This repository has been archived by the owner on Nov 13, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
draft-iab-arpa-authoritative-servers.xml
384 lines (297 loc) · 16.7 KB
/
draft-iab-arpa-authoritative-servers.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
<?xml version="1.0" encoding="UTF-8"?>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc2629 version 1.3.37 -->
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
]>
<?rfc toc="yes"?>
<?rfc tocdepth="4"?>
<?rfc sortrefs="yes"?>
<?rfc symrefs="yes"?>
<rfc ipr="trust200902" docName="draft-iab-arpa-authoritative-servers-01" category="info" updates="3172">
<front>
<title abbrev="Nameservers for the .arpa Domain">Nameservers for the Address and Routing Parameter Area ("arpa") Domain</title>
<author initials="K." surname="Davies" fullname="Kim Davies">
<organization abbrev="IANA">Internet Assigned Numbers Authority</organization>
<address>
<postal>
<street>PTI/ICANN</street> <street>12025 Waterfront Drive</street>
<city>Los Angeles</city>
<code>90094</code>
<country>United States of America</country>
</postal>
<email>[email protected]</email>
</address>
</author>
<author initials="J." surname="Arkko" fullname="Jari Arkko">
<organization abbrev="Ericsson">Ericsson Research</organization>
<address>
<postal>
<street>02700 Kauniainen</street>
<country>Finland</country>
</postal>
<email>[email protected]</email>
</address>
</author>
<date year="2021" month="July" day="12"/>
<keyword>Internet-Draft</keyword>
<abstract>
<t>This document describes revisions to operational practices to separate
function of the “arpa” top-level domain in the DNS from its historical
operation alongside the DNS root zone.</t>
</abstract>
</front>
<middle>
<section anchor="introduction" title="Introduction">
<t>The “arpa” top-level domain <xref target="RFC3172"/> is designated as an
“infrastructure domain” to support techniques defined by Internet
standards. Zones under the “arpa” domain provide various mappings, such
as IP addresses to domain names and E.164 numbers to URIs. It also
contains special use names such as “home”, which is a non-unique name
used in residential networks.</t>
<t>Historically, the “arpa” zone has been hosted on almost all of the
root nameservers, and <xref target="RFC3172"/> envisages the “arpa” domain to be
“sufficiently critical that the operational requirements for the root
nameservers apply to the operational requirements of the “arpa” servers”. To
date, this has been implemented by serving the “arpa” domain directly on
a subset of the root server infrastructure.</t>
<t>This bundling of root nameserver and “arpa” nameserver operations has entwined
management of the zones’ contents and their infrastructure. As a result,
some proposals under consideration by the IETF involving the “arpa” zone
have been discarded due to the risk of conflict with operations associated
with managing the content of the root zone, or administering the root
nameservers.</t>
<t>The separation described in this document resolves operational impacts
of synchronizing edits to the root zone and the “arpa” zone by
eliminating the current dependency and allowing more tailored operations
based on the unique requirements of each zone.</t>
</section>
<section anchor="requirements-for-the-arpa-zone" title="Requirements for the “arpa” zone">
<t>The “arpa” domain continues to play a role in critical Internet
operations, and this change does not propose weakening operational
requirements described in <xref target="RFC3172"/> for the domain. Future operational
requirements for the “arpa” domain are encouraged to follow strong
baseline requirements such as those documented in <xref target="RFC7720"/>.</t>
<t>Changes to the administration of the “arpa” zone do not alter the
management practices of other zones delegated within the “arpa”
namespace. For example, “ip6.arpa” would continue to be managed in
accordance with <xref target="RFC5855"/>.</t>
</section>
<section anchor="transition-process" title="Transition Process">
<t>The process will dedicate new hostnames to the servers authoritative for
the “arpa” zone, but will initially serve the “arpa” zone from the same
hosts.</t>
<t>Once completed, subsequent transitional phases could include using
new hosts to replace or augment the existing root nameserver hosts, and
separation of the editing and distribution of the “arpa” zone from
necessarily being connected to the root zone. Any future management
considerations regarding how such changes may be performed are beyond
the scope of this document.</t>
<section anchor="dedicated-nameserver-hostnames" title="Dedicated nameserver hostnames">
<t>Consistent with the use of the “arpa” namespace itself to host name
servers for other delegations in the “arpa” zone (<xref target="RFC5855"/>), this
document specifies a new namespace of “ns.arpa”, with the
nameserver set for the “arpa” zone to be initially labelled as follows:</t>
<figure><artwork><![CDATA[
a.ns.arpa
b.ns.arpa
c.ns.arpa
...
