{"id":3147,"date":"2018-10-05T07:35:23","date_gmt":"2018-10-05T07:35:23","guid":{"rendered":"https:\/\/tst-amo.net.ua\/blog\/?p=3147"},"modified":"2018-10-05T07:39:48","modified_gmt":"2018-10-05T07:39:48","slug":"rfc-1034","status":"publish","type":"post","link":"https:\/\/tst-amo.net.ua\/blog\/?p=3147","title":{"rendered":"RFC 1034"},"content":{"rendered":"

[Docs<\/a>] [txt<\/a>|pdf<\/a>] [Tracker<\/a>] [Errata<\/a>] <\/span><\/p>\n

Updated by: 1101<\/a>, 1183<\/a>, 1348<\/a>, 1876<\/a>, 1982<\/a>, 2065<\/a>, INTERNET STANDARD<\/span>
\n 2181<\/a>, 2308<\/a>, 2535<\/a>, 4033<\/a>, 4034<\/a>, 4035<\/a>, 4343<\/a>, 4035<\/a>, 4592<\/a>, 5936<\/a>, 8020<\/a> Errata Exist<\/span><\/p>\n

Network Working Group                                     P. Mockapetris\r\nRequest for Comments: 1034                                           ISI\r\nObsoletes: RFCs 882<\/a>, 883<\/a>, 973<\/a>                              November 1987\r\n\r\n\r\n<\/pre>\n
DOMAIN NAMES – CONCEPTS AND FACILITIES<\/h1>\n
\r\n\r\n<\/pre>\n
1<\/a>. STATUS OF THIS MEMO<\/h2>\n
This RFC is an introduction to the Domain Name System (DNS), and omits\r\nmany details which can be found in a companion RFC, \"Domain Names -\r\nImplementation and Specification\" [RFC-1035<\/a>].  That RFC assumes that the\r\nreader is familiar with the concepts discussed in this memo.\r\n\r\nA subset of DNS functions and data types constitute an official\r\nprotocol.  The official protocol includes standard queries and their\r\nresponses and most of the Internet class data formats (e.g., host\r\naddresses).\r\n\r\nHowever, the domain system is intentionally extensible.  Researchers are\r\ncontinuously proposing, implementing and experimenting with new data\r\ntypes, query types, classes, functions, etc.  Thus while the components\r\nof the official protocol are expected to stay essentially unchanged and\r\noperate as a production service, experimental behavior should always be\r\nexpected in extensions beyond the official protocol.  Experimental or\r\nobsolete features are clearly marked in these RFCs, and such information\r\nshould be used with caution.\r\n\r\nThe reader is especially cautioned not to depend on the values which\r\nappear in examples to be current or complete, since their purpose is\r\nprimarily pedagogical.  Distribution of this memo is unlimited.\r\n\r\n<\/pre>\n
2<\/a>. INTRODUCTION<\/h2>\n
This RFC introduces domain style names, their use for Internet mail and\r\nhost address support, and the protocols and servers used to implement\r\ndomain name facilities.\r\n\r\n<\/pre>\n
2.1<\/a>. The history of domain names<\/h3>\n
The impetus for the development of the domain system was growth in the\r\nInternet:\r\n\r\n   - Host name to address mappings were maintained by the Network\r\n     Information Center (NIC) in a single file (HOSTS.TXT) which\r\n     was FTPed by all hosts [RFC-952, RFC-953<\/a>].  The total network\r\n\r\n\r\n\r\nMockapetris                                                     [Page 1]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\n     bandwidth consumed in distributing a new version by this\r\n     scheme is proportional to the square of the number of hosts in\r\n     the network, and even when multiple levels of FTP are used,\r\n     the outgoing FTP load on the NIC host is considerable.\r\n     Explosive growth in the number of hosts didn't bode well for\r\n     the future.\r\n\r\n   - The network population was also changing in character.  The\r\n     timeshared hosts that made up the original ARPANET were being\r\n     replaced with local networks of workstations.  Local\r\n     organizations were administering their own names and\r\n     addresses, but had to wait for the NIC to change HOSTS.TXT to\r\n     make changes visible to the Internet at large.  Organizations\r\n     also wanted some local structure on the name space.\r\n\r\n   - The applications on the Internet were getting more\r\n     sophisticated and creating a need for general purpose name\r\n     service.\r\n\r\n\r\nThe result was several ideas about name spaces and their management\r\n[IEN-116, RFC-799<\/a>, RFC-819<\/a>, RFC-830<\/a>].  The proposals varied, but a\r\ncommon thread was the idea of a hierarchical name space, with the\r\nhierarchy roughly corresponding to organizational structure, and names\r\nusing \".\"  as the character to mark the boundary between hierarchy\r\nlevels.  A design using a distributed database and generalized resources\r\nwas described in [RFC-882, RFC-883<\/a>].  Based on experience with several\r\nimplementations, the system evolved into the scheme described in this\r\nmemo.\r\n\r\nThe terms \"domain\" or \"domain name\" are used in many contexts beyond the\r\nDNS described here.  Very often, the term domain name is used to refer\r\nto a name with structure indicated by dots, but no relation to the DNS.\r\nThis is particularly true in mail addressing [Quarterman 86].\r\n\r\n<\/pre>\n
2.2<\/a>. DNS design goals<\/h3>\n
The design goals of the DNS influence its structure.  They are:\r\n\r\n   - The primary goal is a consistent name space which will be used\r\n     for referring to resources.  In order to avoid the problems\r\n     caused by ad hoc encodings, names should not be required to\r\n     contain network identifiers, addresses, routes, or similar\r\n     information as part of the name.\r\n\r\n   - The sheer size of the database and frequency of updates\r\n     suggest that it must be maintained in a distributed manner,\r\n     with local caching to improve performance.  Approaches that\r\n\r\n\r\n\r\nMockapetris                                                     [Page 2]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\n     attempt to collect a consistent copy of the entire database\r\n     will become more and more expensive and difficult, and hence\r\n     should be avoided.  The same principle holds for the structure\r\n     of the name space, and in particular mechanisms for creating\r\n     and deleting names; these should also be distributed.\r\n\r\n   - Where there tradeoffs between the cost of acquiring data, the\r\n     speed of updates, and the accuracy of caches, the source of\r\n     the data should control the tradeoff.\r\n\r\n   - The costs of implementing such a facility dictate that it be\r\n     generally useful, and not restricted to a single application.\r\n     We should be able to use names to retrieve host addresses,\r\n     mailbox data, and other as yet undetermined information.  All\r\n     data associated with a name is tagged with a type, and queries\r\n     can be limited to a single type.\r\n\r\n   - Because we want the name space to be useful in dissimilar\r\n     networks and applications, we provide the ability to use the\r\n     same name space with different protocol families or\r\n     management.  For example, host address formats differ between\r\n     protocols, though all protocols have the notion of address.\r\n     The DNS tags all data with a class as well as the type, so\r\n     that we can allow parallel use of different formats for data\r\n     of type address.\r\n\r\n   - We want name server transactions to be independent of the\r\n     communications system that carries them.  Some systems may\r\n     wish to use datagrams for queries and responses, and only\r\n     establish virtual circuits for transactions that need the\r\n     reliability (e.g., database updates, long transactions); other\r\n     systems will use virtual circuits exclusively.\r\n\r\n   - The system should be useful across a wide spectrum of host\r\n     capabilities.  Both personal computers and large timeshared\r\n     hosts should be able to use the system, though perhaps in\r\n     different ways.\r\n\r\n<\/pre>\n
2.3<\/a>. Assumptions about usage<\/h3>\n
The organization of the domain system derives from some assumptions\r\nabout the needs and usage patterns of its user community and is designed\r\nto avoid many of the the complicated problems found in general purpose\r\ndatabase systems.\r\n\r\nThe assumptions are:\r\n\r\n   - The size of the total database will initially be proportional\r\n\r\n\r\n\r\nMockapetris                                                     [Page 3]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\n     to the number of hosts using the system, but will eventually\r\n     grow to be proportional to the number of users on those hosts\r\n     as mailboxes and other information are added to the domain\r\n     system.\r\n\r\n   - Most of the data in the system will change very slowly (e.g.,\r\n     mailbox bindings, host addresses), but that the system should\r\n     be able to deal with subsets that change more rapidly (on the\r\n     order of seconds or minutes).\r\n\r\n   - The administrative boundaries used to distribute\r\n     responsibility for the database will usually correspond to\r\n     organizations that have one or more hosts.  Each organization\r\n     that has responsibility for a particular set of domains will\r\n     provide redundant name servers, either on the organization's\r\n     own hosts or other hosts that the organization arranges to\r\n     use.\r\n\r\n   - Clients of the domain system should be able to identify\r\n     trusted name servers they prefer to use before accepting\r\n     referrals to name servers outside of this \"trusted\" set.\r\n\r\n   - Access to information is more critical than instantaneous\r\n     updates or guarantees of consistency.  Hence the update\r\n     process allows updates to percolate out through the users of\r\n     the domain system rather than guaranteeing that all copies are\r\n     simultaneously updated.  When updates are unavailable due to\r\n     network or host failure, the usual course is to believe old\r\n     information while continuing efforts to update it.  The\r\n     general model is that copies are distributed with timeouts for\r\n     refreshing.  The distributor sets the timeout value and the\r\n     recipient of the distribution is responsible for performing\r\n     the refresh.  In special situations, very short intervals can\r\n     be specified, or the owner can prohibit copies.\r\n\r\n   - In any system that has a distributed database, a particular\r\n     name server may be presented with a query that can only be\r\n     answered by some other server.  The two general approaches to\r\n     dealing with this problem are \"recursive\", in which the first\r\n     server pursues the query for the client at another server, and\r\n     \"iterative\", in which the server refers the client to another\r\n     server and lets the client pursue the query.  Both approaches\r\n     have advantages and disadvantages, but the iterative approach\r\n     is preferred for the datagram style of access.  The domain\r\n     system requires implementation of the iterative approach, but\r\n     allows the recursive approach as an option.\r\n\r\n\r\n\r\n\r\n\r\nMockapetris                                                     [Page 4]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\nThe domain system assumes that all data originates in master files\r\nscattered through the hosts that use the domain system.  These master\r\nfiles are updated by local system administrators.  Master files are text\r\nfiles that are read by a local name server, and hence become available\r\nthrough the name servers to users of the domain system.  The user\r\nprograms access name servers through standard programs called resolvers.\r\n\r\nThe standard format of master files allows them to be exchanged between\r\nhosts (via FTP, mail, or some other mechanism); this facility is useful\r\nwhen an organization wants a domain, but doesn't want to support a name\r\nserver.  The organization can maintain the master files locally using a\r\ntext editor, transfer them to a foreign host which runs a name server,\r\nand then arrange with the system administrator of the name server to get\r\nthe files loaded.\r\n\r\nEach host's name servers and resolvers are configured by a local system\r\nadministrator [RFC-1033<\/a>].  For a name server, this configuration data\r\nincludes the identity of local master files and instructions on which\r\nnon-local master files are to be loaded from foreign servers.  The name\r\nserver uses the master files or copies to load its zones.  For\r\nresolvers, the configuration data identifies the name servers which\r\nshould be the primary sources of information.\r\n\r\nThe domain system defines procedures for accessing the data and for\r\nreferrals to other name servers.  The domain system also defines\r\nprocedures for caching retrieved data and for periodic refreshing of\r\ndata defined by the system administrator.\r\n\r\nThe system administrators provide:\r\n\r\n   - The definition of zone boundaries.\r\n\r\n   - Master files of data.\r\n\r\n   - Updates to master files.\r\n\r\n   - Statements of the refresh policies desired.\r\n\r\nThe domain system provides:\r\n\r\n   - Standard formats for resource data.\r\n\r\n   - Standard methods for querying the database.\r\n\r\n   - Standard methods for name servers to refresh local data from\r\n     foreign name servers.\r\n\r\n\r\n\r\n\r\n\r\nMockapetris                                                     [Page 5]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\n<\/pre>\n
2.4<\/a>. Elements of the DNS<\/h3>\n
The DNS has three major components:\r\n\r\n   - The DOMAIN NAME SPACE and RESOURCE RECORDS, which are\r\n     specifications for a tree structured name space and data\r\n     associated with the names.  Conceptually, each node and leaf\r\n     of the domain name space tree names a set of information, and\r\n     query operations are attempts to extract specific types of\r\n     information from a particular set.  A query names the domain\r\n     name of interest and describes the type of resource\r\n     information that is desired.  For example, the Internet\r\n     uses some of its domain names to identify hosts; queries for\r\n     address resources return Internet host addresses.\r\n\r\n   - NAME SERVERS are server programs which hold information about\r\n     the domain tree's structure and set information.  A name\r\n     server may cache structure or set information about any part\r\n     of the domain tree, but in general a particular name server\r\n     has complete information about a subset of the domain space,\r\n     and pointers to other name servers that can be used to lead to\r\n     information from any part of the domain tree.  Name servers\r\n     know the parts of the domain tree for which they have complete\r\n     information; a name server is said to be an AUTHORITY for\r\n     these parts of the name space.  Authoritative information is\r\n     organized into units called ZONEs, and these zones can be\r\n     automatically distributed to the name servers which provide\r\n     redundant service for the data in a zone.\r\n\r\n   - RESOLVERS are programs that extract information from name\r\n     servers in response to client requests.  Resolvers must be\r\n     able to access at least one name server and use that name\r\n     server's information to answer a query directly, or pursue the\r\n     query using referrals to other name servers.  A resolver will\r\n     typically be a system routine that is directly accessible to\r\n     user programs; hence no protocol is necessary between the\r\n     resolver and the user program.\r\n\r\nThese three components roughly correspond to the three layers or views\r\nof the domain system:\r\n\r\n   - From the user's point of view, the domain system is accessed\r\n     through a simple procedure or OS call to a local resolver.\r\n     The domain space consists of a single tree and the user can\r\n     request information from any section of the tree.\r\n\r\n   - From the resolver's point of view, the domain system is\r\n     composed of an unknown number of name servers.  Each name\r\n\r\n\r\n\r\nMockapetris                                                     [Page 6]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\n     server has one or more pieces of the whole domain tree's data,\r\n     but the resolver views each of these databases as essentially\r\n     static.\r\n\r\n   - From a name server's point of view, the domain system consists\r\n     of separate sets of local information called zones.  The name\r\n     server has local copies of some of the zones.  The name server\r\n     must periodically refresh its zones from master copies in\r\n     local files or foreign name servers.  The name server must\r\n     concurrently process queries that arrive from resolvers.\r\n\r\nIn the interests of performance, implementations may couple these\r\nfunctions.  For example, a resolver on the same machine as a name server\r\nmight share a database consisting of the the zones managed by the name\r\nserver and the cache managed by the resolver.\r\n\r\n<\/pre>\n
3<\/a>. DOMAIN NAME SPACE and RESOURCE RECORDS<\/h2>\n
<\/pre>\n
