DNS Out Of Protocol Signalling

DNS Out Of Protocol Signalling Stichting Internet Domeinregistratie Nederland

Postbus 5022 Arnhem 6802EA Netherlands marc.groeneweg@sidn.nl

Stichting Internet Domeinregistratie Nederland

Postbus 5022 Arnhem 6802EA Netherlands stefan.ubbink@sidn.nl

NLnet Labs

Science Park 400 Amsterdam 1098 XH Netherlands willem@nlnetlabs.nl

Internet DNSOP Working Group This document seeks to specify a method for name servers to signal programs outside of the name server software, and which are not necessarily involved with the DNS protocol, about conditions that can arise within the name server. These signals can be used to invoke actions in areas that help provide the DNS service, such as routing. Currently this document serves as a requirements document to come to a signalling mechanism that will suit the use cases best. Part of that effort is to assemble a list of conditions with potential associated out of DNS protocol actions, as well as inventory and assess existing signalling mechanisms for suitability.

Introduction Operators of name servers can benefit from automatically taking action upon certain conditions in the name server software. Some conditions can be monitored from outside the name server software, but for adequate and immediate action, the name server software can signal itself about the condition immediately when it occurs to invoke action by a listener for these signals. An example of such a condition is when all zones, from a set served from an anycasted prefix, are loaded and ready to be served, with the associated automatic actions to only announce a prefix route from the point-of-presence where the name server is running, if all zones from the set are ready to be served, and to withdraw the prefix route if one of the zones cannot be served. This way queries for zones will only reach the point-of-presence if the name server software can answer those queries. Operators of anycasted DNS authoritative services with diverse implementations will benefit from standardizing of the name server signalling, but before coming to a specification for the mechanism, this document will serve to inventorise the already available standardized and non-standardized signalling channels and assess them for usability for out of protocol signalling.

Terminology and Definitions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

Conditions to be signalled This section served to collect a list of conditions for which actions outside of the DNS protocol may be interesting. It is by no means meant to be a complete list, but serves to inventorise the requirements for the signalling channel.

The name server is running and can respond to queries

A zone is updated to a new version

A zone is loaded and ready to be served

A zone is about to expire

A zone can no longer be served

A zone from a set of zones is loaded and ready to be served

One or more zones from a set of zones is about to expire

One or more zones from a set of zones is no longer about to expire

One or more zones from a set of zones can no longer be served

Query rate is exceeding a threshold

Query rate is below a threshold

DNSSEC signatures are about to expire

DNSSEC signatures will no longer expire soon

Extended DNS Error conditions

Requirements for signalling mechanisms and channels The following requirements can be distilled from .

Existing signalling mechanisms and channels What follows is a list of existing signalling mechanisms assessed on their suitability based on the requirements outlined in the previous paragraph.

Notify

Extended DNS Error reporting

D-Bus as publication channel

Security and Privacy Considerations Signalling MUST be performed in an authenticated and private manner.

Implementation Status

Knot DNS has support for D-Bus notifications (See ) for significant server and zone events with the "dbus-event" configuration parameter since version 3.1.6

IANA Considerations This document has no IANA actions

Acknowledgements

Normative References Informative References D-Bus Specification Red Hat, Inc. CodeFactory AB Red Hat, Inc. Imendio AB Collabora Ltd. Knot DNS - Version 3.1.6 CZ.NIC

Implementation Status Note to the RFC Editor: please remove this entire appendix before publication. Knot currently uses for this.

Change History Note to the RFC Editor: please remove this entire appendix before publication.

draft-grubto-dnsop-dns-out-of-protocol-signalling-00

Initial version