File: rfc2915.txt

package info (click to toggle)
doc-rfc 20181229-2
  • links: PTS, VCS
  • area: non-free
  • in suites: buster
  • size: 570,944 kB
  • sloc: xml: 285,646; sh: 107; python: 90; perl: 42; makefile: 14
file content (1011 lines) | stat: -rw-r--r-- 41,555 bytes parent folder | download | duplicates (7)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011






Network Working Group                                         M. Mealling
Request for Comments: 2915                        Network Solutions, Inc.
Updates: 2168                                                   R. Daniel
Category: Standards Track                                DATAFUSION, Inc.
                                                           September 2000


        The Naming Authority Pointer (NAPTR) DNS Resource Record

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2000). All Rights Reserved.

Abstract

   This document describes a Domain Name System (DNS) resource record
   which specifies a regular expression based rewrite rule that, when
   applied to an existing string, will produce a new domain label or
   Uniform Resource Identifier (URI).  Depending on the value of the
   flags field of the resource record, the resulting domain label or URI
   may be used in subsequent queries for the Naming Authority Pointer
   (NAPTR) resource records (to delegate the name lookup) or as the
   output of the entire process for which this system is used (a
   resolution server for URI resolution, a service URI for ENUM style
   e.164 number to URI mapping, etc).

   This allows the DNS to be used to lookup services for a wide variety
   of resource names (including URIs) which are not in domain name
   syntax.  Reasons for doing this range from URN Resource Discovery
   Systems to moving out-of-date services to new domains.

   This document updates the portions of RFC 2168 specifically dealing
   with the definition of the NAPTR records and how other, non-URI
   specific applications, might use NAPTR.









Mealling & Daniel           Standards Track                     [Page 1]

RFC 2915                      NAPTR DNS RR                September 2000


Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  NAPTR RR Format  . . . . . . . . . . . . . . . . . . . . . .   3
   3.  Substitution Expression Grammar  . . . . . . . . . . . . . .   7
   4.  The Basic NAPTR Algorithm  . . . . . . . . . . . . . . . . .   8
   5.  Concerning How NAPTR Uses SRV Records  . . . . . . . . . . .   9
   6.  Application Specifications . . . . . . . . . . . . . . . . .  10
   7.  Examples . . . . . . . . . . . . . . . . . . . . . . . . . .  10
   7.1 Example 1  . . . . . . . . . . . . . . . . . . . . . . . . .  10
   7.2 Example 2  . . . . . . . . . . . . . . . . . . . . . . . . .  12
   7.3 Example 3  . . . . . . . . . . . . . . . . . . . . . . . . .  13
   8.  DNS Packet Format  . . . . . . . . . . . . . . . . . . . . .  13
   9.  Master File Format . . . . . . . . . . . . . . . . . . . . .  14
   10. Advice for DNS Administrators  . . . . . . . . . . . . . . .  14
   11. Notes  . . . . . . . . . . . . . . . . . . . . . . . . . . .  15
   12. IANA Considerations  . . . . . . . . . . . . . . . . . . . .  15
   13. Security Considerations  . . . . . . . . . . . . . . . . . .  15
   14. Acknowledgments  . . . . . . . . . . . . . . . . . . . . . .  16
       References . . . . . . . . . . . . . . . . . . . . . . . . .  16
       Authors' Addresses . . . . . . . . . . . . . . . . . . . . .  17
       Full Copyright Statement . . . . . . . . . . . . . . . . . .  18

1. Introduction

   This RR was originally produced by the URN Working Group [3] as a way
   to encode rule-sets in DNS so that the delegated sections of a URI
   could be decomposed in such a way that they could be changed and re-
   delegated over time.  The result was a Resource Record that included
   a regular expression that would be used by a client program to
   rewrite a string into a domain name.  Regular expressions were chosen
   for their compactness to expressivity ratio allowing for a great deal
   of information to be encoded in a rather small DNS packet.

   The function of rewriting a string according to the rules in a record
   has usefulness in several different applications.  This document
   defines the basic assumptions to which all of those applications must
   adhere to.  It does not define the reasons the rewrite is used, what
   the expected outcomes are, or what they are used for.  Those are
   specified by applications that define how they use the NAPTR record
   and algorithms within their contexts.

