draft DNS Resolver MIB June 93 DNS Resolver MIB Extensions 10-June-1993 DNS Working Group Rob Austein Epilogue Technology Corporation sra@epilogue.com Jon Saperia Digital Equipment Corporation saperia@tay.dec.com Status of this Memo This document is an Internet Draft. Internet Drafts are working documents of the Internet Engineering Task Force (IETF), its Areas, and its Working Groups. Note that other groups may also distribute working documents as Internet Drafts. Internet Drafts are valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet Drafts as reference material or to cite them other than as a "work in progress". Please check the id-abstracts.txt listing contained in the internet-drafts Shadow Directories on the nic.ddn.mil, nnsc.nsf.net, nic.nordu.net, ftp.nisc.sri.com, or munnari.oz.au to learn the current status of any Internet Draft. This document will be submitted to the Internet Architecture Board as a Proposed Standard. This document defines and experimental extension to the SNMP MIB. Upon publication as a Proposed Standard, a new MIB number will be assigned. This is a working document only, it should neither be cited nor quoted Expires December 10,1993 [Page 1] draft DNS Resolver MIB June 93 in a formal document. This document will expire before 10 December 1993. Distribution of this document is unlimited. Please send comments to the authors. Expires December 10,1993 [Page 2] draft DNS Resolver MIB June 93 1. Introduction This memo defines a set of extensions that have been created for the Internet MIB which instrument DNS Resolver Functions and was produced by the DNS working group. This memo does not specify a standard for the Internet community. With the adoption of The Simple Network Management Protocol (RFC 1157), the Management Information Base for network management of TCP/IP-based internets (RFC 1213), and the Structure of Management Information (RFC 1155) by the Internet, and a large number of vendor implementations of these standards in commercially available products, it became possible to provide a higher level of effective network management in TCP/IP-based internets than previously available. With the growth in the use of these standards, it has become possible to consider the management of other elements of the infrastructure beyond the basic TCP/IP protocols. A key element of the TCP/IP infrastructure is the DNS. Up to this point there has been no mechanism to integrate the management of the DNS with SNMP-based managers. This memo provides the mechanisms by which IP-based management stations can effectively manage DNS resolver software in an integrated fashion through the use of the standard Internet SMI, MIB and Simple Network Management Protocol. New DNS MIB objects have been defined to be used in conjunction with the Internet MIB to allow access and control of the DNS resolver software via SNMP by the Internet community. Expires December 10,1993 [Page 3] draft DNS Resolver MIB June 93 2. The Network Management Framework The Internet-standard Network Management Framework consists of four components. They are: o RFC 1155 which defines the SMI, the mechanisms used for describing and naming objects for the purpose of management. RFC 1212 defines a more concise description mechanism, which is wholly consistent with the SMI. o RFC 1213 defines MIB-II, the core set of managed objects for the Internet suite of protocols. o RFC 1157 which defines the SNMP, the protocol used for network access to managed objects. The Framework permits new objects to be defined for the purpose of experimentation and evaluation. 2.1. Object Definitions Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. Objects in the MIB are defined using the subset of Abstract Syntax Notation One (ASN.1) defined in the SMI. In particular, each object object type is named by an OBJECT IDENTIFIER, an administratively assigned name. The object type together with an object instance serves to uniquely identify a specific instantiation of the object. For human convenience, we often use a textual string, termed the descriptor, to refer to the object type. 2.2. Format of Definitions Section 5 contains the specification of all object types contained in this MIB module. The object types are defined using the conventions defined in the SMI, as amended by the extensions specified in [5,6]. Expires December 10,1993 [Page 4] draft DNS Resolver MIB June 93 3. Overview In theory, the DNS world is pretty simple. There are two kinds of entities: resolvers and name servers. Resolvers ask questions. Name servers answer them. The real world, however, is not so simple. Implementors have made widely differing choices about how to divide