]]></artwork></figure>
<t>Dedicated hostnames eliminate a logical dependency that requires the
coordinated editing of the nameservers for the “arpa” zone and the root
zone. This component of this transition does not require the underlying
hosts that provide “arpa” name service (that is, the root nameservers) be
altered. The “arpa” zone will initially map the new hostnames to the
same IP addresses that already provide service under the respective
hostnames within root-servers.net.</t>
<t>Because these nameservers are completely within the “arpa” zone, they
will require glue records in the root zone. This is consistent with
current practice and requires no operational changes to the root zone.</t>
</section>
<section anchor="separation-of-infrastructure" title="Separation of infrastructure">
<t>After initially migrating the “arpa” zone to use hostnames that are not shared
with the root zone, the underlying name service is expected to evolve such that
it no longer directly aligns to a subset of root nameserver instances. With no
shared infrastructure between the root nameservers and the “arpa” nameservers, future
novel applications for the “arpa” zone may be possible.</t>
<t>Any subsequent changes to the parties providing name service for the
zone is considered a normal management responsibility, and would be
performed in accordance with <xref target="RFC3172"/>.</t>
</section>
<section anchor="zone-administration" title="Zone administration">
<t>Publication of the “arpa” zone file to the authoritative “arpa” name
servers is currently undertaken alongside the root zone maintenance functions.
Upon the separation of the “arpa” infrastructure from the root nameserver
infrastructure, publication of the “arpa” zone no longer necessarily needs
to be technically linked or inter-related to the root zone publication
mechanisms.</t>
</section>
<section anchor="conclusion-of-process" title="Conclusion of process">
<t>Full technical separation of operations of the “arpa” zone and root zone
minimally requires the following to be satisfied:</t>
<t><list style="symbols">
<t>The “arpa” zone no longer shares any hostnames in its NS-set with the root
zone;</t>
<t>The hosts that provide authoritative name service are not the same hosts
as the root nameservers, do not share any IPv4 or IPv6 addresses with the
root servers, and are sufficiently separately provisioned such
that any unique “arpa” zone requirements can be deployed without affecting
how root zone service is provided;</t>
<t>The editorial and publication process for the “arpa” zone has any common
dependencies with the root zone process removed, so that the “arpa” zone
can be managed, edited and provisioned wholly independently of the
root zone.</t>
</list></t>
<t>Such separation is ultimately sought to allow for novel uses of
the “arpa” zone without the risk of inadvertantly impacting root zone and root
