draft-ietf-homenet-front-end-naming-delegation-14.txt   draft-ietf-homenet-front-end-naming-delegation-15.txt 
Homenet D. Migault Homenet D. Migault
Internet-Draft Ericsson Internet-Draft Ericsson
Intended status: Standards Track R. Weber Intended status: Standards Track R. Weber
Expires: October 30, 2021 Nominum Expires: November 14, 2021 Nominum
M. Richardson M. Richardson
Sandelman Software Works Sandelman Software Works
R. Hunter R. Hunter
Globis Consulting BV Globis Consulting BV
April 28, 2021 May 13, 2021
Simple Provisioning of Public Names for Residential Networks Simple Provisioning of Public Names for Residential Networks
draft-ietf-homenet-front-end-naming-delegation-14 draft-ietf-homenet-front-end-naming-delegation-15
Abstract Abstract
Home owners often have IPv6 devices that they wish to access over the Home owners often have IPv6 devices that they wish to access over the
Internet using names. It has been possible to register and populate Internet using names.
a DNS Zone with names since DNS became a thing, but it has been an Outsourcing the DNS servers to a DNS infrastructure protects against
activity typically reserved for experts. This document automates the possible DDoS attacks as well as sudden renumbering of the home
process through creation of a Homenet Naming Authority (HNA), whose network. It has been possible to register and populate a DNS Zone
with names since DNS became a thing, but it has been an activity
typically reserved for experts. This document automates the process
through creation of a Homenet Naming Authority (HNA), whose
responsibility is to select, sign and publish names to a set of responsibility is to select, sign and publish names to a set of
publicly visible servers. publicly visible servers.
The use of an outsourced primary DNS server deals with possible
renumbering of the home network, and with possible denial of service
attacks against the DNS infrastructure.
This document describes the mechanism that enables the HNA to This document describes the mechanism that enables the HNA to
outsource the naming service to the DNS Outsourcing Infrastructure outsource the naming service to the DNS Outsourcing Infrastructure
(DOI) via a Distribution Master (DM). (DOI) via a Distribution Manager (DM).
In addition, this document deals with publication of a corresponding In addition, this document deals with publication of a corresponding
reverse zone. reverse zone.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on November 14, 2021.
This Internet-Draft will expire on October 30, 2021.
Copyright Notice Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 31 skipping to change at page 2, line 28
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Selecting Names to Publish . . . . . . . . . . . . . . . 5 1.1. Selecting Names to Publish . . . . . . . . . . . . . . . 5
1.2. Alternative solutions . . . . . . . . . . . . . . . . . . 6 1.2. Alternative solutions . . . . . . . . . . . . . . . . . . 6
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 7 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 7
3. Architecture Description . . . . . . . . . . . . . . . . . . 8 3. Architecture Description . . . . . . . . . . . . . . . . . . 8
3.1. Architecture Overview . . . . . . . . . . . . . . . . . . 9 3.1. Architecture Overview . . . . . . . . . . . . . . . . . . 8
3.2. Distribution Master Communication Channels . . . . . . . 11 3.2. Distribution Manager Communication Channels . . . . . . . 11
4. Control Channel between Homenet Naming Authority (HNA) and 4. Control Channel . . . . . . . . . . . . . . . . . . . . . . . 12
Distribution Master (DM) . . . . . . . . . . . . . . . . . . 13 4.1. Information to Build the Public Homenet Zone . . . . . . 13
4.1. Information to build the Public Homenet Zone . . . . . . 13
4.2. Information to build the DNSSEC chain of trust . . . . . 13 4.2. Information to build the DNSSEC chain of trust . . . . . 13
4.3. Information to set the Synchronization Channel . . . . . 14 4.3. Information to set the Synchronization Channel . . . . . 14
4.4. Deleting the delegation . . . . . . . . . . . . . . . . . 14 4.4. Deleting the delegation . . . . . . . . . . . . . . . . . 14
4.5. Messages Exchange Description . . . . . . . . . . . . . . 14 4.5. Messages Exchange Description . . . . . . . . . . . . . . 14
4.5.1. Retrieving information for the Public Homenet Zone. . 15 4.5.1. Retrieving information for the Public Homenet Zone. . 14
4.5.2. Providing information for the DNSSEC chain of trust . 16 4.5.2. Providing information for the DNSSEC chain of trust . 15
4.5.3. Providing information for the Synchronization Channel 16 4.5.3. Providing information for the Synchronization Channel 16
4.5.4. HNA instructing deleting the delegation . . . . . . . 17 4.5.4. HNA instructing deleting the delegation . . . . . . . 17
4.6. Securing the Control Channel between Homenet Naming 4.6. Securing the Control Channel . . . . . . . . . . . . . . 17
Authority (HNA) and Distribution Master (DM) . . . . . . 17
4.7. Implementation Concerns . . . . . . . . . . . . . . . . . 18 4.7. Implementation Concerns . . . . . . . . . . . . . . . . . 18
5. DM Synchronization Channel between HNA and DM . . . . . . . . 19 5. Synchronization Channel . . . . . . . . . . . . . . . . . . . 19
5.1. Securing the Synchronization Channel between HNA and DM . 20 5.1. Securing the Synchronization Channel . . . . . . . . . . 20
6. DM Distribution Channel . . . . . . . . . . . . . . . . . . . 20 6. DM Distribution Channel . . . . . . . . . . . . . . . . . . . 20
7. HNA Security Policies . . . . . . . . . . . . . . . . . . . . 21 7. HNA Security Policies . . . . . . . . . . . . . . . . . . . . 20
8. DNSSEC compliant Homenet Architecture . . . . . . . . . . . . 21 8. DNSSEC compliant Homenet Architecture . . . . . . . . . . . . 21
9. Homenet Reverse Zone Channels Configuration . . . . . . . . . 21 9. Homenet Reverse Zone Channels Configuration . . . . . . . . . 21
10. Homenet Public Zone Channel Configurations . . . . . . . . . 23 10. Homenet Public Zone Channel Configurations . . . . . . . . . 22
11. Renumbering . . . . . . . . . . . . . . . . . . . . . . . . . 24 11. Renumbering . . . . . . . . . . . . . . . . . . . . . . . . . 24
11.1. Hidden Primary . . . . . . . . . . . . . . . . . . . . . 24 11.1. Hidden Primary . . . . . . . . . . . . . . . . . . . . . 24
12. Privacy Considerations . . . . . . . . . . . . . . . . . . . 25 12. Privacy Considerations . . . . . . . . . . . . . . . . . . . 25
13. Security Considerations . . . . . . . . . . . . . . . . . . . 26 13. Security Considerations . . . . . . . . . . . . . . . . . . . 26
13.1. HNA DM channels . . . . . . . . . . . . . . . . . . . . 26 13.1. HNA DM channels . . . . . . . . . . . . . . . . . . . . 26
13.2. Names are less secure than IP addresses . . . . . . . . 27 13.2. Names are less secure than IP addresses . . . . . . . . 26
13.3. Names are less volatile than IP addresses . . . . . . . 27 13.3. Names are less volatile than IP addresses . . . . . . . 27
14. Information Model for Outsourced information . . . . . . . . 27 14. Information Model for Outsourced information . . . . . . . . 27
14.1. Outsourced Information Model . . . . . . . . . . . . . . 28 14.1. Outsourced Information Model . . . . . . . . . . . . . . 28
15. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 30 15. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 30
16. Acknowledgment . . . . . . . . . . . . . . . . . . . . . . . 30 16. Acknowledgment . . . . . . . . . . . . . . . . . . . . . . . 30
17. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 31 17. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 30
18. References . . . . . . . . . . . . . . . . . . . . . . . . . 31 18. References . . . . . . . . . . . . . . . . . . . . . . . . . 31
18.1. Normative References . . . . . . . . . . . . . . . . . . 31 18.1. Normative References . . . . . . . . . . . . . . . . . . 31
18.2. Informative References . . . . . . . . . . . . . . . . . 34 18.2. Informative References . . . . . . . . . . . . . . . . . 34
Appendix A. Envisioned deployment scenarios . . . . . . . . . . 36 Appendix A. Envisioned deployment scenarios . . . . . . . . . . 36
A.1. CPE Vendor . . . . . . . . . . . . . . . . . . . . . . . 36 A.1. CPE Vendor . . . . . . . . . . . . . . . . . . . . . . . 36
A.2. Agnostic CPE . . . . . . . . . . . . . . . . . . . . . . 36 A.2. Agnostic CPE . . . . . . . . . . . . . . . . . . . . . . 36
Appendix B. Example: A manufacturer provisioned HNA product flow 37 Appendix B. Example: A manufacturer provisioned HNA product flow 37
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 38 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 38
1. Introduction 1. Introduction
The Homenet Naming Authority (HNA) is responsible for making devices The Homenet Naming Authority (HNA) is responsible for making devices
within the home network accessible by name within the home network as within the home network accessible by a public name within the home
well as from outside the home network (e.g. the Internet). IPv6 network as well as from outside the home network (e.g. the Internet).
connectivity provides the possibility of global end to end IP IPv6 connectivity provides the possibility of global end to end IP
connectivity. End users will be able to transparently make use of connectivity.
this connectivity if they can use names to access the services they
want from their home network.
The use of a DNS zone for each home network is a reasonable and The use of a DNS zone for each home network is a reasonable and
scalable way to make the set of public names visible. There are a scalable way to make the set of public names visible. There are a
number of ways to populate such a zone. This specification proposes number of ways to populate such a zone. This specification proposes
a way based on a number of assumptions about typical home networks. a way based on a number of assumptions about typical home networks.
1. The names of the devices accessible from the Internet are stored 1. The names of the devices accessible from the Internet are stored
in the Public Homenet Zone, served by a DNS authoritative server. in the Public Homenet Zone, served by a DNS authoritative server.
2. It is unlikely that home networks will contain sufficiently 2. It is unlikely that home networks will contain sufficiently
robust platforms designed to host a service such as the DNS on robust platforms designed to host and expose to the Internet a
the Internet and as such would expose the home network to DDoS service such as the DNS and as such would expose the home network
attacks. to DDoS attacks.
3. [RFC7368] emphasizes that the home network is subject to 3. [RFC7368] emphasizes that the home network is subject to
connectivity disruptions with the ISP. But, names used within connectivity disruptions with the ISP. But, names used within
the home MUST be resilient against such disruption. the home MUST be resilient against such disruption.
This specification makes the public names resolvable within both the This specification makes the public names resolvable within both the
home network and on the Internet, even when there are disruptions. home network and on the Internet, even when there are disruptions.
