Internet DRAFT - draft-diaz-nhns
draft-diaz-nhns
RIPE NetNews WG Daniel Diaz
Internet Draft SATEC, S.A
<draft-diaz-nhns-00.txt> October, 2000
Experimental
NHNS - Netnews Hierarchy Names System
Status of this Memo
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet- Drafts as
reference material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html
Comments should be sent to the author or the RIPE NetNews WG
Mailing list
netnews-wg@ripe.net.
1. Abstract
This document is focused on and describes one of the projects
supported and carried out by the RIPE NetNews WG. NHNS is a system
and service based on a DNS-like structure that has been discussed,
eveloped and deployed by the RIPE NetNews Working Group.
2. Introduction
This document defines the use of the known and regularly used DNS
service as a database to store all the information related to USENET
(i.e., newsgroups and newsgroups descriptions, moderators,
grouplists, hierarchies maintainers, hierarchies descriptions, etc.
This system is called Netnews Hierarchy Names System (NHNS).
Expires April 2001 [Page 1]
INTERNET-DRAFT Netnews Hierarchy Names System October 2000
Familiarity with the DNS system [RFC1034, RFC1035] and the New DNS
RR definitions [RFC1183] is assumed.
3. Origins and history of NHNS
The NetNews Hierarchy Names System (NHNS) emerged from the RIPE
NetNews Working Group (NNWG) around May 1999. The NNWG agreed to
create the 'groupsync project' just after suffering a 'fork-bomb'
attack, which affected the fastest and most important NetNews
servers in Usenet collapsing them with thousand of faked control-
messages. The initial goal of this project was to provide the Usenet
community with a consistent source of information to synchronize
their servers in a secure and reliable way. Other solutions were
proposed but were not deployed. The NHNS approach was proposed and
presented in RIPE-34 (Vienna, May 1998) and received the support of
the NetNews Working Group.
4. Technical description
NHNS is based on the well known and widely used DNS service and has
benefited from the community³s experiences with DNS operational
issues as well as existing DNS software implementations.
The hierarchical structure of Usenet group names and moderator
information bears a significant resemblance to the structure of the
DNS hierarchy. Based on this, NHNS maps group names to their
descriptions using DNS 'IN TXT' records and maps moderators'
addresses using 'IN RP' records.
This approach was first deployed as a private DNS 'cloud'. This
'cloud' consisted in a fake top level domain called 'usenet.', under
which all existing top level hierarchies (alt.*, comp.*,..., at.*,
ch.*, de.*, es.*,...) where located, as shown in the figure bellow:
.
/
usenet
/\ \ \
/ \ \ \
/... \ ... \ ... \
ch es alt comp
Expires April 2001 [Page 2]
INTERNET-DRAFT Netnews Hierarchy Names System October 2000
The structure described above was supported by a fake root-server
being master server for 'usenet.', some secondary name servers for
'usenet.' And primary name servers for each of the hierarchies (only
a number of them participated in this previous deployment, up to a
dozen).
Thanks to this 'embryo' it was possible to test the NHNS system as
well as developing tools to easily handle the information obtained
from any NHNS (dns) server. It must be always born in mind that
groupnames are written in reverse order in the dns zone-files, and a
user (newsadmin or newsreader) expects the groupnames in the correct
order, this is the main reason to have developed a kit of tools,
which will be described later in the document [section 4.4].
After a test phase, all this structure (dns cloud) was located under
an official dns domain 'usenet.nhns.net.'. So the current DNS cloud
looked finally like the shonw below:
.
/
net
/
nhns
/
usenet
/ \ \ \
/... \ ... \ ...... \
ch es alt comp
NHNS system has been designed to have all the information about
Usenet distributed in a DNS structure. Therefore, collaboration,
mainly from the hierarchy maintainers, is required from them in
order to delegate zones (hierarchies) from the master server for
'usenet.nhns.net.'.
Thanks to the 'DNS UPDATE' feature, used by some of the existing
NHNS-tools, a hierarchy maintainer is not compelled to set up and
administrate a name server. This task could be delegated to any
collaborator who would administrate the name server and would allow
the official maintainer to update records (groups, ...), in the same
way a maintainer sends control message nowadays in order to create,
delete, or modify a newsgroup.
Expires April 2001 [Page 3]
INTERNET-DRAFT Netnews Hierarchy Names System October 2000
4.1. Use of the TXT record
Format of the 'text' (TXT) resource record is specified in [RFC1183,
section 3.3.14].
As stated before TXT records are used in NHNS to map groupnames to
their descriptions as shown below:
news.es. IN TXT "Netnews group mapped in NHNS"
One of the things that come out at first from the example above is
that the groupname is written in reverse order (i.e.: 'es.news' is
the real name, and 'news.es.' is the name which represents this
group in the DNS service).
4.2. Use of the RP record
Format of the 'responsible person' (RP) resource record is specified
in [RFC1183, section 2.2].
As stated before RP records are used in NHNS to map groupnames to
their moderators' e-mail addresses as shown below :
news.es.usenet.nhns.net. IN RP moderador.news.rediris.es. es.
