Internet Engineering Task Force (IETF) M. Blanchet Request for Comments: 7720 Viagenie BCP: 40 L-J. Liman Obsoletes: 2870 Netnod Category: Best Current Practice December 2015 ISSN: 2070-1721
Internet Engineering Task Force (IETF) M. Blanchet Request for Comments: 7720 Viagenie BCP: 40 L-J. Liman Obsoletes: 2870 Netnod Category: Best Current Practice December 2015 ISSN: 2070-1721
DNS Root Name Service Protocol and Deployment Requirements
DNS根名称服务协议和部署要求
Abstract
摘要
The DNS root name service is a critical part of the Internet architecture. The protocol and deployment requirements for the DNS root name service are defined in this document. Operational requirements are out of scope.
DNS根名称服务是Internet体系结构的关键部分。DNS根名称服务的协议和部署要求在本文档中定义。操作要求超出范围。
Status of This Memo
关于下段备忘
This memo documents an Internet Best Current Practice.
本备忘录记录了互联网最佳实践。
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on BCPs is available in Section 2 of RFC 5741.
本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。有关BCP的更多信息,请参见RFC 5741第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7720.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc7720.
Copyright Notice
版权公告
Copyright (c) 2015 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2015 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。
Table of Contents
目录
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Relationship to RFC 2870 . . . . . . . . . . . . . . . . 2 2. Protocol Requirements . . . . . . . . . . . . . . . . . . . . 3 3. Deployment Requirements . . . . . . . . . . . . . . . . . . . 3 4. Security Considerations . . . . . . . . . . . . . . . . . . . 3 5. Informative References . . . . . . . . . . . . . . . . . . . 4 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 5 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Relationship to RFC 2870 . . . . . . . . . . . . . . . . 2 2. Protocol Requirements . . . . . . . . . . . . . . . . . . . . 3 3. Deployment Requirements . . . . . . . . . . . . . . . . . . . 3 4. Security Considerations . . . . . . . . . . . . . . . . . . . 3 5. Informative References . . . . . . . . . . . . . . . . . . . 4 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 5 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6
[RFC2870] discusses protocol and operational requirements for root name servers for the Internet's domain name system (DNS) protocol [RFC1035]. Since its publication, both protocol and operational requirements have evolved. It makes more sense now to separate the two sets of requirements into two separate documents. This document only defines the protocol requirements and some deployment requirements. The operational requirements that were defined in RFC 2870 have been removed. Operational requirements are now defined by the Root Server System Advisory Committee of ICANN and are documented in [RSSAC-001].
[RFC2870]讨论了互联网域名系统(DNS)协议[RFC1035]的根名称服务器的协议和操作要求。自其发布以来,协议和操作要求都有所发展。现在将这两组需求分为两个单独的文档更有意义。本文档仅定义协议要求和一些部署要求。已删除RFC 2870中定义的操作要求。操作要求现在由ICANN的根服务器系统咨询委员会定义,并记录在[RSSAC-001]中。
The root servers are authoritative servers of the unique [RFC2826] root zone (".") [ROOTZONE]. They currently also serve the root-servers.net zone. Some also serve the zone for the .arpa top-level domain [ARPAZONE] [RFC3172]. This document describes the external interface of the root name servers from a protocol viewpoint of the service. It specifies basic requirements for the Internet that DNS clients meet when interacting with a root name service over the public Internet.
根服务器是唯一[RFC2826]根区域(“.”[ROOTZONE]的权威服务器。它们目前还为root-servers.net区域提供服务。有些还为.arpa顶级域[ARPAZONE][RFC3172]提供区域服务。本文档从服务的协议角度描述根名称服务器的外部接口。它指定了DNS客户端在公共Internet上与根名称服务交互时满足的Internet基本要求。
The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this document, are to be interpreted as described in BCP 14, [RFC2119].
本文件中出现的关键词必须、不得、必需、应、不应、应、不应、推荐、可和可选时,应按照BCP 14[RFC2119]中的说明进行解释。
This document obsoletes [RFC2870].
本文件废除了[RFC2870]。
This document and [RSSAC-001] together functionally replace [RFC2870].
本文件和[RSSAC-001]一起在功能上取代[RFC2870]。
This section describes the minimum high-level protocol requirements. Operative details are documented in [RSSAC-001].
