idnits 2.17.1 draft-ietf-homenet-dot-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == There are 3 instances of lines with non-RFC2606-compliant FQDNs in the document. ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 96: '...ending with '.homenet.' MUST refer to...' RFC 2119 keyword, line 101: '...t. Such queries MUST NOT be recursive...' RFC 2119 keyword, line 126: '...2. Applications SHOULD treat domain n...' RFC 2119 keyword, line 127: '... other FQDN, and MUST NOT make any ass...' RFC 2119 keyword, line 130: '...Is and libraries MUST NOT recognize na...' (11 more instances...) == The 'Updates: ' line in the draft header should list only the _numbers_ of the RFCs which will be updated by this document (if approved); it should not include the word 'RFC' in the list. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (November 15, 2016) is 2716 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Downref: Normative reference to an Informational RFC: RFC 7535 == Outdated reference: A later version (-03) exists of draft-ietf-homenet-redact-00 Summary: 2 errors (**), 0 flaws (~~), 4 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group P. Pfister 3 Internet-Draft Cisco Systems 4 Updates: RFC7788 (if approved) T. Lemon 5 Intended status: Standards Track Nominum, Inc. 6 Expires: May 19, 2017 November 15, 2016 8 Special Use Top Level Domain '.homenet' 9 draft-ietf-homenet-dot-00 11 Abstract 13 This document specifies the behavior that is expected from the Domain 14 Name System with regard to DNS queries for names ending with 15 '.homenet.', and designates this top-level domain as a special-use 16 domain name. The '.homenet' top-level domain replaces '.home' as the 17 default domain used by the Home Networking Control Protocol (HNCP). 19 Status of This Memo 21 This Internet-Draft is submitted in full conformance with the 22 provisions of BCP 78 and BCP 79. 24 Internet-Drafts are working documents of the Internet Engineering 25 Task Force (IETF). Note that other groups may also distribute 26 working documents as Internet-Drafts. The list of current Internet- 27 Drafts is at http://datatracker.ietf.org/drafts/current/. 29 Internet-Drafts are draft documents valid for a maximum of six months 30 and may be updated, replaced, or obsoleted by other documents at any 31 time. It is inappropriate to use Internet-Drafts as reference 32 material or to cite them other than as "work in progress." 34 This Internet-Draft will expire on May 19, 2017. 36 Copyright Notice 38 Copyright (c) 2016 IETF Trust and the persons identified as the 39 document authors. All rights reserved. 41 This document is subject to BCP 78 and the IETF Trust's Legal 42 Provisions Relating to IETF Documents 43 (http://trustee.ietf.org/license-info) in effect on the date of 44 publication of this document. Please review these documents 45 carefully, as they describe your rights and restrictions with respect 46 to this document. Code Components extracted from this document must 47 include Simplified BSD License text as described in Section 4.e of 48 the Trust Legal Provisions and are provided without warranty as 49 described in the Simplified BSD License. 51 Table of Contents 53 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 54 2. General Guidance . . . . . . . . . . . . . . . . . . . . . . 3 55 3. Domain Name Reservation Considerations . . . . . . . . . . . 3 56 4. Updates to Home Networking Control Protocol . . . . . . . . . 4 57 5. Security Considerations . . . . . . . . . . . . . . . . . . . 5 58 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 59 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 5 60 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 61 8.1. Normative References . . . . . . . . . . . . . . . . . . 6 62 8.2. Informative References . . . . . . . . . . . . . . . . . 