| Internet-Draft | TTL mapping for EPP | November 2022 |
| Brown | Expires 20 May 2023 | [Page] |
This document describes an extension to the Extensible Provisioning Protocol (EPP) that allows EPP clients to manage the Time-To-Live (TTL) value for domain name delegation records.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 20 May 2023.¶
Copyright (c) 2022 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document.¶
The principal output of any domain name provisioning system is a
DNS zone file, which contains the delegation record(s) for names
registered within a zone (such as a top-level domain). These
records include, at minimum, one or more NS
records, but may also include A
and/or AAAA glue records, DS records, and DNAME records for IDN variants ([RFC6927]).¶
Typically, the Time-To-Live (TTL, see Section 5 of [RFC8499]) of these records is determined by the registry operator. However, in some circumstances it may be] desirable to allow the sponsoring client of a domain name to change the TTL used for a that domain: for example, to reduce the amount of time required to complete a change of DNS servers or DNSSEC deployment of key rollover, or to allow for fast rollback of such changes.¶
This document describes an EPP extension to the domain name and host object mappings (described in [RFC5731] and [RFC5732], respectively) which allows the sponsor of a domain name or host object to change the TTL associated with that object.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].¶
In examples, "C:" represents lines sent by a protocol client and "S:" represents lines returned by a protocol server. Indentation and white space in examples are provided only to illustrate element relationships and are not REQUIRED features of this protocol.¶
A protocol client that is authorized to manage an existing object is described as a "sponsoring" client throughout this document.¶
XML is case sensitive. Unless stated otherwise, XML specifications and examples provided in this document MUST be interpreted in the character case presented in order to develop a conforming implementation.¶
EPP uses XML namespaces to provide an extensible object management framework and to identify schemas required for XML instance parsing and validation. These namespaces and schema definitions are used to identify both the base protocol schema and the schemas for managed objects.¶
The XML namespace prefixes used in examples (such as the
string ttl in xmlns:ttl) are solely for
illustrative purposes. A conforming implementation
MUST NOT require the use of these or any
other specific namespace prefixes.¶
This specification defines a two new elements that are
included in <info>,
<create> and
<update> commands:¶
<ttl:secs>, which contains
a 32-bit unsigned integer indicating the TTL (expressed in
seconds) which will be applied to the delegation records
for the associated domain name or host object; and¶
<ttl:until>, which contains
a date and time after which a TTL (specified using the
<ttl:secs> element) should
revert to the server's default value.¶
Examples:¶
<secs xmlns="urn:ietf:params:xml:ns:ttl-1.0">3600</secs>¶
<until xmlns="urn:ietf:params:xml:ns:ttl-1.0">2022-12-01T08:00:00.0Z</until>¶
The <ttl:until> element is OPTIONAL
in <create>, <update>
and <info> commands. EPP servers which do not support this
element MUST reject commands which contain it with a 2012 "Unimplemented
option" response.¶
Conversely, EPP servers whose policies require the use of the <ttl:until>
element MUST reject commands which do not contain it with a 2003 "Required parameter missing"
response.¶
This extension defines additional elements for EPP
<info> responses for
domain and host objects.¶
The <info> response MAY
contain an <extension> element,
which MAY contain a <ttl:infData>
element, which contains the following child elements:¶
<ttl:secs> element showing the
current TTL for the object; and¶
<ttl:until>
element containing the date and time after which the TTL will revert
to the server's default value.¶
The <ttl:until> MUST NOT
appear in <info> responses if: (1) the
server does not support this element, (2) the object already has the
server's default TTL value, or (3) the server does not implement automatic
reversion of custom TTL values.¶
Example domain <info> response:¶