本节描述了最低高级协议要求。操作细节记录在[RSSAC-001]中。
The root name service:
根名称服务:
o MUST implement core DNS [RFC1035] and clarifications to the DNS [RFC2181].
o 必须实施核心DNS[RFC1035]和对DNS[RFC2181]的澄清。
o MUST support IPv4 [RFC791] and IPv6 [RFC2460] transport of DNS queries and responses.
o 必须支持DNS查询和响应的IPv4[RFC791]和IPv6[RFC2460]传输。
o MUST support UDP [RFC768] and TCP [RFC793] transport of DNS queries and responses.
o 必须支持DNS查询和响应的UDP[RFC768]和TCP[RFC793]传输。
o MUST generate checksums when sending UDP datagrams and MUST verify checksums when receiving UDP datagrams containing a non-zero checksum.
o 发送UDP数据报时必须生成校验和,接收包含非零校验和的UDP数据报时必须验证校验和。
o MUST implement DNSSEC [RFC4035] as an authoritative name service.
o 必须将DNSSEC[RFC4035]实现为权威名称服务。
o MUST implement extension mechanisms for DNS (EDNS(0)) [RFC6891].
o 必须为DNS(EDN(0))[RFC6891]实现扩展机制。
The root name service:
根名称服务:
o MUST answer queries from any entity conforming to [RFC1122] with a valid IP address.
o 必须使用有效IP地址回答符合[RFC1122]要求的任何实体的查询。
o MUST serve the unique [RFC2826] root zone [ROOTZONE].
o 必须为唯一的[RFC2826]根区域[ROOTZONE]提供服务。
This document does not specify a new protocol. However, the root name service is a key component of the Internet architecture and play a key role into the overall security of the Internet [RFC2826]. Specific security considerations on the DNS protocols are discussed in their respective specifications. The security considerations on the operational side of the root name servers are discussed in [RSSAC-001].
本文档未指定新协议。但是,根名称服务是Internet体系结构的关键组件,在Internet的整体安全中起着关键作用[RFC2826]。DNS协议的具体安全注意事项在其各自的规范中进行了讨论。[RSSAC-001]中讨论了根名称服务器操作端的安全注意事项。
[ARPAZONE] IANA, ".ARPA Zone Management", <http://www.iana.org/domains/arpa>.
[ARPAZONE]IANA,“.ARPA区域管理”<http://www.iana.org/domains/arpa>.
[RFC768] Postel, J., "User Datagram Protocol", STD 6, RFC 768, DOI 10.17487/RFC0768, August 1980, <http://www.rfc-editor.org/info/rfc768>.
[RFC768]Postel,J.,“用户数据报协议”,STD 6,RFC 768,DOI 10.17487/RFC0768,1980年8月<http://www.rfc-editor.org/info/rfc768>.
[RFC791] Postel, J., "Internet Protocol", STD 5, RFC 791, DOI 10.17487/RFC0791, September 1981, <http://www.rfc-editor.org/info/rfc791>.
[RFC791]Postel,J.,“互联网协议”,STD 5,RFC 791,DOI 10.17487/RFC07911981年9月<http://www.rfc-editor.org/info/rfc791>.
[RFC793] Postel, J., "Transmission Control Protocol", STD 7, RFC 793, DOI 10.17487/RFC0793, September 1981, <http://www.rfc-editor.org/info/rfc793>.
[RFC793]Postel,J.,“传输控制协议”,标准7,RFC 793,DOI 10.17487/RFC0793,1981年9月<http://www.rfc-editor.org/info/rfc793>.
[RFC1035] Mockapetris, P., "Domain names - implementation and specification", STD 13, RFC 1035, DOI 10.17487/RFC1035, November 1987, <http://www.rfc-editor.org/info/rfc1035>.
[RFC1035]Mockapetris,P.,“域名-实现和规范”,STD 13,RFC 1035,DOI 10.17487/RFC1035,1987年11月<http://www.rfc-editor.org/info/rfc1035>.
[RFC1122] Braden, R., Ed., "Requirements for Internet Hosts - Communication Layers", STD 3, RFC 1122, DOI 10.17487/RFC1122, October 1989, <http://www.rfc-editor.org/info/rfc1122>.
[RFC1122]Braden,R.,Ed.“互联网主机的要求-通信层”,STD 3,RFC 1122,DOI 10.17487/RFC1122,1989年10月<http://www.rfc-editor.org/info/rfc1122>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <http://www.rfc-editor.org/info/rfc2119>.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,DOI 10.17487/RFC2119,1997年3月<http://www.rfc-editor.org/info/rfc2119>.
[RFC2181] Elz, R. and R. Bush, "Clarifications to the DNS Specification", RFC 2181, DOI 10.17487/RFC2181, July 1997, <http://www.rfc-editor.org/info/rfc2181>.
[RFC2181]Elz,R.和R.Bush,“DNS规范的澄清”,RFC 2181,DOI 10.17487/RFC2181,1997年7月<http://www.rfc-editor.org/info/rfc2181>.
[RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification", RFC 2460, DOI 10.17487/RFC2460, December 1998, <http://www.rfc-editor.org/info/rfc2460>.
[RFC2460]Deering,S.和R.Hinden,“互联网协议,第6版(IPv6)规范”,RFC 2460,DOI 10.17487/RFC2460,1998年12月<http://www.rfc-editor.org/info/rfc2460>.
[RFC2826] Internet Architecture Board, "IAB Technical Comment on the Unique DNS Root", RFC 2826, DOI 10.17487/RFC2826, May 2000, <http://www.rfc-editor.org/info/rfc2826>.
