IETF Logo Mail Archive

Re: [dnssd] Strategy of advertising proxy for hostname conflicts during key lease period? (draft-ietf-dnssd-advertising-proxy-00)

Esko Dijk <esko.dijk@iotconsultancy.nl> Sun, 19 June 2022 10:04 UTC

Return-Path: <esko.dijk@iotconsultancy.nl>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 530AFC15AACB for <dnssd@ietfa.amsl.com>; Sun, 19 Jun 2022 03:04:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.109
X-Spam-Level:
X-Spam-Status: No, score=-7.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=iotconsultancy.nl
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zhrYqJU2mKpV for <dnssd@ietfa.amsl.com>; Sun, 19 Jun 2022 03:04:46 -0700 (PDT)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on20711.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e1b::711]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CDDE7C147930 for <dnssd@ietf.org>; Sun, 19 Jun 2022 03:04:44 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KJ3jJsQ481rwdwZso+qHyovgT7C7/Xh3haQJN+BFxIxtcp8T12jeVYNBFmLqw5ufXWQ9+9xb63eP9YS097fWoMSinJMgDrHjRVUsGF2Ei2sP4jdahyiERjdk30H0TKTeSzzIntWYPCrgn6lrs0k3W9U6pUz4kWtwLpcjt6H+hl6HWzuixM9xMXgRH6/ooSVMdmseQ1+6OZnY06FRmlbzwrO+rs+xSDhgz5v/XBWSwwGitX3/JZqzEvSrmT2m1suviJOevV41jPvggNET2LlvDv1Lk8n27ZdBulStIK9VZsHxe3sQ2zc9eAH/uJH371WTLLMkVkUglT5+v1zicyhomA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Xe1Cw/3VJgED6p1WKjBzjP64QFPw/942vCJexn9OLmE=; b=AOP7dhdNhMb04fWPeY5aHW/50x15lfh9T4en5wB60Wsuf1JkJRYfZD/o4OSB/ENpvx9QSoGIq+7eTyzcTGBYe61R7MGw8p7bpZ4xI7lli/77JUvERz4gBVwMQnHHrs1R4/1GFACJk7Wt33Jzvbv2m1b+MvXA1tIGJ2YCmsshNRE2cnkpvYHhQ1RQNhuDajAxd4+eKMYtOfOoe0uSgrTHERf82zr+Ax9+DVKKJ+3KaFKT6TJZXnaX9bx13NUKHQccWf4MiTAFo9M4218t6mxyLN2HirK76i5WE9xvtobuZRLAqBaJczlNd9VkoQb2/l3k38nSZeyutTcqYrXvbETPuA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=iotconsultancy.nl; dmarc=pass action=none header.from=iotconsultancy.nl; dkim=pass header.d=iotconsultancy.nl; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iotconsultancy.nl; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Xe1Cw/3VJgED6p1WKjBzjP64QFPw/942vCJexn9OLmE=; b=Wk4P+gmROaCTH38lohD0noVk839P4t5Pci7nxMfCzgnnKRcNTnEGBxRJA0AkI27Ih+sIKjigI0qw8F4sJ//3sATE7SmoioKnRwCpVaI/UaXwDzxWmTqHO0qe4StlHZPHrPxeccz2niP26jihtT9HAI7UjBcL579t7MpPuj+97/Y=
Received: from DU0P190MB1978.EURP190.PROD.OUTLOOK.COM (2603:10a6:10:3b9::20) by AS4P190MB1877.EURP190.PROD.OUTLOOK.COM (2603:10a6:20b:504::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5353.15; Sun, 19 Jun 2022 10:04:40 +0000
Received: from DU0P190MB1978.EURP190.PROD.OUTLOOK.COM ([fe80::50a1:9a72:f2e6:587e]) by DU0P190MB1978.EURP190.PROD.OUTLOOK.COM ([fe80::50a1:9a72:f2e6:587e%6]) with mapi id 15.20.5353.016; Sun, 19 Jun 2022 10:04:40 +0000
From: Esko Dijk <esko.dijk@iotconsultancy.nl>
To: Ted Lemon <mellon@fugue.com>, "dnssd@ietf.org" <dnssd@ietf.org>
Thread-Topic: [dnssd] Strategy of advertising proxy for hostname conflicts during key lease period? (draft-ietf-dnssd-advertising-proxy-00)
Thread-Index: Adh7PAzPUxhdnq2hQTGOWDMt+PT2qAAK8Y8AACAeQUABZa7PMAAJvPSAAEIOb4AARFLZsA==
Date: Sun, 19 Jun 2022 10:04:40 +0000
Message-ID: <DU0P190MB1978AE5CAB7C8A54AE5FA457FDB19@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM>
References: <DU0P190MB1978D4C3F784B67C8AF39A7DFDA49@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM> <CAPt1N1nFYVMYiEuhSM4Kuickvb2VBgyanEV=VgGtX996oZW5EA@mail.gmail.com> <DU0P190MB197866CA95A9ABBB013ED9D9FDA79@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM> <DU0P190MB1978B2BF4465D735DF2FC24BFDAC9@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM> <CAPt1N1n-cmg4bydwM56Z9EZF_si19Ve1YNbBg=4H2YksWDd++A@mail.gmail.com> <CAPt1N1kD7VT0OKoEbH6LHZh4v0goNj1jV1aTSrE4kY9pLF3pQA@mail.gmail.com>
In-Reply-To: <CAPt1N1kD7VT0OKoEbH6LHZh4v0goNj1jV1aTSrE4kY9pLF3pQA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=iotconsultancy.nl;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 8c321ecd-72a8-41a5-313a-08da51db1fee
x-ms-traffictypediagnostic: AS4P190MB1877:EE_
x-microsoft-antispam-prvs: <AS4P190MB1877D068AC3943D50DA45DD2FDB19@AS4P190MB1877.EURP190.PROD.OUTLOOK.COM>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: euRVqPOs6oDwyVd1acOwIM1nQJFGwdy6Jh/fDheseJEmkPrenfLGH1fVzj0a/xkq+L3zWndZJ022BqIR6TdbzrOnCbXOVBJBDkp0+S+0Od4M362NWXYOnKfPJ8UdVjtx3Pc4vTKWFJ5ZAsZojtzcZ+YCl724o1nmyFUeuUEwDAsPbv/m6Ud8JHTrLFxhEQ38hAWNpOU01Jbs3xk9grwIUZFqOVjHnyiROXTCSuUP9XYMugFbNIoG676k+gYGdmmDJlVywO3rVuz4wcCM+uOpJqlpBq+3/MwhQoEKe3t9HTdnssiOdmKhOXstYrGXHNE2sUzDBcPlNvx5w0zAfBChSCsrZTDQsR84udVDLevADRwn9TbYDLZ4Gy9jPdhtEJZqR5c4mi/AuGvsmroHyMCH9igGnhGjzP1My7lLMRNhmMr7Jlo94l8hnhC9PFpViZPmms1+P8lHmxuwwMkFEUQKyCEp0VLgWesHIZ/WZbHHr1PUYDoI3OmcLiAEUHKq3ktt3I8VjEVrecGZvWq/p4Cxa8CMhS+jzHlBvSJYM7hLR8wYqwQy7mSsugt73cPmi1Ehl4ZClMW6KJ5Rge4rCTR5BrRH2bkJVjxJeV6zcP2UK3184O+Yi/sqI7ayMH9QKEPbUzwUESU4TLWaUo2/8AexGVZ6U7D1L0SfUDzWEX2S45VgZJa2JfLLqP6Es+QIfqN4nWyrWMKxF5eJAVELNel40O8tKtRh5UnCnjEFGqc6vFY44JE/uJ7W9+rBb6I4iJsV4th0x01PyZCxYNrH0YcKCdOjlTz78pi+UCRqInv7f6I=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DU0P190MB1978.EURP190.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230016)(346002)(396003)(39830400003)(366004)(136003)(26005)(41300700001)(71200400001)(9686003)(76116006)(38100700002)(83380400001)(33656002)(86362001)(38070700005)(122000001)(508600001)(166002)(2906002)(6506007)(966005)(8936002)(52536014)(44832011)(7696005)(55016003)(66556008)(64756008)(53546011)(186003)(316002)(66946007)(66476007)(66446008)(110136005)(5660300002)(8676002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 