| draft-ietf-dnssd-hybrid-00.txt | draft-ietf-dnssd-hybrid-01.txt | |||
|---|---|---|---|---|
| Internet Engineering Task Force S. Cheshire | Internet Engineering Task Force S. Cheshire | |||
| Internet-Draft Apple Inc. | Internet-Draft Apple Inc. | |||
| Intended status: Standards Track November 10, 2014 | Intended status: Standards Track October 19, 2015 | |||
| Expires: May 14, 2015 | Expires: April 21, 2016 | |||
| Hybrid Unicast/Multicast DNS-Based Service Discovery | Hybrid Unicast/Multicast DNS-Based Service Discovery | |||
| draft-ietf-dnssd-hybrid-00 | draft-ietf-dnssd-hybrid-01 | |||
| Abstract | Abstract | |||
| Performing DNS-Based Service Discovery using purely link-local | Performing DNS-Based Service Discovery using purely link-local | |||
| Multicast DNS enables discovery of services that are on the local | Multicast DNS enables discovery of services that are on the local | |||
| link, but not (without some kind of proxy or similar special support) | link, but not (without some kind of proxy or similar special support) | |||
| of services that are outside the local link. Using a very large | discovery of services that are outside the local link. Using a very | |||
| local link with thousands of hosts improves service discovery, but at | large local link with thousands of hosts facilitates service | |||
| the cost of large amounts of multicast traffic. | discovery, but at the cost of large amounts of multicast traffic. | |||
| Performing DNS-Based Service Discovery using purely Unicast DNS is | Performing DNS-Based Service Discovery using purely Unicast DNS is | |||
| more efficient, but requires configuration of DNS Update keys on the | more efficient and doesn't require excessively large multicast | |||
| devices offering the services, which can be onerous for simple | domains, but requires that the relevant data be available in the | |||
| devices like printers and network cameras. | Unicast DNS namespace. This can be achieved by manual DNS | |||
| configuration (as has been done for many years at IETF meetings to | ||||
| advertise the IETF Terminal Room printer) but this is labor | ||||
| intensive, error prone, and requires a reasonable degree of DNS | ||||
| expertise. The Unicast DNS namespace can be populated with the | ||||
| required data automatically by the devices themselves, but that | ||||
| requires configuration of DNS Update keys on the devices offering the | ||||
| services, which has proven onerous and impractical for simple devices | ||||
| like printers and network cameras. | ||||
| Hence a compromise is needed, that provides easy service discovery | Hence a compromise is needed, that combines the ease-of-use of | |||
| without requiring either large amounts of multicast traffic or | Multicast DNS with the efficiency and scalability of Unicast DNS. | |||
| onerous configuration. | ||||
| Status of this Memo | Status of this Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on April 21, 2016. | ||||
| This Internet-Draft will expire on May 14, 2015. | ||||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2014 IETF Trust and the persons identified as the | Copyright (c) 2015 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 2. Conventions and Terminology Used in this Document . . . . . . 4 | 2. Conventions and Terminology Used in this Document . . . . . . 5 | |||
| 3. Hybrid Proxy Operation . . . . . . . . . . . . . . . . . . . . 5 | 3. Hybrid Proxy Operation . . . . . . . . . . . . . . . . . . . . 6 | |||
| 3.1. Domain Enumeration . . . . . . . . . . . . . . . . . . . . 6 | 3.1. Delegated Subdomain for Service Discovery Records . . . . 7 | |||
| 3.2. Delegated Subdomain for LDH Host Names . . . . . . . . . . 7 | 3.2. Domain Enumeration . . . . . . . . . . . . . . . . . . . . 8 | |||
| 3.3. Delegated Subdomain for Reverse Mapping . . . . . . . . . 9 | 3.2.1. Domain Enumeration via Unicast Queries . . . . . . . . 8 | |||
| 3.4. Data Translation . . . . . . . . . . . . . . . . . . . . . 10 | 3.2.2. Domain Enumeration via Multicast Queries . . . . . . . 9 | |||
| 3.4.1. DNS TTL limiting . . . . . . . . . . . . . . . . . . . 10 | 3.3. Delegated Subdomain for LDH Host Names . . . . . . . . . . 10 | |||
| 3.4.2. Suppressing Unusable Records . . . . . . . . . . . . . 10 | 3.4. Delegated Subdomain for Reverse Mapping . . . . . . . . . 12 | |||
| 3.4.3. Application-Specific Data Translation . . . . . . . . 11 | 3.5. Data Translation . . . . . . . . . . . . . . . . . . . . . 13 | |||
| 3.5. Answer Aggregation . . . . . . . . . . . . . . . . . . . . 12 | 3.5.1. DNS TTL limiting . . . . . . . . . . . . . . . . . . . 13 | |||
| 3.5.1. Discovery of LLQ Service . . . . . . . . . . . . . . . 14 | 3.5.2. Suppressing Unusable Records . . . . . . . . . . . . . 13 | |||
| 4. Implementation Status . . . . . . . . . . . . . . . . . . . . 15 | 3.5.3. Application-Specific Data Translation . . . . . . . . 14 | |||
| 4.1. Already Implemented and Deployed . . . . . . . . . . . . . 15 | 3.6. Answer Aggregation . . . . . . . . . . . . . . . . . . . . 15 | |||
| 4.2. Partially Implemented . . . . . . . . . . . . . . . . . . 15 | 3.6.1. Discovery of LLQ or PUSH Notification Service . . . . 17 | |||
| 4.3. Not Yet Implemented . . . . . . . . . . . . . . . . . . . 16 | 4. Implementation Status . . . . . . . . . . . . . . . . . . . . 18 | |||
| 5. IPv6 Considerations . . . . . . . . . . . . . . . . . . . . . 16 | 4.1. Already Implemented and Deployed . . . . . . . . . . . . . 18 | |||
| 6. Security Considerations . . . . . . . . . . . . . . . . . . . 17 | 4.2. Partially Implemented . . . . . . . . . . . . . . . . . . 18 | |||
| 6.1. Authenticity . . . . . . . . . . . . . . . . . . . . . . . 17 | 4.3. Not Yet Implemented . . . . . . . . . . . . . . . . . . . 19 | |||
| 6.2. Privacy . . . . . . . . . . . . . . . . . . . . . . . . . 17 | 5. IPv6 Considerations . . . . . . . . . . . . . . . . . . . . . 19 | |||
| 6.3. Denial of Service . . . . . . . . . . . . . . . . . . . . 17 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . 20 | |||
| 7. Intelectual Property Rights . . . . . . . . . . . . . . . . . 18 | 6.1. Authenticity . . . . . . . . . . . . . . . . . . . . . . . 20 | |||
| 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 18 | 6.2. Privacy . . . . . . . . . . . . . . . . . . . . . . . . . 20 | |||
| 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 18 | 6.3. Denial of Service . . . . . . . . . . . . . . . . . . . . 20 | |||
| 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 18 | 7. Intelectual Property Rights . . . . . . . . . . . . . . . . . 21 | |||
| 10.1. Normative References . . . . . . . . . . . . . . . . . . . 18 | 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 21 | |||
| 10.2. Informative References . . . . . . . . . . . . . . . . . . 19 | 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 21 | |||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 19 | 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 21 | |||
| 10.1. Normative References . . . . . . . . . . . . . . . . . . . 21 | ||||
| 10.2. Informative References . . . . . . . . . . . . . . . . . . 22 | ||||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 23 | ||||
| 1. Introduction | 1. Introduction | |||
| Multicast DNS [RFC6762] and its companion technology DNS-based | Multicast DNS [RFC6762] and its companion technology DNS-based | |||
| Service Discovery [RFC6763] were created to provide IP networking | Service Discovery [RFC6763] were created to provide IP networking | |||
| with the ease-of-use and autoconfiguration for which AppleTalk was | with the ease-of-use and autoconfiguration for which AppleTalk was | |||
| well known [RFC6760] [ZC]. | well known [RFC6760] [ZC]. | |||
| For a small network consisting of just a single link (or several | For a small network consisting of just a single link (or several | |||
| physical links bridged together to appear as a single logical link to | physical links bridged together to appear as a single logical link to | |||
