One document matched: draft-daley-dnsxml-00.xml
<?xml version="1.0" encoding="US-ASCII"?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
<!ENTITY RFC1002 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.1002.xml">
<!ENTITY RFC1035 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.1035.xml">
<!ENTITY RFC1183 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.1183.xml">
<!ENTITY RFC1706 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.1706.xml">
<!ENTITY RFC1712 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.1712.xml">
<!ENTITY RFC1876 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.1876.xml">
<!ENTITY RFC2045 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2045.xml">
<!ENTITY RFC2119 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml">
<!ENTITY RFC2136 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2136.xml">
<!ENTITY RFC2163 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2163.xml">
<!ENTITY RFC2181 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2181.xml">
<!ENTITY RFC2230 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2230.xml">
<!ENTITY RFC2538 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2538.xml">
<!ENTITY RFC2671 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2671.xml">
<!ENTITY RFC2672 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2672.xml">
<!ENTITY RFC2782 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2782.xml">
<!ENTITY RFC2845 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2845.xml">
<!ENTITY RFC2874 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2874.xml">
<!ENTITY RFC2930 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2930.xml">
<!ENTITY RFC2931 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2931.xml">
<!ENTITY RFC3123 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3123.xml">
<!ENTITY RFC3403 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3403.xml">
<!ENTITY RFC3445 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3445.xml">
<!ENTITY RFC3596 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3596.xml">
<!ENTITY RFC3597 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3597.xml">
<!ENTITY RFC3688 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3688.xml">
<!ENTITY RFC4025 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4025.xml">
<!ENTITY RFC4034 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4034.xml">
<!ENTITY RFC4255 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4255.xml">
<!ENTITY RFC4408 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4408.xml">
<!ENTITY RFC4431 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4431.xml">
<!ENTITY RFC4509 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4509.xml">
<!ENTITY RFC4701 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4701.xml">
<!ENTITY RFC5155 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5155.xml">
<!ENTITY RFC5702 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5702.xml">
<!ENTITY RFC5933 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5933.xml">
<!ENTITY RFC6195 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6195.xml">
<!ENTITY RFC6605 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6605.xml">
<!ENTITY W3C.REC-xml-20081126 SYSTEM "http://xml.resource.org/public/rfc/bibxml4/reference.W3C.REC-xml-20081126.xml">
<!ENTITY W3C.REC-xmlschema-1-20041028 SYSTEM "http://xml.resource.org/public/rfc/bibxml4/reference.W3C.REC-xmlschema-1-20041028.xml">
<!ENTITY W3C.REC-xmlschema-2-20041028 SYSTEM "http://xml.resource.org/public/rfc/bibxml4/reference.W3C.REC-xmlschema-2-20041028.xml">
<!ENTITY W3C.REC-xml-names-20091208 SYSTEM "http://xml.resource.org/public/rfc/bibxml4/reference.W3C.REC-xml-names-20091208.xml">
]>
<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?>
<?rfc strict="yes" ?>
<?rfc toc="yes"?>
<?rfc tocdepth="4"?>
<?rfc symrefs="yes"?>
<?rfc sortrefs="yes" ?>
<?rfc compact="yes" ?>
<?rfc subcompact="no" ?>
<rfc category="info" docName="draft-daley-dnsxml-00" ipr="trust200902">
<front>
<title abbrev="dnsxml">dnsxml - A standard XML representation of DNS data</title>
<author fullname="Jay Daley" initials="J." role="editor"
surname="Daley">
<organization>.nz Registry Services</organization>
<address>
<postal>
<street>PO Box 24361, Manners Street</street>
<city>Wellington</city>
<region/>
<code>6142</code>
<country>New Zealand</country>
</postal>
<phone>+64 4 931 6970</phone>
<email>jay@nzrs.net.nz</email>
</address>
</author>
<author fullname="Stephen Morris" initials="S." surname="Morris">
<organization>Internet Systems Consortium</organization>
<address>
<postal>
<street/>
<city>Grove</city>
<region/>
<code/>
<country>UK</country>
</postal>
<phone/>
<email/>
</address>
</author>
<author fullname="John Dickinson" initials="J."
surname="Dickinson">
<organization>Sinodun</organization>
<address>
<postal>
<street/>
<city>Wallingford</city>
<region/>
<code/>
<country>UK</country>
</postal>
<phone/>
<email/>
</address>
</author>
<date month="July" year="2013"/>
<!-- Meta-data Declarations -->
<area>General</area>
<workgroup>Internet Engineering Task Force</workgroup>
<keyword>dns</keyword>
<keyword>schema</keyword>
<keyword>xml</keyword>
<abstract>
<t>This memo describes a syntax for encoding DNS Resource
Records in XML, and a schema to define that syntax written in
XML Schema. It can be used to represent all DNS RDATA. This
can be used by diverse applications as a common format.</t>
<t>DNS Resource Records are represented as XML elements with the
name of the element taken from the mnemonic used to represent
the DNS Resource Record in presentation format. The RDATA is
represented as XML attributes or content of the element. The
attribute names are taken from the RDATA field names specified
in the normative RFC.</t>
</abstract>
</front>
<middle>
<section title="Introduction">
<t>Historically, DNS Resource Records (RRs) have a presentation
format and wire format. The presentation format is typically
used to conveniently store DNS RRs in Human Readable Form. The
wire format is typically used in transport and communication
between DNS protocol elements.</t>
<t>This memo describes an alternative presentation format for
DNS using an <xref target="W3C.REC-xml-20081126">XML
syntax</xref> with an XML schema defined in <xref
target="W3C.REC-xmlschema-1-20041028">XML Schema</xref>.
These two parts taken together are called dnsxml.</t>
<t>The purpose of dnsxml is to enable XML based applications and
protocols to contain DNS Resource Records in their native XML
rather than the existing DNS presentation format. This
simplifies the processing of XML documents that contain DNS
Resource Records and enables the use of standard XML tools
such as validation and transformation on those records.</t>
<t>An example of an XML based protocol that may choose to use
dnsxml is Extensible Provisioning Protocol (EPP).</t>
<section title="Requirements Language">
<t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL",
"SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY",
and "OPTIONAL" in this document are to be interpreted as
described in <xref target="RFC2119"
>RFC 2119</xref>.</t>
</section>
</section>
<section title="Design goals">
<t>dnsxml consists of two parts:<list style="symbols">
<t>an XML syntax for representing DNS RRs in XML;</t>
<t>an XML schema definition of that syntax.</t>
</list>Each of these two parts has a set of design goals, as
set out below.</t>
<section title="Design goals for the XML syntax for DNS RRs"
anchor="syntaxgoals">
<t>The XML syntax should: <list style="numbers">
<t>be clear, unambiguous, succinct and easy to read for
the human reader;</t>
<t>use as closely as possible the presentation format for
RDATA fields given in various RFCs, even if that reduces
overall readability for those unfamiliar with DNS, in
the expectation that it will be easier to use for those
familiar with DNS;</t>
<t>split out RDATA into separate components so as to
minimise the secondary parsing that an application needs
to do in order to obtain the values of individual RDATA
fields;</t>
<t>be independent of any name server implementation;</t>
<t>allow the representation of an RR of unknown type as
described in <xref target="RFC3597">RFC 3597</xref>.</t>
</list></t>
</section>
<section title="Design goals for the XML schema definition">
<t>The schema definition should: <list style="numbers">
<t>validate as much RDATA as possible;</t>
<t>not require excessive processing power for
validation;</t>
<t>not impose any restrictions on the future definition of
a new RR element or a change to an existing RR
element;</t>
<t>allow for any new RR to be described as an extension of
this schema definition and used as easily as any RR
element described in it;</t>
<t>ensure that a new version of this schema definition may
include new RRs or changes to existing RRs that have
been described in new RFCs, without preventing the
continuing use of any extensions;</t>
<t>not require an excessive frequency of updates to
address changes in normative RFCs or the IANA
registry;</t>
<t anchor="semantic">support semantic inference between
RDATA fields that represent semantically equivalent
data.</t>
</list>Clearly, some of these goals need to be balanced
against each other.</t>
</section>
<section title="Semantic inference">
<t>The design goal <xref target="semantic"/> for semantic
inference is intended to allow users of dnsxml to carry out
semantically-aware processing, which may be achieved through
the use of schema-aware XSLT.</t>
</section>
<section title="Supported DNS RR tyopes">
<t>The following RFCs and Resource Records types are supported
in dnsxml: <list style="symbols">
<t>From <xref target="RFC1035"/>, A, CNAME, HINFO, MB, MG,
MINFO, MR, MX, NS, NULL, PTR, SOA, TXT and WKS.</t>
<t>From <xref target="RFC1183"/>, AFSDB, ISDN, RP, RT and
X25.</t>
<t>From <xref target="RFC1706"/>, NSAP.</t>
<t>From <xref target="RFC1712"/>, GPOS.</t>
<t>From <xref target="RFC1876"/>, LOC.</t>
<t>From <xref target="RFC2163"/>, PX.</t>
<t>From <xref target="RFC2230"/>, KX.</t>
<t>From <xref target="RFC2538"/>, CERT.</t>
<t>From <xref target="RFC2672"/>, DNAME.</t>
<t>From <xref target="RFC2782"/>, SRV.</t>
<t>From <xref target="RFC2845"/>, TSIG.</t>
<t>From <xref target="RFC2874"/>, A6.</t>
<t>From <xref target="RFC2930"/>, TKEY.</t>
<t>From <xref target="RFC2931"/>, SIG.</t>
<t>From <xref target="RFC3123"/>, APL.</t>
<t>From <xref target="RFC3445"/>, KEY.</t>
<t>From <xref target="RFC3403"/>, NAPTR.</t>
<t>From <xref target="RFC3596"/>, AAAA.</t>
<t>From <xref target="RFC4025"/>, IPSECKEY.</t>
<t>From <xref target="RFC4034"/>, DNSKEY, DS, NSEC and
RRSIG.</t>
<t>From <xref target="RFC4255"/>, SSHFP.</t>
<t>From <xref target="RFC4408"/>, SPF.</t>
<t>From <xref target="RFC4431"/>, DLV.</t>
<t>From <xref target="RFC4701"/>, DHCID.</t>
<t>From <xref target="RFC5155"/>, NSEC3 and
NSEC3PARAM.</t>
</list>Obsolete DNS resource records are not supported.
