service
Click on the red underlined text to get to the source
... Domain Name System (DNS) [1] provides an essential service on the
Internet, mapping structured names to a variety of different types of
data. Most often it is used to obtain the IP address of a host ...
... registered trademarks,
company names, types of services, and so on. Such identifiers serve
many business purposes, including extension of brand, advertising,
...
... and so on.
People often make assumptions about the type of service that is or
should be provided by a host associated with that name, based on
...
... 8], the requests for creation of TLDs
associated with mobile devices and services, and even phishing
attacks ...
... context,
an "assumption" is defined as any behavior that is expected when
accessing a service at a domain name, even though the behavior is not
explicitly codified in protocol specifications ...
... DNS is used by
applications. A user of the application obtains an identifier for
particular content or service it wishes to obtain. This identifier
is often a URL or URI ...
... software and/or hardware system) that contacts a server for that
application in order to provide service to the user. To do that, it
contacts a DNS server to resolve the domain name ...
... >From this model, it is clear that three entities in the system can
potentially make false assumptions about the service provided by the
server. The human user may form expectations relating to the content
...
... by the
server. The human user may form expectations relating to the content
of the service based on a parsing of the host name from which the
content originated. The server might assume that the client
connecting ...
... the user receives some kind of an error. This represents a total
interoperability failure, manifesting itself as a lack of service
to users of the system. Unfortunately, this kind of failure
persists. Repeated attempts over time by the client ...
... persists. Repeated attempts over time by the client to access the
service will fail. Only a change in the server or client software
can fix this problem.
...
... user reset). If this failure occurs in a server, not only will
the connecting client lose service, but other clients attempting
to connect will not get service ...
... service, but other clients attempting
to connect will not get service. As an example, if a web server
assumes that content passed to it from a client ...
... client accessing a
streaming media service may receive content of very low bitrate,
even though the client supported better codecs ...
... assumption that a server within a particular domain will provide a
specific type of service. Sub-delegation and evolution, both
discussed below, can make these assumptions wrong.
...
... Indeed, this leakage is a strength of the Internet architecture, not
a weakness. It enables global access to services from any client
with a connection ...
... Internet. That, in turn, allows for rapid
growth in the number of customers for any particular service.
...
... authorities, it becomes increasingly
difficult to maintain any kind of central control on the nature of
the service provided in each sub-domain.
...
... registration of multiple domains in which a
particular service is to run. As an example, a service provider with
the name "example" might register ...
... domains in which a
particular service is to run. As an example, a service provider with
the name "example" might register and set up its services ...
... service provider with
the name "example" might register and set up its services in
"example.com", "example.net", and generally example.foo for each foo
that is a valid ...
... particular protocol in a particular
domain, indicating that the service is available on some port, that
the service ...
... service is available on some port, that
the service is, in fact, running there. This assumption could be
wrong because the SRV records haven't been updated by the system
administrators ...
... wrong because the SRV records haven't been updated by the system
administrators to reflect the services currently running. As another
example, a client might assume that a particular domain policy ...
... clients,
servers, and users should not make assumptions on the nature of the
service provided to, or by, a domain. More specifically, however,
the following can be said:
...
... well-known aliases that can be used to construct
domain names for reaching various well-known services in a domain.
This approach was later followed by the definition of a new resource
record ...
... resource
record, the SRV record [2], which specifies that a particular service
is running on a server in a domain. Although both of these
...
... server in a domain. Although both of these
mechanisms are useful as a hint that a particular service is running
in a domain, both of them represent assumptions that may be false.
...
... 2782prop, an SRV record for a particular service would be present only by
explicit choice of the domain administrator ...
...
assumes that the corresponding host provides this service would be
wrong only because of human error in configuration. In this case,
...
... the assumption is less likely to be wrong, but it certainly can be.
The only way to determine with certainty that a service is running on
a host is to initiate a connection ...
... host is to initiate a connection to the port for that service, and
check. Implementations need to be careful not to codify any
behaviors that cause failures should the information provided in the
...
... availability and usage (or lack thereof) of certain security
protocols and algorithms. For example, a client accessing a service
in a particular domain might assume a specific authentication
algorithm ...
... can result in interoperability failures, or worse yet, providing
service in an insecure way, even though the client asked for, and
thought it would get, secure service ...
... service in an insecure way, even though the client asked for, and
thought it would get, secure service. These kinds of assumptions are
fundamentally unsound even if the records themselves are secured with
DNSSEC ...
... Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS RR for specifying the location of services (DNS SRV)", RFC 2782prop, February 2000. ...
... Hamilton, M. and R. Wright, "Use of DNS Aliases for Network Services", BCP 17, RFC 2219, October 1997. ...