7ocloHfqTykk8ZOyyIvIAij9pEwQoE/sMsvu9BMzF66PD9zCeVPgYGQwcc3xD+w35PT0bCmzuH7uRSIEqc5W9MZiceFX2XlEGDoIA8FCgubA6ojaqrpR2ENTrTCTAKOsEXGncLgcs522Vo8X1Oq8OALKC0druluR8ELg8kAKLKyP43ZLE/hGhSR+dfHpDjdnFFbgDGZty5tIjLiyjk5vBXyi8GIrmUL1jaDdy12WOAxxCPMUVd0IhRQWaKG3nkDGDXi/AE9rraNQHX89uwsDmlbfa8e5fZeNVVd8oJsfCbXlikN4D2fKNdlJVbs3cPXPZ6VHFcGbqjc9fPN8OdP/IPKxamm9do7Md8YSrn1Rnf40/ophOmiRTJ/0gfJR+F+LnAss3UjcpwIUReYkCbx47v2LNYz1jhaHQTOF0sapyzYp8egK6oBD7K8hlmg84TNrAPyLkPf/tUF27XEQIGGsytcEFH1/+BFqwHRDO8hcSyihns93b5wScquSpRjKKh/oX4B5UzP1wfRMAMe7nourelX9b/gPR0PwyGRC7/Xga6MOXAQPu3yirf0cGc5Ar8PCVz5h9UMkhQEFhqcssBbtreumMPF+JCIWXLovm90TdzNwkaIqMfG0SzStGPvXWA5mDAIX8LthvMeu6V9KfQdCtyiT8wu2tbfuOgdk6Iza6QXoAQ8VQ9kxrhRNSbTEIfEoteSIdPx7/85WhOX17wkNDfCdF5YJQDDFGC9QtT+ZQennjXQK9iW27Xa48jDVgYCJpFN1tZWaNYJxcax0CWGOg+q06bijcEqp7v+1h842rpVyRLDyolzPRHFU0+fbHb2p8QomlSHiA3e2iyhdFOsgAjaiWcc04mA3LpDVNwbE6WP8dVj04qVe+lVg3Dtj7TM40DcWqhwR4YpVv0VwEq4Lg1uHUfNnulMxUZ1Z8SjZ9TZOzbhl7Ej1hzR6OuUACs7DxLmBwa0atYbfaZdZDCAuj97J/+uXEv0dPWv/zroh7mvKqN66FcoSdTjG84L6UMQik3f4fhdK2eHesMJA1aHpUsxxpXioQbTA9sjo+gTMI+z9P90w6AW4Z+vsFm4O9VJnfA6hrMFaF++d55LYFEZe2BrkJg1hSge4X2zJLUMneEyrqvOR3cTmONP+DgzJbUl+NBtbiImfm/U67CHP7jEphRhGCEQ2fl1jdoiEJdruEuhKVBkDDVzhNV19wdQa0xMhTtRFjJ5J8OCZ4PAJrnaMzSeirUmiQjDIP9HbMZ/okYJLCyRUdyK1+Hmv8skctUEwFsX1lkzOWnoDeyMRUgxnaZz6ipYjCYqmRi5xe6JtSBpoxilT6302ugB04h5vru8M67PGiff3QxoxwP0mvoBGNDTkj7ebx45lxInO1PU/HwRMYppiiz4mP8mWRpZRk+XmBbzTXXS0O2hBxaUISaie9w0nJl3sWYRlCKWU6HKCwc0fkto1yLGYtqWFKy+piJl/L93Z2XxkVgWHJhCjeyH4DzLZv0ztAw+k5mVofuClZsMIt5Dje4pIItDtdS/IrxD6+lwYyEO7UqxQbTIiXIjKZoNSkfYXMiIbPRoMpCseVMi128LmYsymLEC9WE8dxzmfXzt3MQ2GIbaIKjsRU6lT64rhwLATjfARI84H+7I1vSLPiuV0TgeayjykPew8Lx5+Hk5VcF4QSjHv0zgK1bHk3VprrgFY4cQhIb4lbQSH8h0T3aICHljGX52X6iSxz9dALFNJpZrj2DkwVtMq++vbhw/RaTRrbjwpBO/lWMeFSwQ=
Content-Type: multipart/alternative; boundary="_000_DU0P190MB1978AE5CAB7C8A54AE5FA457FDB19DU0P190MB1978EURP_"
MIME-Version: 1.0
X-OriginatorOrg: iotconsultancy.nl
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DU0P190MB1978.EURP190.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 8c321ecd-72a8-41a5-313a-08da51db1fee
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Jun 2022 10:04:40.1113 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 58bbf628-15d2-46bc-820b-863b6774d44b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: r+9Upru7mIEJlpNLtd8bGiPFsyi3Tdb+BDKejqcg/cB4LZb1efRq9yKo68DUZXihgnINul0A5RQJtH/HrC9AcPzSVqg1L4lWVGdo/BBhqXw=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS4P190MB1877
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnssd/tidjF1i4xZEew-e11ZFHr7meDW8>
Subject: Re: [dnssd] Strategy of advertising proxy for hostname conflicts during key lease period? (draft-ietf-dnssd-advertising-proxy-00)
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Discussion of extensions to DNS-based service discovery for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Jun 2022 10:04:50 -0000