Neither are the NB and NBSTAT RR types defined in <xref
target="RFC1002"/>.</t>
</section>
<section title="Exclusions and limitations">
<t>The focus of dnsxml is DNS data only and dnsxml is not
intended as a replacement for the DNS protocol. For this
reason there are a number of parts of DNS that are not
represented in dnsxml:<list style="symbols">
<t>It is not possible to define all the parts of a DNS
datagram in dnsxml. There is no XML element in dnsxml
that represents the header section of a DNS datagram or
the question section.</t>
<t>There is no representation of the OPT pseudo-RR because
OPT, as described in <xref target="RFC2671"/>, "pertains
to a particular transport level message and not to any
actual DNS data"</t>
</list></t>
<t>For clarity:<list style="symbols">
<t>No use is made of Master File Format <xref
target="RFC1035"/>, section 5.1.</t>
<t>dnsxml is not intended to obsolete the presentation
format of RR types as specified in their normative
RFCs.</t>
<t>dnsxml is not intended to limit the presentation
formats of future RR types.</t>
</list></t>
</section>
</section>
<section title="The XML syntax and XML schema for DNS RRs">
<figure>
<preamble>These are examples of resource records represented
in this syntax:</preamble>
<artwork><![CDATA[
<A owner="example.com." class="IN" ttl="86400" address="192.0.2.1"/>
<TXT>Any text here</TXT>
]]></artwork>
</figure>
<figure>
<preamble>and this is an example of an RRSet:</preamble>
<artwork type="xml"><![CDATA[
<RRSet owner="example.com." class="IN" type="A" ttl="86400">
<A address="192.0.2.1"/>
<A address="192.0.2.2"/>
</RRSet>
]]></artwork>
</figure>
<section title="General features">
<section title="Unique XML element for each RR type">
<t>Each DNS RR type has a corresponding element. That
ensures that the schema definition can constrain the
allowable attributes on a per RR basis. It also meets the
design goal of clear, unambiguous and easy to read.</t>
</section>
<section title="Representation of RDATA">
<t>Most RDATA is represented in attributes as this
significantly reduces the verbosity of the XML. Some RDATA
is represented as the content of the element.</t>
<section title="RDATA represented as XML attributes">
<t>For each element that represents an RR type, the
attributes specified correspond to those specified in
the normative RFC that defines the RDATA for that RR
type. For example, the MX element has the specific
attributes of 'preference' and 'exchange' as specified
in <xref target="RFC1035"/>.</t>
<t>Extensive use is made of the <xref
target="W3C.REC-xmlschema-1-20041028">XML
Schema</xref> attribute 'use="required"' by which the
use of an attribute in conforming documents is mandated.
This is used when the normative RFC for that RR type
states that an RDATA field 'MUST' exist.</t>
<t>The type of an attribute is chosen to represent the
presentation format for the RDATA field specified in the
relevant RFC. For example a field specified as 32 bit
unsigned integer is represented using the <xref
target="W3C.REC-xmlschema-2-20041028">XML
Schema</xref> type of 'unsignedInt'.</t>
<t>Where there are multiple presentation formats for a
single RDATA field, the defined type is a union of two
built-in types.</t>
</section>
<section title="RDATA represented as element content"
anchor="content">
<t>Some RDATA is better suited to be represented as the
content of an element rather than as an attribute. The
following criteria have been used as a general guide to
determine when to use this method fo
representation:<list style="symbols">
<t>the RDATA is anonymous. In other words the RDATA
field is simply labelled as RDATA and no other label
is given;</t>
<t>the RDATA is of variable length or is expected to
be long enough that representing it in an attribute
will make it hard to read;</t>
<t>the text representation of the RDATA in the
normative RFC allows it to be split across multiple
lines.</t>
</list></t>
<t>To aid the implementer the following table lists the
elements that allow or require content:</t>
<texttable anchor="contenttable">
<ttcol>Element</ttcol>
<ttcol>RDATA field</ttcol>
<ttcol>Type</ttcol>
<ttcol>Nillable</ttcol>
<c>APL</c>
<c>-anonymous-</c>
<c>string</c>
<c>yes</c>
<c>NULL</c>
<c>-anonymous-</c>
<c>string</c>
<c>yes</c>
<c>SPF</c>
<c>-anonymous-</c>
<c>string</c>
<c>no</c>
<c>TXT</c>
<c>-anonymous-</c>
<c>string</c>
<c>no</c>
<c>TYPE</c>
<c>-anonymous-</c>
<c>hexWithWhitespace</c>
<c>no</c>
<c>DLV</c>
<c>digest</c>
<c>hexWithWhitespace</c>
<c>no</c>
<c>DS</c>
<c>digest</c>
<c>hexWithWhitespace</c>
<c>no</c>
<c>SSHFP</c>
<c>fingerprint</c>
<c>hexWithWhitespace</c>
<c>no</c>
<c>TKEY</c>
<c>other data</c>
<c>hexWithWhitespace</c>
<c>yes</c>
<c>TSIG</c>
<c>other data</c>
<c>hexWithWhitespace</c>
<c>yes</c>
<c>WKS</c>
<c>bitmap</c>
<c>hexWithWhitespace</c>
<c>no</c>
<c>CERT</c>
<c>certificate or CRL</c>
<c>base64Binary</c>
<c>no</c>
<c>DHCID</c>
<c>-anonymous-</c>
<c>base64Binary</c>
<c>no</c>
<c>DNSKEY</c>
<c>public key</c>
<c>base64Binary</c>
<c>no</c>
<c>IPSECKEY</c>
<c>public key</c>
<c>base64Binary</c>
<c>no</c>
<c>KEY</c>
<c>public key</c>
<c>base64Binary</c>
<c>no</c>
<c>RRSIG</c>
<c>signature</c>
<c>base64Binary</c>
<c>no</c>
<c>SIG</c>
<c>signature</c>
<c>base64Binary</c>
<c>no</c>
</texttable>
<t>More information on the types used to represent
variable length binary data can be found in <xref
target="variable"/>.</t>
</section>
</section>
<section title="Use of XML Schema">
<t>This schema is written using XML Schema <xref
target="W3C.REC-xmlschema-1-20041028"/> and <xref
target="W3C.REC-xmlschema-2-20041028"/> because this is
a W3C standard and provides the necessary level of
flexibility to correctly specify the preferred syntax.
Other schema languages could have been used just as
well.</t>
</section>
<section title="Use of XML Namespaces">
<t><xref target="W3C.REC-xml-names-20091208">XML
Namespaces</xref> need to be used in the schema to
reference the defined types. Any document validated
against dnsxml must contain a namespace reference in order
for it to validate properly. For example</t>
<figure>
<artwork type="xml"><![CDATA[
<dnsxml xmlns="urn:ietf:params:xml:ns:dns"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:ietf:params:xml:ns:dns dnsxml-1.0.xsd">
]]></artwork>
</figure>
<t>In that example the default namespace is set to refer to
elements and attributes from dnsxml. A third party
extension could be included in the namespace declarations,
with a specified prefix, and so all use of the extension
would be clearly identified by use of that prefix. This is
described more fully in <xref target="extending"/>.</t>
</section>
</section>
<section title="Elements and RRs">
<section title="Base RR element and base attributes">
<t>All elements that represent RRs are derived from an
abstract element. All elements include the attribute group
'baseAttributes' that provide the 'class', 'owner', 'ttl'
and 'rdlength' attributes. The elements that represent RRs
are defined using the <xref
target="W3C.REC-xmlschema-1-20041028">XML Schema</xref>
feature of substitutionGroup to substitute for the
abstract RR element.</t>
<t>This same mechanism is used by any new RR types that are
defined in extensions, which ensures they are treated
equally to built-in elements rather than needing to appear
in a separate extension element. This is covered further
in <xref target="extmechanism"/></t>
<t>It should be noted that, as this is an abstract element,
it cannot be used in an XML document that is to be
validated by dnsxml.</t>
</section>
<section title="RRset element" anchor="rrset">
<t>The schema has an element called 'RRset' that represents
an RRset, using the definition from <xref target="RFC2136"
/> of a set of RRs that share the same 'owner', 'class'
and 'type' RDATA fields, each of which is represented as
attributes. In addition a 'ttl' attribute is specified
because <xref target="RFC2181"/> requires all the RRs in
an RRSet to share the same ttl.</t>
<t>(If an RR type is ever defined with the mnemonic of
'RRSET', this would present future versions of dnsxml with
a naming conflict.)</t>
<t>Any element that represents an RR can be used either
standalone or within an RRset element.</t>
<t>The RRset element may be empty to represent an empty
RRset.</t>
<t>The RRset element implementation in dnsxml has a number
of limitations to the validation that it performs. These
could theoretically be fixed but would require such
significant alterations to the schema that a number of
important characteristics, including extensibility,
simplicity and ease of use, would be lost.</t>
<t>The validation limitations of the RRset element are:<list
style="symbols">
<t>An RRset element may contain elements that represent
different DNS RR types from the type specified for the
RRset element. The processing behaviour of such errant
elements is left to the application to decide.</t>
<t>It is possible for the elements within an RRset
element to have 'class', 'owner' and 'ttl' attributes
that contradict those of the RRset element. The
processing behaviour of such errant elements is left
to the application to decide.</t>
<t><xref target="RFC2136"/> lists a number of RR types
(SOA, WKS and CNAME) that can only appear once in an
RRset. This restriction is not enforced in this
schema.</t>
</list>This may mean that the RRset element is used by
appplications as a general container for a set of RRs,
which is quite different from the normative use of an
RRset in DNS.</t>
</section>
<section
title="TYPE element for holding unknown RR types and raw RR data">
<t>To fit with the convention of naming the element after
the RR type mnemonic it would be preferable to have 65535
different elements with names of the form TYPEnnnnn, but
this would make the schema unnecessarily long and slow to
process. Instead an element called TYPE is included, named
in the spirit of <xref target="RFC3597"/> that can hold an
RR of any type. This has an attribute 'rrtype' that holds
the DNS type as an unsignedShort (type mnemonics cannot be
used here) and the raw data is represented as content of
the element. The optional base attribute 'rdlength' can be
set if required. See <xref target="length"/> for more
information on the 'rdlength' attribute.</t>
<t>No use is made of the special token '\#' specified in
<xref target="RFC3597"/> to indicate the start of the
RDATA for a TYPE RR as this is superfluous in the XML
representation.</t>
<t>To comply with the <xref target="RFC3597"/> specification
of the presentation format for an RR of an unknown type,
the 'rdata' attribute of the TYPE element is of the type
hexBinary.</t>
<t>This element can also be used to contain 'broken' DNS
data.</t>
</section>
<section title="CLASS">
<t>The 'class' attribute is a union of three types, allowing
three different representation formats:<list
style="numbers">
<t>The defined mnemonics of <xref target="RFC6195"/>,
section 3.2. The mnemonics of NONE, * and ANY are
included for completeness;</t>
<t>The CLASSnnnnn mnemonic in conformance with <xref
target="RFC3597"/>, section 5.</t>
<t>An integer in the range 0-65535</t>
</list></t>
<t>dnsxml does not set a default of "IN" for CLASS as this
would be incorrect for some RR types including TKEY as
defined in <xref target="RFC2930"/>. Nor is the 'class'
attribute required.</t>
</section>
<section title="Top level container element">
<t>There is an element in the schema called 'dnsxml' that
does not represent any DNS data. It is provided as an
optional top-level container element, which can be used in
a document as the opening element and contain an arbitrary
list of 'RRSet' elements and elements representing RRs.