   Flags and other fields are also specified in the RR to control the
   rewrite procedure in various ways or to provide information on how to
   communicate with the host at the domain name that was the result of
   the rewrite.





Mealling & Daniel           Standards Track                     [Page 2]

RFC 2915                      NAPTR DNS RR                September 2000


   The final result is a RR that has several fields that interact in a
   non-trivial but implementable way.  This document specifies those
   fields and their values.

   This document does not define applications that utilizes this rewrite
   functionality. Instead it specifies just the mechanics of how it is
   done.  Why its done, what the rules concerning the inputs, and the
   types of rules used are reserved for other documents that fully
   specify a particular application.  This separation is due to several
   different applications all wanting to take advantage of the rewrite
   rule lookup process.  Each one has vastly different reasons for why
   and how it uses the service, thus requiring that the definition of
   the service be generic.

      The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
      NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL"
      in this document are to be interpreted as described in RFC 2119.

      All references to Uniform Resource Identifiers in this document
      adhere to the 'absoluteURI' production of the "Collected ABNF"
      found in RFC 2396 [9].  Specifically, the semantics of URI
      References do not apply since the concept of a Base makes no sense
      here.

2. NAPTR RR Format

   The format of the NAPTR RR is given below.  The DNS type code [1] for
   NAPTR is 35.

   Domain TTL Class Type Order Preference Flags Service Regexp
   Replacement

   Domain
      The domain name to which this resource record refers.  This is the
      'key' for this entry in the rule database.  This value will either
      be the first well known key (<something>.uri.arpa for example) or
      a new key that is the output of a replacement or regexp rewrite.
      Beyond this, it has the standard DNS requirements [1].

   TTL
      Standard DNS meaning [1].

   Class
      Standard DNS meaning [1].

   Type
      The Type Code [1] for NAPTR is 35.




Mealling & Daniel           Standards Track                     [Page 3]

RFC 2915                      NAPTR DNS RR                September 2000


   Order
      A 16-bit unsigned integer specifying the order in which the NAPTR
      records MUST be processed to ensure the correct ordering of
      rules.  Low numbers are processed before high numbers, and once a
      NAPTR is found whose rule "matches" the target, the client MUST
      NOT consider any NAPTRs with a higher value for order (except as
      noted below for the Flags field).

   Preference
      A 16-bit unsigned integer that specifies the order in which NAPTR
      records with equal "order" values SHOULD be processed, low
      numbers being processed before high numbers.  This is similar to
      the preference field in an MX record, and is used so domain
      administrators can direct clients towards more capable hosts or
      lighter weight protocols.  A client MAY look at records with
      higher preference values if it has a good reason to do so such as
      not understanding the preferred protocol or service.

      The important difference between Order and Preference is that
      once a match is found the client MUST NOT consider records with a
      different Order but they MAY process records with the same Order
      but different Preferences.  I.e., Preference is used to give weight
      to rules that are considered the same from an authority
      standpoint but not from a simple load balancing standpoint.

   Flags
      A <character-string> containing flags to control aspects of the
      rewriting and interpretation of the fields in the record.  Flags
      are single characters from the set [A-Z0-9].  The case of the
      alphabetic characters is not significant.

      At this time only four flags, "S", "A", "U", and "P", are
      defined.  The "S", "A" and "U" flags denote a terminal lookup.
      This means that this NAPTR record is the last one and that the
      flag determines what the next stage should be.  The "S" flag
      means that the next lookup should be for SRV records [4].  See
      Section 5 for additional information on how NAPTR uses the SRV
      record type.  "A" means that the next lookup should be for either
      an A, AAAA, or A6 record.  The "U" flag means that the next step
      is not a DNS lookup but that the output of the Regexp field is an
      URI that adheres to the 'absoluteURI' production found in the
      ABNF of RFC 2396 [9].  Since there may be applications that use
      NAPTR to also lookup aspects of URIs, implementors should be
      aware that this may cause loop conditions and should act
      accordingly.






Mealling & Daniel           Standards Track                     [Page 4]

RFC 2915                      NAPTR DNS RR                September 2000


      The "P" flag says that the remainder of the application side
      algorithm shall be carried out in a Protocol-specific fashion.
      The new set of rules is identified by the Protocol specified in
      the Services field.  The record that contains the 'P' flag is the
      last record that is interpreted by the rules specified in this
      document.  The new rules are dependent on the application for
      which they are being used and the protocol specified.  For
      example, if the application is a URI RDS and the protocol is WIRE
      then the new set of rules are governed by the algorithms
      surrounding the WIRE HTTP specification and not this document.

