IETF Logo Mail Archive

Re: [dnssd] Strategy of advertising proxy for hostname conflicts during key lease period? (draft-ietf-dnssd-advertising-proxy-00)

Esko Dijk <esko.dijk@iotconsultancy.nl> Thu, 16 June 2022 13:03 UTC

Return-Path: <esko.dijk@iotconsultancy.nl>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 84B10C14F6E5 for <dnssd@ietfa.amsl.com>; Thu, 16 Jun 2022 06:03:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.109
X-Spam-Level:
X-Spam-Status: No, score=-7.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=iotconsultancy.nl
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XvIIp4jwv3Gg for <dnssd@ietfa.amsl.com>; Thu, 16 Jun 2022 06:03:52 -0700 (PDT)
Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-he1eur02on072e.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe05::72e]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AFE7AC14F737 for <dnssd@ietf.org>; Thu, 16 Jun 2022 06:03:50 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Y5WJxJSCpgmjcA6hUssSu++1qRRhroAWuoE8Fv3tVkMxDs+18SFxIWJDJ7GL9QvVIEndCzbpRKqn6nydJmvkdpjpcJ6jsSDaXsy9Bc71sYUbQghUZOJVAj2QdnhqWVqYDvIAo5h63XQuXXn8UHGKs+jVM6QVEmTlHJbIouBCMALD2iV8AkLl6KMEelM0SQULZKyySfqjyICqa6EHuODfcU45b3C1Hkujn6eEDOVqlC75wuu+6IltBccM/l+u6nIM/vcWehqNzXUUp0f2nZAV5Xkqw/8Nusl+L0x4MBGl/JVFQActVcD6+nc7hzevYcf8/8Tfh5pgPZG9w1KRzOUV2A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ZcJ3E1UKpHMqBHXqcR4Ue2gmkc9vKqpn/8tf/fFYBaU=; b=MO6zN+DeRkEu9sYWOUOio0PaaqGlbwuWyNU9kc+fcX+hO1sTKYYbAZJ9WUaODBbDHBvqLSuxKch1mtjvWike6rEZwIJ08TdW3Y9lyDhb7gwfyF20RvTTi9pYJDZQUI46946y+ZL0RqJipfAPCoEJZQLYAUiE1mtIyvfV7hTIloIUoUmnEC36rosY3fNVFuKlOpx0TEvQWbbgZEH7dZNfAbRHYKjOqrARUflgu7kQOmQgGkxjCOaPmVstZu27g6vb56x2crbtO/q7k9djQEbrrXHBNnCBvyJeYDFHnU7CmvEXHLwZbVbD8RJJ2oC4WaLBuCeBMEGMHKshyPSn3g1GUg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=iotconsultancy.nl; dmarc=pass action=none header.from=iotconsultancy.nl; dkim=pass header.d=iotconsultancy.nl; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iotconsultancy.nl; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZcJ3E1UKpHMqBHXqcR4Ue2gmkc9vKqpn/8tf/fFYBaU=; b=W8ikY2tnT9DpIN635+y1k2rMKzmlqgrRPxrubUJFnUCNnPCOwTB60PMYIRyzIjACAnlVvskN3LOZrZ4uaESfjZKWMS7Yz3E0Y3DidDau7+6zx/K45dyEHxY5wntCmPpsghYzyuroz9UtGrBP7w/yaISeeXw8+fIAy//B0TtT8RA=
Received: from DU0P190MB1978.EURP190.PROD.OUTLOOK.COM (2603:10a6:10:3b9::20) by DB9P190MB1769.EURP190.PROD.OUTLOOK.COM (2603:10a6:10:325::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5332.22; Thu, 16 Jun 2022 13:03:45 +0000
Received: from DU0P190MB1978.EURP190.PROD.OUTLOOK.COM ([fe80::50a1:9a72:f2e6:587e]) by DU0P190MB1978.EURP190.PROD.OUTLOOK.COM ([fe80::50a1:9a72:f2e6:587e%5]) with mapi id 15.20.5353.013; Thu, 16 Jun 2022 13:03:45 +0000
