7 Network Working Group R. Austein
8 Request for Comments: 1612 Epilogue Technology Corporation
9 Category: Standards Track J. Saperia
10 Digital Equipment Corporation
14 DNS Resolver MIB Extensions
18 This document specifies an Internet standards track protocol for the
19 Internet community, and requests discussion and suggestions for
20 improvements. Please refer to the current edition of the "Internet
21 Official Protocol Standards" (STD 1) for the standardization state
22 and status of this protocol. Distribution of this memo is unlimited.
26 1. Introduction .............................................. 1
27 2. The SNMPv2 Network Management Framework ................... 2
28 2.1 Object Definitions ....................................... 2
29 3. Overview .................................................. 2
30 3.1 Resolvers ................................................ 3
31 3.2 Name Servers ............................................. 3
32 3.3 Selected Objects ......................................... 4
33 3.4 Textual Conventions ...................................... 4
34 4. Definitions ............................................... 5
35 5. Acknowledgements .......................................... 30
36 6. References ................................................ 30
37 7. Security Considerations ................................... 32
38 8. Authors' Addresses ........................................ 32
42 This memo defines a portion of the Management Information Base (MIB)
43 for use with network management protocols in the Internet community.
44 In particular, it describes a set of extensions which instrument DNS
45 resolver functions. This memo was produced by the DNS working group.
47 With the adoption of the Internet-standard Network Management
48 Framework [4,5,6,7], and with a large number of vendor
49 implementations of these standards in commercially available
50 products, it became possible to provide a higher level of effective
51 network management in TCP/IP-based internets than was previously
52 available. With the growth in the use of these standards, it has
53 become possible to consider the management of other elements of the
54 infrastructure beyond the basic TCP/IP protocols. A key element of
58 Austein & Saperia [Page 1]
60 RFC 1612 DNS Resolver MIB May 1994
63 the TCP/IP infrastructure is the DNS.
65 Up to this point there has been no mechanism to integrate the
66 management of the DNS with SNMP-based managers. This memo provides
67 the mechanisms by which IP-based management stations can effectively
68 manage DNS resolver software in an integrated fashion.
70 We have defined DNS MIB objects to be used in conjunction with the
71 Internet MIB to allow access to and control of DNS resolver software
72 via SNMP by the Internet community.
74 2. The SNMPv2 Network Management Framework
76 The SNMPv2 Network Management Framework consists of four major
79 o RFC 1442 which defines the SMI, the mechanisms used for
80 describing and naming objects for the purpose of management.
82 o STD 17, RFC 1213 defines MIB-II, the core set of managed
83 objects for the Internet suite of protocols.
85 o RFC 1445 which defines the administrative and other
86 architectural aspects of the framework.
88 o RFC 1448 which defines the protocol used for network access to
91 The Framework permits new objects to be defined for the purpose of
92 experimentation and evaluation.
94 2.1. Object Definitions
96 Managed objects are accessed via a virtual information store, termed
97 the Management Information Base or MIB. Objects in the MIB are
98 defined using the subset of Abstract Syntax Notation One (ASN.1)
99 defined in the SMI. In particular, each object object type is named
100 by an OBJECT IDENTIFIER, an administratively assigned name. The
101 object type together with an object instance serves to uniquely
102 identify a specific instantiation of the object. For human
103 convenience, we often use a textual string, termed the descriptor, to
104 refer to the object type.
108 In theory, the DNS world is pretty simple. There are two kinds of
109 entities: resolvers and name servers. Resolvers ask questions. Name
110 servers answer them. The real world, however, is not so simple.
114 Austein & Saperia [Page 2]
116 RFC 1612 DNS Resolver MIB May 1994
119 Implementors have made widely differing choices about how to divide
120 DNS functions between resolvers and servers. They have also
121 constructed various sorts of exotic hybrids. The most difficult task
122 in defining this MIB was to accommodate this wide range of entities
123 without having to come up with a separate MIB for each.
125 We divided up the various DNS functions into two, non-overlapping
126 classes, called "resolver functions" and "name server functions." A
127 DNS entity that performs what we define as resolver functions
128 contains a resolver, and therefore must implement the MIB groups
129 required of all resolvers which are defined in this module. Some
130 resolvers also implement "optional" functions such as a cache, in
131 which case they must also implement the cache group contained in this
132 MIB. A DNS entity which implements name server functions is
133 considered to be a name server, and must implement the MIB groups
134 required for name servers which are defined in a separate module. If
135 the same piece of software performs both resolver and server
136 functions, we imagine that it contains both a resolver and a server
137 and would thus implement both the DNS Server and DNS Resolver MIBs.
141 In our model, a resolver is a program (or piece thereof) which
142 obtains resource records from servers. Normally it does so at the
143 behest of an application, but may also do so as part of its own
144 operation. A resolver sends DNS protocol queries and receives DNS
145 protocol replies. A resolver neither receives queries nor sends
146 replies. A full service resolver is one that knows how to resolve
147 queries: it obtains the needed resource records by contacting a
148 server authoritative for the records desired. A stub resolver does
149 not know how to resolve queries: it sends all queries to a local name
150 server, setting the "recursion desired" flag to indicate that it
151 hopes that the name server will be willing to resolve the query. A
152 resolver may (optionally) have a cache for remembering previously
153 acquired resource records. It may also have a negative cache for
154 remembering names or data that have been determined not to exist.
158 A name server is a program (or piece thereof) that provides resource
159 records to resolvers. All references in this document to "a name
160 server" imply "the name server's role"; in some cases the name
161 server's role and the resolver's role might be combined into a single
162 program. A name server receives DNS protocol queries and sends DNS
163 protocol replies. A name server neither sends queries nor receives
164 replies. As a consequence, name servers do not have caches.
165 Normally, a name server would expect to receive only those queries to
166 which it could respond with authoritative information. However, if a
170 Austein & Saperia [Page 3]
172 RFC 1612 DNS Resolver MIB May 1994
175 name server receives a query that it cannot respond to with purely
176 authoritative information, it may choose to try to obtain the
177 necessary additional information from a resolver which may or may not
178 be a separate process.