However it does not have to be used, as both the 'RRSet'
element and the elements representing RRs are declared as
top level elements and so can be used directly in a valid
document. It would be sensible for the 'dnsxml' element to
be used in document that only references this schema (a
standalone document), or as a container for a set of elements.</t>
<figure>
<preamble>For example, a standalone document might look
like this:</preamble>
<artwork><![CDATA[
<dnsxml xmlns="urn:ietf:params:xml:ns:dns"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:ietf:params:xml:ns:dns dnsxml-1.0.xsd">
<A owner="example1" class="IN" ttl="86400" address="192.0.2.2" />
<A owner="example2" class="IN" ttl="86400" address="192.0.2.1" />
</dnsxml>
]]></artwork>
</figure>
<figure>
<preamble>Whereas a fragment of a document where dnsxml is
embedded, might look like this:</preamble>
<artwork><![CDATA[
:
<someApp>
<someCommand>
<dns:A owner="example2" class= IN" ttl="86400"
address="192.0.2.1" />
</someCommand>
</someApp>
:
]]></artwork>
</figure>
</section>
</section>
<section title="Attributes and RDATA">
<section title="Semantic equivalence of RDATA">
<t>Fields that share the same semantic use (for example an
IP address or domain name) use the same defined types or
the types that are derived from a common type, in order
to enable later semantic inferences to be developed.</t>
</section>
<section title="Anonymous RDATA">
<t>The SPF, TXT and DHCID RR types have a single anonymous
RDATA field just referred to as the RDATA in the normative
RFC. For each of these the attribute that represents the
RDATA is called 'rdata'.</t>
</section>
<section title="IP addresses in RDATA">
<t>All attributes that contain IPv4 address are defined to
be of type 'ip4AddressType', which uses a regular
expression to validate that the content of the attribute
is a valid IPv4 address. Attributes that hold IPv6
addresses are similarly defined to be of type
'ip6Addresstype', which also uses a regular expression to
validate the content of the attribute.</t>
<t>In addition the type 'ipAddressType' exists as a union of
'ip4AddressType' and 'ip6AddressType' for use in the APL
RR type.</t>
</section>
<section title="Domain names in RDATA">
<t>Attributes for RDATA fields that are used for domain
names are all of the type 'domainType'. This is defined to
be a 'string' with the maximum length restricted. A later
development for a future version may be to validate the
contents of these attributes using a regular
expression.</t>
</section>
<section title="XML in RDATA">
<t>Any data in attributes that represent an RDATA field that
can contain XML MUST be escaped using the rules given in
<xref target="W3C.REC-xml-20081126"/></t>
<t>Because escaping is a standard part of XML, no specific
type is defined to use for those fields where escaping may
be required.</t>
</section>
<section title="Unparsed data in RDATA">
<t>A number of RDATA fields are defined in RFCs as
containing any text data. Any data in the attributes that
represent these RDATA fields MUST be escaped following the
rules given in <xref target="W3C.REC-xml-20081126"/></t>
</section>
<section title="Variable length binary data in RDATA"
anchor="variable">
<t>There are a number of examples where RDATA contains a
binary field such as set of flags or a bit map field. For
example WKS has a variable length bit map field, with no
defined presentation format. These fields are represented
either by the defined type of 'hexWithWhitespace'or the
built-in type of 'base64Binary' depending on context.
<xref target="W3C.REC-xmlschema-2-20041028">XML
Schema</xref> in turn references <xref target="RFC2045"
/> for the definition of base64. The built-in type of
'hexBinary' is not suitable because it does not allow
whitespace, whereas the presentation format of many RR
types does for hexadecimally presented RDATA.</t>
<t>It should be noted that the NSEC3 RR type has the Next
Hashed Owner Name field that may be up to 255 octets long
but whitespace in the presentation format is forbidden and
so a value that is 255 octets long will have readability
problems whether it is an attribute or element content.
For simplicity this is encoded as an attribute of defined
type 'base32HexRestricted' that uses a regular expression
to validate the allowable characters.</t>
</section>
<section title="Preferences in RDATA">
<t>A number of RR types have a preference RDATA field,
namely KX, MX, PX, RT, NAPTR. The attributes that
represent the preference field for these RR types are all
defined to be of the type 'preferenceType' on the
potentially contentious grounds that they are semantically
equivalent.</t>
<t>Additionally the IPSECKEY RR type has a precedence RDATA
field, which is defined as being semantically equivalent to the
preference RDATA field of the MX RR type. The attribute
representing this field is therefore also defined as being
of type 'preferenceType'.</t>
</section>
<section title="Seconds (units of time) in RDATA">
<t>Many RDATA fields are defined as unsigned integers that
record a number of seconds. There are a number of
different types of time field:<list style="symbols">
<t>Fields such as the 'refresh' field of the SOA RR
type, are defined as an interval. The attributes
that represent these fields are defined as being of
type 'secondsInterval32Type'.</t>
<t>Fields such as the 'signature expiration' field of
the RRSIG RR type, contain the number of seconds since
the unix Epoch. This is in turn comes in a number of
variants:<list style="symbols">
<t>The 'timesigned' field of the TSIG RR type, which
has the wire format of a 48 bit unsigned integer
and the corresponding attribute is defined as
being of type 'secondsSinceEpoch48Type';.</t>
<t>Those that use a 32 bit unsigned integer and so
are defined as being of type
'secondsSinceEpoch32Type', which is a restriction
of 'secondSinceEpoch48Type'</t>
<t>Those that use a 32 bit unsigned integer but
whose presentation format also allows a text
representation of the form 'YYYYMMDDHHmmSS' such
as the 'signatureexpiration' field of RRSIG. These
are defined as being of type
'secondsSinceEpochTextType', which is a union of
'secondsSinceEpoch32Type' and a 14 character
string.</t>
</list></t>
<t>Fields such as the 'ttl' field of all RR types,
contain an interval but with specific semantic usage
of Time To Live.</t>
</list></t>
<t>Semantic equivalence is maintained by all the time types
being derived from a common type 'secondsBaseType'.</t>
</section>
<section title="RCODE in RDATA">
<t>Attributes that represent an RCODE are either of type
'rcode16Type' or 'rcode12Type' depending on the number of
bits in the corresponding RDATA field. These are all
derived from the 'baseRcode16Type' to provide semantic
equivalence.</t>
</section>
<section
title="RDATA field that specifies the length of another RDATA field"
anchor="length">
<t>The Resource Record format as defined in <xref
target="RFC1035"/> includes an 'rdlength' field. There
is a corresponding base attribute called 'rdlength' that
is optional. This attribute is of type 'rdataLengthType',
which is limited to an unsigned 16 bit integer.</t>
<t>Numerous RR types including NSEC3, TKEY and TSIG have an
RDATA field that specifies the length of another RDATA
field in octets. The attributes that represent these
fields all share the same type of 'rdataLengthType', or
'rdataLength8Type', the latter being limited to an unsigned 8 bit
integer.</t>
<t>It could be argued that RDATA fields that hold the length
of other RDATA fields do not need to be included in dnsxml
as these values can be calculated directly from the data
with certainty. However these fields have been included
for completeness and for unknown future uses, but they are
generally defined as 'use="optional"' to allow for
applications that will calculate the length directly.</t>
</section>
<section title="Mnemonics for integer RDATA">
<t>A number of RR types, for example DNSKEY, RRSIG, DS and
DLV, have fields in their RDATA that are integer types but
also have string mnemonics. The attributes that represent
these fields are defined as a union of two simple types,
one that allows integer representation and one that allows
a string representation. The string representation is
restricted to the known mnemonics but the integer values
are not restricted to those for which a mnemonic is
defined.</t>
<t>A number of sets of mnemonics are defined in the IANA
registry <xref target="dns-sec-alg-numbers"/>. If a new
mnemonic is defined by IANA after the definition of this
protocol, a new version of dnsxml will need to be
issued for that to be incorporated into the schema. Until
that time the mnemonic will fail validation and instead
the integer the mnemonic refers must be used or the
TYPE syntax of <xref target="RFC3597"/>.</t>
<t>Mnemonics are only defined in the schema where they
appear in a normative RFC and not where they appear in an
online database, such as the allowable values of 'host'
and 'cpu' in the HINFO RR type.</t>
<t>Various RFCs previously referenced have been used as the
normative references for the lists of mnemonics and in
addition to those <xref target="RFC4509"/>, <xref
target="RFC5702"/>, <xref target="RFC5933"/> and <xref
target="RFC6605"/>, have been used for DNSSEC algorithm
mnemonics. <xref target="RFC6195"/> has been used as the
normative reference for the mnemonics for 'class' and
'rcode'.</t>
</section>
<section
title="Cryptographic algorithms and digest types in RDATA">
<t>There are two sets of cryptographic algorithms and digest
types specified in RDATA:<list style="symbols">
<t>Those specified for DNSSEC RFCs. The CERT RR type
algorithm type references the DNSSEC types for its
RDATA. The attributes that represent this RDATA are
defined to be of defined type
'dnssecAlgorithmType'.</t>
<t>Those specified in <xref target="RFC4255"/>for SSHFP.