6 63 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7 65 1. Introduction 67 Users and devices within a home network require devices and services 68 to be identified by names that are unique within the boundaries of 69 the home network [RFC7368]. The naming mechanism needs to function 70 without configuration from the user. While it may be possible for a 71 name to be delegated by an ISP, home networks must also function in 72 the absence of such a delegation. A default name with a scope 73 limited to each individual home network needs to be used. 75 The '.homenet' top-level domain replaces '.home' which was specified 76 in [RFC7788] as the default domain-name for home networks. '.home' 77 had been selected as the most user-friendly option, but evidence 78 indicates that '.home' queries frequently leak out and reach the root 79 name servers [ICANN1] [ICANN2]. As a result, the use of '.home' has 80 been deprecated; this document updates [RFC7788] to replace '.home' 81 with '.homenet', while another document, [I-D.ietf-homenet-redact] 82 deprecates the use of the '.home' TLD. 84 This document registers the top-level domain '.homenet.' as a 85 special-use domain name [RFC6761] and specifies the behavior that is 86 expected from the Domain Name System with regard to DNS queries for 87 names whose rightmost non-terminal label is 'homenet'. Queries for 88 names ending with '.homenet.' are of local significance within the 89 scope of a home network, meaning that identical queries will result 90 in different results from one home network to another. In other 91 words, a name ending in '.homenet' is not globally unique. 93 2. General Guidance 95 The top-level domain name '.homenet.' is to be used for naming within 96 a home network. Names ending with '.homenet.' MUST refer to 97 services that are located within a home network (e.g., a printer, or 98 a toaster). 100 DNS queries for names ending with '.homenet.' are resolved using 101 local resolvers on the homenet. Such queries MUST NOT be recursively 102 forwarded to servers outside the logical boundaries of the home 103 network. 105 Although home networks most often provide one or more service 106 discovery mechanisms, it is still expected that some users will see, 107 remember, and sometimes even type, names ending with '.homenet'. It 108 is therefore desireable that users identify the top-level domain and 109 understand that using it expresses the intention to connect to a 110 service that is specific to the home network to which they are 111 connected. Enforcing the fulfillment of this intention is out of 112 scope for this document. 114 3. Domain Name Reservation Considerations 116 This section defines the behavior of systems involved in domain name 117 resolution when serving queries for names ending with '.homenet.' (as 118 per [RFC6761]). 120 1. Users can use names ending with '.homenet.' just as they would 121 use any other domain name. The '.homenet' name is chosen to be 122 readily recognized by users as signifying that the name is 123 addressing a service on the homenet to which the user's device is 124 connected. 126 2. Applications SHOULD treat domain names ending with '.homenet.' 127 just like any other FQDN, and MUST NOT make any assumption on the 128 level of additional security implied by its presence. 130 3. Name resolution APIs and libraries MUST NOT recognize names 131 ending with '.homenet.' as special and MUST NOT treat them 132 differently. Name resolution APIs MUST send queries for such 133 names to their configured caching DNS server(s). Using a caching 134 server other than the server or servers offered by the home 135 network will result in failure to correctly resolve queries for 136 '.homenet'. 138 4. Unless configured otherwise, Caching DNS servers MUST behave as 139 described in Locally Served Zones ([RFC6303] Section 3). Caching 140 DNS Servers that are part of a home network MAY be configured 141 manually or automatically (e.g., for auto-configuration purposes) 142 to act differently, e.g., by querying another name server 143 configured as authoritative for part of the domain, or proxying 144 the request through a different mechanism. 146 5. Authoritative DNS Servers SHOULD recognize such names as special- 147 use and SHOULD NOT, by default, attempt to look up NS records for 148 these names. Servers that are part of a home network or 149 providing name resolution services for a home network MAY be 150 configured to act as authoritative for the whole top-level domain 151 or a part of it. 153 6. DNS server operators should not configure DNS servers to act as 154 authoritative for any name ending in '.homenet'. 