RFC 8499
DNS Terminology
Internet Engineering Task Force (IETF) P. Hoffman Request for Comments: 8499 ICANN BCP: 219 A. Sullivan Obsoletes: 7719 Updates: 2308 K. Fujiwara Category: Best Current Practice JPRS ISSN: 2070-1721 January 2019 DNS TerminologyAbstract
The Domain Name System (DNS) is defined in literally dozens of different RFCs. The terminology used by implementers and developers of DNS protocols, and by operators of DNS systems, has sometimes changed in the decades since the DNS was first defined. This document gives current definitions for many of the terms used in the DNS in a single document. This document obsoletes RFC 7719 and updates RFC 2308. Status of This Memo This memo documents an Internet Best Current Practice. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on BCPs is available in Section 2 of RFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc8499.
Copyright Notice Copyright (c) 2019 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Names . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. DNS Response Codes . . . . . . . . . . . . . . . . . . . . . 10 4. DNS Transactions . . . . . . . . . . . . . . . . . . . . . . 11 5. Resource Records . . . . . . . . . . . . . . . . . . . . . . 14 6. DNS Servers and Clients . . . . . . . . . . . . . . . . . . . 16 7. Zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 8. Wildcards . . . . . . . . . . . . . . . . . . . . . . . . . . 27 9. Registration Model . . . . . . . . . . . . . . . . . . . . . 28 10. General DNSSEC . . . . . . . . . . . . . . . . . . . . . . . 30 11. DNSSEC States . . . . . . . . . . . . . . . . . . . . . . . . 34 12. Security Considerations . . . . . . . . . . . . . . . . . . . 36 13. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 36 14. References . . . . . . . . . . . . . . . . . . . . . . . . . 36 14.1. Normative References . . . . . . . . . . . . . . . . . . 36 14.2. Informative References . . . . . . . . . . . . . . . . . 39 Appendix A. Definitions Updated by This Document . . . . . . . . 44 Appendix B. Definitions First Defined in This Document . . . . . 44 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 50 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 50
1. Introduction
The Domain Name System (DNS) is a simple query-response protocol whose messages in both directions have the same format. (Section 2 gives a definition of "public DNS", which is often what people mean when they say "the DNS".) The protocol and message format are defined in [RFC1034] and [RFC1035]. These RFCs defined some terms, and later documents defined others. Some of the terms from [RFC1034] and [RFC1035] have somewhat different meanings now than they did in 1987. This document contains a collection of a wide variety of DNS-related terms, organized loosely by topic. Some of them have been precisely defined in earlier RFCs, some have been loosely defined in earlier RFCs, and some are not defined in an earlier RFC at all. Other organizations sometimes define DNS-related terms their own way. For example, the WHATWG defines "domain" at <https://url.spec.whatwg.org/>. The Root Server System Advisory Committee (RSSAC) has a good lexicon [RSSAC026]. Most of the definitions listed here represent the consensus definition of the DNS community -- both protocol developers and operators. Some of the definitions differ from earlier RFCs, and those differences are noted. In this document, where the consensus definition is the same as the one in an RFC, that RFC is quoted. Where the consensus definition has changed somewhat, the RFC is mentioned but the new stand-alone definition is given. See Appendix A for a list of the definitions that this document updates. It is important to note that, during the development of this document, it became clear that some DNS-related terms are interpreted quite differently by different DNS experts. Further, some terms that are defined in early DNS RFCs now have definitions that are generally agreed to, but that are different from the original definitions. Therefore, this document is a substantial revision to [RFC7719]. Note that there is no single consistent definition of "the DNS". It can be considered to be some combination of the following: a commonly used naming scheme for objects on the Internet; a distributed database representing the names and certain properties of these objects; an architecture providing distributed maintenance, resilience, and loose coherency for this database; and a simple query-response protocol (as mentioned below) implementing this architecture. Section 2 defines "global DNS" and "private DNS" as a way to deal with these differing definitions.