This is achieved by having a device inside the home network that This is achieved by having a function inside the home network that
builds, signs, publishes, and manages a Public Homenet Zone, thus builds, signs, publishes, and manages a Public Homenet Zone, thus
providing bindings between public names, IP addresses, and other RR providing bindings between public names, IP addresses, and other RR
types. types.
The management of the names can be a role that the Customer Premises The management of the names can be under the responsibility the
Equipment (CPE) does. Other devices in the home network could Customer Premises Equipment (CPE) does. Other devices within the
fulfill this role e.g. a NAS server, but for simplicity, this home network could fulfill this role e.g. a Network Attached Storage
document assumes the function is located on one of the CPE devices. server, but for simplicity, this document assumes the function is
located on one of the CPE devices.
The homenet architecture [RFC7368] makes it clear that a home network The homenet architecture [RFC7368] makes it clear that a home network
may have multiple CPEs. The management of the Public Homenet Zone may have multiple CPEs. The management of the Public Homenet Zone
involves DNS specific mechanisms that cannot be distributed over involves DNS specific mechanisms that cannot be distributed over
multiple servers (primary server), when multiple nodes can multiple servers (primary server), when multiple nodes can
potentially manage the Public Homenet Zone, a single node needs to be potentially manage the Public Homenet Zone, a single node needs to be
selected per outsourced zone. This selected node is designated as selected per outsourced zone. This selected node is designated as
providing the HNA function. providing the HNA function.
The process by which a single HNA is selected per zone is not in The process by which a single HNA is selected per zone is not in
scope for this document. It is envisioned that a future document scope for this document. It is envisioned that a future document
will describe an HNCP mechanism to elect the single HNA. will describe an HNCP mechanism to elect the single HNA.
CPEs, which may host the HNA function, as well as home network CPEs, which may host the HNA function are usually low powered devices
devices, are usually low powered devices not designed for terminating not designed for supporting a heavy traffic. As a result, hosting an
heavy traffic. As a result, hosting an authoritative DNS service authoritative DNS service visible to the Internet may expose the home
visible to the Internet may expose the home network to resource network to resource exhaustion and other attacks. On the other hand,
exhaustion and other attacks. On the other hand, if the only copy of if the only copy of the public zone is on the Internet, then Internet
the public zone is on the Internet, then Internet connectivity connectivity disruptions would make the names unavailable inside the
disruptions would make the names unavailable inside the homenet. homenet.
In order to avoid resource exhaustion and other attacks, this In order to avoid resource exhaustion and other attacks, this
document describes an architecture that outsources the authoritative document describes in Section 3.1 an architecture that outsources the
naming service of the home network. More specifically, the HNA authoritative naming service of the home network. More specifically,
builds the Public Homenet Zone and outsources it to an DNS the HNA builds the Public Homenet Zone and outsources it to a DNS
Outsourcing Infrastructure (DOI) via a Distribution Master (DM). The Outsourcing Infrastructure (DOI) via a Distribution Manager (DM).
DOI is in charge of publishing the corresponding Public Homenet Zone The DOI is in charge of publishing the corresponding Public Homenet
on the Internet. The transfer of DNS zone information is achieved Zone on the Internet. The transfer of DNS zone information is
using standard DNS mechanisms involving primary and secondary DNS achieved using standard DNS mechanisms involving primary and
servers, with the HNA hosted primary being a stealth primary, and the secondary DNS servers, with the HNA being a stealth primary, and the
DM a secondary. DM a secondary.
Section 3.1 provides an architecture description that describes the In order to keep the Public Homenet Zone up-to-date Section 5
relation between the HNA and the DOI. In order to keep the Public describes how the HNA and the DOI synchronize the Pubic Homenet Zone.
Homenet Zone up-to-date Section 5 describes how the HNA and the DOI
synchronizes the Pubic Homenet Zone.
The proposed architecture is explicitly designed to enable fully The architecture is explicitly designed to enable fully functional
functional DNSSEC, and the Public Homenet Zone is expected to be DNSSEC, and the Public Homenet Zone is expected to be signed with a
signed with a secure delegation. DNSSEC key management and zone secure delegation. DNSSEC key management and zone signing are
signing is handled by the HNA. handled by the HNA.
Section 10 discusses management and configuration of the Public Section 10 discusses management and configuration of the Public
Homenet Zone. It shows that the HNA configuration of the DOI can Homenet Zone. It shows that the HNA configuration of the DOI can
involve no or little interaction with the end user. More involve no or little interaction with the end user. More
specifically, it shows that the existence of an account in the DOI is specifically, it shows that the existence of an account in the DOI is
sufficient for the DOI to push the necessary configuration. In sufficient for the DOI to push the necessary configuration. In
addition, when the DOI and CPE are both managed by an ISP, the addition, when the DOI and CPE are both managed by an ISP, the
configuration can be entirely automated - see Section 9. configuration can be entirely automated - see Section 9.
Section 9 discusses management of one or more reverse zones. It Section 9 discusses management of one or more reverse zones. It
shows that management of the reverse zones can be entirely automated shows that management of the reverse zones can be entirely automated
and benefit from a pre-established relation between the ISP and the and benefit from a pre-established relation between the ISP and the
home network. Note that such scenarios may also be met for the home network. Note that such scenarios may also be met for the
Public Homenet Zone, but not necessarily. Public Homenet Zone.
Section 11 discusses how renumbering should be handled. Finally, Section 11 discusses how renumbering should be handled. Finally,
Section 12 and Section 13 respectively discuss privacy and security Section 12 and Section 13 respectively discuss privacy and security
considerations when outsourcing the Public Homenet Zone. considerations when outsourcing the Public Homenet Zone.
The Public Homenet Zone is expected to contain public information The Public Homenet Zone is expected to contain public information
only in a single universal view. This document does not define how only in a single universal view. This document does not define how
the information required to construct this view is derived. the information required to construct this view is derived.
It is also not in the scope of this document to define names for It is also not in the scope of this document to define names for
exclusive use within the boundaries of the local home network. exclusive use within the boundaries of the local home network.
Instead, local scope information is expected to be provided to the Instead, local scope information is expected to be provided to the
home network using local scope naming services. mDNS [RFC6762] DNS-SD home network using local scope naming services. mDNS [RFC6762] and
[RFC6763] are two examples of these services. Currently mDNS is DNS-SD [RFC6763] are two examples of these services. Currently mDNS
limited to a single link network. However, future protocols and is limited to a single link network. However, future protocols and
architectures [I-D.ietf-homenet-simple-naming] are expected to architectures [I-D.ietf-homenet-simple-naming] are expected to
leverage this constraint as pointed out in [RFC7558]. leverage this constraint as pointed out in [RFC7558].
1.1. Selecting Names to Publish 1.1. Selecting Names to Publish
While this document does not create any normative mechanism by which While this document does not create any normative mechanism by which
the selection of names to publish, this document anticipates that the the selection of names to publish, this document anticipates that the
home network administrator (a humuan), will be presented with a list home network administrator (a humuan), will be presented with a list
of current names and addresses present on the inside of the home of current names and addresses present on the inside of the home
network. network.
skipping to change at page 6, line 37 skipping to change at page 6, line 27
location address would permit many services secured with HTTPS to location address would permit many services secured with HTTPS to
continue to operate. continue to operate.
1.2. Alternative solutions 1.2. Alternative solutions
An alternative existing solution in IPv4 is to have a single zone, An alternative existing solution in IPv4 is to have a single zone,
where a host uses a RESTful HTTP service to register a single name where a host uses a RESTful HTTP service to register a single name
into a common public zone. This is often called "Dynamic DNS", and into a common public zone. This is often called "Dynamic DNS", and
there are a number of commercial providers, including Dyn, Gandi etc. there are a number of commercial providers, including Dyn, Gandi etc.
These solutions were typically used by a host behind the CPE to make These solutions were typically used by a host behind the CPE to make
it's CPE IPv4 address visible, usually in order to enable incoming its CPE IPv4 address visible, usually in order to enable incoming
connections. connections. This is the most common scenario considered in this
section, while some variant may also consider the client being hosted
For a small number (one to three) of hosts, use of such a system in the CPE.
provides an alternative to the architecture described in this
document.
The alternative does suffer from some severe limitations: For a very few number (one to three) of hosts, the use of such a
system provides an alternative to the architecture described in this
document. The alternative - even adapted to IPv6 and ignoring those
associated to an IPv4 development - does suffer from some severe
limitations:
o the CPE/HNA router is unaware of the process, and cannot respond o the CPE/HNA router is unaware of the process, and cannot respond
to queries for these names when there are disruptions in to queries for these names when there are disruptions in
connectivity. This makes the home user or application dependent connectivity. This makes the home user or application dependent
on having to resolve different names in the event of outages or on having to resolve different names in the event of outages or
disruptions. disruptions.
o the CPE/HNA router cannot control the process. Any host can do o the CPE/HNA router cannot control the process. Any host can do
this regardless of whether or not the home network administrator this regardless of whether or not the home network administrator
wants the name published or not. There is therefore no possible wants the name published or not. There is therefore no possible
skipping to change at page 7, line 26 skipping to change at page 7, line 17
o "all the good names are taken" - current services put everyone's o "all the good names are taken" - current services put everyone's
names into some small set of zones, and there are often conflicts. names into some small set of zones, and there are often conflicts.
Distinguishing similar names by delegation of zones was among the Distinguishing similar names by delegation of zones was among the
primary design goals of the DNS system. primary design goals of the DNS system.
o The RESTful services do not always support all RR types. The o The RESTful services do not always support all RR types. The
homenet user is dependent on the service provider supporting new homenet user is dependent on the service provider supporting new
types. By providing full DNS delegation, this document enables types. By providing full DNS delegation, this document enables
all RR types and also future extensions. all RR types and also future extensions.
There is no technical reason why a RESTful cloud service could not There is no technical reason why a RESTful service could not provide
provide solutions to many of these problems, but this document solutions to many of these problems, but this document describes a
describes a DNS based solution. DNS-based solution.
2. Terminology 2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in "OPTIONAL" in this document are to be interpreted as described in
BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
Customer Premises Equipment: (CPE) is a router providing Customer Premises Equipment: (CPE) is a router providing
connectivity to the home network. connectivity to the home network.
Homenet Zone: is the DNS zone for use within the boundaries of the Homenet Zone: is the DNS zone for use within the boundaries of the
home network: home.arpa, see [RFC8375]). This zone is not home network: 'home.arpa' (see [RFC8375]). This zone is not
considered public and is out of scope for this document. considered public and is out of scope for this document.
