In Like a Lamb, Out Like a Lion - Page 2

By Pete Loshin | Posted Oct 15, 2000
Page 2 of 2   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

The DNS Collection

Late September's newest BCP, RFC 2929, "Domain Name System (DNS) IANA Considerations," is one of five DNS-related RFCs that came out in late September. RFC 2929, or BCP 42 as it is also known, discusses the general parameters that have Internet Assigned Number Authority (IANA) considerations--in other words, any values in the DNS headers or in DNS Resource Records (RRs) that might be chosen from valid values under the authority of the IANA. Although this document is certainly important for DNS implementers, it is also a useful resource for those who want to understand DNS from the ground up; it includes comprehensive references to seminal documents describing DNS.

RFC 2915, "The Naming Authority Pointer (NAPTR) DNS Resource Record," is a Proposed Standard updating RFC 2168, "Resolution of Uniform Resource Identifiers using the Domain Name System." Originally created as a way to build DNS RRs that could consist of rule-sets capable of being redelegated over time (for example, to point to new services instead of old ones that have been removed), the NAPTR DNS RR is updated in RFC 2915.

Another Proposed Standard, RFC 2916, "E.164 number and DNS," describes how the DNS can be used to identify available telephone services connected with E.164 numbers (more commonly known as telephone numbers).

The last two DNS RFCs, RFC 2930, "Secret Key Establishment for DNS (TKEY RR)," and RFC 2931, "DNS Request and Transaction Signatures ( SIG(0)s )," are both Proposed Standards. Both describe mechanisms that help improve DNS security.

In RFC 2845, "Secret Key Transaction Authentication for DNS (TSIG)," a mechanism for authenticating DNS queries and responses using shared secret keys, is defined in the Transaction Signature (TSIG) RR. However, the document does not provide any mechanism for sharing the secret keys, other than by manually exchanging them. RFC 2930 describes a mechanism, called a Transaction Key (TKEY) RR, which can be used to set up the sharing of secret keys between DNS clients and servers.

RFC 2535, "Domain Name System Security Extensions," defines extensions to DNS that are used to "provide data origin and transaction integrity" as well as "authentication to security aware resolvers and applications through the use of cryptographic digital signatures." Implementers have discovered that the extensions as defined in RFC 2535 don't exactly work the way they should, and RFC 2931 describes modifications that fix the problems.

Document, Protocol, and Working Group Actions

Table 2 lists all the document and protocol actions announced by the IESG in the past couple of weeks--and there were quite a few.

Important new document actions include several related to Multiprotocol Label Switching (MPLS), including two on the Label Distribution Protocol (LDP) and one on the use of the Virtual Connection Identifier (VCID) to support the ATM Label Switching Router (ATM-LSR). Also new is the approval of the NFS version 4 specification as a Proposed Standard.

Table 2: IESG Document and Protocol Actions Announced September 18 through October 1, 2000

What's Next

After a four-month run, this column is going on hiatus. If you like it, let me know at pete@Internet-Standard.com . Let EarthWeb know, too. Meanwhile, you can check out the latest developments on Internet-Standard.com. //

Pete Loshin has been writing about IP networking since 1988, and is the author of 20 books about networking, the Internet, and Internet standards. The founder of Internet-Standard.com, Pete frequently consults on Internet protocol issues.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter