describe the + situation where a message is routed via one or more intermediate + points between the sender and the recipient. The mail relays are + normally specified explicitly as relay points in the instructions for + message delivery. Usually, each of the intermediate relays assume + responsibility for the relayed message [3]. + + A point should be made on the basic difference between mail + relaying and the uucp naming system. The difference is that + although mail relaying with absolute naming can also be considered + as a form of source routing, the names of each intermediate points + and that of the destination are universally interpretable, while + the host names along a source route of the uucp convention is + relative and thus only locally interpretable. + + The Internet naming convention explicitly allows interoperations + among heterogeneous systems. This implies that the originator of a + communication may name a destination which resides in a foreign + system. The probability is that the destination network address may + not be comprehensible to the transport system of the originator. + Thus, an implicit relaying mechanism is called for at the boundary + between the domains. The function of this implicit relay is the same + as the explicit relay. + + + + + + + + + + +Su & Postel [Page 8] + + + +RFC 819 August 1982; + + +9. Implementation + + The Actual Domains + + The initial set of top-level names include: + + ARPA + + This represents the set of organizations involved in the + Internet system through the authority of the U.S. Defense + Advanced Research Projects Agency. This includes all the + research and development hosts on the ARPANET and hosts on + many other nets as well. But note very carefully that the + top-level domain "ARPA" does not map one-to-one with the + ARPANET -- domains are administrative, not topological. + + Transition + + In the transition from the ARPANET naming convention to the + Internet naming convention, a host name may be used as a simple + name for an endpoint domain. Thus, if "USC-ISIF" is an ARPANET + host name, then "USC-ISIF.ARPA" is the name of an Internet domain. + +10. Summary + + A hierarchical naming convention based on the domain concept has been + adopted by the Internet community. It is an absolute naming + convention defined along administrative rather than topological + boundaries. This naming convention is adaptive for interoperations + with other naming conventions. Thus, no standard convention needs to + be imposed for interoperations among heterogeneous naming + environments. + + This Internet naming convention allows distributed name service and + naming authority functions at each domain. We have specified these + functions required at each domain. Also discussed are implications + on network-oriented applications, mail systems, and administrative + aspects of this convention. + + + + + + + + + + + + + +Su & Postel [Page 9] + + + +RFC 819 August 1982; + + +APPENDIX A + + The BNF Specification + + We present here a rather detailed "BNF" definition of the allowed + form for a computer mail "mailbox" composed of a "local-part" and a + "domain" (separated by an at sign). Clearly, the domain can be used + separately in other network-oriented applications. + + <mailbox> ::= <local-part> "@" <domain> + + <local-part> ::= <string> | <quoted-string> + + <string> ::= <char> | <char> <string> + + <quoted-string> ::= """ <qtext> """ + + <qtext> ::= "\" <x> | "\" <x> <qtext> | <q> | <q> <qtext> + + <char> ::= <c> | "\" <x> + + <domain> ::= <naming-domain> | <naming-domain> "." <domain> + + <naming-domain> ::= <simple-name> | <address> + + <simple-name> ::= <a> <ldh-str> <let-dig> + + <ldh-str> ::= <let-dig-hyp> | <let-dig-hyp> <ldh-str> + + <let-dig> ::= <a> | <d> + + <let-dig-hyp> ::= <a> | <d> | "-" + + <address> :: = "#" <number> | "[" <dotnum> "]" + + <number> ::= <d> | <d> <number> + + <dotnum> ::= <snum> "." <snum> "." <snum> "." <snum> + + <snum> ::= one, two, or three digits representing a decimal integer + value in the range 0 through 255 + + <a> ::= any one of the 52 alphabetic characters A through Z in upper + case and a through z in lower case + + <c> ::= any one of the 128 ASCII characters except <s> or <SP> + + <d> ::= any one of the ten digits 0 through 9 + + + +Su & Postel [Page 10] + + + +RFC 819 August 1982; + + + <q> ::= any one of the 128 ASCII characters except CR, LF, quote ("), + or backslash (\) + + <x> ::= any one of the 128 ASCII characters (no exceptions) + + <s> ::= "<", ">", "(", ")", "[", "]", "\", ".", ",", ";", ":", "@", + """, and the control characters (ASCII codes 0 through 31 inclusive + and 127) + + Note that the backslash, "\", is a quote character, which is used to + indicate that the next character is to be used literally (instead of + its normal interpretation). For example, "Joe\,Smith" could be used + to indicate a single nine character user field with comma being the + fourth character of the field. + + The simple names that make up a domain may contain both upper and + lower case letters (as well as digits and hyphen), but these names + are not case sensitive. + + Hosts are generally known by names. Sometimes a host is not known to + the translation function and communication is blocked. To bypass + this barrier two forms of addresses are also allowed for host + "names". One form is a decimal integer prefixed by a pound sign, "#". + Another form, called "dotted decimal", is four small decimal integers + separated by dots and enclosed by brackets, e.g., "[123.255.37.2]", + which indicates a 32-bit ARPA Internet Address in four 8-bit fields. + (Of course, these numeric address forms are specific to the Internet, + other forms may have to be provided if this problem arises in other + transport systems.) + + + + + + + + + + + + + + + + + + + + + + +Su & Postel [Page 11] + + + +RFC 819 August 1982; + + +APPENDIX B + + An Aside on the Assignment of Simple Names + + In the following example, there are two naming hierarchies joining at + the naming universe 'U'. One consists of domains (S, R, N, J, P, Q, + B, A); and the other (L, E, F, G, H, D, C, K, B, A). Domain B is + assumed to have multiple parentage as shown. + + U + / \ + / \ + J L + / \ + N E + / \ / \ + R P D F + / \ | \ \ + S Q C (X) G + \ / \ \ + B K H + / + A + + Figure 3 + Illustration of Requirements for the Distinction of Simple Names + + Suppose someone at A tries to initiate communication with destination + H. The fully qualified destination name would be + + H.G.F.E.L.U + + Omitting common ancestors, the partially qualified name for the + destination would be + + H.G.F + + To permit the case of partially qualified names, name server at A + needs to resolve the simple name F, i.e., F needs to be distinct from + all the other simple names in its database. + + To enable the name server of a domain to resolve simple names, a + simple name for a child needs to be assigned distinct from those of + all of its ancestors and their immediate children. However, such + distinction would not