Capitalization in DNS terms is often inconsistent among RFCs and various DNS practitioners. The capitalization used in this document is a best guess at current practices, and is not meant to indicate that other capitalization styles are wrong or archaic. In some cases, multiple styles of capitalization are used for the same term due to quoting from different RFCs. Readers should note that the terms in this document are grouped by topic. Someone who is not already familiar with the DNS probably cannot learn about the DNS from scratch by reading this document from front to back. Instead, skipping around may be the only way to get enough context to understand some of the definitions. This document has an index that might be useful for readers who are attempting to learn the DNS by reading this document.2. Names
Naming system: A naming system associates names with data. Naming systems have many significant facets that help differentiate them from each other. Some commonly identified facets include: * Composition of names * Format of names * Administration of names * Types of data that can be associated with names * Types of metadata for names * Protocol for getting data from a name * Context for resolving a name Note that this list is a small subset of facets that people have identified over time for naming systems, and the IETF has yet to agree on a good set of facets that can be used to compare naming systems. For example, other facets might include "protocol to update data in a name", "privacy of names", and "privacy of data associated with names", but those are not as well defined as the ones listed above. The list here is chosen because it helps describe the DNS and naming systems similar to the DNS.
Domain name: An ordered list of one or more labels.
Note that this is a definition independent of the DNS RFCs
([RFC1034] and [RFC1035]), and the definition here also applies to
systems other than the DNS. [RFC1034] defines the "domain name
space" using mathematical trees and their nodes in graph theory,
and that definition has the same practical result as the
definition here. Any path of a directed acyclic graph can be
represented by a domain name consisting of the labels of its
nodes, ordered by decreasing distance from the root(s) (which is
the normal convention within the DNS, including this document). A
domain name whose last label identifies a root of the graph is
fully qualified; other domain names whose labels form a strict
prefix of a fully-qualified domain name are relative to its first
omitted node.
Also note that different IETF and non-IETF documents have used the
term "domain name" in many different ways. It is common for
earlier documents to use "domain name" to mean "names that match
the syntax in [RFC1035]", but possibly with additional rules such
as "and are, or will be, resolvable in the global DNS" or "but
only using the presentation format".
Label: An ordered list of zero or more octets that makes up a
portion of a domain name. Using graph theory, a label identifies
one node in a portion of the graph of all possible domain names.
Global DNS: Using the short set of facets listed in "Naming system",
the global DNS can be defined as follows. Most of the rules here
come from [RFC1034] and [RFC1035], although the term "global DNS"
has not been defined before now.
Composition of names: A name in the global DNS has one or more
labels. The length of each label is between 0 and 63 octets
inclusive. In a fully-qualified domain name, the last label in
the ordered list is 0 octets long; it is the only label whose
length may be 0 octets, and it is called the "root" or "root
label". A domain name in the global DNS has a maximum total
length of 255 octets in the wire format; the root represents one
octet for this calculation. (Multicast DNS [RFC6762] allows names
up to 255 bytes plus a terminating zero byte based on a different
interpretation of RFC 1035 and what is included in the 255
octets.)
Format of names: Names in the global DNS are domain names. There
are three formats: wire format, presentation format, and common
display.
The basic wire format for names in the global DNS is a list of
labels ordered by decreasing distance from the root, with the
root label last. Each label is preceded by a length octet.
[RFC1035] also defines a compression scheme that modifies this
format.
The presentation format for names in the global DNS is a list
of labels ordered by decreasing distance from the root, encoded
as ASCII, with a "." character between each label. In
presentation format, a fully-qualified domain name includes the
root label and the associated separator dot. For example, in
presentation format, a fully-qualified domain name with two
non-root labels is always shown as "example.tld." instead of
"example.tld". [RFC1035] defines a method for showing octets
that do not display in ASCII.