      The remaining alphabetic flags are reserved for future versions
      of the NAPTR specification.  The numeric flags may be used for
      local experimentation.  The S, A, U and P flags are all mutually
      exclusive, and resolution libraries MAY signal an error if more
      than one is given.  (Experimental code and code for assisting in
      the creation of NAPTRs would be more likely to signal such an
      error than a client such as a browser).  It is anticipated that
      multiple flags will be allowed in the future, so implementers
      MUST NOT assume that the flags field can only contain 0 or 1
      characters.  Finally, if a client encounters a record with an
      unknown flag, it MUST ignore it and move to the next record.  This
      test takes precedence even over the "order" field.  Since flags
      can control the interpretation placed on fields, a novel flag
      might change the interpretation of the regexp and/or replacement
      fields such that it is impossible to determine if a record
      matched a given target.

      The "S", "A", and "U"  flags are called 'terminal' flags since
      they halt the looping rewrite algorithm.  If those flags are not
      present, clients may assume that another NAPTR RR exists at the
      domain name produced by the current rewrite rule.  Since the "P"
      flag specifies a new algorithm, it may or may not be 'terminal'.
      Thus, the client cannot assume that another NAPTR exists since
      this case is determined elsewhere.

      DNS servers MAY interpret these flags and values and use that
      information to include appropriate SRV and A,AAAA, or A6 records
      in the additional information portion of the DNS packet.  Clients
      are encouraged to check for additional information but are not
      required to do so.

   Service
      Specifies the service(s) available down this rewrite path.  It may
      also specify the particular protocol that is used to talk with a
      service.  A protocol MUST be specified if the flags field states
      that the NAPTR is terminal.  If a protocol is specified, but the
      flags field does not state that the NAPTR is terminal, the next



Mealling & Daniel           Standards Track                     [Page 5]

RFC 2915                      NAPTR DNS RR                September 2000


      lookup MUST be for a NAPTR.  The client MAY choose not to perform
      the next lookup if the protocol is unknown, but that behavior
      MUST NOT be relied upon.

      The service field may take any of the values below (using the
      Augmented BNF of RFC 2234 [5]):

                 service_field = [ [protocol] *("+" rs)]
                 protocol      = ALPHA *31ALPHANUM
                 rs            = ALPHA *31ALPHANUM
                 ; The protocol and rs fields are limited to 32
                 ; characters and must start with an alphabetic.

      For example, an optional protocol specification followed by 0 or
      more resolution services.  Each resolution service is indicated by
      an initial '+' character.

      Note that the empty string is also a valid service field.  This
      will typically be seen at the beginning of a series of rules,
      when it is impossible to know what services and protocols will be
      offered by a particular service.

      The actual format of the service request and response will be
      determined by the resolution protocol, and is the subject for
      other documents.  Protocols need not offer all services.  The
      labels for service requests shall be formed from the set of
      characters [A-Z0-9].  The case of the alphabetic characters is
      not significant.

      The list of "valid" protocols for any given NAPTR record is any
      protocol that implements some or all of the services defined for
      a NAPTR application.  Currently, THTTP [6] is the only protocol
      that is known to make that claim at the time of publication.  Any
      other protocol that is to be used must have documentation
      specifying:

      *  how it implements the services of the application

      *  how it is to appear in the NAPTR record (i.e., the string id
         of the protocol)

      The list of valid Resolution Services is defined by the documents
      that specify individual NAPTR based applications.

      It is worth noting that the interpretation of this field is
      subject to being changed by new flags, and that the current
      specification is oriented towards telling clients how to talk
      with a URN resolver.



Mealling & Daniel           Standards Track                     [Page 6]

RFC 2915                      NAPTR DNS RR                September 2000


   Regexp
      A STRING containing a substitution expression that is applied to
      the original string held by the client in order to construct the
      next domain name to lookup.  The grammar of the substitution
      expression is given in the next section.

      The regular expressions MUST NOT be used in a cumulative fashion,
      that is, they should only be applied to the original string held
      by the client, never to the domain name produced by a previous
      NAPTR rewrite.  The latter is tempting in some applications but
      experience has shown such use to be extremely fault sensitive,
      very error prone, and extremely difficult to debug.

