IETF Logo Mail Archive

Re: [dnssd] Strategy of advertising proxy for hostname conflicts during key lease period? (draft-ietf-dnssd-advertising-proxy-00)

Esko Dijk <esko.dijk@iotconsultancy.nl> Thu, 09 June 2022 10:13 UTC

Return-Path: <esko.dijk@iotconsultancy.nl>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 714E4C15AAD8 for <dnssd@ietfa.amsl.com>; Thu, 9 Jun 2022 03:13:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.109
X-Spam-Level:
X-Spam-Status: No, score=-2.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=iotconsultancy.nl
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id knRRcM6Epnka for <dnssd@ietfa.amsl.com>; Thu, 9 Jun 2022 03:13:50 -0700 (PDT)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80117.outbound.protection.outlook.com [40.107.8.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AF92AC15AAD5 for <dnssd@ietf.org>; Thu, 9 Jun 2022 03:13:48 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CaDiHrj2SiMwKZ+KM5UC85SCVZA4vuXIjO9qEbxamtJa05t4ZF2YrzDrtsMA6CJ1WIehTYMXigPH5k+KWq9+neuGV/A6KU+rME7+o0EEfLIpF5gI7bEqQvFbcyO0MwB/PBTT8JdDF1Tv1Wj6N+Wg7qiAbJnVOunIu/QnuSCepANNw4l231UTHpp6moWTLGKRuWnW4kovGlvwbN2axzXAqtzIidnLfmCB2EMy8NwQ8S1q93tMXeVl+uBpy7TZjfLbkTuxO3rAurc21ew1zhv/J0e1uOM8Pt4M/pMC6q7cIxwUscT+ZRarbkZFl5tMa1yBXOcAqZJSXlwZEcrxFsMPYA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=v90DjtA6IhItsMAiM57mVrSIKMz7IdgSjbiTaYs9m1s=; b=gKenlw9C6Fye7+DT8201WiA0NZWLUiEfUspgmA1VgdrOL/rO2QP449T4LUrYJB1m2jcxYqFSRnLcVbauRBJG8WTvJRLMp1+XVB1off2zob5H4gA94o3ZzKXhvpf8O28pVeY0CyqrhggVj+lihqkHSvMq5rynkvtjj/0JDr0eE5HXXWUqaervlts3OJXzrliJTJxygJv46jwvKmEZVdOHQh1j9VU/kLbJsdalnoy9TBCydIlo33IyuOPFcoWDzqSay+Vz6fsxDINhNwi+wcQpB06tiF14xBQd+vjP28clpb+E8hQTubm0zhS7u+UCG+XsQdYyAVy6v4pp9PENq/COUw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=iotconsultancy.nl; dmarc=pass action=none header.from=iotconsultancy.nl; dkim=pass header.d=iotconsultancy.nl; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iotconsultancy.nl; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=v90DjtA6IhItsMAiM57mVrSIKMz7IdgSjbiTaYs9m1s=; b=K9eoW/BhjHshYGpKzqQ3o9HU+2a+DKzUpXJtFK1t/suYsUac5IKgojqdCzQ01/N105oDs2y/1bTPI7CNMoNzmKWx27v1ZpxT9V6L4tDSZujY9d2B+mRtj6De0AImiZeH7v9EgCwah9+15wnbRW9S/fwZ7MZFp6qRy7P2U2ZhI+I=
Received: from DU0P190MB1978.EURP190.PROD.OUTLOOK.COM (2603:10a6:10:3b9::20) by HE1P190MB0186.EURP190.PROD.OUTLOOK.COM (2603:10a6:3:c3::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5314.14; Thu, 9 Jun 2022 10:13:43 +0000
Received: from DU0P190MB1978.EURP190.PROD.OUTLOOK.COM ([fe80::d19a:a24c:bd5c:95da]) by DU0P190MB1978.EURP190.PROD.OUTLOOK.COM ([fe80::d19a:a24c:bd5c:95da%8]) with mapi id 15.20.5332.012; Thu, 9 Jun 2022 10:13:43 +0000
From: Esko Dijk <esko.dijk@iotconsultancy.nl>
