One document matched: draft-ietf-dnsop-as112-dname-06.xml
<?xml version="1.0" encoding="UTF-8"?>
<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
<!ENTITY rfc1035 PUBLIC ""
"http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.1035.xml">
<!ENTITY rfc1918 PUBLIC ""
"http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.1918.xml">
<!ENTITY rfc2308 PUBLIC ""
"http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.2308.xml">
<!ENTITY rfc2860 PUBLIC ""
"http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.2860.xml">
<!ENTITY rfc2928 PUBLIC ""
"http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.2928.xml">
<!ENTITY rfc3172 PUBLIC ""
"http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.3172.xml">
<!ENTITY rfc4033 PUBLIC ""
"http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.4033.xml">
<!ENTITY rfc4786 PUBLIC ""
"http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.4786.xml">
<!ENTITY rfc5737 PUBLIC ""
"http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5737.xml">
<!ENTITY rfc6303 PUBLIC ""
"http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6303.xml">
<!ENTITY rfc6672 PUBLIC ""
"http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6672.xml">
<!ENTITY rfc6890 PUBLIC ""
"http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6890.xml">
<!ENTITY draft-ietf-dnsop-rfc6304bis PUBLIC ""
"http://xml2rfc.ietf.org/public/rfc/bibxml3/reference.I-D.ietf-dnsop-rfc6304bis.xml">
]>
<rfc category="info" docName="draft-ietf-dnsop-as112-dname-06"
ipr="trust200902">
<?rfc toc="yes" ?>
<?rfc symrefs="yes" ?>
<?rfc sortrefs="yes"?>
<?rfc iprnotified="no" ?>
<?rfc strict="yes" ?>
<front>
<title>AS112 Redirection using DNAME</title>
<author fullname="Joe Abley" initials="J." surname="Abley">
<organization>Dyn, Inc.</organization>
<address>
<postal>
<street>186 Albert Street, Suite 103</street>
<city>London</city>
<region>ON</region>
<code>N6A 1M1</code>
<country>Canada</country>
</postal>
<phone>+1 519 670 9327</phone>
<email>jabley@dyn.com</email>
</address>
</author>
<author fullname="Brian Dickson" initials="B.P." surname="Dickson">
<organization>Twitter, Inc.</organization>
<address>
<email>bdickson@twitter.com</email>
</address>
</author>
<author fullname="Warren Kumari" initials="W." surname="Kumari">
<organization>Google</organization>
<address>
<postal>
<street>1600 Amphitheatre Parkway</street>
<city>Mountain View</city>
<region>CA</region>
<code>94043</code>
<country>USA</country>
</postal>
<email>warren@kumari.net</email>
</address>
</author>
<author fullname="George Michaelson" initials="G." surname="Michaelson">
<organization>APNIC</organization>
<address>
<email>ggm@apnic.net</email>
</address>
</author>
<date day="24" month="November" year="2014" />
<abstract>
<t>AS112 provides a mechanism for handling reverse lookups
on IP addresses that are not unique (e.g., RFC 1918 addresses).
This document describes modifications to the deployment and
use of AS112 infrastructure that will allow zones to be
added and dropped much more easily, using DNAME resource
records.</t>
<t>This approach makes it possible for any DNS zone administrator
to sink traffic relating to parts of the global DNS namespace
under their control to the AS112 infrastructure without
coordination with the operators of AS112 infrastructure.</t>
</abstract>
</front>
<middle>
<section title="Introduction">
<t>Many sites connected to the Internet make use of IPv4
addresses that are not globally unique. Examples are the
addresses designated in <xref target="RFC1918"/> for private
use within individual sites.</t>
<t>Devices in such environments may occasionally originate
Domain Name System (DNS) queries (so-called "reverse lookups")
corresponding to those private-use addresses. Since the
addresses concerned have only local significance, it is
good practice for site administrators to ensure that such
queries are answered locally. However, it is not uncommon
for such queries to follow the normal delegation path in
the public DNS instead of being answered within the site.</t>
<t>It is not possible for public DNS servers to give useful
answers to such queries. In addition, due to the wide
deployment of private-use addresses and the continuing
growth of the Internet, the volume of such queries is large
and growing. The AS112 project aims to provide a distributed
sink for such queries in order to reduce the load on the
IN-ADDR.ARPA authoritative servers. The AS112 project is
named after the Autonomous System Number (ASN) that was
assigned to it.</t>
<t>Prior to implementation of this technique, the AS112 project
did not accommodate the addition and removal of DNS zones
elegantly. Since additional zones of definitively local
significance are known to exist, this presents a problem.
