idnits 2.17.1 draft-lynn-dnsext-site-mdns-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (March 7, 2011) is 4791 days in the past. Is this intentional? Checking references for intended status: Experimental ---------------------------------------------------------------------------- == Missing Reference: 'TBD' is mentioned on line 251, but not defined == Unused Reference: 'RFC5226' is defined on line 366, but no explicit reference was found in the text ** Obsolete normative reference: RFC 5226 (Obsoleted by RFC 8126) == Outdated reference: A later version (-15) exists of draft-cheshire-dnsext-multicastdns-14 == Outdated reference: A later version (-03) exists of draft-cheshire-dnsext-special-names-01 == Outdated reference: A later version (-15) exists of draft-ietf-dnsop-default-local-zones-14 Summary: 1 error (**), 0 flaws (~~), 6 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Engineering Task Force K. Lynn 3 Internet-Draft Consultant 4 Intended status: Experimental D. Sturek 5 Expires: September 8, 2011 Pacific Gas & Electric 6 March 7, 2011 8 Extended Multicast DNS 9 draft-lynn-dnsext-site-mdns-00 11 Abstract 13 Multicast DNS (mDNS) provides the ability to perform DNS-like 14 operations on the local link in the absence of any conventional 15 unicast DNS server. Extended mDNS (xmDNS) extends the specification 16 of mDNS to site-local scope in order to support multi-hop LANs that 17 forward multicast packets but do not provide a unicast DNS service. 19 Like mDNS, xmDNS designates a portion of the DNS namespace to apply 20 to the site-local network and specifies rules for its use. 22 Status of this Memo 24 This Internet-Draft is submitted in full conformance with the 25 provisions of BCP 78 and BCP 79. 27 Internet-Drafts are working documents of the Internet Engineering 28 Task Force (IETF). Note that other groups may also distribute 29 working documents as Internet-Drafts. The list of current Internet- 30 Drafts is at http://datatracker.ietf.org/drafts/current/. 32 Internet-Drafts are draft documents valid for a maximum of six months 33 and may be updated, replaced, or obsoleted by other documents at any 34 time. It is inappropriate to use Internet-Drafts as reference 35 material or to cite them other than as "work in progress." 37 This Internet-Draft will expire on September 8, 2011. 39 Copyright Notice 41 Copyright (c) 2011 IETF Trust and the persons identified as the 42 document authors. All rights reserved. 44 This document is subject to BCP 78 and the IETF Trust's Legal 45 Provisions Relating to IETF Documents 46 (http://trustee.ietf.org/license-info) in effect on the date of 47 publication of this document. Please review these documents 48 carefully, as they describe your rights and restrictions with respect 49 to this document. Code Components extracted from this document must 50 include Simplified BSD License text as described in Section 4.e of 51 the Trust Legal Provisions and are provided without warranty as 52 described in the Simplified BSD License. 54 Table of Contents 56 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 57 2. Conventions and Terminology Used in this Document . . . . . . 3 58 3. Extended Multicast DNS Names . . . . . . . . . . . . . . . . . 3 59 4. Reverse Address Mapping . . . . . . . . . . . . . . . . . . . 4 60 5. Querying . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 61 6. Responding . . . . . . . . . . . . . . . . . . . . . . . . . . 4 62 7. Traffic Reduction . . . . . . . . . . . . . . . . . . . . . . 4 63 8. Probing and Announcing on Startup . . . . . . . . . . . . . . 5 64 9. Conflict Resolution . . . . . . . . . . . . . . . . . . . . . 5 65 10. Resource Record TTL Values and Cache Coherency . . . . . . . . 5 66 11. Source Address Check . . . . . . . . . . . . . . . . . . . . . 5 67 12. Special Characteristics of Extended Multicast DNS Domains . . 5 68 13. Enabling and Disabling Multicast DNS . . . . . . . . . . . . . 5 69 14. Considerations for Multiple Interfaces . . . . . . . . . . . . 5 70 15. Considerations for Multiple Responders on the Same Machine . . 5 71 16. Multicast DNS Character Set . . . . . . . . . . . . . . . . . 5 72 17. Multicast DNS Message Size . . . . . . . . . . . . . . . . . . 6 73 18. Multicast DNS Message Format . . . . . . . . . . . . . . . . . 6 74 19. Summary of Differences Between Multicast DNS and Unicast 75 DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 76 20. IPv6 Considerations . . . . . . . . . . . . . . . . . . . . . 