rfc2845.txt

来自「RFC 的详细文档！」· 文本 代码 · 共 844 行 · 第 1/3 页


RFC 2845                        DNS TSIG                        May 2000


   Message, and decremented out of the DNS message header's ARCOUNT.  At
   this point the keyed message digest operation is performed.  If the
   algorithm name or key name is unknown to the recipient, or if the
   message digests do not match, the whole DNS message MUST be
   discarded.  If the message is a query, a response with RCODE 9
   (NOTAUTH) MUST be sent back to the originator with TSIG ERROR 17
   (BADKEY) or TSIG ERROR 16 (BADSIG).  If no key is available to sign
   this message it MUST be sent unsigned (MAC size == 0 and empty MAC).
   A message to the system operations log SHOULD be generated, to warn
   the operations staff of a possible security incident in progress.
   Care should be taken to ensure that logging of this type of event
   does not open the system to a denial of service attack.

   3.3. Time values used in TSIG calculations

   The data digested includes the two timer values in the TSIG header in
   order to defend against replay attacks.  If this were not done, an
   attacker could replay old messages but update the "Time Signed" and
   "Fudge" fields to make the message look new.  This data is named
   "TSIG Timers", and for the purpose of digest calculation they are
   invoked in their "on the wire" format, in the following order: first
   Time Signed, then Fudge.  For example:

Field Name    Value       Wire Format         Meaning
----------------------------------------------------------------------
Time Signed   853804800   00 00 32 e4 07 00   Tue Jan 21 00:00:00 1997
Fudge         300         01 2C               5 minutes

   3.4. TSIG Variables and Coverage

   When generating or verifying the contents of a TSIG record, the
   following data are digested, in network byte order or wire format, as
   appropriate:

   3.4.1. DNS Message

   A whole and complete DNS message in wire format, before the TSIG RR
   has been added to the additional data section and before the DNS
   Message Header's ARCOUNT field has been incremented to contain the
   TSIG RR.  If the message ID differs from the original message ID, the
   original message ID is substituted for the message ID.  This could
   happen when forwarding a dynamic update request, for example.









Vixie, et al.               Standards Track                     [Page 6]

RFC 2845                        DNS TSIG                        May 2000


   3.4.2. TSIG Variables

Source       Field Name       Notes
-----------------------------------------------------------------------
TSIG RR      NAME             Key name, in canonical wire format
TSIG RR      CLASS            (Always ANY in the current specification)
TSIG RR      TTL              (Always 0 in the current specification)
TSIG RDATA   Algorithm Name   in canonical wire format
TSIG RDATA   Time Signed      in network byte order
TSIG RDATA   Fudge            in network byte order
TSIG RDATA   Error            in network byte order
TSIG RDATA   Other Len        in network byte order
TSIG RDATA   Other Data       exactly as transmitted

   The RR RDLEN and RDATA MAC Length are not included in the hash since
   they are not guaranteed to be knowable before the MAC is generated.

   The Original ID field is not included in this section, as it has
   already been substituted for the message ID in the DNS header and
   hashed.

   For each label type, there must be a defined "Canonical wire format"
   that specifies how to express a label in an unambiguous way.  For
   label type 00, this is defined in [RFC2535], for label type 01, this
   is defined in [RFC2673].  The use of label types other than 00 and 01
   is not defined for this specification.

   3.4.3. Request MAC

   When generating the MAC to be included in a response, the request MAC
   must be included in the digest.  The request's MAC is digested in
   wire format, including the following fields:

   Field        Type           Description
   ---------------------------------------------------
   MAC Length   u_int16_t      in network byte order
   MAC Data     octet stream   exactly as transmitted

   3.5. Padding

   Digested components are fed into the hashing function as a continuous
   octet stream with no interfield padding.









Vixie, et al.               Standards Track                     [Page 7]

RFC 2845                        DNS TSIG                        May 2000


4 - Protocol Details

   4.1. TSIG generation on requests

   Client performs the message digest operation and appends a TSIG
   record to the additional data section and transmits the request to
   the server.  The client MUST store the message digest from the
   request while awaiting an answer.  The digest components for a
   request are:

      DNS Message (request)
      TSIG Variables (request)

   Note that some older name servers will not accept requests with a
   nonempty additional data section.  Clients SHOULD only attempt signed
   transactions with servers who are known to support TSIG and share
   some secret key with the client -- so, this is not a problem in
   practice.

   4.2. TSIG on Answers

   When a server has generated a response to a signed request, it signs
   the response using the same algorithm and key.  The server MUST not
   generate a signed response to an unsigned request.  The digest
   components are:

      Request MAC
      DNS Message (response)
      TSIG Variables (response)

   4.3. TSIG on TSIG Error returns

   When a server detects an error relating to the key or MAC, the server
   SHOULD send back an unsigned error message (MAC size == 0 and empty
   MAC).  If an error is detected relating to the TSIG validity period,
   the server SHOULD send back a signed error message.  The digest
   components are:

      Request MAC (if the request MAC validated)
      DNS Message (response)
      TSIG Variables (response)

   The reason that the request is not included in this digest in some
   cases is to make it possible for the client to verify the error.  If
   the error is not a TSIG error the response MUST be generated as
   specified in [4.2].





Vixie, et al.               Standards Track                     [Page 8]

RFC 2845                        DNS TSIG                        May 2000


   4.4. TSIG on TCP connection

   A DNS TCP session can include multiple DNS envelopes.  This is, for
   example, commonly used by zone transfer.  Using TSIG on such a
   connection can protect the connection from hijacking and provide data
   integrity.  The TSIG MUST be included on the first and last DNS
   envelopes.  It can be optionally placed on any intermediary
   envelopes.  It is expensive to include it on every envelopes, but it
   MUST be placed on at least every 100'th envelope.  The first envelope
   is processed as a standard answer, and subsequent messages have the
   following digest components:

      Prior Digest (running)
      DNS Messages (any unsigned messages since the last TSIG)
      TSIG Timers (current message)

   This allows the client to rapidly detect when the session has been
   altered; at which point it can close the connection and retry.  If a
   client TSIG verification fails, the client MUST close the connection.
   If the client does not receive TSIG records frequently enough (as
   specified above) it SHOULD assume the connection has been hijacked
   and it SHOULD close the connection.  The client SHOULD treat this the
   same way as they would any other interrupted transfer (although the
   exact behavior is not specified).

   4.5. Server TSIG checks

   Upon receipt of a message, server will check if there is a TSIG RR.
   If one exists, the server is REQUIRED to return a TSIG RR in the
   response.  The server MUST perform the following checks in the
   following order, check KEY, check TIME values, check MAC.

   4.5.1. KEY check and error handling

   If a non-forwarding server does not recognize the key used by the
   client, the server MUST generate an error response with RCODE 9
   (NOTAUTH) and TSIG ERROR 17 (BADKEY).  This response MUST be unsigned
   as specified in [4.3].  The server SHOULD log the error.

   4.5.2. TIME check and error handling

   If the server time is outside the time interval specified by the
   request (which is: Time Signed, plus/minus Fudge), the server MUST
   generate an error response with RCODE 9 (NOTAUTH) and TSIG ERROR 18
   (BADTIME).  The server SHOULD also cache the most recent time signed
   value in a message generated by a key, and SHOULD return BADTIME if a
   message received later has an earlier time signed value.  A response
   indicating a BADTIME error MUST be signed by the same key as the



Vixie, et al.               Standards Track                     [Page 9]

RFC 2845                        DNS TSIG                        May 2000


   request.  It MUST include the client's current time in the time
   signed field, the server's current time (a u_int48_t) in the other
   data field, and 6 in the other data length field.  This is done so
   that the client can verify a message with a BADTIME error without the
   verification failing due to another BADTIME error.  The data signed
   is specified in [4.3].  The server SHOULD log the error.

   4.5.3. MAC check and error handling

   If a TSIG fails to verify, the server MUST generate an error response
   as specified in [4.3] with RCODE 9 (NOTAUTH) and TSIG ERROR 16
   (BADSIG).  This response MUST be unsigned as specified in [4.3].  The
   server SHOULD log the error.

   4.6. Client processing of answer

   When a client receives a response from a server and expects to see a
   TSIG, it first checks if the TSIG RR is present in the response.
   Otherwise, the response is treated as having a format error and
   discarded.  The client then extracts the TSIG, adjusts the ARCOUNT,
   and calculates the keyed digest in the same way as the server.  If
   the TSIG does not validate, that response MUST be discarded, unless
   the RCODE is 9 (NOTAUTH), in which case the client SHOULD attempt to
   verify the response as if it were a TSIG Error response, as specified
   in [4.3].  A message containing an unsigned TSIG record or a TSIG
   record which fails verification SHOULD not be considered an
   acceptable response; the client SHOULD log an error and continue to
   wait for a signed response until the request times out.

   4.6.1. Key error handling

   If an RCODE on a response is 9 (NOTAUTH), and the response TSIG
   validates, and the TSIG key is different from the key used on the
   request, then this is a KEY error.  The client MAY retry the request
   using the key specified by the server.  This should never occur, as a
   server MUST NOT sign a response with a different key than signed the
   request.

   4.6.2. Time error handling

   If the response RCODE is 9 (NOTAUTH) and the TSIG ERROR is 18
   (BADTIME), or the current time does not fall in the range specified
   in the TSIG record, then this is a TIME error.  This is an indication
   that the client and server clocks are not synchronized.  In this case
   the client SHOULD log the event.  DNS resolvers MUST NOT adjust any
   clocks in the client based on BADTIME errors, but the server's time
   in the other data field SHOULD be logged.




Vixie, et al.               Standards Track                    [Page 10]

RFC 2845                        DNS TSIG                        May 2000