To: Ted Lemon <mellon@fugue.com>
CC: "dnssd@ietf.org" <dnssd@ietf.org>
Thread-Topic: [dnssd] Strategy of advertising proxy for hostname conflicts during key lease period? (draft-ietf-dnssd-advertising-proxy-00)
Thread-Index: Adh7PAzPUxhdnq2hQTGOWDMt+PT2qAAK8Y8AACAeQUA=
Date: Thu, 09 Jun 2022 10:13:43 +0000
Message-ID: <DU0P190MB197866CA95A9ABBB013ED9D9FDA79@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM>
References: <DU0P190MB1978D4C3F784B67C8AF39A7DFDA49@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM> <CAPt1N1nFYVMYiEuhSM4Kuickvb2VBgyanEV=VgGtX996oZW5EA@mail.gmail.com>
In-Reply-To: <CAPt1N1nFYVMYiEuhSM4Kuickvb2VBgyanEV=VgGtX996oZW5EA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=iotconsultancy.nl;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 6ef31f74-ccaa-4471-b351-08da4a00bb81
x-ms-traffictypediagnostic: HE1P190MB0186:EE_
x-microsoft-antispam-prvs: <HE1P190MB0186E556BE172147D34FCD37FDA79@HE1P190MB0186.EURP190.PROD.OUTLOOK.COM>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: uZ/4iV0jmSn2zGj3pDidTqB/Pyof+6ECHPjPBHchg+izFwJknUtWJlON5GE0zwCfkGdcf0ousPuXjn1Mjjp7/RPh7WJYiaCOnVY8bWGc8UlRxJwJOtfnqxUjWYasB6FKFV5YwZ5VFFI76SEcPbNjdlh1DNinGk61zzSyz6rs9rrJggQ3rU/mYVQLDLHWL5dqToGdXoeP/2RRUu62CXWhbSFpFeLQGf2MuraFy6eKF9qavyrOSp/380nGZMWxFJb8wEWxg3ocNQHYWDD6AZKy2ja476wqmYZZxljsP5VVFbo24qBMob7mKE2GAm2bKZuABoyUl0FHlPNFjoOB795ea5gp7MIOBMv0fMTdlujvEcuxjrKiT8gWwepv9fWTbvsswJP2MV3594MKY3QM/rDMs+kh6S+7kNLOjDMBd4c5/u0wJ/VeFwk/Y1USQCOeciAYF+vhT189xta0Or04BL/BqEsEgk9G9B/pFoLAGoWMnVxS/zLcFrdg5TxZIDKfpXrti+AQSmD/90Ui3utL5Fkssj1zmXeGOB9YEgvsOW3JGCnG1KOz4rXiK0gCPowhHST9TmupmiUaJBsl5vsnXVLgFxH/wgALtSR+Df8Dq82/hiUOEJ5R91c9OZu0dI/HoYqPiAnNMPBYwRfbeMOGW9CsXGL2K4u/Rrku3egqNfOv5s2EIKPrQ5QFrgP9wzKRGo0j8ZkZgcGLFBz99zkynATuxH4w4LK20PIw84sQ9zwG8+UXFV/aa9R7591RuW9XqAMxg4rOjiAs5zvclGD8G2fDNlgNrPxY24emQwg6tILSyzU=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DU0P190MB1978.EURP190.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230001)(396003)(366004)(136003)(39830400003)(346002)(41300700001)(9686003)(83380400001)(186003)(55016003)(122000001)(166002)(66556008)(66946007)(44832011)(8936002)(6916009)(52536014)(71200400001)(508600001)(5660300002)(966005)(86362001)(4326008)(33656002)(2906002)(76116006)(64756008)(66446008)(53546011)(8676002)(38100700002)(38070700005)(316002)(7696005)(6506007)(66476007); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 2
