Home   A   B   C   D   E   F   G   H   I   J   K   L   M   N   O   P   Q   R   S   T   U   V   W   X   Y   Z  

Domain names: Implementation specification :: RFC0883



Network Working Group                                     P. Mockapetris
Request for Comments:  883                                           ISI
                                                           November 1983

            DOMAIN NAMES - IMPLEMENTATION and SPECIFICATION

        +-----------------------------------------------------+
        |                                                     |
        | This memo discusses the implementation of domain    |
        | name servers and resolvers, specifies the format of |
        | transactions, and discusses the use of domain names |
        | in the context of existing mail systems and other   |
        | network software.                                   |
        |                                                     |
        | This memo assumes that the reader is familiar with  |
        | RFC 882, "Domain Names - Concepts and Facilities"   |
        | which discusses the basic principles of domain      |
        | names and their use.                                |
        |                                                     |
        | The algorithms and internal data structures used in |
        | this memo are offered as suggestions rather than    |
        | requirements; implementers are free to design their |
        | own structures so long as the same external         |
        | behavior is achieved.                               |
        |                                                     |
        +-----------------------------------------------------+

   
   

           +-----------------------------------------------+
           |                                               |
           |             *****  WARNING  *****             |
           |                                               |
           | This RFC contains format specifications which |
           | are preliminary and are included for purposes |
           | of explanation only.  Do not attempt to use   |
           | this information for actual implementations.  |
           |                                               |
           +-----------------------------------------------+















Mockapetris                                                     [Page i]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


TABLE OF CONTENTS
   INTRODUCTION........................................................3
      Overview.........................................................3
      Implementation components........................................2
      Conventions......................................................6
      Design philosophy................................................8
   NAME SERVER TRANSACTIONS...........................................11
      Introduction....................................................11
      Query and response transport....................................11
      Overall message format..........................................13
      The contents of standard queries and responses..................15
      Standard query and response example.............................15
      The contents of inverse queries and responses...................17
      Inverse query and response example..............................18
      Completion queries and responses................................19
      Completion query and response example...........................22
      Recursive Name Service..........................................24
      Header section format...........................................26
      Question section format.........................................29
      Resource record format..........................................30
      Domain name representation and compression......................31
      Organization of the Shared database.............................33
      Query processing................................................36
      Inverse query processing........................................37
      Completion query processing.....................................38
   NAME SERVER MAINTENANCE............................................39
      Introduction....................................................39
      Conceptual model of maintenance operations......................39
      Name server data structures and top level logic.................41
      Name server file loading........................................43
      Name server file loading example................................45
      Name server remote zone transfer................................47
   RESOLVER ALGORITHMS................................................50
      Operations......................................................50
   DOMAIN SUPPORT FOR MAIL............................................52
      Introduction....................................................52
      Agent binding...................................................53
      Mailbox binding.................................................54
   Appendix 1 - Domain Name Syntax Specification......................56
   Appendix 2 - Field formats and encodings...........................57
      TYPE values.....................................................57
      QTYPE values....................................................57
      CLASS values....................................................58
      QCLASS values...................................................58
      Standard resource record formats................................59
   Appendix 3 - Internet specific field formats and operations........67
   REFERENCES and BIBLIOGRAPHY........................................72
   INDEX..............................................................73
   


Mockapetris                                                    [Page ii]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


INTRODUCTION

   Overview

      The goal of domain names is to provide a mechanism for naming
      resources in such a way that the names are usable in different
      hosts, networks, protocol families, internets, and administrative
      organizations.

      From the user's point of view, domain names are useful as
      arguments to a local agent, called a resolver, which retrieves
      information associated with the domain name.  Thus a user might
      ask for the host address or mail information associated with a
      particular domain name.  To enable the user to request a
      particular type of information, an appropriate query type is
      passed to the resolver with the domain name.  To the user, the
      domain tree is a single information space.

      From the resolver's point of view, the database that makes up the
      domain space is distributed among various name servers.  Different
      parts of the domain space are stored in different name servers,
      although a particular data item will usually be stored redundantly
      in two or more name servers.  The resolver starts with knowledge
      of at least one name server.  When the resolver processes a user
      query it asks a known name server for the information; in return,
      the resolver either receives the desired information or a referral
      to another name server.  Using these referrals, resolvers learn
      the identities and contents of other name servers.  Resolvers are
      responsible for dealing with the distribution of the domain space
      and dealing with the effects of name server failure by consulting
      redundant databases in other servers.

      Name servers manage two kinds of data.  The first kind of data
      held in sets called zones; each zone is the complete database for
      a particular subtree of the domain space.  This data is called
      authoritative.  A name server periodically checks to make sure
      that its zones are up to date, and if not obtains a new copy of
      updated zones from master files stored locally or in another name
      server.  The second kind of data is cached data which was acquired
      by a local resolver.  This data may be incomplete but improves the
      performance of the retrieval process when non-local data is
      repeatedly accessed.  Cached data is eventually discarded by a
      timeout mechanism.

      This functional structure isolates the problems of user interface,
      failure recovery, and distribution in the resolvers and isolates
      the database update and refresh problems in the name servers.




Mockapetris                                                     [Page 1]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


   Implementation components

      A host can participate in the domain name system in a number of
      ways, depending on whether the host runs programs that retrieve
      information from the domain system, name servers that answer
      queries from other hosts, or various combinations of both
      functions.  The simplest, and perhaps most typical, configuration
      is shown below:

                   Local Host                        |  Foreign   
                                                     |            
      +---------+               +----------+         |  +--------+
      |         | user queries  |          |queries  |  |        |
      |  User   |-------------->|          |---------|->|Foreign |
      | Program |               | Resolver |         |  |  Name  |
      |         |<--------------|          |<--------|--| Server |
      |         | user responses|          |responses|  |        |
      +---------+               +----------+         |  +--------+
                                  |     A            |            
                  cache additions |     | references |            
                                  V     |            |            
                                +----------+         |            
                                | database |         |            
                                +----------+         |            

      User programs interact with the domain name space through
      resolvers; the format of user queries and user responses is
      specific to the host and its operating system.  User queries will
      typically be operating system calls, and the resolver and its
      database will be part of the host operating system.  Less capable
      hosts may choose to implement the resolver as a subroutine to be
      linked in with every program that needs its services.

      Resolvers answer user queries with information they acquire via
      queries to foreign name servers, and may also cache or reference
      domain information in the local database.

      Note that the resolver may have to make several queries to several
      different foreign name servers to answer a particular user query,
      and hence the resolution of a user query may involve several
      network accesses and an arbitrary amount of time.  The queries to
      foreign name servers and the corresponding responses have a
      standard format described in this memo, and may be datagrams.








Mockapetris                                                     [Page 2]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


      Depending on its capabilities, a name server could be a stand
      alone program on a dedicated machine or a process or processes on
      a large timeshared host.  A simple configuration might be:

                   Local Host                        |  Foreign   
                                                     |            
        +---------+                                  |            
       /         /|                                  |            
      +---------+ |             +----------+         |  +--------+
      |         | |             |          |responses|  |        |
      |         | |             |   Name   |---------|->|Foreign |
      |  Master |-------------->|  Server  |         |  |Resolver|
      |  files  | |             |          |<--------|--|        |
      |         |/              |          | queries |  +--------+
      +---------+               +----------+         |            

      Here the name server acquires information about one or more zones
      by reading master files from its local file system, and answers
      queries about those zones that arrive from foreign resolvers.

      A more sophisticated name server might acquire zones from foreign
      name servers as well as local master files.  This configuration is
      shown below:

                   Local Host                        |  Foreign   
                                                     |            
        +---------+                                  |            
       /         /|                                  |            
      +---------+ |             +----------+         |  +--------+
      |         | |             |          |responses|  |        |
      |         | |             |   Name   |---------|->|Foreign |
      |  Master |-------------->|  Server  |         |  |Resolver|
      |  files  | |             |          |<--------|--|        |
      |         |/              |          | queries |  +--------+
      +---------+               +----------+         |            
                                  A     |maintenance |  +--------+
                                  |     \------------|->|        |
                                  |      queries     |  |Foreign |
                                  |                  |  |  Name  |
                                  \------------------|--| Server |
                               maintenance responses |  +--------+

      In this configuration, the name server periodically establishes a
      virtual circuit to a foreign name server to acquire a copy of a
      zone or to check that an existing copy has not changed.  The
      messages sent for these maintenance activities follow the same
      form as queries and responses, but the message sequences are
      somewhat different.



Mockapetris                                                     [Page 3]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


      The information flow in a host that supports all aspects of the
      domain name system is shown below:

                   Local Host                        |  Foreign   
                                                     |            
      +---------+               +----------+         |  +--------+
      |         | user queries  |          |queries  |  |        |
      |  User   |-------------->|          |---------|->|Foreign |
      | Program |               | Resolver |         |  |  Name  |
      |         |<--------------|          |<--------|--| Server |
      |         | user responses|          |responses|  |        |
      +---------+               +----------+         |  +--------+
                                  |     A            |            
                  cache additions |     | references |            
                                  V     |            |            
                                +----------+         |            
                                |  Shared  |         |            
                                | database |         |            
                                +----------+         |            
                                  A     |            |            
        +---------+     refreshes |     | references |            
       /         /|               |     V            |            
      +---------+ |             +----------+         |  +--------+
      |         | |             |          |responses|  |        |
      |         | |             |   Name   |---------|->|Foreign |
      |  Master |-------------->|  Server  |         |  |Resolver|
      |  files  | |             |          |<--------|--|        |
      |         |/              |          | queries |  +--------+
      +---------+               +----------+         |            
                                  A     |maintenance |  +--------+
                                  |     \------------|->|        |
                                  |      queries     |  |Foreign |
                                  |                  |  |  Name  |
                                  \------------------|--| Server |
                               maintenance responses |  +--------+

      The shared database holds domain space data for the local name
      server and resolver.  The contents of the shared database will
      typically be a mixture of authoritative data maintained by the
      periodic refresh operations of the name server and cached data
      from previous resolver requests.  The structure of the domain data
      and the necessity for synchronization between name servers and
      resolvers imply the general characteristics of this database, but
      the actual format is up to the local implementer.  This memo
      suggests a multiple tree format.






Mockapetris                                                     [Page 4]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


      This memo divides the implementation discussion into sections:

         NAME SERVER TRANSACTIONS, which discusses the formats for name
         servers queries and the corresponding responses.

         NAME SERVER MAINTENANCE, which discusses strategies,
         algorithms, and formats for maintaining the data residing in
         name servers.  These services periodically refresh the local
         copies of zones that originate in other hosts.

         RESOLVER ALGORITHMS, which discusses the internal structure of
         resolvers.  This section also discusses data base sharing
         between a name server and a resolver on the same host.

         DOMAIN SUPPORT FOR MAIL, which discusses the use of the domain
         system to support mail transfer.



