   Replacement
      The next NAME to query for NAPTR, SRV, or address records
      depending on the value of the flags field.  This MUST be a fully
      qualified domain-name. Unless and until permitted by future
      standards action, name compression is not to be used for this
      field.

3. Substitution Expression Grammar

   The content of the regexp field is a substitution expression.  True
   sed(1) and Perl style substitution expressions are not appropriate
   for use in this application for a variety of reasons stemming from
   internationalization requirements and backref limitations, therefore
   the contents of the regexp field MUST follow the grammar below:

subst_expr   = delim-char  ere  delim-char  repl  delim-char  *flags
delim-char   = "/" / "!" / ... <Any non-digit or non-flag character
               other than backslash '\'. All occurances of a delim_char
               in a subst_expr must be the same character.>
ere          = POSIX Extended Regular Expression
repl         = 1 * ( OCTET /  backref )
backref      = "\" 1POS_DIGIT
flags        = "i"
POS_DIGIT    = %x31-39                 ; 0 is not an allowed backref

   The definition of a POSIX Extended Regular Expression can be found in
   [8], section 2.8.4.

   The result of applying the substitution expression to the original
   URI MUST result in either a string that obeys the syntax for DNS
   domain-names [1] or a URI [9] if the Flags field contains a 'u'.
   Since it is possible for the regexp field to be improperly specified,
   such that a non-conforming domain-name can be constructed, client
   software SHOULD verify that the result is a legal DNS domain-name
   before making queries on it.



Mealling & Daniel           Standards Track                     [Page 7]

RFC 2915                      NAPTR DNS RR                September 2000


   Backref expressions in the repl portion of the substitution
   expression are replaced by the (possibly empty) string of characters
   enclosed by '(' and ')' in the ERE portion of the substitution
   expression. N is a single digit from 1 through 9, inclusive.  It
   specifies the N'th backref expression, the one that begins with the
   N'th '(' and continues to the matching ')'.  For example, the ERE

                            (A(B(C)DE)(F)G)

         has backref expressions:

                            \1  = ABCDEFG
                            \2  = BCDE
                            \3  = C
                            \4  = F
                            \5..\9  = error - no matching subexpression

   The "i" flag indicates that the ERE matching SHALL be performed in a
   case-insensitive fashion. Furthermore, any backref replacements MAY
   be normalized to lower case when the "i" flag is given.

   The first character in the substitution expression shall be used as
   the character that delimits the components of the substitution
   expression.  There must be exactly three non-escaped occurrences of
   the delimiter character in a substitution expression.  Since escaped
   occurrences of the delimiter character will be interpreted as
   occurrences of that character, digits MUST NOT be used as delimiters.
   Backrefs would be confused with literal digits were this allowed.
   Similarly, if flags are specified in the substitution expression, the
   delimiter character must not also be a flag character.

4. The Basic NAPTR Algorithm

   The behavior and meaning of the flags and services assume an
   algorithm where the output of one rewrite is a new key that points to
   another rule.  This looping algorithm allows NAPTR records to
   incrementally specify a complete rule.  These incremental rules can
   be delegated which allows other entities to specify rules so that one
   entity does not need to understand _all_ rules.

   The algorithm starts with a string and some known key (domain).
   NAPTR records for this key are retrieved, those with unknown Flags or
   inappropriate Services are discarded and the remaining records are
   sorted by their Order field.  Within each value of Order, the records
   are further sorted by the Preferences field.

   The records are examined in sorted order until a matching record is
   found.  A record is considered a match iff:



Mealling & Daniel           Standards Track                     [Page 8]

RFC 2915                      NAPTR DNS RR                September 2000


   o  it has a Replacement field value instead of a Regexp field value.

   o  or the Regexp field matches the string held by the client.

   The first match MUST be the match that is used.  Once a match is
   found, the Services field is examined for whether or not this rule
   advances toward the desired result.  If so, the rule is applied to
   the target string.  If not, the process halts.  The domain that
   results from the regular expression is then used as the domain of the
   next loop through the NAPTR algorithm.  Note that the same target
   string is used throughout the algorithm.