The common display format is used in applications and free
text. It is the same as the presentation format, but showing
the root label and the "." before it is optional and is rarely
done. For example, in common display format, a fully-qualified
domain name with two non-root labels is usually shown as
"example.tld" instead of "example.tld.". Names in the common
display format are normally written such that the
directionality of the writing system presents labels by
decreasing distance from the root (so, in both English and the
C programming language the root or Top-Level Domain (TLD) label
in the ordered list is rightmost; but in Arabic, it may be
leftmost, depending on local conventions).
Administration of names: Administration is specified by delegation
(see the definition of "delegation" in Section 7). Policies for
administration of the root zone in the global DNS are determined
by the names operational community, which convenes itself in the
Internet Corporation for Assigned Names and Numbers (ICANN). The
names operational community selects the IANA Functions Operator
for the global DNS root zone. At the time of writing, that
operator is Public Technical Identifiers (PTI). (See
<https://pti.icann.org/> for more information about PTI operating
the IANA Functions.) The name servers that serve the root zone
are provided by independent root operators. Other zones in the
global DNS have their own policies for administration.
Types of data that can be associated with names: A name can have
zero or more resource records associated with it. There are
numerous types of resource records with unique data structures
defined in many different RFCs and in the IANA registry at
[IANA_Resource_Registry].
Types of metadata for names: Any name that is published in the DNS
appears as a set of resource records (see the definition of
"RRset" in Section 5). Some names do not, themselves, have data
associated with them in the DNS, but they "appear" in the DNS
anyway because they form part of a longer name that does have data
associated with it (see the definition of "empty non-terminals" in
Section 7).
Protocol for getting data from a name: The protocol described in
[RFC1035].
Context for resolving a name: The global DNS root zone distributed
by PTI.
Private DNS: Names that use the protocol described in [RFC1035] but
that do not rely on the global DNS root zone or names that are
otherwise not generally available on the Internet but are using
the protocol described in [RFC1035]. A system can use both the
global DNS and one or more private DNS systems; for example, see
"Split DNS" in Section 6.
Note that domain names that do not appear in the DNS, and that are
intended never to be looked up using the DNS protocol, are not
part of the global DNS or a private DNS even though they are
domain names.
Multicast DNS (mDNS): "Multicast DNS (mDNS) provides the ability to
perform DNS-like operations on the local link in the absence of
any conventional Unicast DNS server. In addition, Multicast DNS
designates a portion of the DNS namespace to be free for local
use, without the need to pay any annual fee, and without the need
to set up delegations or otherwise configure a conventional DNS
server to answer for those names." (Quoted from [RFC6762],
Abstract) Although it uses a compatible wire format, mDNS is,
strictly speaking, a different protocol than DNS. Also, where the
above quote says "a portion of the DNS namespace", it would be
clearer to say "a portion of the domain name space". The names in
mDNS are not intended to be looked up in the DNS.
Locally served DNS zone: A locally served DNS zone is a special case
of private DNS. Names are resolved using the DNS protocol in a
local context. [RFC6303] defines subdomains of IN-ADDR.ARPA that
are locally served zones. Resolution of names through locally
served zones may result in ambiguous results. For example, the
same name may resolve to different results in different locally
served DNS zone contexts. The context for a locally served DNS
zone may be explicit, such as those that are listed in [RFC6303]
and [RFC7793], or implicit, such as those defined by local DNS
administration and not known to the resolution client.
Fully-Qualified Domain Name (FQDN): This is often just a clear way
of saying the same thing as "domain name of a node", as outlined
above. However, the term is ambiguous. Strictly speaking, a
fully-qualified domain name would include every label, including
the zero-length label of the root: such a name would be written
"www.example.net." (note the terminating dot). But, because every
name eventually shares the common root, names are often written
relative to the root (such as "www.example.net") and are still
called "fully qualified". This term first appeared in [RFC819].
In this document, names are often written relative to the root.
The need for the term "fully-qualified domain name" comes from the
existence of partially qualified domain names, which are names
where one or more of the last labels in the ordered list are
omitted (for example, a domain name of "www" relative to
"example.net" identifies "www.example.net"). Such relative names
are understood only by context.