Mockapetris                                                     [Page 5]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


   Conventions

      The domain system has several conventions dealing with low-level,
      but fundamental, issues.  While the implementer is free to violate
      these conventions WITHIN HIS OWN SYSTEM, he must observe these
      conventions in ALL behavior observed from other hosts.

             ********** Data Transmission Order **********

      The order of transmission of the header and data described in this
      document is resolved to the octet level.  Whenever a diagram shows
      a group of octets, the order of transmission of those octets is
      the normal order in which they are read in English.  For example,
      in the following diagram the octets are transmitted in the order
      they are numbered.

                                    
                    0                   1           
                    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 
                   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                   |       1       |       2       |
                   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                   |       3       |       4       |
                   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                   |       5       |       6       |
                   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                      Transmission Order of Bytes

      Whenever an octet represents a numeric quantity the left most bit
      in the diagram is the high order or most significant bit.  That
      is, the bit labeled 0 is the most significant bit.  For example,
      the following diagram represents the value 170 (decimal).

                                    
                            0 1 2 3 4 5 6 7 
                           +-+-+-+-+-+-+-+-+
                           |1 0 1 0 1 0 1 0|
                           +-+-+-+-+-+-+-+-+

                          Significance of Bits

      Similarly, whenever a multi-octet field represents a numeric
      quantity the left most bit of the whole field is the most
      significant bit.  When a multi-octet quantity is transmitted the
      most significant octet is transmitted first.





Mockapetris                                                     [Page 6]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


                  ********** Character Case **********

      All comparisons between character strings (e.g. labels, domain
      names, etc.) are done in a case-insensitive manner.

      When data enters the domain system, its original case should be
      preserved whenever possible.  In certain circumstances this cannot
      be done.  For example, if two domain names x.y and X.Y are entered
      into the domain database, they are interpreted as the same name,
      and hence may have a single representation.  The basic rule is
      that case can be discarded only when data is used to define
      structure in a database, and two names are identical when compared
      in a case insensitive manner.

      Loss of case sensitive data must be minimized.  Thus while data
      for x.y and X.Y may both be stored under x.y, data for a.x and B.X
      can be stored as a.x and B.x, but not A.x, A.X, b.x, or b.X.  In
      general, this prevents the first component of a domain name from
      loss of case information.

      Systems administrators who enter data into the domain database
      should take care to represent the data they supply to the domain
      system in a case-consistent manner if their system is
      case-sensitive.  The data distribution system in the domain system
      will ensure that consistent representations are preserved.


























Mockapetris                                                     [Page 7]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


   Design philosophy

      The design presented in this memo attempts to provide a base which
      will be suitable for several existing networks.  An equally
      important goal is to provide these services within a framework
      that is capable of adjustment to fit the evolution of services in
      early clients as well as to accommodate new networks.

      Since it is impossible to predict the course of these
      developments, the domain system attempts to provide for evolution
      in the form of an extensible framework.  This section describes
      the areas in which we expect to see immediate evolution.

      DEFINING THE DATABASE

      This memo defines methods for partitioning the database and data
      for host names, host addresses, gateway information, and mail
      support.  Experience with this system will provide guidance for
      future additions.

      While the present system allows for many new RR types, classes,
      etc., we feel that it is more important to get the basic services
      in operation than to cover an exhaustive set of information.
      Hence we have limited the data types to those we felt were
      essential, and would caution designers to avoid implementations
      which are based on the number of existing types and classes.
      Extensibility in this area is very important.

      While the domain system provides techniques for partitioning the
      database, policies for administrating the orderly connection of
      separate domains and guidelines for constructing the data that
      makes up a particular domain will be equally important to the
      success of the system.   Unfortunately, we feel that experience
      with prototype systems will be necessary before this question can
      be properly addressed.  Thus while this memo has minimal
      discussion of these issues, it is a critical area for development.

      TYING TOGETHER INTERNETS

      Although it is very difficult to characterize the types of
      networks, protocols, and applications that will be clients of the
      domain system, it is very obvious that some of these applications
      will cross the boundaries of network and protocol.  At the very
      least, mail is such a service.

      Attempts to unify two such systems must deal with two major
      problems:

      1. Differing formats for environment sensitive data.  For example,


Mockapetris                                                     [Page 8]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


         network addresses vary in format, and it is unreasonable to
         expect to enforce consistent conventions.

      2. Connectivity may require intermediaries.  For example, it is a
         frequent occurence that mail is sent between hosts that share
         no common protocol.

      The domain system acknowledges that these are very difficult
      problems, and attempts to deal with both problems through its
      CLASS mechanism:

      1. The CLASS field in RRs allows data to be tagged so that all
         programs in the domain system can identify the format in use.

      2. The CLASS field allows the requestor to identify the format of
         data which can be understood by the requestor.

      3. The CLASS field guides the search for the requested data.

      The last point is central to our approach.  When a query crosses
      protocol boundaries, it must be guided though agents capable of
      performing whatever translation is required.  For example, when a
      mailer wants to identify the location of a mailbox in a portion of
      the domain system that doesn't have a compatible protocol, the
      query must be guided to a name server that can cross the boundary
      itself or form one link in a chain that can span the differences.

      If query and response transport were the only problem, then this
      sort of problem could be dealt with in the name servers
      themselves.  However, the applications that will use domain
      service have similar problems.  For example, mail may need to be
      directed through mail gateways, and the characteristics of one of
      the environments may not permit frequent connectivity between name
      servers in all environments.

      These problems suggest that connectivity will be achieved through
      a variety of measures:

         Translation name servers that act as relays between different
         protocols.

         Translation application servers that translate application
         level transactions.

         Default database entries that route traffic through application
         level forwarders in ways that depend on the class of the
         requestor.

      While this approach seems best given our current understanding of


Mockapetris                                                     [Page 9]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


      the problem, we realize that the approach of using resource data
      that transcends class may be appropriate in future designs or
      applications.  By not defining class to be directly related to
      protocol, network, etc., we feel that such services could be added
      by defining a new "universal" class, while the present use of
      class will provide immediate service.

      This problem requires more thought and experience before solutions
      can be discovered.  The concepts of CLASS, recursive servers and
      other mechanisms are intended as tools for acquiring experience
      and not as final solutions.








































Mockapetris                                                    [Page 10]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


NAME SERVER TRANSACTIONS

   Introduction

      The primary purpose of name servers is to receive queries from
      resolvers and return responses.  The overall model of this service
      is that a program (typically a resolver) asks the name server
      questions (queries) and gets responses that either answer the
      question or refer the questioner to another name server.  Other
      functions related to name server database maintenance use similar
      procedures and formats and are discussed in a section later in
      this memo.

      There are three kinds of queries presently defined:

         1. Standard queries that ask for a specified resource attached
            to a given domain name.

         2. Inverse queries that specify a resource and ask for a domain
            name that possesses that resource.

         3. Completion queries that specify a partial domain name and a
            target domain and ask that the partial domain name be
            completed with a domain name close to the target domain.

      This memo uses an unqualified reference to queries to refer to
      either all queries or standard queries when the context is clear.

   Query and response transport

      Name servers and resolvers use a single message format for all
      communications.  The message format consists of a variable-length
      octet string which includes binary values.

      The messages used in the domain system are designed so that they
      can be carried using either datagrams or virtual circuits.  To
      accommodate the datagram style, all responses carry the query as
      part of the response.

      While the specification allows datagrams to be used in any
      context, some activities are ill suited to datagram use.  For
      example, maintenance transactions and recursive queries typically
      require the error control of virtual circuits.  Thus datagram use
      should be restricted to simple queries.

      The domain system assumes that a datagram service provides:

         1. A non-reliable (i.e. best effort) method of transporting a
            message of up to 512 octets.


Mockapetris                                                    [Page 11]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


            Hence datagram messages are limited to 512 octets.  If a
            datagram message would exceed 512 octets, it is truncated
            and a truncation flag is set in its header.

         2. A message size that gives the number of octets in the
            datagram.

      The main implications for programs accessing name servers via
      datagrams are:

         1. Datagrams should not be used for maintenance transactions
            and recursive queries.

         2. Since datagrams may be lost, the originator of a query must
            perform error recovery (such as retransmissions) as
            appropriate.

         3. Since network or host delay may cause retransmission when a
            datagram has not been lost, the originator of a query must
            be ready to deal with duplicate responses.

      The domain system assumes that a virtual circuit service provides:

         1. A reliable method of transmitting a message of up to 65535
            octets.

         2. A message size that gives the number of octets in the
            message.

            If the virtual circuit service does not provide for message
            boundary detection or limits transmission size to less than
            65535 octets, then messages are prefaced with an unsigned 16
            bit length field and broken up into separate transmissions
            as required.  The length field is only prefaced on the first
            message.  This technique is used for TCP virtual circuits.

         3. Multiple messages may be sent over a virtual circuit.

         4. A method for closing a virtual circuit.

         5. A method for detecting that the other party has requested
            that the virtual circuit be closed.

      The main implications for programs accessing name servers via
      virtual circuits are:

         1. Either end of a virtual circuit may initiate a close when
            there is no activity in progress.  The other end should
            comply.


Mockapetris                                                    [Page 12]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


            The decision to initiate a close is a matter of individual
            site policy; some name servers may leave a virtual circuit
            open for an indeterminate period following a query to allow
            for subsequent queries; other name servers may choose to
            initiate a close following the completion of the first query
            on a virtual circuit.  Of course, name servers should not
            close the virtual circuit in the midst of a multiple message
            stream used for zone transfer.

         2. Since network delay may cause one end to erroneously believe
            that no activity is in progress, a program which receives a
            virtual circuit close while a query is in progress should
            close the virtual circuit and resubmit the query on a new
            virtual circuit.

      All messages may use a compression scheme to reduce the space
      consumed by repetitive domain names.  The use of the compression
      scheme is optional for the sender of a message, but all receivers
      must be capable of decoding compressed domain names.

   Overall message format

      All messages sent by the domain system are divided into 5 sections
      (some of which are empty in certain cases) shown below:

       +---------------------+                                   
       |        Header       |                                   
       +---------------------+                                   
       |       Question      | the question for the name server  
       +---------------------+                                   
       |        Answer       | answering resource records (RRs)  
       +---------------------+                                   
       |      Authority      | RRs pointing toward an authority  
       +---------------------+                                   
       |      Additional     | RRs holding pertinent information 
       +---------------------+                                   

      The header section is always present.  The header includes fields
      that specify which of the remaining sections are present, and also
      specify whether the message is a query, inverse query, completion
      query, or response.

      The question section contains fields that describe a question to a
      name server.  These fields are a query type (QTYPE), a query class
      (QCLASS), and a query domain name (QNAME).

      The last three sections have the same format: a possibly empty
      list of concatenated resource records (RRs).  The answer section
      contains RRs that answer the question; the authority section


Mockapetris                                                    [Page 13]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


      contains RRs that point toward an authoritative name server; the
      additional records section contains RRs which relate to the query,
      but are not strictly answers for the question.

