Tech-invite3GPPspaceIETF RFCsSIP
93929190898887868584838281807978777675747372717069686766656463626160595857565554535251504948474645444342414039383736353433323130292827262524232221201918171615141312111009080706050403020100
in Index   Prev   Next

RFC 8499

DNS Terminology

Pages: 50
Best Current Practice: 219
Obsoletes:  7719
Updates:  2308
Part 1 of 4 – Pages 1 to 16
None   None   Next

Top   ToC   RFC8499 - Page 1
Internet Engineering Task Force (IETF)                        P. Hoffman
Request for Comments: 8499                                         ICANN
BCP: 219                                                     A. Sullivan
Obsoletes: 7719
Updates: 2308                                                K. Fujiwara
Category: Best Current Practice                                     JPRS
ISSN: 2070-1721                                             January 2019


                            DNS Terminology

Abstract

The Domain Name System (DNS) is defined in literally dozens of different RFCs. The terminology used by implementers and developers of DNS protocols, and by operators of DNS systems, has sometimes changed in the decades since the DNS was first defined. This document gives current definitions for many of the terms used in the DNS in a single document. This document obsoletes RFC 7719 and updates RFC 2308. Status of This Memo This memo documents an Internet Best Current Practice. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on BCPs is available in Section 2 of RFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc8499.
Top   ToC   RFC8499 - Page 2
Copyright Notice

   Copyright (c) 2019 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Names . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. DNS Response Codes . . . . . . . . . . . . . . . . . . . . . 10 4. DNS Transactions . . . . . . . . . . . . . . . . . . . . . . 11 5. Resource Records . . . . . . . . . . . . . . . . . . . . . . 14 6. DNS Servers and Clients . . . . . . . . . . . . . . . . . . . 16 7. Zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 8. Wildcards . . . . . . . . . . . . . . . . . . . . . . . . . . 27 9. Registration Model . . . . . . . . . . . . . . . . . . . . . 28 10. General DNSSEC . . . . . . . . . . . . . . . . . . . . . . . 30 11. DNSSEC States . . . . . . . . . . . . . . . . . . . . . . . . 34 12. Security Considerations . . . . . . . . . . . . . . . . . . . 36 13. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 36 14. References . . . . . . . . . . . . . . . . . . . . . . . . . 36 14.1. Normative References . . . . . . . . . . . . . . . . . . 36 14.2. Informative References . . . . . . . . . . . . . . . . . 39 Appendix A. Definitions Updated by This Document . . . . . . . . 44 Appendix B. Definitions First Defined in This Document . . . . . 44 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 50 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 50
Top   ToC   RFC8499 - Page 3

1. Introduction

The Domain Name System (DNS) is a simple query-response protocol whose messages in both directions have the same format. (Section 2 gives a definition of "public DNS", which is often what people mean when they say "the DNS".) The protocol and message format are defined in [RFC1034] and [RFC1035]. These RFCs defined some terms, and later documents defined others. Some of the terms from [RFC1034] and [RFC1035] have somewhat different meanings now than they did in 1987. This document contains a collection of a wide variety of DNS-related terms, organized loosely by topic. Some of them have been precisely defined in earlier RFCs, some have been loosely defined in earlier RFCs, and some are not defined in an earlier RFC at all. Other organizations sometimes define DNS-related terms their own way. For example, the WHATWG defines "domain" at <https://url.spec.whatwg.org/>. The Root Server System Advisory Committee (RSSAC) has a good lexicon [RSSAC026]. Most of the definitions listed here represent the consensus definition of the DNS community -- both protocol developers and operators. Some of the definitions differ from earlier RFCs, and those differences are noted. In this document, where the consensus definition is the same as the one in an RFC, that RFC is quoted. Where the consensus definition has changed somewhat, the RFC is mentioned but the new stand-alone definition is given. See Appendix A for a list of the definitions that this document updates. It is important to note that, during the development of this document, it became clear that some DNS-related terms are interpreted quite differently by different DNS experts. Further, some terms that are defined in early DNS RFCs now have definitions that are generally agreed to, but that are different from the original definitions. Therefore, this document is a substantial revision to [RFC7719]. Note that there is no single consistent definition of "the DNS". It can be considered to be some combination of the following: a commonly used naming scheme for objects on the Internet; a distributed database representing the names and certain properties of these objects; an architecture providing distributed maintenance, resilience, and loose coherency for this database; and a simple query-response protocol (as mentioned below) implementing this architecture. Section 2 defines "global DNS" and "private DNS" as a way to deal with these differing definitions.
Top   ToC   RFC8499 - Page 4
   Capitalization in DNS terms is often inconsistent among RFCs and
   various DNS practitioners.  The capitalization used in this document
   is a best guess at current practices, and is not meant to indicate
   that other capitalization styles are wrong or archaic.  In some
   cases, multiple styles of capitalization are used for the same term
   due to quoting from different RFCs.

