IETF Logo Mail Archive

Re: [dnssd] Solicit feedback for the DNS behavior for workloads hosted in Cloud DCs described in draft-ietf-rtgwg-net2cloud-problem-statement

Linda Dunbar <linda.dunbar@futurewei.com> Mon, 30 January 2023 19:42 UTC

Return-Path: <linda.dunbar@futurewei.com>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F7E3C14CF0C; Mon, 30 Jan 2023 11:42:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.097
X-Spam-Level:
X-Spam-Status: No, score=-7.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=futurewei.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PlVKKQjZdTcu; Mon, 30 Jan 2023 11:42:49 -0800 (PST)
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on20702.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe5b::702]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 570D1C14CF09; Mon, 30 Jan 2023 11:42:49 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YNBJ+p7H7NCfheF35kj4Kwzqj9T009ZUd1AmntSedUKN0keV2oseWmMYwcYzMZ9Z1Oq3d2fT3+usazRRoks2I/jFxVAPFRWkrOX0Y0KPvyN+Yf1OTBBdTbTcZCP2wocO7bxp1TmAOhY9VhrR7aFVBjKQCySVHr+ST9axCDGm8yBMfpp//SNWzV2Dx/65AbDZsA+BiC47V9vbHbRmz2S1P+TSJ70i3WDIlZu2OUIrHnC15f64fGthS2mYYxmuWoJ/IXxQf8yt5Rr7WJXdTibIP0UTe17buDRDxUJH8EeIT6k80WMP/I6HayfyAc+F0uBKWveTo0YyjuHtvAEVJlF75w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=zEhCqNuO5OlMZiHKWNCHNhM47qJADQc5MJ8mfMY7/Uk=; b=ECzcw3NIkU5544sJ0Q9cPmVSr3Tb3bUOeVKZKw9kx85NReqRcqErLSkSN6iICLtbrlMrvHfvC4d7yNUhmX5sfVHMlCmhGznczLQYatgjAnGNK7iy/jbcMhITo1MGHhiZWyqjlaPn1XH7ZibymUH686Rm0YMqBRdB5wdqiur7xQ8WkEDgbqqn0Jy8B0uzmfvEwwL3Z8vquBi7gQw2cTHQxrYykhwnBDGplZQniA52OHAAXjKXoJjzjt7ZaX/Q8OnEQPYNIgH3c5JsDw1rFeSHtOd0pIW1LZ/4aI/Km2fZjTFpqeu4HxPxd9Y/gALQmjOy3UCKtXiN87+QOZt7vTOlow==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=futurewei.com; dmarc=pass action=none header.from=futurewei.com; dkim=pass header.d=futurewei.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Futurewei.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zEhCqNuO5OlMZiHKWNCHNhM47qJADQc5MJ8mfMY7/Uk=; b=ecrOQR9voTXaXD4EbfrtU3d/eRaRZuu5/O9bcXvIV2sNJV24kYRelA38UtLr/8XgyOLWbPcuTrtu8/SclD+rdj8dXnhRWo4igz1JUORf2ewIPmjjOuuFIncUziAxtfbgjBwyZYiT5QkORA2oPpTO8xc36LzqD0xT86n63JEqqgM=
Received: from CO1PR13MB4920.namprd13.prod.outlook.com (2603:10b6:303:f7::17) by DM6PR13MB4115.namprd13.prod.outlook.com (2603:10b6:5:2a3::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6043.36; Mon, 30 Jan 2023 19:42:44 +0000
Received: from CO1PR13MB4920.namprd13.prod.outlook.com ([fe80::d7f0:e736:a3bb:ec9d]) by CO1PR13MB4920.namprd13.prod.outlook.com ([fe80::d7f0:e736:a3bb:ec9d%9]) with mapi id 15.20.6043.036; Mon, 30 Jan 2023 19:42:44 +0000
From: Linda Dunbar <linda.dunbar@futurewei.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
CC: "rtgwg@ietf.org" <rtgwg@ietf.org>, "dnsop@ietf.org" <dnsop@ietf.org>, "dnssd@ietf.org" <dnssd@ietf.org>
Thread-Topic: [dnssd] Solicit feedback for the DNS behavior for workloads hosted in Cloud DCs described in draft-ietf-rtgwg-net2cloud-problem-statement
Thread-Index: Adkw1iC4mt+j5VlVQsut7d4yC8HsMAAG5DyAAPwhamA=
Date: Mon, 30 Jan 2023 19:42:44 +0000
Message-ID: <CO1PR13MB4920929D74B9B2A1F7495E4E85D39@CO1PR13MB4920.namprd13.prod.outlook.com>
References: <CO1PR13MB49205414F4D43B26111F3FAC85CE9@CO1PR13MB4920.namprd13.prod.outlook.com> <9047.1674674261@localhost>
In-Reply-To: <9047.1674674261@localhost>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=futurewei.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CO1PR13MB4920:EE_|DM6PR13MB4115:EE_
x-ms-office365-filtering-correlation-id: eaf0d051-3a58-45ce-810b-08db02fa283b