      The next two sections of this memo illustrate the use of these
      message sections through examples; a detailed discussion of data
      formats follows the examples.












































Mockapetris                                                    [Page 14]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


   The contents of standard queries and responses

      When a name server processes a standard query, it first determines
      whether it is an authority for the domain name specified in the
      query.

      If the name server is an authority, it returns either:

         1. the specified resource information

         2. an indication that the specified name does not exist

         3. an indication that the requested resource information does
            not exist

      If the name server is not an authority for the specified name, it
      returns whatever relevant resource information it has along with
      resource records that the requesting resolver can use to locate an
      authoritative name server.

   Standard query and response example

      The overall structure of a query for retrieving information for
      Internet mail for domain F.ISI.ARPA is shown below:

                          +-----------------------------------------+
            Header        |          OPCODE=QUERY, ID=2304          |
                          +-----------------------------------------+
           Question       |QTYPE=MAILA, QCLASS=IN, QNAME=F.ISI.ARPA |
                          +-----------------------------------------+
            Answer        |                                  |
                          +-----------------------------------------+
           Authority      |                                  |
                          +-----------------------------------------+
          Additional      |                                  |
                          +-----------------------------------------+

      The header includes an opcode field that specifies that this
      datagram is a query, and an ID field that will be used to
      associate replies with the original query.  (Some additional
      header fields have been omitted for clarity.)  The question
      section specifies that the type of the query is for mail agent
      information, that only ARPA Internet information is to be
      considered, and that the domain name of interest is F.ISI.ARPA.
      The remaining sections are empty, and would not use any octets in
      a real query.





Mockapetris                                                    [Page 15]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


      One possible response to this query might be:

                          +-----------------------------------------+
            Header        |        OPCODE=RESPONSE, ID=2304         |
                          +-----------------------------------------+
           Question       |QTYPE=MAILA, QCLASS=IN, QNAME=F.ISI.ARPA |
                          +-----------------------------------------+
            Answer        |                                  |
                          +-----------------------------------------+
           Authority      |          ARPA NS IN A.ISI.ARPA          |
                          |                 -------                 |
                          |          ARPA NS IN F.ISI.ARPA          |
                          +-----------------------------------------+
           Additional     |        F.ISI.ARPA A IN 10.2.0.52        |
                          |                 -------                 |
                          |        A.ISI.ARPA A IN 10.1.0.22        |
                          +-----------------------------------------+

      This type of response would be returned by a name server that was
      not an authority for the domain name F.ISI.ARPA.  The header field
      specifies that the datagram is a response to a query with an ID of
      2304.  The question section is copied from the question section in
      the query datagram.

      The answer section is empty because the name server did not have
      any information that would answer the query.  (Name servers may
      happen to have cached information even if they are not
      authoritative for the query.)

      The best that this name server could do was to pass back
      information for the domain ARPA.  The authority section specifies
      two name servers for the domain ARPA using the Internet family:
      A.ISI.ARPA and F.ISI.ARPA.  Note that it is merely a coincidence
      that F.ISI.ARPA is a name server for ARPA as well as the subject
      of the query.

      In this case, the name server included in the additional records
      section the Internet addresses for the two hosts specified in the
      authority section.  Such additional data is almost always
      available.

      Given this response, the process that originally sent the query
      might resend the query to the name server on A.ISI.ARPA, with a
      new ID of 2305.







Mockapetris                                                    [Page 16]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


      The name server on A.ISI.ARPA might return a response:

                          +-----------------------------------------+
            Header        |        OPCODE=RESPONSE, ID=2305         |
                          +-----------------------------------------+
           Question       |QTYPE=MAILA, QCLASS=IN, QNAME=F.ISI.ARPA |
                          +-----------------------------------------+
            Answer        |       F.ISI.ARPA MD IN F.ISI.ARPA       |
                          |                 -------                 |
                          |       F.ISI.ARPA MF IN A.ISI.ARPA       |
                          +-----------------------------------------+
           Authority      |                                  |
                          +-----------------------------------------+
          Additional      |        F.ISI.ARPA A IN 10.2.0.52        |
                          |                 -------                 |
                          |        A.ISI.ARPA A IN 10.1.0.22        |
                          +-----------------------------------------+

      This query was directed to an authoritative name server, and hence
      the response includes an answer but no authority records.  In this
      case, the answer section specifies that mail for F.ISI.ARPA can
      either be delivered to F.ISI.ARPA or forwarded to A.ISI.ARPA.  The
      additional records section specifies the Internet addresses of
      these hosts.

   The contents of inverse queries and responses

      Inverse queries reverse the mappings performed by standard query
      operations; while a standard query maps a domain name to a
      resource, an inverse query maps a resource to a domain name.  For
      example, a standard query might bind a domain name to a host
      address; the corresponding inverse query binds the host address to
      a domain name.

      Inverse query mappings are not guaranteed to be unique or complete
      because the domain system does not have any internal mechanism for
      determining authority from resource records that parallels the
      capability for determining authority as a function of domain name.
      In general, resolvers will be configured to direct inverse queries
      to a name server which is known to have the desired information.

      Name servers are not required to support any form of inverse
      queries; it is anticipated that most name servers will support
      address to domain name conversions, but no other inverse mappings.
      If a name server receives an inverse query that it does not
      support, it returns an error response with the "Not Implemented"
      error set in the header.  While inverse query support is optional,
      all name servers must be at least able to return the error
      response.


Mockapetris                                                    [Page 17]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


      When a name server processes an inverse query, it either returns:

         1. zero, one, or multiple domain names for the specified
         resource

         2. an error code indicating that the name server doesn't
            support inverse mapping of the specified resource type.

   Inverse query and response example

      The overall structure of an inverse query for retrieving the
      domain name that corresponds to Internet address 10.2.0.52 is
      shown below:

                          +-----------------------------------------+
            Header        |          OPCODE=IQUERY, ID=997          |
                          +-----------------------------------------+
           Question       |                                  |
                          +-----------------------------------------+
            Answer        |         A IN 10.2.0.52         |
                          +-----------------------------------------+
           Authority      |                                  |
                          +-----------------------------------------+
          Additional      |                                  |
                          +-----------------------------------------+

      This query asks for a question whose answer is the Internet style
      address 10.2.0.52.  Since the owner name is not known, any domain
      name can be used as a placeholder (and is ignored).  The response
      to this query might be:

                          +-----------------------------------------+
            Header        |         OPCODE=RESPONSE, ID=997         |
                          +-----------------------------------------+
           Question       |   QTYPE=A, QCLASS=IN, QNAME=F.ISI.ARPA  |
                          +-----------------------------------------+
            Answer        |       F.ISI.ARPA A IN 10.2.0.52         |
                          +-----------------------------------------+
           Authority      |                                  |
                          +-----------------------------------------+
          Additional      |                                  |
                          +-----------------------------------------+

      Note that the QTYPE in a response to an inverse query is the same
      as the TYPE field in the answer section of the inverse query.
      Responses to inverse queries may contain multiple questions when
      the inverse is not unique.




Mockapetris                                                    [Page 18]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


   Completion queries and responses

      Completion queries ask a name server to complete a partial domain
      name and return a set of RRs whose domain names meet a specified
      set of criteria for "closeness" to the partial input.  This type
      of query can provide a local shorthand for domain names or command
      completion similar to that in TOPS-20.

      Implementation of completion query processing is optional in a
      name server.  However, a name server must return a "Not
      Implemented" (NI) error response if it does not support
      completion.

      The arguments in a completion query specify:

      1. A type in QTYPE that specifies the type of the desired name.
         The type is used to restrict the type of RRs which will match
         the partial input so that completion queries can be used for
         mailbox names, host names, or any other type of RR in the
         domain system without concern for matches to the wrong type of
         resource.

      2. A class in QCLASS which specifies the desired class of the RR.

      3. A partial domain name that gives the input to be completed.
         All returned RRs will begin with the partial string.  The
         search process first looks for names which qualify under the
         assumption that the partial string ends with a full label
         ("whole label match"); if this search fails, the search
         continues under the assumption that the last label in the
         partial sting may be an incomplete label ("partial label
         match").  For example, if the partial string "Smith" was used
         in a mailbox completion, it would match Smith@ISI.ARPA in
         preference to Smithsonian@ISI.ARPA.

         The partial name is supplied by the user through the user
         program that is using domain services.  For example, if the
         user program is a mail handler, the string might be "Mockap"
         which the user intends as a shorthand for the mailbox
         Mockapetris@ISI.ARPA; if the user program is TELNET, the user
         might specify "F" for F.ISI.ARPA.

         In order to make parsing of messages consistent, the partial
         name is supplied in domain name format (i.e. a sequence of
         labels terminated with a zero length octet).  However, the
         trailing root label is ignored during matching.

      4. A target domain name which specifies the domain which is to be
         examined for matches.  This name is specified in the additional


Mockapetris                                                    [Page 19]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


         section using a NULL RR.  All returned names will end with the
         target name.

         The user program which constructs the query uses the target
         name to restrict the search.  For example, user programs
         running at ISI might restrict completion to names that end in
         ISI.ARPA; user programs running at MIT might restrict
         completion to the domain MIT.ARPA.

         The target domain name is also used by the resolver to
         determine the name server which should be used to process the
         query.  In general, queries should be directed to a name server
         that is authoritative for the target domain name.  User
         programs which wish to provide completion for a more than one
         target can issue multiple completion queries, each directed at
         a different target.  Selection of the target name and the
         number of searches will depend on the goals of the user
         program.

      5. An opcode for the query.  The two types of completion queries
         are "Completion Query - Multiple", or CQUERYM, which asks for
         all RRs which could complete the specified input, and
         "Completion Query - Unique", or CQUERYU, which asks for the
         "best" completion.

         CQUERYM is used by user programs which want to know if
         ambiguities exist or wants to do its own determinations as to
         the best choice of the available candidates.

         CQUERYU is used by user programs which either do not wish to
         deal with multiple choices or are willing to use the closeness
         criteria used by CQUERYU to select the best match.

      When a name server receives either completion query, it first
      looks for RRs that begin (on the left) with the same labels as are
      found in QNAME (with the root deleted), and which match the QTYPE
      and QCLASS.  This search is called "whole label" matching.  If one
      or more hits are found the name server either returns all of the
      hits (CQUERYM) or uses the closeness criteria described below to
      eliminate all but one of the matches (CQUERYU).

      If the whole label match fails to find any candidates, then the
      name server assumes that the rightmost label of QNAME (after root
      deletion) is not a complete label, and looks for candidates that
      would match if characters were added (on the right) to the
      rightmost label of QNAME.  If one or more hits are found the name
      server either returns all of the hits (CQUERYM) or uses the
      closeness criteria described below to eliminate all but one of the
      matches (CQUERYU).


