NAPTR
Click on the red underlined text to get to the source
... version of the use of SRV and/or a very
restricted application of the use of NAPTR resource records.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
...
... Straightforward-NAPTR (S-NAPTR) Specification ...
... Straightforward-NAPTR (S-NAPTR) Specification ...
... S-NAPTR DDDS Application Usage ...
...
As defined in section 6, NAPTR records are used to store application
service+protocol information for a given domain ...
... DDDS
standard, these records are looked up, and the rewrite rules
(contained in the NAPTR records) are used to determine the successive
DNS lookups until a desirable target ...
... target is found.
For the rest of this section, refer to the set of NAPTR resource
records for example.com, shown in the figure below, where "WP" is the
imagined application service tag ...
... Matching and Non-Matching NAPTR Records ...
... client examines the
SERVICE field to find a match. In the case of the S-NAPTR DDDS
application, this means a SERVICE field that includes the tags ...
... application protocol.
If more than one NAPTR record matches, they are processed in
increasing sort order.
...
... FLAG field is "non-terminal" -- that is,
more NAPTR RR lookups are to be performed. Thus, to process a NAPTR
record ...
... NAPTR RR lookups are to be performed. Thus, to process a NAPTR
record with an empty FLAG field in S-NAPTR, the REPLACEMENT field is
...
... lookups are to be performed. Thus, to process a NAPTR
record with an empty FLAG field in S-NAPTR, the REPLACEMENT field is
used as the target of the next DNS lookup ...
... terminal flags are "S" and "A". These are
called "terminal" NAPTR lookups because they denote the end of the
DDDS ...
... lookups because they denote the end of the
DDDS/NAPTR processing rules. In the case of an "S" flag, the
REPLACEMENT field is used as the target ...
... S-NAPTR and Successive Resolution ...
... service+protocol pair.
These are to be pursued in order until a server is successfully
contacted or all possible matching NAPTR records have been
successively pursued through terminal lookup ...
... is registered; or
o the S-NAPTR-designated DNS lookup fails to yield expected results
-- e.g., no A RR ...
... SRV record for an "S"
target, or no NAPTR record with appropriate application service
and protocol for a NAPTR ...
... NAPTR record with appropriate application service
and protocol for a NAPTR lookup. Except in the case of the very
first NAPTR ...
... NAPTR lookup. Except in the case of the very
first NAPTR lookup, this last is a configuration error: the fact
that example.com has a NAPTR record ...
... NAPTR lookup, this last is a configuration error: the fact
that example.com has a NAPTR record pointing to "bunyip.example"
for the "WP:Whois++" service and protocol means the administrator ...
... of example.com believes that service exists. If bunyip.example
has no "WP:Whois++" NAPTR record, the application client MUST
backtrack and try the next available "WP:Whois++" option from
...
... of a named application service. The first DNS query is for the NAPTR
RRs in the original target ...
... application client that supports more than one
protocol for a given application service, it MUST pursue S-NAPTR
resolution completely for one protocol, exploring all potential
terminal ...
... client MUST NOT start looking for one protocol, observe
that a successive NAPTR RR set supports another of its preferred
protocols, and continue the S-NAPTR ...
... NAPTR RR set supports another of its preferred
protocols, and continue the S-NAPTR resolution based on that
protocol. For example, even if someisp.example offers the "EM"
service ...
... service with protocol "ProtB", there is no reason to believe that it
does so on behalf of example.com (as there is no such pointer in
example.com's NAPTR RR set).
...
...
It MAY choose which protocol to try first based on its own
preference, or on the PREF ranking in the first set of NAPTR records
(i.e., those for the target named domain ...
... target named domain). However, the chosen
protocol MUST be listed in that first NAPTR RR set.
...
...
The purpose of S-NAPTR is to provide application standards developers
with a more powerful framework (than SRV ...
... Although this document proposes a DDDS application that does not use
all the features of NAPTR resource records, it is not intended to
imply that DNS resolvers should fail to implement all aspects of the
...
... imply that DNS resolvers should fail to implement all aspects of the
NAPTR RR standard. A DDDS application is a client ...
... The rest of this section outlines the specific elements that protocol
developers must determine and document to make use of S-NAPTR.
...
...
Application protocol developers who wish to make use of S-NAPTR must
make provisions for registering any relevant application service and
...
... One other important aspect that must be defined is the expected
behaviour for interacting with the servers that are reached via S-
NAPTR. Specifically, under what circumstances should the client
retry a target ...
... client
retry a target that was found via S-NAPTR? What should it consider a
failure that causes it to return to the S-NAPTR process to determine
...
... target that was found via S-NAPTR? What should it consider a
failure that causes it to return to the S-NAPTR process to determine
the next serviceable target, which by definition will have a lower
...
... server, should it retry for some (protocol-dependent) period of time?
Or should it try the next-preferred target in the S-NAPTR chain of
resolution? Should it only try the next-preferred target if it
...
...
The most important thing is to select one expected behaviour and
document it as part of the use of S-NAPTR.
As noted earlier, failure to provide appropriate credentials ...
...
Therefore, application protocol developers using S-NAPTR should
identify the mechanics of the expected identification handshake when
...
...
Although S-NAPTR aims to provide a "straightforward" application of
DDDS and use of NAPTR records ...