180 3.3. Selected Objects
182 Many of the objects included in this memo have been created from
183 information contained in the DNS specifications [1,2], as amended and
184 clarified by subsequent host requirements documents [3]. Other
185 objects have been created based on experience with existing DNS
186 management tools, expected operational needs, the statistics
187 generated by existing DNS implementations, and the configuration
188 files used by existing DNS implementations. These objects have been
189 ordered into groups as follows:
191 o Resolver Configuration Group
193 o Resolver Counter Group
195 o Resolver Lame Delegation Group
197 o Resolver Cache Group
199 o Resolver Negative Cache Group
201 o Resolver Optional Counter Group
203 This information has been converted into a standard form using the
204 SNMPv2 SMI defined in [9]. For the most part, the descriptions are
205 influenced by the DNS related RFCs noted above. For example, the
206 descriptions for counters used for the various types of queries of
207 DNS records are influenced by the definitions used for the various
208 record types found in [2].
210 3.4. Textual Conventions
212 Several conceptual data types have been introduced as a textual
213 conventions in the DNS Server MIB document and have been imported
214 into this MIB module. These additions will facilitate the common
215 understanding of information used by the DNS. No changes to the SMI
216 or the SNMP are necessary to support these conventions.
218 Readers familiar with MIBs designed to manage entities in the lower
219 layers of the Internet protocol suite may be surprised at the number
220 of non-enumerated integers used in this MIB to represent values such
221 as DNS RR class and type numbers. The reason for this choice is
222 simple: the DNS itself is designed as an extensible protocol,
226 Austein & Saperia [Page 4]
228 RFC 1612 DNS Resolver MIB May 1994
231 allowing new classes and types of resource records to be added to the
232 protocol without recoding the core DNS software. Using non-
233 enumerated integers to represent these data types in this MIB allows
234 the MIB to accommodate these changes as well.
238 DNS-RESOLVER-MIB DEFINITIONS ::= BEGIN
241 MODULE-IDENTITY, OBJECT-TYPE, IpAddress, Counter32, Integer32
243 TEXTUAL-CONVENTION, RowStatus, DisplayString
245 MODULE-COMPLIANCE, OBJECT-GROUP
247 dns, DnsName, DnsNameAsIndex, DnsClass, DnsType, DnsQClass,
248 DnsQType, DnsTime, DnsOpCode, DnsRespCode
253 dnsResMIB MODULE-IDENTITY
254 LAST-UPDATED "9401282250Z"
255 ORGANIZATION "IETF DNS Working Group"
258 Postal: Epilogue Technology Corporation
259 268 Main Street, Suite 283
260 North Reading, MA 10864
264 E-Mail: sra@epilogue.com
267 Postal: Digital Equipment Corporation
270 Nashua, NH 03062-2698
274 E-mail: saperia@zko.dec.com"
276 "The MIB module for entities implementing the client
277 (resolver) side of the Domain Name System (DNS)
282 Austein & Saperia [Page 5]
284 RFC 1612 DNS Resolver MIB May 1994
289 dnsResMIBObjects OBJECT IDENTIFIER ::= { dnsResMIB 1 }
291 -- (Old-style) groups in the DNS resolver MIB.
293 dnsResConfig OBJECT IDENTIFIER ::= { dnsResMIBObjects 1 }
294 dnsResCounter OBJECT IDENTIFIER ::= { dnsResMIBObjects 2 }
295 dnsResLameDelegation OBJECT IDENTIFIER ::= { dnsResMIBObjects 3 }
296 dnsResCache OBJECT IDENTIFIER ::= { dnsResMIBObjects 4 }
297 dnsResNCache OBJECT IDENTIFIER ::= { dnsResMIBObjects 5 }
298 dnsResOptCounter OBJECT IDENTIFIER ::= { dnsResMIBObjects 6 }
301 -- Resolver Configuration Group
303 dnsResConfigImplementIdent OBJECT-TYPE
308 "The implementation identification string for the
309 resolver software in use on the system, for example;
311 ::= { dnsResConfig 1 }
313 dnsResConfigService OBJECT-TYPE
314 SYNTAX INTEGER { recursiveOnly(1),
316 recursiveAndIterative(3) }
320 "Kind of DNS resolution service provided:
322 recursiveOnly(1) indicates a stub resolver.
324 iterativeOnly(2) indicates a normal full service
327 recursiveAndIterative(3) indicates a full-service
328 resolver which performs a mix of recursive and iterative
330 ::= { dnsResConfig 2 }
332 dnsResConfigMaxCnames OBJECT-TYPE
333 SYNTAX INTEGER (0..2147483647)
334 MAX-ACCESS read-write
338 Austein & Saperia [Page 6]
340 RFC 1612 DNS Resolver MIB May 1994
345 "Limit on how many CNAMEs the resolver should allow
346 before deciding that there's a CNAME loop. Zero means
347 that resolver has no explicit CNAME limit."
349 "RFC-1035 section 7.1."
350 ::= { dnsResConfig 3 }
352 -- DNS Resolver Safety Belt Table
354 dnsResConfigSbeltTable OBJECT-TYPE
355 SYNTAX SEQUENCE OF DnsResConfigSbeltEntry
356 MAX-ACCESS not-accessible
359 "Table of safety belt information used by the resolver
360 when it hasn't got any better idea of where to send a
361 query, such as when the resolver is booting or is a stub
363 ::= { dnsResConfig 4 }
365 dnsResConfigSbeltEntry OBJECT-TYPE
366 SYNTAX DnsResConfigSbeltEntry
367 MAX-ACCESS not-accessible
370 "An entry in the resolver's Sbelt table.
371 Rows may be created or deleted at any time by the DNS
372 resolver and by SNMP SET requests. Whether the values
373 changed via SNMP are saved in stable storage across
374 `reset' operations is implementation-specific."
