]> RIPE NCC

florian+ietf@narrans.de

This document specifies a DNS Resolver Information Key to inform DNS clients of DELEG support.

Introduction The Extensible Delegation for DNS specifies the DELEG record type that is authoritative in the parent zone of a zone cut. To prevent downgrade attacks, introduces a new DNSKEY flag. A Validating Stub Resolver that is DELEG aware has to know if the Recursive Resolver it uses is DELEG aware. A DELEG aware Recursive Resolver using a Forwarder has to know if the Forwarder is DELEG aware. specifies a DNS resource record (RR) type RESINFO to allow resolvers to publish information about their capabilities and policies. This can be used to inform DNS clients that DELEG is supported by the DNS resolver.

Requirements Notation The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

deleg Resolver Information Key

deleg:

The presence of this key indicates that the DNS resolver supports DELEG. A resolver which supports SHOULD add the deleg key if it supports . Note that, per the rules for the keys defined in Section 6.4 of , if there is no '=' in a key, then it is a boolean attribute, simply identified as being present, with no value.

Security Considerations The security considerations of apply.

IANA Considerations The IANA is requested to add the key "deleg", with the description of "The presence of the key indicates that DELEG is supported.", and a reference to this document. Name Description Reference deleg The presence of the key indicates that DELEG is supported. RFC EDITOR: THIS DOCUMENT

In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. This document specifies how DNS resource records are named and structured to facilitate service discovery. Given a type of service that a client is looking for, and a domain in which the client is looking for that service, this mechanism allows clients to discover a list of named instances of that desired service, using standard DNS queries. This mechanism is referred to as DNS-based Service Discovery, or DNS-SD. RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings. This document specifies a method for DNS resolvers to publish information about themselves. DNS clients can use the resolver information to identify the capabilities of DNS resolvers. How DNS clients use such information is beyond the scope of this document. Google, LLC ISC Akamai Technologies Salesforce A delegation in the Domain Name System (DNS) is a mechanism that enables efficient and distributed management of the DNS namespace. It involves delegating authority over subdomains to specific DNS servers via NS records, allowing for a hierarchical structure and distributing the responsibility for maintaining DNS records. An NS record contains the hostname of the nameserver for the delegated namespace. Any facilities of that nameserver must be discovered through other mechanisms. This document proposes a new extensible DNS record type, DELEG, for delegation the authority for a domain. Future documents then can use this mechanism to use additional information about the delegated namespace and the capabilities of authoritative nameservers for the delegated namespace.