Host name: This term and its equivalent, "hostname", have been
widely used but are not defined in [RFC1034], [RFC1035],
[RFC1123], or [RFC2181]. The DNS was originally deployed into the
Host Tables environment as outlined in [RFC952], and it is likely
that the term followed informally from the definition there. Over
time, the definition seems to have shifted. "Host name" is often
meant to be a domain name that follows the rules in Section 3.5 of
[RFC1034], which is also called the "preferred name syntax". (In
that syntax, every character in each label is a letter, a digit,
or a hyphen). Note that any label in a domain name can contain
any octet value; hostnames are generally considered to be domain
names where every label follows the rules in the "preferred name
syntax", with the amendment that labels can start with ASCII
digits (this amendment comes from Section 2.1 of [RFC1123]).
People also sometimes use the term "hostname" to refer to just the
first label of an FQDN, such as "printer" in
"printer.admin.example.com". (Sometimes this is formalized in
configuration in operating systems.) In addition, people
sometimes use this term to describe any name that refers to a
machine, and those might include labels that do not conform to the
"preferred name syntax".
Top-Level Domain (TLD): A Top-Level Domain is a zone that is one
layer below the root, such as "com" or "jp". There is nothing
special, from the point of view of the DNS, about TLDs. Most of
them are also delegation-centric zones (defined in Section 7), and
there are significant policy issues around their operation. TLDs
are often divided into sub-groups such as Country Code Top-Level
Domains (ccTLDs), Generic Top-Level Domains (gTLDs), and others;
the division is a matter of policy and beyond the scope of this
document.
Internationalized Domain Name (IDN): The Internationalized Domain
Names for Applications (IDNA) protocol is the standard mechanism
for handling domain names with non-ASCII characters in
applications in the DNS. The current standard at the time of this
writing, normally called "IDNA2008", is defined in [RFC5890],
[RFC5891], [RFC5892], [RFC5893], and [RFC5894]. These documents
define many IDN-specific terms such as "LDH label", "A-label", and
"U-label". [RFC6365] defines more terms that relate to
internationalization (some of which relate to IDNs); [RFC6055] has
a much more extensive discussion of IDNs, including some new
terminology.
Subdomain: "A domain is a subdomain of another domain if it is
contained within that domain. This relationship can be tested by
seeing if the subdomain's name ends with the containing domain's
name." (Quoted from [RFC1034], Section 3.1) For example, in the
host name "nnn.mmm.example.com", both "mmm.example.com" and
"nnn.mmm.example.com" are subdomains of "example.com". Note that
the comparisons here are done on whole labels; that is,
"ooo.example.com" is not a subdomain of "oo.example.com".
Alias: The owner of a CNAME resource record, or a subdomain of the
owner of a DNAME resource record (DNAME records are defined in
[RFC6672]). See also "canonical name".
Canonical name: A CNAME resource record "identifies its owner name
as an alias, and specifies the corresponding canonical name in the
RDATA section of the RR." (Quoted from [RFC1034], Section 3.6.2)
This usage of the word "canonical" is related to the mathematical
concept of "canonical form".
CNAME: "It has been traditional to refer to the [owner] of a CNAME
record as 'a CNAME'. This is unfortunate, as 'CNAME' is an
abbreviation of 'canonical name', and the [owner] of a CNAME
record is most certainly not a canonical name." (Quoted from
[RFC2181], Section 10.1.1. The quoted text has been changed from
"label" to "owner".)
3. DNS Response Codes
Some of the response codes (RCODEs) that are defined in [RFC1035]
have acquired their own shorthand names. All of the RCODEs are
listed at [IANA_Resource_Registry], although that list uses mixed-
case capitalization, while most documents use all caps. Some of the
common names for values defined in [RFC1035] are described in this
section. This section also includes an additional RCODE and a
general definition. The official list of all RCODEs is in the IANA
registry.
NOERROR: This RCODE appears as "No error condition" in Section 4.1.1
of [RFC1035].