S: <?xml version="1.0" encoding="utf-8" standalone="no"?> S: <epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> S: <response> S: <result code="1000"> S: <msg>Command completed successfully</msg> S: </result> S: <resData> S: <domain:infData S: xmlns:domain="urn:ietf:params:xml:ns:domain-1.0"> S: <domain:name>example.com</domain:name> S: <domain:roid>EXAMPLE1-REP</domain:roid> S: <domain:status s="ok" /> S: <domain:registrant>jd1234</domain:registrant> S: <domain:contact type="admin">sh8013</domain:contact> S: <domain:contact type="tech">sh8013</domain:contact> S: <domain:ns> S: <domain:hostObj>ns1.example.com</domain:hostObj> S: <domain:hostObj>ns1.example.net</domain:hostObj> S: </domain:ns> S: <domain:clID>ClientX</domain:clID> S: <domain:crID>ClientY</domain:crID> S: <domain:crDate>1999-04-03T22:00:00.0Z</domain:crDate> S: <domain:upID>ClientX</domain:upID> S: <domain:upDate>1999-12-03T09:00:00.0Z</domain:upDate> S: <domain:exDate>2005-04-03T22:00:00.0Z</domain:exDate> S: <domain:trDate>2000-04-08T09:00:00.0Z</domain:trDate> S: <domain:authInfo> S: <domain:pw>2fooBAR</domain:pw> S: </domain:authInfo> S: </domain:infData> S: </resData> S: <extension> S: <ttl:infData S: xmlns:ttl="urn:ietf:params:xml:ns:ttl-1.0"> S: <ttl:secs>3600</ttl:secs> S: <ttl:until>2022-12-01T08:30:00.0Z</ttl:until> S: </ttl:infData> S: </extension> S: <trID> S: <clTRID>ABC-12345</clTRID> S: <svTRID>54322-XYZ</svTRID> S: </trID> S: </response> S: </epp>¶
Example host <info> response:¶
S:<?xml version="1.0" encoding="UTF-8" standalone="no"?> S: <epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> S: <response> S: <result code="1000"> S: <msg>Command completed successfully</msg> S: </result> S: <resData> S: <host:infData S: xmlns:host="urn:ietf:params:xml:ns:host-1.0"> S: <host:name>ns1.example.com</host:name> S: <host:roid>NS1_EXAMPLE1-REP</host:roid> S: <host:status s="linked"/> S: <host:status s="clientUpdateProhibited"/> S: <host:addr ip="v4">192.0.2.2</host:addr> S: <host:addr ip="v4">192.0.2.29</host:addr> S: <host:addr ip="v6">1080::8:800:200C:417A</host:addr> S: <host:clID>ClientY</host:clID> S: <host:crID>ClientX</host:crID> S: <host:crDate>1999-04-03T22:00:00.0Z</host:crDate> S: <host:upID>ClientX</host:upID> S: <host:upDate>1999-12-03T09:00:00.0Z</host:upDate> S: <host:trDate>2000-04-08T09:00:00.0Z</host:trDate> S: </host:infData> S: </resData> S: <extension> S: <ttl:infData S: xmlns:ttl="urn:ietf:params:xml:ns:ttl-1.0"> S: <ttl:secs>3600</ttl:secs> S: <ttl:until>2022-12-01T08:30:00.0Z</ttl:until> S: </ttl:infData> S: </extension> S: <trID> S: <clTRID>ABC-12345</clTRID> S: <svTRID>54322-XYZ</svTRID> S: </trID> S: </response> S: </epp>¶
This extension defines additional elements for EPP <create> commands for domain
and host objects.¶
The <create> command
MAY contain an <extension>
element which MAY contain a <ttl:create>
element, which contains the following child elements:¶
<ttl:secs> element showing the
desired TTL for the object; and¶
<ttl:until>
element containing the date and time after which the TTL should revert
to the server's default value.¶
Example domain <create> command:¶
C: <?xml version="1.0" encoding="UTF-8" standalone="no"?> C: <epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> C: <command> C: <create> C: <domain:create C: xmlns:domain="urn:ietf:params:xml:ns:domain-1.0"> C: <domain:name>example.com</domain:name> C: <domain:period unit="y">2</domain:period> C: <domain:ns> C: <domain:hostObj>ns1.example.net</domain:hostObj> C: <domain:hostObj>ns2.example.net</domain:hostObj> C: </domain:ns> C: <domain:registrant>jd1234</domain:registrant> C: <domain:contact type="admin">sh8013</domain:contact> C: <domain:contact type="tech">sh8013</domain:contact> C: <domain:authInfo> C: <domain:pw>2fooBAR</domain:pw> C: </domain:authInfo> C: </domain:create> C: </create> C: <extension> C: <ttl:create C: xmlns:ttl="urn:ietf:params:xml:ns:ttl-1.0"> C: <ttl:secs>3600</ttl:secs> S: <ttl:until>2022-12-01T08:30:00.0Z</ttl:until> C: </ttl:create> C: </extension> C: <clTRID>ABC-12345</clTRID> C: </command> C: </epp>¶
Example host <create> command:¶
C:<?xml version="1.0" encoding="UTF-8" standalone="no"?> C: <epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> C: <command> C: <create> C: <host:create C: xmlns:host="urn:ietf:params:xml:ns:host-1.0"> C: <host:name>ns1.example.com</host:name> C: <host:addr ip="v4">192.0.2.2</host:addr> C: <host:addr ip="v4">192.0.2.29</host:addr> C: <host:addr ip="v6">1080::8:800:200C:417A</host:addr> C: </host:create> C: </create> C: <extension> C: <ttl:create C: xmlns:ttl="urn:ietf:params:xml:ns:ttl-1.0"> C: <ttl:secs>3600</ttl:secs> S: <ttl:until>2022-12-01T08:30:00.0Z</ttl:until> C: </ttl:create> C: </extension> C: <clTRID>ABC-12345</clTRID> C: </command> C: </epp>¶
EPP servers which do not support the <ttl:until>
element MUST reject commands which contain
it with a 2012 "Unimplemented option" response.¶
This extension defines additional elements for EPP <update> commands for domain
and host objects.¶
The <update> command
MAY contain an <extension>
element which MAY contain a <ttl:create>
element, which contains the following child elements:¶
<ttl:secs> element showing the
desired TTL for the object; and¶
<ttl:until>
element containing the date and time after which the TTL should revert
to the server's default value.¶
Example domain <update> command:¶
C: <?xml version="1.0" encoding="UTF-8" standalone="no"?> C: <epp xmlns="urn:ietf:params:xml:ns:epp-1.0" C: xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> C: <command> C: <update> C: <domain:update C: xmlns:domain="urn:ietf:params:xml:ns:domain-1.0"> C: <domain:name>example.com</domain:name> C: </domain:update> C: </update> C: <extension> C: <ttl:update> C: xmlns:ttl="urn:ietf:params:xml:ns:ttl-1.0"> C: <ttl:secs>3600</ttl:secs> S: <ttl:until>2022-12-01T08:30:00.0Z</ttl:until> C: </ttl:update> C: </extension> C: <clTRID>ABC-12345</clTRID> C: </command> C: </epp>¶
Example host <update> command:¶
C:<?xml version="1.0" encoding="UTF-8" standalone="no"?> C: <epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> C: <command> C: <update> C: <host:update C: xmlns:host="urn:ietf:params:xml:ns:host-1.0"> C: <host:name>ns1.example.com</host:name> C: <host:add> C: <host:addr ip="v4">192.0.2.22</host:addr> C: <host:status s="clientUpdateProhibited"/> C: </host:add> C: <host:rem> C: <host:addr ip="v6">1080::8:800:200C:417A</host:addr> C: </host:rem> C: <host:chg> C: <host:name>ns2.example.com</host:name> C: </host:chg> C: </host:update> C: </update> C: <extension> C: <ttl:update> C: xmlns:ttl="urn:ietf:params:xml:ns:ttl-1.0"> C: <ttl:secs>3600</ttl:secs> S: <ttl:until>2022-12-01T08:30:00.0Z</ttl:until> C: </ttl:update> C: </extension> C: <clTRID>ABC-12345</clTRID> C: </command> C: </epp>¶
EPP servers which do not support the <ttl:until>
element MUST reject commands which contain
it with a 2012 "Unimplemented option" response.¶
If an EPP server receives a command containing a TTL that is outside the
server's permitted range (see Operational considerations and Security considerations
below), it MUST reject the command with a 2004
"Parameter value range error" response.¶
EPP servers which implement this extension SHOULD use the values provided
by EPP clients for the TTL values of NS, A, AAAA and DS records published in the DNS for the corresponding
delegation.¶
The extension in this document allows TTL values to be configured for both
domain and host objects. In domain name registries, these object types have
a hierarchical relationship, in that a host object may be subordinate to a
domain object: for example, the host object ns1.example.com
is subordinate to the domain object example.com.¶
When publishing A and AAAA
for host objects, TTL values for host objects SHOULD take
precedence over the TTL of the superordinate domain object. However, if no
TTL value is configured for a subordinate host object, but a TTL value is
configured for the superordinate domain object, then the domain object's TTL
value SHOULD be used for the host object instead of the default
TTL value.¶
If a domain name has variants ([RFC6927]) that are linked
to that domain, then any NS or DNAME records published for those variants MUST use the
same TTL as that used for the primary domain.¶
EPP server operators MAY, in order to address operational or security issues,
make changes to TTL values out-of-band (that is, not in response to an
<update> command received from the sponsoring
client).¶
Additionally, server operators MAY implement an automatic reset of TTL values, so that they may be changed for a finite period before and after a planned change, and then revert to a standard value.¶