Registered Homenet Domain: is the Domain Name associated with the Registered Homenet Domain: is the domain name that is associated
home network. with the home network.
Public Homenet Zone: contains the names in the home network that are Public Homenet Zone: contains the names in the home network that are
expected to be publicly resolvable on the Internet. expected to be publicly resolvable on the Internet.
Homenet Naming Authority: (HNA) is a function responsible for Homenet Naming Authority(HNA): is a function responsible for managing
managing the Public Homenet Zone. This includes populating the the Public Homenet Zone. This includes populating the Public Homenet
Public Homenet Zone, signing the zone for DNSSEC, as well as Zone, signing the zone for DNSSEC, as well as managing the
managing the distribution of that Homenet Zone to the DNS distribution of that Homenet Zone to the DNS Outsourcing
Outsourcing Infrastructure (DOI). Infrastructure (DOI).
DNS Outsourcing Infrastructure (DOI): is the infrastructure DNS Outsourcing Infrastructure (DOI): is the infrastructure
responsible for receiving the Public Homenet Zone and publishing responsible for receiving the Public Homenet Zone and publishing
it on the Internet. It is mainly composed of a Distribution it on the Internet. It is mainly composed of a Distribution
Master and Public Authoritative Servers. Manager and Public Authoritative Servers.
Public Authoritative Servers: are the authoritative name servers for Public Authoritative Servers: are the authoritative name servers for
the Public Homenet Zone. Name resolution requests for the Homenet the Public Homenet Zone. Name resolution requests for the Homenet
Domain are sent to these servers. For resiliency the Public Domain are sent to these servers. For resiliency the Public
Homenet Zone SHOULD be hosted on multiple servers. Homenet Zone SHOULD be hosted on multiple servers.
Homenet Authoritative Servers: are authoritative name servers within Homenet Authoritative Servers: are authoritative name servers within
the Homenet network. the Homenet network.
Distribution Master (DM): is the (set of) server(s) to which the HNA Distribution Manager (DM): is the (set of) server(s) to which the
synchronizes the Public Homenet Zone, and which then distributes HNA synchronizes the Public Homenet Zone, and which then
the relevant information to the Public Authoritative Servers. distributes the relevant information to the Public Authoritative
Servers.
Homenet Reverse Zone: The reverse zone file associated with the Homenet Reverse Zone: The reverse zone file associated with the
Public Homenet Zone. Public Homenet Zone.
Reverse Public Authoritative Servers: equivalent to Public Reverse Public Authoritative Servers: equivalent to Public
Authoritative Servers specifically for reverse resolution. Authoritative Servers specifically for reverse resolution.
Reverse Distribution Master: equivalent to Distribution Master Reverse Distribution Manager: equivalent to Distribution Manager
specifically for reverse resolution. specifically for reverse resolution.
Homenet DNSSEC Resolver: a resolver that performs a DNSSEC Homenet DNSSEC Resolver: a resolver that performs a DNSSEC
resolution on the home network for the Public Homenet Zone. The resolution on the home network for the Public Homenet Zone. The
resolution is performed requesting the Homenet Authoritative resolution is performed requesting the Homenet Authoritative
Servers. Servers.
DNSSEC Resolver: a resolver that performs a DNSSEC resolution on the DNSSEC Resolver: a resolver that performs a DNSSEC resolution on the
Internet for the Public Homenet Zone. The resolution is performed Internet for the Public Homenet Zone. The resolution is performed
requesting the Public Authoritative Servers. requesting the Public Authoritative Servers.
3. Architecture Description 3. Architecture Description
This section provides an overview of the architecture for outsourcing This section provides an overview of the architecture for outsourcing
the authoritative naming service from the HNA to the DOI in the authoritative naming service from the HNA to the DOI. Note that
Section 3.1. Section 14 defines necessary parameter to configure the Section 14 defines necessary parameter to configure the HNA.
HNA.
3.1. Architecture Overview 3.1. Architecture Overview
Figure 1 illustrates the architecture where the HNA outsources the Figure 1 illustrates the architecture where the HNA outsources the
publication of the Public Homenet Zone to the DOI. publication of the Public Homenet Zone to the DOI.
The Public Homenet Zone is identified by the Registered Homenet The Public Homenet Zone is identified by the Registered Homenet
Domain Name - myhome.example. The ".local" as well as ".home.arpa" Domain Name - myhome.example. The ".local" as well as ".home.arpa"
are explicitly not considered as Public Homenet zones and represented are explicitly not considered as Public Homenet zones and represented
as Homenet Zone in Figure 1. as Homenet Zone in Figure 1.
The HNA SHOULD build the Public Homenet Zone in a single view The HNA SHOULD build the Public Homenet Zone in a single view
populated with all resource records that are expected to be published populated with all resource records that are expected to be published
on the Internet. As explained in Section 1.1, how the Public Homenet on the Internet. The HNA also signs the Public Homenet Zone. The
Zone is populated is out of the scope of this document. The HNA also HNA handles all operations and keying material required for DNSSEC,
signs the Public Homenet Zone. The HNA handles all operations and so there is no provision made in this architecture for transferring
keying material required for DNSSEC, so there is no provision made in private DNSSEC related keying material between the HNA and the DM.
this architecture for transferring private DNSSEC related keying
material between the HNA and the DM.
Once the Public Homenet Zone has been built, the HNA outsources it to Once the Public Homenet Zone has been built, the HNA outsources it to
the DOI as described in Figure 1. The HNA acts as a hidden primary the DOI as described in Figure 1. The HNA acts as a hidden primary
while the DM behaves as a secondary responsible to distribute the [RFC8499] while the DM behaves as a secondary responsible to
Public Homenet Zone to the multiple Public Authoritative Servers that distribute the Public Homenet Zone to the multiple Public
DOI is responsible for. The DM has 3 communication channels: Authoritative Servers that DOI is responsible for. The DM has three
communication channels:
o a DM Control Channel (see section Section 4) to configure the HNA o a DM Control Channel (Section 4) to configure the HNA and the DOI,
and the DOI,
o a DM Synchronization Channel (see section Section 5 to synchronize o a DM Synchronization Channel (Section 5) to synchronize the Public
the Public Homenet Zone on the HNA and on the DM. Homenet Zone on the HNA and on the DM,
o one or more Distribution Channels (see section Section 6 that o one or more Distribution Channels (Section 6 that distribute the
distributes the Public Homenet Zone from the DM to the Public Public Homenet Zone from the DM to the Public Authoritative Server
Authoritative Server serving the Public Homenet Zone on the serving the Public Homenet Zone on the Internet.
Internet.
There MAY be multiple DM's, and multiple servers per DM. This text There might be multiple DM's, and multiple servers per DM. This
assumes a single DM server for simplicity, but there is no reason why document assumes a single DM server for simplicity, but there is no
each channel needs to be implemented on the same server, or indeed reason why each channel needs to be implemented on the same server or
use the same code base. use the same code base.
It is important to note that while the HNA is configured as an It is important to note that while the HNA is configured as an
authoritative server, it is not expected to answer to DNS requests authoritative server, it is not expected to answer to DNS requests
from the public Internet for the Public Homenet Zone. More from the public Internet for the Public Homenet Zone. More
specifically, the addresses associated with the HNA SHOULD NOT be specifically, the addresses associated with the HNA SHOULD NOT be
mentioned in the NS records of the Public Homenet zone, unless mentioned in the NS records of the Public Homenet zone, unless
additional security provisions necessary to protect the HNA from additional security provisions necessary to protect the HNA from
external attack have been taken. external attack have been taken.
The DOI is also responsible for ensuring the DS record has been The DOI is also responsible for ensuring the DS record has been
updated in the parent zone. updated in the parent zone.
Resolution is performed by the DNSSEC resolvers. When the resolution Resolution is performed by the DNSSEC resolvers. When the resolution
is performed outside the home network, the DNSSEC Resolver resolves is performed outside the home network, the DNSSEC Resolver resolves
the DS record on the Global DNS and the name associated to the Public the DS record on the Global DNS and the name associated to the Public
Homenet Zone (myhome.example) on the Public Authoritative Servers. Homenet Zone (myhome.example) on the Public Authoritative Servers.
When the resolution is performed from within the home network, the When the resolution is performed from within the home network, the
Homenet DNSSEC Resolver may proceed similarly. On the other hand, to Homenet DNSSEC Resolver MAY proceed similarly. On the other hand, to
provide resilience to the Public Homenet Zone in case of disruption, provide resilience to the Public Homenet Zone in case of WAN
the Homenet DNSSEC Resolver SHOULD be able to perform the resolution connectivity disruption, the Homenet DNSSEC Resolver SHOULD be able
on the Homenet Authoritative Servers. These servers are not expected to perform the resolution on the Homenet Authoritative Servers.
to be mentioned in the Public Homenet Zone, nor to be accessible from These servers are not expected to be mentioned in the Public Homenet
the Internet. As such their information as well as the corresponding Zone, nor to be accessible from the Internet. As such their
signed DS record MAY be provided by the HNA to the Homenet DNSSEC information as well as the corresponding signed DS record MAY be
Resolvers, e.g., using HNCP [RFC7788]. Such configuration is outside provided by the HNA to the Homenet DNSSEC Resolvers, e.g., using HNCP
the scope of this document. Since the scope of the Homenet [RFC7788]. Such configuration is outside the scope of this document.
Authoritative Servers is limited to the home network, these servers Since the scope of the Homenet Authoritative Servers is limited to
are expected to serve the Homenet Zone as represented in Figure 1. the home network, these servers are expected to serve the Homenet
Zone as represented in Figure 1.
How the Homenet Authoritative Servers are provisioned is also out of How the Homenet Authoritative Servers are provisioned is also out of
scope of this specification. It could be implemented using primary scope of this specification. It could be implemented using primary
secondaries servers, or via rsync. In some cases, the HNA and and secondary servers, or via rsync. In some cases, the HNA and
Homenet Authoritative Servers may be combined together which would Homenet Authoritative Servers may be combined together which would
result in a common instantiation of an authoritative server on the result in a common instantiation of an authoritative server on the
WAN and inner interface. Other mechanisms may also be used. WAN and inner homenet interface. Note that [RFC6092] REC-8 states
this must not be the default configuration. Other mechanisms may
also be used.
