rfc2535.txt

bind 9.3结合mysql数据库

                      c e r t - a u t h . e x a m p l e

        KEY RRs|   None    |  NoKeys   |  Mixed   |   Keys   |
     S       --+-----------+-----------+----------+----------+
     u  None   | illegal   | unsecured | experim. | secure   |
     p       --+-----------+-----------+----------+----------+
     e  NoKeys | unsecured | unsecured | experim. | secure   |
     r       --+-----------+-----------+----------+----------+
     Z  Mixed  | experim.  | experim.  | experim. | secure   |



Eastlake                    Standards Track                    [Page 16]

RFC 2535                DNS Security Extensions               March 1999


     o       --+-----------+-----------+----------+----------+
     n  Keys   | secure    | secure    | secure   | secure   |
     e         +-----------+-----------+----------+----------+

3.5 KEY RRs in the Construction of Responses

   An explicit request for KEY RRs does not cause any special additional
   information processing except, of course, for the corresponding SIG
   RR from a security aware server (see Section 4.2).

   Security aware DNS servers include KEY RRs as additional information
   in responses, where a KEY is available, in the following cases:

   (1) On the retrieval of SOA or NS RRs, the KEY RRset with the same
   name (perhaps just a zone key) SHOULD be included as additional
   information if space is available. If not all additional information
   will fit, type A and AAAA glue RRs have higher priority than KEY
   RR(s).

   (2) On retrieval of type A or AAAA RRs, the KEY RRset with the same
   name (usually just a host RR and NOT the zone key (which usually
   would have a different name)) SHOULD be included if space is
   available.  On inclusion of A or AAAA RRs as additional information,
   the KEY RRset with the same name should also be included but with
   lower priority than the A or AAAA RRs.

4. The SIG Resource Record

   The SIG or "signature" resource record (RR) is the fundamental way
   that data is authenticated in the secure Domain Name System (DNS). As
   such it is the heart of the security provided.

   The SIG RR unforgably authenticates an RRset [RFC 2181] of a
   particular type, class, and name and binds it to a time interval and
   the signer's domain name.  This is done using cryptographic
   techniques and the signer's private key.  The signer is frequently
   the owner of the zone from which the RR originated.

   The type number for the SIG RR type is 24.

4.1 SIG RDATA Format

   The RDATA portion of a SIG RR is as shown below.  The integrity of
   the RDATA information is protected by the signature field.







Eastlake                    Standards Track                    [Page 17]

RFC 2535                DNS Security Extensions               March 1999


                           1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |        type covered           |  algorithm    |     labels    |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                         original TTL                          |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                      signature expiration                     |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                      signature inception                      |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |            key  tag           |                               |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+         signer's name         +
      |                                                               /
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-/
      /                                                               /
      /                            signature                          /
      /                                                               /
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

4.1.1 Type Covered Field

   The "type covered" is the type of the other RRs covered by this SIG.

4.1.2 Algorithm Number Field

   This octet is as described in section 3.2.

4.1.3 Labels Field

   The "labels" octet is an unsigned count of how many labels there are
   in the original SIG RR owner name not counting the null label for
   root and not counting any initial "*" for a wildcard.  If a secured
   retrieval is the result of wild card substitution, it is necessary
   for the resolver to use the original form of the name in verifying
   the digital signature.  This field makes it easy to determine the
   original form.

   If, on retrieval, the RR appears to have a longer name than indicated
   by "labels", the resolver can tell it is the result of wildcard
   substitution.  If the RR owner name appears to be shorter than the
   labels count, the SIG RR must be considered corrupt and ignored.  The
   maximum number of labels allowed in the current DNS is 127 but the
   entire octet is reserved and would be required should DNS names ever
   be expanded to 255 labels.  The following table gives some examples.
   The value of "labels" is at the top, the retrieved owner name on the
   left, and the table entry is the name to use in signature
   verification except that "bad" means the RR is corrupt.



Eastlake                    Standards Track                    [Page 18]

RFC 2535                DNS Security Extensions               March 1999


   labels= |  0  |   1  |    2   |      3   |      4   |
   --------+-----+------+--------+----------+----------+
          .|   . | bad  |  bad   |    bad   |    bad   |
         d.|  *. |   d. |  bad   |    bad   |    bad   |
       c.d.|  *. | *.d. |   c.d. |    bad   |    bad   |
     b.c.d.|  *. | *.d. | *.c.d. |   b.c.d. |    bad   |
   a.b.c.d.|  *. | *.d. | *.c.d. | *.b.c.d. | a.b.c.d. |

4.1.4 Original TTL Field

   The "original TTL" field is included in the RDATA portion to avoid
   (1) authentication problems that caching servers would otherwise
   cause by decrementing the real TTL field and (2) security problems
   that unscrupulous servers could otherwise cause by manipulating the
   real TTL field.  This original TTL is protected by the signature
   while the current TTL field is not.

   NOTE:  The "original TTL" must be restored into the covered RRs when
   the signature is verified (see Section 8).  This generaly implies
   that all RRs for a particular type, name, and class, that is, all the
   RRs in any particular RRset, must have the same TTL to start with.