FORMERR: This RCODE appears as "Format error - The name server was
unable to interpret the query" in Section 4.1.1 of [RFC1035].
SERVFAIL: This RCODE appears as "Server failure - The name server
was unable to process this query due to a problem with the name
server" in Section 4.1.1 of [RFC1035].
NXDOMAIN: This RCODE appears as "Name Error [...] this code
signifies that the domain name referenced in the query does not
exist." in Section 4.1.1 of [RFC1035]. [RFC2308] established
NXDOMAIN as a synonym for Name Error.
NOTIMP: This RCODE appears as "Not Implemented - The name server
does not support the requested kind of query" in Section 4.1.1 of
[RFC1035].
REFUSED: This RCODE appears as "Refused - The name server refuses to
perform the specified operation for policy reasons. For example,
a name server may not wish to provide the information to the
particular requester, or a name server may not wish to perform a
particular operation (e.g., zone transfer) for particular data."
in Section 4.1.1 of [RFC1035].
NODATA: "A pseudo RCODE which indicates that the name is valid, for
the given class, but [there] are no records of the given type. A
NODATA response has to be inferred from the answer." (Quoted from
[RFC2308], Section 1) "NODATA is indicated by an answer with the
RCODE set to NOERROR and no relevant answers in the Answer
section. The authority section will contain an SOA record, or
there will be no NS records there." (Quoted from [RFC2308],
Section 2.2) Note that referrals have a similar format to NODATA
replies; [RFC2308] explains how to distinguish them.
The term "NXRRSET" is sometimes used as a synonym for NODATA.
However, this is a mistake, given that NXRRSET is a specific error
code defined in [RFC2136].
Negative response: A response that indicates that a particular RRset
does not exist or whose RCODE indicates that the nameserver cannot
answer. Sections 2 and 7 of [RFC2308] describe the types of
negative responses in detail.
4. DNS Transactions
The header of a DNS message is its first 12 octets. Many of the
fields and flags in the diagrams in Sections 4.1.1 through 4.1.3 of
[RFC1035] are referred to by their names in each diagram. For
example, the response codes are called "RCODEs", the data for a
record is called the "RDATA", and the authoritative answer bit is
often called "the AA flag" or "the AA bit".
Class: A class "identifies a protocol family or instance of a
protocol". (Quoted from [RFC1034], Section 3.6) "The DNS tags all
data with a class as well as the type, so that we can allow
parallel use of different formats for data of type address."
(Quoted from [RFC1034], Section 2.2) In practice, the class for
nearly every query is "IN" (the Internet). There are some queries
for "CH" (the Chaos class), but they are usually for the purposes
of information about the server itself rather than for a different
type of address.
QNAME: The most commonly used rough definition is that the QNAME is
a field in the Question section of a query. "A standard query
specifies a target domain name (QNAME), query type (QTYPE), and
query class (QCLASS) and asks for RRs which match." (Quoted from
[RFC1034], Section 3.7.1) Strictly speaking, the definition comes
from [RFC1035], Section 4.1.2, where the QNAME is defined in
respect of the Question section. This definition appears to be
applied consistently: the discussion of inverse queries in
Section 6.4.1 refers to the "owner name of the query RR and its
TTL", because inverse queries populate the Answer section and
leave the Question section empty. (Inverse queries are deprecated
in [RFC3425]; thus, relevant definitions do not appear in this
document.)
However, [RFC2308] has an alternate definition that puts the QNAME
in the answer (or series of answers) instead of the query. It
defines QNAME as "...the name in the query section of an answer,
or where this resolves to a CNAME, or CNAME chain, the data field
of the last CNAME. The last CNAME in this sense is that which
contains a value which does not resolve to another CNAME." This
definition has a certain internal logic, because of the way CNAME
substitution works and the definition of CNAME. If a name server
does not find an RRset that matches a query, but does find the
same name in the same class with a CNAME record, then the name
server "includes the CNAME record in the response and restarts the
query at the domain name specified in the data field of the CNAME
record." (Quoted from [RFC1034], Section 3.6.2) This is made
explicit in the resolution algorithm outlined in Section 4.3.2 of
[RFC1034], which says to "change QNAME to the canonical name in
the CNAME RR, and go back to step 1" in the case of a CNAME RR.