3.1<\/a>. Name space specifications and terminology<\/h3>\n
The domain name space is a tree structure.  Each node and leaf on the\r\ntree corresponds to a resource set (which may be empty).  The domain\r\nsystem makes no distinctions between the uses of the interior nodes and\r\nleaves, and this memo uses the term \"node\" to refer to both.\r\n\r\nEach node has a label, which is zero to 63 octets in length.  Brother\r\nnodes may not have the same label, although the same label can be used\r\nfor nodes which are not brothers.  One label is reserved, and that is\r\nthe null (i.e., zero length) label used for the root.\r\n\r\nThe domain name of a node is the list of the labels on the path from the\r\nnode to the root of the tree.  By convention, the labels that compose a\r\ndomain name are printed or read left to right, from the most specific\r\n(lowest, farthest from the root) to the least specific (highest, closest\r\nto the root).\r\n\r\nInternally, programs that manipulate domain names should represent them\r\nas sequences of labels, where each label is a length octet followed by\r\nan octet string.  Because all domain names end at the root, which has a\r\nnull string for a label, these internal representations can use a length\r\nbyte of zero to terminate a domain name.\r\n\r\nBy convention, domain names can be stored with arbitrary case, but\r\ndomain name comparisons for all present domain functions are done in a\r\ncase-insensitive manner, assuming an ASCII character set, and a high\r\norder zero bit.  This means that you are free to create a node with\r\nlabel \"A\" or a node with label \"a\", but not both as brothers; you could\r\nrefer to either using \"a\" or \"A\".  When you receive a domain name or\r\n\r\n\r\n\r\nMockapetris                                                     [Page 7]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\nlabel, you should preserve its case.  The rationale for this choice is\r\nthat we may someday need to add full binary domain names for new\r\nservices; existing services would not be changed.\r\n\r\nWhen a user needs to type a domain name, the length of each label is\r\nomitted and the labels are separated by dots (\".\").  Since a complete\r\ndomain name ends with the root label, this leads to a printed form which\r\nends in a dot.  We use this property to distinguish between:\r\n\r\n   - a character string which represents a complete domain name\r\n     (often called \"absolute\").  For example, \"poneria.ISI.EDU.\"\r\n\r\n   - a character string that represents the starting labels of a\r\n     domain name which is incomplete, and should be completed by\r\n     local software using knowledge of the local domain (often\r\n     called \"relative\").  For example, \"poneria\" used in the\r\n     ISI.EDU domain.\r\n\r\nRelative names are either taken relative to a well known origin, or to a\r\nlist of domains used as a search list.  Relative names appear mostly at\r\nthe user interface, where their interpretation varies from\r\nimplementation to implementation, and in master files, where they are\r\nrelative to a single origin domain name.  The most common interpretation\r\nuses the root \".\" as either the single origin or as one of the members\r\nof the search list, so a multi-label relative name is often one where\r\nthe trailing dot has been omitted to save typing.\r\n\r\nTo simplify implementations, the total number of octets that represent a\r\ndomain name (i.e., the sum of all label octets and label lengths) is\r\nlimited to 255.\r\n\r\nA domain is identified by a domain name, and consists of that part of\r\nthe domain name space that is at or below the domain name which\r\nspecifies the domain.  A domain is a subdomain of another domain if it\r\nis contained within that domain.  This relationship can be tested by\r\nseeing if the subdomain's name ends with the containing domain's name.\r\nFor example, A.B.C.D is a subdomain of B.C.D, C.D, D, and \" \".\r\n\r\n<\/pre>\n
3.2<\/a>. Administrative guidelines on use<\/h3>\n
As a matter of policy, the DNS technical specifications do not mandate a\r\nparticular tree structure or rules for selecting labels; its goal is to\r\nbe as general as possible, so that it can be used to build arbitrary\r\napplications.  In particular, the system was designed so that the name\r\nspace did not have to be organized along the lines of network\r\nboundaries, name servers, etc.  The rationale for this is not that the\r\nname space should have no implied semantics, but rather that the choice\r\nof implied semantics should be left open to be used for the problem at\r\n\r\n\r\n\r\nMockapetris                                                     [Page 8]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\nhand, and that different parts of the tree can have different implied\r\nsemantics.  For example, the IN-ADDR.ARPA domain is organized and\r\ndistributed by network and host address because its role is to translate\r\nfrom network or host numbers to names; NetBIOS domains [RFC-1001, RFC-\r\n1002] are flat because that is appropriate for that application.\r\n\r\nHowever, there are some guidelines that apply to the \"normal\" parts of\r\nthe name space used for hosts, mailboxes, etc., that will make the name\r\nspace more uniform, provide for growth, and minimize problems as\r\nsoftware is converted from the older host table.  The political\r\ndecisions about the top levels of the tree originated in RFC-920<\/a>.\r\nCurrent policy for the top levels is discussed in [RFC-1032<\/a>].  MILNET\r\nconversion issues are covered in [RFC-1031<\/a>].\r\n\r\nLower domains which will eventually be broken into multiple zones should\r\nprovide branching at the top of the domain so that the eventual\r\ndecomposition can be done without renaming.  Node labels which use\r\nspecial characters, leading digits, etc., are likely to break older\r\nsoftware which depends on more restrictive choices.\r\n\r\n<\/pre>\n
3.3<\/a>. Technical guidelines on use<\/h3>\n
Before the DNS can be used to hold naming information for some kind of\r\nobject, two needs must be met:\r\n\r\n   - A convention for mapping between object names and domain\r\n     names.  This describes how information about an object is\r\n     accessed.\r\n\r\n   - RR types and data formats for describing the object.\r\n\r\nThese rules can be quite simple or fairly complex.  Very often, the\r\ndesigner must take into account existing formats and plan for upward\r\ncompatibility for existing usage.  Multiple mappings or levels of\r\nmapping may be required.\r\n\r\nFor hosts, the mapping depends on the existing syntax for host names\r\nwhich is a subset of the usual text representation for domain names,\r\ntogether with RR formats for describing host addresses, etc.  Because we\r\nneed a reliable inverse mapping from address to host name, a special\r\nmapping for addresses into the IN-ADDR.ARPA domain is also defined.\r\n\r\nFor mailboxes, the mapping is slightly more complex.  The usual mail\r\naddress <local-part>@<mail-domain> is mapped into a domain name by\r\nconverting <local-part> into a single label (regardles of dots it\r\ncontains), converting <mail-domain> into a domain name using the usual\r\ntext format for domain names (dots denote label breaks), and\r\nconcatenating the two to form a single domain name.  Thus the mailbox\r\n\r\n\r\n\r\nMockapetris                                                     [Page 9]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\nHOSTMASTER@SRI-NIC.ARPA is represented as a domain name by\r\nHOSTMASTER.SRI-NIC.ARPA.  An appreciation for the reasons behind this\r\ndesign also must take into account the scheme for mail exchanges [RFC-\r\n974].\r\n\r\nThe typical user is not concerned with defining these rules, but should\r\nunderstand that they usually are the result of numerous compromises\r\nbetween desires for upward compatibility with old usage, interactions\r\nbetween different object definitions, and the inevitable urge to add new\r\nfeatures when defining the rules.  The way the DNS is used to support\r\nsome object is often more crucial than the restrictions inherent in the\r\nDNS.\r\n\r\n<\/pre>\n
3.4<\/a>. Example name space<\/h3>\n
The following figure shows a part of the current domain name space, and\r\nis used in many examples in this RFC.  Note that the tree is a very\r\nsmall subset of the actual name space.\r\n\r\n                                   |\r\n                                   |\r\n             +---------------------+------------------+\r\n             |                     |                  |\r\n            MIL                   EDU                ARPA\r\n             |                     |                  |\r\n             |                     |                  |\r\n       +-----+-----+               |     +------+-----+-----+\r\n       |     |     |               |     |      |           |\r\n      BRL  NOSC  DARPA             |  IN-ADDR  SRI-NIC     ACC\r\n                                   |\r\n       +--------+------------------+---------------+--------+\r\n       |        |                  |               |        |\r\n      UCI      MIT                 |              UDEL     YALE\r\n                |                 ISI\r\n                |                  |\r\n            +---+---+              |\r\n            |       |              |\r\n           LCS  ACHILLES  +--+-----+-----+--------+\r\n            |             |  |     |     |        |\r\n            XX            A  C   VAXA  VENERA Mockapetris\r\n\r\nIn this example, the root domain has three immediate subdomains: MIL,\r\nEDU, and ARPA.  The LCS.MIT.EDU domain has one immediate subdomain named\r\nXX.LCS.MIT.EDU.  All of the leaves are also domains.\r\n\r\n<\/pre>\n
3.5<\/a>. Preferred name syntax<\/h3>\n
The DNS specifications attempt to be as general as possible in the rules\r\n\r\n\r\n\r\nMockapetris                                                    [Page 10]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\nfor constructing domain names.  The idea is that the name of any\r\nexisting object can be expressed as a domain name with minimal changes.\r\nHowever, when assigning a domain name for an object, the prudent user\r\nwill select a name which satisfies both the rules of the domain system\r\nand any existing rules for the object, whether these rules are published\r\nor implied by existing programs.\r\n\r\nFor example, when naming a mail domain, the user should satisfy both the\r\nrules of this memo and those in RFC-822<\/a>.  When creating a new host name,\r\nthe old rules for HOSTS.TXT should be followed.  This avoids problems\r\nwhen old software is converted to use domain names.\r\n\r\nThe following syntax will result in fewer problems with many\r\napplications that use domain names (e.g., mail, TELNET).\r\n\r\n<domain> ::= <subdomain> | \" \"\r\n\r\n<subdomain> ::= <label> | <subdomain> \".\" <label>\r\n\r\n<label> ::= <letter> [ [ <ldh-str> ] <let-dig> ]\r\n\r\n<ldh-str> ::= <let-dig-hyp> | <let-dig-hyp> <ldh-str>\r\n\r\n<let-dig-hyp> ::= <let-dig> | \"-\"\r\n\r\n<let-dig> ::= <letter> | <digit>\r\n\r\n<letter> ::= any one of the 52 alphabetic characters A through Z in\r\nupper case and a through z in lower case\r\n\r\n<digit> ::= any one of the ten digits 0 through 9\r\n\r\nNote that while upper and lower case letters are allowed in domain\r\nnames, no significance is attached to the case.  That is, two names with\r\nthe same spelling but different case are to be treated as if identical.\r\n\r\nThe labels must follow the rules for ARPANET host names.  They must\r\nstart with a letter, end with a letter or digit, and have as interior\r\ncharacters only letters, digits, and hyphen.  There are also some\r\nrestrictions on the length.  Labels must be 63 characters or less.\r\n\r\nFor example, the following strings identify hosts in the Internet:\r\n\r\nA.ISI.EDU  XX.LCS.MIT.EDU  SRI-NIC.ARPA\r\n\r\n<\/pre>\n
3.6<\/a>. Resource Records<\/h3>\n
A domain name identifies a node.  Each node has a set of resource\r\n\r\n\r\n\r\nMockapetris                                                    [Page 11]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\ninformation, which may be empty.  The set of resource information\r\nassociated with a particular name is composed of separate resource\r\nrecords (RRs).  The order of RRs in a set is not significant, and need\r\nnot be preserved by name servers, resolvers, or other parts of the DNS.\r\n\r\nWhen we talk about a specific RR, we assume it has the following:\r\n\r\nowner           which is the domain name where the RR is found.\r\n\r\ntype            which is an encoded 16 bit value that specifies the type\r\n                of the resource in this resource record.  Types refer to\r\n                abstract resources.\r\n\r\n                This memo uses the following types:\r\n\r\n                A               a host address\r\n\r\n                CNAME           identifies the canonical name of an\r\n                                alias\r\n\r\n                HINFO           identifies the CPU and OS used by a host\r\n\r\n                MX              identifies a mail exchange for the\r\n                                domain.  See [RFC-974 for details.\r\n\r\n                NS\r\n                the authoritative name server for the domain\r\n\r\n                PTR\r\n                a pointer to another part of the domain name space\r\n\r\n                SOA\r\n                identifies the start of a zone of authority]\r\n\r\nclass           which is an encoded 16 bit value which identifies a\r\n                protocol family or instance of a protocol.\r\n\r\n                This memo uses the following classes:\r\n\r\n                IN              the Internet system\r\n\r\n                CH              the Chaos system\r\n\r\nTTL             which is the time to live of the RR.  This field is a 32\r\n                bit integer in units of seconds, an is primarily used by\r\n                resolvers when they cache RRs.  The TTL describes how\r\n                long a RR can be cached before it should be discarded.\r\n\r\n\r\n\r\n\r\nMockapetris                                                    [Page 12]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\nRDATA           which is the type and sometimes class dependent data\r\n                which describes the resource:\r\n\r\n                A               For the IN class, a 32 bit IP address\r\n\r\n                                For the CH class, a domain name followed\r\n                                by a 16 bit octal Chaos address.\r\n\r\n                CNAME           a domain name.\r\n\r\n                MX              a 16 bit preference value (lower is\r\n                                better) followed by a host name willing\r\n                                to act as a mail exchange for the owner\r\n                                domain.\r\n\r\n                NS              a host name.\r\n\r\n                PTR             a domain name.\r\n\r\n                SOA             several fields.\r\n\r\nThe owner name is often implicit, rather than forming an integral part\r\nof the RR.  For example, many name servers internally form tree or hash\r\nstructures for the name space, and chain RRs off nodes.  The remaining\r\nRR parts are the fixed header (type, class, TTL) which is consistent for\r\nall RRs, and a variable part (RDATA) that fits the needs of the resource\r\nbeing described.\r\n\r\nThe meaning of the TTL field is a time limit on how long an RR can be\r\nkept in a cache.  This limit does not apply to authoritative data in\r\nzones; it is also timed out, but by the refreshing policies for the\r\nzone.  The TTL is assigned by the administrator for the zone where the\r\ndata originates.  While short TTLs can be used to minimize caching, and\r\na zero TTL prohibits caching, the realities of Internet performance\r\nsuggest that these times should be on the order of days for the typical\r\nhost.  If a change can be anticipated, the TTL can be reduced prior to\r\nthe change to minimize inconsistency during the change, and then\r\nincreased back to its former value following the change.\r\n\r\nThe data in the RDATA section of RRs is carried as a combination of\r\nbinary strings and domain names.  The domain names are frequently used\r\nas \"pointers\" to other data in the DNS.\r\n\r\n<\/pre>\n
3.6.1<\/a>. Textual expression of RRs<\/h4>\n