375 INDEX { dnsResConfigSbeltAddr,
376 dnsResConfigSbeltSubTree,
377 dnsResConfigSbeltClass }
378 ::= { dnsResConfigSbeltTable 1 }
380 DnsResConfigSbeltEntry ::=
382 dnsResConfigSbeltAddr
384 dnsResConfigSbeltName
386 dnsResConfigSbeltRecursion
388 dnsResConfigSbeltPref
390 dnsResConfigSbeltSubTree
394 Austein & Saperia [Page 7]
396 RFC 1612 DNS Resolver MIB May 1994
400 dnsResConfigSbeltClass
402 dnsResConfigSbeltStatus
406 dnsResConfigSbeltAddr OBJECT-TYPE
408 MAX-ACCESS not-accessible
411 "The IP address of the Sbelt name server identified by
412 this row of the table."
413 ::= { dnsResConfigSbeltEntry 1 }
415 dnsResConfigSbeltName OBJECT-TYPE
417 MAX-ACCESS read-create
420 "The DNS name of a Sbelt nameserver identified by this
421 row of the table. A zero-length string indicates that
422 the name is not known by the resolver."
423 ::= { dnsResConfigSbeltEntry 2 }
425 dnsResConfigSbeltRecursion OBJECT-TYPE
426 SYNTAX INTEGER { iterative(1),
428 recursiveAndIterative(3) }
429 MAX-ACCESS read-create
432 "Kind of queries resolver will be sending to the name
433 server identified in this row of the table:
435 iterative(1) indicates that resolver will be directing
436 iterative queries to this name server (RD bit turned
439 recursive(2) indicates that resolver will be directing
440 recursive queries to this name server (RD bit turned
443 recursiveAndIterative(3) indicates that the resolver
444 will be directing both recursive and iterative queries
445 to the server identified in this row of the table."
446 ::= { dnsResConfigSbeltEntry 3 }
450 Austein & Saperia [Page 8]
452 RFC 1612 DNS Resolver MIB May 1994
455 dnsResConfigSbeltPref OBJECT-TYPE
456 SYNTAX INTEGER (0..2147483647)
457 MAX-ACCESS read-create
460 "This value identifies the preference for the name server
461 identified in this row of the table. The lower the
462 value, the more desirable the resolver considers this
464 ::= { dnsResConfigSbeltEntry 4 }
466 dnsResConfigSbeltSubTree OBJECT-TYPE
467 SYNTAX DnsNameAsIndex
468 MAX-ACCESS not-accessible
471 "Queries sent to the name server identified by this row
472 of the table are limited to those for names in the name
473 subtree identified by this variable. If no such
474 limitation applies, the value of this variable is the
475 name of the root domain (a DNS name consisting of a
477 ::= { dnsResConfigSbeltEntry 5 }
479 dnsResConfigSbeltClass OBJECT-TYPE
481 MAX-ACCESS not-accessible
484 "The class of DNS queries that will be sent to the server
485 identified by this row of the table."
486 ::= { dnsResConfigSbeltEntry 6 }
488 dnsResConfigSbeltStatus OBJECT-TYPE
490 MAX-ACCESS read-create
493 "Row status column for this row of the Sbelt table."
494 ::= { dnsResConfigSbeltEntry 7 }
496 dnsResConfigUpTime OBJECT-TYPE
501 "If the resolver has a persistent state (e.g., a
502 process), this value will be the time elapsed since it
506 Austein & Saperia [Page 9]
508 RFC 1612 DNS Resolver MIB May 1994
511 started. For software without persistant state, this
513 ::= { dnsResConfig 5 }
515 dnsResConfigResetTime OBJECT-TYPE
520 "If the resolver has a persistent state (e.g., a process)
521 and supports a `reset' operation (e.g., can be told to
522 re-read configuration files), this value will be the
523 time elapsed since the last time the resolver was
524 `reset.' For software that does not have persistence or
525 does not support a `reset' operation, this value will be
527 ::= { dnsResConfig 6 }
529 dnsResConfigReset OBJECT-TYPE
530 SYNTAX INTEGER { other(1),
534 MAX-ACCESS read-write
537 "Status/action object to reinitialize any persistant
538 resolver state. When set to reset(2), any persistant
539 resolver state (such as a process) is reinitialized as if
540 the resolver had just been started. This value will
541 never be returned by a read operation. When read, one of
542 the following values will be returned:
543 other(1) - resolver in some unknown state;
544 initializing(3) - resolver (re)initializing;
545 running(4) - resolver currently running."
546 ::= { dnsResConfig 7 }
549 -- Resolver Counters Group
551 -- Resolver Counter Table
553 dnsResCounterByOpcodeTable OBJECT-TYPE
554 SYNTAX SEQUENCE OF DnsResCounterByOpcodeEntry
555 MAX-ACCESS not-accessible
558 "Table of the current count of resolver queries and
562 Austein & Saperia [Page 10]
564 RFC 1612 DNS Resolver MIB May 1994
568 ::= { dnsResCounter 3 }
570 dnsResCounterByOpcodeEntry OBJECT-TYPE
571 SYNTAX DnsResCounterByOpcodeEntry
572 MAX-ACCESS not-accessible
575 "Entry in the resolver counter table. Entries are
576 indexed by DNS OpCode."
577 INDEX { dnsResCounterByOpcodeCode }
578 ::= { dnsResCounterByOpcodeTable 1 }
580 DnsResCounterByOpcodeEntry ::=
582 dnsResCounterByOpcodeCode
584 dnsResCounterByOpcodeQueries
586 dnsResCounterByOpcodeResponses
590 dnsResCounterByOpcodeCode OBJECT-TYPE
592 MAX-ACCESS not-accessible
595 "The index to this table. The OpCodes that have already
596 been defined are found in RFC-1035."
598 "RFC-1035 section 4.1.1."
599 ::= { dnsResCounterByOpcodeEntry 1 }
601 dnsResCounterByOpcodeQueries OBJECT-TYPE
606 "Total number of queries that have sent out by the
607 resolver since initialization for the OpCode which is
608 the index to this row of the table."
609 ::= { dnsResCounterByOpcodeEntry 2 }
611 dnsResCounterByOpcodeResponses OBJECT-TYPE
618 Austein & Saperia [Page 11]
620 RFC 1612 DNS Resolver MIB May 1994
624 "Total number of responses that have been received by the
625 resolver since initialization for the OpCode which is
626 the index to this row of the table."