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 3+ifuSLSDW7srjnwz1+Om9hxnp7+00lVEF7I56u9CvSxhkbnqIzCeVO6dvJAOqPFJ69FHDGpvWf46uk1Dr112Gyp6v5IYTuYlvb5hJUe40MVc8Ldlm5ACvKH5/EMQ8WMtH+YPHDb7Lcc1eLNcRvruR0W8wAsp9DQnzy2CH4sROTVRfY5aEhkOorcy00vJF7LbECNCPNtbDblPcsc/yPo/OvdZqfj5bn3rQtAkdkx0FkFoI6lr1ccd1wz19jrwhkAdZmueFOmUeX/TuBbb5NLZOwSONfgAfkeZhnvecfH+E0U5gbzi6K+eWS+/g1tVICDi4SgLwPSypH9ozt/shqOZebRV80on4yTeAxjYbYAkDdx/0i1c31lAo78kVAvgWsntwYPygOD+5jEoJPgvao6+CZVMpq4Mwkb5gSW9Vp+TLgLi6eHWcFWZPIGljyamuWNS+Lz3Bqnzs+5qh5a1mXu0FzZetzqvZ+2ZkRnDZeaer3+ePwOQhY2Yv7AGfUCmi3kA6Y/lTTDMa823++LNx/d/4V1uvoJdQUeFXqXculCaMnRb4UsHpxU6INNWpyedh2g4oWqGT9olmxo5gyhttI+swMjOU0TvibYzan2rXd0EFK2RYaCXR3D1pX61GmVrb6pi9AzlXxfuHNGhZz64WG0ic5MrtmOrMphQ7RxbSyuJkHM8iDWXNE4LS+mlllp3tU5Boi4l+6c0YYNut8xfPnOrM3CYrRuZsEA5IBYJo3AzAQ=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO1PR13MB4920.namprd13.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230025)(4636009)(376002)(396003)(366004)(346002)(39840400004)(136003)(451199018)(8936002)(41300700001)(44832011)(86362001)(5660300002)(52536014)(38070700005)(83380400001)(66574015)(54906003)(33656002)(122000001)(316002)(55016003)(38100700002)(66446008)(66946007)(4326008)(66476007)(66556008)(64756008)(76116006)(8676002)(186003)(26005)(7696005)(9686003)(6506007)(966005)(53546011)(71200400001)(478600001)(2906002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: jU17K5wr7hYk3JLXtp/D8hunE9IIkPtqVFwgNaezLkmziOMUkyWfHtj523mcYq26kuweHMCOg6+AQrDmgkKgfrUjWK4iikDcqe2d7JipM9ZWTe8zhnegjyEJfRdXWYL4ABTEG8V7B/Ipcv7/H9s2fXxDOvNnKYq7oTkuqZxcV6Z21KGTKDlmd7anVWGLJfeQRoNeMV+HkNxgJVOP+Hj0a8nXpMBbaXyD5g+VIq2alvGYnqyRFjK2ultMTf/VHwfNfI1rdzdLNQVhDOYLEtUaQFPqPN+KH0K67PzMa2I4PPBOSobEYF5tXNTXR2sBVMFi2GH9aGAMS5Ek75dKpsZAmuA4EUJn3Bl431TAgvXW1+uSkrPd2vryHb+cCUVxxXg6uFKDF6NBrJtBnSEoRTqgVk2752BCvSqs7ynri21MHpMOyzggNOpHITbwr0QLsq2LD/XipSaPuPF+chC2sfzmnRip5zcJhUeDCXMxGHInLpI5ImDp2UsXtjgb5hHI8XIHsw+VDLTz0lEGSxTGZSzPdYXnughWymyNSVcQjmriaHgTKhdcatBkpKcc+o5CpZcr6VhaEl/rNcU9Yw7rCoJQBWdQe2qCm6tZRnF6qm4By1zosAa0otZG9O5La3Wsz0z064YeS93WhH82ZW7tvEmgAYVIChZhWLxaO4KpddAaW/CovEcH4SaNToIyZIs+xHs6gnB3X9hnGX3Ptx9fPJQo2sCj5DXcnwnCpjmsBrTCHbwrXB6YpfTufLnC1tna3pEjwvAPNkbYxNNolR8ErHqdn3bN41YIreXINvsei3kel+JDl3gMhZVY0CyaCH/MBaJr5nryQajSyYLIHm2q3JhdM6FHITb289CZwnThqk8pVpzM5a0yrCcEHwYxJSYnMdPiYu3ZQNi9jl+tUYOpbHOjhAqQ9+SXTcpGgP6FuaXrGm+5sWlo5SIUHTQD09YKpR4mFTFaA/2PBZSFFqb7aziRG3AYX311SkCx6TsIrMghLnLx8EY7eX5oROTnfARiQAIP4zEmLxLY2CTwnu1E+2Tyt1Ox0xnHKsVbdc/2Mhw/cSPU14RRGVY2Whny4Vzt387UWMp4CKN/YcAbCmJPqABek0UobFs0bO6zmP8bkbDDC7K3i/JsctXj5emb3A8FrDrB9RTx8caNE062ux47RrJPFR7O9ZMOXwo92zh1oNFrqCJazqZ7FhhfgXr/BasaoqCWyRW2tauhpwh97+2U5OOXXxNsJTUeSHmMlpPOKojxXfgJCajYf0v0YNHlD8+3CS46j+h3zTJNQUUDGEIEeYXwH/qYjXzXg8ertJ2/9QeYc/iteaM/WHb+aHaQ/iOqsNge9P/ieGwageiiZVabmiN4BiTtS4OOidPQ2cwkuJsnpblbVaXqLlIw3+kUaLMss3BKyYi97aK+Lssuu8v/JxMRAiZ7Mi5A7InIe3uv96gUS1smYx7YFfzhF8lNQf8+hAGBc+0RuGduRlJs3Yhdy+3xYl1eXvpCW91JeRYboNnAYnxR0NuGMInrtUvJ3xyYUJaLBD8IT61Zl6coKGYNc8pDgMxjSaOz6nYRfMMZv2YSbvJp2UPbPsS2VBQNKcT6Nu4b
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: Futurewei.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CO1PR13MB4920.namprd13.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: eaf0d051-3a58-45ce-810b-08db02fa283b
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Jan 2023 19:42:44.2656 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0fee8ff2-a3b2-4018-9c75-3a1d5591fedc
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: PSnFWMqmAqJc0EKhFTm/gRHtxtNAzaSZCkJ6qiqVad/NuIPAt+lwZmvqyoQ1YsXEBEAU1gDG4TKC29WiS4Tfeg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR13MB4115
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnssd/HWAf0yFvUTPPVIlBpasG7d1fe0E>
Subject: Re: [dnssd] Solicit feedback for the DNS behavior for workloads hosted in Cloud DCs described in draft-ietf-rtgwg-net2cloud-problem-statement
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Discussion of extensions to DNS-based service discovery for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Jan 2023 19:42:53 -0000

