IETF Logo Mail Archive

Re: [dnssd] SRP: name conflict while not knowing which name conflicts

Esko Dijk <esko.dijk@iotconsultancy.nl> Fri, 23 September 2022 12:07 UTC

Return-Path: <esko.dijk@iotconsultancy.nl>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6AA0DC14CE23 for <dnssd@ietfa.amsl.com>; Fri, 23 Sep 2022 05:07:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.108
X-Spam-Level:
X-Spam-Status: No, score=-7.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=iotconsultancy.nl
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BQ4QVPuq_AhF for <dnssd@ietfa.amsl.com>; Fri, 23 Sep 2022 05:07:24 -0700 (PDT)
Received: from EUR03-AM7-obe.outbound.protection.outlook.com (mail-am7eur03on2106.outbound.protection.outlook.com [40.107.105.106]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CCCCAC14F736 for <dnssd@ietf.org>; Fri, 23 Sep 2022 05:07:23 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=m09S60QRXRUloq2pb537icKUwHs/YhUkwheB0MMpq+cc7eoymANOC75+8rseJBhzxLdx6tW1aFTVVy4/uX6AlodQxuX2YiZ/jYpOIiAAPtS6RxOYssHdTDnWXBapGi+cKBRq9Rpspg7ntIeLyrMI9+t2z2okN/R3a/oR4OCvTRd0BtOkTvzPmJNOw89dOYPQ/lI+UOFXxx9ro91EJgs0gY7pRND9j3roRB6HIKxGBS30XsPfNLsZ3hjY6L+D/RfJuwCHCPRqvQHuo3PPLumvirLIpUQSWBdTFtAQiA86Vuawl/4PHF4RgCyh7QU2MBVmwD/cZZcQBM0N6aLLjIn3fA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=l8ZUR28NmlfmeR9ZUUL9tW8x/pnIrEOPjVq51j/nAPI=; b=GxCMa9D9mNh7eSBIEFHJN1+d/GHudJJ/YZrjSeTvZHY34XPOnI5asaJMl9SKpinfhoXE2xpVpZNycDHhgjJpWXkVjdFjhapcjf8ZIqusr4oI3u5b/iDcjpt1tQs1m3yZNskZ/6DCz497B6kZT67YkOKqIq/bOK6UuiFrf8nISiaRl1ItB/a2Av+xvcd2niXsPIJvZV28kGaKaRyjgA+tiDJOIXZcxv4yDnsOQ3OY40/sUveLIV4jpt558orB7vdc0DepyW3YZSERg1jqFKb9dQZHPdmYTlNMDth7zEmsbgXkhghzX0RCiqN51Qc9WCPRUkmVT/58EfARjG2Hagz2jA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=iotconsultancy.nl; dmarc=pass action=none header.from=iotconsultancy.nl; dkim=pass header.d=iotconsultancy.nl; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iotconsultancy.nl; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=l8ZUR28NmlfmeR9ZUUL9tW8x/pnIrEOPjVq51j/nAPI=; b=MPYqcEn/ToM9W4hJXAyYpFwhWIJdFY87A1NTmqg8O0R2DwXAhZtmBjZMLaxeo6L5e7fk+nacgW1nS2pAUM//xM2XELv875c4RmG2qocX7U+wN11TJHadpu7Pzattf4SEZANME4u8wnYnIvj8tmICxVp/G8gaE3y4hC8b18b4Uc8=
Received: from DU0P190MB1978.EURP190.PROD.OUTLOOK.COM (2603:10a6:10:3b9::20) by AM7P190MB0759.EURP190.PROD.OUTLOOK.COM (2603:10a6:20b:116::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5654.18; Fri, 23 Sep 2022 12:07:18 +0000
Received: from DU0P190MB1978.EURP190.PROD.OUTLOOK.COM ([fe80::b036:4614:bf67:fa75]) by DU0P190MB1978.EURP190.PROD.OUTLOOK.COM ([fe80::b036:4614:bf67:fa75%7]) with mapi id 15.20.5654.019; Fri, 23 Sep 2022 12:07:18 +0000