DNS functions between resolvers and servers. They have also constructed various sorts of exotic hybrids. The most difficult task in defining this MIB was to accommodate this wide range of entities without having to come up with a separate MIB for each. We divided up the various DNS functions into two, non- overlapping classes, called 'resolver functions' and 'name server functions'. A DNS entity that performs what we define as resolver functions contains a resolver, and therefore must implement the MIB groups required of all resolvers which are defined in this module. Some resolvers also implement 'optional' functions such as a cache. In this example, they will also implement the cache group contained in this MIB. A DNS entity which implements name server functions is considered to be a name server, and must implement the MIB groups required for name servers which are defined in a separate module. If the same piece of software performs both resolver and server functions, we imagine that it contains both a resolver and a server and would thus implement both the DNS Server and DNS Resolver MIBs. In our model, a resolver is a program (or piece thereof) which obtains resource records from servers. Normally it does so at the behest of an application, but may also do so as part of its own operation. A resolver sends DNS protocol queries and receives DNS protocol replies. A resolver neither receives queries nor sends replies. A full service resolver is one that knows how to resolve queries: it obtains the needed resource records by contacting a server authoritative for the records desired. A stub resolver does not know how to resolve queries: it sends all queries to a local name server, setting the recursion desired flag to indicate that it hopes that the name server will be willing resolve the query. A resolver may (optionally) have a cache for remembering previously acquired resource records. It may also have a negative cache for remembering names or data that have been determined not to exist. Expires December 10,1993 [Page 5] draft DNS Resolver MIB June 93 A name server is a program (or piece thereof) that provides resource records to resolvers. All references in this document to 'a name server' imply 'the name server's role'. (In some cases the name server's role and the resolver's role might be combined into a single program.) A name server receives DNS protocol queries and sends DNS protocol replies. A name server neither sends queries nor receives replies. As a consequence, name servers do not have caches. Normally, a name server would expect to receive only those queries to which it could respond with authoritative information. However, if a name server receives a query that it cannot respond to with purely authoritative information, it may choose to try to obtain the necessary additional information from a resolver which may or may not be a separate process. Expires December 10,1993 [Page 6] draft DNS Resolver MIB June 93 4. Selected Objects Many of the objects included in this memo have been created from information contained in the DNS specification. The DNS specification is found in Domain Names - Concepts and Facilities (RFC 1034) and Domain Names - Implementation and Specification (RFC 1035), as amended and clarified by Requirements for Internet Hosts - Application and Support (RFC1123). Additional usage information is found in the Domain Administrators Guide (RFC 1032), and the Domain Administrators Operations Guide (RFC 1033). Other objects have been created based on experience with existing DNS management tools, expected operational need, and the statistics generated by existing DNS implementations. These objects have been ordered into groups as follows: Resolver Configuration Group Resolver Counter Group Resolver Cache Group Resolver Negative Cache Group Resolver Statistics Group Resolver Optional Counter Group Some of the objects defined in this memo have been created from information contained in existing configuration files used by many DNS implementations. This information has been converted into a standard form using the Internet Standard SMI defined in RFC 1155. The object descriptors used in this MIB have been created from a variety of sources. For the most part, the descriptions are influenced by by the DNS related RFCs noted above. For example, the descriptors for counters used for the various types of queries of DNS records are influenced by the definitions used for the various record types found in Domain Names - Implementation and Specification RFC 1035. Expires December 10,1993 [Page 7] draft DNS Resolver MIB June 93 5. Textual Conventions Several datatypes have been introduced as a