RRs are represented in binary form in the packets of the DNS protocol,\r\nand are usually represented in highly encoded form when stored in a name\r\nserver or resolver.  In this memo, we adopt a style similar to that used\r\n\r\n\r\n\r\nMockapetris                                                    [Page 13]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\nin master files in order to show the contents of RRs.  In this format,\r\nmost RRs are shown on a single line, although continuation lines are\r\npossible using parentheses.\r\n\r\nThe start of the line gives the owner of the RR.  If a line begins with\r\na blank, then the owner is assumed to be the same as that of the\r\nprevious RR.  Blank lines are often included for readability.\r\n\r\nFollowing the owner, we list the TTL, type, and class of the RR.  Class\r\nand type use the mnemonics defined above, and TTL is an integer before\r\nthe type field.  In order to avoid ambiguity in parsing, type and class\r\nmnemonics are disjoint, TTLs are integers, and the type mnemonic is\r\nalways last. The IN class and TTL values are often omitted from examples\r\nin the interests of clarity.\r\n\r\nThe resource data or RDATA section of the RR are given using knowledge\r\nof the typical representation for the data.\r\n\r\nFor example, we might show the RRs carried in a message as:\r\n\r\n    ISI.EDU.        MX      10 VENERA.ISI.EDU.\r\n                    MX      10 VAXA.ISI.EDU.\r\n    VENERA.ISI.EDU. A       128.9.0.32\r\n                    A       10.1.0.52\r\n    VAXA.ISI.EDU.   A       10.2.0.27\r\n                    A       128.9.0.33\r\n\r\nThe MX RRs have an RDATA section which consists of a 16 bit number\r\nfollowed by a domain name.  The address RRs use a standard IP address\r\nformat to contain a 32 bit internet address.\r\n\r\nThis example shows six RRs, with two RRs at each of three domain names.\r\n\r\nSimilarly we might see:\r\n\r\n    XX.LCS.MIT.EDU. IN      A       10.0.0.44\r\n                    CH      A       MIT.EDU. 2420\r\n\r\nThis example shows two addresses for XX.LCS.MIT.EDU, each of a different\r\nclass.\r\n\r\n<\/pre>\n
3.6.2<\/a>. Aliases and canonical names<\/h4>\n
In existing systems, hosts and other resources often have several names\r\nthat identify the same resource.  For example, the names C.ISI.EDU and\r\nUSC-ISIC.ARPA both identify the same host.  Similarly, in the case of\r\nmailboxes, many organizations provide many names that actually go to the\r\nsame mailbox; for example Mockapetris@C.ISI.EDU, Mockapetris@B.ISI.EDU,\r\n\r\n\r\n\r\nMockapetris                                                    [Page 14]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\nand PVM@ISI.EDU all go to the same mailbox (although the mechanism\r\nbehind this is somewhat complicated).\r\n\r\nMost of these systems have a notion that one of the equivalent set of\r\nnames is the canonical or primary name and all others are aliases.\r\n\r\nThe domain system provides such a feature using the canonical name\r\n(CNAME) RR.  A CNAME RR identifies its owner name as an alias, and\r\nspecifies the corresponding canonical name in the RDATA section of the\r\nRR.  If a CNAME RR is present at a node, no other data should be\r\npresent; this ensures that the data for a canonical name and its aliases\r\ncannot be different.  This rule also insures that a cached CNAME can be\r\nused without checking with an authoritative server for other RR types.\r\n\r\nCNAME RRs cause special action in DNS software.  When a name server\r\nfails to find a desired RR in the resource set associated with the\r\ndomain name, it checks to see if the resource set consists of a CNAME\r\nrecord with a matching class.  If so, the name server includes the CNAME\r\nrecord in the response and restarts the query at the domain name\r\nspecified in the data field of the CNAME record.  The one exception to\r\nthis rule is that queries which match the CNAME type are not restarted.\r\n\r\nFor example, suppose a name server was processing a query with for USC-\r\nISIC.ARPA, asking for type A information, and had the following resource\r\nrecords:\r\n\r\n    USC-ISIC.ARPA   IN      CNAME   C.ISI.EDU\r\n\r\n    C.ISI.EDU       IN      A       10.0.0.52\r\n\r\nBoth of these RRs would be returned in the response to the type A query,\r\nwhile a type CNAME or * query should return just the CNAME.\r\n\r\nDomain names in RRs which point at another name should always point at\r\nthe primary name and not the alias.  This avoids extra indirections in\r\naccessing information.  For example, the address to name RR for the\r\nabove host should be:\r\n\r\n    52.0.0.10.IN-ADDR.ARPA  IN      PTR     C.ISI.EDU\r\n\r\nrather than pointing at USC-ISIC.ARPA.  Of course, by the robustness\r\nprinciple, domain software should not fail when presented with CNAME\r\nchains or loops; CNAME chains should be followed and CNAME loops\r\nsignalled as an error.\r\n\r\n<\/pre>\n
3.7<\/a>. Queries<\/h3>\n
Queries are messages which may be sent to a name server to provoke a\r\n\r\n\r\n\r\nMockapetris                                                    [Page 15]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\nresponse.  In the Internet, queries are carried in UDP datagrams or over\r\nTCP connections.  The response by the name server either answers the\r\nquestion posed in the query, refers the requester to another set of name\r\nservers, or signals some error condition.\r\n\r\nIn general, the user does not generate queries directly, but instead\r\nmakes a request to a resolver which in turn sends one or more queries to\r\nname servers and deals with the error conditions and referrals that may\r\nresult.  Of course, the possible questions which can be asked in a query\r\ndoes shape the kind of service a resolver can provide.\r\n\r\nDNS queries and responses are carried in a standard message format.  The\r\nmessage format has a header containing a number of fixed fields which\r\nare always present, and four sections which carry query parameters and\r\nRRs.\r\n\r\nThe most important field in the header is a four bit field called an\r\nopcode which separates different queries.  Of the possible 16 values,\r\none (standard query) is part of the official protocol, two (inverse\r\nquery and status query) are options, one (completion) is obsolete, and\r\nthe rest are unassigned.\r\n\r\nThe four sections are:\r\n\r\nQuestion        Carries the query name and other query parameters.\r\n\r\nAnswer          Carries RRs which directly answer the query.\r\n\r\nAuthority       Carries RRs which describe other authoritative servers.\r\n                May optionally carry the SOA RR for the authoritative\r\n                data in the answer section.\r\n\r\nAdditional      Carries RRs which may be helpful in using the RRs in the\r\n                other sections.\r\n\r\nNote that the content, but not the format, of these sections varies with\r\nheader opcode.\r\n\r\n<\/pre>\n
3.7.1<\/a>. Standard queries<\/h4>\n
A standard query specifies a target domain name (QNAME), query type\r\n(QTYPE), and query class (QCLASS) and asks for RRs which match.  This\r\ntype of query makes up such a vast majority of DNS queries that we use\r\nthe term \"query\" to mean standard query unless otherwise specified.  The\r\nQTYPE and QCLASS fields are each 16 bits long, and are a superset of\r\ndefined types and classes.\r\n\r\n\r\n\r\n\r\n\r\nMockapetris                                                    [Page 16]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\nThe QTYPE field may contain:\r\n\r\n<any type>      matches just that type. (e.g., A, PTR).\r\n\r\nAXFR            special zone transfer QTYPE.\r\n\r\nMAILB           matches all mail box related RRs (e.g. MB and MG).\r\n\r\n*               matches all RR types.\r\n\r\nThe QCLASS field may contain:\r\n\r\n<any class>     matches just that class (e.g., IN, CH).\r\n\r\n*               matches aLL RR classes.\r\n\r\nUsing the query domain name, QTYPE, and QCLASS, the name server looks\r\nfor matching RRs.  In addition to relevant records, the name server may\r\nreturn RRs that point toward a name server that has the desired\r\ninformation or RRs that are expected to be useful in interpreting the\r\nrelevant RRs.  For example, a name server that doesn't have the\r\nrequested information may know a name server that does; a name server\r\nthat returns a domain name in a relevant RR may also return the RR that\r\nbinds that domain name to an address.\r\n\r\nFor example, a mailer tying to send mail to Mockapetris@ISI.EDU might\r\nask the resolver for mail information about ISI.EDU, resulting in a\r\nquery for QNAME=ISI.EDU, QTYPE=MX, QCLASS=IN.  The response's answer\r\nsection would be:\r\n\r\n    ISI.EDU.        MX      10 VENERA.ISI.EDU.\r\n                    MX      10 VAXA.ISI.EDU.\r\n\r\nwhile the additional section might be:\r\n\r\n    VAXA.ISI.EDU.   A       10.2.0.27\r\n                    A       128.9.0.33\r\n    VENERA.ISI.EDU. A       10.1.0.52\r\n                    A       128.9.0.32\r\n\r\nBecause the server assumes that if the requester wants mail exchange\r\ninformation, it will probably want the addresses of the mail exchanges\r\nsoon afterward.\r\n\r\nNote that the QCLASS=* construct requires special interpretation\r\nregarding authority.  Since a particular name server may not know all of\r\nthe classes available in the domain system, it can never know if it is\r\nauthoritative for all classes.  Hence responses to QCLASS=* queries can\r\n\r\n\r\n\r\nMockapetris                                                    [Page 17]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\nnever be authoritative.\r\n\r\n<\/pre>\n
3.7.2<\/a>. Inverse queries (Optional)<\/h4>\n
Name servers may also support inverse queries that map a particular\r\nresource to a domain name or domain names that have that resource.  For\r\nexample, while a standard query might map a domain name to a SOA RR, the\r\ncorresponding inverse query might map the SOA RR back to the domain\r\nname.\r\n\r\nImplementation of this service is optional in a name server, but all\r\nname servers must at least be able to understand an inverse query\r\nmessage and return a not-implemented error response.\r\n\r\nThe domain system cannot guarantee the completeness or uniqueness of\r\ninverse queries because the domain system is organized by domain name\r\nrather than by host address or any other resource type.  Inverse queries\r\nare primarily useful for debugging and database maintenance activities.\r\n\r\nInverse queries may not return the proper TTL, and do not indicate cases\r\nwhere the identified RR is one of a set (for example, one address for a\r\nhost having multiple addresses).  Therefore, the RRs returned in inverse\r\nqueries should never be cached.\r\n\r\nInverse queries are NOT an acceptable method for mapping host addresses\r\nto host names; use the IN-ADDR.ARPA domain instead.\r\n\r\nA detailed discussion of inverse queries is contained in [RFC-1035<\/a>].\r\n\r\n<\/pre>\n
3.8<\/a>. Status queries (Experimental)<\/h3>\n
To be defined.\r\n\r\n<\/pre>\n
3.9<\/a>. Completion queries (Obsolete)<\/h3>\n
The optional completion services described in RFCs 882 and 883 have been\r\ndeleted.  Redesigned services may become available in the future, or the\r\nopcodes may be reclaimed for other use.\r\n\r\n<\/pre>\n
4<\/a>. NAME SERVERS<\/h2>\n
<\/pre>\n
4.1<\/a>. Introduction<\/h3>\n
Name servers are the repositories of information that make up the domain\r\ndatabase.  The database is divided up into sections called zones, which\r\nare distributed among the name servers.  While name servers can have\r\nseveral optional functions and sources of data, the essential task of a\r\nname server is to answer queries using data in its zones.  By design,\r\n\r\n\r\n\r\nMockapetris                                                    [Page 18]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\nname servers can answer queries in a simple manner; the response can\r\nalways be generated using only local data, and either contains the\r\nanswer to the question or a referral to other name servers \"closer\" to\r\nthe desired information.\r\n\r\nA given zone will be available from several name servers to insure its\r\navailability in spite of host or communication link failure.  By\r\nadministrative fiat, we require every zone to be available on at least\r\ntwo servers, and many zones have more redundancy than that.\r\n\r\nA given name server will typically support one or more zones, but this\r\ngives it authoritative information about only a small section of the\r\ndomain tree.  It may also have some cached non-authoritative data about\r\nother parts of the tree.  The name server marks its responses to queries\r\nso that the requester can tell whether the response comes from\r\nauthoritative data or not.\r\n\r\n<\/pre>\n
4.2<\/a>. How the database is divided into zones<\/h3>\n
The domain database is partitioned in two ways: by class, and by \"cuts\"\r\nmade in the name space between nodes.\r\n\r\nThe class partition is simple.  The database for any class is organized,\r\ndelegated, and maintained separately from all other classes.  Since, by\r\nconvention, the name spaces are the same for all classes, the separate\r\nclasses can be thought of as an array of parallel namespace trees.  Note\r\nthat the data attached to nodes will be different for these different\r\nparallel classes.  The most common reasons for creating a new class are\r\nthe necessity for a new data format for existing types or a desire for a\r\nseparately managed version of the existing name space.\r\n\r\nWithin a class, \"cuts\" in the name space can be made between any two\r\nadjacent nodes.  After all cuts are made, each group of connected name\r\nspace is a separate zone.  The zone is said to be authoritative for all\r\nnames in the connected region.  Note that the \"cuts\" in the name space\r\nmay be in different places for different classes, the name servers may\r\nbe different, etc.\r\n\r\nThese rules mean that every zone has at least one node, and hence domain\r\nname, for which it is authoritative, and all of the nodes in a\r\nparticular zone are connected.  Given, the tree structure, every zone\r\nhas a highest node which is closer to the root than any other node in\r\nthe zone.  The name of this node is often used to identify the zone.\r\n\r\nIt would be possible, though not particularly useful, to partition the\r\nname space so that each domain name was in a separate zone or so that\r\nall nodes were in a single zone.  Instead, the database is partitioned\r\nat points where a particular organization wants to take over control of\r\n\r\n\r\n\r\nMockapetris                                                    [Page 19]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\na subtree.  Once an organization controls its own zone it can\r\nunilaterally change the data in the zone, grow new tree sections\r\nconnected to the zone, delete existing nodes, or delegate new subzones\r\nunder its zone.\r\n\r\nIf the organization has substructure, it may want to make further\r\ninternal partitions to achieve nested delegations of name space control.\r\nIn some cases, such divisions are made purely to make database\r\nmaintenance more convenient.\r\n\r\n<\/pre>\n
4.2.1<\/a>. Technical considerations<\/h4>\n
The data that describes a zone has four major parts:\r\n\r\n   - Authoritative data for all nodes within the zone.\r\n\r\n   - Data that defines the top node of the zone (can be thought of\r\n     as part of the authoritative data).\r\n\r\n   - Data that describes delegated subzones, i.e., cuts around the\r\n     bottom of the zone.\r\n\r\n   - Data that allows access to name servers for subzones\r\n     (sometimes called \"glue\" data).\r\n\r\nAll of this data is expressed in the form of RRs, so a zone can be\r\ncompletely described in terms of a set of RRs.  Whole zones can be\r\ntransferred between name servers by transferring the RRs, either carried\r\nin a series of messages or by FTPing a master file which is a textual\r\nrepresentation.\r\n\r\nThe authoritative data for a zone is simply all of the RRs attached to\r\nall of the nodes from the top node of the zone down to leaf nodes or\r\nnodes above cuts around the bottom edge of the zone.\r\n\r\nThough logically part of the authoritative data, the RRs that describe\r\nthe top node of the zone are especially important to the zone's\r\nmanagement.  These RRs are of two types: name server RRs that list, one\r\nper RR, all of the servers for the zone, and a single SOA RR that\r\ndescribes zone management parameters.\r\n\r\nThe RRs that describe cuts around the bottom of the zone are NS RRs that\r\nname the servers for the subzones.  Since the cuts are between nodes,\r\nthese RRs are NOT part of the authoritative data of the zone, and should\r\nbe exactly the same as the corresponding RRs in the top node of the\r\nsubzone.  Since name servers are always associated with zone boundaries,\r\nNS RRs are only found at nodes which are the top node of some zone.  In\r\nthe data that makes up a zone, NS RRs are found at the top node of the\r\n\r\n\r\n\r\nMockapetris                                                    [Page 20]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\nzone (and are authoritative) and at cuts around the bottom of the zone\r\n(where they are not authoritative), but never in between.\r\n\r\nOne of the goals of the zone structure is that any zone have all the\r\ndata required to set up communications with the name servers for any\r\nsubzones.  That is, parent zones have all the information needed to\r\naccess servers for their children zones.  The NS RRs that name the\r\nservers for subzones are often not enough for this task since they name\r\nthe servers, but do not give their addresses.  In particular, if the\r\nname of the name server is itself in the subzone, we could be faced with\r\nthe situation where the NS RRs tell us that in order to learn a name\r\nserver's address, we should contact the server using the address we wish\r\nto learn.  To fix this problem, a zone contains \"glue\" RRs which are not\r\npart of the authoritative data, and are address RRs for the servers.\r\nThese RRs are only necessary if the name server's name is \"below\" the\r\ncut, and are only used as part of a referral response.\r\n\r\n<\/pre>\n