Home network | Internet Home network | Internet
| |
| +----------------------------+ | +----------------------------+
| | DOI | | | DOI |
Control | | | Control | | |
+-----------------------+ Channel | | +-----------------------+ | +-----------------------+ Channel | | +-----------------------+ |
| HNA |<-------------->| Distribution Master | | | HNA |<-------------->| Distribution Manager | |
|+---------------------+| | | |+---------------------+| | |+---------------------+| | | |+---------------------+| |
|| Public Homenet Zone ||Synchronization || Public Homenet Zone || | || Public Homenet Zone ||Synchronization || Public Homenet Zone || |
|| (myhome.example) || Channel | | || (myhome.example) || | || (myhome.example) || Channel | | || (myhome.example) || |
|+---------------------+|<-------------->|+---------------------+| | |+---------------------+|<-------------->|+---------------------+| |
+-----------^-----------+ | | +-----------------------+ | +-----------^-----------+ | | +-----------------------+ |
. | | ^ Distribution | . | | ^ Distribution |
. | | | Channel | . | | | Channel |
+-----------v-----------+ | | v | +-----------v-----------+ | | v |
| Homenet Authoritative | | | +-----------------------+ | | Homenet Authoritative | | | +-----------------------+ |
| Server(s) | | | | Public Authoritative | | | Server(s) | | | | Public Authoritative | |
skipping to change at page 11, line 39 skipping to change at page 11, line 39
+----------^---|--------+ | | | +----------^---|--------+ | | |
| | name resolution | | | | name resolution | |
| v | | v | v | | v
+----------------------+ | +-----------------------+ +----------------------+ | +-----------------------+
| Homenet | | | Internet | | Homenet | | | Internet |
| DNSSEC Resolver | | | DNSSEC Resolver | | DNSSEC Resolver | | | DNSSEC Resolver |
+----------------------+ | +-----------------------+ +----------------------+ | +-----------------------+
Figure 1: Homenet Naming Architecture Figure 1: Homenet Naming Architecture
3.2. Distribution Master Communication Channels 3.2. Distribution Manager Communication Channels
This section details the interfaces and channels of the DM, that is This section details the DM channels, that is the Control Channel,
the Control Channel, the Synchronization Channel and the Distribution the Synchronization Channel and the Distribution Channel.
Channel.
The Control Channel and the Synchronization Channel are the The Control Channel and the Synchronization Channel are the
interfaces used between the HNA and the DOI. The entity within the interfaces used between the HNA and the DOI. The entity within the
DOI responsible to handle these communications is the DM and DOI responsible to handle these communications is the DM and
communications between the HNA and the DM SHOULD be protected and communications between the HNA and the DM MUST be protected and
mutually authenticated. While section Section 4.6 discusses in more mutually authenticated. While Section 4.6 discusses in more depth
depth the different security protocols that could be used to secure, the different security protocols that could be used to secure, it is
this specification RECOMMENDS the use of TLS with mutually RECOMMENDED to use TLS with mutually authentication based on
authentication based on certificates to secure the channel between certificates to secure the channel between the HNA and the DM.
the HNA and the DM.
The Control Channel is used to set up the Synchronization Channel. The Control Channel is used to set up the Synchronization Channel.
We assume that the HNA initiates the Control Channel connection with We assume that the HNA initiates the Control Channel connection with
the DM and as such has a prior knowledge of the DM identity (X509 the DM and as such has a prior knowledge of the DM identity (X509
certificate), the IP address and port to use and protocol to set certificate), the IP address and port number to use and protocol to
secure session. We also assume the DM has knowledge of the identity set secure session. We also assume the DM has knowledge of the
of the HNA (X509 certificate) as well as the Registered Homenet identity of the HNA (X509 certificate) as well as the Registered
Domain. For more detail to see how this can be achieved, please see Homenet Domain. For more detail to see how this can be achieved,
section Section 10. please see Section 10.
The information exchanged between the HNA and the DM is using DNS The information exchanged between the HNA and the DM uses DNS
messages protected by DNS over TLS (DoT) [RFC7858]. Further messages protected by DNS over TLS (DoT) [RFC7858]. Other
specifications may consider protecting DNS messages with other specifications may consider protecting DNS messages with other
transport layers, among others, DNS over DTLS [RFC8094], or DNS over transport layers, among others, DNS over DTLS [RFC8094], or DNS over
HTTPs (DoH) [RFC8484] or DNS over QUIC [I-D.ietf-dprive-dnsoquic]. HTTPs (DoH) [RFC8484] or DNS over QUIC [I-D.ietf-dprive-dnsoquic].
There was consideration to using a standard TSIG [RFC2845] or SIG(0) There was consideration to using a standard TSIG [RFC2845] or SIG(0)
[RFC2931] to perform a dynamic DNS update to the DM. There are a [RFC2931] to perform a dynamic DNS update to the DM. There are a
number of issues with this. The first one is that TSIG or SIG(0) number of issues with this. The first one is that TSIG or SIG(0)
make scenarios where the end user needs to interact via its web make scenarios where the end user needs to interact via its web
browser more complex. More precisely, authorization and access browser more complex. More precisely, authorization and access
control granted via OAUTH would be unnecessarily complex with TSIG or control granted via OAUTH would be unnecessarily complex with TSIG or
SIG(0). SIG(0).
The main one is that the Dynamic DNS update would also update the The main issue is that the Dynamic DNS update would also update the
parent zone's (NS, DS and associated A or AAAA records) while the parent zone's (NS, DS and associated A or AAAA records) while the
goal is to update the DM configuration files. The visible NS records goal is to update the DM configuration files. The visible NS records
SHOULD remain pointing at the cloud provider's anycast addresses. SHOULD remain pointing at the cloud provider's anycast addresses.
Revealing the address of the HNA in the DNS is not desirable. Please Revealing the address of the HNA in the DNS is not desirable. Refer
see section Section 4.2 for more details. to Section 4.2 for more details.
This specification assumes: This specification assumes:
o the DM serves both the Control Channel and Synchronization Channel o the DM serves both the Control Channel and Synchronization Channel
on a single IP address, single port and with a single transport on a single IP address, single port and using a single transport
protocol. protocol.
o By default, the HNA uses a single IP address for both the Control o By default, the HNA uses a single IP address for both the Control
and Synchronization channel. However, the HNA MAY use distinct IP and Synchronization channel. However, the HNA MAY use distinct IP
addresses for the Control Channel and the Synchronization Channel addresses for the Control Channel and the Synchronization Channel
- see section Section 5 and section Section 4.3 for more details. - see Section 5 and Section 4.3 for more details.
The Distribution Channel is internal to the DOI and as such is not The Distribution Channel is internal to the DOI and as such is not
the primary concern of this specification. the primary concern of this specification.
4. Control Channel between Homenet Naming Authority (HNA) and 4. Control Channel
Distribution Master (DM)
The DM Control Channel is used by the HNA and the DOI to exchange The DM Control Channel is used by the HNA and the DOI to exchange
information related to the configuration of the delegation which information related to the configuration of the delegation which
includes information to build the Public Homenet Zone (see includes information to build the Public Homenet Zone (Section 4.1),
Section 4.1), information to build the DNSSEC chain of trust (see information to build the DNSSEC chain of trust (Section 4.2) and
Section 4.2) and information to set the Synchronization Channel (see information to set the Synchronization Channel (Section 4.3).
Section 4.3).
4.1. Information to build the Public Homenet Zone 4.1. Information to Build the Public Homenet Zone
When the HNA builds the Public Homenet Zone, it must include When the HNA builds the Public Homenet Zone, it must include
information that it retrieves from the DM relating to how the zone is information that it retrieves from the DM relating to how the zone is
to be published. to be published.
The information includes at least names and IP addresses of the The information includes at least names and IP addresses of the
Public Authoritative Name Servers. In term of RRset information this Public Authoritative Name Servers. In term of RRset information this
includes: includes:
o the MNAME of the SOA, o the MNAME of the SOA,
o the NS and associated A and AAA RRsets of the name servers. o the NS and associated A and AAA RRsets of the name servers.
Optionally the DOI MAY also provide operational parameters such as The DOI MAY also provide operational parameters such as other fields
other fields of SOA (SERIAL, RNAME, REFRESH, RETRY, EXPIRE and of SOA (SERIAL, RNAME, REFRESH, RETRY, EXPIRE and MINIMUM). As the
MINIMUM). As the information is necessary for the HNA to proceed and information is necessary for the HNA to proceed and the information
the information is associated to the DOI, this information exchange is associated to the DOI, this information exchange is mandatory.
is mandatory.
4.2. Information to build the DNSSEC chain of trust 4.2. Information to build the DNSSEC chain of trust
The HNA SHOULD provide the hash of the KSK (DS RRset), so the that The HNA SHOULD provide the hash of the KSK (DS RRset), so the that
DOI provides this value to the parent zone. A common deployment use DOI provides this value to the parent zone. A common deployment use
case is that the DOI is the registrar of the Registered Homenet case is that the DOI is the registrar of the Registered Homenet
Domain, and as such, its relationship with the registry of the parent Domain, and as such, its relationship with the registry of the parent
zone enables it to update the parent zone. When such relation zone enables it to update the parent zone. When such relation
exists, the HNA should be able to request the DOI to update the DS exists, the HNA should be able to request the DOI to update the DS
RRset in the parent zone. A direct update is especially necessary to RRset in the parent zone. A direct update is especially necessary to
initialize the chain of trust. initialize the chain of trust.
Though the HNA may also later directly update the values of the DS Though the HNA may also later directly update the values of the DS
via the Control Channel, it is RECOMMENDED to use other mechanisms via the Control Channel, it is RECOMMENDED to use other mechanisms
such as CDS and CDNSKEY [RFC7344] for transparent updates during key such as CDS and CDNSKEY [RFC7344] for transparent updates during key
roll overs. roll overs.
As some deployment may not provide a DOI that will be able to update As some deployments may not provide a DOI that will be able to update
the DS in the parent zone, this information exchange is OPTIONAL. the DS in the parent zone, this information exchange is OPTIONAL.
By accepting the DS RR, the DM commits in taking care of advertising By accepting the DS RR, the DM commits in taking care of advertising
the DS to the parent zone. Upon refusal, the DM clearly indicates it the DS to the parent zone. Upon refusal, the DM clearly indicates it
does not have the capacity to proceed to the update. does not have the capacity to proceed to the update.