Apart of the groupname is written in reverse order, it is remarkable
that the moderators³ e-mail addresses follow the DNS convention for
mailbox encoding (using '.' Character instead of '@' character).
Besides, the TXT_DNAME field indicates which netnews hierarchy does
the groupname belong to (i.e.: es.*, hierarchy).
4.3. Zone files considerations
Within the NHNS environment, a DNS zone-file represents or is
equivalent to a grouplist, a hierarchy name is here in NHNS
equivalent to a domain name (i.e.: the es.* hierarchy is equivalent
to the 'es.usenet.nhns.net.' DNS domain).
4.4. Client tools.
NHNS information may be obtained or checked using any of the
available DNS client tools: bind-tools like 'dig', 'named-xfer',
'nslookup' etc.
Expires April 2001 [Page 4]
INTERNET-DRAFT Netnews Hierarchy Names System October 2000
A consideration must be pointed out about these tools: they have
been developed to deal with DNS common domain names, and the
groupnames in NHNS are written in reverse order. Therefore,
groupnames obtained in a single-query or zone-transfer will be shown
in reverse order as explained in [4.1] and [4.2], and probably a
post-process would be required to make the information useful and
operative.
The circumstance described leads us to develop adapted tools to
handle the DNS information to sort the groupnames and print them in
the common 'Usenet' order, this set of tools is described below:
nhlookup:
Permits to issue single queries to any DNS server in Internet.
The description of the group and the moderators e-mail address in
case it is a moderated group, will be obtained and printed.
nh-xfer:
Permits to obtain a desired grouplist of a supported hierarchy. It
performs a zone-transfer and translates the obtained information in
a common Usenet 'grouplist' format.
newsync:
Permits to synchronize the typical configuration files of a news
server, active and newsgroups files. It issues multiple zone-
transfers to later process and files synchronization.
All these tools and more information are available at
http://nh.nhns.net/
5. Use of NHNS service by news administrators.
Right now, news administrators may use the tools available at the
different DNS implementations. Like bind-tools or the specific tools
developed by Juan Garcia juan.garcia@satec.es and the author, as
well as tested, revised and patched by members of the ripe-nnwg
working group.
Expires April 2001 [Page 5]
INTERNET-DRAFT Netnews Hierarchy Names System October 2000
Administrators may obtain many advantages from the NHNS service.
Benefits like the following ones:
- Single access to ask for any group in Usenet tlhs.
- Possibility to synchronize a news server means the NHNS service
(transferring zones).
- Possibility of knowing who is responsible for any newsgroup
moderation.
6. Security Considerations
The NHNS system and service makes use of the existing DNS service
and structure, therefore all security issues related to DNS apply as
well for NHNS
In practice, a NHNS administrator must take care of the permissions
to update resource records as well as the permissions to transfer
zones.
7. References
[1] Elmar K. Vins, NHNS server configuration tutorial.
http://nh.nhns.net/nhns/DOC/nhnstutorial-1.0.txt
September 1999.
[2] Daniel Diaz, NHNS description.
http://nh.nhns.net/nhns/DOC/nhns-1.0.txt
April 1999.
[3] Daniel Diaz, newsync command tutorial.
http://nh.nhns.net/nhns/DOC/newsync.txt
October 1999.
[RFC1034] P. Mockapetris, "Domain Names - Concepts and Facilities,
"RFC 1034, ISI, November 1987.
[RFC1035] P. Mockapetris, "Domain Names - Implementation and
Specification,"RFC 1035, ISI, November 1987.
[RFC2136] P. Vixie (Ed.), S. Thomson, Y. Rekhter, J. Bound
Dynamic Updates in the Domain Name System," RFC 2136,
ISC & Bellcore & Cisco & DEC, April 1997.
[SSU] B. Wellington, "Simple Secure Domain Name System (DNS)
Dynamic Update," draft-ietf-dnsext-simple-secure-update
-01.txt, Nominum, May 2000.
Expires April 2001 [Page 6]
INTERNET-DRAFT Netnews Hierarchy Names System October 2000
8. Acknowledgments
The author would like to thank the following people for review,
support to the NHNS system, bug reports and general collaboration
(in alphabetical order):
Alex French.
Felix Kugler.
Joe St. Sauver.
Juan Carlos Moreno.
Miguel A. Vences
Ruben Martinez.
Valentin Albillo.
9. Author's Addresses
Daniel Diaz
Satec, S.A
Avda. de Europa n.34-A
28003 Madrid
SPAIN.
Phone: +34 91 708 90 00, +34 963 47 43 87
Email: daniel.diaz@satec.es
10. Full Copyright Statement
"Copyright (C) The Internet Society (2000). All Rights Reserved.
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implmentation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
Expires April 2001 [Page 7]
INTERNET-DRAFT Netnews Hierarchy Names System October 2000
This document and the information contained herein is provided on an "AS
IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK
FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT
LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT
INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR
FITNESS FOR A PARTICULAR PURPOSE."
Bradner, S., "The Internet Standards Process -- Revision 3", BCP 9,
RFC 2026, October 1996.
Expires April 2001 [Page 8]
