[dnssd] Re: SRP + Advertising Proxy: TTL related questions

[Esko Dijk <esko.dijk@iotconsultancy.nl>]

Ok. I believe the correct way for such a situation is to send an update to remove a DNS-SD service again, using an SRP Update, if the service is no longer available.
If the client doesn't know in advance when the service is to be removed again, it should base its lease time on other considerations. (Whatever these are: maybe do the same like for its other DNS-SD services if it has any.)

The described approach is also brittle: the SRP registrar MAY opt to change the lease time to 4 hours, for example.

Esko

From: Ted Lemon <mellon@fugue.com>
Sent: dinsdag 1 juli 2025 15:07
To: Esko Dijk <esko.dijk@iotconsultancy.nl>
Cc: Abtin Keshavarzian <abtink@google.com>; dnssd <dnssd@ietf.org>
Subject: Re: SRP + Advertising Proxy: TTL related questions

We have noted a use pattern where a device that has not yet been paired advertises its availability for pairing using SRP with a short lease interval, with the hope that the pairing will happen quickly and the short lease will result in that service being removed quickly. We should probably think about whether that makes sense, or whether it's better for the device to simply remove the advertisement when pairing is complete.


On 1 Jul 2025, at 14:52, Esko Dijk <esko.dijk@iotconsultancy.nl<mailto:esko.dijk@iotconsultancy.nl>> wrote:

Hi Abtin,

thanks for clarifying the OpenThread configurations and algorithm.

Based on RFC 9665 I see quite some implementation freedom on handling TTLs:


  *   TTL value for RR in SRP Update is an advisory to the SRP registration (Section 4)

     *   TTL value SHOULD NOT exceed the lease time (within the SRP Update scope)

  *   function of Lease times and the function of TTLs are completely different (Section 5.1)
  *   TTL value for RR when served in a DNS response (e.g. by Advertising Proxy) MAY exceed the remaining lease time (Section 5.1)

     *   although it's not forbidden to e.g. set the TTL based on remaining lease time, if the implementation sees some benefit in that.

So an SRP registrar can modify lease times to regulate the amount of SRP Updates per time unit.  (Basically ignoring the SRP client's requested lease time.)
And it can choose TTL values to regulate the amount of DNS/mDNS queries being sent to its host per time unit.  (Ignoring the SRP client's suggested TTL.)

The SRP registrar going along with an SRP client's suggested TTL, within certain preconfigured min/max limits, also sounds like a feasible default strategy.

Now that the SRP registrar has determined TTL in some way, I'd assume that the Advertising Proxy uses exactly these TTL values in its mDNS advertisements.

The Advertising Proxy draft can maybe list some sensible defaults for TTL?
For this I created: https://github.com/dnssd-wg/draft-ietf-dnssd-advertising-proxy/issues/6

regards,
Esko


From: Abtin Keshavarzian <abtink@google.com<mailto:abtink@google.com>>
Sent: dinsdag 1 april 2025 22:50
To: Ted Lemon <mellon@fugue.com<mailto:mellon@fugue.com>>
Cc: Esko Dijk <esko.dijk@iotconsultancy.nl<mailto:esko.dijk@iotconsultancy.nl>>; dnssd <dnssd@ietf.org<mailto:dnssd@ietf.org>>
Subject: Re: SRP + Advertising Proxy: TTL related questions

Let me clarify the statement about OpenThread behavior.

OpenThread is a network stack designed to run on a variety of platforms and device categories, offering flexibility in configuration and integration into projects and products.

Regarding the SRP Server and Advertisement Proxy, OpenThread provides several integration options:

A) Platform/Project Managed: The platform or project handles all SRP Server and Adv Proxy functionalities, making them fully project/product-specific.
B) OpenThread SRP Server, Platform Adv Proxy: The SRP Server function is implemented within the OpenThread core, while the Advertisement Proxy is delegated to the platform.
C) OpenThread Native SRP Server and Adv Proxy: Both the SRP Server and the Advertisement Proxy are provided by the OpenThread core.