This document describes modifications to the deployment and
use of AS112 infrastructure that will allow zones to be
added and dropped much more easily.</t>
<t>The AS112 project is described in detail in <xref
target="I-D.ietf-dnsop-rfc6304bis"></xref>.</t>
<t>The AS112 nameservers (PRISONER.IANA.ORG, BLACKHOLE-1.IANA.ORG
and BLACKHOLE-2.IANA.ORG) are required to answer authoritatively
for each and every zone that is delegated to them. If a
zone is delegated to AS112 nameservers without those
nameservers being configured ahead of time to answer
authoritatively for that zone, there is a detrimental impact
on clients following referrals for queries within that zone.
This misconfiguration is colloquially known as a "lame
delegation".</t>
<t>AS112 nameserver operators are only loosely-coordinated,
and hence adding support for a new zone (or, correspondingly,
removing support for a zone that is no longer delegated to
the AS112 nameservers) is difficult to accomplish with
accuracy. Testing AS112 nameservers remotely to see whether
they are configured to answer authoritatively for a particular
zone is similarly challenging since AS112 nodes are distributed
using <xref target="RFC4786">anycast</xref>.</t>
<t>This document defines a more flexible approach for sinking
queries on AS112 infrastructure that can be deployed alongside
unmodified, existing AS112 nodes. Instead of delegating
additional zones directly to AS112 nameservers, <xref
target="RFC6672">DNAME</xref> redirection is used. This
approach has the advantage that query traffic for arbitrary
parts of the namespace can be directed to AS112 servers
without those servers having to be reconfigured every time
a zone is added or removed.</t>
<t>This approach makes it possible for any DNS zone administrator
to sink traffic relating to parts of the global DNS namespace
under their control to the AS112 infrastructure without
coordination with the operators of AS112 infrastructure.</t>
</section>
<section title="Design Overview">
<t>A new zone, EMPTY.AS112.ARPA, is delegated to a single
nameserver BLACKHOLE.AS112.ARPA (IPv4 address TBAv4-1, IPv6
address TBAv6-1).</t>
<t>The IPv4 address TBAv4-1 has been assigned by the IANA
such that the address is coverable by a single IPv4 /24
prefix, and that no other address covered by that prefix
is in use. The IPv6 address TBAv6-1 has been similarly
assigned such that no other address within a covering /48
is in use. This addressing plan accommodates the anycast
distribution of the BLACKHOLE.AS112.ARPA service using a
single IPv4 service prefix and a single IPv6 service prefix.
See <xref target="RFC4786"></xref> for more discussion of
anycast service distribution; see <xref target="iana"></xref>
for the specific requests this document makes of the IANA.</t>
<t>Some or all of the existing AS112 nodes SHOULD be extended
to support these new nameserver addresses, and to host the
EMPTY.AS112.ARPA zone. See <xref
target="I-D.ietf-dnsop-rfc6304bis"></xref> for revised
guidance to AS112 server operators.</t>
<t>Each part of the DNS namespace for which it is desirable
to sink queries at AS112 nameservers should be redirected
to the EMPTY.AS112.ARPA zone using <xref
target="RFC6672">DNAME</xref>. See <xref
target="redirection"></xref> for guidance to zone
administrators.</t>
</section>
<section title="AS112 Operations">
<section anchor="extensions"
title="Extensions to Support DNAME Redirection">
<t>Guidance to operators of AS112 nodes is extended to
include configuration of the TBAv4-1, and TBAv6-1 addresses,
and the corresponding announcement of covering routes for
those addresses, and to host the EMPTY.AS112.ARPA zone.</t>
<t>IPv4-only AS112 nodes should only configure the TBAv4-1
nameserver address; IPv6-only AS112 nodes should only
configure the TBAv6-1 nameserver address.</t>
<t>It is only necessary for a single AS112 server operator
to implement these extensions for this mechanism to
function as intended. It is beneficial if many more than
one AS112 server operators make these changes, however,
since that provides for greater distribution and capacity
for the nameservers serving the EMPTY.AS112.ARPA zone.