be sufficient to allow simple name resolution + at lower-level domains because lower-level domains could have + multiple parentage below the level of this domain. + + In the example above, let us assume that a name is to be assigned + + +Su & Postel [Page 12] + + + +RFC 819 August 1982; + + + to a new domain X by D. To allow name server at D to resolve + simple names, the name for X must be distinct from L, E, D, C, F, + and J. However, allowing A to resolve simple names, X needs to be + also distinct from A, B, K, as well as from Q, P, N, and R. + + The following observations can be made. + + Simple names along parallel trails (distinct trails leading from + one domain to the naming universe) must be distinct, e.g., N must + be distinct from E for B or A to properly resolve simple names. + + No universal uniqueness of simple names is called for, e.g., the + simple name S does not have to be distinct from that of E, F, G, + H, D, C, K, Q, B, or A. + + The lower the level at which a domain occurs, the more immune it + is to the requirement of naming uniqueness. + + To satisfy the required distinction of simple names for proper + resolution at all levels, a naming authority needs to ensure the + simple name to be assigned distinct from those in the name server + databases at the endpoint naming domains within its domain. As an + example, for D to assign a simple name for X, it would need to + consult databases at A and K. It is, however, acceptable to have + simple names under domain A identical with those under K. Failure of + such distinct assignment of simple names by naming authority of one + domain would jeopardize the capability of simple name resolution for + entities within the subtree under that domain. + + + + + + + + + + + + + + + + + + + + + + + +Su & Postel [Page 13] + + + +RFC 819 August 1982; + + +APPENDIX C + + Further Discussion of Name Service and Name Servers + + The name service on a system should appear to the programmer of an + application program simply as a system call or library subroutine. + Within that call or subroutine there may be several types of methods + for resolving the name string into an address. + + First, a local table may be consulted. This table may be a + complete table and may be updated frequently, or it may simply be + a cache of the few latest name to address mappings recently + determined. + + Second, a call may be made to a name server to resolve the string + into a destination address. + + Third, a call may be made to a name server to resolve the string + into a relay address. + + Whenever a name server is called it may be a recursive server or an + interactive server. + + If the server is recursive, the caller won't be able to tell if + the server itself had the information to resolve the query or + called another server recursively (except perhaps for the time it + takes). + + If the server is iterative, the caller must be prepared for either + the answer to its query, or a response indicating that it should + call on a different server. + + It should be noted that the main name service discussed in this memo + is simply a name string to address service. For some applications + there may be other services needed. + + For example, even within the Internet there are several procedures + or protocols for actually transferring mail. One need is to + determine which mail procedures a destination host can use. + Another need is to determine the name of a relay host if the + source and destination hosts do not have a common mail procedure. + These more specialized services must be specific to each + application since the answers may be application dependent, but + the basic name to address translation is application independent. + + + + + + + +Su & Postel [Page 14] + + + +RFC 819 August 1982; + + +APPENDIX D + + Further Discussion of Interoperability and Protocol Translations + + The translation of protocols from one system to another is often + quite difficult. Following are some questions that stem from + considering the translations of addresses between mail systems: + + What is the impact of different addressing environments (i.e., + environments of different address formats)? + + It is noted that the boundary of naming environment may or may not + coincide with the boundary of different mail systems. Should the + conversion of naming be independent of the application system? + + The boundary between different addressing environments may or may + not coincide with that of different naming environments or + application systems. Some generic approach appears to be + necessary. + + If the conversion of naming is to be independent of the + application system, some form of interaction appears necessary + between the interface module of naming conversion with some + application level functions, such as the parsing and modification + of message text. + + To accommodate encryption, conversion may not be desirable at all. + What then can be an alternative to conversion? + + + + + + + + + + + + + + + + + + + + + + + +Su & Postel [Page 15] + + + +RFC 819 August 1982; + + +GLOSSARY + + address + + An address is a numerical identifier for the topological location + of the named entity. + + name + + A name is an alphanumeric identifier associated with the named + entity. For unique identification, a name needs to be unique in + the context in which the name is used. A name can be mapped to an + address. + + complete (fully qualified) name + + A complete name is a concatenation of simple names representing + the hierarchical relation of the named with respect to the naming + universe, that is it is the concatenation of the simple names of + the domain structure tree nodes starting with its own name and + ending with the top level node name. It is a unique name in the + naming universe. + + partially qualified name + + A partially qualified name is an abbreviation of the complete name + omitting simple names of the common ancestors of the communicating + parties. + + simple name + + A simple name is an alphanumeric identifier unique only within its + parent domain. + + domain + + A domain defines a region of jurisdiction for name assignment and + of responsibility for name-to-address translation. + + naming universe + + Naming universe is the ancestor of all network entities. + + naming environment + + A networking environment employing a specific naming convention. + + + + + +Su & Postel [Page 16] + + + +RFC 819 August 1982; + + + name service + + Name service is a network service for name-to-address mapping. + + name server + + A name server is a network mechanism (e.g., a process) realizing + the function of name service. + + naming authority + + Naming authority is an administrative entity having the authority + for assigning simple names and responsibility for resolving naming + conflict. + + parallel relations + + A network entity may have one or more hierarchical relations with + respect to the naming universe. Such multiple relations are + parallel relations to each other. + + multiple parentage + + A network entity has multiple parentage when it is assigned a + simple name by more than one naming domain. + + + + + + + + + + + + + + + + + + + + + + + + + + +Su & Postel [Page 17] + + + +RFC 819 August 1982; + + +REFERENCES + + [1] F. Harary, "Graph Theory", Addison-Wesley, Reading, + Massachusetts, 1969. + + [2] J. Postel, "Computer Mail Meeting Notes", RFC-805, + USC/Information Sciences Institute, 8 February 1982. + + [3] J. Postel, "Simple Mail Transfer Protocol", RFC-821, + USC/Information Sciences Institute, August 1982. + + [4] D. Crocker, "Standard for the Format of ARPA Internet Text + Messages", RFC-822, Department of Electrical Engineering, University + of Delaware, August 1982. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Su & Postel [Page 18] + diff --git a/usr.sbin/named/doc/rfc/rfc920 b/usr.sbin/named/doc/rfc/rfc920 new file mode 100644 index 00000000000..661b8301006 --- /dev/null +++ b/usr.sbin/named/doc/rfc/rfc920 @@ -0,0 +1,798 @@ + + +Network Working Group J. Postel +Request for Comments: 920 J. Reynolds + ISI + October 1984 + + Domain Requirements + + +Status of this Memo + + This memo is a policy statement on the requirements of establishing a + new domain in the ARPA-Internet and the DARPA research community. + This is an official policy statement of the IAB and the DARPA. + Distribution of this memo is unlimited. + +Introduction + + This memo restates and refines the requirements on establishing a + Domain first described in RFC-881 [1]. It adds considerable detail + to that discussion, and introduces the limited set of top level + domains. + +The Purpose of Domains + + Domains are administrative entities. The purpose and expected use of + domains is to divide the name management required of a central + administration and assign it to sub-administrations. There are no + geographical, topological, or technological constraints on a domain. + The hosts in a domain need not have common hardware or software, nor + even common protocols. Most of the requirements and limitations on + domains are designed to ensure responsible administration. + + The domain system is a tree-structured global name space that has a + few top level domains. The top level domains are subdivided into + second level domains. The second level domains may be subdivided + into third level domains, and so on. + + The administration of a domain requires controlling the assignment of + names within that domain and providing access to the names and name + related information (such as addresses) to users both inside and + outside the domain. + + + + + + + + + + + + +Postel & Reynolds [Page 1] + + + +RFC 920 October 1984 +Domain Requirements + + +General Purpose Domains + + While the initial domain name "ARPA" arises from the history of the + development of this system and environment, in the future most of the + top level names will be very general categories like "government", + "education", or "commercial". The motivation is to provide an + organization name that is free of undesirable semantics. + + After a short period of initial experimentation, all current + ARPA-Internet hosts will select some domain other than ARPA for their + future use. The use of ARPA as a top level domain will eventually + cease. + +Initial Set of Top Level Domains + + The initial top level domain names are: + + Temporary + + ARPA = The current ARPA-Internet hosts. + + Categories + + GOV = Government, any government related domains meeting the + second level requirements. + + EDU = Education, any education related domains meeting the + second level requirements. + + COM = Commercial, any commercial related domains meeting the + second level requirements. + + MIL = Military, any military related domains meeting the + second level requirements. + + ORG = Organization, any other domains meeting the second + level requirements. + + Countries + + The English two letter code (alpha-2) identifying a country + according the the ISO Standard for "Codes for the + Representation of Names of Countries" [5]. + + + + + + +Postel & Reynolds [Page 2] + + + +RFC 920 October 1984 +Domain Requirements + + + Multiorganizations + + A multiorganization may be a top level domain if it is large, + and is composed of other organizations; particularly if the + multiorganization can not be easily classified into one of the + categories and is international in scope. + +Possible Examples of Domains + + The following examples are fictions of the authors' creation, any + similarity to the real world is coincidental. + + The UC Domain + + It might be that a large state wide university with, say, nine + campuses and several laboratories may want to form a domain. Each + campus or major off-campus laboratory might then be a subdomain, + and within each subdomain, each department could be further + distinguished. This university might be a second level domain in + the education category. + + One might see domain style names for hosts in this domain like + these: + + LOCUS.CS.LA.UC.EDU + CCN.OAC.LA.UC.EDU + ERNIE.CS.CAL.UC.EDU + A.S1.LLNL.UC.EDU + A.LAND.LANL.UC.EDU + NMM.LBL.CAL.UC.EDU + + The MIT Domain + + Another large university may have many hosts using a variety of + machine types, some even using several families of protocols. + However, the administrators at this university may see no need for + the outside world to be aware of these internal differences. This + university might be a second level domain in the education + category. + + One might see domain style names for hosts in this domain like + these: + + APIARY-1.MIT.EDU + BABY-BLUE.MIT.EDU + CEZANNE.MIT.EDU + DASH.MIT.EDU + + +Postel & Reynolds [Page 3] + + + +RFC 920 October 1984 +Domain Requirements + + + MULTICS.MIT.EDU + TAC.MIT.EDU + XX.MIT.EDU + + The CSNET Domain + + There may be a consortium of universities and industry research + laboratories called, say, "CSNET". This CSNET is not a network + per se, but rather a computer mail exchange using a variety of + protocols and network systems. Therefore, CSNET is not a network + in the sense of the ARPANET, or an Ethernet, or even the + ARPA-Internet, but rather a community. Yet it does, in fact, have + the key property needed to form a domain; it has a responsible + administration. This consortium might be large enough and might + have membership that cuts across the categories in such a way that + it qualifies under the "multiorganization rule" to be a top level + domain. + + One might see domain style names for hosts in this domain like + these: + + CIC.CSNET + EMORY.CSNET + GATECH.CSNET + HP-LABS.CSNET + SJ.IBM.CSNET + UDEL.CSNET + UWISC.CSNET + +General Requirements on a Domain + + There are several requirements that must be met to establish a + domain. In general, it must be responsibly managed. There must be a + responsible person to serve as an authoritative coordinator for + domain related questions. There must be a robust domain name lookup + service, it must be of at least a minimum size, and the domain must + be registered with the central domain administrator (the