   Readers should note that the terms in this document are grouped by
   topic.  Someone who is not already familiar with the DNS probably
   cannot learn about the DNS from scratch by reading this document from
   front to back.  Instead, skipping around may be the only way to get
   enough context to understand some of the definitions.  This document
   has an index that might be useful for readers who are attempting to
   learn the DNS by reading this document.

2. Names

Naming system: A naming system associates names with data. Naming systems have many significant facets that help differentiate them from each other. Some commonly identified facets include: * Composition of names * Format of names * Administration of names * Types of data that can be associated with names * Types of metadata for names * Protocol for getting data from a name * Context for resolving a name Note that this list is a small subset of facets that people have identified over time for naming systems, and the IETF has yet to agree on a good set of facets that can be used to compare naming systems. For example, other facets might include "protocol to update data in a name", "privacy of names", and "privacy of data associated with names", but those are not as well defined as the ones listed above. The list here is chosen because it helps describe the DNS and naming systems similar to the DNS.
Top   ToC   RFC8499 - Page 5
   Domain name:  An ordered list of one or more labels.

      Note that this is a definition independent of the DNS RFCs
      ([RFC1034] and [RFC1035]), and the definition here also applies to
      systems other than the DNS.  [RFC1034] defines the "domain name
      space" using mathematical trees and their nodes in graph theory,
      and that definition has the same practical result as the
      definition here.  Any path of a directed acyclic graph can be
      represented by a domain name consisting of the labels of its
      nodes, ordered by decreasing distance from the root(s) (which is
      the normal convention within the DNS, including this document).  A
      domain name whose last label identifies a root of the graph is
      fully qualified; other domain names whose labels form a strict
      prefix of a fully-qualified domain name are relative to its first
      omitted node.

      Also note that different IETF and non-IETF documents have used the
      term "domain name" in many different ways.  It is common for
      earlier documents to use "domain name" to mean "names that match
      the syntax in [RFC1035]", but possibly with additional rules such
      as "and are, or will be, resolvable in the global DNS" or "but
      only using the presentation format".

   Label:  An ordered list of zero or more octets that makes up a
      portion of a domain name.  Using graph theory, a label identifies
      one node in a portion of the graph of all possible domain names.

   Global DNS:  Using the short set of facets listed in "Naming system",
      the global DNS can be defined as follows.  Most of the rules here
      come from [RFC1034] and [RFC1035], although the term "global DNS"
      has not been defined before now.

      Composition of names: A name in the global DNS has one or more
      labels.  The length of each label is between 0 and 63 octets
      inclusive.  In a fully-qualified domain name, the last label in
      the ordered list is 0 octets long; it is the only label whose
      length may be 0 octets, and it is called the "root" or "root
      label".  A domain name in the global DNS has a maximum total
      length of 255 octets in the wire format; the root represents one
      octet for this calculation.  (Multicast DNS [RFC6762] allows names
      up to 255 bytes plus a terminating zero byte based on a different
      interpretation of RFC 1035 and what is included in the 255
      octets.)
Top   ToC   RFC8499 - Page 6
      Format of names: Names in the global DNS are domain names.  There
      are three formats: wire format, presentation format, and common
      display.

         The basic wire format for names in the global DNS is a list of
         labels ordered by decreasing distance from the root, with the
         root label last.  Each label is preceded by a length octet.
         [RFC1035] also defines a compression scheme that modifies this
         format.

         The presentation format for names in the global DNS is a list
         of labels ordered by decreasing distance from the root, encoded
         as ASCII, with a "." character between each label.  In
         presentation format, a fully-qualified domain name includes the
         root label and the associated separator dot.  For example, in
         presentation format, a fully-qualified domain name with two
         non-root labels is always shown as "example.tld." instead of
         "example.tld".  [RFC1035] defines a method for showing octets
         that do not display in ASCII.

         The common display format is used in applications and free
         text.  It is the same as the presentation format, but showing
         the root label and the "." before it is optional and is rarely
         done.  For example, in common display format, a fully-qualified
         domain name with two non-root labels is usually shown as
         "example.tld" instead of "example.tld.".  Names in the common
         display format are normally written such that the
         directionality of the writing system presents labels by
         decreasing distance from the root (so, in both English and the
         C programming language the root or Top-Level Domain (TLD) label
         in the ordered list is rightmost; but in Arabic, it may be
         leftmost, depending on local conventions).

      Administration of names: Administration is specified by delegation
      (see the definition of "delegation" in Section 7).  Policies for
      administration of the root zone in the global DNS are determined
      by the names operational community, which convenes itself in the
      Internet Corporation for Assigned Names and Numbers (ICANN).  The
      names operational community selects the IANA Functions Operator
      for the global DNS root zone.  At the time of writing, that
      operator is Public Technical Identifiers (PTI).  (See
      <https://pti.icann.org/> for more information about PTI operating
      the IANA Functions.)  The name servers that serve the root zone
      are provided by independent root operators.  Other zones in the
      global DNS have their own policies for administration.
Top   ToC   RFC8499 - Page 7
      Types of data that can be associated with names: A name can have
      zero or more resource records associated with it.  There are
      numerous types of resource records with unique data structures
      defined in many different RFCs and in the IANA registry at
      [IANA_Resource_Registry].

      Types of metadata for names: Any name that is published in the DNS
      appears as a set of resource records (see the definition of
      "RRset" in Section 5).  Some names do not, themselves, have data
      associated with them in the DNS, but they "appear" in the DNS
      anyway because they form part of a longer name that does have data
      associated with it (see the definition of "empty non-terminals" in
      Section 7).

      Protocol for getting data from a name: The protocol described in
      [RFC1035].

      Context for resolving a name: The global DNS root zone distributed
      by PTI.

   Private DNS:  Names that use the protocol described in [RFC1035] but
      that do not rely on the global DNS root zone or names that are
      otherwise not generally available on the Internet but are using
      the protocol described in [RFC1035].  A system can use both the
      global DNS and one or more private DNS systems; for example, see
      "Split DNS" in Section 6.

      Note that domain names that do not appear in the DNS, and that are
      intended never to be looked up using the DNS protocol, are not
      part of the global DNS or a private DNS even though they are
      domain names.

   Multicast DNS (mDNS):  "Multicast DNS (mDNS) provides the ability to
      perform DNS-like operations on the local link in the absence of
      any conventional Unicast DNS server.  In addition, Multicast DNS
      designates a portion of the DNS namespace to be free for local
      use, without the need to pay any annual fee, and without the need
      to set up delegations or otherwise configure a conventional DNS
      server to answer for those names."  (Quoted from [RFC6762],
      Abstract) Although it uses a compatible wire format, mDNS is,
      strictly speaking, a different protocol than DNS.  Also, where the
      above quote says "a portion of the DNS namespace", it would be
      clearer to say "a portion of the domain name space".  The names in
      mDNS are not intended to be looked up in the DNS.
Top   ToC   RFC8499 - Page 8
   Locally served DNS zone:  A locally served DNS zone is a special case
      of private DNS.  Names are resolved using the DNS protocol in a
      local context.  [RFC6303] defines subdomains of IN-ADDR.ARPA that
      are locally served zones.  Resolution of names through locally
      served zones may result in ambiguous results.  For example, the
      same name may resolve to different results in different locally
      served DNS zone contexts.  The context for a locally served DNS
      zone may be explicit, such as those that are listed in [RFC6303]
      and [RFC7793], or implicit, such as those defined by local DNS
      administration and not known to the resolution client.

   Fully-Qualified Domain Name (FQDN):  This is often just a clear way
      of saying the same thing as "domain name of a node", as outlined
      above.  However, the term is ambiguous.  Strictly speaking, a
      fully-qualified domain name would include every label, including
      the zero-length label of the root: such a name would be written
      "www.example.net." (note the terminating dot).  But, because every
      name eventually shares the common root, names are often written
      relative to the root (such as "www.example.net") and are still
      called "fully qualified".  This term first appeared in [RFC819].
      In this document, names are often written relative to the root.