It is not necessary for all AS112 server operators to
make these changes for the mechanism to be viable.</t>
<t>Detailed instructions for the implementation of these
extensions is included in <xref
target="I-D.ietf-dnsop-rfc6304bis"></xref>.</t>
</section>
<section anchor="redirection"
title="Redirection of Query Traffic to AS112 Servers">
<t>Once the EMPTY.AS112.ARPA zone has been deployed using
the nameservers described in <xref target="extensions"></xref>,
redirections may be installed in the DNS namespace for
queries that are intended to be answered by the AS112
infrastructure.</t>
<t>For example, reverse queries corresponding to <xref
target="RFC5737">TEST-NET-1 (192.0.2.0/24)</xref> could
be redirected to AS112 nameservers by installing a DNAME
resource record in the 192.IN-ADDR.ARPA zone, as illustrated
in <xref target="TEST-NET-1"></xref>.</t>
<figure anchor="TEST-NET-1">
<artwork><![CDATA[
$ORIGIN 192.IN-ADDR.ARPA.
...
2.0 IN DNAME EMPTY.AS112.ARPA.
...
]]></artwork>
</figure>
<t>There is no practical limit to the number of redirections
that can be configured in this fashion. Redirection of a
particular part of the namespace to EMPTY.AS112.ARPA can
be removed at any time, under the control of the
administrators of the corresponding part of the DNS
namespace. No changes to deployed AS112 nodes incorporating
the extensions described in this document are required
to support additional redirections. A list of possible
candidates for AS112 redirection can be found in <xref
target="candidates"></xref>.</t>
<t>DNAME resource records deployed for this purpose can be
signed with <xref target="RFC4033">DNSSEC</xref>, providing
a secure means of authenticating the legitimacy of each
redirection.</t>
</section>
</section>
<section title="Continuity of AS112 Operations">
<t>Existing guidance to AS112 server operators to accept and
respond to queries directed at the PRISONER.IANA.ORG,
BLACKHOLE-1.IANA.ORG and BLACKHOLE-2.IANA.ORG nameservers
should continue to be followed, and no changes to the
delegation of existing zones hosted on AS112 servers should
occur. These measures are intended to provide continuity
of operations for zones currently delegated to AS112 servers
and avoid any accidental client impact due to the changes
proposed in this document.</t>
<t>Once it has become empirically and quantitatively clear
that the EMPTY.AS112.ARPA zone is well-hosted to the extent
that it is thought that the existing, unmodified AS112
servers host 10.IN-ADDR.ARPA, the decision might be made
to replace the delegation of those <xref target="RFC1918"></xref>
zones with DNAME redirection. Once implemented, the
PRISONER.IANA.ORG, BLACKHOLE-1.IANA.ORG and BLACKHOLE-2.IANA.ORG
nameservers could be retired. This document gives no such
direction to the IANA, however.</t>
</section>
<section anchor="candidates" title="Candidate Zones for AS112 Redirection">
<t>All zones listed in <xref target="RFC6303"></xref> are
candidates for AS112 redirection.</t>
<t>Since no pre-provisioning is required on the part of AS112
operators to facilitate sinking of any name in the DNS
namespace by AS112 infrastructure, this mechanism supports
AS112 redirection by any zone owner in the DNS.</t>
<t>This document is simply concerned with provision of the
AS112 redirection service, and does not specify that any
particular AS112 redirection be put in place.</t>
</section>
<section title="DNAME Deployment Considerations">
<t>DNAME was specified years after the original implementations
of <xref target="RFC1035"></xref>, and hence universal
deployment cannot be expected. <xref target="RFC6672"></xref>
specifies a fall-back mechanism which makes use of synthesised
CNAME RRSets for this reason. The expectation that design
choices in the DNAME specification ought to mitigate any
lack of deployment is reviewed below. Experimental validation
of those expectations is included in <xref
target="experiment"></xref>.</t>
<t>It is a fundamental design requirement of AS112 service
that responses be cached. We can safely declare DNAME support
on the authoritative server to be a prerequisite for DNAME
redirection, but the cases where individual elements in
resolver chains do not support DNAME processing deserve
closer examination.</t>
<t>The expected behaviour when a DNAME response is supplied
to a resolver that does not support DNAME is that the
accompanying, synthesised CNAME will be accepted and cached.