   This looping is extremely important since it is the method by which
   complex rules are broken down into manageable delegated chunks.  The
   flags fields simply determine at which point the looping should stop
   (or other specialized behavior).

   Since flags are valid at any level of the algorithm, the degenerative
   case is to never loop but to look up the NAPTR and then stop.  In
   many specialized cases this is all that is needed.  Implementors
   should be aware that the degenerative case should not become the
   common case.

5. Concerning How NAPTR Uses SRV Records

   When the SRV record type was originally specified it assumed that the
   client did not know the specific domain-name before hand.  The client
   would construct a domain-name more in the form of a question than the
   usual case of knowing ahead of time that the domain-name should
   exist.  I.e., if the client wants to know if there is a TCP based
   HTTP server running at a particular domain, the client would
   construct the domain-name _http._tcp.somedomain.com and ask the DNS
   if that records exists. The underscores are used to avoid collisions
   with potentially 'real' domain-names.

   In the case of NAPTR, the actual domain-name is specified by the
   various fields in the NAPTR record.  In this case the client isn't
   asking a question but is instead attempting to get at information
   that it has been told exists in an SRV record at that particular
   domain-name.  While this usage of SRV is slightly different than the
   SRV authors originally intended it does not break any of the
   assumptions concerning what SRV contains.  Also, since the NAPTR
   explicitly spells out the domain-name for which an SRV exists, that
   domain-name MUST be used in SRV queries with NO transformations.  Any
   given NAPTR record may result in a domain-name to be used for SRV
   queries that may or may not contain the SRV standardized underscore





Mealling & Daniel           Standards Track                     [Page 9]

RFC 2915                      NAPTR DNS RR                September 2000


   characters.  NAPTR applications that make use of SRV MUST NOT attempt
   to understand these domains or use them according to how the SRV
   specification structures its query domains.

6. Application Specifications

   It should be noted that the NAPTR algorithm is the basic assumption
   about how NAPTR works.  The reasons for the rewrite and the expected
   output and its use are specified by documents that define what
   applications the NAPTR record and algorithm are used for.  Any
   document that defines such an application must define the following:

   o  The first known domain-name or how to build it

   o  The valid Services and Protocols

   o  What the expected use is for the output of the last rewrite

   o  The validity and/or behavior of any 'P' flag protocols.

   o  The general semantics surrounding why and how NAPTR and its
      algorithm are being used.

7. Examples

   NOTE: These are examples only.  They are taken from ongoing work and
   may not represent the end result of that work. They are here for
   pedagogical reasons only.

7.1 Example 1

   NAPTR was originally specified for use with the a Uniform Resource
   Name Resolver Discovery System.  This example details how a
   particular URN would use the NAPTR record to find a resolver service.

   Consider a URN namespace based on MIME Content-Ids.  The URN might
   look like this:

      urn:cid:39CB83F7.A8450130@fake.gatech.edu

   (Note that this example is chosen for pedagogical purposes, and does
   not conform to the CID URL scheme.)

   The first step in the resolution process is to find out about the CID
   namespace.  The namespace identifier [3], 'cid', is extracted from
   the URN, prepended to urn.arpa. 'cid.urn.arpa' then becomes the first
   'known' key in the NAPTR algorithm.  The NAPTR records for
   cid.urn.arpa looked up and return a single record:



Mealling & Daniel           Standards Track                    [Page 10]

RFC 2915                      NAPTR DNS RR                September 2000


   cid.urn.arpa.
   ;;       order pref flags service        regexp           replacement
   IN NAPTR 100   10   ""  ""  "/urn:cid:.+@([^\.]+\.)(.*)$/\2/i"    .

   There is only one NAPTR response, so ordering the responses is not a
   problem.  The replacement field is empty, so the pattern provided in
   the regexp field is used.  We apply that regexp to the entire URN to
   see if it matches, which it does.  The \2 part of the substitution
   expression returns the string "gatech.edu".  Since the flags field
   does not contain "s" or "a", the lookup is not terminal and our next
   probe to DNS is for more NAPTR records where the new domain is '
   gatech.edu' and the string is the same string as before.

   Note that the rule does not extract the full domain name from the
   CID, instead it assumes the CID comes from a host and extracts its
   domain.  While all hosts, such as mordred, could have their very own
   NAPTR, maintaining those records for all the machines at a site as
   large as Georgia Tech would be an intolerable burden.  Wildcards are
   not appropriate here since they only return results when there is no
   exactly matching names already in the system.