      The need for the term "fully-qualified domain name" comes from the
      existence of partially qualified domain names, which are names
      where one or more of the last labels in the ordered list are
      omitted (for example, a domain name of "www" relative to
      "example.net" identifies "www.example.net").  Such relative names
      are understood only by context.

   Host name:  This term and its equivalent, "hostname", have been
      widely used but are not defined in [RFC1034], [RFC1035],
      [RFC1123], or [RFC2181].  The DNS was originally deployed into the
      Host Tables environment as outlined in [RFC952], and it is likely
      that the term followed informally from the definition there.  Over
      time, the definition seems to have shifted.  "Host name" is often
      meant to be a domain name that follows the rules in Section 3.5 of
      [RFC1034], which is also called the "preferred name syntax".  (In
      that syntax, every character in each label is a letter, a digit,
      or a hyphen).  Note that any label in a domain name can contain
      any octet value; hostnames are generally considered to be domain
      names where every label follows the rules in the "preferred name
      syntax", with the amendment that labels can start with ASCII
      digits (this amendment comes from Section 2.1 of [RFC1123]).

      People also sometimes use the term "hostname" to refer to just the
      first label of an FQDN, such as "printer" in
      "printer.admin.example.com".  (Sometimes this is formalized in
      configuration in operating systems.)  In addition, people
Top   ToC   RFC8499 - Page 9
      sometimes use this term to describe any name that refers to a
      machine, and those might include labels that do not conform to the
      "preferred name syntax".

   Top-Level Domain (TLD):  A Top-Level Domain is a zone that is one
      layer below the root, such as "com" or "jp".  There is nothing
      special, from the point of view of the DNS, about TLDs.  Most of
      them are also delegation-centric zones (defined in Section 7), and
      there are significant policy issues around their operation.  TLDs
      are often divided into sub-groups such as Country Code Top-Level
      Domains (ccTLDs), Generic Top-Level Domains (gTLDs), and others;
      the division is a matter of policy and beyond the scope of this
      document.

   Internationalized Domain Name (IDN):  The Internationalized Domain
      Names for Applications (IDNA) protocol is the standard mechanism
      for handling domain names with non-ASCII characters in
      applications in the DNS.  The current standard at the time of this
      writing, normally called "IDNA2008", is defined in [RFC5890],
      [RFC5891], [RFC5892], [RFC5893], and [RFC5894].  These documents
      define many IDN-specific terms such as "LDH label", "A-label", and
      "U-label".  [RFC6365] defines more terms that relate to
      internationalization (some of which relate to IDNs); [RFC6055] has
      a much more extensive discussion of IDNs, including some new
      terminology.

   Subdomain:  "A domain is a subdomain of another domain if it is
      contained within that domain.  This relationship can be tested by
      seeing if the subdomain's name ends with the containing domain's
      name."  (Quoted from [RFC1034], Section 3.1) For example, in the
      host name "nnn.mmm.example.com", both "mmm.example.com" and
      "nnn.mmm.example.com" are subdomains of "example.com".  Note that
      the comparisons here are done on whole labels; that is,
      "ooo.example.com" is not a subdomain of "oo.example.com".

   Alias:  The owner of a CNAME resource record, or a subdomain of the
      owner of a DNAME resource record (DNAME records are defined in
      [RFC6672]).  See also "canonical name".

   Canonical name:  A CNAME resource record "identifies its owner name
      as an alias, and specifies the corresponding canonical name in the
      RDATA section of the RR."  (Quoted from [RFC1034], Section 3.6.2)
      This usage of the word "canonical" is related to the mathematical
      concept of "canonical form".
Top   ToC   RFC8499 - Page 10
   CNAME:  "It has been traditional to refer to the [owner] of a CNAME
      record as 'a CNAME'.  This is unfortunate, as 'CNAME' is an
      abbreviation of 'canonical name', and the [owner] of a CNAME
      record is most certainly not a canonical name."  (Quoted from
      [RFC2181], Section 10.1.1.  The quoted text has been changed from
      "label" to "owner".)