4.2.2<\/a>. Administrative considerations<\/h4>\n
When some organization wants to control its own domain, the first step\r\nis to identify the proper parent zone, and get the parent zone's owners\r\nto agree to the delegation of control.  While there are no particular\r\ntechnical constraints dealing with where in the tree this can be done,\r\nthere are some administrative groupings discussed in [RFC-1032<\/a>] which\r\ndeal with top level organization, and middle level zones are free to\r\ncreate their own rules.  For example, one university might choose to use\r\na single zone, while another might choose to organize by subzones\r\ndedicated to individual departments or schools.  [RFC-1033<\/a>] catalogs\r\navailable DNS software an discusses administration procedures.\r\n\r\nOnce the proper name for the new subzone is selected, the new owners\r\nshould be required to demonstrate redundant name server support.  Note\r\nthat there is no requirement that the servers for a zone reside in a\r\nhost which has a name in that domain.  In many cases, a zone will be\r\nmore accessible to the internet at large if its servers are widely\r\ndistributed rather than being within the physical facilities controlled\r\nby the same organization that manages the zone.  For example, in the\r\ncurrent DNS, one of the name servers for the United Kingdom, or UK\r\ndomain, is found in the US.  This allows US hosts to get UK data without\r\nusing limited transatlantic bandwidth.\r\n\r\nAs the last installation step, the delegation NS RRs and glue RRs\r\nnecessary to make the delegation effective should be added to the parent\r\nzone.  The administrators of both zones should insure that the NS and\r\nglue RRs which mark both sides of the cut are consistent and remain so.\r\n\r\n<\/pre>\n
4.3<\/a>. Name server internals<\/h3>\n
\r\n\r\n\r\nMockapetris                                                    [Page 21]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\n<\/pre>\n
4.3.1<\/a>. Queries and responses<\/h4>\n
The principal activity of name servers is to answer standard queries.\r\nBoth the query and its response are carried in a standard message format\r\nwhich is described in [RFC-1035<\/a>].  The query contains a QTYPE, QCLASS,\r\nand QNAME, which describe the types and classes of desired information\r\nand the name of interest.\r\n\r\nThe way that the name server answers the query depends upon whether it\r\nis operating in recursive mode or not:\r\n\r\n   - The simplest mode for the server is non-recursive, since it\r\n     can answer queries using only local information: the response\r\n     contains an error, the answer, or a referral to some other\r\n     server \"closer\" to the answer.  All name servers must\r\n     implement non-recursive queries.\r\n\r\n   - The simplest mode for the client is recursive, since in this\r\n     mode the name server acts in the role of a resolver and\r\n     returns either an error or the answer, but never referrals.\r\n     This service is optional in a name server, and the name server\r\n     may also choose to restrict the clients which can use\r\n     recursive mode.\r\n\r\nRecursive service is helpful in several situations:\r\n\r\n   - a relatively simple requester that lacks the ability to use\r\n     anything other than a direct answer to the question.\r\n\r\n   - a request that needs to cross protocol or other boundaries and\r\n     can be sent to a server which can act as intermediary.\r\n\r\n   - a network where we want to concentrate the cache rather than\r\n     having a separate cache for each client.\r\n\r\nNon-recursive service is appropriate if the requester is capable of\r\npursuing referrals and interested in information which will aid future\r\nrequests.\r\n\r\nThe use of recursive mode is limited to cases where both the client and\r\nthe name server agree to its use.  The agreement is negotiated through\r\nthe use of two bits in query and response messages:\r\n\r\n   - The recursion available, or RA bit, is set or cleared by a\r\n     name server in all responses.  The bit is true if the name\r\n     server is willing to provide recursive service for the client,\r\n     regardless of whether the client requested recursive service.\r\n     That is, RA signals availability rather than use.\r\n\r\n\r\n\r\nMockapetris                                                    [Page 22]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\n   - Queries contain a bit called recursion desired or RD.  This\r\n     bit specifies specifies whether the requester wants recursive\r\n     service for this query.  Clients may request recursive service\r\n     from any name server, though they should depend upon receiving\r\n     it only from servers which have previously sent an RA, or\r\n     servers which have agreed to provide service through private\r\n     agreement or some other means outside of the DNS protocol.\r\n\r\nThe recursive mode occurs when a query with RD set arrives at a server\r\nwhich is willing to provide recursive service; the client can verify\r\nthat recursive mode was used by checking that both RA and RD are set in\r\nthe reply.  Note that the name server should never perform recursive\r\nservice unless asked via RD, since this interferes with trouble shooting\r\nof name servers and their databases.\r\n\r\nIf recursive service is requested and available, the recursive response\r\nto a query will be one of the following:\r\n\r\n   - The answer to the query, possibly preface by one or more CNAME\r\n     RRs that specify aliases encountered on the way to an answer.\r\n\r\n   - A name error indicating that the name does not exist.  This\r\n     may include CNAME RRs that indicate that the original query\r\n     name was an alias for a name which does not exist.\r\n\r\n   - A temporary error indication.\r\n\r\nIf recursive service is not requested or is not available, the non-\r\nrecursive response will be one of the following:\r\n\r\n   - An authoritative name error indicating that the name does not\r\n     exist.\r\n\r\n   - A temporary error indication.\r\n\r\n   - Some combination of:\r\n\r\n     RRs that answer the question, together with an indication\r\n     whether the data comes from a zone or is cached.\r\n\r\n     A referral to name servers which have zones which are closer\r\n     ancestors to the name than the server sending the reply.\r\n\r\n   - RRs that the name server thinks will prove useful to the\r\n     requester.\r\n\r\n\r\n\r\n\r\n\r\n\r\nMockapetris                                                    [Page 23]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\n<\/pre>\n
4.3.2<\/a>. Algorithm<\/h4>\n
The actual algorithm used by the name server will depend on the local OS\r\nand data structures used to store RRs.  The following algorithm assumes\r\nthat the RRs are organized in several tree structures, one for each\r\nzone, and another for the cache:\r\n\r\n   1. Set or clear the value of recursion available in the response\r\n      depending on whether the name server is willing to provide\r\n      recursive service.  If recursive service is available and\r\n      requested via the RD bit in the query, go to step 5,\r\n      otherwise step 2.\r\n\r\n   2. Search the available zones for the zone which is the nearest\r\n      ancestor to QNAME.  If such a zone is found, go to step 3,\r\n      otherwise step 4.\r\n\r\n   3. Start matching down, label by label, in the zone.  The\r\n      matching process can terminate several ways:\r\n\r\n         a. If the whole of QNAME is matched, we have found the\r\n            node.\r\n\r\n            If the data at the node is a CNAME, and QTYPE doesn't\r\n            match CNAME, copy the CNAME RR into the answer section\r\n            of the response, change QNAME to the canonical name in\r\n            the CNAME RR, and go back to step 1.\r\n\r\n            Otherwise, copy all RRs which match QTYPE into the\r\n            answer section and go to step 6.\r\n\r\n         b. If a match would take us out of the authoritative data,\r\n            we have a referral.  This happens when we encounter a\r\n            node with NS RRs marking cuts along the bottom of a\r\n            zone.\r\n\r\n            Copy the NS RRs for the subzone into the authority\r\n            section of the reply.  Put whatever addresses are\r\n            available into the additional section, using glue RRs\r\n            if the addresses are not available from authoritative\r\n            data or the cache.  Go to step 4.\r\n\r\n         c. If at some label, a match is impossible (i.e., the\r\n            corresponding label does not exist), look to see if a\r\n            the \"*\" label exists.\r\n\r\n            If the \"*\" label does not exist, check whether the name\r\n            we are looking for is the original QNAME in the query\r\n\r\n\r\n\r\nMockapetris                                                    [Page 24]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\n            or a name we have followed due to a CNAME.  If the name\r\n            is original, set an authoritative name error in the\r\n            response and exit.  Otherwise just exit.\r\n\r\n            If the \"*\" label does exist, match RRs at that node\r\n            against QTYPE.  If any match, copy them into the answer\r\n            section, but set the owner of the RR to be QNAME, and\r\n            not the node with the \"*\" label.  Go to step 6.\r\n\r\n   4. Start matching down in the cache.  If QNAME is found in the\r\n      cache, copy all RRs attached to it that match QTYPE into the\r\n      answer section.  If there was no delegation from\r\n      authoritative data, look for the best one from the cache, and\r\n      put it in the authority section.  Go to step 6.\r\n\r\n   5. Using the local resolver or a copy of its algorithm (see\r\n      resolver section of this memo) to answer the query.  Store\r\n      the results, including any intermediate CNAMEs, in the answer\r\n      section of the response.\r\n\r\n   6. Using local data only, attempt to add other RRs which may be\r\n      useful to the additional section of the query.  Exit.\r\n\r\n<\/pre>\n
4.3.3<\/a>. Wildcards<\/h4>\n
In the previous algorithm, special treatment was given to RRs with owner\r\nnames starting with the label \"*\".  Such RRs are called wildcards.\r\nWildcard RRs can be thought of as instructions for synthesizing RRs.\r\nWhen the appropriate conditions are met, the name server creates RRs\r\nwith an owner name equal to the query name and contents taken from the\r\nwildcard RRs.\r\n\r\nThis facility is most often used to create a zone which will be used to\r\nforward mail from the Internet to some other mail system.  The general\r\nidea is that any name in that zone which is presented to server in a\r\nquery will be assumed to exist, with certain properties, unless explicit\r\nevidence exists to the contrary.  Note that the use of the term zone\r\nhere, instead of domain, is intentional; such defaults do not propagate\r\nacross zone boundaries, although a subzone may choose to achieve that\r\nappearance by setting up similar defaults.\r\n\r\nThe contents of the wildcard RRs follows the usual rules and formats for\r\nRRs.  The wildcards in the zone have an owner name that controls the\r\nquery names they will match.  The owner name of the wildcard RRs is of\r\nthe form \"*.<anydomain>\", where <anydomain> is any domain name.\r\n<anydomain> should not contain other * labels, and should be in the\r\nauthoritative data of the zone.  The wildcards potentially apply to\r\ndescendants of <anydomain>, but not to <anydomain> itself.  Another way\r\n\r\n\r\n\r\nMockapetris                                                    [Page 25]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\nto look at this is that the \"*\" label always matches at least one whole\r\nlabel and sometimes more, but always whole labels.\r\n\r\nWildcard RRs do not apply:\r\n\r\n   - When the query is in another zone.  That is, delegation cancels\r\n     the wildcard defaults.\r\n\r\n   - When the query name or a name between the wildcard domain and\r\n     the query name is know to exist.  For example, if a wildcard\r\n     RR has an owner name of \"*.X\", and the zone also contains RRs\r\n     attached to B.X, the wildcards would apply to queries for name\r\n     Z.X (presuming there is no explicit information for Z.X), but\r\n     not to B.X, A.B.X, or X.\r\n\r\nA * label appearing in a query name has no special effect, but can be\r\nused to test for wildcards in an authoritative zone; such a query is the\r\nonly way to get a response containing RRs with an owner name with * in\r\nit.  The result of such a query should not be cached.\r\n\r\nNote that the contents of the wildcard RRs are not modified when used to\r\nsynthesize RRs.\r\n\r\nTo illustrate the use of wildcard RRs, suppose a large company with a\r\nlarge, non-IP\/TCP, network wanted to create a mail gateway.  If the\r\ncompany was called X.COM, and IP\/TCP capable gateway machine was called\r\nA.X.COM, the following RRs might be entered into the COM zone:\r\n\r\n    X.COM           MX      10      A.X.COM\r\n\r\n    *.X.COM         MX      10      A.X.COM\r\n\r\n    A.X.COM         A       1.2.3.4\r\n    A.X.COM         MX      10      A.X.COM\r\n\r\n    *.A.X.COM       MX      10      A.X.COM\r\n\r\nThis would cause any MX query for any domain name ending in X.COM to\r\nreturn an MX RR pointing at A.X.COM.  Two wildcard RRs are required\r\nsince the effect of the wildcard at *.X.COM is inhibited in the A.X.COM\r\nsubtree by the explicit data for A.X.COM.  Note also that the explicit\r\nMX data at X.COM and A.X.COM is required, and that none of the RRs above\r\nwould match a query name of XX.COM.\r\n\r\n<\/pre>\n
4.3.4<\/a>. Negative response caching (Optional)<\/h4>\n
The DNS provides an optional service which allows name servers to\r\ndistribute, and resolvers to cache, negative results with TTLs.  For\r\n\r\n\r\n\r\nMockapetris                                                    [Page 26]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\nexample, a name server can distribute a TTL along with a name error\r\nindication, and a resolver receiving such information is allowed to\r\nassume that the name does not exist during the TTL period without\r\nconsulting authoritative data.  Similarly, a resolver can make a query\r\nwith a QTYPE which matches multiple types, and cache the fact that some\r\nof the types are not present.\r\n\r\nThis feature can be particularly important in a system which implements\r\nnaming shorthands that use search lists beacuse a popular shorthand,\r\nwhich happens to require a suffix toward the end of the search list,\r\nwill generate multiple name errors whenever it is used.\r\n\r\nThe method is that a name server may add an SOA RR to the additional\r\nsection of a response when that response is authoritative.  The SOA must\r\nbe that of the zone which was the source of the authoritative data in\r\nthe answer section, or name error if applicable.  The MINIMUM field of\r\nthe SOA controls the length of time that the negative result may be\r\ncached.\r\n\r\nNote that in some circumstances, the answer section may contain multiple\r\nowner names.  In this case, the SOA mechanism should only be used for\r\nthe data which matches QNAME, which is the only authoritative data in\r\nthis section.\r\n\r\nName servers and resolvers should never attempt to add SOAs to the\r\nadditional section of a non-authoritative response, or attempt to infer\r\nresults which are not directly stated in an authoritative response.\r\nThere are several reasons for this, including: cached information isn't\r\nusually enough to match up RRs and their zone names, SOA RRs may be\r\ncached due to direct SOA queries, and name servers are not required to\r\noutput the SOAs in the authority section.\r\n\r\nThis feature is optional, although a refined version is expected to\r\nbecome part of the standard protocol in the future.  Name servers are\r\nnot required to add the SOA RRs in all authoritative responses, nor are\r\nresolvers required to cache negative results.  Both are recommended.\r\nAll resolvers and recursive name servers are required to at least be\r\nable to ignore the SOA RR when it is present in a response.\r\n\r\nSome experiments have also been proposed which will use this feature.\r\nThe idea is that if cached data is known to come from a particular zone,\r\nand if an authoritative copy of the zone's SOA is obtained, and if the\r\nzone's SERIAL has not changed since the data was cached, then the TTL of\r\nthe cached data can be reset to the zone MINIMUM value if it is smaller.\r\nThis usage is mentioned for planning purposes only, and is not\r\nrecommended as yet.\r\n\r\n\r\n\r\n\r\n\r\nMockapetris                                                    [Page 27]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\n<\/pre>\n