Mockapetris                                                    [Page 20]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


      If a CQUERYU query encounters multiple hits, it uses the following
      sequence of rules to discard multiple hits:

      1. Discard candidates that have more labels than others.  Since
         all candidates start with the partial name and end with the
         target name, this means that we select those entries that
         require the fewest number of added labels.  For example, a host
         search with a target of "ISI.ARPA" and a partial name of "A"
         will select A.ISI.ARPA in preference to A.IBM-PCS.ISI.ARPA.

      2. If partial label matching was used, discard those labels which
         required more characters to be added.  For example, a mailbox
         search for partial "X" and target "ISI.ARPA" would prefer
         XX@ISI.ARPA to XYZZY@ISI.ARPA.

      If multiple hits are still present, return all hits.

      Completion query mappings are not guaranteed to be unique or
      complete because the domain system does not have any internal
      mechanism for determining authority from a partial domain name
      that parallels the capability for determining authority as a
      function of a complete domain name.  In general, resolvers will be
      configured to direct completion queries to a name server which is
      known to have the desired information.

      When a name server processes a completion query, it either
      returns:

         1. An answer giving zero, one, or more possible completions.

         2. an error response with Not Implemented (NI) set.




















Mockapetris                                                    [Page 21]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


   Completion query and response example

      Suppose that the completion service was used by a TELNET program
      to allow a user to specify a partial domain name for the desired
      host.  Thus a user might ask to be connected to "B".  Assuming
      that the query originated from an ISI machine, the query might
      look like:

                          +-----------------------------------------+
            Header        |         OPCODE=CQUERYU, ID=409          |
                          +-----------------------------------------+
           Question       |       QTYPE=A, QCLASS=IN, QNAME=B       |
                          +-----------------------------------------+
            Answer        |                                  |
                          +-----------------------------------------+
           Authority      |                                  |
                          +-----------------------------------------+
          Additional      |             ISI.ARPA NULL IN            |
                          +-----------------------------------------+

      The partial name in the query is "B", the mappings of interest are
      ARPA Internet address records, and the target domain is ISI.ARPA.
      Note that NULL is a special type of NULL resource record that is
      used as a placeholder and has no significance; NULL RRs obey the
      standard format but have no other function.

      The response to this completion query might be:

                          +-----------------------------------------+
            Header        |         OPCODE=RESPONSE, ID=409         |
                          +-----------------------------------------+
           Question       |       QTYPE=A, QCLASS=IN, QNAME=B       |
                          +-----------------------------------------+
            Answer        |        B.ISI.ARPA A IN 10.3.0.52        |
                          +-----------------------------------------+
           Authority      |                                  |
                          +-----------------------------------------+
          Additional      |             ISI.ARPA NULL IN            |
                          +-----------------------------------------+

      This response has completed B to mean B.ISI.ARPA.










Mockapetris                                                    [Page 22]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


      Another query might be:

                          +-----------------------------------------+
            Header        |         OPCODE=CQUERYM, ID=410          |
                          +-----------------------------------------+
           Question       |       QTYPE=A, QCLASS=IN, QNAME=B       |
                          +-----------------------------------------+
            Answer        |                                  |
                          +-----------------------------------------+
           Authority      |                                  |
                          +-----------------------------------------+
          Additional      |               ARPA NULL IN              |
                          +-----------------------------------------+

      This query is similar to the previous one, but specifies a target
      of ARPA rather than ISI.ARPA.  It also allows multiple matches.
      In this case the same name server might return:

                          +-----------------------------------------+
            Header        |         OPCODE=RESPONSE, ID=410         |
                          +-----------------------------------------+
           Question       |       QTYPE=A, QCLASS=IN, QNAME=B       |
                          +-----------------------------------------+
            Answer        |        B.ISI.ARPA A IN 10.3.0.52        |
                          |                    -                    |
                          |        B.BBN.ARPA A IN 10.0.0.49        |
                          |                    -                    |
                          |        B.BBNCC.ARPA A IN 8.1.0.2        |
                          +-----------------------------------------+
           Authority      |                                  |
                          +-----------------------------------------+
          Additional      |               ARPA NULL IN              |
                          +-----------------------------------------+

      This response contains three answers, B.ISI.ARPA, B.BBN.ARPA, and
      B.BBNCC.ARPA.















Mockapetris                                                    [Page 23]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


   Recursive Name Service

      Recursive service is an optional feature of name servers.

      When a name server receives a query regarding a part of the name
      space which is not in one of the name server's zones, the standard
      response is a message that refers the requestor to another name
      server.  By iterating on these referrals, the requestor eventually
      is directed to a name server that has the required information.

      Name servers may also implement recursive service.  In this type
      of service, a name server either answers immediately based on
      local zone information, or pursues the query for the requestor and
      returns the eventual result back to the original requestor.

      A name server that supports recursive service sets the Recursion
      Available (RA) bit in all responses it generates.  A requestor
      asks for recursive service by setting the Recursion Desired (RD)
      bit in queries.  In some situations where recursive service is the
      only path to the desired information (see below), the name server
      may go recursive even if RD is zero.

      If a query requests recursion (RD set), but the name server does
      not support recursion, and the query needs recursive service for
      an answer, the name server returns a "Not Implemented" (NI) error
      code.  If the query can be answered without recursion since the
      name server is authoritative for the query, it ignores the RD bit.

      Because of the difficulty in selecting appropriate timeouts and
      error handling, recursive service is best suited to virtual
      circuits, although it is allowed for datagrams.

      Recursive service is valuable in several special situations:

         In a system of small personal computers clustered around one or
         more large hosts supporting name servers, the recursive
         approach minimizes the amount of code in the resolvers in the
         personal computers.  Such a design moves complexity out of the
         resolver into the name server, and may be appropriate for such
         systems.

         Name servers on the boundaries of different networks may wish
         to offer recursive service to create connectivity between
         different networks.  Such name servers may wish to provide
         recursive service regardless of the setting of RD.

         Name servers that translate between domain name service and
         some other name service may wish to adopt the recursive style.
         Implicit recursion may be valuable here as well.


Mockapetris                                                    [Page 24]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


      These concepts are still under development.


















































Mockapetris                                                    [Page 25]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


   Header section format

           +-----------------------------------------------+
           |                                               |
           |             *****  WARNING  *****             |
           |                                               |
           |  The following format is preliminary and is   |
           | included for purposes of explanation only. In |
           | particular, the size and position of the      |
           | OPCODE, RCODE fields and the number and       |
           | meaning of the single bit fields are subject  |
           | to change.                                    |
           |                                               |
           +-----------------------------------------------+

      The header contains the following fields:

                                           1  1  1  1  1  1 
             0  1  2  3  4  5  6  7  8  9  0  1  2  3  4  5 
           +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
           |                      ID                       |
           +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
           |QR|   Opcode  |AA|TC|RD|RA|        |   RCODE   |
           +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
           |                    QDCOUNT                    |
           +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
           |                    ANCOUNT                    |
           +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
           |                    NSCOUNT                    |
           +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
           |                    ARCOUNT                    |
           +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

      where:

      ID      - A 16 bit identifier assigned by the program that
                generates any kind of query.  This identifier is copied
                into all replies and can be used by the requestor to
                relate replies to outstanding questions.

      QR      - A one bit field that specifies whether this message is a
                query (0), or a response (1).

      OPCODE  - A four bit field that specifies kind of query in this
                message.  This value is set by the originator of a query
                and copied into the response.  The values are:

                        0   a standard query (QUERY)



Mockapetris                                                    [Page 26]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


                        1   an inverse query (IQUERY)

                        2   an completion query allowing multiple
                            answers (CQUERYM)

                        2   an completion query requesting a single
                            answer (CQUERYU)

                        4-15 reserved for future use

      AA      - Authoritative Answer - this bit is valid in responses,
                         and specifies that the responding name server
                         is an authority for the domain name in the
                         corresponding query.

      TC      - TrunCation - specifies that this message was truncated
                         due to length greater than 512 characters.
                         This bit is valid in datagram messages but not
                         in messages sent over virtual circuits.

      RD      - Recursion Desired - this bit may be set in a query and
                         is copied into the response.  If RD is set, it
                         directs the name server to pursue the query
                         recursively.  Recursive query support is
                         optional.

      RA      - Recursion Available - this be is set or cleared in a
                         response, and denotes whether recursive query
                         support is available in the name server.

      RCODE   - Response code - this 4 bit field is set as part of
                         responses.  The values have the following
                         interpretation:

                        0    No error condition

                        1    Format error - The name server was unable
                             to interpret the query.

                        2    Server failure - The name server was unable
                             to process this query due to a problem with
                             the name server.

                        3    Name Error - Meaningful only for responses
                             from an authoritative name server, this
                             code signifies that the domain name
                             referenced in the query does not exist.




Mockapetris                                                    [Page 27]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


                        4    Not Implemented - The name server does not
                             support the requested kind of query.

                        5    Refused - The name server refuses to
                             perform the specified operation for policy
                             reasons.  For example, a name server may
                             not wish to provide the information to the
                             particular requestor, or a name server may
                             not wish to perform a particular operation
                             (e.g. zone transfer) for particular data.

                        6-15 Reserved for future use.

      QDCOUNT - an unsigned 16 bit integer specifying the number of
                entries in the question section.

      ANCOUNT - an unsigned 16 bit integer specifying the number of
                resource records in the answer section.

      NSCOUNT - an unsigned 16 bit integer specifying the number of name
                server resource records in the authority records
                section.

      ARCOUNT - an unsigned 16 bit integer specifying the number of
                resource records in the additional records section.


























Mockapetris                                                    [Page 28]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


   Question section format

      The question section is used in all kinds of queries other than
      inverse queries.  In responses to inverse queries, this section
      may contain multiple entries; for all other responses it contains
      a single entry.  Each entry has the following format:

                                           1  1  1  1  1  1 
             0  1  2  3  4  5  6  7  8  9  0  1  2  3  4  5 
           +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
           |                                               |
           /                     QNAME                     /
           /                                               /
           +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
           |                     QTYPE                     |
           +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
           |                     QCLASS                    |
           +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

      where:

      QNAME -   a variable number of octets that specify a domain name.
                This field uses the compressed domain name format
                described in the next section of this memo.  This field
                can be used to derive a text string for the domain name.
                Note that this field may be an odd number of octets; no
                padding is used.

      QTYPE -   a two octet code which specifies the type of the query.
                The values for this field include all codes valid for a
                TYPE field, together with some more general codes which
                can match more than one type of RR.  For example, QTYPE
                might be A and only match type A RRs, or might be MAILA,
                which matches MF and MD type RRs.  The values for this
                field are listed in Appendix 2.

      QCLASS -  a two octet code that specifies the class of the query.
                For example, the QCLASS field is IN for the ARPA
                Internet, CS for the CSNET, etc.  The numerical values
                are defined in Appendix 2.