| skipping to change at page 5, line 7 | skipping to change at page 6, line 7 | |||
| any device forwarding a packet modifies any part of the IP header or | any device forwarding a packet modifies any part of the IP header or | |||
| IP payload then the packet is no longer considered to be on the same | IP payload then the packet is no longer considered to be on the same | |||
| link. This means that the packet may pass through devices such as | link. This means that the packet may pass through devices such as | |||
| repeaters, bridges, hubs or switches and still be considered to be on | repeaters, bridges, hubs or switches and still be considered to be on | |||
| the same link for the purpose of this document, but not through a | the same link for the purpose of this document, but not through a | |||
| device such as an IP router that decrements the IP TTL or otherwise | device such as an IP router that decrements the IP TTL or otherwise | |||
| modifies the IP header. | modifies the IP header. | |||
| 3. Hybrid Proxy Operation | 3. Hybrid Proxy Operation | |||
| In a typical configuration, a Hybrid Proxy is configured to be | ||||
| authoritative for four DNS subdomains, and authority for these | ||||
| subdomains is delegated to it via NS records: | ||||
| A DNS subdomain for service discovery records. | ||||
| This subdomain name may contain rich text, including spaces and | ||||
| other punctuation. This is because this subdomain name is used | ||||
| only in graphical user interfaces, where rich text is appropriate. | ||||
| A DNS subdomain for host name records. | ||||
| This subdomain name SHOULD be limited to letters, digits and | ||||
| hyphens, to facilitate convenient use of host names in command- | ||||
| line interfaces. | ||||
| A DNS subdomain for IPv6 Reverse Mapping records. | ||||
| This subdomain name will be a name that ends in "ip6.arpa." | ||||
| A DNS subdomain for IPv4 Reverse Mapping records. | ||||
| This subdomain name will be a name that ends in "in-addr.arpa." | ||||
| These three varieties of delegated subdomains (service discovery, | ||||
| host names, and reverse mapping) are described below. | ||||
| 3.1. Delegated Subdomain for Service Discovery Records | ||||
| In its simplest form, each physical link in an organization is | In its simplest form, each physical link in an organization is | |||
| assigned a unique Unicast DNS domain name, such as | assigned a unique Unicast DNS domain name, such as | |||
| "Building 1.example.com" or "4th Floor.Building 1.example.com". | "Building 1.example.com" or "4th Floor.Building 1.example.com". | |||
| Grouping multiple links under a single Unicast DNS domain name is to | Grouping multiple links under a single Unicast DNS domain name is to | |||
| be specified in a future companion document, but for the purposes of | be specified in a future companion document, but for the purposes of | |||
| this document, assume that each link has its own unique Unicast DNS | this document, assume that each link has its own unique Unicast DNS | |||
| domain name. In a graphical user interface these names are not | domain name. In a graphical user interface these names are not | |||
| displayed as strings with dots as shown above, but something more | displayed as strings with dots as shown above, but something more | |||
| akin to a typical file browser graphical user interface (which is | akin to a typical file browser graphical user interface (which is | |||
| harder to illustrate in a text-only document) showing folders, | harder to illustrate in a text-only document) showing folders, | |||
| skipping to change at page 6, line 5 | skipping to change at page 8, line 5 | |||
| case, "_printer._tcp.local. PTR ?"). Then, from the received | case, "_printer._tcp.local. PTR ?"). Then, from the received | |||
| Multicast DNS data, the Hybrid Proxy synthesizes the appropriate | Multicast DNS data, the Hybrid Proxy synthesizes the appropriate | |||
| Unicast DNS response. | Unicast DNS response. | |||
| Naturally, the existing Multicast DNS caching mechanism is used to | Naturally, the existing Multicast DNS caching mechanism is used to | |||
| avoid issuing unnecessary Multicast DNS queries on the wire. The | avoid issuing unnecessary Multicast DNS queries on the wire. The | |||
| Hybrid Proxy is acting as a client of the underlying Multicast DNS | Hybrid Proxy is acting as a client of the underlying Multicast DNS | |||
| subsystem, and benefits from the same caching and efficiency measures | subsystem, and benefits from the same caching and efficiency measures | |||
| as any other client using that subsystem. | as any other client using that subsystem. | |||
| 3.1. Domain Enumeration | 3.2. Domain Enumeration | |||
| An DNS-SD client performs Domain Enumeration [RFC6763] via certain | ||||
| PTR queries. It issues unicast Domain Enumeration queries using its | ||||
| "home" domain (typically learned learned via DHCP) and using its IPv6 | ||||
| prefix and IPv4 subnet address. These are described below in | ||||
| Section 3.2.1. It also issues multicast Domain Enumeration queries | ||||
| in the "local" domain [RFC6762]. These are described below in | ||||
| Section 3.2.2. The results of all Domain Enumeration queries are | ||||
| combined for Service Discovery purposes. | ||||
| 3.2.1. Domain Enumeration via Unicast Queries | ||||
| The administrator creates Domain Enumeration PTR records [RFC6763] to | The administrator creates Domain Enumeration PTR records [RFC6763] to | |||
| inform clients of available service discovery domains, e.g.,: | inform clients of available service discovery domains, e.g.,: | |||
| b._dns-sd._udp.example.com. PTR Building 1.example.com. | b._dns-sd._udp.example.com. PTR Building 1.example.com. | |||
| PTR Building 2.example.com. | PTR Building 2.example.com. | |||
| PTR Building 3.example.com. | PTR Building 3.example.com. | |||
| PTR Building 4.example.com. | PTR Building 4.example.com. | |||
| db._dns-sd._udp.example.com. PTR Building 1.example.com. | db._dns-sd._udp.example.com. PTR Building 1.example.com. | |||
| lb._dns-sd._udp.example.com. PTR Building 1.example.com. | lb._dns-sd._udp.example.com. PTR Building 1.example.com. | |||
| The "b" ("browse") records tell the client device the list of | The "b" ("browse") records tell the client device the list of | |||
| browsing domains to display for the user to select from and the "db" | browsing domains to display for the user to select from and the "db" | |||
| ("default browse") record tells the client device which domain in | ("default browse") record tells the client device which domain in | |||
| that list should be selected by default. The "lb" ("legacy browse") | that list should be selected by default. The "lb" ("legacy browse") | |||
| record tells the client device which domain to automatically browse | record tells the client device which domain to automatically browse | |||
| on behalf of applications that don't implement UI for multi-domain | on behalf of applications that don't implement UI for multi-domain | |||
| browsing (which is most of them, today). The "lb" domain is usually | browsing (which is most of them, today). The "lb" domain is often | |||
| the same as the "db" domain. | the same as the "db" domain, or sometimes the "db" domain plus one or | |||
| more others that should be included in the list of automatic browsing | ||||
| domains for legacy clients. | ||||
| DNS responses are limited to a maximum size of 65535 bytes. This | DNS responses are limited to a maximum size of 65535 bytes. This | |||
| limits the maximum number of domains that can be returned for a | limits the maximum number of domains that can be returned for a | |||
| Domain Enumeration query, as follows: | Domain Enumeration query, as follows: | |||
| A DNS response header is 12 bytes. That's typically followed by a | A DNS response header is 12 bytes. That's typically followed by a | |||
| single qname (up to 256 bytes) plus qtype (2 bytes) and qclass | single qname (up to 256 bytes) plus qtype (2 bytes) and qclass | |||
| (2 bytes), leaving 65275 for the Answer Section. | (2 bytes), leaving 65275 for the Answer Section. | |||
| An Answer Section Resource Record consists of: | An Answer Section Resource Record consists of: | |||
| skipping to change at page 7, line 5 | skipping to change at page 9, line 31 | |||
| This means that each Resource Record in the Answer Section can take | This means that each Resource Record in the Answer Section can take | |||
| up to 268 bytes total, which means that the Answer Section can | up to 268 bytes total, which means that the Answer Section can | |||
| contain, in the worst case, no more than 243 domains. | contain, in the worst case, no more than 243 domains. | |||
| In a more typical scenario, where the domain names are not all | In a more typical scenario, where the domain names are not all | |||
| maximum-sized names, and there is some similarity between names so | maximum-sized names, and there is some similarity between names so | |||
| that reasonable name compression is possible, each Answer Section | that reasonable name compression is possible, each Answer Section | |||
| Resource Record may average 140 bytes, which means that the Answer | Resource Record may average 140 bytes, which means that the Answer | |||
| Section can contain up to 466 domains. | Section can contain up to 466 domains. | |||
| 3.2. Delegated Subdomain for LDH Host Names | 3.2.2. Domain Enumeration via Multicast Queries | |||
| The rules for DNS-SD service instance names and domains are more | Since a Hybrid Proxy exists on many, if not all, the links in an | |||
| permissive than the traditional rules for host names. | enterprise, it offers an additional way to provide Domain Enumeration | |||
| data for clients. | ||||
| A Hybrid Proxy can be configured to generate Multicast DNS responses | ||||
| for the following Multicast DNS Domain Enumeration queries issues by | ||||
| clients: | ||||
| b._dns-sd._udp.local. PTR ? | ||||
| db._dns-sd._udp.local. PTR ? | ||||
| lb._dns-sd._udp.local. PTR ? | ||||
| This provides the ability for Hybrid Proxies to provide configuration | ||||
| data on a per-link granularity to DNS-SD clients. In some | ||||
| enterprises it may be preferable to provide this per-link | ||||
| configuration data in the form of Hybrid Proxy configuration, rather | ||||
| than populating the Unicast DNS servers with the same data (in the | ||||
| "ip6.arpa" or "in-addr.arpa" domains). | ||||
| 3.3. Delegated Subdomain for LDH Host Names | ||||
| The traditional rules for host names are more restrictive than those | ||||
| for DNS-SD service instance names and domains. | ||||
| Users typically interact with DNS-SD by viewing a list of discovered | Users typically interact with DNS-SD by viewing a list of discovered | |||
| service instance names on the display and selecting one of them by | service instance names on the display and selecting one of them by | |||
| pointing, touching, or clicking. Similarly, in software that | pointing, touching, or clicking. Similarly, in software that | |||
| provides a multi-domain DNS-SD user interface, users view a list of | provides a multi-domain DNS-SD user interface, users view a list of | |||
| offered domains on the display and select one of them by pointing, | offered domains on the display and select one of them by pointing, | |||
| touching, or clicking. To use a service, users don't have to | touching, or clicking. To use a service, users don't have to | |||
| remember domain or instance names, or type them; users just have to | remember domain or instance names, or type them; users just have to | |||
| be able to recognize what they see on the display and click on the | be able to recognize what they see on the display and click on the | |||
| thing they want. | thing they want. | |||
| skipping to change at page 7, line 37 | skipping to change at page 10, line 37 | |||
| names and domains, it is advisable, for maximum compatibility with | names and domains, it is advisable, for maximum compatibility with | |||
| existing software, to restrict host names to the traditional letter- | existing software, to restrict host names to the traditional letter- | |||
| digit-hyphen rules. This means that while a service name | digit-hyphen rules. This means that while a service name | |||
| "My Printer._ipp._tcp.Building 1.example.com" is acceptable and | "My Printer._ipp._tcp.Building 1.example.com" is acceptable and | |||
| desirable (it is displayed in a graphical user interface as an | desirable (it is displayed in a graphical user interface as an | |||
| instance called "My Printer" in the domain "Building 1" at | instance called "My Printer" in the domain "Building 1" at | |||
| "example.com"), a host name "My-Printer.Building 1.example.com" is | "example.com"), a host name "My-Printer.Building 1.example.com" is | |||
| not advisable (because of the space in "Building 1"). | not advisable (because of the space in "Building 1"). | |||
| To accomodate this difference in allowable characters, a Hybrid Proxy | To accomodate this difference in allowable characters, a Hybrid Proxy | |||
| MUST support having two subdomains delegated to it, one to be used | MUST support having separate subdomains delegated to it, one to be | |||
| for host names (names of 'A' and 'AAAA' address records), which is | used for host names (names of 'A' and 'AAAA' address records), which | |||
| restricted to the traditional letter-digit-hyphen rules, and another | is restricted to the traditional letter-digit-hyphen rules, and | |||
| to be used for other records (including the PTR, SRV and TXT records | another to be used for other records (including the PTR, SRV and TXT | |||
| used by DNS-SD), which is allowed to be arbitrary Net-Unicode text | records used by DNS-SD), which is allowed to be arbitrary Net-Unicode | |||
| [RFC5198]. | text [RFC5198]. | |||
| For example, a Hybrid Proxy could have the two subdomains | For example, a Hybrid Proxy could have the two subdomains | |||
| "Building 1.example.com" and "bldg1.example.com" delegated to it. | "Building 1.example.com" and "bldg1.example.com" delegated to it. | |||
| The Hybrid Proxy would then translate these two Multicast DNS | The Hybrid Proxy would then translate these two Multicast DNS | |||
| records: | records: | |||
| My Printer._ipp._tcp.local. SRV 0 0 631 prnt.local. | My Printer._ipp._tcp.local. SRV 0 0 631 prnt.local. | |||
| prnt.local. A 10.0.1.2 | prnt.local. A 10.0.1.2 | |||
| into Unicast DNS records as follows: | into Unicast DNS records as follows: | |||
| My Printer._ipp._tcp.Building 1.example.com. | My Printer._ipp._tcp.Building 1.example.com. | |||
| SRV 0 0 631 prnt.bldg1.example.com. | SRV 0 0 631 prnt.bldg1.example.com. | |||
| prnt.bldg1.example.com. A 10.0.1.2 | prnt.bldg1.example.com. A 10.0.1.2 | |||
| Note that the SRV record name is translated using the rich-text | Note that the SRV record name is translated using the rich-text | |||
| domain name ("Building 1.example.com") and the address record name is | domain name ("Building 1.example.com") and the address record name is | |||
| translated using the LDH domain ("bldg1.example.com"). | translated using the LDH domain ("bldg1.example.com"). | |||
| 3.3. Delegated Subdomain for Reverse Mapping | 3.4. Delegated Subdomain for Reverse Mapping | |||
| A Hybrid Proxy can facilitate easier management of reverse mapping | A Hybrid Proxy can facilitate easier management of reverse mapping | |||
| domains, particularly for IPv6 addresses where manual management may | domains, particularly for IPv6 addresses where manual management may | |||
| be more onerous than it is for IPv4 addresses. | be more onerous than it is for IPv4 addresses. | |||