The OpenThread SRP server implementation tracks a TTL for each registered service and host:

- The TTL is set to the minimum of the granted lease time and the TTL from the records in the SRP message. Note that SRP requires TTL consistency, so all RRs within an SRP message must use the same TTL.
- OpenThread also provides `otSrpServerTtlConfig`, which can be configured via APIs to specify a minimum and maximum TTL range. The granted TTL is then clamped to fall within this defined range.
- The OpenThread SRP client also offers APIs to explicitly set the desired TTL value if needed. If not explicitly set, the client will use the lease time as the TTL (default value 2 hours).

Regarding the Advertisement Proxy:

- For options (A) and (B), the Adv Proxy behavior, including TTL handling, is entirely dependent on the platform implementation. This, I believe, is what Esko's setup is using and what he observed.
- In option (C), where the OpenThread native Adv Proxy is used, it utilizes the TTL managed by the SRP server as described above.
- For the Advertisement Proxy, it makes sense to honor the TTL included in the SRP message while adhering to some min/max limits.
- The default/common behavior would be for the SRP client to set the TTL the same as the lease time (typically 2 hours). If, however, the TTL value is explicitly set to a different value by the SRP client, then it makes sense for this request to be honored by the Advertising proxy.

Abtin.

On Mon, Mar 31, 2025 at 5:15 AM Ted Lemon <mellon@fugue.com<mailto:mellon@fugue.com>> wrote:
Actually we’ve learned (because of thread!) that the 120s ttl is way too short, and mDNSResponder now uses a 75 minute ttl for address records.

If the goodbye packet doesn’t come, then the next step is to probe. See for example the DNSServiceReconfirmRecord API.

On Mon, Mar 31, 2025, at 11:19 AM, Esko Dijk wrote:

> and rely on the goodbye packet to remove the record if the lease expires



This works well as long as the SRP Registrar stays online. If it is unexpectedly disconnected, there’s no opportunity to send goodbyes for all its proxied services/host-names.

I’m guessing that’s why mDNS chose the 120 seconds limit, which feels fairly short but somewhat addresses the issue of a device suddenly being disconnected/powered-off.



If we go for “long” TTLs, then we need to define a recommendation for this time. E.g. in the order of 30 minutes?

Maybe a range can be defined. Then, if there’s a record registered via SRP with a longer lease time (e.g. 8 hours, or 24 hours) then the mDNS advertised TTL can also be initially advertised as longer, up to the high end of this range.

Say, 2 hours (if that’s the end of the range).



Esko



From: Ted Lemon <mellon@fugue.com<mailto:mellon@fugue.com>>
Sent: maandag 31 maart 2025 11:01
To: Esko Dijk <esko.dijk@iotconsultancy.nl<mailto:esko.dijk@iotconsultancy.nl>>; dnssd <dnssd@ietf.org<mailto:dnssd@ietf.org>>
Cc: abtink@google.com<mailto:abtink@google.com>
Subject: Re: SRP + Advertising Proxy: TTL related questions



There is a significant cost to short ttls for mdns: if there is an active query on a record, we will see mdns exchanges towards the end of the ttl to keep the query going.



Given that mdns also has maintenance packets, it’s better to use a long ttl and rely on the goodbye packet to remove the record if the lease expires.



Letting the client choose the mdns ttl could enable a dos attack.



On Mon, Mar 31, 2025, at 10:19 AM, Esko Dijk wrote:

Hi all,



The Advertising Proxy can advertise DNS records using mDNS, where the records were received in an SRP Update. This brings up questions related to the TTL of the mDNS-advertised records.

mDNS has some standard guidance for TTL (e.g. 2 minutes for host-related records and SRV, 75 minutes for others like TXT). So an implementer could use this guidance. This is what I see in the OpenThread implementation.



However, in the SRP + Advertising Proxy case, the registered records each come with their own TTL value that maybe should be respected. So then the mDNS component could use those (received) TTLs and do a countdown on the time.

For example, if the SRP lease time is 10 minutes, and 4 minutes passed since the last SRP Update, then mDNS will advertise the service (PTR + SRV+ TXT) with a TTL of 6 minutes.

Would this be the intention for Advertising Proxy?  Or can the defaults be used?



Alternatively there could also be some kind of cap on the mDNS-advertised TTL (like 2 minutes?) to avoid the TTLs on mDNS getting very large. (RFC 6762 kept these fairly small, for a good reason probably).

In that case the TTLs can be smaller but not larger than the cap.



Regards

Esko