Mockapetris                                                    [Page 29]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


   Resource record format

      The answer, authority, and additional sections all share the same
      format: a variable number of resource records, where the number of
      records is specified in the corresponding count field in the
      header.  Each resource record has the following format:

                                           1  1  1  1  1  1 
             0  1  2  3  4  5  6  7  8  9  0  1  2  3  4  5 
           +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
           |                                               |
           /                                               /
           /                      NAME                     /
           |                                               |
           +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
           |                      TYPE                     |
           +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
           |                     CLASS                     |
           +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
           |                      TTL                      |
           +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
           |                   RDLENGTH                    |
           +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--|
           /                     RDATA                     /
           /                                               /
           +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

      where:

      NAME    - a compressed domain name to which this resource record
                pertains.

      TYPE    - two octets containing one of the RR type codes defined
                in Appendix 2.  This field specifies the meaning of the
                data in the RDATA field.

      CLASS   - two octets which specify the class of the data in the
                RDATA field.

      TTL     - a 16 bit unsigned integer that specifies the time
                interval (in seconds) that the resource record may be
                cached before it should be discarded.  Zero values are
                interpreted to mean that the RR can only be used for the
                transaction in progress, and should not be cached.  For
                example, SOA records are always distributed with a zero
                TTL to prohibit caching.  Zero values can also be used
                for extremely volatile data.




Mockapetris                                                    [Page 30]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


      RDLENGTH- an unsigned 16 bit integer that specifies the length in
                octets of the RDATA field.

      RDATA   - a variable length string of octets that describes the
                resource.  The format of this information varies
                according to the TYPE and CLASS of the resource record.
                For example, the if the TYPE is A and the CLASS is IN,
                the RDATA field is a 4 octet ARPA Internet address.

      Formats for particular resource records are shown in Appendicies 2
      and 3.

   Domain name representation and compression

      Domain names messages are expressed in terms of a sequence of
      labels.  Each label is represented as a one octet length field
      followed by that number of octets.  Since every domain name ends
      with the null label of the root, a compressed  domain name is
      terminated by a length byte of zero.  The high order two bits of
      the length field must be zero, and the remaining six bits of the
      length field limit the label to 63 octets or less.

      To simplify implementations, the total length of label octets and
      label length octets that make up a domain name is restricted to
      255 octets or less.  Since the trailing root label and its dot are
      not printed, printed domain names are 254 octets or less.

      Although labels can contain any 8 bit values in octets that make
      up a label, it is strongly recommended that labels follow the
      syntax described in Appendix 1 of this memo, which is compatible
      with existing host naming conventions.  Name servers and resolvers
      must compare labels in a case-insensitive manner, i.e. A=a, and
      hence all character strings must be ASCII with zero parity.
      Non-alphabetic codes must match exactly.

      Whenever possible, name servers and resolvers must preserve all 8
      bits of domain names they process.  When a name server is given
      data for the same name under two different case usages, this
      preservation is not always possible.  For example, if a name
      server is given data for ISI.ARPA and isi.arpa, it should create a
      single node, not two, and hence will preserve a single casing of
      the label.  Systems with case sensitivity should take special
      precautions to insure that the domain data for the system is
      created with consistent case.

      In order to reduce the amount of space used by repetitive domain
      names, the sequence of octets that defines a domain name may be
      terminated by a pointer to the length octet of a previously
      specified label string.  The label string that the pointer


Mockapetris                                                    [Page 31]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


      specifies is appended to the already specified label string.
      Exact duplication of a previous label string can be done with a
      single pointer.  Multiple levels are allowed.

      Pointers can only be used in positions in the message where the
      format is not class specific.  If this were not the case, a name
      server that was handling a RR for another class could make
      erroneous copies of RRs.  As yet, there are no such cases, but
      they may occur in future RDATA formats.

      If a domain name is contained in a part of the message subject to
      a length field (such as the RDATA section of an RR), and
      compression is used, the length of the compressed name is used in
      the length calculation, rather than the length of the expanded
      name.

      Pointers are represented as a two octet field in which the high
      order 2 bits are ones, and the low order 14 bits specify an offset
      from the start of the message.  The 01 and 10 values of the high
      order bits are reserved for future use and should not be used.

      Programs are free to avoid using pointers in datagrams they
      generate, although this will reduce datagram capacity.  However
      all programs are required to understand arriving messages that
      contain pointers.

      For example, a datagram might need to use the domain names
      F.ISI.ARPA, FOO.F.ISI.ARPA, ARPA, and the root.  Ignoring the
      other fields of the message, these domain names might be
      represented as:





















Mockapetris                                                    [Page 32]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


             +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
          20 |           1           |           F           |
             +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
          22 |           3           |           I           |
             +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
          24 |           S           |           I           |
             +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
          26 |           4           |           A           |
             +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
          28 |           R           |           P           |
             +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
          30 |           A           |           0           |
             +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

             +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
          40 |           3           |           F           |
             +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
          42 |           O           |           O           |
             +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
          44 | 1  1|                20                       |
             +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

             +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
          64 | 1  1|                26                       |
             +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

             +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
          92 |           0           |                       |
             +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

      The domain name for F.ISI.ARPA is shown at offset 20.  The domain
      name FOO.F.ISI.ARPA is shown at offset 40; this definition uses a
      pointer to concatenate a label for FOO to the previously defined
      F.ISI.ARPA.  The domain name ARPA is defined at offset 64 using a
      pointer to the ARPA component of the name F.ISI.ARPA at 20; note
      that this reference relies on ARPA being the last label in the
      string at 20.  The root domain name is defined by a single octet
      of zeros at 92; the root domain name has no labels.

   Organization of the Shared database

      While name server implementations are free to use any internal
      data structures they choose, the suggested structure consists of
      several separate trees.  Each tree has structure corresponding to
      the domain name space, with RRs attached to nodes and leaves.
      Each zone of authoritative data has a separate tree, and one tree
      holds all non-authoritative data.  All of the trees corresponding
      to zones are managed identically, but the non-authoritative or
      cache tree has different management procedures.


Mockapetris                                                    [Page 33]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


      Data stored in the database can be kept in whatever form is
      convenient for the name server, so long as it can be transformed
      back into the format needed for messages.  In particular, the
      database will probably use structure in place of expanded domain
      names, and will also convert many of the time intervals used in
      the domain systems to absolute local times.

      Each tree corresponding to a zone has complete information for a
      "pruned" subtree of the domain space.  The top node of a zone has
      a SOA record that marks the start of the zone.  The bottom edge of
      the zone is delimited by nodes containing NS records signifying
      delegation of authority to other zones, or by leaves of the domain
      tree.  When a name server contains abutting zones, one tree will
      have a bottom node containing a NS record, and the other tree will
      begin with a tree location containing a SOA record.

      Note that there is one special case that requires consideration
      when a name server is implemented.  A node that contains a SOA RR
      denoting a start of zone will also have NS records that identify
      the name servers that are expected to have a copy of the zone.
      Thus a name server will usually find itself (and possibly other
      redundant name servers) referred to in NS records occupying the
      same position in the tree as SOA records.  The solution to this
      problem is to never interpret a NS record as delimiting a zone
      started by a SOA at the same point in the tree.  (The sample
      programs in this memo deal with this problem by processing SOA
      records only after NS records have been processed.)

      Zones may also overlap a particular part of the name space when
      they are of different classes.

      Other than the abutting and separate class cases, trees are always
      expected to be disjoint.  Overlapping zones are regarded as a
      non-fatal error.  The scheme described in this memo avoids the
      overlap issue by maintaining separate trees; other designs must
      take the appropriate measures to defend against possible overlap.

      Non-authoritative data is maintained in a separate tree.  This
      tree is unlike the zone trees in that it may have "holes".  Each
      RR in the cache tree has its own TTL that is separately managed.
      The data in this tree is never used if authoritative data is
      available from a zone tree; this avoids potential problems due to
      cached data that conflicts with authoritative data.

      The shared database will also contain data structures to support
      the processing of inverse queries and completion queries if the
      local system supports these optional features.  Although many
      schemes are possible, this memo describes a scheme that is based
      on tables of pointers that invert the database according to key.


Mockapetris                                                    [Page 34]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


      Each kind of retrieval has a separate set of tables, with one
      table per zone.  When a zone is updated, these tables must also be
      updated.  The contents of these tables are discussed in the
      "Inverse query processing" and "Completion query processing"
      sections of this memo.

      The database implementation described here includes two locks that
      are used to control concurrent access and modification of the
      database by name server query processing, name server maintenance
      operations, and resolver access:

         The first lock ("main lock") controls access to all of the
         trees.  Multiple concurrent reads are allowed, but write access
         can only be acquired by a single process.  Read and write
         access are mutually exclusive.  Resolvers and name server
         processes that answer queries acquire this lock in read mode,
         and unlock upon completion of the current message.  This lock
         is acquired in write mode by a name server maintenance process
         when it is about to change data in the shared database.  The
         actual update procedures are described under "NAME SERVER
         MAINTENANCE" but are designed to be brief.

         The second lock ("cache queue lock") controls access to the
         cache queue.  This queue is used by a resolver that wishes to
         add information to the cache tree.  The resolver acquires this
         lock, then places the RRs to be cached into the queue.  The
         name server maintenance procedure periodically acquires this
         lock and adds the queue information to the cache.  The
         rationale for this procedure is that it allows the resolver to
         operate with read-only access to the shared database, and
         allows the update process to batch cache additions and the
         associated costs for inversion calculations.  The name server
         maintenance procedure must take appropriate precautions to
         avoid problems with data already in the cache, inversions, etc.

      This organization solves several difficulties:

         When searching the domain space for the answer to a query, a
         name server can restrict its search for authoritative data to
         that tree that matches the most labels on the right side of the
         domain name of interest.

         Since updates to a zone must be atomic with respect to
         searches, maintenance operations can simply acquire the main
         lock, insert a new copy of a particular zone without disturbing
         other zones, and then release the storage used by the old copy.
         Assuming a central table pointing to valid zone trees, this
         operation can be a simple pointer swap.



Mockapetris                                                    [Page 35]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


         TTL management of zones can be performed using the SOA record
         for the zone.  This avoids potential difficulties if individual
         RRs in a zone could be timed out separately.  This issue is
         discussed further in the maintenance section.

   Query processing

      The following algorithm outlines processing that takes place at a
      name server when a query arrives:

      1. Search the list of zones to find zones which have the same
         class as the QCLASS field in the query and have a top domain
         name that matches the right end of the QNAME field.  If there
         are none, go to step 2.  If there are more than one, pick the
         zone that has the longest match and go to step 3.

      2. Since the zone search failed, the only possible RRs are
         contained in the non-authoritative tree.  Search the cache tree
         for the NS record that has the same class as the QCLASS field
         and the largest right end match for domain name.  Add the NS
         record or records to the authority section of the response.  If
         the cache tree has RRs that are pertinent to the question
         (domain names match, classes agree, not timed-out, and the type
         field is relevant to the QTYPE), copy these RRs into the answer
         section of the response.  The name server may also search the
         cache queue.  Go to step 4.