| To achieve this, in the parent domain, NS records are used to | To achieve this, in the parent domain, NS records are used to | |||
| delegate ownership of the appropriate reverse mapping domain to the | delegate ownership of the appropriate reverse mapping domain to the | |||
| Hybrid Proxy. In other words, the Hybrid Proxy becomes the | Hybrid Proxy. In other words, the Hybrid Proxy becomes the | |||
| authoritative name server for the reverse mapping domain. | authoritative name server for the reverse mapping domain. | |||
| For example, if a given link is using the IPv4 subnet 10.1/16, then | For example, if a given link is using the IPv6 prefix 2001:0DB8/32, | |||
| the domain "1.10.in-addr.arpa" is delegated to the Hybrid Proxy for | then the domain "8.b.d.0.1.0.0.2.ip6.arpa" is delegated to the Hybrid | |||
| that link. | Proxy for that link. | |||
| If a given link is using the IPv6 prefix 2001:0DB8/32, then the | If a given link is using the IPv4 subnet 10.1/16, then the domain | |||
| domain "8.b.d.0.1.0.0.2.ip6.arpa" is delegated to the Hybrid Proxy | "1.10.in-addr.arpa" is delegated to the Hybrid Proxy for that link. | |||
| for that link. | ||||
| When a reverse mapping query arrives at the Hybrid Proxy, it issues | When a reverse mapping query arrives at the Hybrid Proxy, it issues | |||
| the identical query on its local link as a Multicast DNS query. | the identical query on its local link as a Multicast DNS query. | |||
| (In the Apple "/usr/include/dns_sd.h" APIs, using ForceMulticast | (In the Apple "/usr/include/dns_sd.h" APIs, using ForceMulticast | |||
| indicates that the DNSServiceQueryRecord() call should perform the | indicates that the DNSServiceQueryRecord() call should perform the | |||
| query using Multicast DNS.) When the host owning that IPv4 or IPv6 | query using Multicast DNS.) When the host owning that IPv6 or IPv4 | |||
| address responds with a name of the form "something.local", the | address responds with a name of the form "something.local", the | |||
| Hybrid Proxy rewrites that to use its configured LDH host name domain | Hybrid Proxy rewrites that to use its configured LDH host name domain | |||
| instead of "local" and returns the response to the caller. | instead of "local" and returns the response to the caller. | |||
| For example, a Hybrid Proxy with the two subdomains | For example, a Hybrid Proxy with the two subdomains | |||
| "1.10.in-addr.arpa" and "bldg1.example.com" delegated to it would | "1.10.in-addr.arpa" and "bldg1.example.com" delegated to it would | |||
| translate this Multicast DNS record: | translate this Multicast DNS record: | |||
| 3.2.1.10.in-addr.arpa. PTR prnt.local. | 3.2.1.10.in-addr.arpa. PTR prnt.local. | |||
| skipping to change at page 10, line 5 | skipping to change at page 13, line 5 | |||
| 3.2.1.10.in-addr.arpa. PTR prnt.bldg1.example.com. | 3.2.1.10.in-addr.arpa. PTR prnt.bldg1.example.com. | |||
| Subsequent queries for the prnt.bldg1.example.com address record, | Subsequent queries for the prnt.bldg1.example.com address record, | |||
| falling as it does within the bldg1.example.com domain, which is | falling as it does within the bldg1.example.com domain, which is | |||
| delegated to the Hybrid Proxy, will arrive at the Hybrid Proxy, where | delegated to the Hybrid Proxy, will arrive at the Hybrid Proxy, where | |||
| they are answered by issuing Multicast DNS queries and using the | they are answered by issuing Multicast DNS queries and using the | |||
| received Multicast DNS answers to synthesize Unicast DNS responses, | received Multicast DNS answers to synthesize Unicast DNS responses, | |||
| as described above. | as described above. | |||
| 3.4. Data Translation | 3.5. Data Translation | |||
| Generating the appropriate Multicast DNS queries involves, at the | Generating the appropriate Multicast DNS queries involves, at the | |||
| very least, translating from the configured DNS domain | very least, translating from the configured DNS domain | |||
| (e.g., "Building 1.example.com") on the Unicast DNS side to "local" | (e.g., "Building 1.example.com") on the Unicast DNS side to "local" | |||
| on the Multicast DNS side. | on the Multicast DNS side. | |||
| Generating the appropriate Unicast DNS responses involves translating | Generating the appropriate Unicast DNS responses involves translating | |||
| back from "local" to the configured DNS Unicast domain. | back from "local" to the configured DNS Unicast domain. | |||
| Other beneficial translation and filtering operations are described | Other beneficial translation and filtering operations are described | |||
| below. | below. | |||
| 3.4.1. DNS TTL limiting | 3.5.1. DNS TTL limiting | |||
| For efficiency, Multicast DNS typically uses moderately high DNS TTL | For efficiency, Multicast DNS typically uses moderately high DNS TTL | |||
| values. For example, the typical TTL on DNS-SD PTR records is 75 | values. For example, the typical TTL on DNS-SD PTR records is 75 | |||
| minutes. What makes these moderately high TTLs acceptable is the | minutes. What makes these moderately high TTLs acceptable is the | |||
| cache coherency mechanisms built in to the Multicast DNS protocol | cache coherency mechanisms built in to the Multicast DNS protocol | |||
| which protect against stale data persisting for too long. When a | which protect against stale data persisting for too long. When a | |||
| service shuts down gracefully, it sends goodbye packets to remove its | service shuts down gracefully, it sends goodbye packets to remove its | |||
| PTR records immediately from neighbouring caches. If a service shuts | PTR records immediately from neighbouring caches. If a service shuts | |||
| down abruptly without sending goodbye packets, the Passive | down abruptly without sending goodbye packets, the Passive | |||
| Observation Of Failures (POOF) mechanism described in Section 10.5 of | Observation Of Failures (POOF) mechanism described in Section 10.5 of | |||
| the Multicast DNS specification [RFC6762] comes into play to purge | the Multicast DNS specification [RFC6762] comes into play to purge | |||
| the cache of stale data. | the cache of stale data. | |||
| A Unicast DNS client on a remote link does not get to participate in | A traditional Unicast DNS client on a remote link does not get to | |||
| these Multicast DNS cache coherency mechanisms on the local link. | participate in these Multicast DNS cache coherency mechanisms on the | |||
| For Unicast DNS requests received without any LLQ option the DNS TTLs | local link. For traditional Unicast DNS requests (those received | |||
| reported in the resulting Unicast DNS response SHOULD be capped to be | without any Long-Lived Query [I-D.sekar-dns-llq] or DNS Push | |||
| no more than ten seconds. For received Unicast DNS requests that | Notification [I-D.ietf-dnssd-push] option) the DNS TTLs reported in | |||
| contain an LLQ option, the Multicast DNS record's TTL SHOULD be | the resulting Unicast DNS response SHOULD be capped to be no more | |||
| returned unmodified, because the LLQ notification channel exists to | than ten seconds. For received Unicast DNS requests that contain an | |||
| inform the remote client as records come and go. For further details | LLQ or DNS Push Notification option, the Multicast DNS record's TTL | |||
| about the LLQ option, see Section 3.5. | SHOULD be returned unmodified, because the Push Notification channel | |||
| exists to inform the remote client as records come and go. For | ||||
| further details about Long-Lived Queries, and its newer replacement, | ||||
| DNS Push Notifications, see Section 3.6. | ||||
| 3.4.2. Suppressing Unusable Records | 3.5.2. Suppressing Unusable Records | |||
| A Hybrid Proxy SHOULD suppress Unicast DNS answers for records that | A Hybrid Proxy SHOULD suppress Unicast DNS answers for records that | |||
| are not useful outside the local link. For example, DNS A and AAAA | are not useful outside the local link. For example, DNS A and AAAA | |||
| records for IPv4 link-local addresses [RFC3927] and IPv6 link-local | records for IPv6 link-local addresses [RFC4862] and IPv4 link-local | |||
| addresses [RFC4862] should be suppressed. Similarly, for sites that | addresses [RFC3927] should be suppressed. Similarly, for sites that | |||
| have multiple private address realms [RFC1918], private addresses | have multiple private address realms [RFC1918], private addresses | |||
| from one private address realm should not be communicated to clients | from one private address realm should not be communicated to clients | |||
| in a different private address realm. | in a different private address realm. | |||
| By the same logic, DNS SRV records that reference target host names | By the same logic, DNS SRV records that reference target host names | |||
| that have no addresses usable by the requester should be suppressed, | that have no addresses usable by the requester should be suppressed, | |||
| and likewise, DNS PTR records that point to unusable SRV records | and likewise, DNS PTR records that point to unusable SRV records | |||
| should be similarly be suppressed. | should be similarly be suppressed. | |||
| 3.4.3. Application-Specific Data Translation | 3.5.3. Application-Specific Data Translation | |||
| There may be cases where Application-Specific Data Translation is | There may be cases where Application-Specific Data Translation is | |||
| appropriate. | appropriate. | |||
| For example, AirPrint printers tend to advertise fairly verbose | For example, AirPrint printers tend to advertise fairly verbose | |||
| information about their capabilities in their DNS-SD TXT record. | information about their capabilities in their DNS-SD TXT record. | |||
| This information is a legacy from LPR printing, because LPR does not | This information is a legacy from LPR printing, because LPR does not | |||
| have in-band capability negotiation, so all of this information is | have in-band capability negotiation, so all of this information is | |||
| conveyed using the DNS-SD TXT record instead. IPP printing does have | conveyed using the DNS-SD TXT record instead. IPP printing does have | |||
| in-band capability negotiation, but for convenience printers tend to | in-band capability negotiation, but for convenience printers tend to | |||
| include the same capability information in their IPP DNS-SD TXT | include the same capability information in their IPP DNS-SD TXT | |||
| records as well. For local mDNS use this extra TXT record | records as well. For local mDNS use this extra TXT record | |||
| information is inefficient, but not fatal. However, when a Hybrid | information is inefficient, but not fatal. However, when a Hybrid | |||
| Proxy aggregates data from multiple printers on a link, and sends it | Proxy aggregates data from multiple printers on a link, and sends it | |||
| via unicast (via UDP or TCP) this amount of unnecessary TXT record | via unicast (via UDP or TCP) this amount of unnecessary TXT record | |||
| information can result in large responses. Therefore, a Hybrid Proxy | information can result in large responses. Therefore, a Hybrid Proxy | |||
| that is aware of the specifics of an application-layer protocol such | that is aware of the specifics of an application-layer protocol such | |||
| as Apple's AirPrint (which uses IPP) can elide unnecessary key/value | as AirPrint (which uses IPP) can elide unnecessary key/value pairs | |||
| pairs from the DNS-SD TXT record for better network efficiency. | from the DNS-SD TXT record for better network efficiency. | |||
| Note that this kind of Application-Specific Data Translation is | Note that this kind of Application-Specific Data Translation is | |||
| expected to be very rare. It is the exception, rather than the rule. | expected to be very rare. It is the exception, rather than the rule. | |||
| This is an example of a common theme in computing. It is frequently | This is an example of a common theme in computing. It is frequently | |||
| the case that it is wise to start with a clean, layered design, with | the case that it is wise to start with a clean, layered design, with | |||
| clear boundaries. Then, in certain special cases, those layer | clear boundaries. Then, in certain special cases, those layer | |||
| boundaries may be violated, where the performance and efficiency | boundaries may be violated, where the performance and efficiency | |||
| benefits outweigh the inelegance of the layer violation. | benefits outweigh the inelegance of the layer violation. | |||
| As in other similar situations, these layer violations optional. | As in other similar situations, these layer violations are optional. | |||
| They are done only for efficiency reasons, and are not required for | They are done only for efficiency reasons, and are not required for | |||
| correct operation. A Hybrid Proxy can operate solely at the mDNS | correct operation. A Hybrid Proxy can operate solely at the mDNS | |||
| layer, without any knowledge of semantics at the DNS-SD layer or | layer, without any knowledge of semantics at the DNS-SD layer or | |||
| above. | above. | |||
| 3.5. Answer Aggregation | 3.6. Answer Aggregation | |||
| In a simple analysis, simply gathering multicast answers and | In a simple analysis, simply gathering multicast answers and | |||
| forwarding them in a unicast response seems adequate, but it raises | forwarding them in a unicast response seems adequate, but it raises | |||
| the question of how long the Hybrid Proxy should wait to be sure that | the question of how long the Hybrid Proxy should wait to be sure that | |||
| it has received all the Multicast DNS answers it needs to form a | it has received all the Multicast DNS answers it needs to form a | |||
| complete Unicast DNS response. If it waits too little time, then it | complete Unicast DNS response. If it waits too little time, then it | |||
| risks its Unicast DNS response being incomplete. If it waits too | risks its Unicast DNS response being incomplete. If it waits too | |||
| long, then it creates a poor user experience at the client end. In | long, then it creates a poor user experience at the client end. In | |||
| fact, there may no time which is both short enough to produce a good | fact, there may no time which is both short enough to produce a good | |||
| user experience and at the same time long enough to reliably produce | user experience and at the same time long enough to reliably produce | |||
| skipping to change at page 12, line 27 | skipping to change at page 15, line 27 | |||
| Similarly, the Hybrid Proxy -- the authoritative name server for the | Similarly, the Hybrid Proxy -- the authoritative name server for the | |||
| subdomain in question -- needs to decide what DNS TTL to report for | subdomain in question -- needs to decide what DNS TTL to report for | |||
| these records. If the TTL is too long then the recursive (caching) | these records. If the TTL is too long then the recursive (caching) | |||
| name servers issuing queries on behalf of their clients risk caching | name servers issuing queries on behalf of their clients risk caching | |||
| stale data for too long. If the TTL is too short then the amount of | stale data for too long. If the TTL is too short then the amount of | |||
| network traffic will be more than necessary. In fact, there may no | network traffic will be more than necessary. In fact, there may no | |||
| TTL which is both short enough to avoid undesirable stale data and at | TTL which is both short enough to avoid undesirable stale data and at | |||
| the same time long enough to be efficient on the network. | the same time long enough to be efficient on the network. | |||
| These dilemmas are solved by use of DNS Long-Lived Queries (DNS LLQ) | Both these dilemmas are solved by use of DNS Long-Lived Queries (DNS | |||