textual conventions in the DNS Server MIB document and have been imported into this MIB Module. These additions will facilitate the common understanding of information used by the DNS. No changes to the SMI or the SNMP are necessary to support these conventions which are described in the Definitions section. Expires December 10,1993 [Page 8] draft DNS Resolver MIB June 93 6. Definitions RFCxxxx-dnsResMIB DEFINITIONS ::= BEGIN IMPORTS IpAddress, Counter, experimental FROM RFC1155-SMI DisplayString FROM RFC1213-MIB OBJECT-TYPE FROM RFC-1212 dns, DnsDate, DnsName, DnsClass, DnsType, DnsQClass, DnsQType, DnsTime, DnsValid, DnsOpCode, DnsRespCode FROM RFC-xxxx; -- DNS Resolver MIB dnsRes OBJECT IDENTIFIER ::= { dns 2 } -- groups in the dns resolver mib dnsResConfig OBJECT IDENTIFIER ::= { dnsRes 1 } dnsResCounter OBJECT IDENTIFIER ::= { dnsRes 2 } dnsResCache OBJECT IDENTIFIER ::= { dnsRes 3 } dnsResNCache OBJECT IDENTIFIER ::= { dnsRes 4 } dnsResStats OBJECT IDENTIFIER ::= { dnsRes 5 } dnsResOptCounter OBJECT IDENTIFIER ::= { dnsRes 6 } -- Resolver Configuration Group -- The implementation of the Resolver Configuration group is -- mandatory for all systems which implement any resolver software -- functions. dnsResConfigImplementIdent OBJECT-TYPE SYNTAX DisplayString ACCESS read-only STATUS mandatory DESCRIPTION "The implementation identification string for the resolver software in use on the system, for example; RES2.1" Expires December 10,1993 [Page 9] draft DNS Resolver MIB June 93 ::= { dnsResConfig 1 } dnsResConfigService OBJECT-TYPE SYNTAX INTEGER { recursive-only (1), iterative-only (2), recursive-and-iterative (3) } ACCESS read-only STATUS mandatory DESCRIPTION "Kind of DNS resolution service provided. RECURSIVE-ONLY indicates a stub resolver. ITERATIVE-ONLY indicates a normal full service resolver. RECURSIVE-AND-ITERATIVE indicates a full service resolver which performs a mix of recursive and iterative queries." ::= { dnsResConfig 2 } dnsResConfigMaxCnames OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory DESCRIPTION "Limit on how many CNAMEs the resolver should allow before deciding that there's a CNAME loop. Zero means that resolver has no explicit CNAME limit. See RFC 1035 section 7.1 for more information on circular CNAME references." ::= { dnsResConfig 3 } -- DNS Resolver Seat Belt Table dnsResConfigSeatBeltTable OBJECT-TYPE SYNTAX SEQUENCE OF DnsResConfigSeatBeltEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "Table of safety belt information used by the resolver when it hasn't got any better idea of where to send a query, such as when the resolver is booting or is a stub resolver." ::= { dnsResConfig 4 } dnsResConfigSeatBeltEntry OBJECT-TYPE Expires December 10,1993 [Page 10] draft DNS Resolver MIB June 93 SYNTAX DnsResConfigSeatBeltEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "An entry in the resolver's seatbelt table." INDEX { dnsResConfigSeatBeltAddr, dnsResConfigSeatBeltSubTree, dnsResConfigSeatBeltClass } ::= { dnsResConfigSeatBeltTable 1 } DnsResConfigSeatBeltEntry ::= SEQUENCE { dnsResConfigSeatBeltAddr IpAddress, dnsResConfigSeatBeltName DnsName, dnsResConfigSeatBeltRecursion INTEGER, dnsResConfigSeatBeltPref INTEGER, dnsResConfigSeatBeltSubTree DnsName, dnsResConfigSeatBeltClass DnsClass, dnsResConfigSeatBeltFile OCTET STRING, dnsResConfigSeatBeltDate DnsDate, dnsResConfigSeatBeltValid DnsValid } dnsResConfigSeatBeltAddr OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "The IP address of the SeatBelt name server identified by this row of the table." ::= { dnsResConfigSeatBeltEntry 1 } dnsResConfigSeatBeltName OBJECT-TYPE SYNTAX DnsName -- OCTET STRING ACCESS read-only STATUS mandatory DESCRIPTION Expires December 10,1993 [Page 11] draft DNS Resolver MIB June 93 "The DNS name of a SeatBelt nameserver identified by this row of the table. A value of NULL indicates that the name is not known by the resolver." ::= { dnsResConfigSeatBeltEntry 2 } dnsResConfigSeatBeltRecursion OBJECT-TYPE SYNTAX INTEGER { iterative (1), recursive (2), recursive-and-iterative (3) } ACCESS read-only STATUS mandatory DESCRIPTION "Kind of queries resolver will be sending to the server. ITERATIVE indicates that resolver will be directing iterative queries to this name server (RD bit turned off). RECURSIVE indicates that resolver will be directing recursive queries to this name server (RD bit turned on). RECURSIVE-AND-ITERATIVE indicates that the resolver will be directing both recursive and iterative queries to the server identified in this row of the table." ::= { dnsResConfigSeatBeltEntry 3 } dnsResConfigSeatBeltPref OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "This value identifies