      3. Since this zone is the best match, the zone in which QNAME
         resides is either this zone or a zone to which this zone will
         directly or indirectly delegate authority.  Search down the
         tree looking for a NS RR or the node specified by QNAME.

            If the node exists and has no NS record, copy the relevant
            RRs to the answer section of the response and go to step 4.

            If a NS RR is found, either matching a part or all of QNAME,
            then QNAME is in a delegated zone outside of this zone.  If
            so, copy the NS record or records into the authority section
            of the response, and search the remainder of the zone for an
            A type record corresponding to the NS reference.  If the A
            record is found, add it to the additional section.  Go to
            step 2.

            If the node is not found and a NS is not found, there is no
            such name; set the Name error bit in the response and exit.

      4. When this step is reached, the answer and authority sections
         are complete.  What remains is to complete the additional
         section.  This procedure is only possible if the name server


Mockapetris                                                    [Page 36]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


         knows the data formats implied by the class of records in the
         answer and authority sections.  Hence this procedure is class
         dependent.  Appendix 3 discusses this procedure for Internet
         class data.

      While this algorithm deals with typical queries and databases,
      several additions are required that will depend on the database
      supported by the name server:

      QCLASS=*

         Special procedures are required when the QCLASS of the query is
         "*".  If the database contains several classes of data, the
         query processing steps above are performed separately for each
         CLASS, and the results are merged into a single response.  The
         name error condition is not meaningful for a QCLASS=* query.
         If the requestor wants this information, it must test each
         class independently.

         If the database is limited to data of a particular class, this
         operation can be performed by simply reseting the authoritative
         bit in the response, and performing the query as if QCLASS was
         the class used in the database.

      * labels in database RRs

         Some zones will contain default RRs that use * to match in
         cases where the search fails for a particular domain name.  If
         the database contains these records then a failure must be
         retried using * in place of one or more labels of the search
         key.  The procedure is to replace labels from the left with
         "*"s looking for a match until either all labels have been
         replaced, or a match is found.  Note that these records can
         never be the result of caching, so a name server can omit this
         processing for zones that don't contain RRs with * in labels,
         or can omit this processing entirely if * never appears in
         local authoritative data.

   Inverse query processing

      Name servers that support inverse queries can support these
      operations through exhaustive searches of their databases, but
      this becomes impractical as the size of the database increases.
      An alternative approach is to invert the database according to the
      search key.

      For name servers that support multiple zones and a large amount of
      data, the recommended approach is separate inversions for each



Mockapetris                                                    [Page 37]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


      zone.  When a particular zone is changed during a refresh, only
      its inversions need to be redone.

      Support for transfer of this type of inversion may be included in
      future versions of the domain system, but is not supported in this
      version.

   Completion query processing

      Completion query processing shares many of the same problems in
      data structure design as are found in inverse queries, but is
      different due to the expected high rate of use of top level labels
      (ie., ARPA, CSNET).  A name server that wishes to be efficient in
      its use of memory may well choose to invert only occurrences of
      ARPA, etc. that are below the top level, and use a search for the
      rare case that top level labels are used to constrain a
      completion.


































Mockapetris                                                    [Page 38]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


NAME SERVER MAINTENANCE

   Introduction

      Name servers perform maintenance operations on their databases to
      insure that the data they distribute is accurate and timely.  The
      amount and complexity of the maintenance operations that a name
      server must perform are related to the size, change rate, and
      complexity of the database that the name server manages.

      Maintenance operations are fundamentally different for
      authoritative and non-authoritative data.  A name server actively
      attempts to insure the accuracy and timeliness of authoritative
      data by refreshing the data from master copies.  Non-authoritative
      data is merely purged when its time-to-live expires; the name
      server does not attempt to refresh it.

      Although the refreshing scheme is fairly simple to implement, it
      is somewhat less powerful than schemes used in other distributed
      database systems.  In particular, an update to the master does not
      immediately update copies, and should be viewed as gradually
      percolating though the distributed database.  This is adequate for
      the vast majority of applications.  In situations where timliness
      is critical, the master name server can prohibit caching of copies
      or assign short timeouts to copies.

   Conceptual model of maintenance operations

      The vast majority of information in the domain system is derived
      from master files scattered among hosts that implement name
      servers; some name servers will have no master files, other name
      servers will have one or more master files.  Each master file
      contains the master data for a single zone of authority rather
      than data for the whole domain name space.  The administrator of a
      particular zone controls that zone by updating its master file.

      Master files and zone copies from remote servers may include RRs
      that are outside of the zone of authority when a NS record
      delegates authority to a domain name that is a descendant of the
      domain name at which authority is delegated.  These forward
      references are a problem because there is no reasonable method to
      guarantee that the A type records for the delegatee are available
      unless they can somehow be attached to the NS records.

      For example, suppose the ARPA zone delegates authority at
      MIT.ARPA, and states that the name server is on AI.MIT.ARPA.  If a
      resolver gets the NS record but not the A type record for
      AI.MIT.ARPA, it might try to ask the MIT name server for the
      address of AI.MIT.ARPA.


Mockapetris                                                    [Page 39]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


      The solution is to allow type A records that are outside of the
      zone of authority to be copied with the zone.  While these records
      won't be found in a search for the A type record itself, they can
      be protected by the zone refreshing system, and will be passed
      back whenever the name server passes back a referral to the
      corresponding NS record.  If a query is received for the A record,
      the name server will pass back a referral to the name server with
      the A record in the additional section, rather than answer
      section.

      The only exception to the use of master files is a small amount of
      data stored in boot files.  Boot file data is used by name servers
      to provide enough resource records to allow zones to be imported
      from foreign servers (e.g. the address of the server), and to
      establish the name and address of root servers.  Boot file records
      establish the initial contents of the cache tree, and hence can be
      overridden by later loads of authoritative data.

      The data in a master file first becomes available to users of the
      domain name system when it is loaded by the corresponding name
      server.  By definition, data from a master file is authoritative.

      Other name servers which wish to be authoritative for a particular
      zone do so by transferring a copy of the zone from the name server
      which holds the master copy using a virtual circuit.  These copies
      include parameters which specify the conditions under which the
      data in the copy is authoritative.  In the most common case, the
      conditions specify a refresh interval and policies to be followed
      when the refresh operation cannot be performed.

      A name server may acquire multiple zones from different name
      servers and master files, but the name server must maintain each
      zone separately from others and from non-authoritative data.

      When the refresh interval for a particular zone copy expires, the
      name server holding the copy must consult the name server that
      holds the master copy.  If the data in the zone has not changed,
      the master name server instructs the copy name server to reset the
      refresh interval.  If the data has changed, the master passes a
      new copy of the zone and its associated conditions to the copy
      name server.  Following either of these transactions, the copy
      name server begins a new refresh interval.

      Copy name servers must also deal with error conditions under which
      they are unable to communicate with the name server that holds the
      master copy of a particular zone.  The policies that a copy name
      server uses are determined by other parameters in the conditions
      distributed with every copy.  The conditions include a retry
      interval and a maximum holding time.  When a copy name server is


Mockapetris                                                    [Page 40]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


      unable to establish communications with a master or is unable to
      complete the refresh transaction, it must retry the refresh
      operation at the rate specified by the retry interval.  This retry
      interval will usually be substantially shorter than the refresh
      interval.  Retries continue until the maximum holding time is
      reached.  At that time the copy name server must assume that its
      copy of the data for the zone in question is no longer
      authoritative.

      Queries must be processed while maintenance operations are in
      progress because a zone transfer can take a long time.  However,
      to avoid problems caused by access to partial databases, the
      maintenance operations create new copies of data rather than
      directly modifying the old copies.  When the new copy is complete,
      the maintenance process locks out queries for a short time using
      the main lock, and switches pointers to replace the old data with
      the new.  After the pointers are swapped, the maintenance process
      unlocks the main lock and reclaims the storage used by the old
      copy.

   Name server data structures and top level logic

      The name server must multiplex its attention between multiple
      activities.  For example, a name server should be able to answer
      queries while it is also performing refresh activities for a
      particular zone.  While it is possible to design a name server
      that devotes a separate process to each query and refresh activity
      in progress, the model described in this memo is based on the
      assumption that there is a single process performing all
      maintenance operations, and one or more processes devoted to
      handling queries.  The model also assumes the existence of shared
      memory for several control structures, the domain database, locks,
      etc.

      The model name server uses the following files and shared data
      structures:

         1. A configuration file that describes the master and boot
            files which the name server should load and the zones that
            the name server should attempt to load from foreign name
            servers.  This file establishes the initial contents of the
            status table.

         2. Domain data files that contain master and boot data to be
            loaded.

         3. A status table that is derived from the configuration file.
            Each entry in this table describes a source of data.  Each
            entry has a zone number.  The zone number is zero for


Mockapetris                                                    [Page 41]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


            non-authoritative sources; authoritative sources are
            assigned separate non-zero numbers.

         4. The shared database that holds the domain data.  This
            database is assumed to be organized in some sort of tree
            structure paralleling the domain name space, with a list of
            resource records attached to each node and leaf in the tree.
            The elements of the resource record list need not contain
            the exact data present in the corresponding output format,
            but must contain data sufficient to create the output
            format; for example, these records need not contain the
            domain name that is associated with the resource because
            that name can be derived from the tree structure.  Each
            resource record also internal data that the name server uses
            to organize its data.

         5. Inversion data structures that allow the name server to
            process inverse queries and completion queries.  Although
            many structures could be used, the implementation described
            in this memo supposes that there is one array for every
            inversion that the name server can handle.  Each array
            contains a list of pointers to resource records such that
            the order of the inverted quantities is sorted.

         6. The main and cache queue locks

         7. The cache queue

      The maintenance process begins by loading the status table from
      the configuration file.  It then periodically checks each entry,
      to see if its refresh interval has elapsed.  If not, it goes on to
      the next entry.  If so, it performs different operations depending
      on the entry:

         If the entry is for zone 0, or the cache tree, the maintenance
         process checks to see if additions or deletions are required.
         Additions are acquired from the cache queue using the cache
         queue lock.  Deletions are detected using TTL checks.  If any
         changes are required, the maintenance process recalculates
         inversion data structures and then alters the cache tree under
         the protection of the main lock.  Whenever the maintenance
         process modifies the cache tree, it resets the refresh interval
         to the minimum of the contained TTLs and the desired time
         interval for cache additions.

         If the entry is not zone 0, and the entry refers to a local
         file, the maintenance process checks to see if the file has
         been modified since its last load.  If so the file is reloaded
         using the procedures specified under "Name server file


Mockapetris                                                    [Page 42]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


         loading".  The refresh interval is reset to that specified in
         the SOA record if the file is a master file.