4.3.5<\/a>. Zone maintenance and transfers<\/h4>\n
Part of the job of a zone administrator is to maintain the zones at all\r\nof the name servers which are authoritative for the zone.  When the\r\ninevitable changes are made, they must be distributed to all of the name\r\nservers.  While this distribution can be accomplished using FTP or some\r\nother ad hoc procedure, the preferred method is the zone transfer part\r\nof the DNS protocol.\r\n\r\nThe general model of automatic zone transfer or refreshing is that one\r\nof the name servers is the master or primary for the zone.  Changes are\r\ncoordinated at the primary, typically by editing a master file for the\r\nzone.  After editing, the administrator signals the master server to\r\nload the new zone.  The other non-master or secondary servers for the\r\nzone periodically check for changes (at a selectable interval) and\r\nobtain new zone copies when changes have been made.\r\n\r\nTo detect changes, secondaries just check the SERIAL field of the SOA\r\nfor the zone.  In addition to whatever other changes are made, the\r\nSERIAL field in the SOA of the zone is always advanced whenever any\r\nchange is made to the zone.  The advancing can be a simple increment, or\r\ncould be based on the write date and time of the master file, etc.  The\r\npurpose is to make it possible to determine which of two copies of a\r\nzone is more recent by comparing serial numbers.  Serial number advances\r\nand comparisons use sequence space arithmetic, so there is a theoretic\r\nlimit on how fast a zone can be updated, basically that old copies must\r\ndie out before the serial number covers half of its 32 bit range.  In\r\npractice, the only concern is that the compare operation deals properly\r\nwith comparisons around the boundary between the most positive and most\r\nnegative 32 bit numbers.\r\n\r\nThe periodic polling of the secondary servers is controlled by\r\nparameters in the SOA RR for the zone, which set the minimum acceptable\r\npolling intervals.  The parameters are called REFRESH, RETRY, and\r\nEXPIRE.  Whenever a new zone is loaded in a secondary, the secondary\r\nwaits REFRESH seconds before checking with the primary for a new serial.\r\nIf this check cannot be completed, new checks are started every RETRY\r\nseconds.  The check is a simple query to the primary for the SOA RR of\r\nthe zone.  If the serial field in the secondary's zone copy is equal to\r\nthe serial returned by the primary, then no changes have occurred, and\r\nthe REFRESH interval wait is restarted.  If the secondary finds it\r\nimpossible to perform a serial check for the EXPIRE interval, it must\r\nassume that its copy of the zone is obsolete an discard it.\r\n\r\nWhen the poll shows that the zone has changed, then the secondary server\r\nmust request a zone transfer via an AXFR request for the zone.  The AXFR\r\nmay cause an error, such as refused, but normally is answered by a\r\nsequence of response messages.  The first and last messages must contain\r\n\r\n\r\n\r\nMockapetris                                                    [Page 28]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\nthe data for the top authoritative node of the zone.  Intermediate\r\nmessages carry all of the other RRs from the zone, including both\r\nauthoritative and non-authoritative RRs.  The stream of messages allows\r\nthe secondary to construct a copy of the zone.  Because accuracy is\r\nessential, TCP or some other reliable protocol must be used for AXFR\r\nrequests.\r\n\r\nEach secondary server is required to perform the following operations\r\nagainst the master, but may also optionally perform these operations\r\nagainst other secondary servers.  This strategy can improve the transfer\r\nprocess when the primary is unavailable due to host downtime or network\r\nproblems, or when a secondary server has better network access to an\r\n\"intermediate\" secondary than to the primary.\r\n\r\n<\/pre>\n
5<\/a>. RESOLVERS<\/h2>\n
<\/pre>\n
5.1<\/a>. Introduction<\/h3>\n
Resolvers are programs that interface user programs to domain name\r\nservers.  In the simplest case, a resolver receives a request from a\r\nuser program (e.g., mail programs, TELNET, FTP) in the form of a\r\nsubroutine call, system call etc., and returns the desired information\r\nin a form compatible with the local host's data formats.\r\n\r\nThe resolver is located on the same machine as the program that requests\r\nthe resolver's services, but it may need to consult name servers on\r\nother hosts.  Because a resolver may need to consult several name\r\nservers, or may have the requested information in a local cache, the\r\namount of time that a resolver will take to complete can vary quite a\r\nbit, from milliseconds to several seconds.\r\n\r\nA very important goal of the resolver is to eliminate network delay and\r\nname server load from most requests by answering them from its cache of\r\nprior results.  It follows that caches which are shared by multiple\r\nprocesses, users, machines, etc., are more efficient than non-shared\r\ncaches.\r\n\r\n<\/pre>\n
5.2<\/a>. Client-resolver interface<\/h3>\n
<\/pre>\n
5.2.1<\/a>. Typical functions<\/h4>\n
The client interface to the resolver is influenced by the local host's\r\nconventions, but the typical resolver-client interface has three\r\nfunctions:\r\n\r\n   1. Host name to host address translation.\r\n\r\n      This function is often defined to mimic a previous HOSTS.TXT\r\n\r\n\r\n\r\nMockapetris                                                    [Page 29]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\n      based function.  Given a character string, the caller wants\r\n      one or more 32 bit IP addresses.  Under the DNS, it\r\n      translates into a request for type A RRs.  Since the DNS does\r\n      not preserve the order of RRs, this function may choose to\r\n      sort the returned addresses or select the \"best\" address if\r\n      the service returns only one choice to the client.  Note that\r\n      a multiple address return is recommended, but a single\r\n      address may be the only way to emulate prior HOSTS.TXT\r\n      services.\r\n\r\n   2. Host address to host name translation\r\n\r\n      This function will often follow the form of previous\r\n      functions.  Given a 32 bit IP address, the caller wants a\r\n      character string.  The octets of the IP address are reversed,\r\n      used as name components, and suffixed with \"IN-ADDR.ARPA\".  A\r\n      type PTR query is used to get the RR with the primary name of\r\n      the host.  For example, a request for the host name\r\n      corresponding to IP address 1.2.3.4 looks for PTR RRs for\r\n      domain name \"4.3.2.1.IN-ADDR.ARPA\".\r\n\r\n   3. General lookup function\r\n\r\n      This function retrieves arbitrary information from the DNS,\r\n      and has no counterpart in previous systems.  The caller\r\n      supplies a QNAME, QTYPE, and QCLASS, and wants all of the\r\n      matching RRs.  This function will often use the DNS format\r\n      for all RR data instead of the local host's, and returns all\r\n      RR content (e.g., TTL) instead of a processed form with local\r\n      quoting conventions.\r\n\r\nWhen the resolver performs the indicated function, it usually has one of\r\nthe following results to pass back to the client:\r\n\r\n   - One or more RRs giving the requested data.\r\n\r\n     In this case the resolver returns the answer in the\r\n     appropriate format.\r\n\r\n   - A name error (NE).\r\n\r\n     This happens when the referenced name does not exist.  For\r\n     example, a user may have mistyped a host name.\r\n\r\n   - A data not found error.\r\n\r\n     This happens when the referenced name exists, but data of the\r\n     appropriate type does not.  For example, a host address\r\n\r\n\r\n\r\nMockapetris                                                    [Page 30]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\n     function applied to a mailbox name would return this error\r\n     since the name exists, but no address RR is present.\r\n\r\nIt is important to note that the functions for translating between host\r\nnames and addresses may combine the \"name error\" and \"data not found\"\r\nerror conditions into a single type of error return, but the general\r\nfunction should not.  One reason for this is that applications may ask\r\nfirst for one type of information about a name followed by a second\r\nrequest to the same name for some other type of information; if the two\r\nerrors are combined, then useless queries may slow the application.\r\n\r\n<\/pre>\n
5.2.2<\/a>. Aliases<\/h4>\n
While attempting to resolve a particular request, the resolver may find\r\nthat the name in question is an alias.  For example, the resolver might\r\nfind that the name given for host name to address translation is an\r\nalias when it finds the CNAME RR.  If possible, the alias condition\r\nshould be signalled back from the resolver to the client.\r\n\r\nIn most cases a resolver simply restarts the query at the new name when\r\nit encounters a CNAME.  However, when performing the general function,\r\nthe resolver should not pursue aliases when the CNAME RR matches the\r\nquery type.  This allows queries which ask whether an alias is present.\r\nFor example, if the query type is CNAME, the user is interested in the\r\nCNAME RR itself, and not the RRs at the name it points to.\r\n\r\nSeveral special conditions can occur with aliases.  Multiple levels of\r\naliases should be avoided due to their lack of efficiency, but should\r\nnot be signalled as an error.  Alias loops and aliases which point to\r\nnon-existent names should be caught and an error condition passed back\r\nto the client.\r\n\r\n<\/pre>\n
5.2.3<\/a>. Temporary failures<\/h4>\n
In a less than perfect world, all resolvers will occasionally be unable\r\nto resolve a particular request.  This condition can be caused by a\r\nresolver which becomes separated from the rest of the network due to a\r\nlink failure or gateway problem, or less often by coincident failure or\r\nunavailability of all servers for a particular domain.\r\n\r\nIt is essential that this sort of condition should not be signalled as a\r\nname or data not present error to applications.  This sort of behavior\r\nis annoying to humans, and can wreak havoc when mail systems use the\r\nDNS.\r\n\r\nWhile in some cases it is possible to deal with such a temporary problem\r\nby blocking the request indefinitely, this is usually not a good choice,\r\nparticularly when the client is a server process that could move on to\r\n\r\n\r\n\r\nMockapetris                                                    [Page 31]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\nother tasks.  The recommended solution is to always have temporary\r\nfailure as one of the possible results of a resolver function, even\r\nthough this may make emulation of existing HOSTS.TXT functions more\r\ndifficult.\r\n\r\n<\/pre>\n
5.3<\/a>. Resolver internals<\/h3>\n
Every resolver implementation uses slightly different algorithms, and\r\ntypically spends much more logic dealing with errors of various sorts\r\nthan typical occurances.  This section outlines a recommended basic\r\nstrategy for resolver operation, but leaves details to [RFC-1035<\/a>].\r\n\r\n<\/pre>\n
5.3.1<\/a>. Stub resolvers<\/h4>\n
One option for implementing a resolver is to move the resolution\r\nfunction out of the local machine and into a name server which supports\r\nrecursive queries.  This can provide an easy method of providing domain\r\nservice in a PC which lacks the resources to perform the resolver\r\nfunction, or can centralize the cache for a whole local network or\r\norganization.\r\n\r\nAll that the remaining stub needs is a list of name server addresses\r\nthat will perform the recursive requests.  This type of resolver\r\npresumably needs the information in a configuration file, since it\r\nprobably lacks the sophistication to locate it in the domain database.\r\nThe user also needs to verify that the listed servers will perform the\r\nrecursive service; a name server is free to refuse to perform recursive\r\nservices for any or all clients.  The user should consult the local\r\nsystem administrator to find name servers willing to perform the\r\nservice.\r\n\r\nThis type of service suffers from some drawbacks.  Since the recursive\r\nrequests may take an arbitrary amount of time to perform, the stub may\r\nhave difficulty optimizing retransmission intervals to deal with both\r\nlost UDP packets and dead servers; the name server can be easily\r\noverloaded by too zealous a stub if it interprets retransmissions as new\r\nrequests.  Use of TCP may be an answer, but TCP may well place burdens\r\non the host's capabilities which are similar to those of a real\r\nresolver.\r\n\r\n<\/pre>\n
5.3.2<\/a>. Resources<\/h4>\n
In addition to its own resources, the resolver may also have shared\r\naccess to zones maintained by a local name server.  This gives the\r\nresolver the advantage of more rapid access, but the resolver must be\r\ncareful to never let cached information override zone data.  In this\r\ndiscussion the term \"local information\" is meant to mean the union of\r\nthe cache and such shared zones, with the understanding that\r\n\r\n\r\n\r\nMockapetris                                                    [Page 32]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\nauthoritative data is always used in preference to cached data when both\r\nare present.\r\n\r\nThe following resolver algorithm assumes that all functions have been\r\nconverted to a general lookup function, and uses the following data\r\nstructures to represent the state of a request in progress in the\r\nresolver:\r\n\r\nSNAME           the domain name we are searching for.\r\n\r\nSTYPE           the QTYPE of the search request.\r\n\r\nSCLASS          the QCLASS of the search request.\r\n\r\nSLIST           a structure which describes the name servers and the\r\n                zone which the resolver is currently trying to query.\r\n                This structure keeps track of the resolver's current\r\n                best guess about which name servers hold the desired\r\n                information; it is updated when arriving information\r\n                changes the guess.  This structure includes the\r\n                equivalent of a zone name, the known name servers for\r\n                the zone, the known addresses for the name servers, and\r\n                history information which can be used to suggest which\r\n                server is likely to be the best one to try next.  The\r\n                zone name equivalent is a match count of the number of\r\n                labels from the root down which SNAME has in common with\r\n                the zone being queried; this is used as a measure of how\r\n                \"close\" the resolver is to SNAME.\r\n\r\nSBELT           a \"safety belt\" structure of the same form as SLIST,\r\n                which is initialized from a configuration file, and\r\n                lists servers which should be used when the resolver\r\n                doesn't have any local information to guide name server\r\n                selection.  The match count will be -1 to indicate that\r\n                no labels are known to match.\r\n\r\nCACHE           A structure which stores the results from previous\r\n                responses.  Since resolvers are responsible for\r\n                discarding old RRs whose TTL has expired, most\r\n                implementations convert the interval specified in\r\n                arriving RRs to some sort of absolute time when the RR\r\n                is stored in the cache.  Instead of counting the TTLs\r\n                down individually, the resolver just ignores or discards\r\n                old RRs when it runs across them in the course of a\r\n                search, or discards them during periodic sweeps to\r\n                reclaim the memory consumed by old RRs.\r\n\r\n\r\n\r\n\r\n\r\nMockapetris                                                    [Page 33]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\n<\/pre>\n
5.3.3<\/a>. Algorithm<\/h4>\n