3. DNS Response Codes

Some of the response codes (RCODEs) that are defined in [RFC1035] have acquired their own shorthand names. All of the RCODEs are listed at [IANA_Resource_Registry], although that list uses mixed- case capitalization, while most documents use all caps. Some of the common names for values defined in [RFC1035] are described in this section. This section also includes an additional RCODE and a general definition. The official list of all RCODEs is in the IANA registry. NOERROR: This RCODE appears as "No error condition" in Section 4.1.1 of [RFC1035]. FORMERR: This RCODE appears as "Format error - The name server was unable to interpret the query" in Section 4.1.1 of [RFC1035]. SERVFAIL: This RCODE appears as "Server failure - The name server was unable to process this query due to a problem with the name server" in Section 4.1.1 of [RFC1035]. NXDOMAIN: This RCODE appears as "Name Error [...] this code signifies that the domain name referenced in the query does not exist." in Section 4.1.1 of [RFC1035]. [RFC2308] established NXDOMAIN as a synonym for Name Error. NOTIMP: This RCODE appears as "Not Implemented - The name server does not support the requested kind of query" in Section 4.1.1 of [RFC1035]. REFUSED: This RCODE appears as "Refused - The name server refuses to perform the specified operation for policy reasons. For example, a name server may not wish to provide the information to the particular requester, or a name server may not wish to perform a particular operation (e.g., zone transfer) for particular data." in Section 4.1.1 of [RFC1035]. NODATA: "A pseudo RCODE which indicates that the name is valid, for the given class, but [there] are no records of the given type. A NODATA response has to be inferred from the answer." (Quoted from [RFC2308], Section 1) "NODATA is indicated by an answer with the
Top   ToC   RFC8499 - Page 11
      RCODE set to NOERROR and no relevant answers in the Answer
      section.  The authority section will contain an SOA record, or
      there will be no NS records there."  (Quoted from [RFC2308],
      Section 2.2) Note that referrals have a similar format to NODATA
      replies; [RFC2308] explains how to distinguish them.

      The term "NXRRSET" is sometimes used as a synonym for NODATA.
      However, this is a mistake, given that NXRRSET is a specific error
      code defined in [RFC2136].

   Negative response:  A response that indicates that a particular RRset
      does not exist or whose RCODE indicates that the nameserver cannot
      answer.  Sections 2 and 7 of [RFC2308] describe the types of
      negative responses in detail.

4. DNS Transactions

The header of a DNS message is its first 12 octets. Many of the fields and flags in the diagrams in Sections 4.1.1 through 4.1.3 of [RFC1035] are referred to by their names in each diagram. For example, the response codes are called "RCODEs", the data for a record is called the "RDATA", and the authoritative answer bit is often called "the AA flag" or "the AA bit". Class: A class "identifies a protocol family or instance of a protocol". (Quoted from [RFC1034], Section 3.6) "The DNS tags all data with a class as well as the type, so that we can allow parallel use of different formats for data of type address." (Quoted from [RFC1034], Section 2.2) In practice, the class for nearly every query is "IN" (the Internet). There are some queries for "CH" (the Chaos class), but they are usually for the purposes of information about the server itself rather than for a different type of address. QNAME: The most commonly used rough definition is that the QNAME is a field in the Question section of a query. "A standard query specifies a target domain name (QNAME), query type (QTYPE), and query class (QCLASS) and asks for RRs which match." (Quoted from [RFC1034], Section 3.7.1) Strictly speaking, the definition comes from [RFC1035], Section 4.1.2, where the QNAME is defined in respect of the Question section. This definition appears to be applied consistently: the discussion of inverse queries in Section 6.4.1 refers to the "owner name of the query RR and its TTL", because inverse queries populate the Answer section and leave the Question section empty. (Inverse queries are deprecated in [RFC3425]; thus, relevant definitions do not appear in this document.)
Top   ToC   RFC8499 - Page 12
      However, [RFC2308] has an alternate definition that puts the QNAME
      in the answer (or series of answers) instead of the query.  It
      defines QNAME as "...the name in the query section of an answer,
      or where this resolves to a CNAME, or CNAME chain, the data field
      of the last CNAME.  The last CNAME in this sense is that which
      contains a value which does not resolve to another CNAME."  This
      definition has a certain internal logic, because of the way CNAME
      substitution works and the definition of CNAME.  If a name server
      does not find an RRset that matches a query, but does find the
      same name in the same class with a CNAME record, then the name
      server "includes the CNAME record in the response and restarts the
      query at the domain name specified in the data field of the CNAME
      record."  (Quoted from [RFC1034], Section 3.6.2) This is made
      explicit in the resolution algorithm outlined in Section 4.3.2 of
      [RFC1034], which says to "change QNAME to the canonical name in
      the CNAME RR, and go back to step 1" in the case of a CNAME RR.
      Since a CNAME record explicitly declares that the owner name is
      canonically named what is in the RDATA, then there is a way to
      view the new name (i.e., the name that was in the RDATA of the
      CNAME RR) as also being the QNAME.