x-ms-exchange-antispam-messagedata-0: mWqD4wb43VqqM+A5Tf9GpxGKTPk+OcWMzZoKwYuY/20qGdwXQH0uqyM/6NgZH3vmehrppZMGIFeXrfnJa9V+i9bbFzHYWX0gdVM18b9bEMwKlJxmWEaI0sBK+5tQrHJlAXtAVIbPG57zMsLL1L9fie23pRXTQyVufB8fQjtYAHVr68Ay6FF7OjDfYXBd57dwlL8OJoqunVbrCH69OOjUwJkyJIlmrbFBxo0f66qTu7Nze1DssVfipeEQJDFLwOqc9wJx/LBSsLjnW0ZjBv91n7BIulqyBV9CvoML922uifALeE0yKxS63Vh1mOOKbceEdQPZPJd0krVIby+9rlGe8/suHw1Gq2ABrWzJIp79ds8n3wg1/kJVbKP47YZ3HuH4Mkm5mde3vGg+SaCRd+WAgZ/2UvMrGebgfdgUhkPebluUZl9FUe4/Wy2zldIZniZUAfipkiKVy2ICz9ZRTHEysAc92uQoQTva7mNqosUpqn62WCIqz++WcEXwTNCQWLAkunodZBP7BqvmQEQh0PbVGFQndx4bd4ZuisBvcYzjiawaTHde+AuetWCT7+P4ATdXfD/g59XgG70F9uaIfaeVTImeCihSkNWnWGXmfcF0vxCUtJCMMAQ3AwAuiIxvsgk65Wt+C/ySHIH3WlfPk8jGkFBWa8BSyVRa7UsBm7f9/6og7yQ5g4uMHjXrUDm/+XMlmL9oA3oYiC9r5NUHhmZX8anPriAR/63ad4jqqXHux6jANty05lkf34EYeIAk+epCTM/nMDAHu5Ho2SdTy943jXyeUlq/LJ0NnZTsVH9xDxIL+DtzZbL2EkGwirnkHqym4wnh48w9jE7OzXxncbU43ms91DmynvSWqD5OtoR7ti3nZ3J7uOMcCvSn4oty4iHY1lvKDkWK4TzmOjm0UNZGj6f8wT+eZC+npbMvZSssJuxtVZPv+LcRNl1X6sYVaOKt9CN/lZFlqQoLye2zQUWI8McLndSr22PgpT77Hc0wwKOHpXNNp8IqNyHcxwVDvFojHiYm90Opg661Jsu/SNv4hTygjPzLlGeNrwWNgMliiKLRI2usZCBmW3NMYw5dlwUNx1iYP9X09dFLnlgl6zsnLCTxhFvviheWqTJIORn0a2WvWkuzu46Jh3rvTjlCO+C0kLf7a0hrKnmppESBOJXhjV8uTC6Kba8veHdZ+zo/eafQoLE1FBJSsRTPoVoPKwK3kN4U/Isa1nnVBoi0IJCGoDS/9jYBf4Pp2lAsN7MARpLPAR4MX/bNU/kGpGNt3qodxMfccOo400hmb4Q6Ie9oNV9dueD7adrUrohO0JWjKEIWoIH6gfZ+qUg3HeM/nukMFBxHNtgj8FItdupuhFNhceO8legfFdZ1Xf9CAfg0Iw+Z3K9pflOWqMWT0QO6V7AvsU3bYxMFqSbLKMLqkc3EkJEdODtPYKquen/6EjWRz+HCKsd4FiS9PuXUsxbntN0BwvsV/j1vyFlXbF+tzGSqAUcRnV0InUxVOYE0FNZYYzLBX+KsVU16UEwM19ZCItgO2fRAYXfLDT661iQV977zHb1wol0CdTmCKkmD9nuvf6Fxqq+ywmA06Kce85oA4Qk3ox86LBVo30Exqrru6geMXy9IGhj1LwWAoGfKx9H8DwesEIYi3Ex3qH6zixAdoMZ7m/bKJXA40ZESizAWu8XOlNSDzQz3r2vooanyTvWoacNqybQEx+m7kDRTbBBplWt1lMOQmkjPSeI/0GE9qyZiLrt4JqvCKIwBuzZaZis3zroqbvw+8fOoP+JqedHa98zd14X3pq+J
x-ms-exchange-antispam-messagedata-1: +TJRartL4JfCilq6c/bNVSg6dxr5OY0PdSs=
Content-Type: multipart/alternative; boundary="_000_DU0P190MB197866CA95A9ABBB013ED9D9FDA79DU0P190MB1978EURP_"
MIME-Version: 1.0
X-OriginatorOrg: iotconsultancy.nl
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DU0P190MB1978.EURP190.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 6ef31f74-ccaa-4471-b351-08da4a00bb81
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Jun 2022 10:13:43.2016 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 58bbf628-15d2-46bc-820b-863b6774d44b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: lnJ8aJJf6GqlOfyTbZoiAC0OgCV13ZV81B89VpaWdIPFJKdgrpvm3lgVKm0pb470rxGcYFkA/q+F6QJODXZV3yzW6dCL5346ziad94l0mJw=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1P190MB0186
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnssd/fQpvRSRQYHxaYT3m_b0A_5pPANA>
Subject: Re: [dnssd] Strategy of advertising proxy for hostname conflicts during key lease period? (draft-ietf-dnssd-advertising-proxy-00)
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Discussion of extensions to DNS-based service discovery for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Jun 2022 10:13:55 -0000

