]> TUD Dresden University of Technology

Helmholtzstr. 10 Dresden D-01069 Germany martine.lenders@tu-dresden.de

Universität Bremen TZI

cabo@tzi.org

HAW Hamburg

t.schmidt@haw-hamburg.de

TUD Dresden University of Technology & Barkhausen Institut

Helmholtzstr. 10 Dresden D-01069 Germany m.waehlisch@tu-dresden.de

Applications CBOR Internet-Draft CBOR DNS This document specifies a compressed data format of DNS messages using the Concise Binary Object Representation . The primary purpose is to keep DNS messages small in constrained networks. About This Document The latest revision of this draft can be found at . Status information for this document may be found at . Discussion of this document takes place on the CBOR Working Group mailing list (), which is archived at . Subscribe at . Source for this draft and an issue tracker can be found at .

Introduction In constrained networks , the link layer may restrict the payload sizes to only a few hundreds bytes. Encrypted DNS resolution, such as DNS over HTTPS (DoH) or DNS over CoAP (DoC) , may lead to DNS message sizes that exceed this limit, even when implementing header compression such as 6LoWPAN IPHC or SCHC , . Although adoption layers such as 6LoWPAN or SCHC offer fragmentation to comply with small MTUs, fragmentation should be avoided in constrained networks, because fragmentation combined with high packet loss multiplies the loss. As such, a compression format for DNS messages is needed. This document specifies a compressed data format for DNS messages. DNS messages are encoded in Concise Binary Object Representation (CBOR) and, additionally, unnecessary or redundant information is removed. To use the outcome of this specification in DoH and DoC, this document also specifies a Media Type header for DoH and a Content-Format option for DoC.

Terminology CBOR types (unsigned integer, byte string, text string, arrays, etc.) are used as defined in . TBD DNS server and client. A DNS query is a message that queries DNS information from an upstream DNS resolver. The term "constrained networks" is used as defined in . The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

CBOR Representations (application/dns+cbor) To keep overhead minimal, a DNS message is represented as CBOR arrays. All CBOR items used in this specification are of definite length. CBOR arrays that do not follow the length definitions of this or follow-up specifications, MUST be silently ignored. It is assumed that DNS query and DNS response are distinguished message types and that the query can be mapped to the response by the transfer protocol of choice. To define the representation of binary objects we use the Concise Data Definition Language (CDDL) .

This document defines both DNS Queries and Responses in CDDL

If, for any reason, a DNS message is not representable in the CBOR format specified in this document, a fallback to the another DNS message format, e.g., the classic DNS wire format, MUST always be possible.

Domain Name Representation Domain names are represented in their commonly known string format (e.g., "example.org", see Section 2.3.1 in ) and in IDNA encoding as a text string. For the purpose of this document, domain names remain case-insensitive as specified in . The representation of a domain name is defined in . TBD: represent names as components ((* tstr)), provide name compression when is updated for the reference format and table building discussed at IETF 118.

Domain Name Definition

DNS Resource Records This document specifies the representation of both standard DNS resource records (RRs, see ) and EDNS option pseudo-RRs (see ). If for any reason, a resource record can not be represented in the given formats, they can be represented in their binary wire-format form, as a byte string. Further special records, e.g., TSIG can be defined in follow-up specifications and are out of scope of this document. The representation of a DNS resource records is defined in .

DNS Resource Record Definition

Standard RRs Standard DNS resource records are encoded as CBOR arrays containing 2 to 5 entries in the following order:

1. An optional name (as text string, see ),
2. A TTL (as unsigned integer),
3. An optional record type (as unsigned integer),
4. An optional record class (as unsigned integer), and lastly
5. A record data entry (as unsigned integer, negative integer, byte string, or text string).