Network + Information Center (NIC) Domain Registrar). + + Responsible Person: + + An individual must be identified who has authority for the + administration of the names within the domain, and who seriously + takes on the responsibility for the behavior of the hosts in the + domain, plus their interactions with hosts outside the domain. + This person must have some technical expertise and the authority + within the domain to see that problems are fixed. + + +Postel & Reynolds [Page 4] + + + +RFC 920 October 1984 +Domain Requirements + + + If a host in a given domain somehow misbehaves in its interactions + with hosts outside the domain (e.g., consistently violates + protocols), the responsible person for the domain must be + competent and available to receive reports of problems, take + action on the reported problems, and follow through to eliminate + the problems. + + Domain Servers: + + A robust and reliable domain server must be provided. One way of + meeting this requirement is to provide at least two independent + domain servers for the domain. The database can, of course, be + the same. The database can be prepared and copied to each domain + server. But, the servers should be in separate machines on + independent power supplies, et cetera; basically as physically + independent as can be. They should have no common point of + failure. + + Some domains may find that providing a robust domain service can + most easily be done by cooperating with another domain where each + domain provides an additional server for the other. + + In other situations, it may be desirable for a domain to arrange + for domain service to be provided by a third party, perhaps on + hosts located outside the domain. + + One of the difficult problems in operating a domain server is the + acquisition and maintenance of the data. In this case, the data + are the host names and addresses. In some environments this + information changes fairly rapidly and keeping up-to-date data may + be difficult. This is one motivation for sub-domains. One may + wish to create sub-domains until the rate of change of the data in + a sub-domain domain server database is easily managed. + + In the technical language of the domain server implementation the + data is divided into zones. Domains and zones are not necessarily + one-to-one. It may be reasonable for two or more domains to + combine their data in a single zone. + + The responsible person or an identified technical assistant must + understand in detail the procedures for operating a domain server, + including the management of master files and zones. + + The operation of a domain server should not be taken on lightly. + There are some difficult problems in providing an adequate + service, primarily the problems in keeping the database up to + date, and keeping the service operating. + + +Postel & Reynolds [Page 5] + + + +RFC 920 October 1984 +Domain Requirements + + + The concepts and implementation details of the domain server are + given in RFC-882 [2] and RFC-883 [3]. + + Minimum Size: + + The domain must be of at least a minimum size. There is no + requirement to form a domain because some set of hosts is above + the minimum size. + + Top level domains must be specially authorized. In general, they + will only be authorized for domains expected to have over 500 + hosts. + + The general guideline for a second level domain is that it have + over 50 hosts. This is a very soft "requirement". It makes sense + that any major organization, such as a university or corporation, + be allowed as a second level domain -- even if it has just a few + hosts. + + Registration: + + Top level domains must be specially authorized and registered with + the NIC domain registrar. + + The administrator of a level N domain must register with the + registrar (or responsible person) of the level N-1 domain. This + upper level authority must be satisfied that the requirements are + met before authorization for the domain is granted. + + The registration procedure involves answering specific questions + about the prospective domain. A prototype of what the NIC Domain + Registrar may ask for the registration of a second level domain is + shown below. These questions may change from time to time. It is + the responsibility of domain administrators to keep this + information current. + + The administrator of a domain is required to make sure that host + and sub-domain names within that jurisdiction conform to the + standard name conventions and are unique within that domain. + + If sub-domains are set up, the administrator may wish to pass + along some of his authority and responsibility to a sub-domain + administrator. Even if sub-domains are established, the + responsible person for the top-level domain is ultimately + responsible for the whole tree of sub-domains and hosts. + + This does not mean that a domain administrator has to know the + + +Postel & Reynolds [Page 6] + + + +RFC 920 October 1984 +Domain Requirements + + + details of all the sub-domains and hosts to the Nth degree, but + simply that if a problem occurs he can get it fixed by calling on + the administrator of the sub-domain containing the problem. + +Top Level Domain Requirements + + There are very few top level domains, each of these may have many + second level domains. + + An initial set of top level names has been identified. Each of these + has an administrator and an agent. + + The top level domains: + + ARPA = The ARPA-Internet *** TEMPORARY *** + + Administrator: DARPA + Agent: The Network Information Center + Mailbox: HOSTMASTER@SRI-NIC.ARPA + + GOV = Government + + Administrator: DARPA + Agent: The Network Information Center + Mailbox: HOSTMASTER@SRI-NIC.ARPA + + EDU = Education + + Administrator: DARPA + Agent: The Network Information Center + Mailbox: HOSTMASTER@SRI-NIC.ARPA + + COM = Commercial + + Administrator: DARPA + Agent: The Network Information Center + Mailbox: HOSTMASTER@SRI-NIC.ARPA + + MIL = Military + + Administrator: DDN-PMO + Agent: The Network Information Center + Mailbox: HOSTMASTER@SRI-NIC.ARPA + + + + + + +Postel & Reynolds [Page 7] + + + +RFC 920 October 1984 +Domain Requirements + + + ORG = Organization + + Administrator: DARPA + Agent: The Network Information Center + Mailbox: HOSTMASTER@SRI-NIC.ARPA + + Countries + + The English two letter code (alpha-2) identifying a country + according the the ISO Standard for "Codes for the + Representation of Names of Countries" [5]. + + As yet no country domains have been established. As they are + established information about the administrators and agents + will be made public, and will be listed in subsequent editions + of this memo. + + Multiorganizations + + A multiorganization may be a top level domain if it is large, + and is composed of other organizations; particularly if the + multiorganization can not be easily classified into one of the + categories and is international in scope. + + As yet no multiorganization domains have been established. As + they are established information about the administrators and + agents will be made public, and will be listed in subsequent + editions of this memo. + + Note: The NIC is listed as the agent and registrar for all the + currently allowed top level domains. If there are other entities + that would be more appropriate agents and registrars for some or + all of these domains then it would be desirable to reassign the + responsibility. + +Second Level Domain Requirements + + Each top level domain may have many second level domains. Every + second level domain must meet the general requirements on a domain + specified above, and be registered with a top level domain + administrator. + + + + + + + + +Postel & Reynolds [Page 8] + + + +RFC 920 October 1984 +Domain Requirements + + +Third through Nth Level Domain Requirements + + Each second level domain may have many third level domains, etc. + Every third level domain (through Nth level domain) must meet the + requirements set by the administrator of the immediately higher level + domain. Note that these may be more or less strict than the general + requirements. One would expect the minimum size requirements to + decrease at each level. + +The ARPA Domain + + At the time the implementation of the domain concept was begun it was + thought that the set of hosts under the administrative authority of + DARPA would make up a domain. Thus the initial domain selected was + called ARPA. Now it is seen that there is no strong motivation for + there to be a top level ARPA domain. The plan is for the current + ARPA domain to go out of business as soon as possible. Hosts that + are currently members of the ARPA domain should make arrangements to + join another domain. It is likely that for experimental purposes + there will be a second level domain called ARPA in the ORG domain + (i.e., there will probably be an ARPA.ORG domain). + +The DDN Hosts + + DDN hosts that do not desire to participate in this domain naming + system will continue to use the HOSTS.TXT data file maintained by the + NIC for name to address translations. This file will be kept up to + date for the DDN hosts. However, all DDN hosts will change their + names from "host.ARPA" to (for example) "host.DDN.MIL" some time in + the future. The schedule for changes required in DDN hosts will be + established by the DDN-PMO. + +Impact on Hosts + + What is a host administrator to do about all this? + + For existing hosts already operating in the ARPA-Internet, the + best advice is to sit tight for now. Take a few months to + consider the options, then select a domain to join. Plan + carefully for the impact that changing your host name will have on + both your local users and on their remote correspondents. + + For a new host, careful thought should be given (as discussed + below). Some guidance can be obtained by comparing notes on what + other hosts with similar administrative properties have done. + + The owner of a host may decide which domain to join, and the + + +Postel & Reynolds [Page 9] + + + +RFC 920 October 1984 +Domain Requirements + + + administrator of a domain may decide which hosts to accept into his + domain. Thus the owner of a host and a domain administrator must + come to an understanding about the host being in the domain. This is + the foundation of responsible administration. + + For example, a host "XYZ" at MIT might possible be considered as a + candidate for becoming any of XYZ.ARPA.ORG, XYZ.CSNET, or + XYZ.MIT.EDU. + + The owner of host XYZ may choose which domain to join, + depending on which domain administrators are willing to have + him. + + The domain is part of the host name. Thus if USC-ISIA.ARPA changes + its domain affiliation to DDN.MIL to become USC-ISIA.DDN.MIL, it has + changed its name. This means that any previous references to + USC-ISIA.ARPA are now out of date. Such old references may include + private host name to address tables, and any recorded information + about mailboxes such as mailing lists, the headers of old messages, + printed directories, and peoples' memories. + + The experience of the DARPA community suggests that changing the name + of a host is somewhat painful. It is recommended that careful + thought be given to choosing a new name for a host - which includes + selecting its place in the domain hierarchy. + +The Roles of the Network Information Center + + The NIC plays two types of roles in the administration of domains. + First, the NIC is the registrar of all top level domains. Second + the NIC is the administrator of several top level domains (and the + registrar for second level domains in these). + + Top Level Domain Registrar + + As the registrar for top level domains, the NIC is the contact + point for investigating the possibility of establishing a new top + level domain. + + Top Level Domain Administrator + + For the top level domains designated so far, the NIC is the + administrator of each of these domains. This means the NIC is + responsible for the management of these domains and the + registration of the second level domains or hosts (if at the + second level) in these domains. + + + +Postel & Reynolds [Page 10] + + + +RFC 920 October 1984 +Domain Requirements + + + It may be reasonable for the administration of some of these + domains to be taken on by other authorities in the future. It is + certainly not desired that the NIC be the administrator of all top + level domains forever. + +Prototypical Questions + + To establish a domain, the following information must be provided to + the NIC Domain Registrar (HOSTMASTER@SRI-NIC.ARPA): + + Note: The key people must have computer mail mailboxes and + NIC-Idents. If they do not at present, please remedy the + situation at once. A NIC-Ident may be established by contacting + NIC@SRI-NIC.ARPA. + + 1) The name of the top level domain to join. + + For example: EDU + + 2) The name, title, mailing address, phone number, and organization + of the administrative head of the organization. This is the contact + point for administrative and policy questions about the domain. In + the case of a research project, this should be the Principal + Investigator. The online mailbox and NIC-Ident of this person should + also be included. + + For example: + + Administrator + + Organization USC/Information Sciences Institute + Name Keith Uncapher + Title Executive Director + Mail Address USC/ISI + 4676 Admiralty Way, Suite 1001 + Marina del Rey, CA. 90292-6695 + Phone Number 213-822-1511 + Net Mailbox Uncapher@USC-ISIB.ARPA + NIC-Ident KU + + 3) The name, title, mailing address, phone number, and organization + of the domain technical contact. The online mailbox and NIC-Ident of + the domain technical contact should also be included. This is the + contact point for problems with the domain and for updating + information about the domain. Also, the domain technical contact may + be responsible for hosts in this domain. + + + +Postel & Reynolds [Page 11] + + + +RFC 920 October 1984 +Domain Requirements + + + For example: + + Technical Contact + + Organization USC/Information Sciences Institute + Name Craig Milo Rogers + Title Researcher + Mail Address USC/ISI + 4676 Admiralty Way, Suite 1001 + Marina del Rey, CA. 90292-6695 + Phone Number 213-822-1511 + Net Mailbox Rogers@USC-ISIB.ARPA + NIC-Ident CMR + + 4) The name, title, mailing address, phone number, and organization + of the zone technical contact. The online mailbox and NIC-Ident of + the zone technical contact should also be included. This is the + contact point for problems with the zone and for updating information + about the zone. In many cases the zone technical contact and the + domain technical contact will be the same person. + + For example: + + Technical Contact + + Organization USC/Information Sciences Institute + Name Craig Milo Rogers + Title Researcher + Mail Address USC/ISI + 4676 Admiralty Way, Suite 1001 + Marina del Rey, CA. 90292-6695 + Phone Number 213-822-1511 + Net Mailbox Rogers@USC-ISIB.ARPA + NIC-Ident CMR + + 5) The name of the domain (up to 12 characters). This is the name + that will be used in tables and lists associating the domain and the + domain server addresses. [While technically domain names can be + quite long (programmers beware), shorter names are easier for people + to cope with.] + + For example: ALPHA-BETA + + 6) A description of the servers that provides the domain service for + translating name to address for hosts in this domain, and the date + they will be operational. + + + +Postel & Reynolds [Page 12] + + + +RFC 920 October 1984 +Domain Requirements + + + A good way to answer this question is to say "Our server is + supplied by person or company X and does whatever their standard + issue server does". + + For example: Our server is a copy of the server operated by + the NIC, and will be installed and made operational on + 1-November-84. + + 7) A description of the server machines, including: + + (a) hardware and software (using keywords from the Assigned + Numbers) + + (b) addresses (what host on what net for each connected net) + + For example: + + (a) hardware and software + + VAX-11/750 and UNIX, or + IBM-PC and MS-DOS, or + DEC-1090 and TOPS-20 + + (b) address + + 10.9.0.193 on ARPANET + + 8) An estimate of the number of hosts that will be in the domain. + + (a) initially, + (b) within one year, + (c) two years, and + (d) five years. + + For example: + + (a) initially = 50 + (b) one year = 100 + (c) two years = 200 + (d) five years = 500 + + + + + + + + + +Postel & Reynolds [Page 13] + + + +RFC 920 October 1984 +Domain Requirements + + +Acknowledgment + + We would like to thank the many people who contributed to this memo, + including the participants in the Namedroppers Group, the ICCB, the + PCCB, and especially the staff of the Network Information Center, + particularly J. Feinler and K. Harrenstien. + +References + + [1] Postel, J., "The Domain Names Plan and Schedule", RFC-881, USC + Information Sciences Institute, November 1983. + + [2] Mockapetris, P., "Domain Names - Concepts and Facilities", + RFC-882, USC Information Sciences Institute, November 1983. + + [3] Mockapetris, P., "Domain Names - Implementation and + Specification", RFC-883, USC Information Sciences Institute, + November 1983. + + [4] Postel, J., "Domain Name System Implementation Schedule", + RFC-897, USC Information Sciences Institute, February 1984. + + [5] ISO, "Codes for the Representation of Names of Countries", + ISO-3166, International Standards Organization, May 1981. + + [6] Postel, J., "Domain Name System Implementation Schedule - + Revised", RFC-921, USC Information Sciences Institute, October + 1984. + + [7] Mockapetris, P., "The Domain Name System", Proceedings of the + IFIP 6.5 Working Conference on Computer Message Services, + Nottingham, England, May 1984. Also as ISI/RS-84-133, + June 1984. + + [8] Mockapetris, P., J. Postel, and P. Kirton, "Name Server Design + for Distributed Systems", Proceedings of the Seventh + International Conference on Computer Communication, October 30 + to November 3 1984, Sidney, Australia. Also as ISI/RS-84-132, + June 1984. + + + + + + + + + + +Postel & Reynolds [Page 14] + diff --git a/usr.sbin/named/doc/rfc/rfc974 b/usr.sbin/named/doc/rfc/rfc974 new file mode 100644 index 00000000000..97d79a4fa4c --- /dev/null +++ b/usr.sbin/named/doc/rfc/rfc974 @@ -0,0 +1,399 @@ + + +Network Working Group Craig Partridge +Request for Comments: 974 CSNET CIC BBN Laboratories Inc + January 1986 + + MAIL ROUTING AND THE DOMAIN SYSTEM + + +Status of this Memo + + This RFC presents a description of how mail systems on the Internet + are expected to route messages based on information from the domain + system described in RFCs 882, 883 and 973. Distribution of this memo + is unlimited. + +Introduction + + The purpose of this memo is to explain how mailers are to decide how + to route a message addressed to a given Internet domain name. This + involves a discussion of how mailers interpret MX RRs, which are used + for message routing. Note that this memo makes no statement about + how mailers are to deal with MB and MG RRs, which are used for + interpreting mailbox names. + + Under RFC-882 and RFC-883 certain assumptions about mail addresses + have been changed. Up to now, one could usually assume that if a + message was addressed to a mailbox, for example, at LOKI.BBN.COM, + that one could just open an SMTP connection to LOKI.BBN.COM and pass + the message along. This system broke down in certain situations, + such as for certain UUCP and CSNET hosts which were not directly + attached to the Internet, but these hosts could be handled as special + cases in configuration files (for example, most mailers were set up + to automatically forward mail addressed to a CSNET host to + CSNET-RELAY.ARPA). + + Under domains, one cannot simply open a connection to LOKI.BBN.COM, + but must instead ask the domain system where messages to LOKI.BBN.COM + are to be delivered. And the domain system may direct a mailer to + deliver messages to an entirely different host, such as SH.CS.NET. + Or, in a more complicated case, the mailer may learn that it has a + choice of routes to LOKI.BBN.COM. This memo is essentially a set of + guidelines on how mailers should behave in this more complex world. + + Readers are expected to be familiar with RFCs 882, 883, and the + updates to them (e.g., RFC-973). + + + + + + + + + +Partridge [Page 1] + + + +RFC 974 January 1986 +Mail Routing and the Domain System + + +What the Domain Servers Know + + The domain servers store information as a series of resource records + (RRs), each of which contains a particular piece of information about + a given domain name (which is usually, but not always, a host). The + simplest way to think of a RR is as a typed pair of datum, a domain + name matched with relevant data, and stored with some additional type + information to help systems determine when the RR is relevant. For + the purposes of message routing, the system stores RRs known as MX + RRs. Each MX matches a domain name with two pieces of data, a + preference value (an unsigned 16-bit integer), and the name of a + host. The preference number is used to indicate in what order the + mailer should attempt deliver to the MX hosts, with the lowest + numbered MX being the one to try first. Multiple MXs with the same + preference are permitted and have the same priority. + + In addition to mail information, the servers store certain other + types of RR's which mailers may encounter or choose to use. These + are: the canonical name (CNAME) RR, which simply states that the + domain name queried for is actually an alias for another domain name, + which is the proper, or canonical, name; and the Well Known Service + (WKS) RR, which stores information about network services (such as + SMTP) a given domain name supports. + +General Routing Guidelines + + Before delving into a detailed discussion of how mailers are expected + to do mail routing, it would seem to make sense to give a brief + overview of how this memo is approaching the problems that routing + poses. + + The first major principle is derived from the definition of the + preference field in MX records, and is intended to prevent mail + looping. If the mailer is on a host which is listed as an MX for the + destination host, the mailer may only deliver to an MX which has a + lower preference count than its own host. + + It is also possible to cause mail looping because routing information + is out of date or incomplete. Out of date information is only a + problem when domain tables are changed. The changes will not be + known to all affected hosts until their resolver caches time out. + There is no way to ensure that this will not happen short of + requiring mailers and their resolvers to always send their queries to + an authoritative server, and never use data stored in a cache. This + is an impractical solution, since eliminating resolver caching would + make mailing inordinately expensive. What is more, the out-of-date + RR problem should not happen if, when a domain table is changed, + + +Partridge [Page 2] + + + +RFC 974 January 1986 +Mail Routing and the Domain System + + + affected hosts (those in the list of MXs) have their resolver caches + flushed. In other words, given proper precautions, mail looping as a + result of domain information should be avoidable, without requiring + mailers to query authoritative servers. (The appropriate precaution + is to check with a host's administrator before adding that host to a + list of MXs). + + The incomplete data problem also requires some care when handling + domain queries. If the answer section of a query is incomplete + critical MX RRs may be left out. This may result in mail looping, or + in a message being mistakenly labelled undeliverable. As a result, + mailers may only accept responses from the domain system which have + complete answer sections. Note that this entire problem can be + avoided by only using virtual circuits for queries, but since this + situation is likely to be very rare and datagrams are the preferred + way to interact with the domain system, implementors should probably + just ensure that their mailer will repeat a query with virtual + circuits should the truncation bit ever be set. + +Determining Where to Send a Message + + The explanation of how mailers should decide how to route a message + is discussed in terms of the problem of a mailer on a host with + domain name LOCAL trying to deliver a message addressed to the domain + name REMOTE. Both LOCAL and REMOTE are assumed to be syntactically + correct domain names. Furthermore, LOCAL is assumed to be the + official name for the host on which the mailer resides (i.e., it is + not a alias). + +Issuing a Query + + The first step for the mailer at LOCAL is to issue a query for MX RRs + for REMOTE. It is strongly urged that this step be taken every time + a mailer attempts to send the message. The hope is that changes in + the domain database will rapidly be used by mailers, and thus domain + administrators will be able to re-route in-transit messages for + defective hosts by simply changing their domain databases. + + Certain responses to the query are considered errors: + + Getting no response to the query. The domain server the mailer + queried never sends anything back. (This is distinct from an + answer which contains no answers to the query, which is not an + error). + + Getting a response in which the truncation field of the header is + + + +Partridge [Page 3] + + + +RFC 974 January 1986 +Mail Routing and the Domain System + + + set. (Recall discussion of incomplete queries above). Mailers + may not use responses of this type, and should repeat the query + using virtual circuits instead of datagrams. + + Getting a response in which the response code is non-zero. + + Mailers are expected to do something reasonable in the face of an + error. The behaviour for each type of error is not specified here, + but implementors should note that different types of errors should + probably be treated differently. For example, a response code of + "non-existent domain" should probably cause the message to be + returned to the sender as invalid, while a response code of "server + failure" should probably cause the message to be retried later. + + There is one other special case. If the response contains an answer + which is a CNAME RR, it indicates that REMOTE is actually an alias + for some other domain name. The query should be repeated with the + canonical domain name. + + If the response does not contain an error response, and does not + contain aliases, its answer section should be a (possibly zero + length) list of MX RRs for domain name REMOTE (or REMOTE's true + domain name if REMOTE was a alias). The next section describes how + this list is interpreted. + +Interpreting the List of MX RRs + + NOTE: This section only discusses how mailers choose which names to + try to deliver a message to, working from a list of RR's. It does + not discuss how the mailers actually make delivery. Where ever + delivering a message is mentioned, all that is meant is that the + mailer should do whatever it needs to do to transfer a message to a + remote site, given a domain name for that site. (For example, an + SMTP mailer will try to get an address for the domain name, which + involves another query to the domain system, and then, if it gets an + address, connect to the SMTP TCP port). The mechanics of actually + transferring the message over the network to the address associated + with a given domain name is not within the scope of this memo. + + It is possible that the list of MXs in the response to the query will + be empty. This is a special case. If the list is empty, mailers + should treat it as if it contained one RR, an MX RR with a preference + value of 0, and a host name of REMOTE. (I.e., REMOTE is its only + MX). In addition, the mailer should do no further processing on the + list, but should attempt to deliver the message to REMOTE. The idea + + + + +Partridge [Page 4] + + + +RFC 974 January 1986 +Mail Routing and the Domain System + + + here is that if a domain fails to