Thanks , I updated my lists based on your response – shown below.  There’s separate Options 1/2 now for the case that the Advertising Proxy (AP) does propagate KEY records for services, and for the case the AP doesn’t do this for services but only for Hosts. (Which you indicated would be sufficient and simpler to implement.)
Option 1) Incoming mDNS query , assuming that KEY records are also propagated via the Advertising Proxy:

  *   QTYPE = PTR , QNAME=<service type name> : No response
  *   QTYPE = SRV, QNAME=<service instance name> : Response with success (NoError) status and 0 answer records
  *   QTYPE = ANY, QNAME=<service instance name> : Respond with KEY record for <service instance name>
  *   QTYPE = KEY, QNAME=<service instance name> : Respond with KEY record for <service instance name>
  *   QTYPE = AAAA, QNAME=<host name>.local : Response with success (NoError) status and 0 answer records
  *   QTYPE = ANY, QNAME=<host name>.local : Respond with KEY record for <host name>.local
  *   QTYPE = KEY, QNAME=<host name>.local : Respond with KEY record for <host name>.local
Option 2) Incoming mDNS query , assuming that KEY records for services are NOT propagated via the Advertising Proxy:

  *   QTYPE = PTR , QNAME=<service type name> : No response
  *   QTYPE = SRV, QNAME=<service instance name> : No response
  *   QTYPE = ANY, QNAME=<service instance name> : No response
  *   QTYPE = KEY, QNAME=<service instance name> : No response
  *   QTYPE = AAAA, QNAME=<host name>.local : Response with success (NoError) status and 0 answer records
  *   QTYPE = ANY, QNAME=<host name>.local : Respond with KEY record for <host name>.local
  *   QTYPE = KEY, QNAME=<host name>.local : Respond with KEY record for <host name>.local
Incoming unicast DNS query:

  *   QTYPE = PTR , QNAME=<service type name> : Respond NXDOMAIN  (since the pointers for the expired-lease services are removed)
  *   QTYPE = SRV, QNAME=<service instance name> : Response with success (NoError) status and 0 answer records
  *   QTYPE = ANY, QNAME=<service instance name> : Respond with KEY record for <service instance name>
  *   QTYPE = KEY, QNAME=<service instance name> : Respond with KEY record for <service instance name>
  *   QTYPE = AAAA, QNAME=<host name>.default.service.arpa : Response with success (NoError) status and 0 answer records
  *   QTYPE = ANY, QNAME=<host name>.default.service.arpa : Respond with KEY record for <host name>.default.service.arpa
  *   QTYPE = KEY, QNAME=<host name>.default.service.arpa : Respond with KEY record for <host name>.default.service.arpa

> the instance name is nearly always going to be the same as the hostname plus the service type and transport type labels.