      However, this creates a kind of confusion because the response to
      a query that results in CNAME processing contains in the echoed
      Question section one QNAME (the name in the original query) and a
      second QNAME that is in the data field of the last CNAME.  The
      confusion comes from the iterative/recursive mode of resolution,
      which finally returns an answer that need not actually have the
      same owner name as the QNAME contained in the original query.

      To address this potential confusion, it is helpful to distinguish
      between three meanings:

      *  QNAME (original): The name actually sent in the Question
         section in the original query, which is always echoed in the
         (final) reply in the Question section when the QR bit is set to
         1.

      *  QNAME (effective): A name actually resolved, which is either
         the name originally queried or a name received in a CNAME chain
         response.

      *  QNAME (final): The name actually resolved, which is either the
         name actually queried or else the last name in a CNAME chain
         response.

      Note that, because the definition in [RFC2308] is actually for a
      different concept than what was in [RFC1034], it would have been
      better if [RFC2308] had used a different name for that concept.
Top   ToC   RFC8499 - Page 13
      In general use today, QNAME almost always means what is defined
      above as "QNAME (original)".

   Referrals:  A type of response in which a server, signaling that it
      is not (completely) authoritative for an answer, provides the
      querying resolver with an alternative place to send its query.
      Referrals can be partial.

      A referral arises when a server is not performing recursive
      service while answering a query.  It appears in step 3(b) of the
      algorithm in [RFC1034], Section 4.3.2.

      There are two types of referral response.  The first is a downward
      referral (sometimes described as "delegation response"), where the
      server is authoritative for some portion of the QNAME.  The
      authority section RRset's RDATA contains the name servers
      specified at the referred-to zone cut.  In normal DNS operation,
      this kind of response is required in order to find names beneath a
      delegation.  The bare use of "referral" means this kind of
      referral, and many people believe that this is the only legitimate
      kind of referral in the DNS.

      The second is an upward referral (sometimes described as "root
      referral"), where the server is not authoritative for any portion
      of the QNAME.  When this happens, the referred-to zone in the
      authority section is usually the root zone (".").  In normal DNS
      operation, this kind of response is not required for resolution or
      for correctly answering any query.  There is no requirement that
      any server send upward referrals.  Some people regard upward
      referrals as a sign of a misconfiguration or error.  Upward
      referrals always need some sort of qualifier (such as "upward" or
      "root") and are never identified simply by the word "referral".

      A response that has only a referral contains an empty answer
      section.  It contains the NS RRset for the referred-to zone in the
      Authority section.  It may contain RRs that provide addresses in
      the additional section.  The AA bit is clear.

      In the case where the query matches an alias, and the server is
      not authoritative for the target of the alias but is authoritative
      for some name above the target of the alias, the resolution
      algorithm will produce a response that contains both the
      authoritative answer for the alias and a referral.  Such a partial
      answer and referral response has data in the Answer section.  It
      has the NS RRset for the referred-to zone in the Authority
      section.  It may contain RRs that provide addresses in the
Top   ToC   RFC8499 - Page 14
      additional section.  The AA bit is set, because the first name in
      the Answer section matches the QNAME and the server is
      authoritative for that answer (see [RFC1035], Section 4.1.1).

