📄 rfc1034.txt
字号:
RFC 1034 Domain Concepts and Facilities November 1987 - Queries contain a bit called recursion desired or RD. This bit specifies specifies whether the requester wants recursive service for this query. Clients may request recursive service from any name server, though they should depend upon receiving it only from servers which have previously sent an RA, or servers which have agreed to provide service through private agreement or some other means outside of the DNS protocol.The recursive mode occurs when a query with RD set arrives at a serverwhich is willing to provide recursive service; the client can verifythat recursive mode was used by checking that both RA and RD are set inthe reply. Note that the name server should never perform recursiveservice unless asked via RD, since this interferes with trouble shootingof name servers and their databases.If recursive service is requested and available, the recursive responseto a query will be one of the following: - The answer to the query, possibly preface by one or more CNAME RRs that specify aliases encountered on the way to an answer. - A name error indicating that the name does not exist. This may include CNAME RRs that indicate that the original query name was an alias for a name which does not exist. - A temporary error indication.If recursive service is not requested or is not available, the non-recursive response will be one of the following: - An authoritative name error indicating that the name does not exist. - A temporary error indication. - Some combination of: RRs that answer the question, together with an indication whether the data comes from a zone or is cached. A referral to name servers which have zones which are closer ancestors to the name than the server sending the reply. - RRs that the name server thinks will prove useful to the requester.Mockapetris [Page 23]
RFC 1034 Domain Concepts and Facilities November 19874.3.2. AlgorithmThe actual algorithm used by the name server will depend on the local OSand data structures used to store RRs. The following algorithm assumesthat the RRs are organized in several tree structures, one for eachzone, and another for the cache: 1. Set or clear the value of recursion available in the response depending on whether the name server is willing to provide recursive service. If recursive service is available and requested via the RD bit in the query, go to step 5, otherwise step 2. 2. Search the available zones for the zone which is the nearest ancestor to QNAME. If such a zone is found, go to step 3, otherwise step 4. 3. Start matching down, label by label, in the zone. The matching process can terminate several ways: a. If the whole of QNAME is matched, we have found the node. If the data at the node is a CNAME, and QTYPE doesn't match CNAME, copy the CNAME RR into the answer section of the response, change QNAME to the canonical name in the CNAME RR, and go back to step 1. Otherwise, copy all RRs which match QTYPE into the answer section and go to step 6. b. If a match would take us out of the authoritative data, we have a referral. This happens when we encounter a node with NS RRs marking cuts along the bottom of a zone. Copy the NS RRs for the subzone into the authority section of the reply. Put whatever addresses are available into the additional section, using glue RRs if the addresses are not available from authoritative data or the cache. Go to step 4. c. If at some label, a match is impossible (i.e., the corresponding label does not exist), look to see if a the "*" label exists. If the "*" label does not exist, check whether the name we are looking for is the original QNAME in the queryMockapetris [Page 24]
RFC 1034 Domain Concepts and Facilities November 1987 or a name we have followed due to a CNAME. If the name is original, set an authoritative name error in the response and exit. Otherwise just exit. If the "*" label does exist, match RRs at that node against QTYPE. If any match, copy them into the answer section, but set the owner of the RR to be QNAME, and not the node with the "*" label. Go to step 6. 4. Start matching down in the cache. If QNAME is found in the cache, copy all RRs attached to it that match QTYPE into the answer section. If there was no delegation from authoritative data, look for the best one from the cache, and put it in the authority section. Go to step 6. 5. Using the local resolver or a copy of its algorithm (see resolver section of this memo) to answer the query. Store the results, including any intermediate CNAMEs, in the answer section of the response. 6. Using local data only, attempt to add other RRs which may be useful to the additional section of the query. Exit.4.3.3. WildcardsIn the previous algorithm, special treatment was given to RRs with ownernames starting with the label "*". Such RRs are called wildcards.Wildcard RRs can be thought of as instructions for synthesizing RRs.When the appropriate conditions are met, the name server creates RRswith an owner name equal to the query name and contents taken from thewildcard RRs.This facility is most often used to create a zone which will be used toforward mail from the Internet to some other mail system. The generalidea is that any name in that zone which is presented to server in aquery will be assumed to exist, with certain properties, unless explicitevidence exists to the contrary. Note that the use of the term zonehere, instead of domain, is intentional; such defaults do not propagateacross zone boundaries, although a subzone may choose to achieve thatappearance by setting up similar defaults.The contents of the wildcard RRs follows the usual rules and formats forRRs. The wildcards in the zone have an owner name that controls thequery names they will match. The owner name of the wildcard RRs is ofthe form "*.<anydomain>", where <anydomain> is any domain name.<anydomain> should not contain other * labels, and should be in theauthoritative data of the zone. The wildcards potentially apply todescendants of <anydomain>, but not to <anydomain> itself. Another wayMockapetris [Page 25]