   The record returned from the query on "gatech.edu" might look like:

;;       order pref flags service           regexp  replacement
 IN NAPTR 100  50  "s"  "z3950+I2L+I2C"     ""  _z3950._tcp.gatech.edu.
 IN NAPTR 100  50  "s"  "rcds+I2C"          ""  _rcds._udp.gatech.edu.
 IN NAPTR 100  50  "s"  "http+I2L+I2C+I2R"  ""  _http._tcp.gatech.edu.

   Continuing with the example, note that the values of the order and
   preference fields are equal in all records, so the client is free to
   pick any record.  The flags field tells us that these are the last
   NAPTR patterns we should see, and after the rewrite (a simple
   replacement in this case) we should look up SRV records to get
   information on the hosts that can provide the necessary service.

   Assuming we prefer the Z39.50 protocol, our lookup might return:

 ;;                        Pref Weight   Port Target
 _z3950._tcp.gatech.edu. IN SRV 0    0      1000 z3950.gatech.edu.
                         IN SRV 0    0      1000 z3950.cc.gatech.edu.
                         IN SRV 0    0      1000 z3950.uga.edu.

   telling us three hosts that could actually do the resolution, and
   giving us the port we should use to talk to their Z39.50 server.

   Recall that the regular expression used \2 to extract a domain name
   from the CID, and \. for matching the literal '.' characters
   separating the domain name components. Since '\' is the escape



Mealling & Daniel           Standards Track                    [Page 11]

RFC 2915                      NAPTR DNS RR                September 2000


   character, literal occurances of a backslash must be escaped by
   another backslash.  For the case of the cid.urn.arpa record above,
   the regular expression entered into the master file should be
   "/urn:cid:.+@([^\\.]+\\.)(.*)$/\\2/i".  When the client code actually
   receives the record, the pattern will have been converted to
   "/urn:cid:.+@([^\.]+\.)(.*)$/\2/i".

7.2 Example 2

   Even if URN systems were in place now, there would still be a
   tremendous number of URLs.  It should be possible to develop a URN
   resolution system that can also provide location independence for
   those URLs.  This is related to the requirement that URNs be able to
   grandfather in names from other naming systems, such as ISO Formal
   Public Identifiers, Library of Congress Call Numbers, ISBNs, ISSNs,
   etc.

   The NAPTR RR could also be used for URLs that have already been
   assigned.  Assume we have the URL for a very popular piece of
   software that the publisher wishes to mirror at multiple sites around
   the world:

   Using the rules specified for this application we extract the prefix,
   "http", and lookup NAPTR records for http.uri.arpa.  This might
   return a record of the form

     http.uri.arpa. IN NAPTR
     ;;  order   pref flags service      regexp             replacement
          100     90   ""      ""   "!http://([^/:]+)!\1!i"       .

   This expression returns everything after the first double slash and
   before the next slash or colon.  (We use the '!' character to delimit
   the parts of the substitution expression.  Otherwise we would have to
   use backslashes to escape the forward slashes and would have a regexp
   in the zone file that looked like "/http:\\/\\/([^\\/:]+)/\\1/i".).

   Applying this pattern to the URL extracts "www.foo.com".  Looking up
   NAPTR records for that might return:

     www.foo.com.
     ;;       order pref flags   service  regexp     replacement
      IN NAPTR 100  100  "s"   "http+I2R"   ""    _http._tcp.foo.com.
      IN NAPTR 100  100  "s"   "ftp+I2R"    ""    _ftp._tcp.foo.com.

   Looking up SRV records for http.tcp.foo.com would return information
   on the hosts that foo.com has designated to be its mirror sites.  The
   client can then pick one for the user.




Mealling & Daniel           Standards Track                    [Page 12]

RFC 2915                      NAPTR DNS RR                September 2000


7.3 Example 3

   A non-URI example is the ENUM application which uses a NAPTR record
   to map an e.164 telephone number to a URI.  In order to convert the
   phone number to a domain name for the first iteration all characters
   other than digits are removed from the the telephone number, the
   entire number is inverted, periods are put between each digit and the
   string ".e164.arpa" is put on the left-hand side.  For example, the
   E.164 phone number "+1-770-555-1212" converted to a domain-name it
   would be "2.1.2.1.5.5.5.0.7.7.1.e164.arpa."