[RFC2826]互联网体系结构委员会,“关于唯一DNS根的IAB技术评论”,RFC 2826,DOI 10.17487/RFC2826,2000年5月<http://www.rfc-editor.org/info/rfc2826>.
[RFC2870] Bush, R., Karrenberg, D., Kosters, M., and R. Plzak, "Root Name Server Operational Requirements", BCP 40, RFC 2870, DOI 10.17487/RFC2870, June 2000, <http://www.rfc-editor.org/info/rfc2870>.
[RFC2870]Bush,R.,Karrenberg,D.,Kosters,M.,和R.Plzak,“根名称服务器操作要求”,BCP 40,RFC 2870,DOI 10.17487/RFC2870,2000年6月<http://www.rfc-editor.org/info/rfc2870>.
[RFC3172] Huston, G., Ed., "Management Guidelines & Operational Requirements for the Address and Routing Parameter Area Domain ("arpa")", BCP 52, RFC 3172, DOI 10.17487/RFC3172, September 2001, <http://www.rfc-editor.org/info/rfc3172>.
[RFC3172]Huston,G.,Ed.“地址和路由参数区域域(“arpa”)的管理指南和操作要求”,BCP 52,RFC 3172,DOI 10.17487/RFC3172,2001年9月<http://www.rfc-editor.org/info/rfc3172>.
[RFC4035] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, "Protocol Modifications for the DNS Security Extensions", RFC 4035, DOI 10.17487/RFC4035, March 2005, <http://www.rfc-editor.org/info/rfc4035>.
[RFC4035]Arends,R.,Austein,R.,Larson,M.,Massey,D.,和S.Rose,“DNS安全扩展的协议修改”,RFC 4035,DOI 10.17487/RFC4035,2005年3月<http://www.rfc-editor.org/info/rfc4035>.
[RFC6891] Damas, J., Graff, M., and P. Vixie, "Extension Mechanisms for DNS (EDNS(0))", STD 75, RFC 6891, DOI 10.17487/RFC6891, April 2013, <http://www.rfc-editor.org/info/rfc6891>.
[RFC6891]Damas,J.,Graff,M.,和P.Vixie,“DNS的扩展机制(EDNS(0)),STD 75,RFC 6891,DOI 10.17487/RFC68911913年4月<http://www.rfc-editor.org/info/rfc6891>.
[ROOTZONE] "Root Zone", <ftp://rs.internic.net/domain/root.zone>.
[根区域]“根区域”<ftp://rs.internic.net/domain/root.zone>.
[RSSAC-001] Root Server System Advisory Committee (RSSAC), "Service Expectations of Root Servers", November 2014, <https://www.icann.org/en/system/files/files/ rssac-001-root-service-expectations-04dec15-en.pdf>.
[RSSAC-001]根服务器系统咨询委员会(RSSAC),“根服务器的服务期望”,2014年11月<https://www.icann.org/en/system/files/files/ rssac-001-root-service-expections-04dec15-en.pdf>。
Acknowledgements
致谢
Some text was taken from [RFC2870]. The editors of this document would like to sincerely thank the following individuals for valuable contributions to the text: Andrew Sullivan, Simon Perreault, Jean-Philippe Dionne, Dave Thaler, Russ Housley, Alissa Cooper, Joe Abley, Joao Damas, Daniel Karrenberg, Jacques Latour, Eliot Lear, Bill Manning, David Conrad, Paul Hoffman, Terry Manderson, Jari Arkko, and Mark Andrews.
一些文本取自[RFC2870]。本文件的编辑谨衷心感谢以下人士对本文的宝贵贡献:安德鲁·沙利文、西蒙·佩雷尔特、让·菲利普·迪翁、戴夫·泰勒、罗斯·霍斯利、艾莉莎·库珀、乔·艾布利、乔·达马斯、丹尼尔·卡伦伯格、雅克·拉图尔、艾略特·李尔、比尔·曼宁、大卫·康拉德、保罗·霍夫曼、,特里·曼德森、贾里·阿尔科和马克·安德鲁斯。
Authors' Addresses
作者地址
Marc Blanchet Viagenie 246 Aberdeen Quebec, QC G1R 2E1 Canada
Marc Blanchet Viagenie 246魁北克省阿伯丁市,QC G1R 2E1加拿大
Email: Marc.Blanchet@viagenie.ca URI: http://viagenie.ca
Email: Marc.Blanchet@viagenie.ca URI: http://viagenie.ca
Lars-Johan Liman Netnod Internet Exchange Box 30194 SE-104 25 Stockholm Sweden
Lars Johan Liman Netnod互联网交换箱30194 SE-104 25瑞典斯德哥尔摩
Email: liman@netnod.se URI: http://www.netnod.se/
Email: liman@netnod.se URI: http://www.netnod.se/