         If the entry is for a remote master file, the maintenance
         process checks for a new version using the procedure described
         in "Names server remote zone transfer".

   Name server file loading

      Master files are kept in text form for ease of editing by system
      maintainers.  These files are not exchanged by name servers; name
      servers use the standard message format when transferring zones.

      Organizations that want to have a domain, but do not want to run a
      name server, can use these files to supply a domain definition to
      another organization that will run a name server for them.  For
      example, if organization X wants a domain but not a name server,
      it can find another organization, Y, that has a name server and is
      willing to provide service for X.  Organization X defines domain X
      via the master file format and ships a copy of the master file to
      organization Y via mail, FTP, or some other method.  A system
      administrator at Y configures Y's name server to read in X's file
      and hence support the X domain.  X can maintain the master file
      using a text editor and send new versions to Y for installation.

      These files have a simple line-oriented format, with one RR per
      line.  Fields are separated by any combination of blanks and tab
      characters.  Tabs are treated the same as spaces; in the following
      discussion the term "blank" means either a tab or a blank.  A line
      can be either blank (and ignored), a RR, or a $INCLUDE line.

      If a RR line starts with a domain name, that domain name is used
      to specify the location in the domain space for the record, i.e.
      the owner.  If a RR line starts with a blank, it is loaded into
      the location specified by the most recent location specifier.

      The location specifiers are assumed to be relative to some origin
      that is provided by the user of a file unless the location
      specifier contains the root label.  This provides a convenient
      shorthand notation, and can also be used to prevent errors in
      master files from propagating into other zones.  This feature is
      particularly useful for master files imported from other sites.

      An include line begins with $INCLUDE, starting at the first line
      position, and is followed by a local file name and an optional
      offset modifier.  The filename follows the appropriate local
      conventions.  The offset is one or more labels that are added to
      the offset in use for the file that contained the $INCLUDE.  If
      the offset is omitted, the included file is loaded using the


Mockapetris                                                    [Page 43]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


      offset of the file that contained the $INCLUDE command.  For
      example, a file being loaded at offset ARPA might contain the
      following lines:

                $INCLUDE isi.data ISI           
                $INCLUDE addresses.data         

      The first line would be interpreted to direct loading of the file
      isi.data at offset ISI.ARPA.  The second line would be
      interpreted as a request to load data at offset ARPA.

      Note that $INCLUDE commands do not cause data to be loaded into a
      different zone or tree; they are simply ways to allow data for a
      given zone to be organized in separate files.  For example,
      mailbox data might be kept separately from host data using this
      mechanism.

      Resource records are entered as a sequence of fields corresponding
      to the owner name, TTL, CLASS, TYPE and RDATA components.  (Note
      that this order is different from the order used in examples and
      the order used in the actual RRs; the given order allows easier
      parsing and defaulting.)

         The owner name is derived from the location specifier.

         The TTL field is optional, and is expressed as a decimal
         number.  If omitted TTL defaults to zero.

         The CLASS field is also optional; if omitted the CLASS defaults
         to the most recent value of the CLASS field in a previous RR.

         The RDATA fields depend on the CLASS and TYPE of the RR.  In
         general, the fields that make up RDATA are expressed as decimal
         numbers or as domain names.  Some exceptions exist, and are
         documented in the RDATA definitions in Appendicies 2 and 3 of
         this memo.

      Because CLASS and TYPE fields don't contain any common
      identifiers, and because CLASS and TYPE fields are never decimal
      numbers, the parse is always unique.

      Because these files are text files several special encodings are
      necessary to allow arbitrary data to be loaded.  In particular:

         .    A free standing dot is used to refer to the current domain
              name.

         @    A free standing @ is used to denote the current origin.



Mockapetris                                                    [Page 44]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


         ..   Two free standing dots represent the null domain name of
              the root.

         \X   where X is any character other than a digit (0-9), is used
              to quote that character so that its special meaning does
              not apply.  For example, "\." can be used to place a dot
              character in a label.

         \DDD where each D is a digit is the octet corresponding to the
              decimal number described by DDD.  The resulting octet is
              assumed to be text and is not checked for special meaning.

         ( )  Parentheses are used to group data that crosses a line
              boundary.  In effect, line terminations are not recognized
              within parentheses.

         ;    Semicolon is used to start a comment; the remainder of the
              line is ignored.

   Name server file loading example

      A name server for F.ISI.ARPA , serving as an authority for the
      ARPA and ISI.ARPA domains, might use a boot file and two master
      files.  The boot file initializes some non-authoritative data, and
      would be loaded without an origin:

    ..              9999999 IN      NS      B.ISI.ARPA               
                    9999999 CS      NS      UDEL.CSNET               
    B.ISI.ARPA      9999999 IN      A       10.3.0.52                
    UDEL.CSNET      9999999 CS      A       302-555-0000             

      This file loads non-authoritative data which provides the
      identities and addresses of root name servers.  The first line
      contains a NS RR which is loaded at the root; the second line
      starts with a blank, and is loaded at the most recent location
      specifier, in this case the root; the third and fourth lines load
      RRs at B.ISI.ARPA and UDEL.CSNET, respectively.  The timeouts are
      set to high values (9999999) to prevent this data from being
      discarded due to timeout.

      The first master file loads authoritative data for the ARPA
      domain.  This file is designed to be loaded with an origin of
      ARPA, which allows the location specifiers to omit the trailing
      .ARPA labels.







Mockapetris                                                    [Page 45]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


    @   IN  SOA     F.ISI.ARPA       Action.E.ISI.ARPA (             
                                     20     ; SERIAL                 
                                     3600   ; REFRESH                
                                     600    ; RETRY                  
                                     3600000; EXPIRE                 
                                     60)    ; MINIMUM                
            NS      F.ISI.ARPA ; F.ISI.ARPA is a name server for ARPA
            NS      A.ISI.ARPA ; A.ISI.ARPA is a name server for ARPA
    MIT     NS      AI.MIT.ARPA; delegation to MIT name server       
    ISI     NS      F.ISI.ARPA ; delegation to ISI name server       

    UDEL    MD      UDEL.ARPA                                        
            A       10.0.0.96                                        
    NBS     MD      NBS.ARPA                                         
            A       10.0.0.19                                        
    DTI     MD      DTI.ARPA                                         
            A       10.0.0.12                                        

    AI.MIT  A       10.2.0.6                                         
    F.ISI   A       10.2.0.52                                        

      The first group of lines contains the SOA record and its
      parameters, and identifies name servers for this zone and for
      delegated zones.  The Action.E.ISI.ARPA field is a mailbox
      specification for the responsible person for the zone, and is the
      domain name encoding of the mail destination Action@E.ISI.ARPA.
      The second group specifies data for domain names within this zone.
      The last group has forward references for name server address
      resolution for  AI.MIT.ARPA and F.ISI.ARPA.  This data is not
      technically within the zone, and will only be used for additional
      record resolution for NS records used in referrals.  However, this
      data is protected by the zone timeouts in the SOA, so it will
      persist as long as the NS references persist.

      The second master file defines the ISI.ARPA environment, and is
      loaded with an origin of ISI.ARPA:

    @   IN  SOA     F.ISI.ARPA      Action\.ISI.E.ISI.ARPA (         
                                     20     ; SERIAL                 
                                     7200   ; REFRESH                
                                     600    ; RETRY                  
                                     3600000; EXPIRE                 
                                     60)    ; MINIMUM                
            NS      F.ISI.ARPA ; F.ISI.ARPA is a name server         
    A       A       10.1.0.32                                        
            MD      A.ISI.ARPA                                       
            MF      F.ISI.ARPA                                       
    B       A       10.3.0.52                                        
            MD      B.ISI.ARPA                                       


Mockapetris                                                    [Page 46]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


            MF      F.ISI.ARPA                                       
    F       A       10.2.0.52                                        
            MD      F.ISI.ARPA                                       
            MF      A.ISI.ARPA                                       
    $INCLUDE ISI-MAILBOXES.TXT                               

      Where the file ISI-MAILBOXES.TXT is:

    MOE     MB      F.ISI.ARPA                                       
    LARRY   MB      A.ISI.ARPA                                       
    CURLEY  MB      B.ISI.ARPA                                       
    STOOGES MB      B.ISI.ARPA                                       
            MG      MOE.ISI.ARPA                                     
            MG      LARRY.ISI.ARPA                                   
            MG      CURLEY.ISI.ARPA                                  

      Note the use of the \ character in the SOA RR to specify the
      responsible person mailbox "Action.ISI@E.ISI.ARPA".

   Name server remote zone transfer

      When a name server needs to make an initial copy of a zone or test
      to see if a existing zone copy should be refreshed, it begins by
      attempting to open a virtual circuit to the foreign name server.

      If this open attempt fails, and this was an initial load attempt,
      it schedules a retry and exits.  If this was a refresh operation,
      the name server tests the status table to see if the maximum
      holding time derived from the SOA EXPIRE field has elapsed.  If
      not, the name server schedules a retry.  If the maximum holding
      time has expired, the name server invalidates the zone in the
      status table, and scans all resource records tagged with this zone
      number.  For each record it decrements TTL fields by the length of
      time since the data was last refreshed.  If the new TTL value is
      negative, the record is deleted.  If the TTL value is still
      positive, it moves the RR to the cache tree and schedules a retry.

      If the open attempt succeeds, the name server sends a query to the
      foreign name server in which QTYPE=SOA, QCLASS is set according to
      the status table information from the configuration file, and
      QNAME is set to the domain name of the zone of interest.

      The foreign name server will return either a SOA record indicating
      that it has the zone or an error.  If an error is detected, the
      virtual circuit is closed, and the failure is treated in the same
      way as if the open attempt failed.

      If the SOA record is returned and this was a refresh, rather than
      an initial load of the zone, the name server compares the SERIAL


Mockapetris                                                    [Page 47]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


      field in the new SOA record with the SERIAL field in the SOA
      record of the existing zone copy.  If these values match, the zone
      has not been updated since the last copy and hence there is no
      reason to recopy the zone.  In this case the name server resets
      the times in the existing SOA record and closes the virtual
      circuit to complete the operation.

      If this is initial load, or the SERIAL fields were different, the
      name server requests a copy of the zone by sending the foreign
      name server an AXFR query which specifies the zone by its QCLASS
      and QNAME fields.

      When the foreign name server receives the AXFR request, it sends
      each node from the zone to the requestor in a separate message.
      It begins with the node that contains the SOA record, walks the
      tree in breadth-first order, and completes the transfer by
      resending the node containing the SOA record.

      Several error conditions are possible:

         If the AXFR request cannot be matched to a SOA, the foreign
         name server will return a single message in response that does
         not contain the AXFR request.  (The normal SOA query preceding
         the AXFR is designed to avoid this condition, but it is still
         possible.)

