Network Working Group J. Abley Internet-Draft ICANN Updates: 3172 (if approved) O. Gudmundsson Intended status: BCP Shinkuro Inc. Expires: June 22, 2010 December 19, 2009 The Eternal Non-Existence of SINK.ARPA (and other stories) draft-jabley-sink-arpa-02 Abstract This document specifies a fully-qualified domain name in the Domain Name System (DNS) that can be relied upon never to exist. The availability of a name in the DNS which is guaranteed not to exist has useful operational applications. This document also provides a procedural framework for other names that have special characteristics to be reserved, and for those special characteristics to be codified as modifications to the normal ARPA administration process. Status of this Memo This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on June 22, 2010. Copyright Notice Copyright (c) 2009 IETF Trust and the persons identified as the Abley & Gudmundsson Expires June 22, 2010 [Page 1] Internet-Draft The Eternal Non-Existence of SINK.ARPA December 2009 document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the BSD License. Abley & Gudmundsson Expires June 22, 2010 [Page 2] Internet-Draft The Eternal Non-Existence of SINK.ARPA December 2009 1. Introduction The Domain Name System (DNS) is described in [RFC1034] and [RFC1035]. This document has three purposes: 1. to create a new IANA registry called "ARPA Reserved Names" (see Section 4); 2. to define the special considerations of a single name SINK.ARPA, a name which is defined never to exist (see Section 2); 3. to allow the procedures by which the ARPA zone is maintained, as documented in [RFC3172], to be modified for names present in the ARPA Reserved Names registry according to the special characteristics of those names (see Section 5). Abley & Gudmundsson Expires June 22, 2010 [Page 3] Internet-Draft The Eternal Non-Existence of SINK.ARPA December 2009 2. SINK.ARPA The special considerations for the name SINK.ARPA are that the name SINK.ARPA shall be guaranteed never to have any resource records associated with it. That is, the domain does not exist and queries for it will result in name errors (NXDOMAIN). The reliable non- existence of a globally-consistent and formally-defined name has some operational utility (see Section 3 for examples). Various top-level domains are reserved by [RFC2606], including "INVALID". The use of "INVALID" as a codified, non-existent domain was considered. However: o INVALID is poorly characterised from a DNS perspective in [RFC2606]; that is, the specification that INVALID does not exist as a Top Level Domain (TLD) is imprecise given the various uses of the term TLD in policy forums; o the contents of the root zone are derived by interaction with many inter-related policy-making bodies, whereas the administrative and technical processes relating to the ARPA zone are much more clearly defined in an IETF context; o the use of ARPA for purposes of operational infrastructure (and, by inference, the explicit non-use of a particular name in ARPA) is consistent with the purpose of that zone, as described in [RFC3172]. This document specifies that any request which would cause the name SINK.ARPA to exist in the DNS should be denied. Abley & Gudmundsson Expires June 22, 2010 [Page 4] Internet-Draft The Eternal Non-Existence of SINK.ARPA December 2009 3. Examples It is expected that the guaranteed non-existence of SINK.ARPA has many general operational applications. What follows are two topical examples at the time of writing. 1. Mail Transfer Agents (MTAs) which deliver mail using the SMTP protocol ([RFC2821]) look up MX records in order to identify the host to which SMTP connection attempts should be made. For devices which do not support SMTP, it may be desirable to prevent MTAs from attempting any SMTP connection. Installing an MX record whose RDATA includes SINK.ARPA in the EXCHANGE field ([RFC1034]) should cause compliant MTAs to make no connection: SINK.ARPA does not exist, and A and AAAA records should not be used when an MX record is present. 