idnits 2.17.1 draft-pfister-homenet-dot-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The abstract seems to contain references ([RFC7788], [RFC6761]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 98: '...ending with '.homenet.' MUST refer to...' RFC 2119 keyword, line 104: '...ing with '.homenet.' MUST NOT be sent...' RFC 2119 keyword, line 106: '...lt, such queries MUST NOT be sent outs...' RFC 2119 keyword, line 107: '... network, but home network devices MAY...' RFC 2119 keyword, line 119: '...evel domain name MUST NOT be considere...' (19 more instances...) Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (October 31, 2016) is 2733 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) No issues found here. Summary: 2 errors (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group P. Pfister 3 Internet-Draft Cisco Systems 4 Intended status: Standards Track October 31, 2016 5 Expires: May 4, 2017 7 Special Use Top Level Domain '.homenet' 8 draft-pfister-homenet-dot-00 10 Abstract 12 This document specifies the behavior that is expected from the Domain 13 Name System with regard to DNS queries for names ending with 14 '.homenet.', thereby defining this top-level domain as a special-use 15 domain name [RFC6761]. The '.homenet' top-level domain intends to 16 replace '.home' which was originally proposed in [RFC7788] as default 17 domain-name for home networks. 19 Status of This Memo 21 This Internet-Draft is submitted in full conformance with the 22 provisions of BCP 78 and BCP 79. 24 Internet-Drafts are working documents of the Internet Engineering 25 Task Force (IETF). Note that other groups may also distribute 26 working documents as Internet-Drafts. The list of current Internet- 27 Drafts is at http://datatracker.ietf.org/drafts/current/. 29 Internet-Drafts are draft documents valid for a maximum of six months 30 and may be updated, replaced, or obsoleted by other documents at any 31 time. It is inappropriate to use Internet-Drafts as reference 32 material or to cite them other than as "work in progress." 34 This Internet-Draft will expire on May 4, 2017. 36 Copyright Notice 38 Copyright (c) 2016 IETF Trust and the persons identified as the 39 document authors. All rights reserved. 41 This document is subject to BCP 78 and the IETF Trust's Legal 42 Provisions Relating to IETF Documents 43 (http://trustee.ietf.org/license-info) in effect on the date of 44 publication of this document. Please review these documents 45 carefully, as they describe your rights and restrictions with respect 46 to this document. Code Components extracted from this document must 47 include Simplified BSD License text as described in Section 4.e of 48 the Trust Legal Provisions and are provided without warranty as 49 described in the Simplified BSD License. 51 Table of Contents 53 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 54 2. General Guidance . . . . . . . . . . . . . . . . . . . . . . 3 55 3. Domain Name Reservation Considerations . . . . . . . . . . . 3 56 4. Security Considerations . . . . . . . . . . . . . . . . . . . 4 57 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 58 6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 5 59 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 5 60 7.1. Normative References . . . . . . . . . . . . . . . . . . 5 61 7.2. Informative References . . . . . . . . . . . . . . . . . 5 62 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 5 64 1. Introduction 66 Users and devices within a home network require other devices to be 67 identified by names that are unique within the boundaries of the home 68 network [RFC7368]. The naming mechanism also needs to function 69 without configuration from the user, and keep functioning in case of 70 upstream connexion failure. It is therefore expected that home 71 network routers and devices will derive their own names from one or 72 multiple domain-names that are assigned to the home network. Such 73 domain names could be assigned by the service providers, although 74 this would certainly lead to complicated names (e.g., 'cstmr6372514 75 .isp-foo.com.'), or be reserved and configured by an educated user. 76 But in the case of upstream connexion failure, or when the user 77 ignores how to reserve and configure a domain name, or does not care 78 enough to do it, a default name with local scope needs to be used. 80 The '.homenet' top-level domain intends to replace '.home' which was 81 originally proposed in [RFC7788] as default domain-name for home 82 networks. '.home' would certainly be the most user-friendly option, 83 but evidence indicates that '.home' queries frequently leak out and 84 reach the root name servers [ICANN1] [ICANN2]. This document is to 85 be bundled with another internet draft updating [RFC7788] and 86 deprecating the use of the '.home' TLD, replaced by '.homenet'. 88 This document registers the top-level domain '.homenet.' as a 89 special-use domain name [RFC6761] and specifies the behavior that is 90 expected from the Domain Name System with regard to such DNS queries. 91 Records for names ending with '.homenet.' are of local significance 92 within a home network, meaning that identical queries may result in 93 different results from one home network to another. 95 2. General Guidance 97 The top-level domain name '.homenet.' is to be used for naming within 98 a home network. Names ending with '.homenet.' MUST refer to 99 services that are either located within a home network (e.g., a 100 printer, or a toaster), or only reachable from within the home 101 network (e.g., a web server hosted by the service provider and 102 providing a service that is specific to the home). 