627 ::= { dnsResCounterByOpcodeEntry 3 }
629 -- Resolver Response Code Counter Table
631 dnsResCounterByRcodeTable OBJECT-TYPE
632 SYNTAX SEQUENCE OF DnsResCounterByRcodeEntry
633 MAX-ACCESS not-accessible
636 "Table of the current count of responses to resolver
638 ::= { dnsResCounter 4 }
640 dnsResCounterByRcodeEntry OBJECT-TYPE
641 SYNTAX DnsResCounterByRcodeEntry
642 MAX-ACCESS not-accessible
645 "Entry in the resolver response table. Entries are
646 indexed by DNS response code."
647 INDEX { dnsResCounterByRcodeCode }
648 ::= { dnsResCounterByRcodeTable 1 }
650 DnsResCounterByRcodeEntry ::=
652 dnsResCounterByRcodeCode
654 dnsResCounterByRcodeResponses
658 dnsResCounterByRcodeCode OBJECT-TYPE
660 MAX-ACCESS not-accessible
663 "The index to this table. The Response Codes that have
664 already been defined are found in RFC-1035."
666 "RFC-1035 section 4.1.1."
667 ::= { dnsResCounterByRcodeEntry 1 }
674 Austein & Saperia [Page 12]
676 RFC 1612 DNS Resolver MIB May 1994
679 dnsResCounterByRcodeResponses OBJECT-TYPE
684 "Number of responses the resolver has received for the
685 response code value which identifies this row of the
687 ::= { dnsResCounterByRcodeEntry 2 }
689 -- Additional DNS Resolver Counter Objects
691 dnsResCounterNonAuthDataResps OBJECT-TYPE
696 "Number of requests made by the resolver for which a
697 non-authoritative answer (cached data) was received."
698 ::= { dnsResCounter 5 }
700 dnsResCounterNonAuthNoDataResps OBJECT-TYPE
705 "Number of requests made by the resolver for which a
706 non-authoritative answer - no such data response (empty
707 answer) was received."
708 ::= { dnsResCounter 6 }
710 dnsResCounterMartians OBJECT-TYPE
715 "Number of responses received which were received from
716 servers that the resolver does not think it asked."
717 ::= { dnsResCounter 7 }
719 dnsResCounterRecdResponses OBJECT-TYPE
724 "Number of responses received to all queries."
725 ::= { dnsResCounter 8 }
730 Austein & Saperia [Page 13]
732 RFC 1612 DNS Resolver MIB May 1994
735 dnsResCounterUnparseResps OBJECT-TYPE
740 "Number of responses received which were unparseable."
741 ::= { dnsResCounter 9 }
743 dnsResCounterFallbacks OBJECT-TYPE
748 "Number of times the resolver had to fall back to its
749 seat belt information."
750 ::= { dnsResCounter 10 }
753 -- Lame Delegation Group
755 dnsResLameDelegationOverflows OBJECT-TYPE
760 "Number of times the resolver attempted to add an entry
761 to the Lame Delegation table but was unable to for some
762 reason such as space constraints."
763 ::= { dnsResLameDelegation 1 }
765 -- Lame Delegation Table
767 dnsResLameDelegationTable OBJECT-TYPE
768 SYNTAX SEQUENCE OF DnsResLameDelegationEntry
769 MAX-ACCESS not-accessible
772 "Table of name servers returning lame delegations.
774 A lame delegation has occured when a parent zone
775 delegates authority for a child zone to a server that
776 appears not to think that it is authoritative for the
777 child zone in question."
778 ::= { dnsResLameDelegation 2 }
780 dnsResLameDelegationEntry OBJECT-TYPE
781 SYNTAX DnsResLameDelegationEntry
782 MAX-ACCESS not-accessible
786 Austein & Saperia [Page 14]
788 RFC 1612 DNS Resolver MIB May 1994
793 "Entry in lame delegation table. Only the resolver may
794 create rows in this table. SNMP SET requests may be used
796 INDEX { dnsResLameDelegationSource,
797 dnsResLameDelegationName,
798 dnsResLameDelegationClass }
799 ::= { dnsResLameDelegationTable 1 }
801 DnsResLameDelegationEntry ::=
803 dnsResLameDelegationSource
805 dnsResLameDelegationName
807 dnsResLameDelegationClass
809 dnsResLameDelegationCounts
811 dnsResLameDelegationStatus
815 dnsResLameDelegationSource OBJECT-TYPE
817 MAX-ACCESS not-accessible
820 "Source of lame delegation."
821 ::= { dnsResLameDelegationEntry 1 }
823 dnsResLameDelegationName OBJECT-TYPE
824 SYNTAX DnsNameAsIndex
825 MAX-ACCESS not-accessible
828 "DNS name for which lame delegation was received."
829 ::= { dnsResLameDelegationEntry 2 }
831 dnsResLameDelegationClass OBJECT-TYPE
833 MAX-ACCESS not-accessible
836 "DNS class of received lame delegation."
837 ::= { dnsResLameDelegationEntry 3 }
842 Austein & Saperia [Page 15]
844 RFC 1612 DNS Resolver MIB May 1994
847 dnsResLameDelegationCounts OBJECT-TYPE
852 "How many times this lame delegation has been received."
853 ::= { dnsResLameDelegationEntry 4 }
855 dnsResLameDelegationStatus OBJECT-TYPE
857 MAX-ACCESS read-write
860 "Status column for the lame delegation table. Since only
861 the agent (DNS resolver) creates rows in this table, the
862 only values that a manager may write to this variable
863 are active(1) and destroy(6)."
864 ::= { dnsResLameDelegationEntry 5 }
867 -- Resolver Cache Group
869 dnsResCacheStatus OBJECT-TYPE
870 SYNTAX INTEGER { enabled(1), disabled(2), clear(3) }
871 MAX-ACCESS read-write
874 "Status/action for the resolver's cache.
876 enabled(1) means that the use of the cache is allowed.
877 Query operations can return this state.
879 disabled(2) means that the cache is not being used.