advertise any information about a + particular name we will give it the benefit of the doubt and attempt + delivery. + + If the list is not empty, the mailer should remove irrelevant RR's + from the list according to the following steps. Note that the order + is significant. + + For each MX, a WKS query should be issued to see if the domain + name listed actually supports the mail service desired. MX RRs + which list domain names which do not support the service should be + discarded. This step is optional, but strongly encouraged. + + If the domain name LOCAL is listed as an MX RR, all MX RRs with a + preference value greater than or equal to that of LOCAL's must be + discarded. + + After removing irrelevant RRs, the list can again be empty. This is + now an error condition and can occur in several ways. The simplest + case is that the WKS queries have discovered that none of the hosts + listed supports the mail service desired. The message is thus deemed + undeliverable, though extremely persistent mail systems might want to + try a delivery to REMOTE's address (if it exists) before returning + the message. Another, more dangerous, possibility is that the domain + system believes that LOCAL is handling message for REMOTE, but the + mailer on LOCAL is not set up to handle mail for REMOTE. For + example, if the domain system lists LOCAL as the only MX for REMOTE, + LOCAL will delete all the entries in the list. But LOCAL is + presumably querying the domain system because it didn't know what to + do with a message addressed to REMOTE. Clearly something is wrong. + How a mailer chooses to handle these situations is to some extent + implementation dependent, and is thus left to the implementor's + discretion. + + If the list of MX RRs is not empty, the mailer should try to deliver + the message to the MXs in order (lowest preference value tried + first). The mailer is required to attempt delivery to the lowest + valued MX. Implementors are encouraged to write mailers so that they + try the MXs in order until one of the MXs accepts the message, or all + the MXs have been tried. A somewhat less demanding system, in which + a fixed number of MXs is tried, is also reasonable. Note that + multiple MXs may have the same preference value. In this case, all + MXs at with a given value must be tried before any of a higher value + are tried. In addition, in the special case in which there are + several MXs with the lowest preference value, all of them should be + tried before a message is deemed undeliverable. + + + +Partridge [Page 5] + + + +RFC 974 January 1986 +Mail Routing and the Domain System + + +Minor Special Issues + + There are a couple of special issues left out of the preceding + section because they complicated the discussion. They are treated + here in no particular order. + + Wildcard names, those containing the character '*' in them, may be + used for mail routing. There are likely to be servers on the network + which simply state that any mail to a domain is to be routed through + a relay. For example, at the time that this RFC is being written, all + mail to hosts in the domain IL is routed through RELAY.CS.NET. This + is done by creating a wildcard RR, which states that *.IL has an MX + of RELAY.CS.NET. This should be transparent to the mailer since the + domain servers will hide this wildcard match. (If it matches *.IL + with HUJI.IL for example, a domain server will return an RR + containing HUJI.IL, not *.IL). If by some accident a mailer receives + an RR with a wildcard domain name in its name or data section it + should discard the RR. + + Note that the algorithm to delete irrelevant RRs breaks if LOCAL has + a alias and the alias is listed in the MX records for REMOTE. (E.g. + REMOTE has an MX of ALIAS, where ALIAS has a CNAME of LOCAL). This + can be avoided if aliases are never used in the data section of MX + RRs. + + Implementors should understand that the query and interpretation of + the query is only performed for REMOTE. It is not repeated for the + MX RRs listed for REMOTE. You cannot try to support more extravagant + mail routing by building a chain of MXs. (E.g. UNIX.BBN.COM is an MX + for RELAY.CS.NET and RELAY.CS.NET is an MX for all the hosts in .IL, + but this does not mean that UNIX.BBN.COM accepts any responsibility + for mail for .IL). + + Finally, it should be noted that this is a standard for routing on + the Internet. Mailers serving hosts which lie on multiple networks + will presumably have to make some decisions about which network to + route through. This decision making is outside the scope of this + memo, although mailers may well use the domain system to help them + decide. However, once a mailer decides to deliver a message via the + Internet it must apply these rules to route the message. + + + + + + + + + +Partridge [Page 6] + + + +RFC 974 January 1986 +Mail Routing and the Domain System + + +Examples + + To illustrate the discussion above, here are three examples of how + mailers should route messages. All examples work with the following + database: + + A.EXAMPLE.ORG IN MX 10 A.EXAMPLE.ORG + A.EXAMPLE.ORG IN MX 15 B.EXAMPLE.ORG + A.EXAMPLE.ORG IN MX 20 C.EXAMPLE.ORG + A.EXAMPLE.ORG IN WKS 10.0.0.1 TCP SMTP + + B.EXAMPLE.ORG IN MX 0 B.EXAMPLE.ORG + B.EXAMPLE.ORG IN MX 10 C.EXAMPLE.ORG + B.EXAMPLE.ORG IN WKS 10.0.0.2 TCP SMTP + + C.EXAMPLE.ORG IN MX 0 C.EXAMPLE.ORG + C.EXAMPLE.ORG IN WKS 10.0.0.3 TCP SMTP + + D.EXAMPLE.ORG IN MX 0 D.EXAMPLE.ORG + D.EXAMPLE.ORG IN MX 0 C.EXAMPLE.ORG + D.EXAMPLE.ORG IN WKS 10.0.0.4 TCP SMTP + + In the first example, an SMTP mailer on D.EXAMPLE.ORG is trying to + deliver a message addressed to A.EXAMPLE.ORG. From the answer to its + query, it learns that A.EXAMPLE.ORG has three MX RRs. D.EXAMPLE.ORG + is not one of the MX RRs and all three MXs support SMTP mail + (determined from the WKS entries), so none of the MXs are eliminated. + The mailer is obliged to try to deliver to A.EXAMPLE.ORG as the + lowest valued MX. If it cannot reach A.EXAMPLE.ORG it can (but is + not required to) try B.EXAMPLE.ORG. and if B.EXAMPLE.ORG is not + responding, it can try C.EXAMPLE.ORG. + + In the second example, the mailer is on B.EXAMPLE.ORG, and is again + trying to deliver a message addressed to A.EXAMPLE.ORG. There are + once again three MX RRs for A.EXAMPLE.ORG, but in this case the + mailer must discard the RRs for itself and C.EXAMPLE.ORG (because the + MX RR for C.EXAMPLE.ORG has a higher preference value than the RR for + B.EXAMPLE.ORG). It is left only with the RR for A.EXAMPLE.ORG, and + can only try delivery to A.EXAMPLE.ORG. + + In the third example, consider a mailer on A.EXAMPLE.ORG trying to + deliver a message to D.EXAMPLE.ORG. In this case there are only two + MX RRs, both with the same preference value. Either MX will accept + messages for D.EXAMPLE.ORG. The mailer should try one MX first (which + one is up to the mailer, though D.EXAMPLE.ORG seems most reasonable), + and if that delivery fails should try the other MX (e.g. + C.EXAMPLE.ORG). + + +Partridge [Page 7] + |