server operations. It is recognized that achieving this state requires a
deliberative process involving significant coordination to ensure impacts
are minimized.</t>
</section>
</section>
<section anchor="iana-considerations" title="IANA Considerations">
<t>The IANA shall coordinate the creation of the “ns.arpa” namespace and
populate it with address records that reflect the IP addresses of the
contemporary root servers documented within “root-servers.net” as its
initial state. The namespace may either be provisioned directly within
the “arpa” zone (as an empty non-terminal), or through establishing
a dedicated “ns.arpa” zone, according to operational requirements.</t>
<t>The IANA will initially migrate the 12 NS records for the “arpa” zone
to point to their respective new entries in the “ns.arpa” domain.</t>
<t>Subsequently, the IAB and IANA will consult and coordinate with all relevant
parties on activity to reduce or eliminate reliance upon root zone
and root server infrastructure for serving the “arpa” zone. Such
changes will be performed in compliance with <xref target="RFC3172"/> and shall
be conducted with all due care and deliberation to mitigate potential
impacts on critical infrastructure.</t>
</section>
<section anchor="security-considerations" title="Security Considerations">
<t>The security of the “arpa” zone is not necessarily impacted by any
aspects of these changes. Robust practices associated with administering
the content of the zone (including signing the zone with DNSSEC) as well
as its distribution will continue to be necessary.</t>
</section>
</middle>
<back>
<references title='Normative References'>
<reference anchor='RFC3172' target='https://www.rfc-editor.org/info/rfc3172'>
<front>
<title>Management Guidelines & Operational Requirements for the Address and Routing Parameter Area Domain ("arpa")</title>
<author fullname='G. Huston' initials='G.' role='editor' surname='Huston'><organization/></author>
<date month='September' year='2001'/>
<abstract><t>This memo describes the management and operational requirements for the address and routing parameter area ("arpa") domain. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t></abstract>
</front>
<seriesInfo name='BCP' value='52'/>
<seriesInfo name='RFC' value='3172'/>
<seriesInfo name='DOI' value='10.17487/RFC3172'/>
</reference>
</references>
<references title='Informative References'>
<reference anchor='RFC5855' target='https://www.rfc-editor.org/info/rfc5855'>
<front>
<title>Nameservers for IPv4 and IPv6 Reverse Zones</title>
<author fullname='J. Abley' initials='J.' surname='Abley'><organization/></author>
<author fullname='T. Manderson' initials='T.' surname='Manderson'><organization/></author>
<date month='May' year='2010'/>
<abstract><t>This document specifies a stable naming scheme for the nameservers that serve the zones IN-ADDR.ARPA and IP6.ARPA in the DNS. These zones contain data that facilitate reverse mapping (address to name). This memo documents an Internet Best Current Practice.</t></abstract>