880 Query operations can return this state.
882 Setting this variable to clear(3) deletes the entire
883 contents of the resolver's cache, but does not otherwise
884 change the resolver's state. The status will retain its
885 previous value from before the clear operation (i.e.,
886 enabled(1) or disabled(2)). The value of clear(3) can
887 NOT be returned by a query operation."
888 ::= { dnsResCache 1 }
890 dnsResCacheMaxTTL OBJECT-TYPE
892 MAX-ACCESS read-write
898 Austein & Saperia [Page 16]
900 RFC 1612 DNS Resolver MIB May 1994
903 "Maximum Time-To-Live for RRs in this cache. If the
904 resolver does not implement a TTL ceiling, the value of
905 this field should be zero."
906 ::= { dnsResCache 2 }
908 dnsResCacheGoodCaches OBJECT-TYPE
913 "Number of RRs the resolver has cached successfully."
914 ::= { dnsResCache 3 }
916 dnsResCacheBadCaches OBJECT-TYPE
921 "Number of RRs the resolver has refused to cache because
922 they appear to be dangerous or irrelevant. E.g., RRs
923 with suspiciously high TTLs, unsolicited root
924 information, or that just don't appear to be relevant to
925 the question the resolver asked."
926 ::= { dnsResCache 4 }
928 -- Resolver Cache Table
930 dnsResCacheRRTable OBJECT-TYPE
931 SYNTAX SEQUENCE OF DnsResCacheRREntry
932 MAX-ACCESS not-accessible
935 "This table contains information about all the resource
936 records currently in the resolver's cache."
937 ::= { dnsResCache 5 }
939 dnsResCacheRREntry OBJECT-TYPE
940 SYNTAX DnsResCacheRREntry
941 MAX-ACCESS not-accessible
944 "An entry in the resolvers's cache. Rows may be created
945 only by the resolver. SNMP SET requests may be used to
947 INDEX { dnsResCacheRRName,
954 Austein & Saperia [Page 17]
956 RFC 1612 DNS Resolver MIB May 1994
959 ::= { dnsResCacheRRTable 1 }
961 DnsResCacheRREntry ::=
971 dnsResCacheRRElapsedTTL
981 dnsResCacheRRPrettyName
985 dnsResCacheRRName OBJECT-TYPE
986 SYNTAX DnsNameAsIndex
987 MAX-ACCESS not-accessible
990 "Owner name of the Resource Record in the cache which is
991 identified in this row of the table. As described in
992 RFC-1034, the owner of the record is the domain name
993 were the RR is found."
995 "RFC-1034 section 3.6."
996 ::= { dnsResCacheRREntry 1 }
998 dnsResCacheRRClass OBJECT-TYPE
1000 MAX-ACCESS not-accessible
1003 "DNS class of the Resource Record in the cache which is
1004 identified in this row of the table."
1005 ::= { dnsResCacheRREntry 2 }
1010 Austein & Saperia [Page 18]
1012 RFC 1612 DNS Resolver MIB May 1994
1015 dnsResCacheRRType OBJECT-TYPE
1017 MAX-ACCESS not-accessible
1020 "DNS type of the Resource Record in the cache which is
1021 identified in this row of the table."
1022 ::= { dnsResCacheRREntry 3 }
1024 dnsResCacheRRTTL OBJECT-TYPE
1026 MAX-ACCESS read-only
1029 "Time-To-Live of RR in DNS cache. This is the initial
1030 TTL value which was received with the RR when it was
1031 originally received."
1032 ::= { dnsResCacheRREntry 4 }
1034 dnsResCacheRRElapsedTTL OBJECT-TYPE
1036 MAX-ACCESS read-only
1039 "Elapsed seconds since RR was received."
1040 ::= { dnsResCacheRREntry 5 }
1042 dnsResCacheRRSource OBJECT-TYPE
1044 MAX-ACCESS read-only
1047 "Host from which RR was received, 0.0.0.0 if unknown."
1048 ::= { dnsResCacheRREntry 6 }
1050 dnsResCacheRRData OBJECT-TYPE
1052 MAX-ACCESS read-only
1055 "RDATA portion of a cached RR. The value is in the
1056 format defined for the particular DNS class and type of
1057 the resource record."
1059 "RFC-1035 section 3.2.1."
1060 ::= { dnsResCacheRREntry 7 }
1066 Austein & Saperia [Page 19]
1068 RFC 1612 DNS Resolver MIB May 1994
1071 dnsResCacheRRStatus OBJECT-TYPE
1073 MAX-ACCESS read-write
1076 "Status column for the resolver cache table. Since only
1077 the agent (DNS resolver) creates rows in this table, the
1078 only values that a manager may write to this variable
1079 are active(1) and destroy(6)."
1080 ::= { dnsResCacheRREntry 8 }
1082 dnsResCacheRRIndex OBJECT-TYPE
1084 MAX-ACCESS not-accessible
1087 "A value which makes entries in the table unique when the
1088 other index values (dnsResCacheRRName,
1089 dnsResCacheRRClass, and dnsResCacheRRType) do not
1090 provide a unique index."
1091 ::= { dnsResCacheRREntry 9 }
1093 dnsResCacheRRPrettyName OBJECT-TYPE
1095 MAX-ACCESS read-only
1098 "Name of the RR at this row in the table. This is
1099 identical to the dnsResCacheRRName variable, except that
1100 character case is preserved in this variable, per DNS
1103 "RFC-1035 section 2.3.3."
1104 ::= { dnsResCacheRREntry 10 }
1106 -- Resolver Negative Cache Group
1108 dnsResNCacheStatus OBJECT-TYPE
1109 SYNTAX INTEGER { enabled(1), disabled(2), clear(3) }
1110 MAX-ACCESS read-write
1113 "Status/action for the resolver's negative response
1116 enabled(1) means that the use of the negative response
1117 cache is allowed. Query operations can return this
1122 Austein & Saperia [Page 20]
1124 RFC 1612 DNS Resolver MIB May 1994
1127 disabled(2) means that the negative response cache is
1128 not being used. Query operations can return this state.
1130 Setting this variable to clear(3) deletes the entire
1131 contents of the resolver's negative response cache. The
1132 status will retain its previous value from before the
1133 clear operation (i.e., enabled(1) or disabled(2)). The
1134 value of clear(3) can NOT be returned by a query
1136 ::= { dnsResNCache 1 }
1138 dnsResNCacheMaxTTL OBJECT-TYPE
1140 MAX-ACCESS read-write
1143 "Maximum Time-To-Live for cached authoritative errors.