This part was unclear to me; do you have an example? I thought a mDNS device would typically register something like “My Service._exampletype._udp.local” without including any hostname within the service instance name.
And with Option 2 above this service instance name would not be “defended” for the duration of the key lease which looks like a problem for service consistency within a home. (E.g. a client may have initially selected a particular instance and wants to keep using that specific one even though the service may be ‘absent’ some of the time.)

Esko

From: Ted Lemon <mellon@fugue.com>
Sent: Saturday, June 18, 2022 02:56
To: Esko Dijk <esko.dijk@iotconsultancy.nl>
Cc: dnssd@ietf.org
Subject: Re: [dnssd] Strategy of advertising proxy for hostname conflicts during key lease period? (draft-ietf-dnssd-advertising-proxy-00)

I wanted to check with Stuart before answering. RFC6762 is somewhat ambiguous on this topic: Section 8.1 says:

It also allows a host to verify exclusive ownership of a name for all rrtypes, which is desirable in most cases.  It would be confusing, for example, if one host owned the "A" record for "myhost.local.", but a different host owned the "AAAA" record for that name.

However, section 9 says:

A conflict occurs when a Multicast DNS responder has a unique record for which it is currently authoritative, and it receives a Multicast DNS response message containing a record with the same name, rrtype and rrclass, but inconsistent rdata.

So as you said, when the probe goes out, it queries for ANY, and if it sees a KEY record, even if its goal is to advertise an A record, it will take that as "ownership of the name" and not advertise the A record on that name. Simultaneous probe resolution will also do the right thing. On the other hand, in theory at least,  if two servers have already decided to advertise the same data, and later on one gets a response containing only a KEY record on a name on which it is advertising an A record, it won't see a conflict (late conflict detection) at least according to the RFC.

In practice, what I see with mDNSResponder is that it detects all of these events as conflicts, even the late conflict. I think maybe an update to RFC6762 is in order to clarify this—I think the spec ought to be clear on this, and it doesn't make sense that only in the late conflict case do we not care that two hosts are advertising different records on the same owner name.

So, back to the use of the KEY record, I think that your description of the behavior for address and KEY records is right. However, the KEY record is actually supposed to be used to hold not only the hostname but also the service instance name(s), so you would see a KEY record on the service instance names in a unicast DNS key query. You would not see them in mDNS, because it's hard to make that work, and not worth the effort, since in any non-SRP use case that produces a conflict, which I think is what we'd be concerned about, the instance name is nearly always going to be the same as the hostname plus the service type and transport type labels.

On Thu, Jun 16, 2022 at 1:24 PM Ted Lemon <mellon@fugue.com<mailto:mellon@fugue.com>> wrote:
Sorry for not responding quickly to this. You're asking about fairly deep technical details of the mDNS protocol, and I am not actually an expert, so I can't say that your understanding is correct or not.

I will try to get Stuart to weigh in on this.

On Thu, Jun 16, 2022 at 9:03 AM Esko Dijk <esko.dijk@iotconsultancy.nl<mailto:esko.dijk@iotconsultancy.nl>> wrote:
FYI - I’m now assuming the following behavior of an advertising proxy, for an incoming mDNS query. This is for the case  there’s only a single registered (SRP) service that is expired; and host lease is also expired at the same time. And the host’s key-lease is still active:


  *   QTYPE = PTR , QNAME=<service instance name or service type name> : No response
  *   QTYPE = SRV, QNAME=<service instance name or service type name> : No response
  *   QTYPE = ANY, QNAME=<service instance name or service type name> : No response
  *   QTYPE = AAAA, QNAME=<host name> : Response with success (NoError) status and 0 answer records
  *   QTYPE = ANY, QNAME=<host name> : Respond with KEY record for <host name>.local
  *   QTYPE = KEY, QNAME=<host name> : Respond with KEY record for <host name>.local


Same case but when using the authoritative DNS server on the same host, for an incoming unicast DNS query:


  *   QTYPE = PTR , QNAME=<service instance name or service type name> : Respond NXDOMAIN
  *   QTYPE = SRV, QNAME=<service instance name or service type name> : Respond NXDOMAIN
  *   QTYPE = ANY, QNAME=<service instance name or service type name> : Respond NXDOMAIN
  *   QTYPE = AAAA, QNAME=<host name> : Response with success (NoError) status and 0 answer records
  *   QTYPE = ANY, QNAME=<host name> : Respond with KEY record for <host name>.default.service.arpa
  *   QTYPE = KEY, QNAME=<host name> : Respond with KEY record for <host name>.default.service.arpa

Esko

From: dnssd <dnssd-bounces@ietf.org<mailto:dnssd-bounces@ietf.org>> On Behalf Of Esko Dijk
Sent: Thursday, June 9, 2022 12:14
To: Ted Lemon <mellon@fugue.com<mailto:mellon@fugue.com>>
Cc: dnssd@ietf.org<mailto:dnssd@ietf.org>
Subject: Re: [dnssd] Strategy of advertising proxy for hostname conflicts during key lease period? (draft-ietf-dnssd-advertising-proxy-00)

That sounds like a good approach. So a potential competitor would first send a probe-query for the hostname with rrtype “ANY”; and then the advertising proxy would respond with its answer including the hostname and an rrtype “KEY’ record  - is that correct?

Does this also mean the SRP server will answer DNS unicast queries for this hostname and e.g. rrtype ANY, with the KEY record? While the key lease is still valid.

Esko

From: Ted Lemon <mellon@fugue.com<mailto:mellon@fugue.com>>
Sent: Wednesday, June 8, 2022 20:45
To: Esko Dijk <esko.dijk@iotconsultancy.nl<mailto:esko.dijk@iotconsultancy.nl>>
Cc: dnssd@ietf.org<mailto:dnssd@ietf.org>
Subject: Re: [dnssd] Strategy of advertising proxy for hostname conflicts during key lease period? (draft-ietf-dnssd-advertising-proxy-00)

You are correct. Fortunately, we always have a KEY record that we can publish on the owner name. This is what the advertising proxy should do to defend the name. If some non-SRP service tries to register the name, it will get a hostname conflict.

On Wed, Jun 8, 2022 at 9:36 AM Esko Dijk <esko.dijk@iotconsultancy.nl<mailto:esko.dijk@iotconsultancy.nl>> wrote:
Hi all,

Something that could be added to draft-ietf-dnssd-advertising-proxy-00 is the handling of hostname conflicts; and how an advertising proxy would “defend” an SRP registration on the mDNS link side. (There was a previous thread on this too.)

In particular, what if a host registration has already expired but the key-lease is still active? In SRP, then no-one else can claim this hostname. But in mDNS, we don’t seem to have such mechanism i.e. the advertising proxy doesn’t “defend” the hostname registration on the mDNS link. Or does it?
So it could happen that this hostname is claimed on the mDNS side by an mDNS native device, even though a particular SRP client still has the key-lease on this name.

The original name owner (SRP client) could later come back online and it may need to claim the name again – conflicting with the mDNS link.

Best regards
Esko

IoTconsultancy.nl  |  Email/Teams: esko.dijk@iotconsultancy.nl<mailto:esko.dijk@iotconsultancy.nl>    |   +31 6 2385 8339

_______________________________________________
dnssd mailing list
dnssd@ietf.org<mailto:dnssd@ietf.org>
https://www.ietf.org/mailman/listinfo/dnssd

v2.23.0 | Report a Bug | By Email