</front>
<seriesInfo name='BCP' value='155'/>
<seriesInfo name='RFC' value='5855'/>
<seriesInfo name='DOI' value='10.17487/RFC5855'/>
</reference>
<reference anchor='RFC7720' target='https://www.rfc-editor.org/info/rfc7720'>
<front>
<title>DNS Root Name Service Protocol and Deployment Requirements</title>
<author fullname='M. Blanchet' initials='M.' surname='Blanchet'><organization/></author>
<author fullname='L-J. Liman' initials='L-J.' surname='Liman'><organization/></author>
<date month='December' year='2015'/>
<abstract><t>The DNS root name service is a critical part of the Internet architecture. The protocol and deployment requirements for the DNS root name service are defined in this document. Operational requirements are out of scope.</t></abstract>
</front>
<seriesInfo name='BCP' value='40'/>
<seriesInfo name='RFC' value='7720'/>
<seriesInfo name='DOI' value='10.17487/RFC7720'/>
</reference>
</references>
<section numbered="false" anchor="acknowledgments" title="Acknowledgments">
<t>Thank you Alyssa Cooper, Michelle Cotton, Lars-Johan Liman, Wes Hardaker,
Ted Hardie, Paul Hoffman, Russ Housley, Oscar Robles-Garay, Duane
Wessels and Suzanne Woolf for providing review and feedback.</t>
</section>
</back>
<!-- ##markdown-source:
H4sIAGJy7GAAA31ZXW8bNxZ9568glIdNFpLW8SbNVosF6sZJ47brGnGKAH1Z
UDOUxPWInJIcO0qR/e177iVnhiMrLVDEGnHI+3HOuZdXi8VCRBMbvZLXaq+D
9vfaB7lxXsadlhd17XUIUtlavnddNHYrb5THyqi9vPBayacz5Vs1eyYv3V4Z
K9R67fX96e2WtLRfWLvKYs1K1l5t4sKo9YK+Xqgu7pw3UUVzrxd5i8XZcyFC
hB3/UY2zeCv6TgthWs9/hnh+dvbt2bm4e1jJKwvrrI6LS9pZVCqupLEbJ7q2
VlGHlfz781fnQrRmJaSMrlrJgw7pz1q3cbeSL/ApOB+93oT+23DYlx9FMpS2
WOB/iSPw3U9LeanuDa+QMjn4k9mXD53fjjbKixDM1upaXnf7NQXrIvt/4MV9
OK8uri/4QYBNOq74b/pvIW8+XP3t6vXF9XXx7Pn52flL+RHe+o13NspLj2jy
ggpbr+TPDifZrW6yUZWrYem3COKL/Lmz0WPhr9ZEWHcbKXLSbeTFXntTKV6l
kclmJe/Mflmzg98ZZdUSHk6j8uMSYLm7c0VQflTeFA85KG+wcQjOyveAjvLV
bhKC/tuvhOHs/NXZmfxJddYAXtpO3XhrbAP0lFb/FxYAkbDgO523XlZuL3iN
sM7vGYJ0xvu3rwkyK0Ewmj5/+Y+XL/Ofr16dn9GfQiwWC5gNG1UVhfiwM0EC
7t1eIxO1DpU3awQTXplgnA0AnnSt9tjXWdXIlt4zleYvgm7BuKjFprMVLaAk
EJsS8bCkXTT6Xjc4goiFiPPXl9e3ErnfSxODhAXRUdoaMRwkiUnbYGo9rPfO
RfkZ/FomH/amrhvQ7Anh1bu6YwPIo68f/8cfOVpfvkjyWxO+FWFIkZCIGWLo
FWKDzTqv82szdrVrW5BORl3trPm90/T6xhA71oeBMkkHlK/DUv4GW4PsbK19
GZNsSuvdPbl3j0y7Lsi9altIWJjjJIAL9lzdSJU0LgU7v0gQTar3Zvn8mxfS
Zm5ixa/vr3DuVUT0ghMVuIUXggytrgxS1wWd36YjyOXZzu31bC4fdgYPEBEl
rbOLjh3ktQIv1ZQ22AFzbaSN4OiD83cBmXg3JK85zEs3KVNyhzPWWlu5c4Gi
zInd42/802SsCE6sHSV5zs6VqdIWYFRbCsOjOMLttRaz0G02pjIwsDlIYDiS
SViuIr9TItjr3zvjNQF+lH8yQhRGSKQDO2H3P319Cvf87mwpPzhBck4RQVSH
MJh92/CbCTW0nsrWY69qnFCRK0C0QrrWAXKcD+N4paPkFK/LzOc1QNfQxnjj
KLoc23xW8XRwMBkLCx8I2mIPydyyxf3plNfwF0ng4gjQfnhuHtmC6gE4ATZd
E+ciAGiE+dYFgDOzApsQqDLlERA64OrNh7fY6941x7Gho8VO3esUzNqECkxD
KGuANWfKm3BHpmLrTWOqKB9M3JXuKWgp2IAMCP6KPewPyl5NIk2nzlEDQMa9
sYA7BDkvPwbNMqlPVkXyqRfUOilfqbWIDFykulWACwCBvAYBA8LBVjvUR/OZ