| [I-D.sekar-dns-llq]. The Hybrid Proxy responds immediately to the | LLQ) [I-D.sekar-dns-llq] or its newer replacement, DNS Push | |||
| Unicast DNS query using the Multicast DNS records it already has in | Notifications [I-D.ietf-dnssd-push]. When a Hybrid Proxy recieves a | |||
| its cache (if any). This provides a good client user experience by | query containing a DNS LLQ or DNS Push Notification option, it | |||
| providing a near-instantaneous response. Simultaneously, the Hybrid | responds immediately using the Multicast DNS records it already has | |||
| Proxy issues a Multicast DNS query on the local link to discover if | in its cache (if any). This provides a good client user experience | |||
| there are any additional Multicast DNS records it did not already | by providing a near-instantaneous response. Simultaneously, the | |||
| know about. Should additional Multicast DNS responses be received, | Hybrid Proxy issues a Multicast DNS query on the local link to | |||
| these are then delivered to the client using DNS LLQ update messages. | discover if there are any additional Multicast DNS records it did not | |||
| The timeliness of such LLQ updates is limited only by the timeliness | already know about. Should additional Multicast DNS responses be | |||
| of the device responding to the Multicast DNS query. If the | received, these are then delivered to the client using DNS LLQ or DNS | |||
| Multicast DNS device responds quickly, then the LLQ update is | Push Notification update messages. The timeliness of such update | |||
| delivered quickly. If the Multicast DNS device responds slowly, then | messages is limited only by the timeliness of the device responding | |||
| the LLQ update is delivered slowly. The benefit of using LLQ is that | to the Multicast DNS query. If the Multicast DNS device responds | |||
| the Hybrid Proxy can respond promptly because it doesn't have to | quickly, then the update message is delivered quickly. If the | |||
| delay its unicast response to allow for the expected worst-case delay | Multicast DNS device responds slowly, then the update message is | |||
| for receiving all the Multicast DNS responses. Even if a proxy were | delivered slowly. The benefit of using update messages is that the | |||
| to try to provide reliability by assuming an excessively pessimistic | Hybrid Proxy can respond promptly because it doesn't have to delay | |||
| its unicast response to allow for the expected worst-case delay for | ||||
| receiving all the Multicast DNS responses. Even if a proxy were to | ||||
| try to provide reliability by assuming an excessively pessimistic | ||||
| worst-case time (thereby giving a very poor user experience) there | worst-case time (thereby giving a very poor user experience) there | |||
| would still be the risk of a slow Multicast DNS device taking even | would still be the risk of a slow Multicast DNS device taking even | |||
| longer than that (e.g, a device that is not even powered on until ten | longer than that (e.g, a device that is not even powered on until ten | |||
| seconds after the initial query is received) resulting in incomplete | seconds after the initial query is received) resulting in incomplete | |||
| responses. Using LLQs solves this dilemma: even very late responses | responses. Using update message solves this dilemma: even very late | |||
| are not lost; they are delivered in subsequent LLQ update messages. | responses are not lost; they are delivered in subsequent update | |||
| messages. | ||||
| There are two factors that determine specifically how responses are | There are two factors that determine specifically how responses are | |||
| generated: | generated: | |||
| The first factor is whether the query from the client included the | The first factor is whether the query from the client included an LLQ | |||
| LLQ option (typical with long-lived service browsing PTR queries) or | or DNS Push Notification option (typical with long-lived service | |||
| not (typical with one-shot operations like SRV or address record | browsing PTR queries) or not (typical with one-shot operations like | |||
| queries). Note that queries containing the LLQ option are received | SRV or address record queries). Note that queries containing the | |||
| directly from the client (see Section 3.5.1). Queries containing no | LLQ/PUSH option are received directly from the client (see | |||
| LLQ option are generally received via the client's configured | Section 3.6.1). Queries containing no LLQ/PUSH option are generally | |||
| recursive (caching) name server. | received via the client's configured recursive (caching) name server. | |||
| The second factor is whether the Hybrid Proxy already has at least | The second factor is whether the Hybrid Proxy already has at least | |||
| one record in its cache that positively answers the question. | one record in its cache that positively answers the question. | |||
| o No LLQ option; no answer in cache: | o No LLQ/PUSH option; no answer in cache: | |||
| Do local mDNS query up to three times, return answers if received, | Do local mDNS query up to three times, return answers if received, | |||
| otherwise return negative response if no answer after three tries. | otherwise return negative response if no answer after three tries. | |||
| DNS TTLs in responses are capped to at most ten seconds. | DNS TTLs in responses are capped to at most ten seconds. | |||
| o No LLQ option; at least one answer in cache: | o No LLQ/PUSH option; at least one answer in cache: | |||
| Send response right away to minimise delay. | Send response right away to minimise delay. | |||
| DNS TTLs in responses are capped to at most ten seconds. | DNS TTLs in responses are capped to at most ten seconds. | |||
| No local mDNS queries are performed. | No local mDNS queries are performed. | |||
| (Reasoning: Given RRSet TTL harmonisation, if the proxy has one | (Reasoning: Given RRSet TTL harmonisation, if the proxy has one | |||
| Multicast DNS answer in its cache, it can reasonably assume that | Multicast DNS answer in its cache, it can reasonably assume that | |||
| it has all of them.) | it has all of them.) | |||
| o Query contains LLQ option; no answer in cache: | o Query contains LLQ/PUSH option; no answer in cache: | |||
| As above, do local mDNS query up to three times, and return | As above, do local mDNS query up to three times, and return | |||
| answers if received. | answers if received. | |||
| If no answer after three tries, return negative response. | If no answer after three tries, return negative response. | |||
| (Reasoning: We don't need to rush to send an empty answer.) | (Reasoning: We don't need to rush to send an empty answer.) | |||
| In both cases the query remains active for as long as the client | In both cases the query remains active for as long as the client | |||
| maintains the LLQ state, and if mDNS answers are received later, | maintains the LLQ/PUSH state, and if mDNS answers are received | |||
| LLQ update messages are sent. | later, LLQ/PUSH update messages are sent. | |||
| DNS TTLs in responses are returned unmodified. | DNS TTLs in responses are returned unmodified. | |||
| o Query contains LLQ option; at least one answer in cache: | o Query contains LLQ/PUSH option; at least one answer in cache: | |||
| As above, send response right away to minimise delay. | As above, send response right away to minimise delay. | |||
| The query remains active for as long as the client maintains the | The query remains active for as long as the client maintains the | |||
| LLQ state, and if additional mDNS answers are received later, LLQ | LLQ/PUSH state, and if additional mDNS answers are received later, | |||
| update messages are sent. | LLQ/PUSH update messages are sent. | |||
| (Reasoning: We want UI that is displayed very rapidly, yet | (Reasoning: We want UI that is displayed very rapidly, yet | |||
