diff options
Diffstat (limited to 'draft-schanzen-gns.xml')
-rw-r--r-- | draft-schanzen-gns.xml | 85 |
1 files changed, 51 insertions, 34 deletions
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml index 485351a..1112353 100644 --- a/draft-schanzen-gns.xml +++ b/draft-schanzen-gns.xml | |||
@@ -1913,50 +1913,67 @@ example.com = zk2 | |||
1913 | <t> | 1913 | <t> |
1914 | Upon receiving the RRBLOCK from the storage, as part of verifying the | 1914 | Upon receiving the RRBLOCK from the storage, as part of verifying the |
1915 | provided signature, the resolver MUST check that the SHA-512 hash of the | 1915 | provided signature, the resolver MUST check that the SHA-512 hash of the |
1916 | derived authoritative zone key zk' from the RRBLOCK matches the query q. | 1916 | derived authoritative zone key zk' from the RRBLOCK matches the query q |
1917 | If not, the RRBLOCK MUST be ignored and, if applicable, the storage | 1917 | and that the overall block is not yet expired. |
1918 | lookup GET(q) MUST continue to look for other RRBLOCKs. | 1918 | If the signature does not match or the block is expired, the RRBLOCK MUST |
1919 | be ignored and, if applicable, the storage lookup GET(q) MUST continue to | ||
1920 | look for other RRBLOCKs. | ||
1919 | </t> | 1921 | </t> |
1920 | </section> | 1922 | </section> |
1921 | <section anchor="record_processing" numbered="true" toc="default"> | 1923 | <section anchor="record_processing" numbered="true" toc="default"> |
1922 | <name>Record Processing</name> | 1924 | <name>Record Processing</name> |
1923 | <t> | 1925 | <t> |
1924 | Record processing occurs at the end of a single recursion. We assume | 1926 | Record processing occurs once a well-formed block was decrypted. |
1925 | that the RRBLOCK has been cryptographically verified and decrypted. | 1927 | In record processing, only the valid records thus |
1926 | At this point, we must first determine if we have received a valid | 1928 | obtained are considered. To filter records by validity, the resolver |
1927 | record set in the context of the name we are trying to resolve: | 1929 | MUST at least checking the expiration time and the FLAGS of the |
1930 | respective record. In particular, FLAGS may exclude shadow and | ||
1931 | supplemental records from being considered. The next steps depend | ||
1932 | on the context of the name we are trying to resolve: | ||
1928 | </t> | 1933 | </t> |
1929 | <ul> | 1934 | <ul> |
1930 | <li> | 1935 | <li> |
1931 | Case 1: | 1936 | Case 1: |
1932 | If the remainder of the name to resolve is empty and the record set | 1937 | If the filtered record set consists of a single CNAME, |
1933 | does not consist of a delegation, CNAME or DNS2GNS record, | 1938 | the remainder of the name is prepended to the CNAME and the |
1934 | the record set is the result and the recursion is concluded. | 1939 | recursion is started again from the resulting name. |
1940 | Details are described in <xref target="cname_processing" />. | ||
1941 | </li> | ||
1942 | <li> | ||
1943 | Case 2: | ||
1944 | If the filtered record set consists exclusively of a one or more DNS2GNS records | ||
1945 | resolution continues with DNS. | ||
1946 | Details are described in <xref target="gns2dns_processing" />. | ||
1935 | </li> | 1947 | </li> |
1936 | <li> | ||
1937 | Case 2: | ||
1938 | If the name to be resolved is of the format | ||
1939 | "_SERVICE._PROTO" and the record set contains one or more matching BOX | ||
1940 | records, the records in the BOX records are the result and the recursion | ||
1941 | is concluded (<xref target="box_processing" />). | ||
1942 | </li> | ||
1943 | <li> | 1948 | <li> |
1944 | Case 3: | 1949 | Case 3: |
1945 | If the remainder of the name to resolve is not empty and | 1950 | If the remainder of the name to resolve is empty |
1946 | does not match the "_SERVICE._PROTO" syntax, then the current record set | 1951 | the record set (including supplemental records) |
1947 | MUST consist of a single delegation record (<xref target="delegation_processing" />), | 1952 | is the final result and the recursion is concluded. |
1948 | a single CNAME record (<xref target="cname_processing" />), | 1953 | </li> |
1949 | or one or more GNS2DNS records (<xref target="gns2dns_processing" />), | 1954 | <li> |
1950 | which are processed as described in the respective sections below. | 1955 | Case 4: |
1951 | The record set may include any number of supplemental records. | 1956 | If the remainder of the name to be resolved is of the format |
1952 | Otherwise, resolution fails | 1957 | "_SERVICE._PROTO" and the record set contains one or more matching BOX |
1953 | and the resolver MUST return an empty record set. | 1958 | records, the records in the BOX records are the final result and the recursion |
1954 | 1959 | is concluded (<xref target="box_processing" />). | |
1955 | Finally, after the recursion terminates, the client preferences | 1960 | </li> |
1956 | for the record type MUST be considered and possible conversions such as | 1961 | <li> |
1957 | defined in <xref target="vpn_processing" /> MUST be performed. | 1962 | Case 5: |
1958 | </li> | 1963 | If the current record set |
1959 | </ul> | 1964 | consist of a single delegation record (<xref target="delegation_processing" />), |
1965 | resolution of the remainder of the name is delegated to | ||
1966 | the target zone as described in <xref target="delegation_processing" />. | ||
1967 | </li> | ||
1968 | <li> | ||
1969 | Otherwise, resolution fails and the resolver MUST return an empty record set. | ||
1970 | </li> | ||
1971 | </ul> | ||
1972 | <t> | ||
1973 | Finally, after the recursion successfully terminates, the client preferences | ||
1974 | for the record type MUST be considered and possible conversions such as | ||
1975 | defined in <xref target="vpn_processing" /> MUST be attempted. | ||
1976 | </t> | ||
1960 | <section anchor="delegation_processing" numbered="true" toc="default"> | 1977 | <section anchor="delegation_processing" numbered="true" toc="default"> |
1961 | <name>Zone Delegation Records</name> | 1978 | <name>Zone Delegation Records</name> |
1962 | <t> | 1979 | <t> |