Michael, 

See below some questions to your suggestions:

Thank you
Linda
-----Original Message-----
From: Michael Richardson <mcr+ietf@sandelman.ca> 
Sent: Wednesday, January 25, 2023 1:18 PM
To: Linda Dunbar <linda.dunbar@futurewei.com>
Cc: rtgwg@ietf.org; dnsop@ietf.org; dnssd@ietf.org
Subject: Re: [dnssd] Solicit feedback for the DNS behavior for workloads hosted in Cloud DCs described in draft-ietf-rtgwg-net2cloud-problem-statement


This sounds a bit like the provisioning domain DNS problem.
I felt that PvD was IPv4 think applied to DNS.
[Linda] what does PvD mean? 

I strongly agree with you recommendation:

> Globally unique names do not equate to globally resolvable names or 
> even global names that resolve the same way from every perspective. 
> Globally unique names can prevent any possibility of collisions at 
> present or in the future, and they make DNSSEC trust manageable. 
> Consider using a registered and fully qualified domain name (FQDN) 
> from global DNS as the root for enterprise and other internal namespaces.

Do a zone cut for cloud.example.net, put up some NS records for that, and then answer queries only when the question comes from authorized cloud providers.
The answer might well be ULAs that only work within the VPN, or RFC1918 even.

[Linda] Do we need to add something to the draft to reflect what you said here? 

I wrote a document awhile ago suggesting this:
  https://datatracker.ietf.org/doc/html/draft-richardson-homenet-secret-gardens-01
but, MIF shutdown before I could take it anywhere.
[Linda] I finally read through the draft, do you mean we should include "Split Horizon DNS" into the draft? Or do you have some good wording to add? 

Thank you very much, 
Linda



--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide

v2.23.0 | Report a Bug | By Email