         The foreign name server can detect an internal error or detect
         some other condition (e.g. system going down, out of resources,
         etc.) that forces the transfer to be aborted.  If so, it sends
         a message with the "Server failure" condition set.  If the AXFR
         can be immediately retried with some chance of success, it
         leaves the virtual open; otherwise it initiates a close.

         If the foreign name server doesn't wish to perform the
         operation for policy reasons (i.e. the system administrator
         wishes to forbid zone copies), the foreign server returns a
         "Refused" condition.

      The requestor receives these records and builds a new tree.  This
      tree is not yet in the status table, so its data are not used to
      process queries.  The old copy of the zone, if any, may be used to
      satisfy request while the transfer is in progress.

      When the requestor receives the second copy of the SOA node, it
      compares the SERIAL field in the first copy of the SOA against the
      SERIAL field in the last copy of the SOA record.  If these don't
      match, the foreign server updated its zone while the transfer was
      in progress.  In this case the requestor repeats the AXFR request
      to acquire the newer version.


Mockapetris                                                    [Page 48]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


      If the AXFR transfer eventually succeeds, the name server closes
      the virtual circuit and and creates new versions of inversion data
      structures for this zone.  When this operation is complete, the
      name server acquires the main lock in write mode and then replaces
      any old copy of the zone and inversion data structures with new
      ones.  The name server then releases the main lock, and can
      reclaim the storage used by the old copy.

      If an error occurs during the AXFR transfer, the name server can
      copy any partial information into its cache tree if it wishes,
      although it will not normally do so if the zone transfer was a
      refresh rather than an initial load.







































Mockapetris                                                    [Page 49]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


RESOLVER ALGORITHMS

   Operations

      Resolvers have a great deal of latitude in the semantics they
      allow in user calls.  For example, a resolver might support
      different user calls that specify whether the returned information
      must be from and authoritative name server or not.  Resolvers are
      also responsible for enforcement of any local restrictions on
      access, etc.

      In any case, the resolver will transform the user query into a
      number of shared database accesses and queries to remote name
      servers.  When a user requests a resource associated with a
      particular domain name, the resolver will execute the following
      steps:

      1. The resolver first checks the local shared database, if any,
         for the desired information.  If found, it checks the
         applicable timeout.  If the timeout check succeeds, the
         information is used to satisfy the user request.  If not, the
         resolver goes to step 2.

      2. In this step, the resolver consults the shared database for the
         name server that most closely matches the domain name in the
         user query.  Multiple redundant name servers may be found.  The
         resolver goes to step 3.

      3. In this step the resolver chooses one of the available name
         servers and sends off a query.  If the query fails, it tries
         another name server.  If all fail, an error indication is
         returned to the user.  If a reply is received the resolver adds
         the returned RRs to its database and goes to step 4.

      4. In this step, the resolver interprets the reply.  If the reply
         contains the desired information, the resolver returns the
         information to the user.  The the reply indicates that the
         domain name in the user query doesn't exist, then the resolver
         returns an error to the user.  If the reply contains a
         transient name server failure, the resolver can either wait and
         retry the query or go back to step 3 and try a different name
         server.  If the reply doesn't contain the desired information,
         but does contain a pointer to a closer name server, the
         resolver returns to step 2, where the closer name servers will
         be queried.

      Several modifications to this algorithm are possible.  A resolver
      may not support a local cache and instead only cache information
      during the course of a single user request, discarding it upon


Mockapetris                                                    [Page 50]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


      completion.  The resolver may also find that a datagram reply was
      truncated, and open a virtual circuit so that the complete reply
      can be recovered.

      Inverse and completion queries must be treated in an
      environment-sensitive manner, because the domain system doesn't
      provide a method for guaranteeing that it can locate the correct
      information.  The typical choice will be to configure a resolver
      to use a particular set of known name servers for inverse queries.










































Mockapetris                                                    [Page 51]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


DOMAIN SUPPORT FOR MAIL

   Introduction

      Mail service is a particularly sensitive issue for users of the
      domain system because of the lack of a consistent system for
      naming mailboxes and even hosts, and the need to support continued
      operation of existing services.  This section discusses an
      evolutionary approach for adding consistent domain name support
      for mail.

      The crucial issue is deciding on the types of binding to be
      supported.  Most mail systems specify a mail destination with a
      two part construct such as X@Y.  The left hand side, X, is an
      string, often a user or account, and Y is a string, often a host.
      This section refers to the part on the left, i.e. X, as the local
      part, and refers to the part on the right, i.e. Y, as the global
      part.

      Most existing mail systems route mail based on the global part; a
      mailer with mail to deliver to X@Y will decide on the host to be
      contacted using only Y.  We refer to this type of binding as
      "agent binding".

         For example, mail addressed to Mockapetris@ISIF is delivered to
         host USC-ISIF (USC-ISIF is the official name for the host
         specified by nickname ISIF).

      More sophisticated mail systems use both the local and global
      parts, i.e. both X and Y to determine which host should receive
      the mail.  These more sophisticated systems usually separate the
      binding of the destination to the host from the actual delivery.
      This allows the global part to be a generic name rather than
      constraining it to a single host.  We refer to this type of
      binding as "mailbox binding".

         For example, mail addressed to Mockapetris@ISI might be bound
         to host F.ISI.ARPA, and subsequently delivered to that host,
         while mail for Cohen@ISI might be bound to host B.ISI.ARPA.

      The domain support for mail consists of two levels of support,
      corresponding to these two binding models.

         The first level, agent binding, is compatible with existing
         ARPA Internet mail procedures and uses maps a global part onto
         one or more hosts that will accept the mail.  This type of
         binding uses the MAILA QTYPE.

         The second level, mailbox binding, offers extended services


Mockapetris                                                    [Page 52]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


         that map a local part and a global part onto one or more sets
         of data via the MAILB QTYPE.  The sets of data include hosts
         that will accept the mail, mailing list members  (mail groups),
         and mailboxes for reporting errors or requests to change a mail
         group.

      The domain system encodes the global part of a mail destination as
      a domain name and uses dots in the global part to separate labels
      in the encoded domain name.  The domain system encodes the local
      part of a mail destination as a single label, and any dots in this
      part are simply copied into the label.  The domain system forms a
      complete mail destination as the local label concatenated to the
      domain string for the global part.  We call this a mailbox.

         For example, the mailbox Mockapetris@F.ISI.ARPA has a global
         domain name of three labels, F.ISI.ARPA.  The domain name
         encoding for the whole mailbox is Mockapetris.F.ISI.ARPA.  The
         mailbox Mockapetris.cad@F.ISI.ARPA has the same domain name for
         the global part and a 4 label domain name for the mailbox of
         Mockapetris\.cad.F.ISI.ARPA (the \ is not stored in the label,
         its merely used to denote the "quoted" dot).

      It is anticipated that the Internet system will adopt agent
      binding as part of the initial implementation of the domain
      system, and that mailbox binding will eventually become the
      preferred style as organizations convert their mail systems to the
      new style.  To facilitate this approach, the domain information
      for these two binding styles is organized to allow a requestor to
      determine which types of support are available, and the
      information is kept in two disjoint classes.

   Agent binding

      In agent binding, a mail system uses the global part of the mail
      destination as a domain name, with dots denoting structure.  The
      domain name is resolved using a MAILA query which return MF and MD
      RRs to specify the domain name of the appropriate host to receive
      the mail.  MD (Mail delivery) RRs specify hosts that are expected
      to have the mailbox in question; MF (Mail forwarding) RRs specify
      hosts that are expected to be intermediaries willing to accept the
      mail for eventual forwarding.  The hosts are hints, rather than
      definite answers, since the query is made without the full mail
      destination specification.

      For example, mail for MOCKAPETRIS@F.ISI.ARPA would result in a
      query with QTYPE=MAILA and QNAME=F.ISI.ARPA, which might return
      two RRs:




Mockapetris                                                    [Page 53]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


                      F.ISI.ARPA MD IN F.ISI.ARPA
                      F.ISI.ARPA MF IN A.ISI.ARPA

      The mailer would interpret these to mean that the mail agent on
      F.ISI.ARPA should be able to deliver the mail directly, but that
      A.ISI.ARPA is willing to accept the mail for probable forwarding.

      Using this system, an organization could implement a system that
      uses organization names for global parts, rather than the usual
      host names, but all mail for the organization would be routed the
      same, regardless of its local part.  Hence and organization with
      many hosts would expect to see many forwarding operations.

   Mailbox binding

      In mailbox binding, the mailer uses the entire mail destination
      specification to construct a domain name.  The encoded domain name
      for the mailbox is used as the QNAME field in a QTYPE=MAILB query.

      Several outcomes are possible for this query:

      1. The query can return a name error indicating that the mailbox
         does not exist as a domain name.

         In the long term this would indicate that the specified mailbox
         doesn't exist.  However, until the use of mailbox binding is
         universal, this error condition should be interpreted to mean
         that the organization identified by the global part does not
         support mailbox binding.  The appropriate procedure is to
         revert to agent binding at this point.

      2. The query can return a Mail Rename (MR) RR.

         The MR RR carries new mailbox specification in its RDATA field.
         The mailer should replace the old mailbox with the new one and
         retry the operation.

      3. The query can return a MB RR.

         The MB RR carries a domain name for a host in its RDATA field.
         The mailer should deliver the message to that host via whatever
         protocol is applicable, e.g. SMTP.

      4. The query can return one or more Mail Group (MG) RRs.

         This condition means that the mailbox was actually a mailing
         list or mail group, rather than a single mailbox.  Each MG RR
         has a RDATA field that identifies a mailbox that is a member of



Mockapetris                                                    [Page 54]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


         the group.  The mailer should deliver a copy of the message to
         each member.

      5. The query can return a MB RR as well as one or more MG RRs.

         This condition means the the mailbox was actually a mailing
         list.  The mailer can either deliver the message to the host
         specified by the MB RR, which will in turn do the delivery to
         all members, or the mailer can use the MG RRs to do the
         expansion itself.

      In any of these cases, the response may include a Mail Information
      (MINFO) RR.  This RR is usually associated with a mail group, but
      is legal with a MB.  The MINFO RR identifies two mailboxes.  One
      of these identifies a responsible person for the original mailbox
      name.  This mailbox should be used for requests to be added to a
      mail group, etc.  The second mailbox name in the MINFO RR
      identifies a mailbox that should receive error messages for mail
      failures.  This is particularly appropriate for mailing lists when
      errors in member names should be reported to a person other than
      the one who sends a message to the list.  New fields may be added
      to this RR in the future.





























Mockapetris                                                    [Page 55]


RFC 883                                                    November 1983
                         Domain Names - Implementation and Specification


Appendix 1 - Domain Name Syntax Specification

   The preferred syntax of domain names is given by the following BNF
   rules.  Adherence to this syntax will result in fewer problems with
   many applications that use domain names (e.g., mail, TELNET).  Note
   that some applications use domain names containing binary information
   and hence do not follow this syntax.

       ::=   | " "

       ::=  

 

RFC, FYI, BCP