Start with section "Zone content"

NLnetLabs · Jun 26, 2024 · 291dd72 · 291dd72
1 parent 3a1d824
commit 291dd72
Showing 1 changed file with 64 additions and 5 deletions.
diff --git a/draft-homburg-deleg-incremental-deleg.md b/draft-homburg-deleg-incremental-deleg.md
@@ -82,14 +82,19 @@ This document describes a delegation mechanism for the Domain Name System (DNS)
 2. Outsourcing operation of the delegation.
 3. DNSSEC protection of the delegation.
 
-The mechanism is designed with minimal adaption to components and to current DNS practice in mind (such as what data is authoritative) to maximize ease of implementation and deployment, without sacrificing resolution performance.
+Other properties of this mechanisms design are to:
 
-<!--
-Sections {{}}, {{}}, {{}} elaborate on
+{:start="4"}
+4. Minimize the needed changes to DNS components and DNS practice (such as what data is authoritative), with the goal to maximize ease of implementation and deployment
+5. Not sacrifice resolution performance.
+
+How these properties are met is elaborated upon further in this document referencing the bullet points above.
 
+<!--
+// Something like this somewhere
 ## Signaling capabilities
 
-What capabilities and associated details are signaled is extensible to support future uses (such as keys for encrypting the TLS ClientHello {{?I-D.ietf-tls-esni}}).
+What capabilities and associated details are signaled is extensible to support future uses (such as keys for encrypting the TLS ClientHello {{}}?I-D.ietf-tls-esni).
 
 ## Outsourcing operation of the delegation
 
@@ -101,12 +106,66 @@ What capabilities and associated details are signaled is extensible to support f
 
 {::boilerplate bcp14-tagged}
 
+<!-- TODO for terminology: delegating zone, delegation name, subzone, delegation point,  -->
+
+# Zone content
+
+An extensible delegation is realized with an SVCB resource record (RR) set (RRset) {{!RFC9460}} below a specially for the purpose reserved label with the name `_deleg`, at the apex of the delegating zone.
+The `_label` scopes the interpretation of the SVCB records and requires registration in the "Underscored and Globally Scoped DNS Node Names" {{!RFC8552}} {{IANA}}.
+The full scoping of delegations includes the labels that are below the `_label` and those, together with the name of the delegating domain, make up the name that is delegated to.
+For example, if the delegating zone is `example.`, then a delegation to subzone `customer.example.` is realized by an SVCB RRset at the name `customer._deleg.example.` in the parent zone.
+A fully scoped delegation name (such as `customer._deleg.example.`) is referred to further in this document as the "delegation point".
+
+The use of the SVCB RR type requires a mapping document for each service type.
+This document uses the SVCB for the "dns" service type and the contents of the SVCB SvcParams MUST be interpreted as specified in Service Binding Mapping for DNS Servers {{!RFC9461}}.
+At the delegation point (for example `customer._deleg.example.`), the host names of the authoritative name servers for the subzone, are given in the TargetName RDATA field of SVCB records in ServiceMode.
+Port Prefix Naming {{Section 3 of !RFC9461}} is not used at the delegation point, but MUST be used when resolving the aliased to name server with SVCB RRs in AliasMode.
+
+Note that if the delegation is outsourcing to a single operator represented in a single SVCB RRset, for performance reasons it is RECOMMENDED to refer to the name of the operator's SVCB RRset with a CNAME on the delegation point instead of an SVCB RR in AliasMode {{Section 10.2 of !RFC9460}}.
+
+## Examples
+
+### One name server within the subzone
+
+    $ORIGIN example.
+    @                  IN  SOA   ns zonemaster ...
+    customer1._deleg   IN  SVCB  1 ns.customer1 (
+                                   ipv6hint=2001:db8:1::1,2001:db8:2::1
+                                   ipv4hint=198.51.100.1,203.0.113.1 )
+
+### Two name servers within the subzone
+
+    $ORIGIN example.
+    @                  IN  SOA   ns zonemaster ...
+    customer2._deleg   IN  SVCB  1 ns1.customer2 ( ipv6hint=2001:db8:1::1
+                                                   ipv4hint=198.51.100.1 )
+                       IN  SVCB  1 ns2.customer2 ( ipv6hint=2001:db8:2::1
+                                                   ipv4hint=203.0.113.1 )
+
+### Outsourced to a single operator
+
+    $ORIGIN example.
+    @                  IN  SOA   ns zonemaster ...
+    customer3._deleg   IN  CNAME _dns.ns.operator1
+
+Where the operator SVCB RRset could be:
+
+    $ORIGIN operator1.example.
+    @                  IN  SOA   ns zonemaster ...
+    _dns.ns            IN  SVCB  1 ns ( ipv6hint=2001:db8:3::1
+                                        ipv4hint=192.0.2.1
+                                        alpn=h2,dot,h3,doq
+                                        dohpath=/q{?dns} )
+    ns                 IN  AAAA  2001:db8:3::1
+                       IN  A     192.0.2.1
+
+
 # Security Considerations
 
 TODO Security
 
 
-# IANA Considerations
+# IANA Considerations {#IANA}
 
 This document has no IANA actions.