If the first item of the resource record is a text string, it is its name. If the name is elided, the name is derived from the question section of the message. For responses, the question section is either taken from the query (see ) or provided with the response see . The query may be derived from the context of the transfer protocol. If the record type is elided, the record type from the question is assumed. If record class is elided, the record class from the question is assumed. When a record class is required, the record type MUST also be provided. The byte format of the record data as a byte string follows the wire format as specified in Section 3.3 (or other specifications of the respective record type). Note that this format does not include the RDLENGTH field from as this value is encoded in the length field of the CBOR byte string. If the record data represents a domain name (e.g., for CNAME or PTR records), the record data MAY be represented as a text string as specified in . This can save 1 byte of data, because the byte representation of DNS names requires both an additional byte to define the length of the first name component and well as a zero byte at the end of the name. With CBOR on the other hand only 1 byte is required to define type and length of the text string up until a string length of 23 characters. There is an argument to be made for more structured formats of other record data representations (e.g. MX or SOA), but these usually add more overhead. As such, those record data are to be represented as a byte string.

DNS Standard Resource Record Definition

EDNS OPT Pseudo-RRs EDNS OPT Pseudo-RRs are represented as a CBOR array. To distinguish them from normal standard RRs, they are marked with tag TBD141. Name and record type can be elided as they are always "." and OPT (41), respectively . The UDP payload size may be the first element as an unsigned integer in the array but it can be elided if it defaults to 512, the maximum allowable size for DNS over UDP . The next element is an array of the options, which are represented two elements each, an unsigned integer, the option code, followed by a byte string, the option data. Multiple options alternate between unsigned integer and byte string within the array. After that, up to three unsigned integers are following. The first being the extended flags as unsigned integer (implied to be 0 if elided), the second the extended RCODE as an unsigned integer (implied to be 0 if elided), and the third the EDNS version (implied to be 0 if elided). They are dependent on each of their previous elements. If the EDNS version is not elided, both extended flags and extended RCODE MUST not be elided. If the RCODE is not elided the extended flags MUST not be elided. TBD: reverse extended flags to get MSB-defined DO into LSB? Note that future EDNS versions may require a different format than the one described above.

DNS OPT Resource Record Definition

DNS Queries DNS queries are encoded as CBOR arrays containing up to 5 entries in the following order:

1. An optional flag field (as unsigned integer),
2. The question section (as array),
3. An optional authority section (as array), and
4. An optional additional section (as array)

If the first item of the query is an array, it is the question section, if it is an unsigned integer, it is as flag field and maps to the header flags in and the "DNS Header Flags" IANA registry including the QR flag and the Opcode. It MUST be lesser than 2^16. If the flags are elided, the value 0 is assumed. This specification assumes that the DNS messages are sent over a transfer protocol that can map the queries to their responses, e.g., DNS over HTTPS or DNS over CoAP . As a consequence, the DNS transaction ID is always elided and the value 0 is assumed. A question within the question section is encoded as a CBOR array containing up to 3 entries:

1. The queried name (as text string, see ),
2. An optional record type (as unsigned integer), and
3. An optional record class (as unsigned integer)

If the record type is elided, record type AAAA as specified in is assumed. If the record class is elided, record class IN as specified in is assumed. When a record class is required, the record type MUST also be provided. If more than one question is supposed to be in the question section, the next question just follows. In this case, for every question but the record type MUST be included and it is not optional. This way it is ensured that the parser can distinguish each question by looking up the name first (TBD note: this is especially relevant once the name is split up in components). The remainder of the query is either empty or MUST consist of up to two arrays. The first array, if present, encodes the authority section of the query as an array of DNS resource records (see ) The second array, if present, encodes the additional section of the query as an array of DNS resource records (see ) The representation of a DNS query is defined in .

DNS Query Definition

DNS Responses DNS responses are encoded as a CBOR array containing up to 7 entries.

1. An optional flag field (as unsigned integer),
2. An optional question section (as array, encoded as described in )
3. The answer section (as array),
4. An optional authority section (as array), and
5. An optional additional section (as array)

As for queries, the DNS transaction ID is elided and implied to be 0. If the CBOR array is a response to a query for which the flags indicate that flags are set in the response, they MUST be set accordingly and thus included in the response. If the flags are not included, the flags are implied to be 0x8000 (everything unset except for the QR flag). If the response includes only 1 array, this is the DNS answer section represented as an array of one or more DNS Resource Records (see ). If the response includes more than 2 arrays, the first entry may be the question section, identified by not being an array of arrays. If it is present, it is followed by the answer section. The question section is encoded as specified in . If the answer section is followed by 1 additional array, it is the additional section (TBD: back choice to favor additional section by empirical data). Like the answer section, the additional sections is represented as an array of one or more DNS Resource Records (see ). If the answer section is followed by 2 additional arrays, the first is the authority section, and the second the additional section (TBD: back choice to favor additional section by empirical data). The authority section is also represented as an array of one or more DNS Resource Records (see ).

DNS Response Definition

Name and Address Compression with CBOR-packed If both DNS server and client support CBOR-packed , it MAY be used for name and address compression in DNS responses.

Media Type Negotiation A DNS client uses media type "application/dns+cbor;packed=1" to negotiate (see, e.g., or , Section 5.5.4) with the DNS server if the server supports packed CBOR. If it does, it MAY request the response to be in CBOR-packed (media type "applicaton/dns+cbor;packed=1"). The server then SHOULD reply with the response in CBOR-packed.

DNS Representation in CBOR-packed The representation of DNS responses in CBOR-packed has the same semantics as for tag TBD113 (, Section 3.1) with the rump being the compressed response. The difference to is that tag TBD113 is OPTIONAL. Packed compression of queries is not specified, as apart from EDNS(0) (see ), they only consist of one question most of the time.

Compression How the compressor constructs the packing table, i.e., how the compression is applied, is out of scope of this document. Several potential compression algorithms were evaluated in [TBD].

Comparison to wire format TBD: Table comparing DNS wire-format, DNS+CBOR, and DNS+CBOR-packed

Implementation Status This section records the status of known implementations of the protocol defined by this specification at the time of posting of this Internet-Draft, and is based on a proposal described in . The description of implementations in this section is intended to assist the IETF in its decision processes in progressing drafts to RFCs. Please note that the listing of any individual implementation here does not imply endorsement by the IETF. Furthermore, no effort has been spent to verify the information presented here that was supplied by IETF contributors. This is not intended as, and must not be construed to be, a catalog of available implementations or their features. Readers are advised to note that other implementations may exist. According to , "this will allow reviewers and working groups to assign due consideration to documents that have the benefit of running code, which may serve as evidence of valuable experimentation and feedback that have made the implemented protocols more mature. It is up to the individual working groups to use this information as they see fit".

Python decoder/encoder The authors of this document provide a decoder/encoder implementation of both the unpacked and packed format specified in this document in Python.

Level of maturity:

prototype

Version compability:

draft-lenders-dns-cbor-05

License:

MIT

Contact information:

Martine Lenders <martine.lenders@tu-dresden.de>

Last update of this information:

October 2023

Embedded decoder/encoder The authors of this document provide a decoder/encoder implementation of the unpacked format specified in this document for the RIOT operating system. It can only encode queries and decode responses.

Level of maturity:

prototype

Version compability:

draft-lenders-dns-cbor-05

License:

MIT

Contact information:

Martine Lenders <martine.lenders@tu-dresden.de>

Last update of this information:

October 2023

Security Considerations TODO Security

IANA Considerations

Media Type Registration This document registers a media type for the serialization format of DNS messages in CBOR. It follows the procedures specified in .

"application/dns+cbor" Type name: application Subtype name: dns+cbor Required parameters: None Optional parameters: packed Encoding considerations: Must be encoded as using . See [TBD-this-spec] for details. Security considerations: See of this draft Interoperability considerations: TBD Published specification: [TBD-this-spec] Applications that use this media type: TBD DNS over X systems Fragment Identifier Considerations: TBD Additional information:    Deprecated alias names for this type: N/A    Magic number(s): N/A    File extension(s): dnsc    Macintosh file type code(s): none Person & email address to contact for further information: Martine S. Lenders m.lenders@fu-berlin.de Intended usage: COMMON Restrictions on Usage: None? Author: Martine S. Lenders m.lenders@fu-berlin.de Change controller: Martine S. Lenders m.lenders@fu-berlin.de Provisional registrations? No

CoAP Content-Format Registration IANA is requested to assign CoAP Content-Format ID for the new DNS message media types in the "CoAP Content-Formats" sub-registry, within the "CoRE Parameters" registry , corresponding the "application/dns+cbor" media type specified in :

"application/dns+cbor" Media-Type: application/dns+cbor Encoding: - Id: TBD Reference: [TBD-this-spec]

"application/dns+cbor;packed=1" Media-Type: application/dns+cbor;packed=1 Encoding: - Id: TBD Reference: [TBD-this-spec]

CBOR Tags Registry In the registry "" , IANA is requested to allocate the tags defined in . Values for Tag Numbers

Tag	Data Item	Semantics	Reference
TBD141	array	CBOR EDNS option record	draft-lenders-dns-cbor

References Normative References This RFC is the revised specification of the protocol and format used in the implementation of the Domain Name System. It obsoletes RFC-883. This memo documents the details of the domain name client - server communication. This document defines the changes that need to be made to the Domain Name System (DNS) to support hosts running IP version 6 (IPv6). The changes include a resource record type to store an IPv6 address, a domain to support lookups based on an IPv6 address, and updated definitions of existing query types that return Internet addresses as part of additional section processing. The extensions are designed to be compatible with existing applications and, in particular, DNS implementations themselves. [STANDARDS-TRACK] The Domain Name System's wire protocol includes a number of fixed fields whose range has been or soon will be exhausted and does not allow requestors to advertise their capabilities to responders. This document describes backward-compatible mechanisms for allowing the protocol to grow. This document updates the Extension Mechanisms for DNS (EDNS(0)) specification (and obsoletes RFC 2671) based on feedback from deployment experience in several implementations. It also obsoletes RFC 2673 ("Binary Labels in the Domain Name System") and adds considerations on the use of extended labels in the DNS. The Constrained Application Protocol (CoAP) is a specialized web transfer protocol for use with constrained nodes and constrained (e.g., low-power, lossy) networks. The nodes often have 8-bit microcontrollers with small amounts of ROM and RAM, while constrained networks such as IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs) often have high packet error rates and a typical throughput of 10s of kbit/s. The protocol is designed for machine- to-machine (M2M) applications such as smart energy and building automation. CoAP provides a request/response interaction model between application endpoints, supports built-in discovery of services and resources, and includes key concepts of the Web such as URIs and Internet media types. CoAP is designed to easily interface with HTTP for integration with the Web while meeting specialized requirements such as multicast support, very low overhead, and simplicity for constrained environments. This document proposes a notational convention to express Concise Binary Object Representation (CBOR) data structures (RFC 7049). Its main goal is to provide an easy and unambiguous way to express structures for protocol messages and data formats that use CBOR or JSON. The Concise Binary Object Representation (CBOR) is a data format whose design goals include the possibility of extremely small code size, fairly small message size, and extensibility without the need for version negotiation. These design goals make it different from earlier binary serializations such as ASN.1 and MessagePack. This document obsoletes RFC 7049, providing editorial improvements, new details, and errata fixes while keeping full compatibility with the interchange format of RFC 7049. It does not create a new version of the format. Universität Bremen TZI The Concise Binary Object Representation (CBOR, RFC 8949 == STD 94) is a data format whose design goals include the possibility of extremely small code size, fairly small message size, and extensibility without the need for version negotiation. CBOR does not provide any forms of data compression. CBOR data items, in particular when generated from legacy data models, often allow considerable gains in compactness when applying data compression. While traditional data compression techniques such as DEFLATE (RFC 1951) can work well for CBOR encoded data items, their disadvantage is that the receiver needs to decompress the compressed form to make use of the data. This specification describes Packed CBOR, a simple transformation of a CBOR data item into another CBOR data item that is almost as easy to consume as the original CBOR data item. A separate decompression step is therefore often not required at the receiver. // The present version (-09) provides two table setup tags (common, // split setup) and discusses behavior in case of references to // unpopulated table entries during unpacking. IANA In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings. This document is one of a collection that, together, describe the protocol and usage context for a revision of Internationalized Domain Names for Applications (IDNA), superseding the earlier version. It describes the document collection and provides definitions and other material that are common to the set. [STANDARDS-TRACK] This document defines procedures for the specification and registration of media types for use in HTTP, MIME, and other Internet protocols. This memo documents an Internet Best Current Practice. Informative References This document describes the frame format for transmission of IPv6 packets and the method of forming IPv6 link-local addresses and statelessly autoconfigured addresses on IEEE 802.15.4 networks. Additional specifications include a simple header compression scheme using shared context and provisions for packet delivery in IEEE 802.15.4 meshes. [STANDARDS-TRACK] This document updates RFC 4944, "Transmission of IPv6 Packets over IEEE 802.15.4 Networks". This document specifies an IPv6 header compression format for IPv6 packet delivery in Low Power Wireless Personal Area Networks (6LoWPANs). The compression format relies on shared context to allow compression of arbitrary prefixes. How the information is maintained in that shared context is out of scope. This document specifies compression of multicast addresses and a framework for compressing next headers. UDP header compression is specified within this framework. [STANDARDS-TRACK] The Internet Protocol Suite is increasingly used on small devices with severe constraints on power, memory, and processing resources, creating constrained-node networks. This document provides a number of basic terms that have been useful in the standardization work for constrained-node networks. This document describes a simple process that allows authors of Internet-Drafts to record the status of known implementations by including an Implementation Status section. This will allow reviewers and working groups to assign due consideration to documents that have the benefit of running code, which may serve as evidence of valuable experimentation and feedback that have made the implemented protocols more mature. This process is not mandatory. Authors of Internet-Drafts are encouraged to consider using the process for their documents, and working groups are invited to think about applying the process to all of their protocol specifications. This document obsoletes RFC 6982, advancing it to a Best Current Practice. This document defines a protocol for sending DNS queries and getting DNS responses over HTTPS. Each DNS query-response pair is mapped into an HTTP exchange. This document defines the Static Context Header Compression and fragmentation (SCHC) framework, which provides both a header compression mechanism and an optional fragmentation mechanism. SCHC has been designed with Low-Power Wide Area Networks (LPWANs) in mind. SCHC compression is based on a common static context stored both in the LPWAN device and in the network infrastructure side. This document defines a generic header compression mechanism and its application to compress IPv6/UDP headers. This document also specifies an optional fragmentation and reassembly mechanism. It can be used to support the IPv6 MTU requirement over the LPWAN technologies. Fragmentation is needed for IPv6 datagrams that, after SCHC compression or when such compression was not possible, still exceed the Layer 2 maximum payload size. The SCHC header compression and fragmentation mechanisms are independent of the specific LPWAN technology over which they are used. This document defines generic functionalities and offers flexibility with regard to parameter settings and mechanism choices. This document standardizes the exchange over the LPWAN between two SCHC entities. Settings and choices specific to a technology or a product are expected to be grouped into profiles, which are specified in other documents. Data models for the context and profiles are out of scope. This document defines how to compress Constrained Application Protocol (CoAP) headers using the Static Context Header Compression and fragmentation (SCHC) framework. SCHC defines a header compression mechanism adapted for Constrained Devices. SCHC uses a static description of the header to reduce the header's redundancy and size. While RFC 8724 describes the SCHC compression and fragmentation framework, and its application for IPv6/UDP headers, this document applies SCHC to CoAP headers. The CoAP header structure differs from IPv6 and UDP, since CoAP uses a flexible header with a variable number of options, themselves of variable length. The CoAP message format is asymmetric: the request messages have a header format different from the format in the response messages. This specification gives guidance on applying SCHC to flexible headers and how to leverage the asymmetry for more efficient compression Rules. The Hypertext Transfer Protocol (HTTP) is a stateless application-level protocol for distributed, collaborative, hypertext information systems. This document describes the overall architecture of HTTP, establishes common terminology, and defines aspects of the protocol that are shared by all versions. In this definition are core protocol elements, extensibility mechanisms, and the "http" and "https" Uniform Resource Identifier (URI) schemes. This document updates RFC 3864 and obsoletes RFCs 2818, 7231, 7232, 7233, 7235, 7538, 7615, 7694, and portions of 7230. TUD Dresden University of Technology Huawei Technologies HAW Hamburg TUD Dresden University of Technology & Barkhausen Institut This document defines a protocol for sending DNS messages over the Constrained Application Protocol (CoAP). These CoAP messages are protected by DTLS-Secured CoAP (CoAPS) or Object Security for Constrained RESTful Environments (OSCORE) to provide encrypted DNS message exchange for constrained devices in the Internet of Things (IoT).