Re-query frequency will be determined by the TTLs returned
by the DNAME-responding authoritative servers.</t>
<t>Resolution of the CNAME target is straightforward and
functions exactly as the AS112 project has operated since
it was deployed. The <xref target="RFC2308">negative
caching</xref> of the CNAME target follows the parameters
defined in the target zone, EMPTY.AS112.ARPA. This has the
side-effects that all redirected names ultimately landing
on an AS112 node will be negatively-cached with the same
parameters, but this lack of flexibility seems non-controversial;
the effect of reducing the negative cache TTL would be
increased query volume on the AS112 node operator concerned,
and hence controls seem well-aligned with operation.</t>
<t>Validating resolvers (i.e. those requesting and processing
<xref target="RFC4033">DNSSEC</xref> metadata) are required
to implement DNAME, and hence should not make use of
synthesised CNAME RRs. The lack of signature over a received
CNAME RR should hence not limit the ability to sign the
redirection point, and for those signatures to be validated.</t>
<t>In the case where a recursive server implements DNAME, but
DNAME is not implemented in a stub resolver, CNAME synthesis
will again provide a viable path.</t>
<t>DNAME support on AS112 nodes themselves is never required
under this proposal.</t>
</section>
<section title="IAB Statement Regarding this .ARPA Request">
<t>With the publication of this document, the IAB approves
of the delegation of 'AS112' in the ARPA domain. Under <xref
target="RFC3172"/>, the IAB has requested that IANA delegate
and provision "AS112.ARPA" as specified in this specification.
However, the IAB does not take any architectural or technical
position about this specification.</t>
</section>
<section anchor="iana" title="IANA Considerations">
<section title="Address Assignment">
<t>This document requests that IANA assign IPv4 and IPv6
number resources in conformance with section 4 of <xref
target="RFC2860"></xref>.</t>
<t>The IANA is requested to assign one IPv4 /24 netblock
and register its use in the IPv4 Special-Purpose Address
Registry <xref target="RFC6890"></xref> as follows:</t>
<texttable>
<ttcol>Name</ttcol>
<ttcol>Value</ttcol>
<c>Address Block</c>
<c>As determined by IANA</c>
<c>Name</c>
<c>AS112-v4</c>
<c>RFC</c>
<c>[THIS DOCUMENT]</c>
<c>Allocation Date</c>
<c>As determined by IANA</c>
<c>Termination Date</c>
<c>N/A</c>
<c>Source</c>
<c>True</c>
<c>Destination</c>
<c>True</c>
<c>Forwardable</c>
<c>True</c>
<c>Global</c>
<c>True</c>
<c>Reserved-by-Protocol</c>
<c>False</c>
</texttable>
<t>We suggest that IANA assign 192.31.196.0/24 from the
IPv4 Recovered Address Space Registry, but any /24 which
has been unassigned and unadvertised for at least twelve
months is acceptable.</t>
<t>The IANA is requested to assign one IPv6 /48 netblock
and register its use in the IPv6 Special-Purpose Address
Registry <xref target="RFC6890"></xref> as follows:</t>
<texttable>
<ttcol>Name</ttcol>
<ttcol>Value</ttcol>
<c>Address Block</c>
<c>As determined by IANA</c>
<c>Name</c>
<c>AS112-v6</c>
<c>RFC</c>
<c>[THIS DOCUMENT]</c>
<c>Allocation Date</c>
<c>As determined by IANA</c>
<c>Termination Date</c>
<c>N/A</c>
<c>Source</c>
<c>True</c>
<c>Destination</c>
<c>True</c>
<c>Forwardable</c>
<c>True</c>
<c>Global</c>
<c>True</c>
<c>Reserved-by-Protocol</c>
<c>False</c>
</texttable>
<t>We suggest that IANA assign 2001:112::/48 from the IETF
Protocol Assignments allocation <xref target="RFC2928"></xref>,
but /48 which has been unassigned and unadvertised for
at least twelve months is acceptable.</t>
<t>Once assigned, all occurrences of TBAv4 in this document
should be replaced by the IPv4 netblock assigned, in
conventional notation. Occurrences of TBAv4-1 should be
replaced with an address from the netblock with lowest
octet set to 1. Similarly, all occurrences of TBAv6 in
this document should be replaced by the IPv6 netblock
assigned, in conventional notation, and TBAv6-1 replaced
with an address from that netblock with the lowest 48
bits set to the value 1. Once those changes are made,
this paragraph may be removed prior to publication.</t>
<t>The netblocks assigned by the IANA for this purpose are
TBAv4 and TBAv6.</t>
</section>
<section anchor="hosting" title="Hosting of AS112.ARPA">
<t>The IANA is requested to host and sign the zone AS112.ARPA
using nameservers and DNSSEC signing infrastructure of
their choosing, as shown in <xref target="as112arpa"></xref>.