The terminology is also different with the 'fptype'
RDATA of SSSHFP being semantically equivalent to the
'digest type' RDATA of DNSSEC RR types. The attributes
that represent this RDATA are defined to be of types
'sshAlgorithmType' and 'sshDigestType'.</t>
</list></t>
<t>These attributes that represent these different RDATA are
derived from the common base type of 'baseAlgorithmType',
preserving semantic equivalence.</t>
</section>
<section title="RDATA of the KEY and SIG RRs">
<t>The KEY and SIG RRs are unusual in that their wire
formats are identical to other RR types (DNSKEY and RRSIG
respectively) but their allowable values are different.
This leads to some notable design decisions for
dnsxml:<list style="symbols">
<t>The 'flags' RDATA fields of KEY and DNSKEY are both
functionally equivalent as they flag the use of the
key material, but the allowable values are different
as <xref target="RFC4034"/> allows bit 15 to be set in
DNSKEY, whereas <xref target="RFC3445"/> forbids that
for KEY. Given this divergence, the two 'flags'
attributes are both defined as being of type
'unsignedShort' rather than sharing a common defined
type to allow for semantic inference.</t>
<t>While the 'protocol' RDATA field for both the KEY and
DNSKEY RR types are currently semantically and
functionally identical the corresponding attributes do
not use a common defined type for either semantic or
functional equivalence. This decision is taken because
the two fields are defined independently and so may
diverge as the 'flags' fields have done.</t>
<t>The 'type covered' RDATA field of SIG was originally
used to hold an RR type. The combination of <xref
target="RFC2931"/> and <xref target="RFC4034"/>
changes this field to only have the allowable value of
0. It is the understanding of the authors that this
changes means that this field no longer represents an
RR type. Consequently the attribute 'typecovered' in
the SIG element is defined as being of type
'unsignedShort' and no semantic link is made with any
other attribute that holds an RR type, nor can an RR
type mnemonic be used as a value for this
attribute.</t>
</list></t>
</section>
<section title="Lists of RR types in RDATA">
<t>A number of RR types including RRSIG and NSEC have RDATA
that contains a list of RR types. This is implemented as a
list of RR type mnemonics using the XML Schema 'list'
feature. The TYPE representation as specified in <xref
target="RFC3597"/>, section 5 is fully supported.</t>
</section>
<section title="RDATA of the APL RR type">
<t>The APL RR type <xref target="RFC3123"/> is unusual as
the representation format specified is a complex encoding
of the RDATA whereby the RDATA fields appear in a
different order from the wire format and additional
separator characters are used. To address this complexity,
the APL element provides for two different mechanisms to
specify RDATA:<list style="numbers">
<t>using individual attributes that correspond to the
individual RDATA fields; or</t>
<t>using a single 'rdata' attribute that contains the
textual representation specified in <xref
target="RFC3123"/></t>
</list></t>
<t>To enable these two different mechanisms, the various
attributes are optional and so it may be possible for
attributes to be ommitted or for the two different
mechanisms to be used simultaneously. It is left to the
application to decide what action to take in either of
these cases.</t>
<t>It should be noted that the 'afdpart' attribute does not
fully correspond to the wire format of the RDATA field
that it represents. The wire format specification is for
only the octets covered by the 'prefixlength' to be
present, whereas the attibute requires a full and valid
IPv4 or IPv6 address.</t>
<t>It should be noted that the 'n' attribute, if it appears,
can only contain the '!' character.</t>
</section>
<section
title="Imprecise RFCs on signed/unsigned integers in RDATA">
<t>Some RFCs are not clear on whether a specified RDATA
field is a signed or unsigned integer. This syntax has
made a reasoned choice. For example the 'refresh' field
within the SOA RR type definition in <xref
target="RFC1035"/>is not explicitly defined as signed or
unsigned, but it would not make sense if a signed integer
was used here.</t>
</section>
<section title="Dependency rules in RDATA">
<t>There is no validation of the dependency rules that
specify that the value set in one RDATA field limits or
specifies the allowable values that may appear in another
field of the same RR. For example, as defined for the
IPSECKEY RR type.</t>
</section>
</section>
<section title="Extending the schema" anchor="extending">
<section title="The extension mechanism" anchor="extmechanism">
<t>All elements that represent RRs are specified using the
same mechanism and this is available for the development
of third-party extensions.</t>
<t>The schema defines an abstract element called 'RR'. Being
abstract, the element 'RR' cannot be instantiated; it is
just a placeholder that is designed to be replaced by
elements that represent DNS RR. The definition of RR is as
follows</t>
<figure>
<artwork><![CDATA[
<element name="RR" abstract="true" />
]]></artwork>
</figure>
<t>To create an element that represents a new RR type the
type for that element is first be created. This is done in
one of two ways depending on whether or not the RDATA is
to be represented solely in attributes.</t>
<figure>
<preamble>If the RDATA is to be represented solely in
attributes then the type for the element is defined as a
'complexType' that contains the relevant attributes. The
following example is the type for the A
element:</preamble>
<artwork><![CDATA[
<complexType name="AType">
<attributeGroup ref="dns:baseAttributes"/>
<attribute name="address" type="dns:ip4AddressType"
use="required"/>
</complexType>
]]></artwork>
</figure>
<figure>
<preamble>If one field of the RDATA is to be represented
as content of the element then the type for the
attribute is defined as a 'complexType' that contain
'simpleContent' that determines the type of the content
and the list of attributes. The following example is the
type for the TXT element:</preamble>
<artwork><![CDATA[
<complexType name="TXTType">
<simpleContent>
<extension base="string">
<attributeGroup ref="dns:baseAttributes"/>
</extension>
</simpleContent>
</complexType>
]]></artwork>
<postamble>All the 'simpleContent' in dnsxml is an
extenstion of 'string', 'base64Binary' or
'hexWithWhitespace' as listed in <xref
target="contenttable"/>.</postamble>
</figure>
<t>The examples above show that the base attributes of
'class', 'ttl', 'owner' and 'rdlength' are included in the
element type definition by the inclusion of the attribute
group named 'baseAttributes'.</t>
<t>All elements that represent RRs are then defined using
the substitutionGroup syntax of <xref
target="W3C.REC-xmlschema-1-20041028">XML Schema</xref>
and referencing the newly defined type.</t>
<figure>
<preamble>For example, the A element is defined in exactly
this manner:</preamble>
<artwork><![CDATA[
<element name="A" substitutionGroup="dns:RR" type="dns:AType"/>
]]></artwork>
</figure>
<t>This memo defines a number of rules for creating
extension:<list style="numbers">
<t>The element representing the new RR type MUST include
the attribute group 'baseAttributes'. This is true
even if 'class' and 'ttl' attributes are meaningless
as they for SIG(0).</t>
<t>All RDATA fields MUST be represented.</t>
<t>The attributes that represent the RDATA of the new RR
MUST reuse existing types wherever possible and where
new types are created, every effort SHOULD be made to
maintain semantic equivalence.</t>
</list></t>
</section>
<section title="Creating an extension" anchor="extcreating">
<t>The purpose of an extension is to provide syntax for a
DNS RR type that is not included in dnsxml. Extensions are
specified in a new XML Schema instance document, which has
the following characteristics:<list style="symbols">
<t>declares its own <xref
target="W3C.REC-xml-names-20091208">XML
Namespace</xref>;</t>
<t>references dnsxml both as a namespace and importing
that schema;</t>
<t>uses the extension mechanism to create a new element
to represent an RR as described in <xref
target="extmechanism"/>.</t>
</list></t>
<figure>
<preamble> An extension schema to add an element
representing a new RR called EXAMPLE where all the RDATA
is represented in attributes, would look as follows: </preamble>
<artwork><![CDATA[
<?xml version="1.0" encoding="UTF-8"?>
<schema targetNamespace="http://www.example.org/example-schema"
xmlns="http://www.w3.org/2001/XMLSchema"
xmlns:ex="http://www.example.org/example-schema"
xmlns:dns="urn:ietf:params:xml:ns:dns">
<annotation>
<documentation>Example extension to dnsxml</documentation>
</annotation>
<import namespace="urn:ietf:params:xml:ns:dns"
schemaLocation="dnsxml-1.0.xsd"/>
<element name="EXAMPLE" substitutionGroup="dns:RR"
type="ex:EXAMPLEType" />
<complexType name="EXAMPLEType">
<attributeGroup ref="dns:baseAttributes"/>
<attribute name="exampleRDATA" type="dns:domainType" />
</complexType>
</schema>
]]></artwork>
</figure>
<t>If the RR type is</t>
</section>
<section title="Using an extension">
<t>With an extension declared as described in <xref
target="extcreating"/> it can then be referenced in a
XML document that also references dnsxml. The use of
namespaces will keep the references separate.</t>
<figure>
<artwork><![CDATA[
<dnsxml xmlns="urn:ietf:params:xml:ns:dns"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:ietf:params:xml:ns:dns dnsxml-1.0.xsd"
xmlns:ex="http://www.example.org/example-schema"
xsi:schemaLocation=
"http://www.example.org/example-schema example.xsd">
<ex:EXAMPLE owner="example" class="IN" ttl="86400"