4.1.5 Signature Expiration and Inception Fields

   The SIG is valid from the "signature inception" time until the
   "signature expiration" time.  Both are unsigned numbers of seconds
   since the start of 1 January 1970, GMT, ignoring leap seconds.  (See
   also Section 4.4.)  Ring arithmetic is used as for DNS SOA serial
   numbers [RFC 1982] which means that these times can never be more
   than about 68 years in the past or the future.  This means that these
   times are ambiguous modulo ~136.09 years.  However there is no
   security flaw because keys are required to be changed to new random
   keys by [RFC 2541] at least every five years.  This means that the
   probability that the same key is in use N*136.09 years later should
   be the same as the probability that a random guess will work.

   A SIG RR may have an expiration time numerically less than the
   inception time if the expiration time is near the 32 bit wrap around
   point and/or the signature is long lived.

   (To prevent misordering of network requests to update a zone
   dynamically, monotonically increasing "signature inception" times may
   be necessary.)

   A secure zone must be considered changed for SOA serial number
   purposes not only when its data is updated but also when new SIG RRs
   are inserted (ie, the zone or any part of it is re-signed).




Eastlake                    Standards Track                    [Page 19]

RFC 2535                DNS Security Extensions               March 1999


4.1.6 Key Tag Field

   The "key Tag" is a two octet quantity that is used to efficiently
   select between multiple keys which may be applicable and thus check
   that a public key about to be used for the computationally expensive
   effort to check the signature is possibly valid.  For algorithm 1
   (MD5/RSA) as defined in [RFC 2537], it is the next to the bottom two
   octets of the public key modulus needed to decode the signature
   field.  That is to say, the most significant 16 of the least
   significant 24 bits of the modulus in network (big endian) order. For
   all other algorithms, including private algorithms, it is calculated
   as a simple checksum of the KEY RR as described in Appendix C.

4.1.7 Signer's Name Field

   The "signer's name" field is the domain name of the signer generating
   the SIG RR.  This is the owner name of the public KEY RR that can be
   used to verify the signature.  It is frequently the zone which
   contained the RRset being authenticated.  Which signers should be
   authorized to sign what is a significant resolver policy question as
   discussed in Section 6. The signer's name may be compressed with
   standard DNS name compression when being transmitted over the
   network.

4.1.8 Signature Field

   The actual signature portion of the SIG RR binds the other RDATA
   fields to the RRset of the "type covered" RRs with that owner name
   and class.  This covered RRset is thereby authenticated.  To
   accomplish this, a data sequence is constructed as follows:

         data = RDATA | RR(s)...

   where "|" is concatenation,

   RDATA is the wire format of all the RDATA fields in the SIG RR itself
   (including the canonical form of the signer's name) before but not
   including the signature, and

   RR(s) is the RRset of the RR(s) of the type covered with the same
   owner name and class as the SIG RR in canonical form and order as
   defined in Section 8.

   How this data sequence is processed into the signature is algorithm
   dependent.  These algorithm dependent formats and procedures are
   described in separate documents (Section 3.2).





Eastlake                    Standards Track                    [Page 20]

RFC 2535                DNS Security Extensions               March 1999


   SIGs SHOULD NOT be included in a zone for any "meta-type" such as
   ANY, AXFR, etc. (but see section 5.6.2 with regard to IXFR).

4.1.8.1 Calculating Transaction and Request SIGs

   A response message from a security aware server may optionally
   contain a special SIG at the end of the additional information
   section to authenticate the transaction.

   This SIG has a "type covered" field of zero, which is not a valid RR
   type.  It is calculated by using a "data" (see Section 4.1.8) of the
   entire preceding DNS reply message, including DNS header but not the
   IP header and before the reply RR counts have been adjusted for the
   inclusion of any transaction SIG, concatenated with the entire DNS
   query message that produced this response, including the query's DNS
   header and any request SIGs but not its IP header.  That is

      data = full response (less transaction SIG) | full query

   Verification of the transaction SIG (which is signed by the server
   host key, not the zone key) by the requesting resolver shows that the
   query and response were not tampered with in transit, that the
   response corresponds to the intended query, and that the response
   comes from the queried server.

   A DNS request may be optionally signed by including one or more SIGs
   at the end of the query. Such SIGs are identified by having a "type
   covered" field of zero. They sign the preceding DNS request message
   including DNS header but not including the IP header or any request
   SIGs at the end and before the request RR counts have been adjusted
   for the inclusions of any request SIG(s).

   WARNING: Request SIGs are unnecessary for any currently defined
   request other than update [RFC 2136, 2137] and will cause some old
   DNS servers to give an error return or ignore a query.  However, such
   SIGs may in the future be needed for other requests.

   Except where needed to authenticate an update or similar privileged
   request, servers are not required to check request SIGs.

4.2 SIG RRs in the Construction of Responses

   Security aware DNS servers SHOULD, for every authenticated RRset the
   query will return, attempt to send the available SIG RRs which
   authenticate the requested RRset.  The following rules apply to the
   inclusion of SIG RRs in responses:





Eastlake                    Standards Track                    [Page 21]

RFC 2535                DNS Security Extensions               March 1999