[dnssd] Comments on draft-ietf-dnssd-srp
"Ray Hunter (v6ops)" <v6ops@globis.net> Mon, 18 November 2019 08:43 UTC
Return-Path: <v6ops@globis.net>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 460291200CE; Mon, 18 Nov 2019 00:43:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3zFHWL0exwrQ; Mon, 18 Nov 2019 00:43:47 -0800 (PST)
Received: from globis01.globis.net (mail.globis.net [IPv6:2001:470:1f15:62e::2]) by ietfa.amsl.com (Postfix) with ESMTP id 272C41200BA; Mon, 18 Nov 2019 00:43:44 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by globis01.globis.net (Postfix) with ESMTP id 727C640166; Mon, 18 Nov 2019 09:43:43 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at globis01.globis.net
Received: from globis01.globis.net ([127.0.0.1]) by localhost (mail.globis.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NHTFGQlEPL_n; Mon, 18 Nov 2019 09:43:40 +0100 (CET)
Received: from MacBook-Pro-3.local (h9041.upc-h.chello.nl [62.194.9.41]) (Authenticated sender: v6ops@globis.net) by globis01.globis.net (Postfix) with ESMTPA id 9E56D40159; Mon, 18 Nov 2019 09:43:40 +0100 (CET)
To: draft-ietf-dnssd-srp@ietf.org
Cc: dnssd@ietf.org
From: "Ray Hunter (v6ops)" <v6ops@globis.net>
Message-ID: <d3534471-54ce-79fe-165c-b55d6fd83166@globis.net>
Date: Mon, 18 Nov 2019 09:43:39 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:52.0) Gecko/20100101 PostboxApp/7.0.8
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="------------6C275C0EA362E413921E886F"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnssd/trk_YQql9bpECZz6LKi29Z6oqFg>
Subject: [dnssd] Comments on draft-ietf-dnssd-srp
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of extensions to DNS-based service discovery for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Nov 2019 08:43:50 -0000
Hi, I've read your draft https://tools.ietf.org/html/draft-ietf-dnssd-srp-02 In general, this draft is very useful and well-written. I can see how it would integrate with Homenet, and support it. Comments: Section 2 / If the DNS Search List option contains more than one domain name, it MUST NOT be used. If neither option is available, the Service Registration protocol is not available on the local network./ Q. This covers if one source contains multiple names in the DNSSL, but what if the different sources of <domain> contain conflicting domains e.g. DHCPv4 option is inconsistent with RA? Q. Any special treatment needed? IPv6 preferred? /Anycasts are sent using UDP unless TCP is required due to the size of the update./ Q. Would a compliant server implementation have to support both? Q. Why only UDP and TCP transport, and not DNS over TLS ((7858) or DNS over HTTPS (8484) for example? Is this draft not actually just transport agnostic? /It is the responsibility of a Constrained-Node Network supporting SRP to provide appropriate anycast routing to deliver the DNS updates to the appropriate server./ Q. Do you want to add any additional text to constrain/filter the anycast scope? Would we want anycast traffic leaving the home? [privacy/security] Recommend setting a max TTL? ULA anycast rather than GUA? Further references to RFC7723 and detailed handling of the anycast address? Does the assignment have to be made in a standards track document or informational? Section 2.1 /The Host Description records for a service are a KEY RR, used to claim exclusive ownership of the service registration, and one or more RRs of type A or AAAA, giving the IPv4 or IPv6 address(es) of the host where the service resides./ Q. Does publishing a A or AAAA Host Description RR automatically mean that the SRP server will create an associated PTR RR for the reverse address-> name, does the client have to create this explicitly itself, or don't you care? Section 2.2 / SRP server handle rewriting that to a different domain if necessary./ How an SRP server re-writes is out of scope? TTL should also be copied in the rewriting? [include a forward pointer to 2.5] How to handle name clashes if there are multiple SRP servers on different technology segments re-writing to one common domain? SRP server acts as a proxy when re-writing, and if necessary, defends the existing name that has been learned from the other segments? (2.3.1) Section 2.3.1 What if the SIG0 matches, but the RR's don't e.g. if a node moves segments and changes IPv6 address? Over-write of existing records is explicitly allowed or denied? Or does the client need to explicitly delete it's old RR's itself first? [include a forward pointer to section 2.4.2] Any differences in how RCODE is specified compared to RFC2136? Dumb question: Are you overloading port 53? Is there any potential for confusion or conflict between an SRP server (DNS Update Lite) and a DNS server that supports full DNS update? SRP server only ever listens on the anycast address? -- regards, RayH <https://www.postbox-inc.com/?utm_source=email&utm_medium=siglink&utm_campaign=reach>
- [dnssd] Comments on draft-ietf-dnssd-srp Ray Hunter (v6ops)