commit 2615f2816f19c64221eec733155ef616cbfdb5b4
parent 158125723fe980b022e384187b323fe62ac530a9
Author: Christian Grothoff <christian@grothoff.org>
Date: Fri, 4 Oct 2019 11:58:33 +0200
English
Diffstat:
1 file changed, 13 insertions(+), 7 deletions(-)
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
@@ -273,14 +273,20 @@
<section anchor="gnsrecords_box" numbered="true" toc="default">
<name>BOX</name>
<t>
- Record type used to box up SRV and TLSA records. For example, a
- TLSA record for "_https._tcp.foo.gnu" will be stored under
- "foo.gnu" as a BOX record with service 443 (https) and protocol 6
+ In GNS, every "." in a name delegates to another zone, and
+ GNS lookups are expected to return all of the required useful
+ information in one record set. This is incompatible with the
+ special labels used by DNS for SRV and TLSA records. Thus, GNS
+ defines the BOX record format to box up SRV and TLSA records and
+ include them in the record set of the label they are associated
+ with. For example, a
+ TLSA record for "_https._tcp.foo.gnu" will be stored in the record set of
+ "foo.gnu" as a BOX record with service (SVC) 443 (https) and protocol (PROTO) 6
(tcp) and record_type "TLSA". When a BOX record is received, a GNS resolver
- must unbox it if the name contained "_SERVICE._PROTO", otherwise it is
- left untouched. This is done to ensure that TLSA (and SRV)
- records do not require a separate network request, thus making TLSA
- records inseparable from the corresponding A/AAAA/VPN/etc. records.
+ must unbox it if the name to be resolved continues with "_SERVICE._PROTO",
+ otherwise it is to be left untouched. This way, TLSA (and SRV)
+ records do not require a separate network request, and TLSA
+ records become inseparable from the corresponding address records.
A BOX DATA entry has the following format:</t>
<figure anchor="figure_boxrecord">
<artwork name="" type="" align="left" alt=""><