Examples

DNS Queries A DNS query of the record AAAA in class IN for name "example.org" is represented in CBOR extended diagnostic notation (EDN) (see Section 8 in and Appendix G in ) as follows: A query of an A record for the same name is represented as A query of ANY record for that name is represented as

DNS Responses The responses to the examples provided in are shown below. We use the CBOR extended diagnostic notation (EDN) (see Section 8 in and Appendix G in ). To represent an AAAA record with TTL 300 seconds for the IPv6 address 2001:db8::1, a minimal response to ["example.org"] could be In this case, the name is derived from the query. If the name or the context is required, the following response would also be valid: If the query can not be mapped to the response for some reason, a response would look like: To represent a minimal response of an A record with TTL 3600 seconds for the IPv4 address 192.0.2.1, a minimal response to ["example.org", 1] could be Note that here also the 1 of record type A can be elided, as this record type is specified in the question section. Lastly, a response to ["example.org", 255, 255] could be This one advertises two local CoAP servers (identified by service name _coap._udp.local) at 2001:db8::1 and 2001:db8::2 and two nameservers for the example.org domain, ns1.example.org at 2001:db8::35 and ns2.example.org at 2001.db8::3535. Each of the transmitted records has a TTL of 3600 seconds.

Change Log

Since draft-lenders-dns-cbor-05

• Fix title
• Amend for capability to carry more than one question
• Hint at future of name compression in later draft versions
• Use canonical name for CBOR-packed

Since draft-lenders-dns-cbor-04

• Add Implementation Status section
• Remove int as representation for rdata
• Add note on representation of more structured rdata

Since draft-lenders-dns-cbor-03

• Provide format description for EDNS OPT Pseudo-RRs
• Simplify CDDL to more idiomatic style
• Remove DNS transaction IDs

Since draft-lenders-dns-cbor-02

• Add Discussion section and note on compression

Since draft-lenders-dns-cbor-01

• Use MIME type parameter for packed instead of own MIME type
• Update definitions to accommodate for TID and flags, as well as more sections in query
• Clarify fallback to wire-format

Since draft-lenders-dns-cbor-00

• Add support for DNS transaction IDs
• Name and Address compression utilizing CBOR-packed
• Minor fixes to CBOR EDN and CDDL

Acknowledgments TODO acknowledge.

• Carsten Bormann