In the event of changes to TTL values taking place out-of-band, EPP server operators SHOULD notify the sponsoring client using the EPP Change Poll extension ([RFC8590]).¶
Domain registry operators must strike a balance between, on the one hand, the desire of registrants for changes to their domains to be visible in the DNS quickly, and on the other, the increased DNS query traffic that short TTLs can bring. Historically, registry operators have used a global TTL value which was applied to all delegations within their zones, which could then be tuned to an optimum value.¶
Domain registry operators SHOULD implement limits on the maximum and minimum accepted TTL values that are narrower than the values permitted in the XML schema in the Formal specification (which were chosen to allow any TTL permitted in DNS records), in order to prevent scenarios where an excessively high or low TTL causes operational issues on either side of the zone cut.¶
Similarly, EPP servers which support the <ttl:until>
element MUST reject commands (with a 2004 "parameter value range
error" response) if the specified date and time is in the past, or is otherwise
outside a server-defined range of acceptable values.¶
EPP servers MAY vary the range of acceptable values for the
<ttl:until> element based on the value of
the <ttl:secs> element: for example, to allow
the setting of a very short TTL for a short period of time, while permitting
longer TTLs to be used for longer periods, as the following table illustrates:¶
| TTL value range | Maximum duration |
|---|---|
| 0-60s | - |
| 61-299s | 3600s |
| 300-1099s | 43200s |
| 1200-3599s | 86400s |
| >= 3600s | any |
In the above policy, the default TTL is one hour, and the server will reject any TTL below 60 seconds. Clients can set TTLs of between one and five minutes for a maximum of one hour, or between five minutes and thirty minutes for up to twelve hours, or between 30 minutes and one hour for up to one day.¶
A common operational mistake is changing of DNS record TTLs during or after the planned change to the records themselves. This arises due to a misunderstanding about how TTLs work.¶
Client implementations of this specification SHOULD ensure that the user understands that changes to a TTL are only effective in shortening transition periods if implemented a period of time -- at least equal to the current TTL -- before the planned change.¶
Many malicious actors use a technique called "fast flux DNS" to rapidly change the DNS configuration for a zone in order to evade takedown and law enforcement activity.¶
Registry operators SHOULD take this into consideration when setting the lower limit on TTL values, since a short TTL on delegations has the potential to enhance the effectiveness of fast flux techniques on evasion.¶
This document uses URNs to describe XML namespaces and XML schemas conforming to a registry mechanism described in [RFC3688]. The following URI assignment has been made by IANA:¶
Registration for the TTL namespace:¶
urn:ietf:params:xml:ns:ttl-1.0¶
Registration for the TTL XML schema:¶
urn:ietf:params:xml:ns:ttl-1.0¶
The EPP extension described in this document has been registered by the IANA in the Extensions for the "Extensible Provisioning Protocol (EPP)" registry described in [RFC7451]. The details of the registration are as follows:¶
<?xml version="1.0" encoding="UTF-8"?>
<schema xmlns:ttl="urn:ietf:params:xml:ns:ttl-1.0">
<annotation>
<documentation>
Extensible Provisioning Protocol v1.0 domain name
extension schema for Time-To-Live (TTL) modification
in all DNS responses for a domain name including
delegation (NS) records and any address (A) records.
</documentation>
</annotation>
<!-- Child elements found in EPP commands -->
<element name="create" type="ttl:ttlType"/>
<element name="update" type="ttl:ttlType"/>
<!-- Child elements found in EPP responses -->
<element name="infData" type="ttl:ttlType"/>
<complexType name="ttlType">
<sequence>
<element name="secs" type="ttl:nonNegativeInteger"/>
<element name="until" type="dateTime" minoccurs="0"/>
</sequence>
</complexType>
<simpleType name="nonNegativeInteger">
<restriction base="nonNegativeInteger">
<minInclusive value="1"/>
<maxInclusive value="4294967295"/>
</restriction>
</simpleType>
</schema>¶