1144 If the resolver does not implement a TTL ceiling, the
1145 value of this field should be zero."
1146 ::= { dnsResNCache 2 }
1148 dnsResNCacheGoodNCaches OBJECT-TYPE
1150 MAX-ACCESS read-only
1153 "Number of authoritative errors the resolver has cached
1155 ::= { dnsResNCache 3 }
1157 dnsResNCacheBadNCaches OBJECT-TYPE
1159 MAX-ACCESS read-only
1162 "Number of authoritative errors the resolver would have
1163 liked to cache but was unable to because the appropriate
1164 SOA RR was not supplied or looked suspicious."
1166 "RFC-1034 section 4.3.4."
1167 ::= { dnsResNCache 4 }
1169 -- Resolver Negative Cache Table
1171 dnsResNCacheErrTable OBJECT-TYPE
1172 SYNTAX SEQUENCE OF DnsResNCacheErrEntry
1173 MAX-ACCESS not-accessible
1178 Austein & Saperia [Page 21]
1180 RFC 1612 DNS Resolver MIB May 1994
1184 "The resolver's negative response cache. This table
1185 contains information about authoritative errors that
1186 have been cached by the resolver."
1187 ::= { dnsResNCache 5 }
1189 dnsResNCacheErrEntry OBJECT-TYPE
1190 SYNTAX DnsResNCacheErrEntry
1191 MAX-ACCESS not-accessible
1194 "An entry in the resolver's negative response cache
1195 table. Only the resolver can create rows. SNMP SET
1196 requests may be used to delete rows."
1197 INDEX { dnsResNCacheErrQName,
1198 dnsResNCacheErrQClass,
1199 dnsResNCacheErrQType,
1200 dnsResNCacheErrIndex }
1201 ::= { dnsResNCacheErrTable 1 }
1203 DnsResNCacheErrEntry ::=
1205 dnsResNCacheErrQName
1207 dnsResNCacheErrQClass
1209 dnsResNCacheErrQType
1213 dnsResNCacheErrElapsedTTL
1215 dnsResNCacheErrSource
1219 dnsResNCacheErrStatus
1221 dnsResNCacheErrIndex
1223 dnsResNCacheErrPrettyName
1227 dnsResNCacheErrQName OBJECT-TYPE
1228 SYNTAX DnsNameAsIndex
1229 MAX-ACCESS not-accessible
1234 Austein & Saperia [Page 22]
1236 RFC 1612 DNS Resolver MIB May 1994
1240 "QNAME associated with a cached authoritative error."
1242 "RFC-1034 section 3.7.1."
1243 ::= { dnsResNCacheErrEntry 1 }
1245 dnsResNCacheErrQClass OBJECT-TYPE
1247 MAX-ACCESS not-accessible
1250 "DNS QCLASS associated with a cached authoritative
1252 ::= { dnsResNCacheErrEntry 2 }
1254 dnsResNCacheErrQType OBJECT-TYPE
1256 MAX-ACCESS not-accessible
1259 "DNS QTYPE associated with a cached authoritative error."
1260 ::= { dnsResNCacheErrEntry 3 }
1262 dnsResNCacheErrTTL OBJECT-TYPE
1264 MAX-ACCESS read-only
1267 "Time-To-Live of a cached authoritative error at the time
1268 of the error, it should not be decremented by the number
1269 of seconds since it was received. This should be the
1270 TTL as copied from the MINIMUM field of the SOA that
1271 accompanied the authoritative error, or a smaller value
1272 if the resolver implements a ceiling on negative
1273 response cache TTLs."
1275 "RFC-1034 section 4.3.4."
1276 ::= { dnsResNCacheErrEntry 4 }
1278 dnsResNCacheErrElapsedTTL OBJECT-TYPE
1280 MAX-ACCESS read-only
1283 "Elapsed seconds since authoritative error was received."
1284 ::= { dnsResNCacheErrEntry 5 }
1290 Austein & Saperia [Page 23]
1292 RFC 1612 DNS Resolver MIB May 1994
1295 dnsResNCacheErrSource OBJECT-TYPE
1297 MAX-ACCESS read-only
1300 "Host which sent the authoritative error, 0.0.0.0 if
1302 ::= { dnsResNCacheErrEntry 6 }
1304 dnsResNCacheErrCode OBJECT-TYPE
1305 SYNTAX INTEGER { nonexistantName(1), noData(2), other(3) }
1306 MAX-ACCESS read-only
1309 "The authoritative error that has been cached:
1311 nonexistantName(1) indicates an authoritative name error
1314 noData(2) indicates an authoritative response with no
1315 error (RCODE = 0) and no relevant data.
1317 other(3) indicates some other cached authoritative
1318 error. At present, no such errors are known to exist."
1319 ::= { dnsResNCacheErrEntry 7 }
1321 dnsResNCacheErrStatus OBJECT-TYPE
1323 MAX-ACCESS read-write
1326 "Status column for the resolver negative response cache
1327 table. Since only the agent (DNS resolver) creates rows
1328 in this table, the only values that a manager may write
1329 to this variable are active(1) and destroy(6)."
1330 ::= { dnsResNCacheErrEntry 8 }
1332 dnsResNCacheErrIndex OBJECT-TYPE
1334 MAX-ACCESS read-only
1337 "A value which makes entries in the table unique when the
1338 other index values (dnsResNCacheErrQName,
1339 dnsResNCacheErrQClass, and dnsResNCacheErrQType) do not
1340 provide a unique index."
1341 ::= { dnsResNCacheErrEntry 9 }
1346 Austein & Saperia [Page 24]
1348 RFC 1612 DNS Resolver MIB May 1994
1351 dnsResNCacheErrPrettyName OBJECT-TYPE
1353 MAX-ACCESS read-only
1356 "QNAME associated with this row in the table. This is
1357 identical to the dnsResNCacheErrQName variable, except
1358 that character case is preserved in this variable, per
1361 "RFC-1035 section 2.3.3."