exampleRDATA="whatever.tld" />
<A owner="example" class="IN" ttl="86400" address="192.0.2.1" />
</dnsxml>
]]></artwork>
</figure>
</section>
</section>
<section title="Implementing new versions of the schema">
<t>If a new version of the schema is developed that includes
within it new RR types already described in third party
extensions, the use of <xref
target="W3C.REC-xml-names-20091208">XML Namespaces</xref>
will ensure that the third party extension can continue to
be used.</t>
<t>If a new version of dnsxml were now available and an XML
document updated to use that, then the document would still
validate correctly. If the author then wanted to use the
'example' RR from the new version of dnsxml as well as the
version from the extension then they could do so as it sits
in a different namespace.</t>
<section title="Use of version specific namespaces">
<t>This memo specifies two URNs that can be used to refer to
dnsxml. The first of these is a version independent
reference 'urn:ietf:params:xml:ns:dns', the second is a
version specific reference
'urn:ietf:params:xml:ns:dns-1.0'. A document can use
either reference, depending on need.</t>
</section>
</section>
</section>
<section title="Full schema definition" anchor="fullschema">
<t>In the following schema definition a number of regular
expressions have been split across multiple lines to enable
them to be included in this memo. To use this schema correctly
these regular expressions must be combined back into a single
line without whitespace or they will not work correctly.</t>
<figure>
<artwork><![CDATA[
<?xml version="1.0"?>
<schema targetNamespace="urn:ietf:params:xml:ns:dns"
xmlns="http://www.w3.org/2001/XMLSchema"
xmlns:dns="urn:ietf:params:xml:ns:dns">
<annotation>
<documentation>dnsxml v1.0</documentation>
</annotation>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- dnsxml element -->
<!-- - - - - - - - - - - - - - - - - - -->
<element name="dnsxml">
<complexType>
<choice maxOccurs="unbounded">
<element ref="dns:RRset"/>
<element ref="dns:RR"/>
</choice>
</complexType>
</element>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- Base attribute set -->
<!-- - - - - - - - - - - - - - - - - - -->
<attributeGroup name="baseAttributes">
<attribute name="owner" type="dns:domainType"/>
<attribute name="class" type="dns:classType"/>
<attribute name="ttl" type="dns:ttlType"/>
<attribute name="rdlength" type="dns:rdataLengthType"/>
</attributeGroup>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- RRset element -->
<!-- - - - - - - - - - - - - - - - - - -->
<element name="RRset" type="dns:RRsetType"/>
<complexType name="RRsetType">
<choice minOccurs="0" maxOccurs="unbounded">
<element ref="dns:RR"/>
</choice>
<attribute name="class" type="dns:classType"/>
<attribute name="type" type="dns:rrTypeType" use="required"/>
<attribute name="owner" type="dns:domainType"/>
<attribute name="ttl" type="dns:ttlType"/>
</complexType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- RR abstract element -->
<!-- - - - - - - - - - - - - - - - - - -->
<element name="RR" abstract="true"/>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- String encoding types -->
<!-- - - - - - - - - - - - - - - - - - -->
<simpleType name="hexWithWhitespace">
<restriction base="string">
<pattern value="([0-9a-fA-F\s])*"/>
</restriction>
</simpleType>
<simpleType name="base32HexRestricted">
<restriction base="string">
<pattern value="([0-9a-vA-V])*"/>
</restriction>
</simpleType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- Basic attribute types -->
<!-- - - - - - - - - - - - - - - - - - -->
<!-- All the known RRs plus the TYPE
representation of [RFC3597] (5) -->
<simpleType name="rrMnemonicType">
<union>
<simpleType>
<restriction base="string">
<enumeration value="A"/>
<enumeration value="A6"/>
<enumeration value="AAAA"/>
<enumeration value="AFSDB"/>
<enumeration value="APL"/>
<enumeration value="CERT"/>
<enumeration value="CNAME"/>
<enumeration value="DHCID"/>
<enumeration value="DLV"/>
<enumeration value="DNAME"/>
<enumeration value="DNSKEY"/>
<enumeration value="DS"/>
<enumeration value="GPOS"/>
<enumeration value="HINFO"/>
<enumeration value="IPSECKEY"/>
<enumeration value="ISDN"/>
<enumeration value="KEY"/>
<enumeration value="KX"/>
<enumeration value="LOC"/>
<enumeration value="MB"/>
<enumeration value="MG"/>
<enumeration value="MGINFO"/>
<enumeration value="MR"/>
<enumeration value="MX"/>
<enumeration value="NAPTR"/>
<enumeration value="NS"/>
<enumeration value="NSAP"/>
<enumeration value="NSEC"/>
<enumeration value="NSEC3"/>
<enumeration value="NSEC3PARAM"/>
<enumeration value="NULL"/>
<enumeration value="OPT"/>
<enumeration value="PTR"/>
<enumeration value="PX"/>
<enumeration value="RP"/>
<enumeration value="RRSIG"/>
<enumeration value="RT"/>
<enumeration value="SSHFP"/>
<enumeration value="SIG"/>
<enumeration value="SOA"/>
<enumeration value="SPF"/>
<enumeration value="SRV"/>
<enumeration value="TKEY"/>
<enumeration value="TSIG"/>
<enumeration value="TXT"/>
<enumeration value="WKS"/>
<enumeration value="X25"/>
</restriction>
</simpleType>
<simpleType>
<restriction base="string">
<!-- The following regex need to be reassmebled
on one line, without whitespace, before use -->
<pattern
value="TYPE(6553[0-5]|655[0-2][0-9]\d|65[0-4](\d){2}|
6[0-4](\d){3}|[1-5](\d){4}|[1-9](\d){0,3})"
/>
</restriction>
</simpleType>
</union>
</simpleType>
<simpleType name="rrTypeType">
<union memberTypes="dns:rrMnemonicType unsignedShort"> </union>
</simpleType>
<!-- A list of any number of the full RR types -->
<simpleType name="rrListType">
<list itemType="dns:rrMnemonicType"/>
</simpleType>
<simpleType name="domainType">
<restriction base="string">
<maxLength value="255"/>
</restriction>
</simpleType>
<simpleType name="classType">
<union>
<simpleType>
<restriction base="string">
<enumeration value="IN"/>
<enumeration value="CH"/>
<enumeration value="HS"/>
<enumeration value="NONE"/>
<enumeration value="*"/>
<enumeration value="ANY"/>
</restriction>
</simpleType>
<simpleType>
<restriction base="string">
<!-- The following regex need to be reassmebled
on one line, without whitespace, before use -->
<pattern
value="CLASS(6553[0-5]|655[0-2][0-9]\d|65[0-4](\d){2}|
6[0-4](\d){3}|[1-5](\d){4}|[1-9](\d){0,3})"
/>
</restriction>
</simpleType>
<simpleType>
<restriction base="unsignedShort"/>
</simpleType>
</union>
</simpleType>
<simpleType name="rcodeMnemonicsType">
<restriction base="string">
<enumeration value="NoError"/>
<enumeration value="FormErr"/>
<enumeration value="ServFail"/>
<enumeration value="NXDomain"/>
<enumeration value="NotImp"/>
<enumeration value="Refused"/>
<enumeration value="YXDomain"/>
<enumeration value="YXRRSet"/>
<enumeration value="NXRRSet"/>
<enumeration value="NotAuth"/>
<enumeration value="NotZone"/>
<enumeration value="BADVERS"/>
<enumeration value="BADSIG"/>
<enumeration value="BADKEY"/>
<enumeration value="BADTIME"/>
<enumeration value="BADMODE"/>
<enumeration value="BADNAME"/>
<enumeration value="BADALG"/>
<enumeration value="BADTRUC"/>
</restriction>
</simpleType>
<simpleType name="baseRcode16Type">
<restriction base="unsignedShort"/>
</simpleType>
<simpleType name="baseRcode12Type">
<restriction base="dns:baseRcode16Type">
<maxInclusive value="4096"/>
</restriction>
</simpleType>
<simpleType name="rcode16Type">
<union memberTypes="dns:baseRcode16Type dns:rcodeMnemonicsType"/>
</simpleType>
<simpleType name="rcode12Type">
<union memberTypes="dns:baseRcode12Type dns:rcodeMnemonicsType"/>
</simpleType>
<!-- Only used once but sufficiently generic to get its own type -->
<simpleType name="serialType">
<restriction base="unsignedInt"/>
</simpleType>
<!-- Only used once but sufficiently generic to get its own type -->
<simpleType name="idType">
<restriction base="unsignedShort"/>
</simpleType>
<simpleType name="preferenceType">
<restriction base="unsignedShort"/>
</simpleType>
<simpleType name="rdataLengthType">
<restriction base="unsignedShort"/>
</simpleType>
<simpleType name="rdataLength8Type">
<restriction base="dns:rdataLengthType">
<maxInclusive value="255"/>
</restriction>
</simpleType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- Time related attribute types -->
<!-- - - - - - - - - - - - - - - - - - -->
<!-- A base seconds type that should not be
used except to derive other types -->
<simpleType name="baseSecondsType">
<restriction base="unsignedLong"/>
</simpleType>
<simpleType name="secondsInterval32Type">
<restriction base="dns:baseSecondsType">
<maxInclusive value="4294967295"/>
<!-- 2^32-1 -->
</restriction>
</simpleType>
<simpleType name="secondsSinceEpoch48Type">
<restriction base="dns:baseSecondsType">
<maxInclusive value="281474976710655"/>
<!-- 2^48-1 -->
</restriction>
</simpleType>
<simpleType name="secondsSinceEpoch32Type">
<restriction base="dns:secondsSinceEpoch48Type">
<maxInclusive value="4294967295"/>
<!-- 2^32-1 -->
</restriction>
</simpleType>
<simpleType name="secondsSinceEpochTextType">
<union>
<simpleType>
<restriction base="string">
<maxLength value="14"/>
<minLength value="14"/>
</restriction>
</simpleType>
<simpleType>
<restriction base="dns:secondsSinceEpoch32Type"/>
</simpleType>
</union>
</simpleType>
<simpleType name="ttlType">
<restriction base="dns:secondsInterval32Type"/>
</simpleType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- Address related attribute types -->
<!-- - - - - - - - - - - - - - - - - - -->
<simpleType name="ip4AddressType">
<restriction base="string">
<!-- The following regex need to be reassmebled
on one line, without whitespace, before use -->
<pattern
value="((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|
2[0-4][0-9]|[01]?[0-9][0-9]?)"