104 DNS queries for names ending with '.homenet.' MUST NOT be sent 105 outside of the logical boundaries of the home network. Which means 106 that, by default, such queries MUST NOT be sent outside of the 107 network boundaries of the home network, but home network devices MAY 108 be configured in order to send such queries to DNS servers located 109 outside of the home network when the DNS server is capable of 110 responding with values that are specific to the network where the 111 query is coming from. 113 Although home networks most often provide one or multiple service 114 discovery mechanisms, it is still expected that some users will see, 115 remember, and sometimes even type, names ending with '.homenet'. It 116 is therefore desireable that users identify the top-level domain and 117 associate it with the fact that the service they are connected to is 118 specific to the home network they are connected in. But, the 119 presence of this top-level domain name MUST NOT be considered as 120 improving the security of the connexion in any way. 122 3. Domain Name Reservation Considerations 124 This section defines the behavior of systems involved in domain name 125 resolution when serving queries for names ending with '.homenet.' (as 126 per [RFC6761]). 128 1. Users MAY use, type or remember names ending with '.homenet.' 129 just like any other fully qualified domain names. Users SHOULD 130 recognize the top-level domain and understand that its presence 131 at the end of a Fully Qualified Domain Name (FQDN) imply that the 132 service they are reaching is associated with the home network 133 they are connected in. In particular, users SHOULD understand 134 that a single name (e.g. www.homenet) may connect them to 135 different services when connected within different homes. 137 2. Applications SHOULD treat domain names ending with '.homenet.' 138 just like any other FQDN, and MUST NOT make any assumption on the 139 level of additional security implied by its presence. 141 3. Name resolution APIs and libraries SHOULD NOT recognize names 142 ending with '.homenet.' as special and SHOULD NOT treat them 143 differently. Name resolution APIs SHOULD send queries for such 144 names to their configured caching DNS server(s). 146 4. Cachine DNS Servers SHOULD recognize such names as special use 147 and SHOULD NOT, by default, attempt to look up NS records for 148 them, or otherwise query authoritative DNS servers in an attempt 149 to resolve these names. Instead, recursive/caching DNS servers 150 that are not part of a home network SHOULD generate immediate 151 NXDOMAIN response. Caching DNS Servers that are part of a home 152 network MAY be configured manually or automatically (e.g., for 153 auto-configuration purposes) to act differently, e.g., by 154 querying another name server configured as authoritative for part 155 of the domain, or proxying the request through a different 156 mechanism. 158 5. Authoritative DNS Servers SHOULD recognize such names as special- 159 use and SHOULD NOT, by default, attempt to look up NS records for 160 these names. Servers that are part of a home network or 161 providing name resolution services for a home network MAY be 162 configured to act as authoritative for the whole top-level domain 163 or a part of it. 165 6. DNS server operators SHOULD NOT attempt to configure DNS servers 166 to act as authoriative for any of these names. Internet service 167 providers or, by extension, entities providing name resolution 168 services to home networks MAY configure their DNS servers to 169 answer such requests in a way which ensures total isolation 170 between different home networks. 172 7. DNS Registries and Registrars MUST NOT assign any sub-domain from 173 '.homenet.'. 175 4. Security Considerations 177 Although a DNS record returned as a response to a query ending with 178 '.homenet.' is expected to have local significance and be returned by 179 a server involved in name resolution for the home network the device 180 is connected in, such response MUST NOT be considered more 181 trustworthy than would be a similar response for any other DNS query. 183 5. IANA Considerations 185 [Once published, this should say] IANA has recorded the top-level 186 domain ".homenet" in the Special-Use Domain Names registry [SUDN]. 188 6. Acknowledgments 190 The author would like to thank Stuart Cheschire for his prior work on 191 '.home', as well as the homenet chairs: Mark Townsley and Ray Bellis. 193 7. References 195 7.1. Normative References 197 [RFC6761] Cheshire, S. and M. Krochmal, "Special-Use Domain Names", 198 RFC 6761, DOI 10.17487/RFC6761, February 2013, 199 . 201 7.2. Informative References 203 [RFC7368] Chown, T., Arkko, J., Brandt, A., Troan, O., and J. Weil, 204 "IPv6 Home Networking Architecture Principles", RFC 7368, 205 October 2014. 207 [RFC7788] Stenberg, M., Barth, S., and P. Pfister, "Home Networking 208 Control Protocol", RFC 7788, DOI 10.17487/RFC7788, April 209 2016, . 211 [ICANN1] "New gTLD Collision Risk Mitigation", October 2013, 212 . 215 [ICANN2] "New gTLD Collision Occurence Management", October 2013, 216 . 219 [SUDN] "Special-Use Domain Names Registry", July 2012, 220 . 223 Author's Address 225 Pierre Pfister 226 Cisco Systems 227 Paris 228 France 230 Email: pierre.pfister@darou.fr