The top level algorithm has four steps:\r\n\r\n   1. See if the answer is in local information, and if so return\r\n      it to the client.\r\n\r\n   2. Find the best servers to ask.\r\n\r\n   3. Send them queries until one returns a response.\r\n\r\n   4. Analyze the response, either:\r\n\r\n         a. if the response answers the question or contains a name\r\n            error, cache the data as well as returning it back to\r\n            the client.\r\n\r\n         b. if the response contains a better delegation to other\r\n            servers, cache the delegation information, and go to\r\n            step 2.\r\n\r\n         c. if the response shows a CNAME and that is not the\r\n            answer itself, cache the CNAME, change the SNAME to the\r\n            canonical name in the CNAME RR and go to step 1.\r\n\r\n         d. if the response shows a servers failure or other\r\n            bizarre contents, delete the server from the SLIST and\r\n            go back to step 3.\r\n\r\nStep 1 searches the cache for the desired data. If the data is in the\r\ncache, it is assumed to be good enough for normal use.  Some resolvers\r\nhave an option at the user interface which will force the resolver to\r\nignore the cached data and consult with an authoritative server.  This\r\nis not recommended as the default.  If the resolver has direct access to\r\na name server's zones, it should check to see if the desired data is\r\npresent in authoritative form, and if so, use the authoritative data in\r\npreference to cached data.\r\n\r\nStep 2 looks for a name server to ask for the required data.  The\r\ngeneral strategy is to look for locally-available name server RRs,\r\nstarting at SNAME, then the parent domain name of SNAME, the\r\ngrandparent, and so on toward the root.  Thus if SNAME were\r\nMockapetris.ISI.EDU, this step would look for NS RRs for\r\nMockapetris.ISI.EDU, then ISI.EDU, then EDU, and then . (the root).\r\nThese NS RRs list the names of hosts for a zone at or above SNAME.  Copy\r\nthe names into SLIST.  Set up their addresses using local data.  It may\r\nbe the case that the addresses are not available.  The resolver has many\r\nchoices here; the best is to start parallel resolver processes looking\r\n\r\n\r\n\r\nMockapetris                                                    [Page 34]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\nfor the addresses while continuing onward with the addresses which are\r\navailable.  Obviously, the design choices and options are complicated\r\nand a function of the local host's capabilities.  The recommended\r\npriorities for the resolver designer are:\r\n\r\n   1. Bound the amount of work (packets sent, parallel processes\r\n      started) so that a request can't get into an infinite loop or\r\n      start off a chain reaction of requests or queries with other\r\n      implementations EVEN IF SOMEONE HAS INCORRECTLY CONFIGURED\r\n      SOME DATA.\r\n\r\n   2. Get back an answer if at all possible.\r\n\r\n   3. Avoid unnecessary transmissions.\r\n\r\n   4. Get the answer as quickly as possible.\r\n\r\nIf the search for NS RRs fails, then the resolver initializes SLIST from\r\nthe safety belt SBELT.  The basic idea is that when the resolver has no\r\nidea what servers to ask, it should use information from a configuration\r\nfile that lists several servers which are expected to be helpful.\r\nAlthough there are special situations, the usual choice is two of the\r\nroot servers and two of the servers for the host's domain.  The reason\r\nfor two of each is for redundancy.  The root servers will provide\r\neventual access to all of the domain space.  The two local servers will\r\nallow the resolver to continue to resolve local names if the local\r\nnetwork becomes isolated from the internet due to gateway or link\r\nfailure.\r\n\r\nIn addition to the names and addresses of the servers, the SLIST data\r\nstructure can be sorted to use the best servers first, and to insure\r\nthat all addresses of all servers are used in a round-robin manner.  The\r\nsorting can be a simple function of preferring addresses on the local\r\nnetwork over others, or may involve statistics from past events, such as\r\nprevious response times and batting averages.\r\n\r\nStep 3 sends out queries until a response is received.  The strategy is\r\nto cycle around all of the addresses for all of the servers with a\r\ntimeout between each transmission.  In practice it is important to use\r\nall addresses of a multihomed host, and too aggressive a retransmission\r\npolicy actually slows response when used by multiple resolvers\r\ncontending for the same name server and even occasionally for a single\r\nresolver.  SLIST typically contains data values to control the timeouts\r\nand keep track of previous transmissions.\r\n\r\nStep 4 involves analyzing responses.  The resolver should be highly\r\nparanoid in its parsing of responses.  It should also check that the\r\nresponse matches the query it sent using the ID field in the response.\r\n\r\n\r\n\r\nMockapetris                                                    [Page 35]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\nThe ideal answer is one from a server authoritative for the query which\r\neither gives the required data or a name error.  The data is passed back\r\nto the user and entered in the cache for future use if its TTL is\r\ngreater than zero.\r\n\r\nIf the response shows a delegation, the resolver should check to see\r\nthat the delegation is \"closer\" to the answer than the servers in SLIST\r\nare.  This can be done by comparing the match count in SLIST with that\r\ncomputed from SNAME and the NS RRs in the delegation.  If not, the reply\r\nis bogus and should be ignored.  If the delegation is valid the NS\r\ndelegation RRs and any address RRs for the servers should be cached.\r\nThe name servers are entered in the SLIST, and the search is restarted.\r\n\r\nIf the response contains a CNAME, the search is restarted at the CNAME\r\nunless the response has the data for the canonical name or if the CNAME\r\nis the answer itself.\r\n\r\nDetails and implementation hints can be found in [RFC-1035<\/a>].\r\n\r\n<\/pre>\n
6<\/a>. A SCENARIO<\/h2>\n
In our sample domain space, suppose we wanted separate administrative\r\ncontrol for the root, MIL, EDU, MIT.EDU and ISI.EDU zones.  We might\r\nallocate name servers as follows:\r\n\r\n\r\n                                   |(C.ISI.EDU,SRI-NIC.ARPA\r\n                                   | A.ISI.EDU)\r\n             +---------------------+------------------+\r\n             |                     |                  |\r\n            MIL                   EDU                ARPA\r\n             |(SRI-NIC.ARPA,       |(SRI-NIC.ARPA,    |\r\n             | A.ISI.EDU           | C.ISI.EDU)       |\r\n       +-----+-----+               |     +------+-----+-----+\r\n       |     |     |               |     |      |           |\r\n      BRL  NOSC  DARPA             |  IN-ADDR  SRI-NIC     ACC\r\n                                   |\r\n       +--------+------------------+---------------+--------+\r\n       |        |                  |               |        |\r\n      UCI      MIT                 |              UDEL     YALE\r\n                |(XX.LCS.MIT.EDU, ISI\r\n                |ACHILLES.MIT.EDU) |(VAXA.ISI.EDU,VENERA.ISI.EDU,\r\n            +---+---+              | A.ISI.EDU)\r\n            |       |              |\r\n           LCS   ACHILLES +--+-----+-----+--------+\r\n            |             |  |     |     |        |\r\n            XX            A  C   VAXA  VENERA Mockapetris\r\n\r\n\r\n\r\n\r\nMockapetris                                                    [Page 36]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\nIn this example, the authoritative name server is shown in parentheses\r\nat the point in the domain tree at which is assumes control.\r\n\r\nThus the root name servers are on C.ISI.EDU, SRI-NIC.ARPA, and\r\nA.ISI.EDU.  The MIL domain is served by SRI-NIC.ARPA and A.ISI.EDU.  The\r\nEDU domain is served by SRI-NIC.ARPA. and C.ISI.EDU.  Note that servers\r\nmay have zones which are contiguous or disjoint.  In this scenario,\r\nC.ISI.EDU has contiguous zones at the root and EDU domains.  A.ISI.EDU\r\nhas contiguous zones at the root and MIL domains, but also has a non-\r\ncontiguous zone at ISI.EDU.\r\n\r\n<\/pre>\n
6.1<\/a>. C.ISI.EDU name server<\/h3>\n
C.ISI.EDU is a name server for the root, MIL, and EDU domains of the IN\r\nclass, and would have zones for these domains.  The zone data for the\r\nroot domain might be:\r\n\r\n    .       IN      SOA     SRI-NIC.ARPA. HOSTMASTER.SRI-NIC.ARPA. (\r\n                            870611          ;serial\r\n                            1800            ;refresh every 30 min\r\n                            300             ;retry every 5 min\r\n                            604800          ;expire after a week\r\n                            86400)          ;minimum of a day\r\n                    NS      A.ISI.EDU.\r\n                    NS      C.ISI.EDU.\r\n                    NS      SRI-NIC.ARPA.\r\n\r\n    MIL.    86400   NS      SRI-NIC.ARPA.\r\n            86400   NS      A.ISI.EDU.\r\n\r\n    EDU.    86400   NS      SRI-NIC.ARPA.\r\n            86400   NS      C.ISI.EDU.\r\n\r\n    SRI-NIC.ARPA.   A       26.0.0.73\r\n                    A       10.0.0.51\r\n                    MX      0 SRI-NIC.ARPA.\r\n                    HINFO   DEC-2060 TOPS20\r\n\r\n    ACC.ARPA.       A       26.6.0.65\r\n                    HINFO   PDP-11\/70 UNIX\r\n                    MX      10 ACC.ARPA.\r\n\r\n    USC-ISIC.ARPA.  CNAME   C.ISI.EDU.\r\n\r\n    73.0.0.26.IN-ADDR.ARPA.  PTR    SRI-NIC.ARPA.\r\n    65.0.6.26.IN-ADDR.ARPA.  PTR    ACC.ARPA.\r\n    51.0.0.10.IN-ADDR.ARPA.  PTR    SRI-NIC.ARPA.\r\n    52.0.0.10.IN-ADDR.ARPA.  PTR    C.ISI.EDU.\r\n\r\n\r\n\r\nMockapetris                                                    [Page 37]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\n    103.0.3.26.IN-ADDR.ARPA. PTR    A.ISI.EDU.\r\n\r\n    A.ISI.EDU. 86400 A      26.3.0.103\r\n    C.ISI.EDU. 86400 A      10.0.0.52\r\n\r\nThis data is represented as it would be in a master file.  Most RRs are\r\nsingle line entries; the sole exception here is the SOA RR, which uses\r\n\"(\" to start a multi-line RR and \")\" to show the end of a multi-line RR.\r\nSince the class of all RRs in a zone must be the same, only the first RR\r\nin a zone need specify the class.  When a name server loads a zone, it\r\nforces the TTL of all authoritative RRs to be at least the MINIMUM field\r\nof the SOA, here 86400 seconds, or one day.  The NS RRs marking\r\ndelegation of the MIL and EDU domains, together with the glue RRs for\r\nthe servers host addresses, are not part of the authoritative data in\r\nthe zone, and hence have explicit TTLs.\r\n\r\nFour RRs are attached to the root node: the SOA which describes the root\r\nzone and the 3 NS RRs which list the name servers for the root.  The\r\ndata in the SOA RR describes the management of the zone.  The zone data\r\nis maintained on host SRI-NIC.ARPA, and the responsible party for the\r\nzone is HOSTMASTER@SRI-NIC.ARPA.  A key item in the SOA is the 86400\r\nsecond minimum TTL, which means that all authoritative data in the zone\r\nhas at least that TTL, although higher values may be explicitly\r\nspecified.\r\n\r\nThe NS RRs for the MIL and EDU domains mark the boundary between the\r\nroot zone and the MIL and EDU zones.  Note that in this example, the\r\nlower zones happen to be supported by name servers which also support\r\nthe root zone.\r\n\r\nThe master file for the EDU zone might be stated relative to the origin\r\nEDU.  The zone data for the EDU domain might be:\r\n\r\n    EDU.  IN SOA SRI-NIC.ARPA. HOSTMASTER.SRI-NIC.ARPA. (\r\n                            870729 ;serial\r\n                            1800 ;refresh every 30 minutes\r\n                            300 ;retry every 5 minutes\r\n                            604800 ;expire after a week\r\n                            86400 ;minimum of a day\r\n                            )\r\n                    NS SRI-NIC.ARPA.\r\n                    NS C.ISI.EDU.\r\n\r\n    UCI 172800 NS ICS.UCI\r\n                    172800 NS ROME.UCI\r\n    ICS.UCI 172800 A 192.5.19.1\r\n    ROME.UCI 172800 A 192.5.19.31\r\n\r\n\r\n\r\n\r\nMockapetris                                                    [Page 38]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\n    ISI 172800 NS VAXA.ISI\r\n                    172800 NS A.ISI\r\n                    172800 NS VENERA.ISI.EDU.\r\n    VAXA.ISI 172800 A 10.2.0.27\r\n                    172800 A 128.9.0.33\r\n    VENERA.ISI.EDU. 172800 A 10.1.0.52\r\n                    172800 A 128.9.0.32\r\n    A.ISI 172800 A 26.3.0.103\r\n\r\n    UDEL.EDU.  172800 NS LOUIE.UDEL.EDU.\r\n                    172800 NS UMN-REI-UC.ARPA.\r\n    LOUIE.UDEL.EDU. 172800 A 10.0.0.96\r\n                    172800 A 192.5.39.3\r\n\r\n    YALE.EDU.  172800 NS YALE.ARPA.\r\n    YALE.EDU.  172800 NS YALE-BULLDOG.ARPA.\r\n\r\n    MIT.EDU.  43200 NS XX.LCS.MIT.EDU.\r\n                      43200 NS ACHILLES.MIT.EDU.\r\n    XX.LCS.MIT.EDU.  43200 A 10.0.0.44\r\n    ACHILLES.MIT.EDU. 43200 A 18.72.0.8\r\n\r\nNote the use of relative names here.  The owner name for the ISI.EDU. is\r\nstated using a relative name, as are two of the name server RR contents.\r\nRelative and absolute domain names may be freely intermixed in a master\r\n\r\n<\/pre>\n
6.2<\/a>. Example standard queries<\/h3>\n
The following queries and responses illustrate name server behavior.\r\nUnless otherwise noted, the queries do not have recursion desired (RD)\r\nin the header.  Note that the answers to non-recursive queries do depend\r\non the server being asked, but do not depend on the identity of the\r\nrequester.\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\nMockapetris                                                    [Page 39]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\n<\/pre>\n
6.2.1<\/a>. QNAME=SRI-NIC.ARPA, QTYPE=A<\/h4>\n
The query would look like:\r\n\r\n               +---------------------------------------------------+\r\n    Header     | OPCODE=SQUERY                                     |\r\n               +---------------------------------------------------+\r\n    Question   | QNAME=SRI-NIC.ARPA., QCLASS=IN, QTYPE=A           |\r\n               +---------------------------------------------------+\r\n    Answer     | <empty>                                           |\r\n               +---------------------------------------------------+\r\n    Authority  | <empty>                                           |\r\n               +---------------------------------------------------+\r\n    Additional | <empty>                                           |\r\n               +---------------------------------------------------+\r\n\r\nThe response from C.ISI.EDU would be:\r\n\r\n               +---------------------------------------------------+\r\n    Header     | OPCODE=SQUERY, RESPONSE, AA                       |\r\n               +---------------------------------------------------+\r\n    Question   | QNAME=SRI-NIC.ARPA., QCLASS=IN, QTYPE=A           |\r\n               +---------------------------------------------------+\r\n    Answer     | SRI-NIC.ARPA. 86400 IN A 26.0.0.73                |\r\n               |               86400 IN A 10.0.0.51                |\r\n               +---------------------------------------------------+\r\n    Authority  | <empty>                                           |\r\n               +---------------------------------------------------+\r\n    Additional | <empty>                                           |\r\n               +---------------------------------------------------+\r\n\r\nThe header of the response looks like the header of the query, except\r\nthat the RESPONSE bit is set, indicating that this message is a\r\nresponse, not a query, and the Authoritative Answer (AA) bit is set\r\nindicating that the address RRs in the answer section are from\r\nauthoritative data.  The question section of the response matches the\r\nquestion section of the query.\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\nMockapetris                                                    [Page 40]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\nIf the same query was sent to some other server which was not\r\nauthoritative for SRI-NIC.ARPA, the response might be:\r\n\r\n               +---------------------------------------------------+\r\n    Header     | OPCODE=SQUERY,RESPONSE                            |\r\n               +---------------------------------------------------+\r\n    Question   | QNAME=SRI-NIC.ARPA., QCLASS=IN, QTYPE=A           |\r\n               +---------------------------------------------------+\r\n    Answer     | SRI-NIC.ARPA. 1777 IN A 10.0.0.51                 |\r\n               |               1777 IN A 26.0.0.73                 |\r\n               +---------------------------------------------------+\r\n    Authority  | <empty>                                           |\r\n               +---------------------------------------------------+\r\n    Additional | <empty>                                           |\r\n               +---------------------------------------------------+\r\n\r\nThis response is different from the previous one in two ways: the header\r\ndoes not have AA set, and the TTLs are different.  The inference is that\r\nthe data did not come from a zone, but from a cache.  The difference\r\nbetween the authoritative TTL and the TTL here is due to aging of the\r\ndata in a cache.  The difference in ordering of the RRs in the answer\r\nsection is not significant.\r\n\r\n<\/pre>\n