the preference for the server identified in this row of the table. The lower the value, the more desirable the particular server is considered." ::= { dnsResConfigSeatBeltEntry 4 } dnsResConfigSeatBeltSubTree OBJECT-TYPE SYNTAX DnsName -- OCTET STRING ACCESS read-only STATUS mandatory DESCRIPTION Expires December 10,1993 [Page 12] draft DNS Resolver MIB June 93 "Queries sent to the Seatbelt name server identified by this row of the table are limited to those for names in the name subtree identified by this variable. If no such limitation applies, the value of this variable is the name of THE root domain." ::= { dnsResConfigSeatBeltEntry 5 } dnsResConfigSeatBeltClass OBJECT-TYPE SYNTAX DnsClass -- INTEGER (0..65535) ACCESS read-only STATUS mandatory DESCRIPTION "The class of DNS queries that will be sent to the server identified by this row of the table." ::= { dnsResConfigSeatBeltEntry 6 } dnsResConfigSeatBeltFile OBJECT-TYPE SYNTAX OCTET STRING ACCESS read-only STATUS mandatory DESCRIPTION "The name of the file from which the information in this row of the table was last initialized or updated. The value is the null string if information came from a source other than a configuration file." ::= { dnsResConfigSeatBeltEntry 7 } dnsResConfigSeatBeltDate OBJECT-TYPE SYNTAX DnsDate -- DisplayString ACCESS read-only STATUS mandatory DESCRIPTION "The date and time that the file named by the dnsResConfigSeatBeltFile variable for this row had last been updated at the time that this row was last initialized or updated. The value is the null string if unknown or not applicable because the dnsResConfigSeatBeltFile variable is a null string." ::= { dnsResConfigSeatBeltEntry 8 } dnsResConfigSeatBeltValid OBJECT-TYPE SYNTAX DnsValid ACCESS read-write STATUS mandatory DESCRIPTION Expires December 10,1993 [Page 13] draft DNS Resolver MIB June 93 "Setting this variable to CLEAR deletes this SeatBelt server." ::= { dnsResConfigSeatBeltEntry 9 } -- Resolver Counters Group -- The implementation of the Resolver Counters Group is mandatory for -- all systems which implement resolver functions dnsResCounterUpTime OBJECT-TYPE SYNTAX DnsTime ACCESS read-only STATUS mandatory DESCRIPTION "If the resolver has a persistent state, e.g., a process; this value will be the time elapsed since it started. For software that does not have persistence, this value will be 0." ::= { dnsResCounter 1 } dnsResCounterResetTime OBJECT-TYPE SYNTAX DnsTime ACCESS read-only STATUS mandatory DESCRIPTION "Elapsed time since cache was reloaded." ::= { dnsResCounter 2 } -- Resolver Counter Table dnsResCounterTable OBJECT-TYPE SYNTAX SEQUENCE OF DnsResCounterTableEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "Table of the current count of resolver queries and answers." ::= { dnsResCounter 3 } dnsResCounterTableEntry OBJECT-TYPE SYNTAX DnsResCounterTableEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "Entry in the resolver counter table. Entries are Expires December 10,1993 [Page 14] draft DNS Resolver MIB June 93 indexed by dns OpCode." INDEX { dnsResCounterOpCode } ::= { dnsResCounterTable 1 } DnsResCounterTableEntry ::= SEQUENCE { dnsResCounterOpCode DnsOpCode, dnsResCounterQueries Counter, dnsResCounterResponses Counter } dnsResCounterOpCode OBJECT-TYPE SYNTAX DnsOpCode -- INTEGER (0..15) ACCESS read-only STATUS mandatory DESCRIPTION "The index to this table. The OpCodes that have already been defined are found in RFC1035." ::= { dnsResCounterTableEntry 1 } dnsResCounterQueries OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "Number of queries [total] that have sent out by the resolver since initialization for the OpCode which is the index to this row of the table." ::= { dnsResCounterTableEntry 2 } dnsResCounterResponses OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "Number of responses [total] that have been received by the resolver since initialization for the OpCode which is the index to this row of the table." ::= { dnsResCounterTableEntry 3 } -- Resolver Response Code Counter Table dnsResResponseTable OBJECT-TYPE Expires December 10,1993 [Page 15] draft DNS Resolver MIB June 93 SYNTAX SEQUENCE OF DnsResResponseTableEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "Table of the current count of responses to resolver queries." ::= { dnsResCounter 4 } dnsResResponseTableEntry OBJECT-TYPE SYNTAX DnsResResponseTableEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "Entry in the resolver response table. Entries are indexed by DNS response code." INDEX { dnsResResponseCode } ::= { dnsResResponseTable 1 } DnsResResponseTableEntry ::= SEQUENCE { dnsResResponseCode DnsRespCode, dnsResResponses Counter } dnsResResponseCode OBJECT-TYPE SYNTAX DnsRespCode -- INTEGER (0..15) ACCESS read-only STATUS mandatory DESCRIPTION "The index to this table. The Response Codes that have already been defined are found in RFC1035." ::= { dnsResResponseTableEntry 1 } dnsResResponses OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "Number of responses the resolver has received for the response code value which identifies this row of the table." ::= { dnsResResponseTableEntry 2 } -- Additional DNS Resolver Counter Objects Expires December 10,1993 [Page 16] draft DNS Resolver MIB June 93 dnsResCounterNonAuthDataResps OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "Number of requests made by the resolver for which a non-authoritative answer (cached data) was received." ::= { dnsResCounter 5 } dnsResCounterNonAuthNoDataResps OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "Number of requests made by the resolver for which a non-authoritative answer - no such data response (empty answer) was received." ::= { dnsResCounter 6 } dnsResCounterMartians OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "Number of responses received which were received from servers that the resolver does not think it asked." ::= { dnsResCounter 7 } dnsResCounterRecdResponses OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "Number of responses received to all queries." ::= { dnsResCounter 8 } dnsResCounterUnparseResps OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "Number of responses received which were unparseable." ::= { dnsResCounter 9 } dnsResCounterFallbacks OBJECT-TYPE Expires December 10,1993 [Page 17] draft DNS Resolver MIB June 93 SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "Number of times the resolver had to fall back to its seat belt information." ::= { dnsResCounter 10 } -- Resolver Cache Group -- The implementation of the Resolver Cache Group is mandatory for -- all systems which implement a cache. dnsResCacheStatus OBJECT-TYPE SYNTAX INTEGER { enabled (1), disabled (2) } ACCESS read-only STATUS mandatory DESCRIPTION "Status of the resolver's cache. ENABLED means that the use of the cache is allowed. DISABLED means that the cache is not being used." ::= { dnsResCache 1 } dnsResCacheValid OBJECT-TYPE SYNTAX DnsValid ACCESS read-write STATUS mandatory DESCRIPTION "Setting this to CLEAR deletes the resolver's entire cache." ::= { dnsResCache 2 } dnsResCacheMaxTTL OBJECT-TYPE SYNTAX DnsTime ACCESS read-write STATUS mandatory DESCRIPTION "Maximum Time-To-Live for RRs in this cache. If the resolver does not implement a TTL ceiling, the value of this field should be hexadecimal FFFFFFFF." ::= { dnsResCache 3 } Expires December 10,1993 [Page 18] draft DNS Resolver MIB June 93 -- Resolver Cache Table -- The Resolver Cache Table contains information about Resource -- Records currently in the resolver's cache. dnsResCacheTable OBJECT-TYPE SYNTAX SEQUENCE OF DnsResCacheEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "The entire contents of the resolver's cache." ::= { dnsResCache 4 } dnsResCacheEntry OBJECT-TYPE SYNTAX DnsResCacheEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "A single entry in the resolvers's cache." INDEX { dnsResCacheName, dnsResCacheClass, dnsResCacheType, dnsResCacheIndex } ::= { dnsResCacheTable 1 } DnsResCacheEntry ::= SEQUENCE { dnsResCacheName DnsName, dnsResCacheClass DnsClass, dnsResCacheType DnsType, dnsResCacheTTL DnsTime, dnsResCacheElapsedTTL DnsTime, dnsResCacheSource IpAddress, dnsResCacheRData OCTET STRING, dnsResCacheEntryValid DnsValid, dnsResCacheIndex INTEGER } dnsResCacheName OBJECT-TYPE Expires December 10,1993 [Page 19] draft DNS Resolver MIB June 93 SYNTAX DnsName -- OCTET STRING ACCESS read-only STATUS mandatory DESCRIPTION "Owner name of the Resource Record in the cache which is identified in this row of the table. As described in RFC1034, the owner of the record is the domain name were the RR is found." ::= { dnsResCacheEntry 1 } dnsResCacheClass OBJECT-TYPE SYNTAX DnsClass -- INTEGER (0..65535) ACCESS read-only STATUS mandatory DESCRIPTION "DNS class of the Resource Record in the cache which is identified in this row of the table." ::= { dnsResCacheEntry 2 } dnsResCacheType OBJECT-TYPE SYNTAX DnsType -- INTEGER (0..65535) ACCESS read-only STATUS mandatory DESCRIPTION "DNS type of the Resource Record in the cache which is identified in this row of the table." ::= { dnsResCacheEntry 3 } dnsResCacheTTL OBJECT-TYPE SYNTAX DnsTime ACCESS read-only STATUS mandatory DESCRIPTION "Time-To-Live of RR in DNS cache. This is the initial TTL value which was received with the RR when it was originally received." ::= { dnsResCacheEntry 4 } dnsResCacheElapsedTTL OBJECT-TYPE SYNTAX DnsTime