Network Working Group P. Pfister Internet-Draft Cisco Systems Intended status: Standards Track October 31, 2016 Expires: May 4, 2017 Special Use Top Level Domain '.homenet' draft-pfister-homenet-dot-00 Abstract This document specifies the behavior that is expected from the Domain Name System with regard to DNS queries for names ending with '.homenet.', thereby defining this top-level domain as a special-use domain name [RFC6761]. The '.homenet' top-level domain intends to replace '.home' which was originally proposed in [RFC7788] as default domain-name for home networks. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on May 4, 2017. Copyright Notice Copyright (c) 2016 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of Pfister Expires May 4, 2017 [Page 1] Internet-Draft dot homenet October 2016 the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. General Guidance . . . . . . . . . . . . . . . . . . . . . . 3 3. Domain Name Reservation Considerations . . . . . . . . . . . 3 4. Security Considerations . . . . . . . . . . . . . . . . . . . 4 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 5 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 5 7.1. Normative References . . . . . . . . . . . . . . . . . . 5 7.2. Informative References . . . . . . . . . . . . . . . . . 5 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 5 1. Introduction Users and devices within a home network require other devices to be identified by names that are unique within the boundaries of the home network [RFC7368]. The naming mechanism also needs to function without configuration from the user, and keep functioning in case of upstream connexion failure. It is therefore expected that home network routers and devices will derive their own names from one or multiple domain-names that are assigned to the home network. Such domain names could be assigned by the service providers, although this would certainly lead to complicated names (e.g., 'cstmr6372514 .isp-foo.com.'), or be reserved and configured by an educated user. But in the case of upstream connexion failure, or when the user ignores how to reserve and configure a domain name, or does not care enough to do it, a default name with local scope needs to be used. The '.homenet' top-level domain intends to replace '.home' which was originally proposed in [RFC7788] as default domain-name for home networks. '.home' would certainly be the most user-friendly option, but evidence indicates that '.home' queries frequently leak out and reach the root name servers [ICANN1] [ICANN2]. This document is to be bundled with another internet draft updating [RFC7788] and deprecating the use of the '.home' TLD, replaced by '.homenet'. This document registers the top-level domain '.homenet.' as a special-use domain name [RFC6761] and specifies the behavior that is expected from the Domain Name System with regard to such DNS queries. Records for names ending with '.homenet.' are of local significance within a home network, meaning that identical queries may result in different results from one home network to another. Pfister Expires May 4, 2017 [Page 2] Internet-Draft dot homenet October 2016 2. General Guidance The top-level domain name '.homenet.' is to be used for naming within a home network. Names ending with '.homenet.' MUST refer to services that are either located within a home network (e.g., a printer, or a toaster), or only reachable from within the home network (e.g., a web server hosted by the service provider and providing a service that is specific to the home). DNS queries for names ending with '.homenet.' MUST NOT be sent outside of the logical boundaries of the home network. Which means that, by default, such queries MUST NOT be sent outside of the network boundaries of the home network, but home network devices MAY be configured in order to send such queries to DNS servers located outside of the home network when the DNS server is capable of responding with values that are specific to the network where the query is coming from. Although home networks most often provide one or multiple service discovery mechanisms, it is still expected that some users will see, remember, and sometimes even type, names ending with '.homenet'. It is therefore desireable that users identify the top-level domain and associate it with the fact that the service they are connected to is specific to the home network they are connected in. But, the presence of this top-level domain name MUST NOT be considered as improving the security of the connexion in any way. 3. Domain Name Reservation Considerations This section defines the behavior of systems involved in domain name resolution when serving queries for names ending with '.homenet.' (as per [RFC6761]). 1. Users MAY use, type or remember names ending with '.homenet.' just like any other fully qualified domain names. Users SHOULD recognize the top-level domain and understand that its presence at the end of a Fully Qualified Domain Name (FQDN) imply that the service they are reaching is associated with the home network they are connected in. In particular, users SHOULD understand that a single name (e.g. www.homenet) may connect them to different services when connected within different homes. 2. Applications SHOULD treat domain names ending with '.homenet.' just like any other FQDN, and MUST NOT make any assumption on the level of additional security implied by its presence. 3. Name resolution APIs and libraries SHOULD NOT recognize names ending with '.homenet.' as special and SHOULD NOT treat them Pfister Expires May 4, 2017 [Page 3] Internet-Draft dot homenet October 2016 differently. Name resolution APIs SHOULD send queries for such names to their configured caching DNS server(s). 4. Cachine DNS Servers SHOULD recognize such names as special use and SHOULD NOT, by default, attempt to look up NS records for them, or otherwise query authoritative DNS servers in an attempt to resolve these names. Instead, recursive/caching DNS servers that are not part of a home network SHOULD generate immediate NXDOMAIN response. Caching DNS Servers that are part of a home network MAY be configured manually or automatically (e.g., for auto-configuration purposes) to act differently, e.g., by querying another name server configured as authoritative for part of the domain, or proxying the request through a different mechanism. 5. Authoritative DNS Servers SHOULD recognize such names as special- use and SHOULD NOT, by default, attempt to look up NS records for these names. Servers that are part of a home network or providing name resolution services for a home network MAY be configured to act as authoritative for the whole top-level domain or a part of it. 6. DNS server operators SHOULD NOT attempt to configure DNS servers to act as authoriative for any of these names. Internet service providers or, by extension, entities providing name resolution services to home networks MAY configure their DNS servers to answer such requests in a way which ensures total isolation between different home networks. 7. DNS Registries and Registrars MUST NOT assign any sub-domain from '.homenet.'. 4. Security Considerations Although a DNS record returned as a response to a query ending with '.homenet.' is expected to have local significance and be returned by a server involved in name resolution for the home network the device is connected in, such response MUST NOT be considered more trustworthy than would be a similar response for any other DNS query. 5. IANA Considerations [Once published, this should say] IANA has recorded the top-level domain ".homenet" in the Special-Use Domain Names registry [SUDN]. Pfister Expires May 4, 2017 [Page 4] Internet-Draft dot homenet October 2016 6. Acknowledgments The author would like to thank Stuart Cheschire for his prior work on '.home', as well as the homenet chairs: Mark Townsley and Ray Bellis. 7. References 7.1. Normative References [RFC6761] Cheshire, S. and M. Krochmal, "Special-Use Domain Names", RFC 6761, DOI 10.17487/RFC6761, February 2013, . 7.2. Informative References [RFC7368] Chown, T., Arkko, J., Brandt, A., Troan, O., and J. Weil, "IPv6 Home Networking Architecture Principles", RFC 7368, October 2014. [RFC7788] Stenberg, M., Barth, S., and P. Pfister, "Home Networking Control Protocol", RFC 7788, DOI 10.17487/RFC7788, April 2016, . [ICANN1] "New gTLD Collision Risk Mitigation", October 2013, . [ICANN2] "New gTLD Collision Occurence Management", October 2013, . [SUDN] "Special-Use Domain Names Registry", July 2012, . Author's Address Pierre Pfister Cisco Systems Paris France Email: pierre.pfister@darou.fr Pfister Expires May 4, 2017 [Page 5]