From: Esko Dijk <esko.dijk@iotconsultancy.nl>
To: "dnssd@ietf.org" <dnssd@ietf.org>
CC: Ted Lemon <mellon@fugue.com>
Thread-Topic: [dnssd] Strategy of advertising proxy for hostname conflicts during key lease period? (draft-ietf-dnssd-advertising-proxy-00)
Thread-Index: Adh7PAzPUxhdnq2hQTGOWDMt+PT2qAAK8Y8AACAeQUABZa7PMA==
Date: Thu, 16 Jun 2022 13:03:45 +0000
Message-ID: <DU0P190MB1978B2BF4465D735DF2FC24BFDAC9@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM>
References: <DU0P190MB1978D4C3F784B67C8AF39A7DFDA49@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM> <CAPt1N1nFYVMYiEuhSM4Kuickvb2VBgyanEV=VgGtX996oZW5EA@mail.gmail.com> <DU0P190MB197866CA95A9ABBB013ED9D9FDA79@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM>
In-Reply-To: <DU0P190MB197866CA95A9ABBB013ED9D9FDA79@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=iotconsultancy.nl;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 34b8095c-78eb-4d6f-aca5-08da4f98a56e
x-ms-traffictypediagnostic: DB9P190MB1769:EE_
x-microsoft-antispam-prvs: <DB9P190MB176900AF54EDFAFDE5872D8DFDAC9@DB9P190MB1769.EURP190.PROD.OUTLOOK.COM>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: l9CmjAy9+Luk7jsYZo3Cspx7RWnDMZ9HiSnoVi/0MlLp8zvOaCDc5ScSnYJL/7rvjUDH6srHMYidODxZAGZpPDctALKbhYAlnYIIjRjie5RZdNxnQx516GPn0+xJsfCTX05EiTTuKDjbeI6+d0GGqC+ZIrvs0KFdQU+7aY6i7m4kLedI+fiPM05u9CSSigfmxs8M4iRNY6cX8HkNbP4xK4XJt84kK4CME/CQSM8WP3mFgKAKE8cr8gJBMI45gOWZCgsQk6qJ9XJAbRHhuxyRTcORTCn8gtMjiWRwjjU0XqSgXxeU5Uy+nJl4rlEuICrtedLqjX3mtxixecGW3Kd1azOZkITNKS9kLqVcawcgsxfsUrfGP1we2JAdnpGa1v6lYtYAOop3kFW490VTle7FC0Ezfg5GrhP7douUe6RqUHdSIkbk3nVEhrsgmDNOSpkJh9kuIc9dNnj6/cshykA938eOKDni8DPUKTF6JvFBS8dF/zK3YD/ECcLoSnxReoc6JeqpvGqVrIKrwiYuYNIaWHoXPjuaRNVI20bRDFIAgybsHe3G/JY8ENdm/er3Hy02t0P0uH05L0lUxFu/ppC7+rgw6PFEZRhO/c5R8A3kjCwnBwJEHQu0qhGR6jLHDyT8cvWuuuVYCWvk6IaMLmaf+wcTbO8FZ4UgKhg7BbeTUV+WHnGLL4aPZG8VL+wjz/x3GvzGhnKYxhj2L0Je/Djp1f7GYl+38xJyv3LGjppTgpuIqDt0EeMdx96JVnbILeUso4MW2eoOPWq7QiiYEeDjUqMVZ4AtwWPqebIl2HXWnQg=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DU0P190MB1978.EURP190.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230016)(396003)(346002)(136003)(366004)(39830400003)(86362001)(26005)(66446008)(9686003)(122000001)(6506007)(52536014)(53546011)(166002)(7696005)(41300700001)(186003)(38070700005)(8936002)(83380400001)(66946007)(66556008)(8676002)(5660300002)(33656002)(6916009)(44832011)(4326008)(66476007)(38100700002)(508600001)(966005)(55016003)(316002)(71200400001)(76116006)(64756008)(2906002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: ArA6v+ejeOwFWY+spo7Yx+RxPlqWQfaOIAtV8MK4HPBAf29wlBWhcoCp8C99MJJ9RIZ0oQ5b/lpSG0A88pMOllvfDxL627D1HPJz1FNwmbkTMJuMH3w2SJBUq/oA4V+weFoK4AXJdxaJZTuk7YERQ68her3zTy7Tl+BMsmHxYYBEKXDJbh3/hpZEUCAyFCfMxU+k953UFydvljdJ8kSzNMEHRTGga0GUoQwbnPW31Nu8CuVT6GDOfv3enxY8lYA+Q07LHv003/0neyubhbGGTpmbpwV6LjiN9p0L5dpEfUkJh7CHWeJ4rROyDj+gJiSz/lTaAOyiAN9eZa4gItDb7NyKuwXx0aJFS/2ktlfN1BR+Wmz78UGcEqvLVQKqrSnGdr6oLYyxklvRGuT0jom9jx6w2XJmzX9ybmtXd1RyhUvGFY/QthWobf6kie9OkOaLnDURNty7NcspNUkeUTR1MyeS7OOQj3KYmTJzUJN7yTr8Y2mjvRuRdxeGLIdTbWb9MXuK9LR6pnpuIxHOszg5aRAnuf6TzSfLl1/5npYmeMRZzga7FnjrZoCi53qJhT3AYiF9HnULu6ff5qKRHM/ajHBDRalTyj4XpcD9ZWPckgPNXE0woV9xOMVLSu86FN9clEFysBrbJ6qmtITghhbsyPl3cX63Rvo96l4MS56xZao5xvK03Bf25yQ0VJzW0Kxwx+cFe02kJ4boYLc4g0Sgl4joAheiteJ03UCChErNZ0Cgb2gBMW0HnVLZj/kYQIneHMNF/2sKYtPQbUnvmpbS3bqYAMvGieBU/kN0IzZqMX4hqWnlDsEOxEn2Xyb2uaCantbootUtQja7o5vcE0rTLe9lVJJo0l5JLREkRifwz1Wuuc8S1dhTDn39c9QCCnhtyl1497HC/gHwwv4Co3LNMi65zIYpN92jHF9sDc0lHUOm1u8jkEmYXzhbUo2bLndjwRFZUBttBbCmSX5Q6NX5lYwOy+pcEh5EsNwNax/H0rl4eKjAKpjxmhXBCYw8m1cIOYWpUQisoVbDH1AZgPnzK2lTPMdSK1ilZqifhegJIXWa7mlIylj6ayJcKnQ4nY/zqqQmsub9andDU3TUls2Yw1G6vuc8pWrJ+T9v2k5T5M8L2eu1GohXEW3eS8YJQF3d4tIA5mle6IuhSekDkfpZmBY/WxnhSlpp3vepdOrK9scgNuv3VF4f8THtmG6pqEsYUSQHEr1RN4V0H3SekUnxqsH2OY8J7YiJtMbxJCeq300Kf9/XBc5NowDu8B/lgeQF0yZOcDC/vNF8INOzELzad1BHALiepyU46frEsVWb+1ak15XPvxORTmG0eq5ro3AvAVVa4MCN7g7y9crqHM5nfIcm8miFjld4qS0k03+0IvvGy9od/fsLMS85g3L1gvJKDKXn6g6OjPURDrxcVB4qP/TmPPxuoWccjbocCLD1NcJze36EGDSNo0dC0sfae/EE9bVqj/oQGYTCPCj9DBWFCTCCr5AdgnqVugg5EG4RsBsP/cfwfnlqtphi3PYFkT7001nrAtmUpIWYATQ9mHeNx9kC/XdTK+uNG+t7gC0Cvr2znj5pTMkFWkoPnmns03QBr8Lj9DgT+b4MMjeLlBarGafbL3wftyHEffpTxBIDzC5tnRK5W3oMSMCwW/HQPkExOViVFEQzT0AY9y91i792AnjXTXfEbxZ1m42xNsDPGsoP3luv7neOoaNBtU8layC+rLp73EtcCOzRmdUGWHx8gDPJ0NYIrDXxRLw4BtwFFpQ=
Content-Type: multipart/alternative; boundary="_000_DU0P190MB1978B2BF4465D735DF2FC24BFDAC9DU0P190MB1978EURP_"
MIME-Version: 1.0
X-OriginatorOrg: iotconsultancy.nl
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DU0P190MB1978.EURP190.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 34b8095c-78eb-4d6f-aca5-08da4f98a56e
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Jun 2022 13:03:45.4994 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 58bbf628-15d2-46bc-820b-863b6774d44b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: /57d/SpeNg2nhmDdor/L2wF2f22ugys4VnrpZgfapZnVEY953XaZBYhSDRPEW6yinIsz+1L2Jdi/NyiAK52jeReYNN122bGi5PA5P1BCiKc=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9P190MB1769
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnssd/wTNCk4ui4JEE9SGKvNgVK8otutE>
Subject: Re: [dnssd] Strategy of advertising proxy for hostname conflicts during key lease period? (draft-ietf-dnssd-advertising-proxy-00)
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Discussion of extensions to DNS-based service discovery for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jun 2022 13:03:56 -0000