That sounds like a good approach. So a potential competitor would first send a probe-query for the hostname with rrtype “ANY”; and then the advertising proxy would respond with its answer including the hostname and an rrtype “KEY’ record  - is that correct?

Does this also mean the SRP server will answer DNS unicast queries for this hostname and e.g. rrtype ANY, with the KEY record? While the key lease is still valid.

Esko

From: Ted Lemon <mellon@fugue.com>
Sent: Wednesday, June 8, 2022 20:45
To: Esko Dijk <esko.dijk@iotconsultancy.nl>
Cc: dnssd@ietf.org
Subject: Re: [dnssd] Strategy of advertising proxy for hostname conflicts during key lease period? (draft-ietf-dnssd-advertising-proxy-00)

You are correct. Fortunately, we always have a KEY record that we can publish on the owner name. This is what the advertising proxy should do to defend the name. If some non-SRP service tries to register the name, it will get a hostname conflict.

On Wed, Jun 8, 2022 at 9:36 AM Esko Dijk <esko.dijk@iotconsultancy.nl<mailto:esko.dijk@iotconsultancy.nl>> wrote:
Hi all,

Something that could be added to draft-ietf-dnssd-advertising-proxy-00 is the handling of hostname conflicts; and how an advertising proxy would “defend” an SRP registration on the mDNS link side. (There was a previous thread on this too.)

In particular, what if a host registration has already expired but the key-lease is still active? In SRP, then no-one else can claim this hostname. But in mDNS, we don’t seem to have such mechanism i.e. the advertising proxy doesn’t “defend” the hostname registration on the mDNS link. Or does it?
So it could happen that this hostname is claimed on the mDNS side by an mDNS native device, even though a particular SRP client still has the key-lease on this name.

The original name owner (SRP client) could later come back online and it may need to claim the name again – conflicting with the mDNS link.

Best regards
Esko

IoTconsultancy.nl  |  Email/Teams: esko.dijk@iotconsultancy.nl<mailto:esko.dijk@iotconsultancy.nl>    |   +31 6 2385 8339

_______________________________________________
dnssd mailing list
dnssd@ietf.org<mailto:dnssd@ietf.org>
https://www.ietf.org/mailman/listinfo/dnssd

v2.23.0 | Report a Bug | By Email