2. DNS UPDATE clients which send dynamic updates to DNS master servers ([RFC2136]) identify the primary master server for a zone using the MNAME field of the zone's SOA record ([RFC1034]). The MNAME field is mandatory, but many zones intentionally do not accept dynamic updates. DNS UPDATE messages for such zones may constitute unwanted traffic, and can be suppressed by specifying the MNAME to be SINK.ARPA. Abley & Gudmundsson Expires June 22, 2010 [Page 5] Internet-Draft The Eternal Non-Existence of SINK.ARPA December 2009 4. IANA Considerations This document directs the IANA to create a registry as follows: +-------------------------+----------------------------------------+ | Parameter | Value | +-------------------------+----------------------------------------+ | Registry Name | ARPA Reserved Names | | | | | Reference | This document (RFCXXXX) Section 5 | | | | | Registration Procedures | IETF Standards Action and IAB approval | +-------------------------+----------------------------------------+ The initial registry contents should be as follows: +-----------+----------------------+---------+----------------------+ | Name | Purpose | RRTypes | Reference | +-----------+----------------------+---------+----------------------+ | SINK.ARPA | Definitively | NONE | This document | | | non-existent name | | (RFCXXXX) Section 2 | +-----------+----------------------+---------+----------------------+ Abley & Gudmundsson Expires June 22, 2010 [Page 6] Internet-Draft The Eternal Non-Existence of SINK.ARPA December 2009 5. Administration of the ARPA Domain The management guidelines and operational requirements of the ARPA domain is described in [RFC3172]. Requests to modify the ARPA zone are specified in standards-track documents which, when approved by the IESG and the IAB are sent to the IANA for implementation. This document updates the procedures described in that document as follows: 5.1. Criteria for "arpa" Sub-domains Names which are included in the IANA registry "ARPA Reserved Names" are reserved and require special consideration. The nature of that special consideration is specified by reference within the ARPA Reserved Names registry. Abley & Gudmundsson Expires June 22, 2010 [Page 7] Internet-Draft The Eternal Non-Existence of SINK.ARPA December 2009 6. IAB Considerations IAB review and approval of this document is required, given the IAB's technical and administrative function in the approval of changes to the ARPA zone. Abley & Gudmundsson Expires June 22, 2010 [Page 8] Internet-Draft The Eternal Non-Existence of SINK.ARPA December 2009 7. Security Considerations This document institutionalises a single name in the DNS to which unwanted traffic can be directed. This name, SINK.ARPA, is specified in this document not to exist in the DNS. If address records for SINK.ARPA were to be introduced by exploiting insecurities in the DNS, however, then those addresses would receive that unwanted traffic. This might provide a leak of private information to a third party, or have other unwelcome consequences. The non-existence of SINK.ARPA will be cryptographically verifiable when the ARPA zone is signed. Abley & Gudmundsson Expires June 22, 2010 [Page 9] Internet-Draft The Eternal Non-Existence of SINK.ARPA December 2009 8. References 8.1. Normative References [RFC1034] Mockapetris, P., "Domain names - concepts and facilities", STD 13, RFC 1034, November 1987. [RFC1035] Mockapetris, P., "Domain names - implementation and specification", STD 13, RFC 1035, November 1987. [RFC2606] Eastlake, D. and A. Panitz, "Reserved Top Level DNS Names", BCP 32, RFC 2606, June 1999. [RFC3172] Huston, G., "Management Guidelines & Operational Requirements for the Address and Routing Parameter Area Domain ("arpa")", BCP 52, RFC 3172, September 2001. 8.2. Informative References [RFC2136] Vixie, P., Thomson, S., Rekhter, Y., and J. Bound, "Dynamic Updates in the Domain Name System (DNS UPDATE)", RFC 2136, April 1997. [RFC2821] Klensin, J., "Simple Mail Transfer Protocol", RFC 2821, April 2001. Abley & Gudmundsson Expires June 22, 2010 [Page 10] Internet-Draft The Eternal Non-Existence of SINK.ARPA December 2009 Appendix A. Editorial Notes This section (and sub-sections) to be removed prior to publication. A.1. On the name SINK.ARPA The name SINK.ARPA has been chosen as an editorial convenience: having a name is more convenient than not having a name when discussing the general proposal. No doubt other names would do the job just as well. A.2. Change History 00 Initial draft. 01 Updated following feedback from Alfred Hoenes. 02 Updated following feedback from Ralph Droms. Abley & Gudmundsson Expires June 22, 2010 [Page 11] Internet-Draft The Eternal Non-Existence of SINK.ARPA December 2009 Authors' Addresses Joe Abley ICANN 4676 Admiralty Way, Suite 330 Marina del Rey, CA 90292 USA Phone: +1 310 301 3885 Email: joe.abley@icann.org Olafur Gudmundsson Shinkuro Inc. 4922 Fairmont Avenue, Suite 250 Bethesda, MD 20814 USA Email: ogud@ogud.com Abley & Gudmundsson Expires June 22, 2010 [Page 12]