4.3. Information to set the Synchronization Channel 4.3. Information to set the Synchronization Channel
The HNA works as a primary authoritative DNS server, while the DM The HNA works as a primary authoritative DNS server, while the DM
works like a secondary. As a result, the HNA MUST provide the IP works like a secondary. As a result, the HNA MUST provide the IP
address the DM is using to reach the HNA. The synchronization address the DM is using to reach the HNA. The synchronization
Channel will be set between that IP address and the IP address of the Channel will be set between that IP address and the IP address of the
DM. By default, the IP address used by the HNA in the Control DM. By default, the IP address used by the HNA in the Control
Channel is considered by the DM and the specification of the IP by Channel is considered by the DM and the specification of the IP by
the HNA is only OPTIONAL. The transport channel (including port) is the HNA is only OPTIONAL. The transport channel (including port
the same as the one used between the HNA and the DM for the Control number) is the same as the one used between the HNA and the DM for
Channel. the Control Channel.
4.4. Deleting the delegation 4.4. Deleting the delegation
The purpose of the previous sections were to exchange information in The purpose of the previous sections were to exchange information in
order to set a delegation. The HNA MUST also be able to delete a order to set a delegation. The HNA MUST also be able to delete a
delegation with a specific DM. Upon an instruction of deleting the delegation with a specific DM. Upon an instruction of deleting the
delegation, the DM MUST stop serving the Public Homenet Zone. delegation, the DM MUST stop serving the Public Homenet Zone.
4.5. Messages Exchange Description 4.5. Messages Exchange Description
There are multiple ways these information could be exchanged between There are multiple ways this information could be exchanged between
the HNA and the DM. This specification defines a mechanism that re- the HNA and the DM. This specification defines a mechanism that re-
use the DNS exchanges format. The intention is to reuse standard use the DNS exchanges format. The intention is to reuse standard
libraries especially to check the format of the exchanged fields as libraries especially to check the format of the exchanged fields as
well as to minimize the additional libraries needed for the HNA. The well as to minimize the additional libraries needed for the HNA. The
re-use of DNS exchanges achieves these goals. Note that while re-use of DNS exchanges achieves these goals. Note that while
information is provided using DNS exchanges, the exchanged information is provided using DNS exchanges, the exchanged
information is not expected to be set in any zone file, instead this information is not expected to be set in any zone file, instead this
information is expected to be processed appropriately. information is uses as commands between the HNA and the DM.
The Control Channel is not expected to be a long term session. After The Control Channel is not expected to be a long term session. After
a predefined timer the Control Channel is expected to be terminated. a predefined timer - similar to those used for TCP - the Control
The Control Channel MAY Be re-opened at any time later. Channel is expected to be terminated - by closing the transport
channel. The Control Channel MAY be re-opened at any time later.
The provisioning process SHOULD provide a method of securing the The provisioning process SHOULD provide a method of securing the
Control Channel, so that the content of messages can be Control Channel, so that the content of messages can be
authenticated. This authentication MAY be based on certificates for authenticated. This authentication MAY be based on certificates for
both the DM and each HNA. The DM may also create the initial both the DM and each HNA. The DM may also create the initial
configuration for the delegation zone in the parent zone during the configuration for the delegation zone in the parent zone during the
provisioning process. provisioning process.
4.5.1. Retrieving information for the Public Homenet Zone. 4.5.1. Retrieving information for the Public Homenet Zone.
The information provided by the DM to the HNA is retrieved by the HNA The information provided by the DM to the HNA is retrieved by the HNA
with an AXFR exchange. The AXFR message enables the response to with an AXFR exchange [RFC1034]. AXFR enables the response to
contain any type of RRsets. The response might be extended in the contain any type of RRsets. The response might be extended in the
future if additional information will be needed. Alternatively, the future if additional information will be needed. Alternatively, the
information provided by the HNA to the DM is pushed by the HNA via a information provided by the HNA to the DM is pushed by the HNA via a
DNS update exchange [RFC2136]. DNS update exchange [RFC2136].
To retrieve the necessary information to build the Public Homenet To retrieve the necessary information to build the Public Homenet
Zone, the HNA MUST send an DNS request of type AXFR associated to the Zone, the HNA MUST send a DNS request of type AXFR associated to the
Registered Homenet Domain. The DM MUST respond with a zone template. Registered Homenet Domain. The DM MUST respond with a zone template.
The zone template MUST contain a RRset of type SOA, one or multiple The zone template MUST contain a RRset of type SOA, one or multiple
RRset of type NS and zero or more RRset of type A or AAAA. RRset of type NS and zero or more RRset of type A or AAAA.
o The SOA RR is used to indicate to the HNA the value of the MNAME o The SOA RR indicates to the HNA the value of the MNAME of the
of the Public Homenet Zone. Public Homenet Zone.
o The NAME of the SOA RR MUST be the Registered Homenet Domain. o The NAME of the SOA RR MUST be the Registered Homenet Domain.
o The MNAME value of the SOA RDATA is the value provided by the DOI o The MNAME value of the SOA RDATA is the value provided by the DOI
to the HNA. to the HNA.
o Other RDATA values (RNAME, REFRESH, RETRY, EXPIRE and MINIMUM) are o Other RDATA values (RNAME, REFRESH, RETRY, EXPIRE and MINIMUM) are
provided by the DOI as suggestions. provided by the DOI as suggestions.
The NS RRsets are used to carry the Public Authoritative Servers of The NS RRsets carry the Public Authoritative Servers of the DOI.
the DOI. Their associated NAME MUST be the Registered Homenet Their associated NAME MUST be the Registered Homenet Domain.
Domain.
The TTL and RDATA are those expected to be published on the Public The TTL and RDATA are those expected to be published on the Public
Homenet Zone. The RRsets of Type A and AAAA MUST have their NAME Homenet Zone. The RRsets of Type A and AAAA MUST have their NAME
matching the NSDNAME of one of the NS RRsets. matching the NSDNAME of one of the NS RRsets.
Upon receiving the response, the HNA MUST validate format and Upon receiving the response, the HNA MUST validate format and
properties of the SOA, NS and A or AAAA RRsets. If an error occurs, properties of the SOA, NS and A or AAAA RRsets. If an error occurs,
the HNA MUST stop proceeding and MUST report an error. Otherwise, the HNA MUST stop proceeding and MUST log an error. Otherwise, the
the HNA builds the Public Homenet Zone by setting the MNAME value of HNA builds the Public Homenet Zone by setting the MNAME value of the
the SOA as indicated by the SOA provided by the AXFR response. The SOA as indicated by the SOA provided by the AXFR response. The HNA
HNA SHOULD set the value of NAME, REFRESH, RETRY, EXPIRE and MINIMUM SHOULD set the value of NAME, REFRESH, RETRY, EXPIRE and MINIMUM of
of the SOA to those provided by the AXFR response. The HNA MUST the SOA to those provided by the AXFR response. The HNA MUST insert
insert the NS and corresponding A or AAAA RRset in its Public Homenet the NS and corresponding A or AAAA RRset in its Public Homenet Zone.
Zone. The HNA MUST ignore other RRsets. If an error message is The HNA MUST ignore other RRsets. If an error message is returned by
returned by the DM, the HNA MUST proceed as a regular DNS resolution. the DM, the HNA MUST proceed as a regular DNS resolution. Error
Error messages SHOULD be logged for further analysis. If the messages SHOULD be logged for further analysis. If the resolution
resolution does not succeed, the outsourcing operation is aborted and does not succeed, the outsourcing operation is aborted and the HNA
the HNA MUST close the Control Channel. MUST close the Control Channel.
4.5.2. Providing information for the DNSSEC chain of trust 4.5.2. Providing information for the DNSSEC chain of trust
To provide the DS RRset to initialize the DNSSEC chain of trust the To provide the DS RRset to initialize the DNSSEC chain of trust the
HNA MAY send a DNS update [RFC2136] message. HNA MAY send a DNS update [RFC2136] message.
The DNS update message is composed of a Header section, a Zone The DNS update message is composed of a Header section, a Zone
section, a Pre-requisite section, and Update section and an section, a Pre-requisite section, and Update section and an
additional section. The Zone section MUST set the ZNAME to the additional section. The Zone section MUST set the ZNAME to the
parent zone of the Registered Homenet Domain - that is where the DS parent zone of the Registered Homenet Domain - that is where the DS
skipping to change at page 16, line 44 skipping to change at page 16, line 39
error is found, this includes when unexpected RRSets are added or error is found, this includes when unexpected RRSets are added or
when RRsets are missing. A SERVFAIL error is returned when a when RRsets are missing. A SERVFAIL error is returned when a
internal error is encountered. A NOTZONE error is returned when internal error is encountered. A NOTZONE error is returned when
update and Zone sections are not coherent, a NOTAUTH error is update and Zone sections are not coherent, a NOTAUTH error is
returned when the DM is not authoritative for the Zone section. A returned when the DM is not authoritative for the Zone section. A
REFUSED error is returned when the DM refuses to proceed to the REFUSED error is returned when the DM refuses to proceed to the
configuration and the requested action. configuration and the requested action.
4.5.3. Providing information for the Synchronization Channel 4.5.3. Providing information for the Synchronization Channel
To provide a non default IP address used by the HNA for the The default IP address used by the HNA for the Synchronization
Synchronization Channel, the HNA MAY send a DNS Update message. Such Channel is the IP address of the Control Channel. To provide a
exchange is OPTIONAL. different IP address, the HNA MAY send a DNS Update message.
Similarly to the Section 4.5.2, the HNA MAY optionally specify the IP Similarly to the Section 4.5.2, the HNA MAY specify the IP address
address using a DNS update message. The Zone section sets its ZNAME using a DNS update message. The Zone section sets its ZNAME to the
to the parent zone of the Registered Homenet Domain, ZTYPE is set to parent zone of the Registered Homenet Domain, ZTYPE is set to SOA and
SOA and ZCLASS is set to the zone's type. Pre-requisite is empty. ZCLASS is set to the zone's type. Pre-requisite is empty. The
The Update section is a RRset of type NS. The Additional Data Update section is a RRset of type NS. The Additional Data section
section contains the RRsets of type A or AAAA that designates the IP contains the RRsets of type A or AAAA that designates the IP
addresses associated to the primary (or the HNA). addresses associated to the primary (or the HNA).
The reason to provide these IP addresses is that it is NOT The reason to provide these IP addresses is to keep them unpublished
RECOMMENDED to publish these IP addresses. As a result, it is not and prevent them to be resolved.
expected to resolve them.
Upon receiving the DNS update request, the DM reads the IP addresses Upon receiving the DNS update request, the DM reads the IP addresses
and checks the ZNAME corresponds to the parent zone. The DM SHOULD and checks the ZNAME corresponds to the parent zone. The DM SHOULD
ignore a non empty Pre-requisite section. The DM configures the ignore a non empty Pre-requisite section. The DM configures the
secondary with the IP addresses and returns a NOERROR response to secondary with the IP addresses and returns a NOERROR response to
indicate it is committed to serve as a secondary. indicate it is committed to serve as a secondary.