   For this example telephone number we might get back the following
   NAPTR records:

$ORIGIN 2.1.2.1.5.5.5.0.7.7.1.e164.arpa.
 IN NAPTR 100 10 "u" "sip+E2U"  "!^.*$!sip:information@tele2.se!"     .
 IN NAPTR 102 10 "u" "mailto+E2U" "!^.*$!mailto:information@tele2.se!"  .

   This application uses the same 'u' flag as the URI Resolution
   application. This flag states that the Rule is terminal and that the
   output is a URI which contains the information needed to contact that
   telephone service.  ENUM also uses the same format for its Service
   field except that it defines the 'E2U' service instead of the 'I2*'
   services that URI resolution uses.  The example above states that the
   available protocols used to access that telephone's service are
   either the Session Initiation Protocol or SMTP mail.

8. DNS Packet Format

         The packet format for the NAPTR record is:

                                          1  1  1  1  1  1
            0  1  2  3  4  5  6  7  8  9  0  1  2  3  4  5
          +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
          |                     ORDER                     |
          +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
          |                   PREFERENCE                  |
          +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
          /                     FLAGS                     /
          +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
          /                   SERVICES                    /
          +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
          /                    REGEXP                     /
          +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
          /                  REPLACEMENT                  /
          /                                               /
          +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+




Mealling & Daniel           Standards Track                    [Page 13]

RFC 2915                      NAPTR DNS RR                September 2000


    where:

   FLAGS A <character-string> which contains various flags.

   SERVICES A <character-string> which contains protocol and service
      identifiers.

   REGEXP A <character-string> which contains a regular expression.

   REPLACEMENT A <domain-name> which specifies the new value in the
      case where the regular expression is a simple replacement
      operation.

   <character-string> and <domain-name> as used here are defined in
   RFC1035 [1].

9. Master File Format

   The master file format follows the standard rules in RFC-1035 [1].
   Order and preference, being 16-bit unsigned integers, shall be an
   integer between 0 and 65535.  The Flags and Services and Regexp
   fields are all quoted <character-string>s.  Since the Regexp field
   can contain numerous backslashes and thus should be treated with
   care.  See Section 10 for how to correctly enter and escape the
   regular expression.

10. Advice for DNS Administrators

   Beware of regular expressions.  Not only are they difficult to get
   correct on their own, but there is the previously mentioned
   interaction with DNS.  Any backslashes in a regexp must be entered
   twice in a zone file in order to appear once in a query response.
   More seriously, the need for double backslashes has probably not been
   tested by all implementors of DNS servers.

   The "a" flag allows the next lookup to be for address records (A,
   AAAA, A6) rather than SRV records.  Since there is no place for a
   port specification in the NAPTR record, when the "A" flag is used the
   specified protocol must be running on its default port.

   The URN Syntax draft defines a canonical form for each URN, which
   requires %encoding characters outside a limited repertoire.  The
   regular expressions MUST be written to operate on that canonical
   form.  Since international character sets will end up with extensive
   use of %encoded characters, regular expressions operating on them
   will be essentially impossible to read or write by hand.





Mealling & Daniel           Standards Track                    [Page 14]

RFC 2915                      NAPTR DNS RR                September 2000


11. Notes

   o  A client MUST process multiple NAPTR records in the order
      specified by the "order" field, it MUST NOT simply use the first
      record that provides a known protocol and service combination.

   o  When multiple RRs have the same "order" and all other criteria
      being equal, the client should use the value of the preference
      field to select the next NAPTR to consider.  However, because it
      will often be the case where preferred protocols or services
      exist, clients may use this additional criteria to sort
      the records.

   o  If the lookup after a rewrite fails, clients are strongly
      encouraged to report a failure, rather than backing up to pursue
      other rewrite paths.

   o  Note that SRV RRs impose additional requirements on clients.

12. IANA Considerations

   The only registration function that impacts the IANA is for the
   values that are standardized for the Services and Flags fields.  To
   extend the valid values of the Flags field beyond what is specified
   in this document requires a published specification that is approved
   by the IESG.

   The values for the Services field will be determined by the
   application that makes use of the NAPTR record.  Those values must be
   specified in a published specification and approved by the IESG.