Since a CNAME record explicitly declares that the owner name is
canonically named what is in the RDATA, then there is a way to
view the new name (i.e., the name that was in the RDATA of the
CNAME RR) as also being the QNAME.
However, this creates a kind of confusion because the response to
a query that results in CNAME processing contains in the echoed
Question section one QNAME (the name in the original query) and a
second QNAME that is in the data field of the last CNAME. The
confusion comes from the iterative/recursive mode of resolution,
which finally returns an answer that need not actually have the
same owner name as the QNAME contained in the original query.
To address this potential confusion, it is helpful to distinguish
between three meanings:
* QNAME (original): The name actually sent in the Question
section in the original query, which is always echoed in the
(final) reply in the Question section when the QR bit is set to
1.
* QNAME (effective): A name actually resolved, which is either
the name originally queried or a name received in a CNAME chain
response.
* QNAME (final): The name actually resolved, which is either the
name actually queried or else the last name in a CNAME chain
response.
Note that, because the definition in [RFC2308] is actually for a
different concept than what was in [RFC1034], it would have been
better if [RFC2308] had used a different name for that concept.
In general use today, QNAME almost always means what is defined
above as "QNAME (original)".
Referrals: A type of response in which a server, signaling that it
is not (completely) authoritative for an answer, provides the
querying resolver with an alternative place to send its query.
Referrals can be partial.
A referral arises when a server is not performing recursive
service while answering a query. It appears in step 3(b) of the
algorithm in [RFC1034], Section 4.3.2.
There are two types of referral response. The first is a downward
referral (sometimes described as "delegation response"), where the
server is authoritative for some portion of the QNAME. The
authority section RRset's RDATA contains the name servers
specified at the referred-to zone cut. In normal DNS operation,
this kind of response is required in order to find names beneath a
delegation. The bare use of "referral" means this kind of
referral, and many people believe that this is the only legitimate
kind of referral in the DNS.
The second is an upward referral (sometimes described as "root
referral"), where the server is not authoritative for any portion
of the QNAME. When this happens, the referred-to zone in the
authority section is usually the root zone ("."). In normal DNS
operation, this kind of response is not required for resolution or
for correctly answering any query. There is no requirement that
any server send upward referrals. Some people regard upward
referrals as a sign of a misconfiguration or error. Upward
referrals always need some sort of qualifier (such as "upward" or
"root") and are never identified simply by the word "referral".
A response that has only a referral contains an empty answer
section. It contains the NS RRset for the referred-to zone in the
Authority section. It may contain RRs that provide addresses in
the additional section. The AA bit is clear.
In the case where the query matches an alias, and the server is
not authoritative for the target of the alias but is authoritative
for some name above the target of the alias, the resolution
algorithm will produce a response that contains both the
authoritative answer for the alias and a referral. Such a partial
answer and referral response has data in the Answer section. It
has the NS RRset for the referred-to zone in the Authority
section. It may contain RRs that provide addresses in the
additional section. The AA bit is set, because the first name in
the Answer section matches the QNAME and the server is
authoritative for that answer (see [RFC1035], Section 4.1.1).
5. Resource Records
RR: An acronym for resource record. (See [RFC1034], Section 3.6.)
RRset: A set of resource records "with the same label, class and
type, but with different data" (according to [RFC2181],
Section 5). Also written as "RRSet" in some documents. As a
clarification, "same label" in this definition means "same owner
name". In addition, [RFC2181] states that "the TTLs of all RRs in
an RRSet must be the same".
Note that RRSIG resource records do not match this definition.