jtM1SWXvZG9XH/0J6dYHoRsDW1Uc/Oq8T/reakTeVgd+EyR0D7Rm7yB2EIsG
/9ZFtMRahURb2iXLwjEBtIJ2ZGF+gvJ4gl1lAkuBzminsBvbJZlrG3Ug4LhG
U9AGLg8SO5o3z/4jrNVOoWPAhtjEIjoJalo+aHWnLXNhDLOYuDDJUSk7vfXJ
yqV823FR+OpGR95m5xReQcRd58GkmjzcOIo7tQmocRxikPUorr1Co98KegBN
YSMV9C9fEPLX7PmAjR6lGYBTgWJ81I4jpJqYClNJ8rG640WHL30iPILU6C1X
SmJNLuNp18QA4Bacf4sQ6E+KZG4uZ6b9ZpkOfnBdUw95TqKdqMcuCVVVztfK
VjoRll2k9oVdfCI/eAWpYI9uvIN9IeGoTR/wEuoJpABIiShc+oErTip2OTCD
sJc9POVMHAVoDv2MaUdEkgpek6RaPwol9zC8OZVKOpI04BdyA90agoCAzZN8
gzmIbxz8oFYKUgv7Ko6NsVXToR/oAsAqeg/Yeq/BCWxJGtRtOU90pv6ENBOy
jyWeX2RuiEKKMhJISOglYk5NODHw9itIIfdgCkUYXQqisNb0KtKIhzGBeaJH
EH17kJvEkxFWYiL01FxuIdy01Y54QFCvMor3ik6RoBg1s9SYeZL7g4MzHOgK
9Eu2FmJKGHkiL3P+6+Ng8EcwhawILPAMMta0oI88H9BMzaluNuQkbZLaofLa
mPiRmcGOTXiRYvi0gPKz1A+IoQZwZ7YxmhsvpHw8GzbNbEjsmQ/mFsVGUkdw
Ql8zt0bkNmqtmya1uEl5wkqI/9F/dJtQy3wMfViXH6ryw3K5zO+IMcwjx/qC
A/2RjduyYBfFhvuwrG/cxAERjhDA2/SQzHmwJ27npYN9zePqm1DHXQ8xDp/6
8o0nI9vGwpCtyAUNmGwORLhMNrKz78wLPKRODWl5yitMmI+4L8x9Rq0o66qu
yaip3UeKgoY/uXtCrATpydEFgA5WjdeqPgwm9maNlwysBqZI2sS4aZZsMrcf
WixRScGa73WliAJ4NUwjT7zrNQzWPlL9LJV4cBDsWR/YbcM9Aun5QIhCIDhV
nK0JGUXfovQViNM8QMZOL6HVtOaVV0PowO1E9KZtqRAXm8iN85AHs/Vjp3TE
JIpNkRzOAXwkIIUd/spN5FGzOMXWFEFwXX9qB/nU1OfqpIG0vTCRnKXbL2lL
fw1QDS6q7G95GzgWflz2ItVQXAI/klnWiWTlURAA0/hALfQpEB/3lJObWZJ2
YR1dqumKRErA0neKqb2YuxDMuqHsUHkoyuFRHpG2SGKY4P0odPkI5vwAoZrI
xvdWvwcyil6GqEAr1qYx8ZB6xdSHgKVjgaEW7VT3kZrAhKjfWHcmnZUQN926
d/9k8TTNcCuZ9hxFYId6Qu4kBiDbjJ1IjevRHGRs/Km1BHnY5n74gt7j1zb3
6o8Lfz71CAlDB3MEAzFdN5ftn3s7YrbsF6zWdRCpIqXBSZVqkrF3dK8gyIKN
C68bdaqfKE8Ve01wMWEfUlJQztEyhWxQ27eFbzuI0XDYUSCKi+AJJ1hyhrMF
pXvP9palKxdRFgx2LGDDgCJeo6z+9ZHqj4FhKhK9DoWk0EwMhef6dkGcnogJ
yi7t8E+a2qV9TxSpKbImdOmFqu9P0+vYTYWTxJ/3NwM2lO28url/QVnCv98U
tWhoR2Q5jMjXMXp3Mo3ph4RNrluUMeSax1wya6o99LfLMnaTG1GlLEUbXUXj
Dvke4tCoq82GCp6lsS61k2MCC8nN4aqLYFLXgcgBImR1Ce/+UnFK0nYqZRCl
cc/j3qHLMUVgSgTnzeAGRJNuA24cS5U7Y6/sYr4XzdlEEjeyr4jcw84RKI3t
z+ZB0abMSCqG8PWWCkvBAcSiayJgzfkIrtvuIpcVvpKSx0nbu8B3wOO70RD1
ctaCNq6+J8FiQ9IIY7iXTIglHo2beFxpAjcMW2s+kwgwIqqd0XkAhK8DjfhH
GiqBrhtXdp9g38d4nBrRXBeNNQKKItO3muQ/lVwbSPn6UQvhlZlOh/Nlk37P
kK8nV5Z02+QvwA4IzNi/pgEL+rKJNPa9e9HS032sdW1HUgfSJ7BkUg0NU+6U
Nw0wncZhZROYk8xjKjS7XvnDhIHloCB3bLPjrm9G/IfmiNwCpdimdnU0lkq3
NnzBWesJ+oaeJB3wCCFPmSES9sUDT5Mh8HQ3aJ7xFC3uPIFOahwLyoUdMVcN
d/e6CF1qplJxznL7tUHsskjQcZ/N/V1K0/NzSb8k5Fifmk7RAMoZG3MpMr7o
qLlVx2ne6PGqN1ibp0QClOv7m34kfnXxPVNgNI9aF/CQnxZQSpDgZrrR9wCv
6FsimpyTEehk0kig7tJEYLx54R3D/UBHTcBAPjFUtZMzY47CiUF06tZJPkTf
pbHlk8s5z+5wRzAneyf2juki1jxbpd9oMjLZS5rbVqnW1HJkdKLpHgmkiRPy
EdPvDiJTloIxjAUfTcCp/0crRYE6xeHQf3mi/pt0RSw7mHRkGtdD94ViMPRM
xO0gB2cp37t1F8oJ2jhp7qlezI/FiXFzok8aBA0ilrMyiC/9Fnb75vUzYvED
LvYisXk6y+kxVk7beq8O+feztaruKFoX1Z11D42uebIUxB+r9IuSrv8126gm
6NkXipyyd/LgOnnRHLALQktUnMt/m2pH4wU8iNHZufxZ+bD40WG9/BllBk8+
IhbvFPrrO7wgPiAc9MmA2jeqa+Q7t9nwuvcddPCd60KjwZtfaLhPQW10WPyA
8oVnl50Cnj+SFjbpnnLbfVYWkfnoXLNhKI93B/oJE4SlZRv0oeQvXBf/BxBJ
gaBXIAAA
-->
</rfc>