156 7. DNS Registries/Registrars MUST NOT grant requests to register 157 '.homenet' in the normal way to any person or entity. '.homenet' 158 is registered in perpetuity to IANA: 160 Domain Name: HOMENET 161 Registrar: RESERVED-INTERNET ASSIGNED NUMBERS AUTHORITY 162 Whois Server: whois.iana.org 163 Referral URL: http://res-dom.iana.org 164 Name Server: A.IANA-SERVERS.NET 165 Name Server: B.IANA-SERVERS.NET 166 Status: clientDeleteProhibited 167 Status: clientTransferProhibited 168 Status: clientUpdateProhibited 170 4. Updates to Home Networking Control Protocol 172 The final paragraph of Homenet Considerations Protocol [RFC7788], 173 section 8, is updated as follows: 175 OLD: 177 Names and unqualified zones are used in an HNCP network to provide 178 naming and service discovery with local significance. A network- 179 wide zone is appended to all single labels or unqualified zones in 180 order to qualify them. ".home" is the default; however, an 181 administrator MAY configure the announcement of a Domain-Name TLV 182 (Section 10.6) for the network to use a different one. In case 183 multiple are announced, the domain of the node with the greatest 184 node identifier takes precedence. 186 NEW: 188 Names and unqualified zones are used in an HNCP network to provide 189 naming and service discovery with local significance. A network- 190 wide zone is appended to all single labels or unqualified zones in 191 order to qualify them. ".homenet" is the default; however, an 192 administrator MAY configure the announcement of a Domain-Name TLV 193 (Section 10.6) for the network to use a different one. In case 194 multiple are announced, the domain of the node with the greatest 195 node identifier takes precedence. 197 The '.homenet' special-use name does not require a special 198 resolution protocol. Names for which the rightmost non-terminal 199 label is 'homenet' are resolved using the DNS protocol [RFC1035]. 201 5. Security Considerations 203 Although a DNS record returned as a response to a query ending with 204 '.homenet.' is expected to have local significance and be returned by 205 a server involved in name resolution for the home network the device 206 is connected in, such response MUST NOT be considered more 207 trustworthy than would be a similar response for any other DNS query. 209 Because '.homenet' is not globally scoped and cannot be secured using 210 DNSSEC based on the root domain's trust anchor, there is no way to 211 tell, using a standard DNS query, in which home network scope an 212 answer belongs. Consequently, users may experience surprising 213 results with such names when roaming to different home networks. To 214 prevent this from happening, it may be useful for the resolver to 215 identify different home networks on which it has resolved names, but 216 this is out of scope for this document. 218 6. IANA Considerations 220 IANA is requested to record the top-level domain ".homenet" in the 221 Special-Use Domain Names registry [SUDN]. 223 IANA is requested to set up insecure delegation for '.homenet' in the 224 root zone pointing to the AS112 service [RFC7535], to break the 225 DNSSEC chain of trust. 227 7. Acknowledgments 229 The authors would like to thank Stuart Cheshire for his prior work on 230 '.home', as well as the homenet chairs: Mark Townsley and Ray Bellis. 232 8. References 234 8.1. Normative References 236 [RFC6303] Andrews, M., "Locally Served DNS Zones", BCP 163, 237 RFC 6303, DOI 10.17487/RFC6303, July 2011, 238 . 240 [RFC6761] Cheshire, S. and M. Krochmal, "Special-Use Domain Names", 241 RFC 6761, DOI 10.17487/RFC6761, February 2013, 242 . 244 [RFC7535] Abley, J., Dickson, B., Kumari, W., and G. Michaelson, 245 "AS112 Redirection Using DNAME", RFC 7535, 246 DOI 10.17487/RFC7535, May 2015, 247 . 249 [I-D.ietf-homenet-redact] 250 Lemon, T., "Redacting .home from HNCP", draft-ietf- 251 homenet-redact-00 (work in progress), September 2016. 253 8.2. Informative References 255 [RFC1035] Mockapetris, P., "Domain names - implementation and 256 specification", STD 13, RFC 1035, DOI 10.17487/RFC1035, 257 November 1987, . 259 [RFC7368] Chown, T., Ed., Arkko, J., Brandt, A., Troan, O., and J. 260 Weil, "IPv6 Home Networking Architecture Principles", 261 RFC 7368, DOI 10.17487/RFC7368, October 2014, 262 . 264 [RFC7788] Stenberg, M., Barth, S., and P. Pfister, "Home Networking 265 Control Protocol", RFC 7788, DOI 10.17487/RFC7788, April 266 2016, . 268 [ICANN1] "New gTLD Collision Risk Mitigation", October 2013, 269 . 272 [ICANN2] "New gTLD Collision Occurence Management", October 2013, 273 . 276 [SUDN] "Special-Use Domain Names Registry", July 2012, 277 . 280 Authors' Addresses 282 Pierre Pfister 283 Cisco Systems 284 Paris 285 France 287 Email: pierre.pfister@darou.fr 289 Ted Lemon 290 Nominum, Inc. 291 800 Bridge Parkway 292 Redwood City, California 94065 293 United States of America 295 Phone: +1 650 381 6000 296 Email: ted.lemon@nominum.com