SOA RDATA may be adjusted by the IANA to suit their
operational requirements.</t>
<figure anchor="as112arpa">
<artwork><![CDATA[
$ORIGIN AS112.ARPA.
$TTL 3600
@ IN SOA BLACKHOLE.AS112.ARPA. NOC.DNS.ICANN.ORG. (
1 ; serial
10800 ; refresh
3600 ; retry
1209600 ; expire
3600 ) ; negative cache TTL
NS A.IANA-SERVERS.NET.
NS B.IANA-SERVERS.NET.
NS C.IANA-SERVERS.NET.
BLACKHOLE A TBAv4-1
AAAA TBAv6-1
HOSTNAME NS BLACKHOLE
EMPTY NS BLACKHOLE
]]></artwork>
</figure>
</section>
<section title="Delegation of AS112.ARPA">
<t>Once the AS112.ARPA zone is being hosted in production,
the IANA is requested to arrange delegation from the ARPA
zone according to normal IANA procedure for ARPA zone
management, to the nameservers used in carrying out the
direction in <xref target="hosting"></xref>. The whois
contact information for the new record should be specified
by the IAB under <xref target="RFC3172"/>.</t>
</section>
</section>
<section title="Security Considerations">
<t>This document presents no known additional security concerns
to the Internet.</t>
<t>For security considerations relating to AS112 service in
general, see <xref target="I-D.ietf-dnsop-rfc6304bis"></xref>.</t>
</section>
<section title="Acknowledgements">
<t>The authors acknowledge the valuable contributions of Bob
Harold and other participants in the DNSOP working group
in the preparation of this document.</t>
</section>
</middle>
<back>
<references title="Normative References">
&rfc1035;
&rfc2308;
&rfc6672;
&draft-ietf-dnsop-rfc6304bis;
</references>
<references title="Informative References">
&rfc1918;
&rfc2860;
&rfc2928;
&rfc3172;
&rfc4033;
&rfc4786;
&rfc5737;
&rfc6303;
&rfc6890;
</references>
<section anchor="experiment"
title="Assessing Support for DNAME in the Real World">
<t>To measure the extent to which the DNAME construct is
supported in the Internet, we have used an experimental
technique to test the DNS resolvers used by end hosts, and
derive from the test a measurement of DNAME support within
the Internet.</t>
<section title="Methodology">
<t>The test was conducted by loading a user's browser with
4 URLs to retrieve. The first three comprise the test
setup, while the final URL communicates the result the
the experiment controller. The URLs are: <list style="hanging">
<t hangText="A">http://a.<unique_string>.dname.example.com/1x1.png?<vspace blankLines="0" />a.<unique_string>.dname</t>
<t hangText="B">http://b.dname.example.com/1x1.png?<vspace blankLines="0" />b.<unique_string>.dname</t>
<t hangText="C">http://c.<unique_string>.target.example.net/1x1.png?<vspace blankLines="0" />c.<unique_string>.target</t>
<t hangText="D">http://results.recorder.example.net/1x1.png?<vspace blankLines="0" />results.<unique_string>?za=<a_result>&zb=<b_result>&zc=<c_result></t>
</list></t>
<t>The A URL is designed to test the end users capability
to resolve a name that has never been seen before, so
that the resolution of this domain name will reliably
result in a query at the authoritative name server. This
is intended to test the use of domain names where there
is a dynamic component that also uses the DNAME construct.</t>
<t>The B URL is deliberately designed to be cached by caching
resolvers that are used in the process of resolving the
domain name.</t>
<t>The C URL is a control URL. This is a unique URL, similar
to A, but does not refer to a DNAME structure.</t>
<t>The D URL uses a static cacheable domain name.</t>
<t>The <unique_string> value is common to the four
URLs used in each individual instance of this test, but
varies from test to test. The result is that each end
user is presented with a unique string.</t>
<t>The contents of the EXAMPLE.COM, TARGET.EXAMPLE.NET and
RECORDER.EXAMPLE.NET zones are shown in <xref
target="experiment-zones"></xref>.</t>
<figure anchor="experiment-zones">
<artwork><![CDATA[
$ORIGIN EXAMPLE.COM.
...
DNAME. IN DNAME TARGET.EXAMPLE.NET.
...
$ORIGIN TARGET.EXAMPLE.NET.
...
B IN A 192.0.2.0
* IN A 192.0.2.0
...