6 77 21. Security Considerations . . . . . . . . . . . . . . . . . . . 6 78 22. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 79 23. Domain Name Reservation Considerations . . . . . . . . . . . . 7 80 24. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 8 81 25. References . . . . . . . . . . . . . . . . . . . . . . . . . . 10 82 25.1. Normative References . . . . . . . . . . . . . . . . . . 10 83 25.2. Informative References . . . . . . . . . . . . . . . . . 10 84 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 10 86 1. Introduction 88 Multicast DNS (mDNS) provides the ability to perform DNS-like 89 operations on the local link in the absence of any conventional 90 unicast DNS server. Extended mDNS (xmDNS) extends the specification 91 of mDNS to site-local scope in order to support multi-hop LANs that 92 forward multicast packets but do not provide a unicast DNS service. 94 Like mDNS, xmDNS designates a portion of the DNS namespace to apply 95 to the site-local network and specifies rules for its use. 97 2. Conventions and Terminology Used in this Document 99 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 100 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 101 document are to be interpreted as described in "Key words for use in 102 RFCs to Indicate Requirement Levels" [RFC2119]. 104 When this document uses the term "Multicast DNS", it should be taken 105 to mean: "Clients performing DNS-like queries for DNS-like resource 106 records by sending DNS-like UDP query and response packets on the 107 local link over IP Multicast to UDP port 5353." 109 This document uses the term "Extended Multicast DNS" to indicate the 110 distribution of mDNS queries and responses to all links that comprise 111 the site-local area network. Exceptions to normal mDNS operation are 112 specified in subsequent sections. 114 This document uses the term "host name" in the strict sense to mean a 115 fully-qualified domain name that has an IPv4 or IPv6 address record. 116 It does not use the term "host name" in the commonly used but 117 incorrect sense to mean just the first DNS label of a host's fully 118 qualified domain name. 120 A DNS (or mDNS) packet contains an IP TTL in the IP header, which is 121 effectively a hop-count limit for the packet, to guard against 122 routing loops. Each Resource Record also contains a TTL, which is 123 the number of seconds for which the Resource Record may be cached. 124 This document uses the term "IP TTL" to refer to the IP header TTL 125 (hop limit), and the term "RR TTL" or just "TTL" to refer to the 126 Resource Record TTL (cache lifetime). 128 3. Extended Multicast DNS Names 130 Extended Multicast DNS specifies that the DNS top-level domain 131 ".site." is a special domain with special semantics, namely that any 132 fully-qualified domain name ending in ".site." is site-local, and 133 names within this domain are meaningful only on the site-local area 134 network where they originate. This is analogous to Unique Local IPv6 135 Unicast Address [RFC4291] prefixes, which are site-local and 136 meaningful only on the site where they are defined. 138 Any DNS query for a name ending with ".site." MUST be sent to the 139 xmDNS multicast address (224.0.0.TBD or its IPv6 equivalent 140 FF05::FB). Future versions of this document may specify a method for 141 creating zones under the ".site." top-level domain and mapping these 142 to alternate IPv6 multicast addresses but this is currently out of 143 scope. 145 Note that the ".site." and ".local." domains are functionally 146 disjoint. 148 4. Reverse Address Mapping 150 [RFC4193] recommends that queries for D.F.IPV6.ARPA be handled 151 locally. [I-D.ietf-dnsop-default-local-zones] extends the 152 recommendation to cover other well known IN-ADDR.ARPA and IP6.ARPA 153 zones for which queries should not appear on the public Internet. 155 In the absence of a unicast DNS server in the LAN, any DNS query for 156 a name within the reverse mapping domain ("d.f.ip6.arpa.") for Unique 157 Local IPv6 Unicast addresses [RFC4193] SHOULD be sent to the IPv6 158 xmDNS link-local multicast address FF05::FB or the IPv4 xmDNS 159 multicast address 224.0.0.TBD. 161 [Other prefixes TBD] 163 5. Querying 165 All Extended Multicast DNS queries MUST be sent with a Unique Local 166 IPv6 Unicast [RFC4193] source address. 