Similarly to Section 4.5.2, DNS errors are used and an error Similarly to Section 4.5.2, DNS errors are used and an error
indicates the DM is not configured as a secondary. indicates the DM is not configured as a secondary.
4.5.4. HNA instructing deleting the delegation 4.5.4. HNA instructing deleting the delegation
To instruct to delete the delegation the HNA SHOULD send a DNS UPDATE To instruct to delete the delegation the HNA SHOULD send a DNS UPDATE
Delete message. Delete message.
The Zone section sets its ZNAME to the Registered Homenet Domain, the The Zone section sets its ZNAME to the Registered Homenet Domain, the
ZTYPE to SOA and the ZCLASS to zone's type. The Pre-requisite ZTYPE to SOA and the ZCLASS to zone's type. The Pre-requisite
section is empty. The Update section is a RRset of type NS with the section is empty. The Update section is a RRset of type NS with the
NAME set to the Registered Domain Name. As indicated by [RFC2136] NAME set to the Registered Domain Name. As indicated by [RFC2136]
section 2.5.2 the delete instruction is set by setting the TTL to 0, Section 2.5.2 the delete instruction is set by setting the TTL to 0,
the Class to ANY, the RDLENGTH to 0 and the RDATA MUST be empty. The the Class to ANY, the RDLENGTH to 0 and the RDATA MUST be empty. The
Additional Data section is empty. Additional Data section is empty.
Upon receiving the DNS update request, the DM checks the request and Upon receiving the DNS update request, the DM checks the request and
removes the delegation. The DM returns a NOERROR response to removes the delegation. The DM returns a NOERROR response to
indicate the delegation has been deleted. Similarly to indicate the delegation has been deleted. Similarly to
Section 4.5.2, DNS errors are used and an error indicates the Section 4.5.2, DNS errors are used and an error indicates the
delegation has not been deleted. delegation has not been deleted.
4.6. Securing the Control Channel between Homenet Naming Authority 4.6. Securing the Control Channel
(HNA) and Distribution Master (DM)
The control channel between the HNA and the DM MUST be secured at The control channel between the HNA and the DM MUST be secured at
both the HNA and the DM. both the HNA and the DM.
Secure protocols (like TLS [RFC8446] SHOULD be used to secure the Secure protocols (like TLS [RFC8446] SHOULD be used to secure the
transactions between the DM and the HNA. transactions between the DM and the HNA.
The advantage of TLS is that this technology is widely deployed, and The advantage of TLS is that this technology is widely deployed, and
most of the devices already embed TLS libraries, possibly also taking most of the devices already embed TLS libraries, possibly also taking
advantage of hardware acceleration. Further, TLS provides advantage of hardware acceleration. Further, TLS provides
skipping to change at page 18, line 35 skipping to change at page 18, line 28
was also considered. Section 10 envisions one mechanism would was also considered. Section 10 envisions one mechanism would
involve the end user, with a browser, signing up to a service involve the end user, with a browser, signing up to a service
provider, with a resulting OAUTH2 token to be provided to the HNA. A provider, with a resulting OAUTH2 token to be provided to the HNA. A
way to translate this OAUTH2 token from HTTPS web space to DNS SIG(0) way to translate this OAUTH2 token from HTTPS web space to DNS SIG(0)
space seems overly problematic, and so the enrollment protocol using space seems overly problematic, and so the enrollment protocol using
web APIs was determined to be easier to implement at scale. web APIs was determined to be easier to implement at scale.
Note also that authentication of message exchanges between the HNA Note also that authentication of message exchanges between the HNA
and the DM SHOULD NOT use the external IP address of the HNA to index and the DM SHOULD NOT use the external IP address of the HNA to index
the appropriate keys. As detailed in Section 11, the IP addresses of the appropriate keys. As detailed in Section 11, the IP addresses of
the DM and the Hidden Primary are subject to change, for example the DM and the hidden primary are subject to change, for example
while the network is being renumbered. This means that the necessary while the network is being renumbered. This means that the necessary
keys to authenticate transaction SHOULD NOT be indexed using the IP keys to authenticate transaction SHOULD NOT be indexed using the IP
address, and SHOULD be resilient to IP address changes. address, and SHOULD be resilient to IP address changes.
4.7. Implementation Concerns 4.7. Implementation Concerns
The Hidden Primary Server on the HNA differs from a regular The Hidden Primary Server on the HNA differs from a regular
authoritative server for the home network due to: authoritative server for the home network due to:
Interface Binding: the Hidden Primary Server will almost certainly Interface Binding: the Hidden Primary Server will almost certainly
skipping to change at page 19, line 17 skipping to change at page 19, line 8
the public Internet. the public Internet.
As a result, exchanges are performed with specific nodes (the DM). As a result, exchanges are performed with specific nodes (the DM).
Further, exchange types are limited. The only legitimate exchanges Further, exchange types are limited. The only legitimate exchanges
are: NOTIFY initiated by the Hidden Primary and IXFR or AXFR are: NOTIFY initiated by the Hidden Primary and IXFR or AXFR
exchanges initiated by the DM. exchanges initiated by the DM.
On the other hand, regular authoritative servers would respond to any On the other hand, regular authoritative servers would respond to any
hosts, and any DNS query would be processed. The HNA SHOULD filter hosts, and any DNS query would be processed. The HNA SHOULD filter
IXFR/AXFR traffic and drop traffic not initiated by the DM. The HNA IXFR/AXFR traffic and drop traffic not initiated by the DM. The HNA
MUST MUST at least allow SOA lookups of the Homenet Zone. MUST at least allow SOA lookups of the Homenet Zone.
5. DM Synchronization Channel between HNA and DM 5. Synchronization Channel
The DM Synchronization Channel is used for communication between the The DM Synchronization Channel is used for communication between the
HNA and the DM for synchronizing the Public Homenet Zone. Note that HNA and the DM for synchronizing the Public Homenet Zone. Note that
the Control Channel and the Synchronization Channel are by the Control Channel and the Synchronization Channel are by
construction different channels even though there they MAY use the construction different channels even though there they may use the
same IP addresse. In fact the Control Channel is set between the HNA same IP address. In fact the Control Channel is set between the HNA
working as a client using port YYYY (a high range port) toward a working as a client using port number YYYY (a high range port) toward
service provided by the DM at port XX (well known port). a service provided by the DM at port number XX (well known port).
On the other hand, the Synchronization Channel is set between the DM On the other hand, the Synchronization Channel is set between the DM
working as a client using port ZZZZ ( a high range port) toward a working as a client using port ZZZZ ( a high range port) toward a
service a service provided by the HNA at port XX. service a service provided by the HNA at port XX.
As a result, even though the same couple of IP addresses may be As a result, even though the same couple of IP addresses may be
involved the Control Channel and the Synchronization Channel are involved the Control Channel and the Synchronization Channel are
always distinct channels. always distinct channels.
Uploading and dynamically updating the zone file on the DM can be Uploading and dynamically updating the zone file on the DM can be
seen as zone provisioning between the HNA (Hidden Primary) and the DM seen as zone provisioning between the HNA (Hidden Primary) and the DM
(Secondary Server). This can be handled via AXFR + DNS Update. (Secondary Server). This can be handled via AXFR + DNS Update.
This document RECOMMENDS use of a primary / secondary mechanism The use of a primary / secondary mechanism is RECOMMENDED instead of
instead of the use of DNS Update. The primary / secondary mechanism the use of DNS Update. The primary / secondary mechanism is
is RECOMMENDED as it scales better and avoids DoS attacks. Note that RECOMMENDED as it scales better and avoids DoS attacks. Note that
even when UPDATE messages are used, these messages are using a even when UPDATE messages are used, these messages are using a
distinct channel as those used to set the configuration. distinct channel as those used to set the configuration.
Note that there is no standard way to distribute a DNS primary Note that there is no standard way to distribute a DNS primary
between multiple devices. As a result, if multiple devices are between multiple devices. As a result, if multiple devices are
candidate for hosting the Hidden Primary, some specific mechanisms candidate for hosting the Hidden Primary, some specific mechanisms
should be designed so the home network only selects a single HNA for should be designed so the home network only selects a single HNA for
the Hidden Primary. Selection mechanisms based on HNCP [RFC7788] are the Hidden Primary. Selection mechanisms based on HNCP [RFC7788] are
good candidates. good candidates.
skipping to change at page 20, line 17 skipping to change at page 20, line 8
The DM is configured as a secondary for the Registered Homenet Domain The DM is configured as a secondary for the Registered Homenet Domain
Name. This secondary configuration has been previously agreed Name. This secondary configuration has been previously agreed
between the end user and the provider of the DOI as part of either between the end user and the provider of the DOI as part of either
the provisioning or due to receipt of DNS Update messages on the DM the provisioning or due to receipt of DNS Update messages on the DM
Control Channel. Control Channel.
The Homenet Reverse Zone MAY also be updated either with DNS UPDATE The Homenet Reverse Zone MAY also be updated either with DNS UPDATE
[RFC2136] or using a primary / secondary synchronization. [RFC2136] or using a primary / secondary synchronization.
5.1. Securing the Synchronization Channel between HNA and DM 5.1. Securing the Synchronization Channel
The Synchronization Channel used standard DNS request. The Synchronization Channel uses standard DNS requests.
First the primary notifies the secondary that the zone must be First the primary notifies the secondary that the zone must be
updated and eaves the secondary to proceed with the update when updated and eaves the secondary to proceed with the update when
possible/convenient. possible/convenient.
Then, a NOTIFY message is sent by the primary, which is a small Then, a NOTIFY message is sent by the primary, which is a small
packet that is less likely to load the secondary. packet that is less likely to load the secondary.
Finally, the AXFR [RFC1034] or IXFR [RFC1995] query performed by the Finally, the AXFR [RFC1034] or IXFR [RFC1995] query performed by the
secondary is a small packet sent over TCP (section 4.2 [RFC5936]), secondary is a small packet sent over TCP (Section 4.2 [RFC5936]),
which mitigates reflection attacks using a forged NOTIFY. which mitigates reflection attacks using a forged NOTIFY.