| continues to remain accurate even as the network environment | continues to remain accurate even as the network environment | |||
| changes.) | changes.) | |||
| DNS TTLs in responses are returned unmodified. | DNS TTLs in responses are returned unmodified. | |||
| Note that the "negative responses" referred to above are "no error no | Note that the "negative responses" referred to above are "no error no | |||
| answer" negative responses, not NXDOMAIN. This is because the Hybrid | answer" negative responses, not NXDOMAIN. This is because the Hybrid | |||
| Proxy cannot know all the Multicast DNS domain names that may exist | Proxy cannot know all the Multicast DNS domain names that may exist | |||
| on a link at any given time, so any name with no answers may have | on a link at any given time, so any name with no answers may have | |||
| child names that do exist, making it an "empty nonterminal" name. | child names that do exist, making it an "empty nonterminal" name. | |||
| 3.5.1. Discovery of LLQ Service | 3.6.1. Discovery of LLQ or PUSH Notification Service | |||
| To issue LLQ queries, clients need to communicate directly with the | To issue LLQ/PUSH queries, clients need to communicate directly with | |||
| authoritative Hybrid Proxy. The procedure by which the client | the authoritative Hybrid Proxy. The procedure by which the client | |||
| locates the authoritative Hybrid Proxy is described in the LLQ | locates the authoritative Hybrid Proxy is described in the LLQ | |||
| specification [I-D.sekar-dns-llq]. | specification [I-D.sekar-dns-llq] and the DNS Push Notifications | |||
| specification [I-D.ietf-dnssd-push]. | ||||
| Briefly, the procedure is as follows: To discover the LLQ service for | Briefly, the procedure is as follows: | |||
| a given domain name, a client first performs DNS zone apex discovery, | ||||
| and then, having discovered <apex>, the client then issues a DNS | To discover the LLQ service for a given domain name, a client first | |||
| query for the SRV record with the name _dns-llq._udp.<apex> to find | performs DNS zone apex discovery, and then, having discovered <apex>, | |||
| the target host and port for the LLQ service for that zone. By | the client then issues a DNS query for the SRV record with the name | |||
| default LLQ service runs on port 5352, but since SRV records are | _dns-llq._udp.<apex> to find the target host and port for the LLQ | |||
| used, the LLQ service can be offered on any port. | service for that zone. By default LLQ service runs on UDP port 5352, | |||
| but since SRV records are used, the LLQ service can be offered on any | ||||
| port. | ||||
| To discover the DNS Push Notification service for a given domain | ||||
| name, a client first performs DNS zone apex discovery, and then, | ||||
| having discovered <apex>, the client then issues a DNS query for the | ||||
| SRV record with the name _dns-push-tls._tcp.<apex> to find the target | ||||
| host and port for the DNS Push Notification service for that zone. | ||||
| By default DNS Push Notification service runs on TCP port 5352, but | ||||
| since SRV records are used, the DNS Push Notification service can be | ||||
| offered on any port. | ||||
| A client performs DNS zone apex discovery using the procedure below: | A client performs DNS zone apex discovery using the procedure below: | |||
| 1. The client issues a DNS query for the SOA record with the given | 1. The client issues a DNS query for the SOA record with the given | |||
| domain name. | domain name. | |||
| 2. A conformant recursive (caching) name server will either send a | 2. A conformant recursive (caching) name server will either send a | |||
| positive response, or a negative response containing the SOA | positive response, or a negative response containing the SOA | |||
| record of the zone apex in the Authority Section. | record of the zone apex in the Authority Section. | |||
| skipping to change at page 15, line 45 | skipping to change at page 18, line 51 | |||
| flat list. This is largely a chicken-and-egg problem. Application | flat list. This is largely a chicken-and-egg problem. Application | |||
| writers were naturally reluctant to spend time writing domain-aware | writers were naturally reluctant to spend time writing domain-aware | |||
| UI code when few customers today would benefit from it. If Hybrid | UI code when few customers today would benefit from it. If Hybrid | |||
| Proxy deployment becomes common, then application writers will have a | Proxy deployment becomes common, then application writers will have a | |||
| reason to provide better UI. Existing applications will work with | reason to provide better UI. Existing applications will work with | |||
| the Hybrid Proxy, but will show all services in a single flat list. | the Hybrid Proxy, but will show all services in a single flat list. | |||
| Applications with improved UI will group services by domain. | Applications with improved UI will group services by domain. | |||
| The Long-Lived Query mechanism [I-D.sekar-dns-llq] referred to in | The Long-Lived Query mechanism [I-D.sekar-dns-llq] referred to in | |||
| this specification exists and is deployed, but has not been | this specification exists and is deployed, but has not been | |||
| standardized by the IETF. It is possible that the IETF may choose to | standardized by the IETF. The IETF is considering standardizing a | |||
| standardize a different or better Long-Lived Query mechanism. In | superior Long-Lived Query mechanism called DNS Push Notifications | |||
| that case, the pragmatic deployment approach would be for vendors to | [I-D.ietf-dnssd-push]. The pragmatic short-term deployment approach | |||
| produce Hybrid Proxies that implement both the deployed Long-Lived | is for vendors to produce Hybrid Proxies that implement both the | |||
| Query mechanism [I-D.sekar-dns-llq] (for today's clients) and a new | deployed Long-Lived Query mechanism [I-D.sekar-dns-llq] (for today's | |||
| IETF Standard Long-Lived Query mechanism (as the future long-term | clients) and the new DNS Push Notifications mechanism | |||
| direction). | [I-D.ietf-dnssd-push] as the preferred long-term direction. | |||
| The translating/filtering Hybrid Proxy specified in this document. | The translating/filtering Hybrid Proxy specified in this document. | |||
| Implementations are under development, and operational experience | Implementations are under development, and operational experience | |||
| with these implementations has guided updates to this document. | with these implementations has guided updates to this document. | |||
| 4.3. Not Yet Implemented | 4.3. Not Yet Implemented | |||
| Client implementations of the new DNS Push Notifications mechanism | ||||
| [I-D.ietf-dnssd-push] are currently underway. | ||||
| A mechanism to 'stitch' together multiple ".local." zones so that | A mechanism to 'stitch' together multiple ".local." zones so that | |||
| they appear as one. Such a mechanism will be specified in a future | they appear as one. Such a mechanism will be specified in a future | |||
| companion document. | companion document. | |||
| 5. IPv6 Considerations | 5. IPv6 Considerations | |||
| An IPv4-only host and an IPv6-only host behave as "ships that pass in | An IPv6-only host and an IPv4-only host behave as "ships that pass in | |||
| the night". Even if they are on the same Ethernet, neither is aware | the night". Even if they are on the same Ethernet, neither is aware | |||
| of the other's traffic. For this reason, each physical link may have | of the other's traffic. For this reason, each physical link may have | |||
| *two* unrelated ".local." zones, one for IPv4 and one for IPv6. | *two* unrelated ".local." zones, one for IPv6 and one for IPv4. | |||
| Since for practical purposes, a group of IPv4-only hosts and a group | Since for practical purposes, a group of IPv6-only hosts and a group | |||
