Re: [dnssd] Strategy of advertising proxy for hostname conflicts during key lease period? (draft-ietf-dnssd-advertising-proxy-00)
Ted Lemon <mellon@fugue.com> Thu, 16 June 2022 17:25 UTC
Return-Path: <mellon@fugue.com>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3262C157B37 for <dnssd@ietfa.amsl.com>; Thu, 16 Jun 2022 10:25:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.907
X-Spam-Level:
X-Spam-Status: No, score=-1.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 325BYD6ZByLh for <dnssd@ietfa.amsl.com>; Thu, 16 Jun 2022 10:25:27 -0700 (PDT)
Received: from mail-oa1-x2f.google.com (mail-oa1-x2f.google.com [IPv6:2001:4860:4864:20::2f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 337DFC14F74F for <dnssd@ietf.org>; Thu, 16 Jun 2022 10:25:26 -0700 (PDT)
Received: by mail-oa1-x2f.google.com with SMTP id 586e51a60fabf-fe51318ccfso2724777fac.0 for <dnssd@ietf.org>; Thu, 16 Jun 2022 10:25:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=blf18z9pDjdeYOxOKuw7DZWzVuATj8utrL1ps4vmvQs=; b=H0Rq3HG1n/yGoEgy+uZtyeZZFKbcymOn3qv2j32M0NYaVZZgB5QY1bYIAWclBRIyUX XCtPqkAoFGNN38ROhoOpi61yrs37WRkP5LOf6NPVnjcwnX5ABK9IH1Q65Y7+wbTCsnIc +WDtNi39w95Adsc6kolDGMXKuWaTWALXvxVXtgEV76Cy1HDCnkZBTjmAsVWgIyDFOnsG BNeWEJc7pX0vMpLVPBQRwgU1t6uPXMOehyuSY4j6/ucMA7V2HSYRvw++5ZzhsLMVG2xB Xo/BD5d6CyW9Vy/xLbbnboeNKyUVbkxP8cBWuoToBKQaDYM5P7uw16lkNRmjhFt2XzO/ s7qg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=blf18z9pDjdeYOxOKuw7DZWzVuATj8utrL1ps4vmvQs=; b=XZRAI/qFQ7gAEFWYJnDBQVoVyN1PxPWWK/6IGziumXnrSry7xPYzD0QpElKLJ9crL/ oi+PiP1Y4iThJOlxU2WHFyO5inLuCiA3lwpGahYKMaUivtRnP60SSDZPKEHASOFwLrF9 m/KNbFNUhLKeJctsHwRwJmh/tHDdFd/LHEHm9UYf16FKQx1YtYRkD4c0V4TH18hNQgpv UgXowyXnzoh/CxGlgqc+GZexJJW8WFoknIap2DzaonRwqa/M8BQuT4QZHZPNSQfkVGiM IHtZJZBV9MJp89Waw2MXfYcsmT7RpAXCJCxv74dHVRHNm8DeYypwS15rICz55PITIcgq tSgQ==
X-Gm-Message-State: AJIora9xN2mKGtwrwtmrBp5VOLyNNVsnz5HLwY8QblgJFnjN+gjzKE/u 89plb3wjIlkrI1Gid5uG28pkrEmTxhOu10qg9BiEb6im9YE=
X-Google-Smtp-Source: AGRyM1vE1X8fSxY31u54ONTL4ngFtV6KAklIatXb8Ug+Z3A8gJd42xns3QO2R14AuLYl7UtB/I8n+jgqkhLraCzm6p4=
X-Received: by 2002:a05:6870:b40a:b0:101:a393:4cb9 with SMTP id x10-20020a056870b40a00b00101a3934cb9mr283313oap.12.1655400325196; Thu, 16 Jun 2022 10:25:25 -0700 (PDT)
MIME-Version: 1.0
References: <DU0P190MB1978D4C3F784B67C8AF39A7DFDA49@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM> <CAPt1N1nFYVMYiEuhSM4Kuickvb2VBgyanEV=VgGtX996oZW5EA@mail.gmail.com> <DU0P190MB197866CA95A9ABBB013ED9D9FDA79@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM> <DU0P190MB1978B2BF4465D735DF2FC24BFDAC9@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM>
In-Reply-To: <DU0P190MB1978B2BF4465D735DF2FC24BFDAC9@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM>
From: Ted Lemon <mellon@fugue.com>
Date: Thu, 16 Jun 2022 13:24:49 -0400
Message-ID: <CAPt1N1n-cmg4bydwM56Z9EZF_si19Ve1YNbBg=4H2YksWDd++A@mail.gmail.com>
To: Esko Dijk <esko.dijk@iotconsultancy.nl>
Cc: "dnssd@ietf.org" <dnssd@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000058408705e193ecd2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnssd/YI4rpLU67Rh98Asu6bej2Z0-0p4>
Subject: Re: [dnssd] Strategy of advertising proxy for hostname conflicts during key lease period? (draft-ietf-dnssd-advertising-proxy-00)
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Discussion of extensions to DNS-based service discovery for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jun 2022 17:25:30 -0000
Sorry for not responding quickly to this. You're asking about fairly deep technical details of the mDNS protocol, and I am not actually an expert, so I can't say that your understanding is correct or not. I will try to get Stuart to weigh in on this. On Thu, Jun 16, 2022 at 9:03 AM Esko Dijk <esko.dijk@iotconsultancy.nl> wrote: > FYI - I’m now assuming the following behavior of an advertising proxy, for > an incoming mDNS query. This is for the case there’s only a single > registered (SRP) service that is expired; and host lease is also expired at > the same time. And the host’s key-lease is still active: > > > > - QTYPE = PTR , QNAME=<service instance name or service type name> : > No response > - QTYPE = SRV, QNAME=<service instance name or service type name> : No > response > - QTYPE = ANY, QNAME=<service instance name or service type name> : No > response > - QTYPE = AAAA, QNAME=<host name> : Response with success (NoError) > status and 0 answer records > - QTYPE = ANY, QNAME=<host name> : Respond with KEY record for <host > name>.local > - QTYPE = KEY, QNAME=<host name> : Respond with KEY record for <host > name>.local > > > > > > Same case but when using the authoritative DNS server on the same host, > for an incoming unicast DNS query: > > > > - QTYPE = PTR , QNAME=<service instance name or service type name> : > Respond NXDOMAIN > - QTYPE = SRV, QNAME=<service instance name or service type name> : > Respond NXDOMAIN > - QTYPE = ANY, QNAME=<service instance name or service type name> : > Respond NXDOMAIN > - QTYPE = AAAA, QNAME=<host name> : Response with success (NoError) > status and 0 answer records > - QTYPE = ANY, QNAME=<host name> : Respond with KEY record for <host > name>.default.service.arpa > - QTYPE = KEY, QNAME=<host name> : Respond with KEY record for <host > name>.default.service.arpa > > > > Esko > > > > *From:* dnssd <dnssd-bounces@ietf.org> *On Behalf Of * Esko Dijk > *Sent:* Thursday, June 9, 2022 12:14 > *To:* Ted Lemon <mellon@fugue.com> > *Cc:* dnssd@ietf.org > *Subject:* Re: [dnssd] Strategy of advertising proxy for hostname > conflicts during key lease period? (draft-ietf-dnssd-advertising-proxy-00) > > > > That sounds like a good approach. So a potential competitor would first > send a probe-query for the hostname with rrtype “ANY”; and then the > advertising proxy would respond with its answer including the hostname and > an rrtype “KEY’ record - is that correct? > > > > Does this also mean the SRP server will answer DNS unicast queries for > this hostname and e.g. rrtype ANY, with the KEY record? While the key lease > is still valid. > > > > Esko > > > > *From:* Ted Lemon <mellon@fugue.com> > *Sent:* Wednesday, June 8, 2022 20:45 > *To:* Esko Dijk <esko.dijk@iotconsultancy.nl> > *Cc:* dnssd@ietf.org > *Subject:* Re: [dnssd] Strategy of advertising proxy for hostname > conflicts during key lease period? (draft-ietf-dnssd-advertising-proxy-00) > > > > You are correct. Fortunately, we always have a KEY record that we can > publish on the owner name. This is what the advertising proxy should do to > defend the name. If some non-SRP service tries to register the name, it > will get a hostname conflict. > > > > On Wed, Jun 8, 2022 at 9:36 AM Esko Dijk <esko.dijk@iotconsultancy.nl> > wrote: > > Hi all, > > > > Something that could be added to draft-ietf-dnssd-advertising-proxy-00 is > the handling of hostname conflicts; and how an advertising proxy would > “defend” an SRP registration on the mDNS link side. (There was a previous > thread on this too.) > > > > In particular, what if a host registration has already expired but the > key-lease is still active? In SRP, then no-one else can claim this > hostname. But in mDNS, we don’t seem to have such mechanism i.e. the > advertising proxy doesn’t “defend” the hostname registration on the mDNS > link. Or does it? > > So it could happen that this hostname is claimed on the mDNS side by an > mDNS native device, even though a particular SRP client still has the > key-lease on this name. > > > > The original name owner (SRP client) could later come back online and it > may need to claim the name again – conflicting with the mDNS link. > > > > Best regards > > Esko > > > > *IoTconsultancy.nl* | Email/Teams: esko.dijk@iotconsultancy.nl | > +31 6 2385 8339 > > > > _______________________________________________ > dnssd mailing list > dnssd@ietf.org > https://www.ietf.org/mailman/listinfo/dnssd > >
- [dnssd] Strategy of advertising proxy for hostnam… Esko Dijk
- Re: [dnssd] Strategy of advertising proxy for hos… Ted Lemon
- Re: [dnssd] Strategy of advertising proxy for hos… Esko Dijk
- Re: [dnssd] Strategy of advertising proxy for hos… Esko Dijk
- Re: [dnssd] Strategy of advertising proxy for hos… Ted Lemon
- Re: [dnssd] Strategy of advertising proxy for hos… Ted Lemon
- Re: [dnssd] Strategy of advertising proxy for hos… Esko Dijk
- Re: [dnssd] Strategy of advertising proxy for hos… Ted Lemon
- Re: [dnssd] Strategy of advertising proxy for hos… Esko Dijk