RFC 1034 Domain Concepts and Facilities November 1987to look at this is that the "*" label always matches at least one wholelabel and sometimes more, but always whole labels.Wildcard RRs do not apply: - When the query is in another zone. That is, delegation cancels the wildcard defaults. - When the query name or a name between the wildcard domain and the query name is know to exist. For example, if a wildcard RR has an owner name of "*.X", and the zone also contains RRs attached to B.X, the wildcards would apply to queries for name Z.X (presuming there is no explicit information for Z.X), but not to B.X, A.B.X, or X.A * label appearing in a query name has no special effect, but can beused to test for wildcards in an authoritative zone; such a query is theonly way to get a response containing RRs with an owner name with * init. The result of such a query should not be cached.Note that the contents of the wildcard RRs are not modified when used tosynthesize RRs.To illustrate the use of wildcard RRs, suppose a large company with alarge, non-IP/TCP, network wanted to create a mail gateway. If thecompany was called X.COM, and IP/TCP capable gateway machine was calledA.X.COM, the following RRs might be entered into the COM zone: X.COM MX 10 A.X.COM *.X.COM MX 10 A.X.COM A.X.COM A 1.2.3.4 A.X.COM MX 10 A.X.COM *.A.X.COM MX 10 A.X.COMThis would cause any MX query for any domain name ending in X.COM toreturn an MX RR pointing at A.X.COM. Two wildcard RRs are requiredsince the effect of the wildcard at *.X.COM is inhibited in the A.X.COMsubtree by the explicit data for A.X.COM. Note also that the explicitMX data at X.COM and A.X.COM is required, and that none of the RRs abovewould match a query name of XX.COM.4.3.4. Negative response caching (Optional)The DNS provides an optional service which allows name servers todistribute, and resolvers to cache, negative results with TTLs. ForMockapetris [Page 26]
RFC 1034 Domain Concepts and Facilities November 1987example, a name server can distribute a TTL along with a name errorindication, and a resolver receiving such information is allowed toassume that the name does not exist during the TTL period withoutconsulting authoritative data. Similarly, a resolver can make a querywith a QTYPE which matches multiple types, and cache the fact that someof the types are not present.This feature can be particularly important in a system which implementsnaming shorthands that use search lists beacuse a popular shorthand,which happens to require a suffix toward the end of the search list,will generate multiple name errors whenever it is used.The method is that a name server may add an SOA RR to the additionalsection of a response when that response is authoritative. The SOA mustbe that of the zone which was the source of the authoritative data inthe answer section, or name error if applicable. The MINIMUM field ofthe SOA controls the length of time that the negative result may becached.Note that in some circumstances, the answer section may contain multipleowner names. In this case, the SOA mechanism should only be used forthe data which matches QNAME, which is the only authoritative data inthis section.Name servers and resolvers should never attempt to add SOAs to theadditional section of a non-authoritative response, or attempt to inferresults which are not directly stated in an authoritative response.There are several reasons for this, including: cached information isn'tusually enough to match up RRs and their zone names, SOA RRs may becached due to direct SOA queries, and name servers are not required tooutput the SOAs in the authority section.This feature is optional, although a refined version is expected tobecome part of the standard protocol in the future. Name servers arenot required to add the SOA RRs in all authoritative responses, nor areresolvers required to cache negative results. Both are recommended.All resolvers and recursive name servers are required to at least beable to ignore the SOA RR when it is present in a response.Some experiments have also been proposed which will use this feature.The idea is that if cached data is known to come from a particular zone,and if an authoritative copy of the zone's SOA is obtained, and if thezone's SERIAL has not changed since the data was cached, then the TTL ofthe cached data can be reset to the zone MINIMUM value if it is smaller.This usage is mentioned for planning purposes only, and is notrecommended as yet.Mockapetris [Page 27]
RFC 1034 Domain Concepts and Facilities November 19874.3.5. Zone maintenance and transfersPart of the job of a zone administrator is to maintain the zones at allof the name servers which are authoritative for the zone. When theinevitable changes are made, they must be distributed to all of the nameservers. While this distribution can be accomplished using FTP or someother ad hoc procedure, the preferred method is the zone transfer partof the DNS protocol.The general model of automatic zone transfer or refreshing is that oneof the name servers is the master or primary for the zone. Changes arecoordinated at the primary, typically by editing a master file for thezone. After editing, the administrator signals the master server toload the new zone. The other non-master or secondary servers for thezone periodically check for changes (at a selectable interval) andobtain new zone copies when changes have been made.To detect changes, secondaries just check the SERIAL field of the SOAfor the zone. In addition to whatever other changes are made, theSERIAL field in the SOA of the zone is always advanced whenever anychange is made to the zone. The advancing can be a simple increment, orcould be based on the write date and time of the master file, etc. Thepurpose is ⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -