A Data Model for configuring Domain Name System (DNS) Zone Provisioning on Authoritative NameserversPowerDNSDen HaagNetherlandspieter.lexis@powerdns.comCZ.NICCZlhotka@nic.czCZ.NICCZpetr.spacek@nic.czInternet Systems ConsortiumCZondrej@isc.orgNLnet LabsScience Park 400Amsterdam1098 XHNetherlandswillem@nlnetlabs.nl
Internet
DNSOP Working GroupThis document describes a data model for configuring DNS Zone provisioning
on authoritative nameservers. This data model only includes definitions for
configuration of primary and secondary relationships.
The purpose of this document is to enumerate the properties involved in
managing zone provisioning, for usage in managing zone provisioning
methods, such as catalog zones or NETCONF.
This document describes a data model for configuring DNS Zone provisioning
on authoritative nameservers. The model consists of a list of DNS Zones.
Besides the name of the zone, each zone MAY contain properties for
provisioning of those zones on primary and secondary nameservers.
The key words "MUST", "MUST NOT", "REQUIRED",
"SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT",
"RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
BCP 14 when, and only when, they appear in all
capitals, as shown here.
The optional properties for primary nameservers are:
notify-toWhich value consists of an IP address (with optional port-number)
of the secondary nameserver to notify about changes to the zone,
and an optional TSIG key (See ) with which the NOTIFY
message - which is used to send the notification - is signed.
If no port-number is given, port 53 is assumed.
allow-transferWhich value consist of a subnet in which the IP address of the
secondary nameserver requesting a transfer has to fall, with an
optional TSIG key with which the transfer request (either AXFR
AXFR or IXFR ) has to be signed and which
will be used to sign the messages that will convey the complete
or partial DNS Zone.
The optional properties for secondary nameservers are:
allow-notifyWhich value consist of a subnet in which the IP address of the
primary nameserver which is signaling that the DNS Zone has changed
must fall, and an optional TSIG with which the NOTIFY message use
MUST be signed.
transfer-fromWhich value consists of an IP address (with optional port-number) of
the primary nameserver from which to transfer the complete or partial
DNS Zone, with an optional TSIG which MUST be used to send the AXFR
or IXFR request and with which the transferred Zone data MUST be
verified.
If no port-number is given, port 53 is assumed.
This document defined the YANG module "ietf-dns-zone-provisioning", which
has the following tree structure.
This document registers the following namespace URI in the "ns"
subregistry of the "IETF XML Registry" [RFC3688]:
URI: urn:ietf:params:xml:ns:yang:ietf-restconf-subscribed-notificationsRegistrant Contact: The IESG.XML: N/A; the requested URI is an XML namespace.This document registers the following YANG module in the "YANG Module
Names" registry :
Name: ietf-restconf-subscribed-notificationsNamespace: urn:ietf:params:xml:ns:yang:ietf-dns-zone-provisioningPrefix: dnszpReference: RFCXXXXInstances of the data model defined in this document contain
sensitive information with which eavesdroppers can interfere in DNS Zone
provisioning and potentially even alter DNS Zone content.
Care must be taken that instances of this data model are only conveyed
over secure authenticated and encrypted channels.
Thanks to