commit aba19d9a2fbf0dc4fee36ba420ca8c1b0d1728fd
parent 48ed4c49b61ac004d04e6fa1b681577921fc6100
Author: Martin Schanzenbach <mschanzenbach@posteo.de>
Date: Wed, 19 Feb 2020 19:26:52 +0100
supplemental LEHOs
Diffstat:
3 files changed, 19 insertions(+), 13 deletions(-)
diff --git a/draft-schanzen-gns.html b/draft-schanzen-gns.html
@@ -2238,9 +2238,9 @@ table {
authoritative DNS servers.
The first successful recursive name resolution result
is returned to the client.
- In addition, the resolver returns the queried DNS name as a LEHO
- record (<a href="#gnsrecords_leho" class="xref">Section 3.4</a>) with a relative
- expiration time of one hour.<a href="#section-6.2.2-4" class="pilcrow">¶</a></p>
+ In addition, the resolver returns the queried DNS name as a
+ supplemental LEHO record (<a href="#gnsrecords_leho" class="xref">Section 3.4</a>) with a
+ relative expiration time of one hour.<a href="#section-6.2.2-4" class="pilcrow">¶</a></p>
<p id="section-6.2.2-5">
GNS resolvers SHOULD offer a configuration
option to disable DNS processing to avoid information leakage
@@ -2275,7 +2275,10 @@ table {
(if it ends in a ".<Base32(zk)>").
In order to prevent infinite loops, the resolver MUST
implement loop detections or limit the number of recursive
- resolution steps.<a href="#section-6.2.3-2" class="pilcrow">¶</a></p>
+ resolution steps.
+ If the last CNAME was a DNS name, the resolver returns the DNS name
+ as a supplemental LEHO record (<a href="#gnsrecords_leho" class="xref">Section 3.4</a>)
+ with a relative expiration time of one hour.<a href="#section-6.2.3-2" class="pilcrow">¶</a></p>
</section>
</div>
<div id="box_processing">
diff --git a/draft-schanzen-gns.txt b/draft-schanzen-gns.txt
@@ -945,7 +945,7 @@ Internet-Draft The GNU Name System November 2019
the GNS resolver MUST support recursive resolution and MUST NOT
delegate this to the authoritative DNS servers. The first successful
recursive name resolution result is returned to the client. In
-
+ addition, the resolver returns the queried DNS name as a supplemental
@@ -954,8 +954,8 @@ Schanzenbach, et al. Expires 13 May 2020 [Page 17]
Internet-Draft The GNU Name System November 2019
- addition, the resolver returns the queried DNS name as a LEHO record
- (Section 3.4) with a relative expiration time of one hour.
+ LEHO record (Section 3.4) with a relative expiration time of one
+ hour.
GNS resolvers SHOULD offer a configuration option to disable DNS
processing to avoid information leakage and provide a consistent
@@ -981,7 +981,9 @@ Internet-Draft The GNU Name System November 2019
in turn may either point into the DNS or GNS namespace (if it ends in
a ".<Base32(zk)>"). In order to prevent infinite loops, the resolver
MUST implement loop detections or limit the number of recursive
- resolution steps.
+ resolution steps. If the last CNAME was a DNS name, the resolver
+ returns the DNS name as a supplemental LEHO record (Section 3.4) with
+ a relative expiration time of one hour.
6.2.4. BOX
@@ -1003,8 +1005,6 @@ Internet-Draft The GNU Name System November 2019
-
-
Schanzenbach, et al. Expires 13 May 2020 [Page 18]
�
Internet-Draft The GNU Name System November 2019
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
@@ -997,9 +997,9 @@
authoritative DNS servers.
The first successful recursive name resolution result
is returned to the client.
- In addition, the resolver returns the queried DNS name as a LEHO
- record (<xref target="gnsrecords_leho" />) with a relative
- expiration time of one hour.
+ In addition, the resolver returns the queried DNS name as a
+ supplemental LEHO record (<xref target="gnsrecords_leho" />) with a
+ relative expiration time of one hour.
</t>
<t>
GNS resolvers SHOULD offer a configuration
@@ -1035,6 +1035,9 @@
In order to prevent infinite loops, the resolver MUST
implement loop detections or limit the number of recursive
resolution steps.
+ If the last CNAME was a DNS name, the resolver returns the DNS name
+ as a supplemental LEHO record (<xref target="gnsrecords_leho" />)
+ with a relative expiration time of one hour.
<!-- Note: Martin: do we actually implement this in GNS today?
Seems rather tricky to detect if we go via NSS... -->
</t>