/>
</restriction>
</simpleType>
<simpleType name="ip6AddressType">
<restriction base="string">
<!-- The following regex need to be reassmebled
on one line, without whitespace, before use -->
<pattern
value="((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|
(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|
[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]
{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|
[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]
{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|
2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|
(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4})
{0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|
[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|
((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)
(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}
(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|
2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d))
{3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:
((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|
[1-9]?\d)){3}))|:)))(%.+)?\s*"
/>
</restriction>
</simpleType>
<simpleType name="ipAddressType">
<union memberTypes="dns:ip4AddressType dns:ip6AddressType"/>
</simpleType>
<simpleType name="prefixLengthType">
<restriction base="unsignedByte">
<maxInclusive value="128"/>
</restriction>
</simpleType>
<!-- Only used once but sufficiently generic to get its own type -->
<simpleType name="portType">
<restriction base="unsignedShort"/>
</simpleType>
<!-- Only used once but sufficiently generic to get its own type -->
<simpleType name="ipProtocolType">
<restriction base="unsignedByte"/>
</simpleType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- Crypto related attribute types -->
<!-- - - - - - - - - - - - - - - - - - -->
<!-- A base algorithm type that should not
be used except to derive other types -->
<simpleType name="baseAlgorithmType">
<restriction base="unsignedByte"/>
</simpleType>
<simpleType name="dnssecAlgorithmType">
<union>
<simpleType>
<restriction base="string">
<enumeration value="RSAMD5"/>
<enumeration value="DH"/>
<enumeration value="DSA"/>
<enumeration value="RSASHA1"/>
<enumeration value="DSA-NSEC3-SHA1"/>
<enumeration value="RSASHA1-NSEC3-SHA1"/>
<enumeration value="RSASHA256"/>
<enumeration value="RSASHA512"/>
<enumeration value="ECC-GOST"/>
<enumeration value="ECDSAP256SHA256"/>
<enumeration value="ECDSAP384SHA384"/>
<enumeration value="INDIRECT"/>
<enumeration value="PRIVATEDNS"/>
<enumeration value="PRIVATEOID"/>
</restriction>
</simpleType>
<simpleType>
<restriction base="dns:baseAlgorithmType"/>
</simpleType>
</union>
</simpleType>
<simpleType name="sshAlgorithmType">
<union>
<simpleType>
<restriction base="string">
<enumeration value="RSA"/>
<enumeration value="DSS"/>
</restriction>
</simpleType>
<simpleType>
<restriction base="dns:baseAlgorithmType"/>
</simpleType>
</union>
</simpleType>
<simpleType name="sshDigestType">
<union>
<simpleType>
<restriction base="string">
<enumeration value="SHA-1"/>
</restriction>
</simpleType>
<simpleType>
<restriction base="dns:baseAlgorithmType"/>
</simpleType>
</union>
</simpleType>
<simpleType name="certificateTypeType">
<union>
<simpleType>
<restriction base="string">
<!-- [RFC2538] (2.1) -->
<enumeration value="PKIX"/>
<enumeration value="SPKI"/>
<enumeration value="PGP"/>
<enumeration value="URI"/>
<enumeration value="OID"/>
</restriction>
</simpleType>
<simpleType>
<restriction base="unsignedShort"/>
</simpleType>
</union>
</simpleType>
<simpleType name="keytagType">
<restriction base="unsignedShort"/>
</simpleType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- Miscellaneous attribute types -->
<!-- - - - - - - - - - - - - - - - - - -->
<simpleType name="longitudeType">
<restriction base="string"/>
</simpleType>
<simpleType name="latitudeType">
<restriction base="string"/>
</simpleType>
<simpleType name="altitudeType">
<restriction base="string"/>
</simpleType>
<simpleType name="gatewayType">
<union>
<simpleType>
<restriction base="dns:domainType"/>
</simpleType>
<simpleType>
<restriction base="dns:ip4AddressType"/>
</simpleType>
<simpleType>
<restriction base="dns:ip6AddressType"/>
</simpleType>
</union>
</simpleType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- TYPE element [RFC3597] (5) -->
<!-- - - - - - - - - - - - - - - - - - -->
<element name="TYPE" substitutionGroup="dns:RR" type="dns:TYPEType"/>
<complexType name="TYPEType">
<simpleContent>
<extension base="dns:hexWithWhitespace">
<attributeGroup ref="dns:baseAttributes"/>
<attribute name="rrtype" type="unsignedShort" use="required"/>
</extension>
</simpleContent>
</complexType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- A element [RFC1035] (3.4.1) -->
<!-- - - - - - - - - - - - - - - - - - -->
<element name="A" substitutionGroup="dns:RR" type="dns:AType"/>
<complexType name="AType">
<attributeGroup ref="dns:baseAttributes"/>
<attribute name="address" type="dns:ip4AddressType" use="required"/>
</complexType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- A6 element [RFC2874] (3.1.3) -->
<!-- - - - - - - - - - - - - - - - - - -->
<element name="A6" substitutionGroup="dns:RR" type="dns:A6Type"/>
<complexType name="A6Type">
<attributeGroup ref="dns:baseAttributes"/>
<attribute name="prefixlength" type="dns:prefixLengthType"
use="required"/>
<attribute name="addresssuffix" type="dns:ip6AddressType"
use="optional"/>
<attribute name="prefixname" type="dns:domainType" use="optional"/>
</complexType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- AAAA element [RFC3596] (2.2) -->
<!-- - - - - - - - - - - - - - - - - - -->
<element name="AAAA" substitutionGroup="dns:RR" type="dns:AAAAType"/>
<complexType name="AAAAType">
<attributeGroup ref="dns:baseAttributes"/>
<attribute name="ip6address" type="dns:ip6AddressType"
use="required"/>
</complexType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- AFSDB element [RFC1183] (1) -->
<!-- - - - - - - - - - - - - - - - - - -->
<element name="AFSDB" substitutionGroup="dns:RR"
type="dns:AFSDBType"/>
<complexType name="AFSDBType">
<attributeGroup ref="dns:baseAttributes"/>
<attribute name="subtype" type="unsignedShort" use="required"/>
<attribute name="hostname" type="dns:domainType" use="required"/>
</complexType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- APL element [RFC3123] (4) -->
<!-- - - - - - - - - - - - - - - - - - -->
<element name="APL" substitutionGroup="dns:RR" type="dns:APLType"
nillable="true"/>
<complexType name="APLType">
<simpleContent>
<extension base="string">
<attributeGroup ref="dns:baseAttributes"/>
<attribute name="addressfamily" type="unsignedShort"
use="optional"/>
<attribute name="prefix" type="dns:prefixLengthType"
use="optional"/>
<attribute name="n" use="optional">
<simpleType>
<restriction base="string">
<enumeration value="!"/>
</restriction>
</simpleType>
</attribute>
<attribute name="afdlength" use="optional">
<simpleType>
<restriction base="unsignedByte">
<maxInclusive value="128"/>
</restriction>
</simpleType>
</attribute>
<attribute name="afdpart" type="dns:ipAddressType"
use="optional"/>
</extension>
</simpleContent>
</complexType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- CERT element [RFC2538] (2.2) -->
<!-- - - - - - - - - - - - - - - - - - -->
<element name="CERT" substitutionGroup="dns:RR" type="dns:CERTType"/>
<complexType name="CERTType">
<simpleContent>
<extension base="base64Binary">
<attributeGroup ref="dns:baseAttributes"/>
<attribute name="type" type="dns:certificateTypeType"
use="required"/>
<attribute name="keytag" type="dns:keytagType" use="required"/>
<attribute name="algorithm" type="dns:dnssecAlgorithmType"
use="required"/>
</extension>
</simpleContent>
</complexType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- CNAME element [RFC1035] (3.3.1) -->
<!-- - - - - - - - - - - - - - - - - - -->
<element name="CNAME" substitutionGroup="dns:RR"
type="dns:CNAMEType"/>
<complexType name="CNAMEType">
<attributeGroup ref="dns:baseAttributes"/>
<attribute name="host" type="dns:domainType" use="required"/>
</complexType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- DHCID element [RFC4701] (3.2) -->
<!-- - - - - - - - - - - - - - - - - - -->
<element name="DHCID" substitutionGroup="dns:RR"
type="dns:DHCIDType"/>
<complexType name="DHCIDType">
<simpleContent>
<extension base="base64Binary">
<attributeGroup ref="dns:baseAttributes"/>
</extension>
</simpleContent>
</complexType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- DLV element [RFC4431] (2) -->
<!-- - - - - - - - - - - - - - - - - - -->
<element name="DLV" substitutionGroup="dns:RR" type="dns:DLVType"/>
<complexType name="DLVType">
<simpleContent>
<extension base="dns:hexWithWhitespace">
<attributeGroup ref="dns:baseAttributes"/>
<attribute name="keytag" type="dns:keytagType" use="required"/>
<attribute name="algorithm" type="dns:dnssecAlgorithmType"
use="required"/>
<attribute name="digesttype" type="dns:dnssecAlgorithmType"
use="required"/>
</extension>
</simpleContent>
</complexType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- DNAME element [RFC2672] (3) -->
<!-- - - - - - - - - - - - - - - - - - -->
<element name="DNAME" substitutionGroup="dns:RR"
type="dns:DNAMEType"/>
<complexType name="DNAMEType">
<attributeGroup ref="dns:baseAttributes"/>
<attribute name="target" type="dns:domainType" use="required"/>
</complexType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- DNSKEY element [RFC4034] (2.2) -->
<!-- - - - - - - - - - - - - - - - - - -->
<element name="DNSKEY" substitutionGroup="dns:RR"
type="dns:DNSKEYType"/>
<complexType name="DNSKEYType">
<simpleContent>
<extension base="base64Binary">
<attributeGroup ref="dns:baseAttributes"/>
<attribute name="flags" type="unsignedShort" use="required"/>
<attribute name="protocol" type="unsignedByte" use="required"/>
<attribute name="algorithm" type="dns:dnssecAlgorithmType"
use="required"/>
</extension>
</simpleContent>
</complexType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- DS element [RFC4034] (5.3) -->
<!-- - - - - - - - - - - - - - - - - - -->
<element name="DS" substitutionGroup="dns:RR" type="dns:DSType"/>
<complexType name="DSType">
<simpleContent>
<extension base="dns:hexWithWhitespace">
<attributeGroup ref="dns:baseAttributes"/>
<attribute name="keytag" type="dns:keytagType" use="required"/>