The AXFR request from the DM to the HNA SHOULD be secured and the use The AXFR request from the DM to the HNA SHOULD be secured and the use
of TLS is RECOMMENDED [I-D.ietf-dprive-xfr-over-tls] of TLS is RECOMMENDED [I-D.ietf-dprive-xfr-over-tls]
When using TLS, the HNA MAY authenticate inbound connections from the When using TLS, the HNA MAY authenticate inbound connections from the
DM using standard mechanisms, such as a public certificate with DM using standard mechanisms, such as a public certificate with
baked-in root certificates on the HNA, or via DANE [RFC6698]. In baked-in root certificates on the HNA, or via DANE [RFC6698]. In
addition, to guarantee the DM remains the same across multiple TLS addition, to guarantee the DM remains the same across multiple TLS
session, the HNA and DM MAY implement [RFC8672]. session, the HNA and DM MAY implement [RFC8672].
The HNA MAY apply a simple IP filter on inbound AXFR requests to The HNA SHOULD apply an ACL on inbound AXFR requests to ensure they
ensure they only arrive from the DM Synchronization Channel. In this only arrive from the DM Synchronization Channel. In this case, the
case, the HNA SHOULD regularly check (via DNS resolution) that the HNA SHOULD regularly check (via DNS resolution) that the address of
address of the DM in the filter is still valid. the DM in the filter is still valid.
6. DM Distribution Channel 6. DM Distribution Channel
The DM Distribution Channel is used for communication between the DM The DM Distribution Channel is used for communication between the DM
and the Public Authoritative Servers. The architecture and and the Public Authoritative Servers. The architecture and
communication used for the DM Distribution Channels is outside the communication used for the DM Distribution Channels is outside the
scope of this document, and there are many existing solutions scope of this document, and there are many existing solutions
available e.g. rsynch, DNS AXFR, REST, DB copy. available e.g. rsynch, DNS AXFR, REST, DB copy.
7. HNA Security Policies 7. HNA Security Policies
skipping to change at page 22, line 25 skipping to change at page 22, line 19
This leave place for setting up automatically the relation between This leave place for setting up automatically the relation between
HNA and the DNS Outsourcing infrastructure as described in HNA and the DNS Outsourcing infrastructure as described in
[I-D.ietf-homenet-naming-architecture-dhc-options]. [I-D.ietf-homenet-naming-architecture-dhc-options].
In the case of the reverse zone, the DOI authenticates the source of In the case of the reverse zone, the DOI authenticates the source of
the updates by IPv6 Access Control Lists. In the case of the reverse the updates by IPv6 Access Control Lists. In the case of the reverse
zone, the ISP knows exactly what addresses have been delegated. The zone, the ISP knows exactly what addresses have been delegated. The
HNA SHOULD therefore always originate Synchronization Channel updates HNA SHOULD therefore always originate Synchronization Channel updates
from an IP address within the zone that is being updated. from an IP address within the zone that is being updated.
For example, if the ISP has assigned 2001:db8:f00d::2/64 to the WAN For example, if the ISP has assigned 2001:db8:f00d::/64 to the WAN
interface (by DHCPv6, or PPP/RA), then the HNA should originate interface (by DHCPv6, or PPP/RA), then the HNA should originate
Synchronization Channel updates from 2001:db8:f00d::2. Synchronization Channel updates from, for example, 2001:db8:f00d::2.
An ISP that has delegated 2001:db8:babe::/56 to the HNA via An ISP that has delegated 2001:db8:babe::/56 to the HNA via
DHCPv6-PD, then HNA should originate Synchronization Channel updates DHCPv6-PD, then HNA should originate Synchronization Channel updates
an IP within that subnet, such as 2001:db8:babe:0001::2. an IP within that subnet, such as 2001:db8:babe:0001::2.
With this relation automatically configured, the synchronization With this relation automatically configured, the synchronization
between the Home network and the DOI happens similarly as for the between the Home network and the DOI happens similarly as for the
Public Homenet Zone described earlier in this document. Public Homenet Zone described earlier in this document.
Note that for home networks hosted by multiple ISPs, each ISP Note that for home networks connected to by multiple ISPs, each ISP
provides only the DOI of the reverse zones associated to the provides only the DOI of the reverse zones associated to the
delegated prefix. It is also likely that the DNS exchanges will need delegated prefix. It is also likely that the DNS exchanges will need
to be performed on dedicated interfaces as to be accepted by the ISP. to be performed on dedicated interfaces as to be accepted by the ISP.
More specifically, the reverse zone associated to prefix 1 will not More specifically, the reverse zone associated to prefix 1 will not
be possible to be performs by the HNA using an IP address that be possible to be performs by the HNA using an IP address that
belongs to prefix 2. Such constraints does not raise major concerns belongs to prefix 2. Such constraints does not raise major concerns
either for hot standby or load sharing configuration. either for hot standby or load sharing configuration.
With IPv6, the domain space for IP addresses is so large that reverse With IPv6, the domain space for IP addresses is so large that reverse
zone may be confronted with scalability issues. How the reverse zone zone may be confronted with scalability issues. How the reverse zone
is generated is out of scope of this document. is generated is out of scope of this document. [RFC8501] provides
[I-D.howard-dnsop-ip6rdns] provides guidance on how to address guidance on how to address scalability issues.
scalability issues.
10. Homenet Public Zone Channel Configurations 10. Homenet Public Zone Channel Configurations
This document does not deal with how the HNA is provisioned with a This document does not deal with how the HNA is provisioned with a
trusted relationship to the Distribution Master for the forward zone. trusted relationship to the Distribution Manager for the forward
zone.
This section details what needs to be provisioned into the HNA and This section details what needs to be provisioned into the HNA and
serves as a requirements statement for mechanisms. serves as a requirements statement for mechanisms.
The HNA needs to be provisioned with: The HNA needs to be provisioned with:
o the Registered Domain (e.g., myhome.isp.example ) o the Registered Domain (e.g., myhome.isp.example )
o the contact info for the Distribution Master (DM), including the o the contact info for the Distribution Manager (DM), including the
DNS name (FQDN), possibly including the IP literal, and a DNS name (FQDN), possibly including the IP literal, and a
certificate (or anchor) to be used to authenticate the service certificate (or anchor) to be used to authenticate the service
o the DM transport protocol and port (the default is DNS over TLS, o the DM transport protocol and port (the default is DNS over TLS,
on port 853) on port 853)
o the HNA credentials used by the DM for its authentication. o the HNA credentials used by the DM for its authentication.
The HNA will need to select an IP address for communication for the The HNA will need to select an IP address for communication for the
Synchronization Channel. This is typically the outside WAN address Synchronization Channel. This is typically the WAN address of the RG
of the router, but could be an IPv6 LAN address in the case of a home router, but could be an IPv6 LAN address in the case of a home with
with multiple ISPs (and multiple border routers). This is multiple ISPs (and multiple border routers). This is detailed in
communicated in section Section 4.5.3 when the NS and A or AAAA Section 4.5.3 when the NS and A or AAAA RRsets are communicated.
RRsets are communicated.
The above parameters MUST be be provisioned for ISP-specific reverse The above parameters MUST be be provisioned for ISP-specific reverse
zones, as per [I-D.ietf-homenet-naming-architecture-dhc-options]. zones, as per [I-D.ietf-homenet-naming-architecture-dhc-options].
ISP-specific forward zones MAY also be provisioned using ISP-specific forward zones MAY also be provisioned using
[I-D.ietf-homenet-naming-architecture-dhc-options], but zones which [I-D.ietf-homenet-naming-architecture-dhc-options], but zones which
are not related to a specific ISP zone (such as with a DNS provider) are not related to a specific ISP zone (such as with a DNS provider)
must be provisioned through other means. must be provisioned through other means.
Similarly, if the HNA is provided by a registrar, the HNA may be Similarly, if the HNA is provided by a registrar, the HNA may be
given configured to end user. handed pre-configured to end user.
In the absence of specific pre-established relation, these pieces of In the absence of specific pre-established relation, these pieces of
information may be entered manually by the end user. In order to information may be entered manually by the end user. In order to
ease the configuration from the end user the following scheme may be ease the configuration from the end user the following scheme may be
implemented. implemented.
The HNA may present the end user a web interface where it provides The HNA may present the end user a web interface where it provides
the end user the ability to indicate the Registered Homenet Domain or the end user the ability to indicate the Registered Homenet Domain or
the registrar for example a preselected list. Once the registrar has the registrar for example a preselected list. Once the registrar has
been selected, the HNA redirects the end user to that registrar in been selected, the HNA redirects the end user to that registrar in
skipping to change at page 24, line 39 skipping to change at page 24, line 33
11.1. Hidden Primary 11.1. Hidden Primary
In a renumbering scenario, the HNA or Hidden Primary is informed it In a renumbering scenario, the HNA or Hidden Primary is informed it
is being renumbered. In most cases, this occurs because the whole is being renumbered. In most cases, this occurs because the whole
home network is being renumbered. As a result, the Public Homenet home network is being renumbered. As a result, the Public Homenet
Zone will also be updated. Although the new and old IP addresses may Zone will also be updated. Although the new and old IP addresses may
be stored in the Public Homenet Zone, we recommend that only the be stored in the Public Homenet Zone, we recommend that only the
newly reachable IP addresses be published. newly reachable IP addresses be published.
To avoid reachability disruption, IP connectivity information To avoid reachability disruption, IP connectivity information
provided by the DNS SHOULD be coherent with the IP plane. In our provided by the DNS SHOULD be coherent with the IP in use. In our
case, this means the old IP address SHOULD NOT be provided via the case, this means the old IP address SHOULD NOT be provided via the
DNS when it is not reachable anymore. Let for example TTL be the TTL DNS when it is not reachable anymore. Let for example TTL be the TTL
associated with a RRset of the Public Homenet Zone, it may be cached associated with a RRset of the Public Homenet Zone, it may be cached
for TTL seconds. Let T_NEW be the time the new IP address replaces for TTL seconds. Let T_NEW be the time the new IP address replaces
the old IP address in the Homenet Zone, and T_OLD_UNREACHABLE the the old IP address in the Homenet Zone, and T_OLD_UNREACHABLE the
time the old IP is not reachable anymore. time the old IP is not reachable anymore.
In the case of the make-before-break, seamless reachability is In the case of the make-before-break, seamless reachability is
provided as long as T_OLD_UNREACHABLE - T_NEW > 2 * TTL. If this is provided as long as T_OLD_UNREACHABLE - T_NEW > 2 * TTL. If this is
not satisfied, then devices associated with the old IP address in the not satisfied, then devices associated with the old IP address in the
skipping to change at page 28, line 47 skipping to change at page 28, line 38
"hna_certificate" : "-----BEGIN CERTIFICATE-----\nMIIDTjCCFGy....", "hna_certificate" : "-----BEGIN CERTIFICATE-----\nMIIDTjCCFGy....",
} }
14.1. Outsourced Information Model 14.1. Outsourced Information Model
Registered Homenet Domain (zone) The Domain Name of the zone. Registered Homenet Domain (zone) The Domain Name of the zone.