| of IPv6-only hosts on the same Ethernet act as if they were on two | of IPv4-only hosts on the same Ethernet act as if they were on two | |||
| entirely separate Ethernet segments, it is unsurprising that their | entirely separate Ethernet segments, it is unsurprising that their | |||
| use of the ".local." zone should occur exactly as it would if they | use of the ".local." zone should occur exactly as it would if they | |||
| really were on two entirely separate Ethernet segments. | really were on two entirely separate Ethernet segments. | |||
| It will be desirable to have a mechanism to 'stitch' together these | It will be desirable to have a mechanism to 'stitch' together these | |||
| two unrelated ".local." zones so that they appear as one. Such | two unrelated ".local." zones so that they appear as one. Such | |||
| mechanism will need to be able to differentiate between a dual-stack | mechanism will need to be able to differentiate between a dual-stack | |||
| (v4/v6) host participating in both ".local." zones, and two different | (v4/v6) host participating in both ".local." zones, and two different | |||
| hosts, one IPv4-only and the other IPv6-only, which are both trying | hosts, one IPv6-only and the other IPv4-only, which are both trying | |||
| to use the same name(s). Such a mechanism will be specified in a | to use the same name(s). Such a mechanism will be specified in a | |||
| future companion document. | future companion document. | |||
| 6. Security Considerations | 6. Security Considerations | |||
| 6.1. Authenticity | 6.1. Authenticity | |||
| A service proves its presence on a link by its ability to answer | A service proves its presence on a link by its ability to answer | |||
| link-local multicast queries on that link. If greater security is | link-local multicast queries on that link. If greater security is | |||
| desired, then the Hybrid Proxy mechanism should not be used, and | desired, then the Hybrid Proxy mechanism should not be used, and | |||
| skipping to change at page 18, line 28 | skipping to change at page 21, line 28 | |||
| the four styles of unicast response according to what data is | the four styles of unicast response according to what data is | |||
| immediately available in the cache. Thanks to Andrew Yourtchenko for | immediately available in the cache. Thanks to Andrew Yourtchenko for | |||
| comments about privacy issues. [Partial list; more names to be | comments about privacy issues. [Partial list; more names to be | |||
| added.] | added.] | |||
| 10. References | 10. References | |||
| 10.1. Normative References | 10.1. Normative References | |||
| [RFC1034] Mockapetris, P., "Domain names - concepts and facilities", | [RFC1034] Mockapetris, P., "Domain names - concepts and facilities", | |||
| STD 13, RFC 1034, November 1987. | STD 13, RFC 1034, DOI 10.17487/RFC1034, November 1987, | |||
| <http://www.rfc-editor.org/info/rfc1034>. | ||||
| [RFC1035] Mockapetris, P., "Domain names - implementation and | [RFC1035] Mockapetris, P., "Domain names - implementation and | |||
| specification", STD 13, RFC 1035, November 1987. | specification", STD 13, RFC 1035, DOI 10.17487/RFC1035, | |||
| November 1987, <http://www.rfc-editor.org/info/rfc1035>. | ||||
| [RFC1918] Rekhter, Y., Moskowitz, R., Karrenberg, D., Groot, G., and | [RFC1918] Rekhter, Y., Moskowitz, B., Karrenberg, D., J. de Groot, | |||
| E. Lear, "Address Allocation for Private Internets", | G., and E. Lear, "Address Allocation for Private | |||
| BCP 5, RFC 1918, February 1996. | Internets", BCP 5, RFC 1918, DOI 10.17487/RFC1918, | |||
| February 1996, <http://www.rfc-editor.org/info/rfc1918>. | ||||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, March 1997. | Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/ | |||
| RFC2119, March 1997, | ||||
| <http://www.rfc-editor.org/info/rfc2119>. | ||||
| [RFC3927] Cheshire, S., Aboba, B., and E. Guttman, "Dynamic | [RFC3927] Cheshire, S., Aboba, B., and E. Guttman, "Dynamic | |||
| Configuration of IPv4 Link-Local Addresses", RFC 3927, | Configuration of IPv4 Link-Local Addresses", RFC 3927, | |||
| May 2005. | DOI 10.17487/RFC3927, May 2005, | |||
| <http://www.rfc-editor.org/info/rfc3927>. | ||||
| [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless | [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless | |||
| Address Autoconfiguration", RFC 4862, September 2007. | Address Autoconfiguration", RFC 4862, DOI 10.17487/ | |||
| RFC4862, September 2007, | ||||
| <http://www.rfc-editor.org/info/rfc4862>. | ||||
| [RFC5198] Klensin, J. and M. Padlipsky, "Unicode Format for Network | [RFC5198] Klensin, J. and M. Padlipsky, "Unicode Format for Network | |||
| Interchange", RFC 5198, March 2008. | Interchange", RFC 5198, DOI 10.17487/RFC5198, March 2008, | |||
| <http://www.rfc-editor.org/info/rfc5198>. | ||||
| [RFC6762] Cheshire, S. and M. Krochmal, "Multicast DNS", RFC 6762, | [RFC6762] Cheshire, S. and M. Krochmal, "Multicast DNS", RFC 6762, | |||
| December 2012. | December 2012. | |||
| [RFC6763] Cheshire, S. and M. Krochmal, "DNS-Based Service | [RFC6763] Cheshire, S. and M. Krochmal, "DNS-Based Service | |||
| Discovery", RFC 6763, December 2012. | Discovery", RFC 6763, December 2012. | |||
| [I-D.sekar-dns-llq] | [I-D.sekar-dns-llq] | |||
| Sekar, K., "DNS Long-Lived Queries", | Sekar, K., "DNS Long-Lived Queries", | |||
| draft-sekar-dns-llq-01 (work in progress), August 2006. | draft-sekar-dns-llq-01 (work in progress), August 2006. | |||
| [I-D.ietf-dnssd-push] | ||||
| Pusateri, T. and S. Cheshire, "DNS Push Notifications", | ||||
| draft-ietf-dnssd-push-02 (work in progress), October 2015. | ||||
| 10.2. Informative References | 10.2. Informative References | |||
| [HOME] Cheshire, S., "Special Use Top Level Domain 'home'", | [HOME] Cheshire, S., "Special Use Top Level Domain 'home'", | |||
| draft-cheshire-homenet-dot-home (work in progress), | draft-cheshire-homenet-dot-home (work in progress), | |||
| November 2014. | November 2014. | |||
| [IPR2119] "Apple Inc.'s Statement about IPR related to Hybrid | [IPR2119] "Apple Inc.'s Statement about IPR related to Hybrid | |||
| Unicast/Multicast DNS-Based Service Discovery", | Unicast/Multicast DNS-Based Service Discovery", | |||
| <https://datatracker.ietf.org/ipr/2119/>. | <https://datatracker.ietf.org/ipr/2119/>. | |||
| [RFC2136] Vixie, P., Thomson, S., Rekhter, Y., and J. Bound, | [RFC2136] Vixie, P., Ed., Thomson, S., Rekhter, Y., and J. Bound, | |||
| "Dynamic Updates in the Domain Name System (DNS UPDATE)", | "Dynamic Updates in the Domain Name System (DNS UPDATE)", | |||
| RFC 2136, April 1997. | RFC 2136, DOI 10.17487/RFC2136, April 1997, | |||
| <http://www.rfc-editor.org/info/rfc2136>. | ||||
| [RFC3007] Wellington, B., "Secure Domain Name System (DNS) Dynamic | [RFC3007] Wellington, B., "Secure Domain Name System (DNS) Dynamic | |||
| Update", RFC 3007, November 2000. | Update", RFC 3007, DOI 10.17487/RFC3007, November 2000, | |||
| <http://www.rfc-editor.org/info/rfc3007>. | ||||
| [RFC6760] Cheshire, S. and M. Krochmal, "Requirements for a Protocol | [RFC6760] Cheshire, S. and M. Krochmal, "Requirements for a Protocol | |||
| to Replace the AppleTalk Name Binding Protocol (NBP)", | to Replace the AppleTalk Name Binding Protocol (NBP)", | |||
| RFC 6760, December 2012. | RFC 6760, December 2012. | |||
| [ZC] Cheshire, S. and D. Steinberg, "Zero Configuration | [ZC] Cheshire, S. and D. Steinberg, "Zero Configuration | |||
| Networking: The Definitive Guide", O'Reilly Media, Inc. , | Networking: The Definitive Guide", O'Reilly Media, Inc. , | |||
| ISBN 0-596-10100-7, December 2005. | ISBN 0-596-10100-7, December 2005. | |||
| Author's Address | Author's Address | |||
| End of changes. 56 change blocks. | ||||
| 152 lines changed or deleted | 256 lines changed or added | |||
This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||