ACCESS read-only STATUS mandatory DESCRIPTION "Elapsed seconds since RR was received." ::= { dnsResCacheEntry 5 } Expires December 10,1993 [Page 20] draft DNS Resolver MIB June 93 dnsResCacheSource OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "Host from which RR was received, 0.0.0.0 if unknown." ::= { dnsResCacheEntry 6 } dnsResCacheRData OBJECT-TYPE SYNTAX OCTET STRING ACCESS read-only STATUS mandatory DESCRIPTION "RDATA portion of a cached RR." ::= { dnsResCacheEntry 7 } dnsResCacheEntryValid OBJECT-TYPE SYNTAX DnsValid ACCESS read-write STATUS mandatory DESCRIPTION "Set to CLEAR to delete this RR entry from the cache table." ::= { dnsResCacheEntry 8 } dnsResCacheIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "A value which makes entries in the table unqiue when the other index values - dnsResCacheName, dnsResCacheClass, and dnsResCacheType do not provide uniqueness." ::= { dnsResCacheEntry 9 } -- Resolver Negative Cache Group -- The implementation of the Resolver Negative Cache group is -- mandatory for all systems which implement negative a negative -- cache function. dnsResNCacheStatus OBJECT-TYPE SYNTAX INTEGER { enabled (1), disabled (2) Expires December 10,1993 [Page 21] draft DNS Resolver MIB June 93 } ACCESS read-only STATUS mandatory DESCRIPTION "Status of the resolver's negative cache. ENABLED means that the use of the negative cache is allowed. DISABLED means that the negative caching is not being used." ::= { dnsResNCache 1 } dnsResNCacheValid OBJECT-TYPE SYNTAX DnsValid ACCESS read-write STATUS mandatory DESCRIPTION "Setting this to CLEAR deletes the resolver's entire negative response cache." ::= { dnsResNCache 2 } dnsResNCacheMaxTTL OBJECT-TYPE SYNTAX DnsTime ACCESS read-write STATUS mandatory DESCRIPTION "Maximum Time-To-Live for cached authoritative errors. If the resolver does not implement a TTL ceiling, the value of this field should be hexadecimal FFFFFFFF." ::= { dnsResNCache 3 } -- Resolver Negative Cache Table -- The Resolver Negative Cache Table contains information about -- authoritative errors that have been cached by the resolver. dnsResNCacheTable OBJECT-TYPE SYNTAX SEQUENCE OF DnsResNCacheEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "The resolver's negative response cache." ::= { dnsResNCache 4 } dnsResNCacheEntry OBJECT-TYPE Expires December 10,1993 [Page 22] draft DNS Resolver MIB June 93 SYNTAX DnsResNCacheEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "An entry in the resolver's negative response cache." INDEX { dnsResNCacheErrQName, dnsResNCacheErrQClass, dnsResNCacheErrQType, dnsResNCacheIndex } ::= { dnsResNCacheTable 1 } DnsResNCacheEntry ::= SEQUENCE { dnsResNCacheErrQName DnsName, dnsResNCacheErrQClass DnsQClass, dnsResNCacheErrQType DnsQType, dnsResNCacheErrTTL DnsTime, dnsResNCacheErrElapsedTTL DnsTime, dnsResNCacheErrSource IpAddress, dnsResNCacheErrCode INTEGER, dnsResNCacheErrValid DnsValid, dnsResNCacheIndex INTEGER } dnsResNCacheErrQName OBJECT-TYPE SYNTAX DnsName -- OCTET STRING ACCESS read-only STATUS mandatory DESCRIPTION "QNAME associated with a cached authoritative error." ::= { dnsResNCacheEntry 1 } dnsResNCacheErrQClass OBJECT-TYPE SYNTAX DnsQClass -- INTEGER (0..65535) ACCESS read-only STATUS mandatory DESCRIPTION "DNS QCLASS associated with a cached authoritative error." ::= { dnsResNCacheEntry 2 } Expires December 10,1993 [Page 23] draft DNS Resolver MIB June 93 dnsResNCacheErrQType OBJECT-TYPE SYNTAX DnsQType -- INTEGER (0..65535) ACCESS read-only STATUS mandatory DESCRIPTION "DNS QTYPE associated with a cached authoritative error." ::= { dnsResNCacheEntry 3 } dnsResNCacheErrTTL OBJECT-TYPE SYNTAX DnsTime ACCESS read-only STATUS mandatory DESCRIPTION "Time-To-Live of a cached authoritative error at the time of the error, it should not be decremented by the number of seconds since it was recieved. This should be the TTL as copied from the MINIMUM field of the SOA that accompanied the authoritative error." ::= { dnsResNCacheEntry 4 } dnsResNCacheErrElapsedTTL OBJECT-TYPE SYNTAX DnsTime ACCESS read-only STATUS mandatory DESCRIPTION "Elapsed seconds since authoritative error was received." ::= { dnsResNCacheEntry 5 } dnsResNCacheErrSource OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "Host which sent the authoritative error, 0.0.0.0 if unknown." ::= { dnsResNCacheEntry 6 } dnsResNCacheErrCode OBJECT-TYPE SYNTAX INTEGER { nonexistantName (1), noData (2), other (3) } ACCESS read-only STATUS mandatory Expires December 10,1993 [Page 24] draft DNS Resolver MIB June 93 DESCRIPTION "The authoritative error that has been cached. NonexistantName indicates an authoritative name error. NoData indicates an authoritative response