6.2.2<\/a>. QNAME=SRI-NIC.ARPA, QTYPE=*<\/h4>\n
A query similar to the previous one, but using a QTYPE of *, would\r\nreceive the following response from C.ISI.EDU:\r\n\r\n               +---------------------------------------------------+\r\n    Header     | OPCODE=SQUERY, RESPONSE, AA                       |\r\n               +---------------------------------------------------+\r\n    Question   | QNAME=SRI-NIC.ARPA., QCLASS=IN, QTYPE=*           |\r\n               +---------------------------------------------------+\r\n    Answer     | SRI-NIC.ARPA. 86400 IN  A     26.0.0.73           |\r\n               |                         A     10.0.0.51           |\r\n               |                         MX    0 SRI-NIC.ARPA.     |\r\n               |                         HINFO DEC-2060 TOPS20     |\r\n               +---------------------------------------------------+\r\n    Authority  | <empty>                                           |\r\n               +---------------------------------------------------+\r\n    Additional | <empty>                                           |\r\n               +---------------------------------------------------+\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\nMockapetris                                                    [Page 41]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\nIf a similar query was directed to two name servers which are not\r\nauthoritative for SRI-NIC.ARPA, the responses might be:\r\n\r\n               +---------------------------------------------------+\r\n    Header     | OPCODE=SQUERY, RESPONSE                           |\r\n               +---------------------------------------------------+\r\n    Question   | QNAME=SRI-NIC.ARPA., QCLASS=IN, QTYPE=*           |\r\n               +---------------------------------------------------+\r\n    Answer     | SRI-NIC.ARPA. 12345 IN     A       26.0.0.73      |\r\n               |                            A       10.0.0.51      |\r\n               +---------------------------------------------------+\r\n    Authority  | <empty>                                           |\r\n               +---------------------------------------------------+\r\n    Additional | <empty>                                           |\r\n               +---------------------------------------------------+\r\n\r\nand\r\n\r\n               +---------------------------------------------------+\r\n    Header     | OPCODE=SQUERY, RESPONSE                           |\r\n               +---------------------------------------------------+\r\n    Question   | QNAME=SRI-NIC.ARPA., QCLASS=IN, QTYPE=*           |\r\n               +---------------------------------------------------+\r\n    Answer     | SRI-NIC.ARPA. 1290 IN HINFO  DEC-2060 TOPS20      |\r\n               +---------------------------------------------------+\r\n    Authority  | <empty>                                           |\r\n               +---------------------------------------------------+\r\n    Additional | <empty>                                           |\r\n               +---------------------------------------------------+\r\n\r\nNeither of these answers have AA set, so neither response comes from\r\nauthoritative data.  The different contents and different TTLs suggest\r\nthat the two servers cached data at different times, and that the first\r\nserver cached the response to a QTYPE=A query and the second cached the\r\nresponse to a HINFO query.\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\nMockapetris                                                    [Page 42]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\n<\/pre>\n
6.2.3<\/a>. QNAME=SRI-NIC.ARPA, QTYPE=MX<\/h4>\n
This type of query might be result from a mailer trying to look up\r\nrouting information for the mail destination HOSTMASTER@SRI-NIC.ARPA.\r\nThe response from C.ISI.EDU would be:\r\n\r\n               +---------------------------------------------------+\r\n    Header     | OPCODE=SQUERY, RESPONSE, AA                       |\r\n               +---------------------------------------------------+\r\n    Question   | QNAME=SRI-NIC.ARPA., QCLASS=IN, QTYPE=MX          |\r\n               +---------------------------------------------------+\r\n    Answer     | SRI-NIC.ARPA. 86400 IN     MX      0 SRI-NIC.ARPA.|\r\n               +---------------------------------------------------+\r\n    Authority  | <empty>                                           |\r\n               +---------------------------------------------------+\r\n    Additional | SRI-NIC.ARPA. 86400 IN     A       26.0.0.73      |\r\n               |                            A       10.0.0.51      |\r\n               +---------------------------------------------------+\r\n\r\nThis response contains the MX RR in the answer section of the response.\r\nThe additional section contains the address RRs because the name server\r\nat C.ISI.EDU guesses that the requester will need the addresses in order\r\nto properly use the information carried by the MX.\r\n\r\n<\/pre>\n
6.2.4<\/a>. QNAME=SRI-NIC.ARPA, QTYPE=NS<\/h4>\n
C.ISI.EDU would reply to this query with:\r\n\r\n               +---------------------------------------------------+\r\n    Header     | OPCODE=SQUERY, RESPONSE, AA                       |\r\n               +---------------------------------------------------+\r\n    Question   | QNAME=SRI-NIC.ARPA., QCLASS=IN, QTYPE=NS          |\r\n               +---------------------------------------------------+\r\n    Answer     | <empty>                                           |\r\n               +---------------------------------------------------+\r\n    Authority  | <empty>                                           |\r\n               +---------------------------------------------------+\r\n    Additional | <empty>                                           |\r\n               +---------------------------------------------------+\r\n\r\nThe only difference between the response and the query is the AA and\r\nRESPONSE bits in the header.  The interpretation of this response is\r\nthat the server is authoritative for the name, and the name exists, but\r\nno RRs of type NS are present there.\r\n\r\n<\/pre>\n
6.2.5<\/a>. QNAME=SIR-NIC.ARPA, QTYPE=A<\/h4>\n
If a user mistyped a host name, we might see this type of query.\r\n\r\n\r\n\r\nMockapetris                                                    [Page 43]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\nC.ISI.EDU would answer it with:\r\n\r\n               +---------------------------------------------------+\r\n    Header     | OPCODE=SQUERY, RESPONSE, AA, RCODE=NE             |\r\n               +---------------------------------------------------+\r\n    Question   | QNAME=SIR-NIC.ARPA., QCLASS=IN, QTYPE=A           |\r\n               +---------------------------------------------------+\r\n    Answer     | <empty>                                           |\r\n               +---------------------------------------------------+\r\n    Authority  | . SOA SRI-NIC.ARPA. HOSTMASTER.SRI-NIC.ARPA.      |\r\n               |       870611 1800 300 604800 86400                |\r\n               +---------------------------------------------------+\r\n    Additional | <empty>                                           |\r\n               +---------------------------------------------------+\r\n\r\nThis response states that the name does not exist.  This condition is\r\nsignalled in the response code (RCODE) section of the header.\r\n\r\nThe SOA RR in the authority section is the optional negative caching\r\ninformation which allows the resolver using this response to assume that\r\nthe name will not exist for the SOA MINIMUM (86400) seconds.\r\n\r\n<\/pre>\n
6.2.6<\/a>. QNAME=BRL.MIL, QTYPE=A<\/h4>\n
If this query is sent to C.ISI.EDU, the reply would be:\r\n\r\n               +---------------------------------------------------+\r\n    Header     | OPCODE=SQUERY, RESPONSE                           |\r\n               +---------------------------------------------------+\r\n    Question   | QNAME=BRL.MIL, QCLASS=IN, QTYPE=A                 |\r\n               +---------------------------------------------------+\r\n    Answer     | <empty>                                           |\r\n               +---------------------------------------------------+\r\n    Authority  | MIL.             86400 IN NS       SRI-NIC.ARPA.  |\r\n               |                  86400    NS       A.ISI.EDU.     |\r\n               +---------------------------------------------------+\r\n    Additional | A.ISI.EDU.                A        26.3.0.103     |\r\n               | SRI-NIC.ARPA.             A        26.0.0.73      |\r\n               |                           A        10.0.0.51      |\r\n               +---------------------------------------------------+\r\n\r\nThis response has an empty answer section, but is not authoritative, so\r\nit is a referral.  The name server on C.ISI.EDU, realizing that it is\r\nnot authoritative for the MIL domain, has referred the requester to\r\nservers on A.ISI.EDU and SRI-NIC.ARPA, which it knows are authoritative\r\nfor the MIL domain.\r\n\r\n\r\n\r\n\r\n\r\nMockapetris                                                    [Page 44]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\n<\/pre>\n
6.2.7<\/a>. QNAME=USC-ISIC.ARPA, QTYPE=A<\/h4>\n
The response to this query from A.ISI.EDU would be:\r\n\r\n               +---------------------------------------------------+\r\n    Header     | OPCODE=SQUERY, RESPONSE, AA                       |\r\n               +---------------------------------------------------+\r\n    Question   | QNAME=USC-ISIC.ARPA., QCLASS=IN, QTYPE=A          |\r\n               +---------------------------------------------------+\r\n    Answer     | USC-ISIC.ARPA. 86400 IN CNAME      C.ISI.EDU.     |\r\n               | C.ISI.EDU.     86400 IN A          10.0.0.52      |\r\n               +---------------------------------------------------+\r\n    Authority  | <empty>                                           |\r\n               +---------------------------------------------------+\r\n    Additional | <empty>                                           |\r\n               +---------------------------------------------------+\r\n\r\nNote that the AA bit in the header guarantees that the data matching\r\nQNAME is authoritative, but does not say anything about whether the data\r\nfor C.ISI.EDU is authoritative.  This complete reply is possible because\r\nA.ISI.EDU happens to be authoritative for both the ARPA domain where\r\nUSC-ISIC.ARPA is found and the ISI.EDU domain where C.ISI.EDU data is\r\nfound.\r\n\r\nIf the same query was sent to C.ISI.EDU, its response might be the same\r\nas shown above if it had its own address in its cache, but might also\r\nbe:\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\nMockapetris                                                    [Page 45]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\n               +---------------------------------------------------+\r\n    Header     | OPCODE=SQUERY, RESPONSE, AA                       |\r\n               +---------------------------------------------------+\r\n    Question   | QNAME=USC-ISIC.ARPA., QCLASS=IN, QTYPE=A          |\r\n               +---------------------------------------------------+\r\n    Answer     | USC-ISIC.ARPA.   86400 IN CNAME   C.ISI.EDU.      |\r\n               +---------------------------------------------------+\r\n    Authority  | ISI.EDU.        172800 IN NS      VAXA.ISI.EDU.   |\r\n               |                           NS      A.ISI.EDU.      |\r\n               |                           NS      VENERA.ISI.EDU. |\r\n               +---------------------------------------------------+\r\n    Additional | VAXA.ISI.EDU.   172800    A       10.2.0.27       |\r\n               |                 172800    A       128.9.0.33      |\r\n               | VENERA.ISI.EDU. 172800    A       10.1.0.52       |\r\n               |                 172800    A       128.9.0.32      |\r\n               | A.ISI.EDU.      172800    A       26.3.0.103      |\r\n               +---------------------------------------------------+\r\n\r\nThis reply contains an authoritative reply for the alias USC-ISIC.ARPA,\r\nplus a referral to the name servers for ISI.EDU.  This sort of reply\r\nisn't very likely given that the query is for the host name of the name\r\nserver being asked, but would be common for other aliases.\r\n\r\n<\/pre>\n
6.2.8<\/a>. QNAME=USC-ISIC.ARPA, QTYPE=CNAME<\/h4>\n
If this query is sent to either A.ISI.EDU or C.ISI.EDU, the reply would\r\nbe:\r\n\r\n               +---------------------------------------------------+\r\n    Header     | OPCODE=SQUERY, RESPONSE, AA                       |\r\n               +---------------------------------------------------+\r\n    Question   | QNAME=USC-ISIC.ARPA., QCLASS=IN, QTYPE=A          |\r\n               +---------------------------------------------------+\r\n    Answer     | USC-ISIC.ARPA. 86400 IN CNAME      C.ISI.EDU.     |\r\n               +---------------------------------------------------+\r\n    Authority  | <empty>                                           |\r\n               +---------------------------------------------------+\r\n    Additional | <empty>                                           |\r\n               +---------------------------------------------------+\r\n\r\nBecause QTYPE=CNAME, the CNAME RR itself answers the query, and the name\r\nserver doesn't attempt to look up anything for C.ISI.EDU.  (Except\r\npossibly for the additional section.)\r\n\r\n<\/pre>\n
6.3<\/a>. Example resolution<\/h3>\n
The following examples illustrate the operations a resolver must perform\r\nfor its client.  We assume that the resolver is starting without a\r\n\r\n\r\n\r\nMockapetris                                                    [Page 46]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\ncache, as might be the case after system boot.  We further assume that\r\nthe system is not one of the hosts in the data and that the host is\r\nlocated somewhere on net 26, and that its safety belt (SBELT) data\r\nstructure has the following information:\r\n\r\n    Match count = -1\r\n    SRI-NIC.ARPA.   26.0.0.73       10.0.0.51\r\n    A.ISI.EDU.      26.3.0.103\r\n\r\nThis information specifies servers to try, their addresses, and a match\r\ncount of -1, which says that the servers aren't very close to the\r\ntarget.  Note that the -1 isn't supposed to be an accurate closeness\r\nmeasure, just a value so that later stages of the algorithm will work.\r\n\r\nThe following examples illustrate the use of a cache, so each example\r\nassumes that previous requests have completed.\r\n\r\n<\/pre>\n
6.3.1<\/a>. Resolve MX for ISI.EDU.<\/h4>\n
