]> NIC Chile

Miraflores 222, piso 14 Santiago CP 8320198 CL +56 2 29407700 hsalgado@nic.cl

ICANN

mauricio.vergara@icann.org

General Internet Engineering Task Force rrserial The "RRSERIAL" EDNS option allows a DNS querier to ask a DNS authoritative server to add a EDNS option in the answer of such query with the SOA serial number field of the origin zone which contains the answered resource record. This "RRSERIAL" data allows to debug problems and diagnosis by helping to recognize the origin of an answer, associating this answer with a respective zone version.

The "RRSERIAL" EDNS option allows a DNS querier to ask a DNS authoritative server to add a EDNS option in the answer of such query with the SOA serial number field of the zone which contains the answered resource record. This "RRSERIAL" data allows to debugging helping to recognize the origin of an answer, associating this answer with a respective zone version. The DNS data is of loose coherent nature, meaning that a record obtained by a response could be out-of-sync with other authoritative sources of the same data. This makes it difficult to debug the responses because you'd need to couple an answer with the version of the zone used to obtain such data. Even when you could use a separate question to ask for the SOA RR of the zone to ask for its serial, this separate question is in another time and could even arrive to another authoritative source, so it's not directly correlated with another query. This EDNS option is aimed only to authorative servers for a zone. Resolvers and forwarders should ignore the option. It's only intended for hop-to-hop communication (not transitive).

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.

The OPTION-CODE for the RRSERIAL option is <TBD>. The OPTION-DATA for the RRSERIAL option is an unsigned 32 bit version number as defined in the SERIAL field of the "SOA RDATA Format" section (3.3.13) of "DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION" (RFC 1035) specification.

The EDNS RRSERIAL option MAY be included on any QUERY, by adding a zero-length EDNS RRSERIAL option to the options field of the OPT record when the query is made.

If an EDNS RRSERIAL option is sent to a server that is authoritative for the zone queried, and the RCODE for the answer is NOERROR, the OPTION-DATA MUST be a copy of the serial field of the SOA resource record of the zone which contains the resource record of the ANSWER section. Otherwise, the answer MUST NOT add an EDNS RRSERIAL option to the response.

>HEADER<<- opcode: QUERY, status: NOERROR, id: 16429 ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; RRSERIAL: 2019073001 ;; QUESTION SECTION: ;www.example.com. IN AAAA ;; ANSWER SECTION: www.example.com. 900 IN AAAA ;; Query time: 53 msec ;; SERVER: authoritative#53(2001:DB8::53) ;; WHEN: Tue Aug 07 16:54:05 -04 2018 ;; MSG SIZE rcvd: 71 ]]>

This document was made by his author in its entirety, so there're no acknowledgements yet.

Ask to IANA for a code point registration for "RRSERIAL" option.

There's no risk on disclosure of private information, as the SERIAL of the SOA record is already publicly available.

&RFC1035; &RFC2119; &RFC6891;

There's a patched NSD server 4.1.23 with support for RRSERIAL with the experimental opcode 65024 maintained in github https://github.com/huguei/nsd/tree/rrserial , and installed for live testing in 200.1.122.30 address with configured zones dateserial.example.com and incserial.example.com; with MX, TXT and AAAA apex records.