From: Esko Dijk <esko.dijk@iotconsultancy.nl>
To: Tim Wicinski <tjw.ietf@gmail.com>
CC: Kangping Dong <wgtdkp@google.com>, "dnssd@ietf.org" <dnssd@ietf.org>, Ted Lemon <mellon@fugue.com>
Thread-Topic: [dnssd] SRP: name conflict while not knowing which name conflicts
Thread-Index: AdjPHqIATg123HiARwyZV43v62jckAAAdzAAAAFlfsAABEZUgAADLXOA
Date: Fri, 23 Sep 2022 12:07:18 +0000
Message-ID: <DU0P190MB19786D6BDA466AC9667087C9FD519@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM>
References: <DU0P190MB19780211A2F50F5E66BCE005FD519@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM> <CAJ5Rr7Ys+bmFiP9j3ebptBEZHXX+6rzkTRaFHr7_mmgVZb9sZQ@mail.gmail.com> <DU0P190MB1978E63F6C69807759C10FD0FD519@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM> <CADyWQ+EMf3XTLuZWupLNeGwQ8Gaqd-A7BvyAs4wK-fT7M5zk6Q@mail.gmail.com>
In-Reply-To: <CADyWQ+EMf3XTLuZWupLNeGwQ8Gaqd-A7BvyAs4wK-fT7M5zk6Q@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=iotconsultancy.nl;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DU0P190MB1978:EE_|AM7P190MB0759:EE_
x-ms-office365-filtering-correlation-id: 1e877a32-22f5-43ce-235a-08da9d5c2971
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: /TaIvcjTF87df0HB8XDLQenYK+LEU5lZpcI464gxwF9koGs4BN8nU1IluR6Oe7TuU2KW0UyBUqgqxlzpfAtGndc/DiZHuQJYU/hcEdXYQ9MTbCWh9xzVppYeRFruZngXYcNwbiQ9XpsJzEk8zTlZHsccovm4ozG+sOMU5XPV/p+vDJ9OZdmTVv7PwSik5imsGxcW1AWPzGeL9ICGbl2dTmM65FDTc6jjy7KfUJd4J+N9Vh19MMQT6fx59oo4vHuWvV6GiPekUeJWLPD155b1EUvYz7pa5RYqcDFCV+/m5C/htp0B0Tj3NcjOJxLJ9rB2UjrQDIgm85aOLHr/Ch3rUhM80QXm3Jzz3j2XgFSlIuTrjqtL+k+dKV++G1IV5jVcLg65ou0q0RfsK0Ig2n8LA+FKp8Hr+1po4NBrluXuCvR+/MRdzH5VQyPj7d2YLhUwwVKdvzaYmjfELONKmjq5vSLgavGmc1U8OTNfFghd59ACKRx8g+V6fYWRXAwBUtKMis4x1l+v7faRp1L4he8MIvVJpx6+M9Cc4MQ7bsQNWfvG2CdsRpaUZ/C3KT7vNjOI8BS80JxDam91rqv/DdzA6MWByaryi8qYcC6DPZyGlKdQnQSyiAY++M81USBnQ77zDR4bYDjr6G8U2X7QLTSiKzPiDubNu2Y0TZoz8fywbqIsjnK3N3+wEJopDB2XY37QWFaO2l6gLVX0lAkZ7ESJMHQiSW+JVvtjlMCYRAhJomBNqpXo10xZjKQVztm9v8u6FhEPhN0p9tgTdMrTVZG+5Va18a6kyG5R0K5+yc1xTl0=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DU0P190MB1978.EURP190.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230022)(366004)(376002)(136003)(39830400003)(396003)(346002)(451199015)(9686003)(66446008)(86362001)(4326008)(8676002)(76116006)(64756008)(38070700005)(66476007)(66946007)(66556008)(44832011)(41300700001)(52536014)(6916009)(33656002)(71200400001)(316002)(5660300002)(54906003)(8936002)(9326002)(2906002)(478600001)(966005)(38100700002)(7696005)(166002)(122000001)(53546011)(55016003)(6506007)(186003)(83380400001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: TtDtLxEt/qN/dKXn3snoZKZTPVEszVnfxfNLEuMznIqQVkRouBFpCptzghhOjewZ/CkEmhNFAiBFi3hZ6QLZr35V3JTf6YcSX19u7Dyh78xTRaF4ldjMkS956Y5RFDX46rNFm9wYueZSmKx5dkoyrfIzZRB7Fg1Eo4nXar9N4YPBXKgGPa88iIZXC2Zo5mG/ZWHBDVYW4A2qW4pKKGwmf6pWAhMFqWDw0Qi4EbeekPNrrP3tjuR6PQjwTYMVhPg8j9XdGAP8CTuNgGf7sv+ZZAwjx7N+NnQtQ22jjIS6dAUwf9Dyt1JdEtA5ML+CDEOHhh2WtAlk4Eq3K0IiVipkYp7vsQj2sbTFW5xCEJXhIRbRUgSOp4iTU+du5whSrTIaIJ8mjXZ6lQCwMOaYmQSkjNkztkZJxCacY4OE1I/L0rdCWpZyTEeCTSgrTvb4Txj+lT3hilYxRiqkdIMuNDhwnQ7q4OspjfcS3Y0Gds0nAjqQ01KARCh2v4dg/DuK5FjwWE1jGaRNpc8xG/wTRUNEA6qkBE1A7NY/dH2s9u+GMqVYepZ+5LtALxvxis+C6IJwyVDnhQJyE8YzFmfCUF/hTdCLFPV2Y6ur05KWpmhLI2nKLOFixbYz+57fs0kZxled9NxQ+AOhCEyfCOulD01aL0e82LkCqRbbmtvDYEleNvWVfLlbPYFo88TR1xFV+vhFzFgRUC8FV4/KPc6EP5Nas+dPyMSf9i7+R+MWh/X8bTAoPsClu70U3NDXWj1YkL5nfau6kl4+qObkSmM8+inusa/DQnfvCl7PfSERGG6jNFLfV4MSE80OUtUZFD0SSwl7w4NKu7di1ZbJPc40GnNEKd9xgQj1C74PpN3Ue68HV3S3d2ySwxv9ITALgwdcNeXDCUc5iAr1r6iSy32KhVFIEao3oafLvNBsghtUdtv7xLgs0+8qP9U02qkOygwolLGsQhon5j8QN0wpr0zKlLXmaiEkgIxaAKlFY7gxcTPc0qtS8ztrVS+oRjUpMMEJgZIE0qwU85gPyka4Feo2Uzgv+0oGEKY/AZjithtFFXog6H+IdunGPPfLIkiIhrN+F4urqgSEvqWKJxbhuVYNZ1DbfZi04EKywDR05s9WYagmxxt7wVXYhDbx9sal6IXLl9NmFe0igFLd367P9Wj6Z2ZjWq8BoQ+4PBL5/p1HhFeLgL3WZ4O79mMhar5XkUxfBxEWYS/ja6e1AhPX2wk32RDEdVzfv2MwoZ/E9+ZHSCn5/J3uYkVNMmE1FcGyEj0N6F6gdNu1MHXH8Ag98+DhY8vLTduL+JC4m8Kw+grDjlsqFAjrEwcDyVVTNe4Wx/s62YsqSzbpQW6LEjNd9RnHRUE4KkdbX8CgdmVNpEUP6vFQ/xGz1SS9JQLyhGF+kDYPm9J5UPFrAkkYE43vQNH40YOsjBux0s213Mcb375mU6VC8Kp/jnlKJeDrnPoQETrcfnefuCqV8DuSYsSlTOkQQThZfBjb5NvYH67B51hDnVUl8mFiWrmLqLRzcqLt1l4OQ68hrsK26bg9UZlcFGCIt8VSlwkujsWbXbML7/fWPpgq+XUc5/Ms2hsl3lbqAnAtAN2vQTudQDXvBu+rf0YUUwQE2d+GyxDpfkOKM4gLBYTqwkyI15k6VA+woeQNVpdRuh28wXhmnPwHUjrJigsrdez6og==
Content-Type: multipart/alternative; boundary="_000_DU0P190MB19786D6BDA466AC9667087C9FD519DU0P190MB1978EURP_"
MIME-Version: 1.0
X-OriginatorOrg: iotconsultancy.nl
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DU0P190MB1978.EURP190.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 1e877a32-22f5-43ce-235a-08da9d5c2971
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Sep 2022 12:07:18.3866 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 58bbf628-15d2-46bc-820b-863b6774d44b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: FZvNQf11eAviKtIHH0+d8oaxhsztaMFKyoBojuSXZ6KV9oQ4ryf/dcFW8eSfB/zPvny0zo2XfXMxuJhI5FgtVRrNlPWaHjEAHemBGmawFu4=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7P190MB0759
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnssd/BqVePG7rxJe9pcU5ZVqt2XFQUZ4>
Subject: Re: [dnssd] SRP: name conflict while not knowing which name conflicts
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Discussion of extensions to DNS-based service discovery for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Sep 2022 12:07:28 -0000