1362 ::= { dnsResNCacheErrEntry 10 }
1365 -- Resolver Optional Counters Group
1367 dnsResOptCounterReferals OBJECT-TYPE
1369 MAX-ACCESS read-only
1372 "Number of responses which were received from servers
1373 redirecting query to another server."
1374 ::= { dnsResOptCounter 1 }
1376 dnsResOptCounterRetrans OBJECT-TYPE
1378 MAX-ACCESS read-only
1381 "Number requests retransmitted for all reasons."
1382 ::= { dnsResOptCounter 2 }
1384 dnsResOptCounterNoResponses OBJECT-TYPE
1386 MAX-ACCESS read-only
1389 "Number of queries that were retransmitted because of no
1391 ::= { dnsResOptCounter 3 }
1393 dnsResOptCounterRootRetrans OBJECT-TYPE
1395 MAX-ACCESS read-only
1398 "Number of queries that were retransmitted that were to
1402 Austein & Saperia [Page 25]
1404 RFC 1612 DNS Resolver MIB May 1994
1408 ::= { dnsResOptCounter 4 }
1410 dnsResOptCounterInternals OBJECT-TYPE
1412 MAX-ACCESS read-only
1415 "Number of requests internally generated by the
1417 ::= { dnsResOptCounter 5 }
1419 dnsResOptCounterInternalTimeOuts OBJECT-TYPE
1421 MAX-ACCESS read-only
1424 "Number of requests internally generated which timed
1426 ::= { dnsResOptCounter 6 }
1431 dnsResMIBGroups OBJECT IDENTIFIER ::= { dnsResMIB 2 }
1433 dnsResConfigGroup OBJECT-GROUP
1434 OBJECTS { dnsResConfigImplementIdent,
1435 dnsResConfigService,
1436 dnsResConfigMaxCnames,
1437 dnsResConfigSbeltAddr,
1438 dnsResConfigSbeltName,
1439 dnsResConfigSbeltRecursion,
1440 dnsResConfigSbeltPref,
1441 dnsResConfigSbeltSubTree,
1442 dnsResConfigSbeltClass,
1443 dnsResConfigSbeltStatus,
1445 dnsResConfigResetTime }
1448 "A collection of objects providing basic configuration
1449 information for a DNS resolver implementation."
1450 ::= { dnsResMIBGroups 1 }
1452 dnsResCounterGroup OBJECT-GROUP
1453 OBJECTS { dnsResCounterByOpcodeCode,
1454 dnsResCounterByOpcodeQueries,
1458 Austein & Saperia [Page 26]
1460 RFC 1612 DNS Resolver MIB May 1994
1463 dnsResCounterByOpcodeResponses,
1464 dnsResCounterByRcodeCode,
1465 dnsResCounterByRcodeResponses,
1466 dnsResCounterNonAuthDataResps,
1467 dnsResCounterNonAuthNoDataResps,
1468 dnsResCounterMartians,
1469 dnsResCounterRecdResponses,
1470 dnsResCounterUnparseResps,
1471 dnsResCounterFallbacks }
1474 "A collection of objects providing basic instrumentation
1475 of a DNS resolver implementation."
1476 ::= { dnsResMIBGroups 2 }
1478 dnsResLameDelegationGroup OBJECT-GROUP
1479 OBJECTS { dnsResLameDelegationOverflows,
1480 dnsResLameDelegationSource,
1481 dnsResLameDelegationName,
1482 dnsResLameDelegationClass,
1483 dnsResLameDelegationCounts,
1484 dnsResLameDelegationStatus }
1487 "A collection of objects providing instrumentation of
1488 `lame delegation' failures."
1489 ::= { dnsResMIBGroups 3 }
1492 dnsResCacheGroup OBJECT-GROUP
1493 OBJECTS { dnsResCacheStatus,
1495 dnsResCacheGoodCaches,
1496 dnsResCacheBadCaches,
1501 dnsResCacheRRElapsedTTL,
1502 dnsResCacheRRSource,
1504 dnsResCacheRRStatus,
1506 dnsResCacheRRPrettyName }
1509 "A collection of objects providing access to and control
1510 of a DNS resolver's cache."
1514 Austein & Saperia [Page 27]
1516 RFC 1612 DNS Resolver MIB May 1994
1519 ::= { dnsResMIBGroups 4 }
1521 dnsResNCacheGroup OBJECT-GROUP
1522 OBJECTS { dnsResNCacheStatus,
1524 dnsResNCacheGoodNCaches,
1525 dnsResNCacheBadNCaches,
1526 dnsResNCacheErrQName,
1527 dnsResNCacheErrQClass,
1528 dnsResNCacheErrQType,
1530 dnsResNCacheErrElapsedTTL,
1531 dnsResNCacheErrSource,
1532 dnsResNCacheErrCode,
1533 dnsResNCacheErrStatus,
1534 dnsResNCacheErrIndex,
1535 dnsResNCacheErrPrettyName }
1538 "A collection of objects providing access to and control
1539 of a DNS resolver's negative response cache."
1540 ::= { dnsResMIBGroups 5 }
1542 dnsResOptCounterGroup OBJECT-GROUP
1543 OBJECTS { dnsResOptCounterReferals,
1544 dnsResOptCounterRetrans,
1545 dnsResOptCounterNoResponses,
1546 dnsResOptCounterRootRetrans,
1547 dnsResOptCounterInternals,
1548 dnsResOptCounterInternalTimeOuts }
1551 "A collection of objects providing further
1552 instrumentation applicable to many but not all DNS
1554 ::= { dnsResMIBGroups 6 }
1559 dnsResMIBCompliances OBJECT IDENTIFIER ::= { dnsResMIB 3 }
1561 dnsResMIBCompliance MODULE-COMPLIANCE
1564 "The compliance statement for agents implementing the DNS
1565 resolver MIB extensions."
1566 MODULE -- This MIB module
1570 Austein & Saperia [Page 28]
1572 RFC 1612 DNS Resolver MIB May 1994
1575 MANDATORY-GROUPS { dnsResConfigGroup, dnsResCounterGroup }
1576 GROUP dnsResCacheGroup
1578 "The resolver cache group is mandatory for resolvers that
1580 GROUP dnsResNCacheGroup
1582 "The resolver negative cache group is mandatory for
1583 resolvers that implement a negative response cache."