... S-NAPTR aims to provide a "straightforward" application of
DDDS and use of NAPTR records, it is still possible to create very
complex chains and dependencies with the NAPTR ...
... NAPTR records, it is still possible to create very
complex chains and dependencies with the NAPTR and SRV records.
...
... Therefore, domain administrators are called upon to use S-NAPTR with
as much restraint as possible while still achieving their service
...
... SRV, and A RRs "reachable" through the S-
NAPTR process for a particular application service can be thought of
as a "tree ...
... service can be thought of
as a "tree". Each NAPTR RR that is retrieved points to more NAPTR or
...
... Therefore,
o fewer branches is better: For both NAPTR and SRV records, provide
different targets ...
... provide more; and
o shallower is better: Avoid using NAPTR records to "rename"
services within a zone. Use NAPTR records ...
... NAPTR records to "rename"
services within a zone. Use NAPTR records to identify services
hosted elsewhere (i.e., where you cannot reasonably provide the
...
... application cannot successfully connect to one target, the
application will be expected to continue through the S-NAPTR tree to
try the (less preferred) alternatives.
...
...
The basic intended use cases for which S-NAPTR has been developed are
as follows
...
... information.
Thus, the set of NAPTR records for thinkingcat.example might look
like this:
...
...
Thus, to find the EM services for thinkingcat.example, the NAPTR
records for thinkingcat.example are retrieved:
thinkingcat.example.
...
... Note that the above sections assume that there was one service
available (via S-NAPTR) per domain. Often, this will not be the
case. Assuming that thinkingcat.example had the CredReg service ...
... service set up as described in Section 4.4, then a client querying
for the NAPTR RR set from thinkingcat.com would get the following
answer:
...
... client would look through the
SERVICE strings to determine whether there was a NAPTR RR that
matched the application service ...
... name server (NS) for thinkingcat.example is reached with a
request for all NAPTR records.
2. The server responds with the NAPTR records ...
... NAPTR records.
2. The server responds with the NAPTR records shown in section 4.3.
3. The second NAPTR record ...
... NAPTR records shown in section 4.3.
3. The second NAPTR record matches the desired criteria; it has an
"s" flag and a replacement fields of "_ProtB._tcp.example.com".
So the client ...
... on server administration rather than on application naming.
Furthermore, although the DDDS specification and use of NAPTR allows
multiple levels of redirection before the target server machine with
...
... an SRV record is located, this proposal requires only a subset of
NAPTR strictly bound to domain names, without making use of the
REGEXP ...
... domain names, without making use of the
REGEXP field of NAPTR. These restrictions make the client's
...
...
resolution process much more predictable and efficient than it would
be with some potential uses of NAPTR records. This is dubbed "S-
NAPTR" -- a "S"traightforward use of NAPTR records ...
... be with some potential uses of NAPTR records. This is dubbed "S-
NAPTR" -- a "S"traightforward use of NAPTR records.
...
... So Why Not Just NAPTR Records? ...
...
This is a trick question. NAPTR records cannot appear in the wild;
see [4]. They must be part of a DDDS application ...
...
The purpose here is to define a single, common mechanism (the DDDS
application) to use NAPTR when all that is desired is simple DNS-
based location of services ...
... registrations, and it's done.
Also, NAPTR has very powerful tools for expressing "rewrite" rules.
This power (==complexity) makes some protocol designers ...
...
The proposed DDDS application specifically uses a subset of NAPTR's
abilities. Only "replacement" expressions are allowed, not "regular
expressions".
...
... DDDS algorithm, if the Flag string is empty the
next lookup is for another NAPTR record (for the replacement target).
...
... [5] specifies that a DDDS Database using the NAPTR DNS resource
record contain the rewrite rules. The Keys for this database are
encoded as domain ...
... First Well-Known Rule produces a domain name, and this is the Key
used for the first look up. The NAPTR records for that domain are
requested.
...
... DNS servers MAY interpret Flag values and use that information to
include appropriate NAPTR, SRV, or A records in the Additional
...
... the Additional Information Processing section of [5] for more
information on NAPTR records and the Additional Information section
of a DNS response packet.
...
... IANA has established and will maintain a registry for S-NAPTR
Application Service Tags, listing at least the following information
...
... security of the DNS queries along the way. If any of
them is compromised, bogus NAPTR and SRV records could be inserted to
redirect clients ...
... clients to unintended destinations. This problem is hardly
unique to S-NAPTR (or NAPTR in general). A full discussion of the
...
... destinations. This problem is hardly
unique to S-NAPTR (or NAPTR in general). A full discussion of the
security threats ...
... the server the original name of the desired destination (i.e., no
transformations that may have resulted from NAPTR replacements,
SRV targets ...
... credential naming fields, nor the name-
matching semantics. Definitions of S-NAPTR for particular
application protocols MUST define these.
...
... Appendix A. Pseudo-Pseudocode for S-NAPTR ...
... pseudocode above does not permit retries -- once complete, it
sheds all context of where in the S-NAPTR tree it finished.
Therefore, client software ...
... RRset processing described in the pseudocode and continue the S-
NAPTR processing if the application code fails to connect to a
located host-port ...
... S-NAPTR processing; or
o use an S-NAPTR resolution routine that finds *all* valid servers
for the required application service ...
...
Sample Python code for S-NAPTR resolution is available from
http://www.verisignlabs.com/pysnaptr-0.1.tgz
...