with no error and no relevant data." ::= { dnsResNCacheEntry 7 } dnsResNCacheErrValid OBJECT-TYPE SYNTAX DnsValid ACCESS read-write STATUS mandatory DESCRIPTION "Set to CLEAR to delete this cached error." ::= { dnsResNCacheEntry 8 } dnsResNCacheIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "A value which makes entries in the table unique when the other index values - dnsResNCacheErrQName, dnsResNCacheErrQClass, and dnsResNCacheErrQType do not provide uniqueness." ::= { dnsResNCacheEntry 9 } -- Resolver Statistics Group -- The implementation of the Resolver Statistics Group is -- mandatory for all resolver software implementations. dnsResStatGoodCaches OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "Number of RRs the resolver has cached successfully." ::= { dnsResStats 1 } dnsResStatBadCaches OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "Number of RRs the resolver has refused to cache Expires December 10,1993 [Page 25] draft DNS Resolver MIB June 93 because they appear to be dangerous or irrelevant. E.g., RRs with suspiciously high TTLs, unsolicited root information, or that just don't appear to be relevant to the question the resolver asked." ::= { dnsResStats 2 } dnsResStatGoodNCaches OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "Number of authoritative errors the resolver has cached successfully." ::= { dnsResStats 3 } dnsResStatBadNCaches OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "Number of authoritative errors the resolver would have liked to cache but was unable to because the appropriate SOA RR was not supplied or looked suspicious." ::= { dnsResStats 4 } -- Lame Delegation Table -- A lame delegation occurs when a parent zone delagates authority for a -- child zone to a server that appears not to think that it is -- authoritative for the child zone in question. dnsResLameDelegationTable OBJECT-TYPE SYNTAX SEQUENCE OF DnsResLameDelegationEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "Table of name servers returning lame delegations." ::= { dnsResStats 5 } dnsResLameDelegationEntry OBJECT-TYPE SYNTAX DnsResLameDelegationEntry ACCESS not-accessible STATUS mandatory DESCRIPTION Expires December 10,1993 [Page 26] draft DNS Resolver MIB June 93 "Entry in lame delegation table." INDEX { dnsResLameDelegationSource, dnsResLameDelegationName, dnsResLameDelegationClass } ::= { dnsResLameDelegationTable 1 } DnsResLameDelegationEntry ::= SEQUENCE { dnsResLameDelegationSource IpAddress, dnsResLameDelegationName DnsName, dnsResLameDelegationClass DnsClass, dnsResLameDelegationCounts Counter, dnsResLameDelegationValid DnsValid } dnsResLameDelegationSource OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "Source of lame delegation." ::= { dnsResLameDelegationEntry 1 } dnsResLameDelegationName OBJECT-TYPE SYNTAX DnsName ACCESS read-only STATUS mandatory DESCRIPTION "DNS name for which lame delegation was received." ::= { dnsResLameDelegationEntry 2 } dnsResLameDelegationClass OBJECT-TYPE SYNTAX DnsClass -- INTEGER (0..65535) ACCESS read-only STATUS mandatory DESCRIPTION "DNS class of received lame delegation." ::= { dnsResLameDelegationEntry 3 } dnsResLameDelegationCounts OBJECT-TYPE SYNTAX Counter Expires December 10,1993 [Page 27] draft DNS Resolver MIB June 93 ACCESS read-only STATUS mandatory DESCRIPTION "How many times this lame delegation has been received." ::= { dnsResLameDelegationEntry 4 } dnsResLameDelegationValid OBJECT-TYPE SYNTAX DnsValid ACCESS read-write STATUS mandatory DESCRIPTION "Set to CLEAR to delete this lame delegation entry." ::= { dnsResLameDelegationEntry 5 } -- Resolver Optional Counters Group -- Implementation of the Resolver Optional counters group is optional. dnsResOptCounterReferals OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "Number of responses which were received from servers redirecting query to another server." ::= { dnsResOptCounter 1 } dnsResOptCounterRetrans OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "Number requests retransmitted for all reasons." ::= { dnsResOptCounter 2 } dnsResOptCounterNoResponses OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "Number of queries that were retransmitted because of no response." ::= { dnsResOptCounter 3 } dnsResOptCounterRootRetrans OBJECT-TYPE Expires December 10,1993 [Page 28] draft DNS Resolver MIB June 93 SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "Number of queries that were retransmitted that were to root servers." ::= { dnsResOptCounter 4 } dnsResOptCounterInternals OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "Number of requests internally generated by the resolver." ::= { dnsResOptCounter 5 } dnsResOptCounterInternalTimeOuts OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "Number of requests internally generated which timed out." ::= { dnsResOptCounter 6 } END Expires December 10,1993 [Page 29] draft DNS Resolver MIB June 93 7. Acknowledgements This document is the result of work undertaken the by DNS working group. In addition, the contributions and comments of the following members are also specially acknowledged: Philip Almquist, Computer Communication consultant Joe Peck, Digital Equipment Corporation Frank Kastenholz, FTP Software Win Treese, Digital Equipment Corporation Mimi Zohar, IBM Expires December 10,1993 [Page 30] draft DNS Resolver MIB June 93 8. References J. Reynolds and J. Postel, Assigned Numbers. Internet Working Group Request for Comments 1010. Network Information Center, SRI International, Menlo Park, California, (May, 1987). M. Stahl, Domain Administrators Guide. Internet Working Group Request for Comments 1032. Network Information Center, SRI International, Menlo Park, California, (November, 1987). M. Lottor, Domain Administrators Operations Guide, Internet Working Group Request for Comments 1033. Network Information Center, SRI International, Menlo Park, California, (November, 1987). P. Mockapetris, Domain Names - Concepts and Facilities, Internet Working Group Request for Comments 1034. Network Information Center, SRI International, Menlo Park, California, (November, 1987). P. Mockapetris, Domain Names - Implementation and Specification, Internet Working Group Request for Comments 1035. Network Information Center, SRI International, Menlo Park, California, (November, 1987). V. Cerf, IAB Recommendations for the Development of Internet Network Management Standards. Internet Working Group Request for Comments 1052. Network Information Center, SRI International, Menlo Park, California, (April, 1988). R. Braden (editor) Requirements for Internet Hosts -- Application and Support, Internet Working Group Request for Comments 1123. Network Information Center, SRI International,Menlo Park, California, (October, 1989). M.T. Rose and K. McCloghrie, Structure and Identification of Management Information for TCP/IP-based internets, Internet Working Group Request for Comments 1155. Network Information Center, SRI International, Menlo Park, California, (May, 1990). K. McCloghrie and M.T. Rose, Management Information Base Expires December 10,1993 [Page 31] draft DNS Resolver MIB June 93 for Network Management of TCP/IP-based internets, Internet Working Group Request for Comments 1156, Network Information Center, SRI International, Menlo Park, California, (May, 1990). J.D. Case, M.S. Fedor, M.L. Schoffstall, and J.R. Davin, Simple Network Management Protocol, Internet Working Group Request for Comments 1157. Network Information Center, SRI International, Menlo Park, California, (May, 1990). M.T. Rose, The Open Book, A Practical Perspective on OSI. Prentice Hall, Englewood Cliffs, New Jersey, (1990). M.T. Rose and K. McCloghrie (editors) Concise MIB Definitions, Internet Working Group Request for Comments 1212, Network Information Center, SRI International, Menlo Park, California, (March, 1991). K. McCloghrie and M.T. Rose (editors), Management Information Base for Network Management of TCP/IP-based internets: MIB-II, Internet Working Group Request for Comments 1213. Network Information Center, SRI International, Menlo Park, California, (March, 1991). Expires December 10,1993 [Page 32] draft DNS Resolver MIB June 93 9. Security Considerations Security issues are not discussed in this memo. 10. Author's Addresses Rob Austein Epilogue Technology Corporation 268 Main Street, Suite 283 North Reading, MA 01864 USA Voice: +1 617 942 0915 Email: sra@epilogue.com Jon Saperia Digital Equipment Corporation 153 Taylor Street M/S TAY2-2/B5 Littleton, MA 01460 Voice: +1 508-952-3171 Email: saperia@tay.dec.com Expires December 10,1993 [Page 33] draft DNS Resolver MIB June 93 Table of Contents 1 Introduction .......................................... 3 2 The Network Management Framework ...................... 4 2.1 Object Definitions .................................. 4 2.2 Format of Definitions ............................... 4 3 Overview .............................................. 5 4 Selected Objects ...................................... 7 5 Textual Conventions ................................... 8 6 Definitions ........................................... 9 7 Acknowledgements ...................................... 30 8 References ............................................ 31 9 Security Considerations ............................... 33 10 Author's Addresses ................................... 33 Expires December 10,1993 [Page 34]