1584 GROUP dnsResLameDelegationGroup
1586 "The lame delegation group is unconditionally optional."
1587 GROUP dnsResOptCounterGroup
1589 "The optional counters group is unconditionally
1591 OBJECT dnsResConfigMaxCnames
1592 MIN-ACCESS read-only
1594 "This object need not be writable."
1595 OBJECT dnsResConfigSbeltName
1596 MIN-ACCESS read-only
1598 "This object need not be writable."
1599 OBJECT dnsResConfigSbeltRecursion
1600 MIN-ACCESS read-only
1602 "This object need not be writable."
1603 OBJECT dnsResConfigSbeltPref
1604 MIN-ACCESS read-only
1606 "This object need not be writable."
1607 OBJECT dnsResConfigReset
1608 MIN-ACCESS read-only
1610 "This object need not be writable."
1611 OBJECT dnsResCacheStatus
1612 MIN-ACCESS read-only
1614 "This object need not be writable."
1615 OBJECT dnsResCacheMaxTTL
1616 MIN-ACCESS read-only
1618 "This object need not be writable."
1619 OBJECT dnsResNCacheStatus
1620 MIN-ACCESS read-only
1622 "This object need not be writable."
1626 Austein & Saperia [Page 29]
1628 RFC 1612 DNS Resolver MIB May 1994
1631 OBJECT dnsResNCacheMaxTTL
1632 MIN-ACCESS read-only
1634 "This object need not be writable."
1635 ::= { dnsResMIBCompliances 1 }
1641 This document is the result of work undertaken the by DNS working
1642 group. The authors would particularly like to thank the following
1643 people for their contributions to this document: Philip Almquist,
1644 Frank Kastenholz (FTP Software), Joe Peck (DEC), Dave Perkins
1645 (SynOptics), Win Treese (DEC), and Mimi Zohar (IBM).
1649 [1] Mockapetris, P., "Domain Names -- Concepts and Facilities", STD
1650 13, RFC 1034, USC/Information Sciences Institute, November 1987.
1652 [2] Mockapetris, P., "Domain Names -- Implementation and
1653 Specification", STD 13, RFC 1035, USC/Information Sciences
1654 Institute, November 1987.
1656 [3] Braden, R., Editor, "Requirements for Internet Hosts --
1657 Application and Support, STD 3, RFC 1123, USC/Information
1658 Sciences Institute, October 1989.
1660 [4] Rose, M., and K. McCloghrie, "Structure and Identification of
1661 Management Information for TCP/IP-based internets", STD 16, RFC
1662 1155, Performance Systems International, Hughes LAN Systems, May
1665 [5] McCloghrie, K., and M. Rose, "Management Information Base for
1666 Network Management of TCP/IP-based internets", RFC 1156, Hughes
1667 LAN Systems, Performance Systems International, May 1990.
1669 [6] Case, J., Fedor, M., Schoffstall, M., and J. Davin, "Simple
1670 Network Management Protocol", STD 15, RFC 1157, SNMP Research,
1671 Performance Systems International, Performance Systems
1672 International, MIT Laboratory for Computer Science, May 1990.
1674 [7] Rose, M., and K. McCloghrie, Editors, "Concise MIB Definitions",
1675 STD 16, RFC 1212, Performance Systems International, Hughes LAN
1676 Systems, March 1991.
1682 Austein & Saperia [Page 30]
1684 RFC 1612 DNS Resolver MIB May 1994
1687 [8] McCloghrie, K., and M. Rose, "Management Information Base for
1688 Network Management of TCP/IP-based internets: MIB-II", STD 17,
1689 RFC 1213, Hughes LAN Systems, Performance Systems International,
1692 [9] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Structure
1693 of Management Information for version 2 of the Simple Network
1694 Management Protocol (SNMPv2)", RFC 1442, SNMP Research, Inc.,
1695 Hughes LAN Systems, Dover Beach Consulting, Inc., Carnegie Mellon
1696 University, April 1993.
1698 [10] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Textual
1699 Conventions for version 2 of the the Simple Network Management
1700 Protocol (SNMPv2)", RFC 1443, SNMP Research, Inc., Hughes LAN
1701 Systems, Dover Beach Consulting, Inc., Carnegie Mellon
1702 University, April 1993.
1704 [11] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser,
1705 "Conformance Statements for version 2 of the the Simple Network
1706 Management Protocol (SNMPv2)", RFC 1444, SNMP Research, Inc.,
1707 Hughes LAN Systems, Dover Beach Consulting, Inc., Carnegie Mellon
1708 University, April 1993.
1710 [12] Galvin, J., and K. McCloghrie, "Administrative Model for version
1711 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1445,
1712 Trusted Information Systems, Hughes LAN Systems, April 1993.
1714 [13] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Protocol
1715 Operations for version 2 of the Simple Network Management
1716 Protocol (SNMPv2)", RFC 1448, SNMP Research, Inc., Hughes LAN
1717 Systems, Dover Beach Consulting, Inc., Carnegie Mellon
1718 University, April 1993.
1720 [14] "Information processing systems - Open Systems Interconnection -
1721 Specification of Abstract Syntax Notation One (ASN.1)",
1722 International Organization for Standardization, International
1723 Standard 8824, December 1987.
1738 Austein & Saperia [Page 31]
1740 RFC 1612 DNS Resolver MIB May 1994
1743 7. Security Considerations
1745 Security issues are not discussed in this memo.
1747 8. Authors' Addresses
1750 Epilogue Technology Corporation
1751 268 Main Street, Suite 283
1752 North Reading, MA 01864
1755 Phone: +1-617-245-0804
1756 Fax: +1-617-245-8122
1757 EMail: sra@epilogue.com
1761 Digital Equipment Corporation
1764 Nashua, NH 03062-2698
1767 Phone: +1-603-881-0480
1768 Fax: +1-603-881-0120
1769 EMail: saperia@zko.dec.com
1794 Austein & Saperia [Page 32]
projects / FreeBSD / releng / 7.2.git / blob