<attribute name="algorithm" type="dns:dnssecAlgorithmType"
use="required"/>
<attribute name="digesttype" type="dns:dnssecAlgorithmType"
use="required"/>
</extension>
</simpleContent>
</complexType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- GPOS element [RFC1712] (3) -->
<!-- - - - - - - - - - - - - - - - - - -->
<element name="GPOS" substitutionGroup="dns:RR" type="dns:GPOSType"/>
<complexType name="GPOSType">
<attributeGroup ref="dns:baseAttributes"/>
<attribute name="longitude" type="dns:longitudeType"
use="required"/>
<attribute name="latitude" type="dns:latitudeType" use="required"/>
<attribute name="altitude" type="dns:altitudeType" use="required"/>
</complexType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- HINFO element [RFC1035] (3.3.2) -->
<!-- - - - - - - - - - - - - - - - - - -->
<element name="HINFO" substitutionGroup="dns:RR"
type="dns:HINFOType"/>
<complexType name="HINFOType">
<attributeGroup ref="dns:baseAttributes"/>
<attribute name="cpu" type="string" use="required"/>
<attribute name="os" type="string" use="required"/>
</complexType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- IPSECKEY element [RFC4025] (3.1) -->
<!-- - - - - - - - - - - - - - - - - - -->
<element name="IPSECKEY" substitutionGroup="dns:RR"
type="dns:IPSECKEYType"/>
<complexType name="IPSECKEYType">
<simpleContent>
<extension base="base64Binary">
<attributeGroup ref="dns:baseAttributes"/>
<attribute name="precedence" type="dns:preferenceType"
use="required"/>
<attribute name="gatewaytype" type="unsignedByte"
use="required"/>
<attribute name="gateway" type="dns:gatewayType" use="required"
/>
</extension>
</simpleContent>
</complexType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- ISDN element [RFC1183] (3.2) -->
<!-- - - - - - - - - - - - - - - - - - -->
<element name="ISDN" substitutionGroup="dns:RR" type="dns:ISDNType"/>
<complexType name="ISDNType">
<attributeGroup ref="dns:baseAttributes"/>
<attribute name="isdn-address" type="string" use="required"/>
<!-- should this have a defined type? -->
<attribute name="sa" type="string" use="optional"/>
</complexType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- KEY element [RFC3445] (3) -->
<!-- - - - - - - - - - - - - - - - - - -->
<element name="KEY" substitutionGroup="dns:RR" type="dns:KEYType"/>
<complexType name="KEYType">
<simpleContent>
<extension base="base64Binary">
<attributeGroup ref="dns:baseAttributes"/>
<attribute name="flags" type="unsignedShort" use="required"/>
<attribute name="protocol" type="unsignedByte" use="required"/>
<attribute name="algorithm" type="dns:dnssecAlgorithmType"
use="required"/>
</extension>
</simpleContent>
</complexType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- KX element [RFC2230] (3.1) -->
<!-- - - - - - - - - - - - - - - - - - -->
<element name="KX" substitutionGroup="dns:RR" type="dns:KXType"/>
<complexType name="KXType">
<attributeGroup ref="dns:baseAttributes"/>
<attribute name="preference" type="dns:preferenceType"
use="required"/>
<attribute name="exchanger" type="dns:domainType" use="required"/>
</complexType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- LOC element [RFC1876] (3) -->
<!-- - - - - - - - - - - - - - - - - - -->
<element name="LOC" substitutionGroup="dns:RR" type="dns:LOCType"/>
<complexType name="LOCType">
<attributeGroup ref="dns:baseAttributes"/>
<attribute name="version" type="unsignedByte"/>
<attribute name="size" type="string" use="optional"/>
<attribute name="horizpre" type="string" use="optional"/>
<attribute name="vertpre" type="string" use="optional"/>
<attribute name="latitude" type="dns:latitudeType" use="required"/>
<attribute name="longitude" type="dns:longitudeType"
use="required"/>
<attribute name="altitude" type="dns:altitudeType" use="required"/>
</complexType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- MB element [RFC1035] (3.3.3) -->
<!-- - - - - - - - - - - - - - - - - - -->
<element name="MB" substitutionGroup="dns:RR" type="dns:MBType"/>
<complexType name="MBType">
<attributeGroup ref="dns:baseAttributes"/>
<attribute name="madname" type="dns:domainType" use="required"/>
</complexType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- MG element [RFC1035] (3.3.6) -->
<!-- - - - - - - - - - - - - - - - - - -->
<element name="MG" substitutionGroup="dns:RR" type="dns:MGType"/>
<complexType name="MGType">
<attributeGroup ref="dns:baseAttributes"/>
<attribute name="mgmname" type="dns:domainType" use="required"/>
</complexType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- MINFO element [RFC1035] (3.3.7) -->
<!-- - - - - - - - - - - - - - - - - - -->
<element name="MINFO" substitutionGroup="dns:RR"
type="dns:MINFOType"/>
<complexType name="MINFOType">
<attributeGroup ref="dns:baseAttributes"/>
<attribute name="rmailbx" type="dns:domainType" use="required"/>
<attribute name="emailbx" type="dns:domainType" use="required"/>
</complexType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- MR element [RFC1035] (3.3.8) -->
<!-- - - - - - - - - - - - - - - - - - -->
<element name="MR" substitutionGroup="dns:RR" type="dns:MRType"/>
<complexType name="MRType">
<attributeGroup ref="dns:baseAttributes"/>
<attribute name="newname" type="dns:domainType" use="required"/>
</complexType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- MX element [RFC1035] (3.3.9) -->
<!-- - - - - - - - - - - - - - - - - - -->
<element name="MX" substitutionGroup="dns:RR" type="dns:MXType"/>
<complexType name="MXType">
<attributeGroup ref="dns:baseAttributes"/>
<attribute name="preference" type="dns:preferenceType"
use="required"/>
<attribute name="exchange" type="dns:domainType" use="required"/>
</complexType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- NAPTR element [RFC3403] (4.1) -->
<!-- - - - - - - - - - - - - - - - - - -->
<element name="NAPTR" substitutionGroup="dns:RR"
type="dns:NAPTRType"/>
<complexType name="NAPTRType">
<attributeGroup ref="dns:baseAttributes"/>
<attribute name="order" type="unsignedInt" use="required"/>
<attribute name="preference" type="dns:preferenceType"
use="required"/>
<attribute name="flags" type="string" use="required"/>
<attribute name="services" type="string" use="required"/>
<attribute name="regexp" type="string" use="required"/>
<attribute name="replacement" type="dns:domainType"
use="required"/>
</complexType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- NS element [RFC1035] (3.3.11) -->
<!-- - - - - - - - - - - - - - - - - - -->
<element name="NS" substitutionGroup="dns:RR" type="dns:NSType"/>
<complexType name="NSType">
<attributeGroup ref="dns:baseAttributes"/>
<attribute name="nsdname" type="dns:domainType" use="required"/>
</complexType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- NSAP element [RFC1706] (5) -->
<!-- - - - - - - - - - - - - - - - - - -->
<element name="NSAP" substitutionGroup="dns:RR" type="dns:NSAPType"/>
<complexType name="NSAPType">
<attributeGroup ref="dns:baseAttributes"/>
<attribute name="nsap" type="string" use="required"/>
<!-- defined type? -->
</complexType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- NSEC element [RFC4034] (4.2) -->
<!-- - - - - - - - - - - - - - - - - - -->
<element name="NSEC" substitutionGroup="dns:RR" type="dns:NSECType"/>
<complexType name="NSECType">
<attributeGroup ref="dns:baseAttributes"/>
<attribute name="nextdomainname" type="dns:domainType"
use="required"/>
<attribute name="typebitmaps" type="dns:rrListType"
use="required"/>
</complexType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- NSEC3 element [RFC5155] (3.2) -->
<!-- - - - - - - - - - - - - - - - - - -->
<element name="NSEC3" substitutionGroup="dns:RR"
type="dns:NSEC3Type"/>
<complexType name="NSEC3Type">
<attributeGroup ref="dns:baseAttributes"/>
<attribute name="hashalgorithm" type="dns:dnssecAlgorithmType"
use="required"/>
<attribute name="flags" type="unsignedByte" use="required"/>
<attribute name="iterations" type="unsignedShort" use="required"/>
<attribute name="saltlength" type="dns:rdataLength8Type"
use="optional"/>
<attribute name="salt" type="hexBinary" use="required"/>
<attribute name="hashlength" type="dns:rdataLength8Type"
use="optional"/>
<attribute name="nexthashedownername"
type="dns:base32HexRestricted" use="required"/>
<attribute name="typebitmaps" type="dns:rrListType"
use="required"/>
</complexType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- NSEC3PARAM element [RFC5155] (4.2)-->
<!-- - - - - - - - - - - - - - - - - - -->
<element name="NSEC3PARAM" substitutionGroup="dns:RR"
type="dns:NSEC3PARAMType"/>
<complexType name="NSEC3PARAMType">
<attributeGroup ref="dns:baseAttributes"/>
<attribute name="hashalgorithm" type="dns:dnssecAlgorithmType"
use="required"/>
<attribute name="flags" type="unsignedByte" use="required"/>
<attribute name="iterations" type="unsignedShort" use="required"/>
<attribute name="saltlength" type="dns:rdataLength8Type"
use="optional"/>
<attribute name="salt" type="hexBinary" use="required"/>
</complexType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- NULL element [RFC1035] (3.3.10) -->
<!-- - - - - - - - - - - - - - - - - - -->
<element name="NULL" substitutionGroup="dns:RR" type="dns:NULLType"
nillable="true"/>
<complexType name="NULLType" mixed="true">
<simpleContent>
<extension base="string">
<attributeGroup ref="dns:baseAttributes"/>
</extension>
</simpleContent>
</complexType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- PTR element [RFC1035] (3.3.12) -->
<!-- - - - - - - - - - - - - - - - - - -->
<element name="PTR" substitutionGroup="dns:RR" type="dns:PTRType"/>
<complexType name="PTRType">
<attributeGroup ref="dns:baseAttributes"/>
<attribute name="ptrdname" type="dns:domainType" use="required"/>
</complexType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- PX element [RFC2163] (4) -->
<!-- - - - - - - - - - - - - - - - - - -->
<element name="PX" substitutionGroup="dns:RR" type="dns:PXType"/>
<complexType name="PXType">
<attributeGroup ref="dns:baseAttributes"/>
<attribute name="preference" type="dns:preferenceType"
use="required"/>
<attribute name="map822" type="dns:domainType" use="required"/>
<attribute name="mapx400" type="dns:domainType" use="required"/>
</complexType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- RP element [RFC1183] (2.2) -->
<!-- - - - - - - - - - - - - - - - - - -->
<element name="RP" substitutionGroup="dns:RR" type="dns:RPType"/>
<complexType name="RPType">