[RFC4035] says:
An RRset MAY have multiple RRSIG RRs associated with it. Note
that as RRSIG RRs are closely tied to the RRsets whose
signatures they contain, RRSIG RRs, unlike all other DNS RR
types, do not form RRsets. In particular, the TTL values among
RRSIG RRs with a common owner name do not follow the RRset
rules described in [RFC2181].
Master file: "Master files are text files that contain RRs in text
form. Since the contents of a zone can be expressed in the form
of a list of RRs a master file is most often used to define a
zone, though it can be used to list a cache's contents." (Quoted
from [RFC1035], Section 5) Master files are sometimes called "zone
files".
Presentation format: The text format used in master files. This
format is shown but not formally defined in [RFC1034] or
[RFC1035]. The term "presentation format" first appears in
[RFC4034].
EDNS: The extension mechanisms for DNS, defined in [RFC6891].
Sometimes called "EDNS0" or "EDNS(0)" to indicate the version
number. EDNS allows DNS clients and servers to specify message
sizes larger than the original 512 octet limit, to expand the
response code space and to carry additional options that affect
the handling of a DNS query.
OPT: A pseudo-RR (sometimes called a "meta-RR") that is used only to
contain control information pertaining to the question-and-answer
sequence of a specific transaction. (Definition paraphrased from
[RFC6891], Section 6.1.1.) It is used by EDNS.
Owner: "The domain name where the RR is found." (Quoted from
[RFC1034], Section 3.6) Often appears in the term "owner name".
SOA field names: DNS documents, including the definitions here,
often refer to the fields in the RDATA of an SOA resource record
by field name. "SOA" stands for "start of a zone of authority".
Those fields are defined in Section 3.3.13 of [RFC1035]. The
names (in the order they appear in the SOA RDATA) are MNAME,
RNAME, SERIAL, REFRESH, RETRY, EXPIRE, and MINIMUM. Note that the
meaning of the MINIMUM field is updated in Section 4 of [RFC2308];
the new definition is that the MINIMUM field is only "the TTL to
be used for negative responses". This document tends to use field
names instead of terms that describe the fields.
TTL: The maximum "time to live" of a resource record. "A TTL value
is an unsigned number, with a minimum value of 0, and a maximum
value of 2147483647. That is, a maximum of 2^31 - 1. When
transmitted, this value shall be encoded in the less significant
31 bits of the 32 bit TTL field, with the most significant, or
sign, bit set to zero." (Quoted from [RFC2181], Section 8) (Note
that [RFC1035] erroneously stated that this is a signed integer;
that was fixed by [RFC2181].)
The TTL "specifies the time interval that the resource record may
be cached before the source of the information should again be
consulted." (Quoted from [RFC1035], Section 3.2.1) Section 4.1.3
of the same document states: "the time interval (in seconds) that
the resource record may be cached before it should be discarded".
Despite being defined for a resource record, the TTL of every
resource record in an RRset is required to be the same ([RFC2181],
Section 5.2).
The reason that the TTL is the maximum time to live is that a
cache operator might decide to shorten the time to live for
operational purposes, such as if there is a policy to disallow TTL
values over a certain number. Some servers are known to ignore
the TTL on some RRsets (such as when the authoritative data has a
very short TTL) even though this is against the advice in RFC
1035. An RRset can be flushed from the cache before the end of
the TTL interval, at which point, the value of the TTL becomes
unknown because the RRset with which it was associated no longer
exists.
There is also the concept of a "default TTL" for a zone, which can
be a configuration parameter in the server software. This is
often expressed by a default for the entire server, and a default
for a zone using the $TTL directive in a zone file. The $TTL
directive was added to the master file format by [RFC2308].
Class independent: A resource record type whose syntax and semantics
are the same for every DNS class. A resource record type that is
not class independent has different meanings depending on the DNS
class of the record, or the meaning is undefined for some class.
Most resource record types are defined for class 1 (IN, the
Internet), but many are undefined for other classes.
Address records: Records whose type is A or AAAA. [RFC2181]
informally defines these as "(A, AAAA, etc)". Note that new types
of address records could be defined in the future.
(page 16 continued on part 2)