$ORIGIN RECORDER.EXAMPLE.NET.
...
RESULTS IN A 192.0.2.0
...
]]></artwork>
</figure>
<t>The first three URLs (A, B and C) are loaded as tasks
into the user's browser upon execution of the test's
script. The script starts a timer with each of these
URLs to measure the elapsed time to fetch the URL. The
script then waits for the three fetches to complete, or
10 seconds, whichever occurs first. The script then loads
the results of the three timers into the GET arguments
of the D URL, and performs a fetch to pass these results
back to the experiment's server.</t>
<t>Logs on the web server reached at RESULTS.EXAMPLE.NET
will include entries of the form shown in <xref
target="experiment-results"></xref>. If any of the URLs
fail to load within 10 secords the D URL will report the
failure as a "null" timer value.</t>
<figure anchor="experiment-results">
<artwork><![CDATA[
GET /1x1.png?results.<unique_string>?za=1822&zb=1674&zc=1582
GET /1x1.png?results.<unique_string>?za=null&zb=null&zc=161
]]></artwork>
</figure>
<t>The script has been encoded in Adobe Flash with a simple
image in the form of an online advertisement. An online
advertisement network has been used to distribute the
script. The script is invoked when the advertisement is
presented in the end user's browser or application, and
does not require the user to click on the supplied image
in any way. The advertisement placement parameters were
set to to broadest possible scope to sample users from
across the entire internet.</t>
</section>
<section title="Results">
<t>The test was loaded into an advertisement distributed
on 2013-10-10 and 2013-10-11.</t>
<texttable anchor="table_ex">
<ttcol align="left"></ttcol>
<ttcol align="right">Count</ttcol>
<ttcol align="right">Percentage</ttcol>
<c>Recorded Results:</c>
<c>338,478</c>
<c></c>
<c>A or B Loaded:</c>
<c>331,896</c>
<c>98.1%</c>
<c>A Fail and B Fail:</c>
<c>6,492</c>
<c>1.9%</c>
<c>A Fail and B Load:</c>
<c>4,249</c>
<c>1.3%</c>
<c>A Load and B Fail:</c>
<c>1,624</c>
<c>0.5%</c>
<c>C Fail:</c>
<c>9,355</c>
<c>2.8%</c>
</texttable>
<t>These results indicate that at most 1.9% of tested clients
use DNS resolvers that fail to resolve a domain name that
contains a DNAME redirection. However the failure rate
of slightly lower than 3% for the control URL indicates
that the failure rate for the DNAME construct lies within
the bounds of error within the experimental framework.
We conclude that there is no evidence of a consistent
failure on the part of deployed DNS resolvers to correctly
resolve a DNAME construct.</t>
<t>This experiment was conducted by Geoff Huston and George
Michaelson.</t>
</section>
</section>
<section title="Editorial Notes">
<t>This section (and sub-sections) to be removed prior to
publication.</t>
<section title="Change History">
<t>
<list style="hanging">
<t hangText="00">Initial write-up of Brian's idea,
circulated for the purposes of entertainment.</t>
<t hangText="01">Some particularly egregious spelling
mistakes fixed. Warren Kumari and George Michaelson
added as co-authors. Intended status changed to
informational. Appendix on DNAME testing added,
describing an experiment conducted by Geoff Huston
and George Michaelson.</t>
<t hangText="00">Adopted by dnsop in IETF88, Vancouver;
resubmitted as draft-ietf-dnsop-as112-dname. Changed
contact info for Brian.</t>
<t hangText="01">Minor updates following submission of
draft-jabley-dnsop-rfc6304bis.</t>
<t hangText="02">Text in IANA Considerations section
dealing with address assignments modified following
informal advice received from Leo Vegoda.</t>
<t hangText="03">Updated references to 6304 following
guidance from working group chairs.</t>
<t hangText="04">Corrected an error picked up by Bob
Harold.</t>
<t hangText="05">Addressed various comments from the
IESG and IAB. Updated Brian's contact info. Minor
spelling and grammatical corrections. Added text
to the abstract and introduction to reinforce the
point that this approach allows liberal use of
AS112 infrastructure without coordination with AS112
operators.</t>
<t hangText="06">Made changes requested by the IAB
relating to <xref target="RFC3172"/>.</t>
</list></t>
</section>
</section>
</back>
</rfc>
| PAFTECH AB 2003-2026 | 2026-04-24 08:59:13 |