<attributeGroup ref="dns:baseAttributes"/>
<attribute name="mbox-dname" type="dns:domainType" use="required"/>
<attribute name="txt-dname" type="dns:domainType" use="required"/>
</complexType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- RRSIG element [RFC4034] (3.2) -->
<!-- - - - - - - - - - - - - - - - - - -->
<element name="RRSIG" substitutionGroup="dns:RR"
type="dns:RRSIGType"/>
<complexType name="RRSIGType">
<simpleContent>
<extension base="base64Binary">
<attributeGroup ref="dns:baseAttributes"/>
<attribute name="typecovered" type="dns:rrTypeType"
use="required"/>
<attribute name="algorithm" type="dns:dnssecAlgorithmType"
use="required"/>
<attribute name="labels" type="unsignedByte" use="required"/>
<attribute name="originalttl" type="dns:ttlType"
use="required"/>
<attribute name="signatureexpiration"
type="dns:secondsSinceEpochTextType" use="required"/>
<attribute name="signatureinception"
type="dns:secondsSinceEpochTextType" use="required"/>
<attribute name="keytag" type="dns:keytagType" use="required"/>
<attribute name="signersname" type="dns:domainType"
use="required"/>
</extension>
</simpleContent>
</complexType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- RT element [RFC1183] (3.3) -->
<!-- - - - - - - - - - - - - - - - - - -->
<element name="RT" substitutionGroup="dns:RR" type="dns:RTType"/>
<complexType name="RTType">
<attributeGroup ref="dns:baseAttributes"/>
<attribute name="preference" type="dns:preferenceType"
use="required"/>
<attribute name="intermediate-host" type="dns:domainType"
use="required"/>
</complexType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- SIG element [RFC2931] & [RFC4034] -->
<!-- - - - - - - - - - - - - - - - - - -->
<element name="SIG" substitutionGroup="dns:RR" type="dns:SIGType"/>
<complexType name="SIGType">
<simpleContent>
<extension base="base64Binary">
<attributeGroup ref="dns:baseAttributes"/>
<attribute name="typecovered" type="unsignedShort"
use="required"/>
<attribute name="algorithm" type="dns:dnssecAlgorithmType"
use="required"/>
<attribute name="labels" type="unsignedByte" use="required"/>
<attribute name="originalttl" type="dns:ttlType"
use="required"/>
<attribute name="signatureexpiration"
type="dns:secondsSinceEpochTextType" use="required"/>
<attribute name="signatureinception"
type="dns:secondsSinceEpochTextType" use="required"/>
<attribute name="keytag" type="dns:keytagType" use="required"/>
<attribute name="signersname" type="dns:domainType"
use="required"/>
</extension>
</simpleContent>
</complexType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- SSHFP element [RFC4255] (3.2) -->
<!-- - - - - - - - - - - - - - - - - - -->
<element name="SSHFP" substitutionGroup="dns:RR"
type="dns:SSHFPType"/>
<complexType name="SSHFPType">
<simpleContent>
<extension base="dns:hexWithWhitespace">
<attributeGroup ref="dns:baseAttributes"/>
<attribute name="algorithm" type="dns:sshAlgorithmType"
use="required"/>
<attribute name="fptype" type="dns:sshDigestType"
use="required"/>
</extension>
</simpleContent>
</complexType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- SOA element [RFC1035] (3.3.13) -->
<!-- - - - - - - - - - - - - - - - - - -->
<element name="SOA" substitutionGroup="dns:RR" type="dns:SOAType"/>
<complexType name="SOAType">
<attributeGroup ref="dns:baseAttributes"/>
<attribute name="mname" type="dns:domainType" use="required"/>
<attribute name="rname" type="dns:domainType" use="required"/>
<attribute name="serial" type="dns:serialType" use="required"/>
<attribute name="refresh" type="dns:secondsInterval32Type"
use="required"/>
<attribute name="retry" type="dns:secondsInterval32Type"
use="required"/>
<attribute name="expire" type="dns:secondsInterval32Type"
use="required"/>
<attribute name="minimum" type="dns:ttlType" use="required"/>
</complexType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- SPF element [RFC4408] (3.1.1) -->
<!-- - - - - - - - - - - - - - - - - - -->
<element name="SPF" substitutionGroup="dns:RR" type="dns:SPFType"/>
<complexType name="SPFType">
<simpleContent>
<extension base="string">
<attributeGroup ref="dns:baseAttributes"/>
</extension>
</simpleContent>
</complexType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- SRV element [RFC2782] (0) -->
<!-- - - - - - - - - - - - - - - - - - -->
<element name="SRV" substitutionGroup="dns:RR" type="dns:SRVType"/>
<complexType name="SRVType">
<attributeGroup ref="dns:baseAttributes"/>
<attribute name="priority" type="unsignedShort" use="required"/>
<attribute name="weight" type="unsignedShort" use="required"/>
<attribute name="port" type="dns:portType" use="required"/>
<attribute name="target" type="dns:domainType" use="required"/>
</complexType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- TKEY element [RFC2930] (2) -->
<!-- - - - - - - - - - - - - - - - - - -->
<element name="TKEY" substitutionGroup="dns:RR" type="dns:TKEYType"
nillable="true"/>
<complexType name="TKEYType">
<simpleContent>
<extension base="dns:hexWithWhitespace">
<attributeGroup ref="dns:baseAttributes"/>
<attribute name="algorithm" type="dns:domainType"
use="required"/>
<attribute name="inception" type="dns:secondsSinceEpoch32Type"
use="required"/>
<attribute name="expiration" type="dns:secondsSinceEpoch32Type"
use="required"/>
<attribute name="mode" type="unsignedShort" use="required"/>
<attribute name="error" type="dns:rcode16Type" use="required"/>
<attribute name="keysize" type="unsignedShort" use="required"/>
<attribute name="keydata" type="hexBinary" use="required"/>
<attribute name="othersize" type="dns:rdataLengthType"
use="optional"/>
</extension>
</simpleContent>
</complexType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- TSIG element [RFC2845] (2.3) -->
<!-- - - - - - - - - - - - - - - - - - -->
<element name="TSIG" substitutionGroup="dns:RR" type="dns:TSIGType"
nillable="true"/>
<complexType name="TSIGType">
<simpleContent>
<extension base="dns:hexWithWhitespace">
<attributeGroup ref="dns:baseAttributes"/>
<attribute name="algorithm" type="dns:domainType"
use="required"/>
<attribute name="timesigned" type="dns:secondsSinceEpoch48Type"
use="required"/>
<attribute name="fudge" type="unsignedShort" use="required"/>
<attribute name="macsize" type="unsignedShort" use="required"/>
<attribute name="mac" type="hexBinary" use="required"/>
<attribute name="originalid" type="dns:idType" use="required"/>
<attribute name="error" type="dns:rcode16Type" use="optional"/>
<attribute name="otherlen" type="dns:rdataLengthType"
use="optional"/>
</extension>
</simpleContent>
</complexType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- TXT element [RFC1035] (3.3.14) -->
<!-- - - - - - - - - - - - - - - - - - -->
<element name="TXT" substitutionGroup="dns:RR" type="dns:TXTType"/>
<complexType name="TXTType">
<simpleContent>
<extension base="string">
<attributeGroup ref="dns:baseAttributes"/>
</extension>
</simpleContent>
</complexType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- WKS element [RFC1035] (3.4.2) -->
<!-- - - - - - - - - - - - - - - - - - -->
<element name="WKS" substitutionGroup="dns:RR" type="dns:WKSType"/>
<complexType name="WKSType">
<simpleContent>
<extension base="dns:hexWithWhitespace">
<attributeGroup ref="dns:baseAttributes"/>
<attribute name="address" type="dns:ip4AddressType"
use="required"/>
<attribute name="protocol" type="dns:ipProtocolType"
use="required"/>
</extension>
</simpleContent>
</complexType>
<!-- - - - - - - - - - - - - - - - - - -->
<!-- X25 element [RFC1183] (3.1) -->
<!-- - - - - - - - - - - - - - - - - - -->
<element name="X25" substitutionGroup="dns:RR" type="dns:X25Type"/>
<complexType name="X25Type">
<attributeGroup ref="dns:baseAttributes"/>
<attribute name="psdn-address" type="string" use="required"/>
</complexType>
</schema>
]]></artwork>
</figure>
</section>
<section anchor="Acknowledgements" title="Acknowledgements">
<t>We would like to thank Alex Dalitz and Roy Arends for their
review of early versions of this draft.</t>
<t>The regular expression for IPv6 addresses was published by
Dartware and altered by the authors to fit with the limited
regular expression syntax of XML Schema.</t>
</section>
<section anchor="IANA" title="IANA Considerations">
<t>This memo uses URNs to describe <xref
target="W3C.REC-xml-names-20091208">XML namespaces</xref>
and XML schemas conforming to a registry mechanism described
in <xref target="RFC3688"/>. Three URI assignments need to be
registered by the IANA.</t>
<t>Registration request for the dnsxml namespace:</t>
<t><list style="empty">
<t>URI: urn:ietf:params:xml:ns:dns</t>
<t>Registrant Contact: See the "Author's Address" section of
this memo.</t>
<t>XML: None. Namespace URIs do not represent an XML
specification.</t>
</list></t>
<t>Registration request for the dnsxml version specific
namespace:</t>
<t><list style="empty">
<t>URI: urn:ietf:params:xml:ns:dns-1.0</t>
<t>Registrant Contact: See the "Author's Address" section of
this memo.</t>
<t>XML: None. Namespace URIs do not represent an XML
specification.</t>
</list></t>
<t>Registration request for the dnsxml XML schema:</t>
<t><list style="empty">
<t>URI: urn:ietf:params:xml:schema:dns-1.0</t>
<t>Registrant Contact: See the "Author's Address" section of
this memo.</t>
<t>XML: See <xref target="fullschema"/> of this memo.</t>
</list></t>
</section>
<section anchor="Security" title="Security Considerations">
<t>This memo includes no security considerations.</t>
</section>
</middle>
<back>
<references title="Normative References"> &RFC1035; &RFC1183;
&RFC1706; &RFC1712; &RFC1876; &RFC2119; &RFC2136; &RFC2163;
&RFC2181; &RFC2230; &RFC2538; &RFC2672; &RFC2782; &RFC2845;
&RFC2874; &RFC2930; &RFC2931; &RFC3123; &RFC3403; &RFC3445;
&RFC3596; &RFC3597; &RFC3688; &RFC4025; &RFC4034; &RFC4255;
&RFC4408; &RFC4431; &RFC4509; &RFC4701; &RFC5155; &RFC5702;
&RFC5933; &RFC6195; &RFC6605; &W3C.REC-xml-20081126;
&W3C.REC-xmlschema-1-20041028; &W3C.REC-xmlschema-2-20041028;
&W3C.REC-xml-names-20091208; <reference
anchor="dns-sec-alg-numbers"
target="http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xml">
<front>
<title>Domain Name System Security (DNSSEC) Algorithm
Numbers</title>
<author>
<organization>IANA</organization>
</author>
<date year="2012"/>
</front>
</reference>
</references>
<references title="Informative References"> &RFC1002; &RFC2045;
&RFC2671; </references>
</back>
</rfc>
| PAFTECH AB 2003-2026 | 2026-04-24 02:42:15 |