Suppose the first request to the resolver comes from the local mailer,\r\nwhich has mail for PVM@ISI.EDU.  The mailer might then ask for type MX\r\nRRs for the domain name ISI.EDU.\r\n\r\nThe resolver would look in its cache for MX RRs at ISI.EDU, but the\r\nempty cache wouldn't be helpful.  The resolver would recognize that it\r\nneeded to query foreign servers and try to determine the best servers to\r\nquery.  This search would look for NS RRs for the domains ISI.EDU, EDU,\r\nand the root.  These searches of the cache would also fail.  As a last\r\nresort, the resolver would use the information from the SBELT, copying\r\nit into its SLIST structure.\r\n\r\nAt this point the resolver would need to pick one of the three available\r\naddresses to try.  Given that the resolver is on net 26, it should\r\nchoose either 26.0.0.73 or 26.3.0.103 as its first choice.  It would\r\nthen send off a query of the form:\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\nMockapetris                                                    [Page 47]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\n               +---------------------------------------------------+\r\n    Header     | OPCODE=SQUERY                                     |\r\n               +---------------------------------------------------+\r\n    Question   | QNAME=ISI.EDU., QCLASS=IN, QTYPE=MX               |\r\n               +---------------------------------------------------+\r\n    Answer     | <empty>                                           |\r\n               +---------------------------------------------------+\r\n    Authority  | <empty>                                           |\r\n               +---------------------------------------------------+\r\n    Additional | <empty>                                           |\r\n               +---------------------------------------------------+\r\n\r\nThe resolver would then wait for a response to its query or a timeout.\r\nIf the timeout occurs, it would try different servers, then different\r\naddresses of the same servers, lastly retrying addresses already tried.\r\nIt might eventually receive a reply from SRI-NIC.ARPA:\r\n\r\n               +---------------------------------------------------+\r\n    Header     | OPCODE=SQUERY, RESPONSE                           |\r\n               +---------------------------------------------------+\r\n    Question   | QNAME=ISI.EDU., QCLASS=IN, QTYPE=MX               |\r\n               +---------------------------------------------------+\r\n    Answer     | <empty>                                           |\r\n               +---------------------------------------------------+\r\n    Authority  | ISI.EDU.        172800 IN NS       VAXA.ISI.EDU.  |\r\n               |                           NS       A.ISI.EDU.     |\r\n               |                           NS       VENERA.ISI.EDU.|\r\n               +---------------------------------------------------+\r\n    Additional | VAXA.ISI.EDU.   172800    A        10.2.0.27      |\r\n               |                 172800    A        128.9.0.33     |\r\n               | VENERA.ISI.EDU. 172800    A        10.1.0.52      |\r\n               |                 172800    A        128.9.0.32     |\r\n               | A.ISI.EDU.      172800    A        26.3.0.103     |\r\n               +---------------------------------------------------+\r\n\r\nThe resolver would notice that the information in the response gave a\r\ncloser delegation to ISI.EDU than its existing SLIST (since it matches\r\nthree labels).  The resolver would then cache the information in this\r\nresponse and use it to set up a new SLIST:\r\n\r\n    Match count = 3\r\n    A.ISI.EDU.      26.3.0.103\r\n    VAXA.ISI.EDU.   10.2.0.27       128.9.0.33\r\n    VENERA.ISI.EDU. 10.1.0.52       128.9.0.32\r\n\r\nA.ISI.EDU appears on this list as well as the previous one, but that is\r\npurely coincidental.  The resolver would again start transmitting and\r\nwaiting for responses.  Eventually it would get an answer:\r\n\r\n\r\n\r\nMockapetris                                                    [Page 48]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\n               +---------------------------------------------------+\r\n    Header     | OPCODE=SQUERY, RESPONSE, AA                       |\r\n               +---------------------------------------------------+\r\n    Question   | QNAME=ISI.EDU., QCLASS=IN, QTYPE=MX               |\r\n               +---------------------------------------------------+\r\n    Answer     | ISI.EDU.                MX 10 VENERA.ISI.EDU.     |\r\n               |                         MX 20 VAXA.ISI.EDU.       |\r\n               +---------------------------------------------------+\r\n    Authority  | <empty>                                           |\r\n               +---------------------------------------------------+\r\n    Additional | VAXA.ISI.EDU.   172800  A  10.2.0.27              |\r\n               |                 172800  A  128.9.0.33             |\r\n               | VENERA.ISI.EDU. 172800  A  10.1.0.52              |\r\n               |                 172800  A  128.9.0.32             |\r\n               +---------------------------------------------------+\r\n\r\nThe resolver would add this information to its cache, and return the MX\r\nRRs to its client.\r\n\r\n<\/pre>\n
6.3.2<\/a>. Get the host name for address 26.6.0.65<\/h4>\n
The resolver would translate this into a request for PTR RRs for\r\n65.0.6.26.IN-ADDR.ARPA.  This information is not in the cache, so the\r\nresolver would look for foreign servers to ask.  No servers would match,\r\nso it would use SBELT again.  (Note that the servers for the ISI.EDU\r\ndomain are in the cache, but ISI.EDU is not an ancestor of\r\n65.0.6.26.IN-ADDR.ARPA, so the SBELT is used.)\r\n\r\nSince this request is within the authoritative data of both servers in\r\nSBELT, eventually one would return:\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\nMockapetris                                                    [Page 49]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\n               +---------------------------------------------------+\r\n    Header     | OPCODE=SQUERY, RESPONSE, AA                       |\r\n               +---------------------------------------------------+\r\n    Question   | QNAME=65.0.6.26.IN-ADDR.ARPA.,QCLASS=IN,QTYPE=PTR |\r\n               +---------------------------------------------------+\r\n    Answer     | 65.0.6.26.IN-ADDR.ARPA.    PTR     ACC.ARPA.      |\r\n               +---------------------------------------------------+\r\n    Authority  | <empty>                                           |\r\n               +---------------------------------------------------+\r\n    Additional | <empty>                                           |\r\n               +---------------------------------------------------+\r\n\r\n<\/pre>\n
6.3.3<\/a>. Get the host address of poneria.ISI.EDU<\/h4>\n
This request would translate into a type A request for poneria.ISI.EDU.\r\nThe resolver would not find any cached data for this name, but would\r\nfind the NS RRs in the cache for ISI.EDU when it looks for foreign\r\nservers to ask.  Using this data, it would construct a SLIST of the\r\nform:\r\n\r\n    Match count = 3\r\n\r\n    A.ISI.EDU.      26.3.0.103\r\n    VAXA.ISI.EDU.   10.2.0.27       128.9.0.33\r\n    VENERA.ISI.EDU. 10.1.0.52\r\n\r\nA.ISI.EDU is listed first on the assumption that the resolver orders its\r\nchoices by preference, and A.ISI.EDU is on the same network.\r\n\r\nOne of these servers would answer the query.\r\n\r\n<\/pre>\n
7<\/a>. REFERENCES and BIBLIOGRAPHY<\/h2>\n
[Dyer 87]       Dyer, S., and F. Hsu, \"Hesiod\", Project Athena\r\n                Technical Plan - Name Service, April 1987, version 1.9.\r\n\r\n                Describes the fundamentals of the Hesiod name service.\r\n\r\n[<\/a>IEN-116]       J. Postel, \"Internet Name Server\", IEN-116,\r\n                USC\/Information Sciences Institute, August 1979.\r\n\r\n                A name service obsoleted by the Domain Name System, but\r\n                still in use.\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\nMockapetris                                                    [Page 50]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\n[Quarterman 86] Quarterman, J., and J. Hoskins, \"Notable Computer\r\n                Networks\",Communications of the ACM, October 1986,\r\n                volume 29, number 10.\r\n\r\n[<\/a>RFC-742]       K. Harrenstien, \"NAME\/FINGER\", RFC-742<\/a>, Network\r\n                Information Center, SRI International, December 1977.\r\n\r\n[<\/a>RFC-768]       J. Postel, \"User Datagram Protocol\", RFC-768<\/a>,\r\n                USC\/Information Sciences Institute, August 1980.\r\n\r\n[<\/a>RFC-793]       J. Postel, \"Transmission Control Protocol\", RFC-793<\/a>,\r\n                USC\/Information Sciences Institute, September 1981.\r\n\r\n[<\/a>RFC-799]       D. Mills, \"Internet Name Domains\", RFC-799<\/a>, COMSAT,\r\n                September 1981.\r\n\r\n                Suggests introduction of a hierarchy in place of a flat\r\n                name space for the Internet.\r\n\r\n[<\/a>RFC-805]       J. Postel, \"Computer Mail Meeting Notes\", RFC-805<\/a>,\r\n                USC\/Information Sciences Institute, February 1982.\r\n\r\n[<\/a>RFC-810]       E. Feinler, K. Harrenstien, Z. Su, and V. White, \"DOD\r\n                Internet Host Table Specification\", RFC-810<\/a>, Network\r\n                Information Center, SRI International, March 1982.\r\n\r\n                Obsolete.  See RFC-952<\/a>.\r\n\r\n[<\/a>RFC-811]       K. Harrenstien, V. White, and E. Feinler, \"Hostnames\r\n                Server\", RFC-811<\/a>, Network Information Center, SRI\r\n                International, March 1982.\r\n\r\n                Obsolete.  See RFC-953<\/a>.\r\n\r\n[<\/a>RFC-812]       K. Harrenstien, and V. White, \"NICNAME\/WHOIS\", RFC-812<\/a>,\r\n                Network Information Center, SRI International, March\r\n                1982.\r\n\r\n[<\/a>RFC-819]       Z. Su, and J. Postel, \"The Domain Naming Convention for\r\n                Internet User Applications\", RFC-819<\/a>, Network\r\n                Information Center, SRI International, August 1982.\r\n\r\n                Early thoughts on the design of the domain system.\r\n                Current implementation is completely different.\r\n\r\n[<\/a>RFC-821]       J. Postel, \"Simple Mail Transfer Protocol\", RFC-821<\/a>,\r\n                USC\/Information Sciences Institute, August 1980.\r\n\r\n\r\n\r\n\r\nMockapetris                                                    [Page 51]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\n[<\/a>RFC-830]       Z. Su, \"A Distributed System for Internet Name Service\",\r\n                RFC-830<\/a>, Network Information Center, SRI International,\r\n                October 1982.\r\n\r\n                Early thoughts on the design of the domain system.\r\n                Current implementation is completely different.\r\n\r\n[<\/a>RFC-882]       P. Mockapetris, \"Domain names - Concepts and\r\n                Facilities,\" RFC-882<\/a>, USC\/Information Sciences\r\n                Institute, November 1983.\r\n\r\n                Superceeded by this memo.\r\n\r\n[<\/a>RFC-883]       P. Mockapetris, \"Domain names - Implementation and\r\n                Specification,\" RFC-883<\/a>, USC\/Information Sciences\r\n                Institute, November 1983.\r\n\r\n                Superceeded by this memo.\r\n\r\n[<\/a>RFC-920]       J. Postel and J. Reynolds, \"Domain Requirements\",\r\n                RFC-920<\/a>, USC\/Information Sciences Institute\r\n                October 1984.\r\n\r\n                Explains the naming scheme for top level domains.\r\n\r\n[<\/a>RFC-952]       K. Harrenstien, M. Stahl, E. Feinler, \"DoD Internet Host\r\n                Table Specification\", RFC-952<\/a>, SRI, October 1985.\r\n\r\n                Specifies the format of HOSTS.TXT, the host\/address\r\n                table replaced by the DNS.\r\n\r\n[<\/a>RFC-953]       K. Harrenstien, M. Stahl, E. Feinler, \"HOSTNAME Server\",\r\n                RFC-953<\/a>, SRI, October 1985.\r\n\r\n                This RFC contains the official specification of the\r\n                hostname server protocol, which is obsoleted by the DNS.\r\n                This TCP based protocol accesses information stored in\r\n                the RFC-952<\/a> format, and is used to obtain copies of the\r\n                host table.\r\n\r\n[<\/a>RFC-973]       P. Mockapetris, \"Domain System Changes and\r\n                Observations\", RFC-973<\/a>, USC\/Information Sciences\r\n                Institute, January 1986.\r\n\r\n                Describes changes to RFC-882<\/a> and RFC-883<\/a> and reasons for\r\n                them.  Now obsolete.\r\n\r\n\r\n\r\n\r\n\r\nMockapetris                                                    [Page 52]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\n[<\/a>RFC-974]       C. Partridge, \"Mail routing and the domain system\",\r\n                RFC-974<\/a>, CSNET CIC BBN Labs, January 1986.\r\n\r\n                Describes the transition from HOSTS.TXT based mail\r\n                addressing to the more powerful MX system used with the\r\n                domain system.\r\n\r\n[<\/a>RFC-1001]      NetBIOS Working Group, \"Protocol standard for a NetBIOS\r\n                service on a TCP\/UDP transport: Concepts and Methods\",\r\n                RFC-1001<\/a>, March 1987.\r\n\r\n                This RFC and RFC-1002<\/a> are a preliminary design for\r\n                NETBIOS on top of TCP\/IP which proposes to base NetBIOS\r\n                name service on top of the DNS.\r\n\r\n[<\/a>RFC-1002]      NetBIOS Working Group, \"Protocol standard for a NetBIOS\r\n                service on a TCP\/UDP transport: Detailed\r\n                Specifications\", RFC-1002<\/a>, March 1987.\r\n\r\n[<\/a>RFC-1010]      J. Reynolds and J. Postel, \"Assigned Numbers\", RFC-1010<\/a>,\r\n                USC\/Information Sciences Institute, May 1987\r\n\r\n                Contains socket numbers and mnemonics for host names,\r\n                operating systems, etc.\r\n\r\n[<\/a>RFC-1031]      W. Lazear, \"MILNET Name Domain Transition\", RFC-1031<\/a>,\r\n                November 1987.\r\n\r\n                Describes a plan for converting the MILNET to the DNS.\r\n\r\n[<\/a>RFC-1032]      M. K. Stahl, \"Establishing a Domain - Guidelines for\r\n                Administrators\", RFC-1032<\/a>, November 1987.\r\n\r\n                Describes the registration policies used by the NIC to\r\n                administer the top level domains and delegate subzones.\r\n\r\n[<\/a>RFC-1033]      M. K. Lottor, \"Domain Administrators Operations Guide\",\r\n                RFC-1033<\/a>, November 1987.\r\n\r\n                A cookbook for domain administrators.\r\n\r\n[Solomon 82]    M. Solomon, L. Landweber, and D. Neuhengen, \"The CSNET\r\n                Name Server\", Computer Networks, vol 6, nr 3, July 1982.\r\n\r\n                Describes a name service for CSNET which is independent\r\n                from the DNS and DNS use in the CSNET.\r\n\r\n\r\n\r\n\r\n\r\nMockapetris                                                    [Page 53]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\nIndex\r\n\r\n          A   12\r\n          Absolute names   8\r\n          Aliases   14, 31\r\n          Authority   6\r\n          AXFR   17\r\n\r\n          Case of characters   7\r\n          CH   12\r\n          CNAME   12, 13, 31\r\n          Completion queries   18\r\n\r\n          Domain name   6, 7\r\n\r\n          Glue RRs   20\r\n\r\n          HINFO   12\r\n\r\n          IN   12\r\n          Inverse queries   16\r\n          Iterative   4\r\n\r\n          Label   7\r\n\r\n          Mailbox names   9\r\n          MX   12\r\n\r\n          Name error   27, 36\r\n          Name servers   5, 17\r\n          NE   30\r\n          Negative caching   44\r\n          NS   12\r\n\r\n          Opcode   16\r\n\r\n          PTR   12\r\n\r\n          QCLASS   16\r\n          QTYPE   16\r\n\r\n          RDATA   13\r\n          Recursive   4\r\n          Recursive service   22\r\n          Relative names   7\r\n          Resolvers   6\r\n          RR   12\r\n\r\n\r\n\r\n\r\nMockapetris                                                    [Page 54]<\/span><\/pre>\n
\n
 <\/a>\r\nRFC 1034<\/a>             Domain Concepts and Facilities        November 1987<\/span>\r\n\r\n\r\n          Safety belt   33\r\n          Sections   16\r\n          SOA   12\r\n          Standard queries   22\r\n\r\n          Status queries   18\r\n          Stub resolvers   32\r\n\r\n          TTL   12, 13\r\n\r\n          Wildcards   25\r\n\r\n          Zone transfers   28\r\n          Zones   19\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\nMockapetris                                                    [Page 55]\r\n\r\n<\/pre>\n
Html markup produced by rfcmarkup 1.127, available from\u00a0https:\/\/tools.ietf.org\/tools\/rfcmarkup\/<\/a><\/small><\/small><\/span><\/p>\n
\"image_pdf\"<\/a>\"image_print\"<\/a><\/div>","protected":false},"excerpt":{"rendered":"
[Docs] [txt|pdf] [Tracker] [Errata] Updated by: 1101, 1183, 1348, 1876, 1982, 2065, INTERNET STANDARD 2181, 2308, 2535, 4033, 4034, 4035, 4343, 4035, 4592, 5936, 8020 Errata Exist Network Working Group P. Mockapetris Request for Comments: 1034 ISI Obsoletes: RFCs 882, 883, 973 November 1987 DOMAIN NAMES – CONCEPTS AND FACILITIES 1. STATUS OF THIS MEMO …<\/p>\n
Continue reading ‘RFC 1034’ »<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[176],"tags":[],"class_list":["post-3147","post","type-post","status-publish","format-standard","hentry","category-rfc"],"_links":{"self":[{"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/posts\/3147"}],"collection":[{"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3147"}],"version-history":[{"count":2,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/posts\/3147\/revisions"}],"predecessor-version":[{"id":3154,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/posts\/3147\/revisions\/3154"}],"wp:attachment":[{"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3147"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3147"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3147"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}