168 6. Responding 170 All Extended Multicast DNS responses (including responses sent via 171 unicast) SHOULD be sent with IP TTL set to 255. 173 7. Traffic Reduction 175 [TBD] 177 8. Probing and Announcing on Startup 179 [TBD] 181 9. Conflict Resolution 183 [TBD] 185 10. Resource Record TTL Values and Cache Coherency 187 [TBD] 189 11. Source Address Check 191 Source address check must ensure that queries originate from on-site 192 prefixes. All other queries must be silently dropped. 194 12. Special Characteristics of Extended Multicast DNS Domains 196 [TBD] 198 13. Enabling and Disabling Multicast DNS 200 [TBD] 202 14. Considerations for Multiple Interfaces 204 [TBD] 206 15. Considerations for Multiple Responders on the Same Machine 208 [TBD] 210 16. Multicast DNS Character Set 212 [Same as mDNS] 214 17. Multicast DNS Message Size 216 [Same as mDNS] 218 18. Multicast DNS Message Format 220 [Same as mDNS] 222 19. Summary of Differences Between Multicast DNS and Unicast DNS 224 [Same as mDNS] 226 20. IPv6 Considerations 228 An IPv4-only host and an IPv6-only host behave as "ships that pass in 229 the night". Even if they are on the same Ethernet, neither is aware 230 of the other's traffic. For this reason, each physical link may have 231 *two* unrelated ".site." zones, one for IPv4 and one for IPv6. Since 232 for practical purposes, a group of IPv4-only hosts and a group of 233 IPv6-only hosts on the same Ethernet act as if they were on two 234 entirely separate Ethernet segments, it is unsurprising that their 235 use of the ".site." zone should occur exactly as it would if they 236 really were on two entirely separate Ethernet segments. 238 A dual-stack (v4/v6) host can participate in both ".site." zones, and 239 should register its name(s) and perform its lookups both using IPv4 240 and IPv6. This enables it to reach, and be reached by, both IPv4- 241 only and IPv6-only hosts. In effect this acts like a multi- homed 242 host, with one connection to the logical "IPv4 Ethernet segment", and 243 a connection to the logical "IPv6 Ethernet segment". When such a 244 host generates NSEC records, if it is using the same host name for 245 its IPv4 addresses and its IPv6 addresses on that network interface, 246 its NSEC records should indicate that the host name has both A and 247 AAAA records. 249 21. Security Considerations 251 [TBD] 253 22. IANA Considerations 255 IANA has allocated the IPv6 multicast address set FF0X::FB for 256 Multicast DNS [mcast6]. The use of FF02::FB (Link-Local Scope) is 257 described in [I-D.cheshire-dnsext-multicastdns] and the use of 258 address FF05::FB (Site-Local Scope) is defined in this document. 260 When this document is published, IANA should designate a list of 261 domains which are deemed to have only site-local significance, as 262 described in Section 12 of this document ("Special Characteristics of 263 Extended Multicast DNS Domains") [I-D.cheshire-dnsext-special-names]. 265 Specifically, the designated site-local domains are: 267 site. 268 d.f.ip6.arpa. 270 23. Domain Name Reservation Considerations 272 The two domains listed in Section 22 above and any names falling 273 within those domains (e.g. "MyServer.site.", "b.a.9.8.7.6.5.0.0. 274 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.d.f.ip6.arpa.", 275 "www._http._tcp.site.") are special DNS names 276 [I-D.cheshire-dnsext-special-names] in the following ways: 278 1. Users may use these names as they would other DNS names, entering 279 them anywhere that they would otherwise enter a conventional DNS 280 name, or a dotted decimal IPv4 address, or a literal IPv6 281 address. 283 Since there is no central authority responsible for assigning 284 dot-site names, and all devices on the site-local network are 285 equally entitled to claim any dot-site name, users SHOULD be 286 aware of this and SHOULD exercise appropriate caution. In an 287 untrusted or unfamiliar network environment, users SHOULD be 288 aware that using a name like "www.site" may not actually connect 289 them to the web site they expected, and could easily connect them 290 to a different web page, or even a fake or spoof of their 291 intended web site, designed to trick them into revealing 292 confidential information. As always with networking, end-to-end 293 cryptographic security can be a useful tool. For example, when 294 connecting with ssh, the ssh host key verification process will 295 inform the user if it detects that the identity of the entity 296 they are communicating with has changed since the last time they 297 connected to that name. 299 2. Application software may use these names as they would other 300 similar DNS names, and is not required to recognize the names and 301 treat them specially. Due to the relative ease of spoofing dot- 302 site names, end-to-end cryptographic security remains important 303 when communicating across a local network, just as it is when 304 communicating across the global Internet. 