13. Security Considerations

   The interactions with DNSSEC are currently being studied.  It is
   expected that NAPTR records will be signed with SIG records once the
   DNSSEC work is deployed.

   The rewrite rules make identifiers from other namespaces subject to
   the same attacks as normal domain names.  Since they have not been
   easily resolvable before, this may or may not be considered a
   problem.

   Regular expressions should be checked for sanity, not blindly passed
   to something like PERL.

   This document has discussed a way of locating a service, but has not
   discussed any detail of how the communication with that service takes
   place.  There are significant security considerations attached to the



Mealling & Daniel           Standards Track                    [Page 15]

RFC 2915                      NAPTR DNS RR                September 2000


   communication with a service.  Those considerations are outside the
   scope of this document, and must be addressed by the specifications
   for particular communication protocols.

14. Acknowledgments

   The editors would like to thank Keith Moore for all his consultations
   during the development of this memo.  We would also like to thank
   Paul Vixie for his assistance in debugging our implementation, and
   his answers on our questions.  Finally, we would like to acknowledge
   our enormous intellectual debt to the participants in the Knoxville
   series of meetings, as well as to the participants in the URI and URN
   working groups.

References

   [1]  Mockapetris, P., "Domain names - implementation and
        specification", STD 13, RFC 1035, November 1987.

   [2]  Mockapetris, P., "Domain names - concepts and facilities", STD
        13, RFC 1034, November 1987.

   [3]  Moats, R., "URN Syntax", RFC 2141, May 1997.

   [4]  Gulbrandsen, A., Vixie, P. and L. Esibov, "A DNS RR for
        specifying the location of services (DNS SRV)", RFC 2782,
        February 2000.

   [5]  Crocker, D., "Augmented BNF for Syntax Specifications: ABNF",
        RFC 2234, November 1997.

   [6]  Daniel, R., "A Trivial Convention for using HTTP in URN
        Resolution", RFC 2169, June 1997.

   [7]  Daniel, R. and M. Mealling, "Resolution of Uniform Resource
        Identifiers using the Domain Name System", RFC 2168, June 1997.

   [8]  IEEE, "IEEE Standard for Information Technology - Portable
        Operating System Interface (POSIX) - Part 2: Shell and Utilities
        (Vol. 1)", IEEE Std 1003.2-1992, January 1993.

   [9]  Berners-Lee, T., Fielding, R.T. and L. Masinter, "Uniform
        Resource Identifiers (URI): Generic Syntax", RFC 2396, August
        1998.







Mealling & Daniel           Standards Track                    [Page 16]

RFC 2915                      NAPTR DNS RR                September 2000


Authors' Addresses

   Michael Mealling
   Network Solutions, Inc.
   505 Huntmar Park Drive
   Herndon, VA  22070
   US

   Phone: +1 770 921 2251
   EMail: michaelm@netsol.com
   URI:   http://www.netsol.com


   Ron Daniel
   DATAFUSION, Inc.
   139 Townsend Street, Ste. 100
   San Francisco, CA  94107
   US

   Phone: +1 415 222 0100
   EMail: rdaniel@datafusion.net
   URI:   http://www.datafusion.net





























Mealling & Daniel           Standards Track                    [Page 17]

RFC 2915                      NAPTR DNS RR                September 2000


Full Copyright Statement

   Copyright (C) The Internet Society (2000).  All Rights Reserved.

   This document and translations of it may be copied and furnished to
   others, and derivative works that comment on or otherwise explain it
   or assist in its implementation may be prepared, copied, published
   and distributed, in whole or in part, without restriction of any
   kind, provided that the above copyright notice and this paragraph are
   included on all such copies and derivative works.  However, this
   document itself may not be modified in any way, such as by removing
   the copyright notice or references to the Internet Society or other
   Internet organizations, except as needed for the purpose of
   developing Internet standards in which case the procedures for
   copyrights defined in the Internet Standards process must be
   followed, or as required to translate it into languages other than
   English.

   The limited permissions granted above are perpetual and will not be
   revoked by the Internet Society or its successors or assigns.

   This document and the information contained herein is provided on an
   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Acknowledgement

   Funding for the RFC Editor function is currently provided by the
   Internet Society.



















Mealling & Daniel           Standards Track                    [Page 18]