[dnssd] Review of draft-ietf-dnssd-hybrid-02

Tom Pusateri <pusateri@bangj.com> Sun, 17 January 2016 22:59 UTC

Return-Path: <pusateri@bangj.com>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 279DD1A90A3 for <dnssd@ietfa.amsl.com>; Sun, 17 Jan 2016 14:59:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.038
X-Spam-Status: No, score=-3.038 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, GB_I_LETTER=-2, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id EWkab0S-i2Dc for <dnssd@ietfa.amsl.com>; Sun, 17 Jan 2016 14:59:08 -0800 (PST)
Received: from oj.bangj.com (amt0.gin.ntt.net []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A7F491A90A2 for <dnssd@ietf.org>; Sun, 17 Jan 2016 14:59:08 -0800 (PST)
Received: from [] (69-77-155-155.static.skybest.com []) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by oj.bangj.com (Postfix) with ESMTPSA id 4DEC4FA89 for <dnssd@ietf.org>; Sun, 17 Jan 2016 17:55:50 -0500 (EST)
From: Tom Pusateri <pusateri@bangj.com>
X-Pgp-Agent: GPGMail 2.6b2
Content-Type: multipart/signed; boundary="Apple-Mail=_F53508F4-88A8-4DFD-844D-4F424CDFBFCA"; protocol="application/pgp-signature"; micalg=pgp-sha256
Date: Sun, 17 Jan 2016 17:59:05 -0500
Message-Id: <93893951-3510-4910-A69F-AD189E6E8FA6@bangj.com>
To: dnssd@ietf.org
Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\))
X-Mailer: Apple Mail (2.3112)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnssd/MQ6y5u1fYbP4cfAbmCCDa65-37Q>
Subject: [dnssd] Review of draft-ietf-dnssd-hybrid-02
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion of extensions to Bonjour \(mDNS and DNS-SD\) for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Jan 2016 22:59:11 -0000

Overall, the -02 version is very good. Section 4.5.1 on DNS TTL limiting is very helpful for implementation. Also, the four modes of responding listed in section 4.6 on Answer Aggregation is a tremendous addition. Thanks for these.

In an earlier note to the mailing list, I reviewed an earlier version of this draft.


Some of the comments have been addressed and some have not. For Stuart’s convenience, I am listing all of the previous comments that still apply and adding some new ones so there is no need to go back and try to match old section numbers.

2. (3rd paragraph) - There is a pointer to [802.5] with no matching reference. Add http://xml2rfc.ietf.org/public/rfc/bibxml2/reference.IEEE.802-5.1995.xml

(new) 4.2 Domain Enumeration - I think using the term “home” domain is confusing with regards to homenet and a different term should be used.

(new) 4.2.2 (3rd paragraph) - the use of “configuration data” is ambiguous. I would like to see this be more specific.

4.3 Title “LDH" - The acronym LDH (Letter, Digit, Hyphen) is not defined or referenced anywhere. A reference to Section 2.2 of RFC 5890 should be included.

(new) 4.3 (5th paragraph) - “a Hybrid proxy should support having separate subdomains delegated to it”. This should say for the same link since proxies can already have separate subdomains across multiple links.

4.3, 4.4 - The example IP addresses should use documentation IPv4 address ranges as specified in RFC 5737.

4.4 (5th paragraph) - "(In the Apple "/usr/include/dns_sd.h" APIs, using ForceMulticast indicates that the DNSServiceQueryRecord() call should perform the query using Multicast DNS.)” - I don’t think this implementation detail is necessary.

4.5.2 - Since hybrid proxies can never know all of the possible records in the subdomain, it is not possible to build NSEC next record relations. Therefore, all NSEC records learned over mDNS (typically in the Additional Section) should be filtered in unicast DNS responses sent by the hybrid proxy.

(new) 5. DNS SOA - I would like to see an introductory paragraph explaining the hybrid proxy should respond to SOA record requests for each subdomain assigned to the hybrid proxy.

8.1 The hybrid proxy could also only provide sensitive records to authenticated users. But this is a general DNS problem and not a problem specific to the hybrid proxy. A reference to the work in DPRIVE that outlines DNS privacy issues might be appropriate (now published as RFC 7626).