Re: [dnssd] WGLC on draft-ietf-dnssd-hybrid-03

"Ray Hunter (v6ops)" <> Fri, 25 March 2016 14:54 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 8E38712DAFB for <>; Fri, 25 Mar 2016 07:54:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.61
X-Spam-Status: No, score=-2.61 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id OrB0AIw5pArN for <>; Fri, 25 Mar 2016 07:54:04 -0700 (PDT)
Received: from ( [IPv6:2001:470:1f15:62e::2]) by (Postfix) with ESMTP id 29E8A12DAFA for <>; Fri, 25 Mar 2016 07:54:04 -0700 (PDT)
Received: from localhost (localhost []) by (Postfix) with ESMTP id E9B4840340; Fri, 25 Mar 2016 15:54:01 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 5cNcHYescX2s; Fri, 25 Mar 2016 15:53:59 +0100 (CET)
Received: from Rays-MacBook-Pro.local ( []) (Authenticated sender: by (Postfix) with ESMTPA id CABD1402CE; Fri, 25 Mar 2016 15:53:58 +0100 (CET)
Message-ID: <>
Date: Fri, 25 Mar 2016 15:53:57 +0100
From: "Ray Hunter (v6ops)" <>
User-Agent: Postbox 4.0.8 (Macintosh/20151105)
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="------------030705000807030408090702"
Archived-At: <>
Subject: Re: [dnssd] WGLC on draft-ietf-dnssd-hybrid-03
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussion of extensions to Bonjour \(mDNS and DNS-SD\) for routed networks." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 25 Mar 2016 14:54:06 -0000

I have read this draft.

I find the work interesting, although I'm not yet convinced of the 
chosen compromises with respect to use of this draft in Homenet.

1. I'm concerned that there's a hard coded tie between a "zone" and a 
"link" which might lead to a lot of noise.

Zone enumeration appears to be performed by retransmission of queries to 
the relevant proxy on the remote link.

If a specialised end node that is a member of particular zone e.g. "A3 
printers" moves to another building, there's no mechanism to say that 
the associated enumeration zone should also move with the device. In 
other words, the default is that all queries for all zones are probably 
going to have to be forwarded to ALL links in the (common) namespace.

That could lead to a lot of unnecessary noise on an enterprise scale 
network, and which could also be killing for Homenet devices that are 
trying to be energy efficient.

If I look back at the source of inspiration of zeroconf networking, 
Appletalk II, there was a ZIP (Zone Information Protocol) to enable a 
logical clustering of services, that was independent of network numbers 
and links.

2. I'm concerned at the potential for protocol storms.

AFAICS There's no dedicated field in the protocol that tracks the 
ultimate source and destination of forwarded queries and replies.

If a device is placed somewhere in the network that does not adequately 
understand how the hybrid mechanism works, and either queries or replies 
are inappropriately "leaked" between hybrid proxies, this could cause 
incorrect re-transmission of queries and responses and ultimately a 
packet storm.

I also don't see how if two hybrid proxies are present and active on a 
link, they are going to be able to distinguish between original 
multicast requests from an end node on this link, and forwarded requests 
(potentially also using mulitcast) received from off-link via the other 
hybrid proxy.

That suggess to me the hybrid proxies have to be "topology aware" which 
is a tall order. Unless of course I've misunderstood the forwarding 

As a comparison, when DHCPv6 messages are relayed (by a DHCPv6 relay) a 
new explicit relay forwarding option is pushed onto the front of the 
message, and popped off the reply. That ensures that the forward (via 
RELAY-FORW) and reverse path (via RELAY-REPL) are respected at all times.

3. There doesn't seem to be any mechanism to be able to track replies 
with respect to queries. Multicast queries appear to result in unicast 
responses, and vice versa. It isn't clear from the draft if this may 
cause a security issue. How can the recipient of a unicast reply 
validate that it is a valid reply to a query sent via this proxy? So for 
example, could a rogue node on bldgd2 could answer on behalf of a node 
on bldg1?