Hi Tim,

> I don't think an update to 2136 is needed here, as section 2.2.3.1 describes the differences with an SRP registrations and 2136 Updates,
but this response should be tested against a DNS update response.

Clear, we can just add a bullet in 2.2.3.1 then as plain DNS Update isn’t updated by this draft.  What’s important then is that the server, when receiving a DNS Update that is not an SRP Update, will not use the new mechanism of including the conflicting record(s). Only do this for an SRP Update.
And for testing: do you mean sending the “new” type of YXDomain response to a plain DNS Update client and see what happens?  That seems not necessary if the SRP registrar is careful in using the “new” response format only for SRP clients.

Esko


From: Tim Wicinski <tjw.ietf@gmail.com>
Sent: Friday, September 23, 2022 12:28
To: Esko Dijk <esko.dijk@iotconsultancy.nl>
Cc: Kangping Dong <wgtdkp@google.com>; dnssd@ietf.org; Ted Lemon <mellon@fugue.com>
Subject: Re: [dnssd] SRP: name conflict while not knowing which name conflicts



On Fri, Sep 23, 2022 at 4:32 AM Esko Dijk <esko.dijk@iotconsultancy.nl<mailto:esko.dijk@iotconsultancy.nl>> wrote:
Thanks Kangping,

It looks like including the conflicting name records in the Additional section is a good base solution and also easy to describe in the SRP draft, which does not impact the states & procedures of registrar and client.
It’s just additional helpful information the client may use to compose the retry Update.  The part about renaming by the registrar, on behalf of the client, seems more tricky and may impact states & procedures which were just WGLC-reviewed now.

If we use the Additional section for a YXDomain response, this may require a formal update of RFC 2136 (3.8) since DNS Update only allows a server to repeat all records in the (error) response or to exclude all records.

Esko


Esko,

I don't think an update to 2136 is needed here, as section 2.2.3.1 describes the differences with an SRP registrations and 2136 Updates,
but this response should be tested against a DNS update response.

Kangping, I believe this is your workflow description - I pasted it here to assist in my readings.

1. If a name has already been registered on the SRP server or a name conflict error is returned by the Advertising Proxy:
    the SRP server responds with the RR that includes the conflicted name.
    If the client sees such records, it knows the conflicts on the SRP server and will retry with a new name.

2. If a name conflict is reported to the SRP server after the SRP update transaction has been committed:
    The next time the SRP client registers, the SRP server responds with a CNAME record which includes the new name.
    If the client sees such records, it knows the conflict on the multicast link and will accept the name or retry with another name.

https://mailarchive.ietf.org/arch/msg/dnssd/cUJBXN9WXBguPKtTYgPYq4bo4pQ/

Tim

v2.23.0 | Report a Bug | By Email