306 3. Name resolution APIs and libraries SHOULD recognize these names 307 as special and SHOULD NOT send queries for these names to their 308 configured (unicast) caching DNS server(s). This is to avoid 309 unnecessary load on the root name servers and other name servers, 310 caused by queries for which those name servers do not have useful 311 non-negative answers to give, and will not ever have useful 312 nonnegative answers to give. 314 4. Caching DNS servers SHOULD recognize these names as special and 315 SHOULD NOT attempt to look up NS records for them, or otherwise 316 query authoritative DNS servers in an attempt to resolve these 317 names. Instead, caching DNS servers SHOULD generate immediate 318 NXDOMAIN responses for all such queries they may receive (from 319 misbehaving name resolver libraries). This is to avoid 320 unnecessary load on the root name servers and other name servers. 322 5. Authoritative DNS servers SHOULD NOT by default be configurable 323 tp answer queries for these names, and, like caching DNS servers, 324 SHOULD generate immediate NXDOMAIN responses for all such queries 325 they may receive. DNS server software MAY provide a 326 configuration option to override this default, for testing 327 purposes or other specialized uses. 329 6. DNS server operators SHOULD NOT attempt to configure 330 authoritative DNS servers to act as authoritative for any of 331 these names. Configuring an authoritative DNS server to act as 332 authoritative for any of these names may not, in many cases, 333 yield the expected result, since name resolver libraries and 334 caching DNS servers SHOULD NOT send queries for those names (see 335 3 and 4 above), so such queries SHOULD be suppressed before they 336 even reach the authoritative DNS server in question, and 337 consequently it will not even get an opportunity to answer them. 339 7. DNS Registrars MUST NOT allow any of these names to be registered 340 in the normal way to any person or entity. These names are 341 reserved protocol identifiers with special meaning and fall 342 outside the set of names available for allocation by registrars. 343 Attempting to allocate one of these names as if it were a normal 344 DNS domain name will probably not work as desired, for reasons 3, 345 4, and 6 above. 347 24. Acknowledgments 349 We wish to thank the authors of [I-D.cheshire-dnsext-multicastdns] on 350 whose work this document is heavily based. Reviews and comments were 351 provided by... 353 25. References 355 25.1. Normative References 357 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 358 Requirement Levels", BCP 14, RFC 2119, March 1997. 360 [RFC4193] Hinden, R. and B. Haberman, "Unique Local IPv6 Unicast 361 Addresses", RFC 4193, October 2005. 363 [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing 364 Architecture", RFC 4291, February 2006. 366 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 367 IANA Considerations Section in RFCs", BCP 26, RFC 5226, 368 May 2008. 370 [mcast6] "IPv6 Multicast Address Space Registry", 371 . 374 25.2. Informative References 376 [I-D.cheshire-dnsext-multicastdns] 377 Cheshire, S. and M. Krochmal, "Multicast DNS", 378 draft-cheshire-dnsext-multicastdns-14 (work in progress), 379 February 2011. 381 [I-D.cheshire-dnsext-special-names] 382 Cheshire, S. and M. Krochmal, "Special-Use Domain Names", 383 draft-cheshire-dnsext-special-names-01 (work in progress), 384 January 2011. 386 [I-D.ietf-dnsop-default-local-zones] 387 Andrews, M., "Locally-served DNS Zones", 388 draft-ietf-dnsop-default-local-zones-14 (work in 389 progress), September 2010. 391 Authors' Addresses 393 Kerry Lynn 394 Consultant 396 Phone: +1 978-460-4253 397 Email: kerlyn@ieee.org 398 Don Sturek 399 Pacific Gas & Electric 400 77 Beale Street 401 San Francisco, CA 402 USA 404 Phone: +1 619-504-3615 405 Email: d.sturek@att.net