ONS resolution process:
The ONS resolution process is described in the work of Mealling. For a schematic View of the communication procedure, see Figure.
This name belongs to a subdomain of the domain onsepc.com, which is reserved for ONS use.
The current ONS specification states that the serial port (item level, in the example: 108265) of the EPC, which differentiates between objects of the same kind and brand, should not be encoded as of now, but it leaves room for such a possibility:
The ability to specify an ONS query at the serial number level of granularity as well as the architectural and economic impacts of that capability is an open issue that will be addressed in subsequent versions of this document. Its lack of mention here should not be construed as making that behavior legal or illegal.
This newly created domain name is now queried for by using the common DNS protocol, possibly involving a recursive query to a local DNS or service provider.
DNS server that then queries iteratively across the Internet. In addition to this primary ONS use of the DNS, note a secondary dependency on the existing DNS hierarchy: The names stored in ONS records and returned by the ONS query process will again have to be resolved into IP addresses—using the standard DNS hierarchy—to receive the IP addresses of the EPCIS servers, cf. in Figure.
We turn now to the actual discussion of ONS security issues, especially with respect to the DNS heritage, which becomes critical in this new application domain.