Multiple Registered Homenet Domains may be provided. This will Multiple Registered Homenet Domains may be provided. This will
generate the creation of multiple Public Homenet Zones. This generate the creation of multiple Public Homenet Zones. This
parameter is MANDATORY. parameter is MANDATORY.
Distribution Master notification address (dm) The associated FQDNs Distribution Manager notification address (dm) The associated FQDNs
or IP addresses of the DM to which DNS notifies should be sent. or IP addresses of the DM to which DNS notifies should be sent.
This parameter is MANDATORY. IP addresses are optional and the This parameter is MANDATORY. IP addresses are optional and the
FQDN is sufficient and preferred. If there are concerns about the FQDN is sufficient and preferred. If there are concerns about the
security of the name to IP translation, then DNSSEC should be security of the name to IP translation, then DNSSEC should be
employed. employed.
As the session between the HNA and the DM is authenticated with TLS, As the session between the HNA and the DM is authenticated with TLS,
the use of names is easier. the use of names is easier.
As certificates are more commonly emitted for FQDN than for IP As certificates are more commonly emitted for FQDN than for IP
addresses, it is preferred to use names and authenticate the name of addresses, it is preferred to use names and authenticate the name of
the DM during the TLS session establishment. the DM during the TLS session establishment.
Supported Transport (dm_transport) The transport that carries the Supported Transport (dm_transport) The transport that carries the
DNS exchanges between the HNA and the DM. Typical value is "DoT" DNS exchanges between the HNA and the DM. Typical value is "DoT"
but it may be extended in the future with "DoH", "DoQ" for but it may be extended in the future with "DoH", "DoQ" for
example. This parameter is OPTIONAL and by default the HNA uses example. This parameter is OPTIONAL and by default the HNA uses
DoT. DoT.
Distribution Master Port (dm_port) Indicates the port used by the Distribution Manager Port (dm_port) Indicates the port used by the
DM. This parameter is OPTIONAL and the default value is provided DM. This parameter is OPTIONAL and the default value is provided
by the Supported Transport. In the future, additional transport by the Supported Transport. In the future, additional transport
may not have default port, in which case either a default port may not have default port, in which case either a default port
needs to be defined or this parameter become MANDATORY. needs to be defined or this parameter become MANDATORY.
Note that HNA does not defines ports for the Synchronization Channel. Note that HNA does not defines ports for the Synchronization Channel.
In any case, this is not expected to part of the configuration, but In any case, this is not expected to part of the configuration, but
instead negotiated through the Configuration Channel. Currently the instead negotiated through the Configuration Channel. Currently the
Configuration Channel does not provide this, and limits its agility Configuration Channel does not provide this, and limits its agility
to a dedicated IP address. If such agility is needed in the future, to a dedicated IP address. If such agility is needed in the future,
skipping to change at page 29, line 41 skipping to change at page 29, line 34
Authentication Method ("hna_auth_method"): How the HNA authenticates Authentication Method ("hna_auth_method"): How the HNA authenticates
itself to the DM within the TLS connection(s). The authentication itself to the DM within the TLS connection(s). The authentication
meth of can typically be "certificate", "psk" or "none". This meth of can typically be "certificate", "psk" or "none". This
Parameter is OPTIONAL and by default the Authentication Method is Parameter is OPTIONAL and by default the Authentication Method is
"certificate". "certificate".
Authentication data ("hna_certificate", "hna_key"): : The certificate Authentication data ("hna_certificate", "hna_key"): : The certificate
chain used to authenticate the HNA. This parameter is OPTIONAL and chain used to authenticate the HNA. This parameter is OPTIONAL and
when not specified, a self-signed certificate is used. when not specified, a self-signed certificate is used.
Distribution Master AXFR permission netmask (dm_acl): The subnet Distribution Manager AXFR permission netmask (dm_acl): The subnet
from which the CPE should accept SOA queries and AXFR requests. A from which the CPE should accept SOA queries and AXFR requests. A
subnet is used in the case where the DNS Outsourced Infrastructure subnet is used in the case where the DNS Outsourced Infrastructure
consists of a number of different systems. An array of addresses consists of a number of different systems. An array of addresses
is permitted. This parameter is OPTIONAL and if unspecified, the is permitted. This parameter is OPTIONAL and if unspecified, the
CPE the IP addresses specified in the dm_notify parameters or the CPE the IP addresses specified in the dm_notify parameters or the
IP addresses that result from the DNS(SEC) resolution when IP addresses that result from the DNS(SEC) resolution when
dm_notify specifies a FQDN. dm_notify specifies a FQDN.
For forward zones, the relationship between the HNA and the forward For forward zones, the relationship between the HNA and the forward
zone provider may be the result of a number of transactions: zone provider may be the result of a number of transactions:
skipping to change at page 34, line 26 skipping to change at page 34, line 16
Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,
<https://www.rfc-editor.org/info/rfc8446>. <https://www.rfc-editor.org/info/rfc8446>.
[RFC8555] Barnes, R., Hoffman-Andrews, J., McCarney, D., and J. [RFC8555] Barnes, R., Hoffman-Andrews, J., McCarney, D., and J.
Kasten, "Automatic Certificate Management Environment Kasten, "Automatic Certificate Management Environment
(ACME)", RFC 8555, DOI 10.17487/RFC8555, March 2019, (ACME)", RFC 8555, DOI 10.17487/RFC8555, March 2019,
<https://www.rfc-editor.org/info/rfc8555>. <https://www.rfc-editor.org/info/rfc8555>.
18.2. Informative References 18.2. Informative References
[I-D.howard-dnsop-ip6rdns]
Howard, L., "Reverse DNS in IPv6 for Internet Service
Providers", draft-howard-dnsop-ip6rdns-00 (work in
progress), June 2014.
[I-D.ietf-dprive-dnsoquic] [I-D.ietf-dprive-dnsoquic]
Huitema, C., Mankin, A., and S. Dickinson, "Specification Huitema, C., Mankin, A., and S. Dickinson, "Specification
of DNS over Dedicated QUIC Connections", draft-ietf- of DNS over Dedicated QUIC Connections", draft-ietf-
dprive-dnsoquic-02 (work in progress), February 2021. dprive-dnsoquic-02 (work in progress), February 2021.
[I-D.ietf-homenet-naming-architecture-dhc-options] [I-D.ietf-homenet-naming-architecture-dhc-options]
Migault, D., Weber, R., Mrugalski, T., Griffiths, C., and Migault, D., Weber, R., and T. Mrugalski, "DHCPv6 Options
W. Cloetens, "DHCPv6 Options for Home Network Naming for Home Network Naming Authority", draft-ietf-homenet-
Authority", draft-ietf-homenet-naming-architecture-dhc- naming-architecture-dhc-options-12 (work in progress),
options-11 (work in progress), April 2021. April 2021.
[I-D.ietf-homenet-simple-naming] [I-D.ietf-homenet-simple-naming]
Lemon, T., Migault, D., and S. Cheshire, "Homenet Naming Lemon, T., Migault, D., and S. Cheshire, "Homenet Naming
and Service Discovery Architecture", draft-ietf-homenet- and Service Discovery Architecture", draft-ietf-homenet-
simple-naming-03 (work in progress), October 2018. simple-naming-03 (work in progress), October 2018.
[I-D.richardson-homerouter-provisioning] [I-D.richardson-homerouter-provisioning]
Richardson, M., "Provisioning Initial Device Identifiers Richardson, M., "Provisioning Initial Device Identifiers
into Home Routers", draft-richardson-homerouter- into Home Routers", draft-richardson-homerouter-
provisioning-00 (work in progress), November 2020. provisioning-00 (work in progress), November 2020.
skipping to change at page 35, line 27 skipping to change at page 35, line 14
[RFC8094] Reddy, T., Wing, D., and P. Patil, "DNS over Datagram [RFC8094] Reddy, T., Wing, D., and P. Patil, "DNS over Datagram
Transport Layer Security (DTLS)", RFC 8094, Transport Layer Security (DTLS)", RFC 8094,
DOI 10.17487/RFC8094, February 2017, DOI 10.17487/RFC8094, February 2017,
<https://www.rfc-editor.org/info/rfc8094>. <https://www.rfc-editor.org/info/rfc8094>.
[RFC8484] Hoffman, P. and P. McManus, "DNS Queries over HTTPS [RFC8484] Hoffman, P. and P. McManus, "DNS Queries over HTTPS
(DoH)", RFC 8484, DOI 10.17487/RFC8484, October 2018, (DoH)", RFC 8484, DOI 10.17487/RFC8484, October 2018,
<https://www.rfc-editor.org/info/rfc8484>. <https://www.rfc-editor.org/info/rfc8484>.
[RFC8499] Hoffman, P., Sullivan, A., and K. Fujiwara, "DNS
Terminology", BCP 219, RFC 8499, DOI 10.17487/RFC8499,
January 2019, <https://www.rfc-editor.org/info/rfc8499>.
[RFC8501] Howard, L., "Reverse DNS in IPv6 for Internet Service
Providers", RFC 8501, DOI 10.17487/RFC8501, November 2018,
<https://www.rfc-editor.org/info/rfc8501>.
[RFC8610] Birkholz, H., Vigano, C., and C. Bormann, "Concise Data [RFC8610] Birkholz, H., Vigano, C., and C. Bormann, "Concise Data
Definition Language (CDDL): A Notational Convention to Definition Language (CDDL): A Notational Convention to
Express Concise Binary Object Representation (CBOR) and Express Concise Binary Object Representation (CBOR) and
JSON Data Structures", RFC 8610, DOI 10.17487/RFC8610, JSON Data Structures", RFC 8610, DOI 10.17487/RFC8610,
June 2019, <https://www.rfc-editor.org/info/rfc8610>. June 2019, <https://www.rfc-editor.org/info/rfc8610>.
[RFC8672] Sheffer, Y. and D. Migault, "TLS Server Identity Pinning [RFC8672] Sheffer, Y. and D. Migault, "TLS Server Identity Pinning
with Tickets", RFC 8672, DOI 10.17487/RFC8672, October with Tickets", RFC 8672, DOI 10.17487/RFC8672, October
2019, <https://www.rfc-editor.org/info/rfc8672>. 2019, <https://www.rfc-editor.org/info/rfc8672>.
 End of changes. 97 change blocks. 
249 lines changed or deleted 239 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/