5. Resource Records

RR: An acronym for resource record. (See [RFC1034], Section 3.6.) RRset: A set of resource records "with the same label, class and type, but with different data" (according to [RFC2181], Section 5). Also written as "RRSet" in some documents. As a clarification, "same label" in this definition means "same owner name". In addition, [RFC2181] states that "the TTLs of all RRs in an RRSet must be the same". Note that RRSIG resource records do not match this definition. [RFC4035] says: An RRset MAY have multiple RRSIG RRs associated with it. Note that as RRSIG RRs are closely tied to the RRsets whose signatures they contain, RRSIG RRs, unlike all other DNS RR types, do not form RRsets. In particular, the TTL values among RRSIG RRs with a common owner name do not follow the RRset rules described in [RFC2181]. Master file: "Master files are text files that contain RRs in text form. Since the contents of a zone can be expressed in the form of a list of RRs a master file is most often used to define a zone, though it can be used to list a cache's contents." (Quoted from [RFC1035], Section 5) Master files are sometimes called "zone files". Presentation format: The text format used in master files. This format is shown but not formally defined in [RFC1034] or [RFC1035]. The term "presentation format" first appears in [RFC4034]. EDNS: The extension mechanisms for DNS, defined in [RFC6891]. Sometimes called "EDNS0" or "EDNS(0)" to indicate the version number. EDNS allows DNS clients and servers to specify message sizes larger than the original 512 octet limit, to expand the response code space and to carry additional options that affect the handling of a DNS query. OPT: A pseudo-RR (sometimes called a "meta-RR") that is used only to contain control information pertaining to the question-and-answer sequence of a specific transaction. (Definition paraphrased from [RFC6891], Section 6.1.1.) It is used by EDNS.
Top   ToC   RFC8499 - Page 15
   Owner:  "The domain name where the RR is found."  (Quoted from
      [RFC1034], Section 3.6) Often appears in the term "owner name".

   SOA field names:  DNS documents, including the definitions here,
      often refer to the fields in the RDATA of an SOA resource record
      by field name.  "SOA" stands for "start of a zone of authority".
      Those fields are defined in Section 3.3.13 of [RFC1035].  The
      names (in the order they appear in the SOA RDATA) are MNAME,
      RNAME, SERIAL, REFRESH, RETRY, EXPIRE, and MINIMUM.  Note that the
      meaning of the MINIMUM field is updated in Section 4 of [RFC2308];
      the new definition is that the MINIMUM field is only "the TTL to
      be used for negative responses".  This document tends to use field
      names instead of terms that describe the fields.

   TTL:  The maximum "time to live" of a resource record.  "A TTL value
      is an unsigned number, with a minimum value of 0, and a maximum
      value of 2147483647.  That is, a maximum of 2^31 - 1.  When
      transmitted, this value shall be encoded in the less significant
      31 bits of the 32 bit TTL field, with the most significant, or
      sign, bit set to zero."  (Quoted from [RFC2181], Section 8) (Note
      that [RFC1035] erroneously stated that this is a signed integer;
      that was fixed by [RFC2181].)

      The TTL "specifies the time interval that the resource record may
      be cached before the source of the information should again be
      consulted."  (Quoted from [RFC1035], Section 3.2.1) Section 4.1.3
      of the same document states: "the time interval (in seconds) that
      the resource record may be cached before it should be discarded".
      Despite being defined for a resource record, the TTL of every
      resource record in an RRset is required to be the same ([RFC2181],
      Section 5.2).

      The reason that the TTL is the maximum time to live is that a
      cache operator might decide to shorten the time to live for
      operational purposes, such as if there is a policy to disallow TTL
      values over a certain number.  Some servers are known to ignore
      the TTL on some RRsets (such as when the authoritative data has a
      very short TTL) even though this is against the advice in RFC
      1035.  An RRset can be flushed from the cache before the end of
      the TTL interval, at which point, the value of the TTL becomes
      unknown because the RRset with which it was associated no longer
      exists.

      There is also the concept of a "default TTL" for a zone, which can
      be a configuration parameter in the server software.  This is
      often expressed by a default for the entire server, and a default
      for a zone using the $TTL directive in a zone file.  The $TTL
      directive was added to the master file format by [RFC2308].
Top   ToC   RFC8499 - Page 16
   Class independent:  A resource record type whose syntax and semantics
      are the same for every DNS class.  A resource record type that is
      not class independent has different meanings depending on the DNS
      class of the record, or the meaning is undefined for some class.
      Most resource record types are defined for class 1 (IN, the
      Internet), but many are undefined for other classes.

   Address records:  Records whose type is A or AAAA.  [RFC2181]
      informally defines these as "(A, AAAA, etc)".  Note that new types
      of address records could be defined in the future.



(page 16 continued on part 2)

Next Section