FYI - I’m now assuming the following behavior of an advertising proxy, for an incoming mDNS query. This is for the case  there’s only a single registered (SRP) service that is expired; and host lease is also expired at the same time. And the host’s key-lease is still active:


  *   QTYPE = PTR , QNAME=<service instance name or service type name> : No response
  *   QTYPE = SRV, QNAME=<service instance name or service type name> : No response
  *   QTYPE = ANY, QNAME=<service instance name or service type name> : No response
  *   QTYPE = AAAA, QNAME=<host name> : Response with success (NoError) status and 0 answer records
  *   QTYPE = ANY, QNAME=<host name> : Respond with KEY record for <host name>.local
  *   QTYPE = KEY, QNAME=<host name> : Respond with KEY record for <host name>.local


Same case but when using the authoritative DNS server on the same host, for an incoming unicast DNS query:


  *   QTYPE = PTR , QNAME=<service instance name or service type name> : Respond NXDOMAIN
  *   QTYPE = SRV, QNAME=<service instance name or service type name> : Respond NXDOMAIN
  *   QTYPE = ANY, QNAME=<service instance name or service type name> : Respond NXDOMAIN
  *   QTYPE = AAAA, QNAME=<host name> : Response with success (NoError) status and 0 answer records
  *   QTYPE = ANY, QNAME=<host name> : Respond with KEY record for <host name>.default.service.arpa
  *   QTYPE = KEY, QNAME=<host name> : Respond with KEY record for <host name>.default.service.arpa

Esko

From: dnssd <dnssd-bounces@ietf.org> On Behalf Of Esko Dijk
Sent: Thursday, June 9, 2022 12:14
To: Ted Lemon <mellon@fugue.com>
Cc: dnssd@ietf.org
Subject: Re: [dnssd] Strategy of advertising proxy for hostname conflicts during key lease period? (draft-ietf-dnssd-advertising-proxy-00)

That sounds like a good approach. So a potential competitor would first send a probe-query for the hostname with rrtype “ANY”; and then the advertising proxy would respond with its answer including the hostname and an rrtype “KEY’ record  - is that correct?

Does this also mean the SRP server will answer DNS unicast queries for this hostname and e.g. rrtype ANY, with the KEY record? While the key lease is still valid.

Esko

From: Ted Lemon <mellon@fugue.com<mailto:mellon@fugue.com>>
Sent: Wednesday, June 8, 2022 20:45
To: Esko Dijk <esko.dijk@iotconsultancy.nl<mailto:esko.dijk@iotconsultancy.nl>>
Cc: dnssd@ietf.org<mailto:dnssd@ietf.org>
Subject: Re: [dnssd] Strategy of advertising proxy for hostname conflicts during key lease period? (draft-ietf-dnssd-advertising-proxy-00)

You are correct. Fortunately, we always have a KEY record that we can publish on the owner name. This is what the advertising proxy should do to defend the name. If some non-SRP service tries to register the name, it will get a hostname conflict.

On Wed, Jun 8, 2022 at 9:36 AM Esko Dijk <esko.dijk@iotconsultancy.nl<mailto:esko.dijk@iotconsultancy.nl>> wrote:
Hi all,

Something that could be added to draft-ietf-dnssd-advertising-proxy-00 is the handling of hostname conflicts; and how an advertising proxy would “defend” an SRP registration on the mDNS link side. (There was a previous thread on this too.)

In particular, what if a host registration has already expired but the key-lease is still active? In SRP, then no-one else can claim this hostname. But in mDNS, we don’t seem to have such mechanism i.e. the advertising proxy doesn’t “defend” the hostname registration on the mDNS link. Or does it?
So it could happen that this hostname is claimed on the mDNS side by an mDNS native device, even though a particular SRP client still has the key-lease on this name.

The original name owner (SRP client) could later come back online and it may need to claim the name again – conflicting with the mDNS link.

Best regards
Esko

IoTconsultancy.nl  |  Email/Teams: esko.dijk@iotconsultancy.nl<mailto:esko.dijk@iotconsultancy.nl>    |   +31 6 2385 8339

_______________________________________________
dnssd mailing list
dnssd@ietf.org<mailto:dnssd@ietf.org>
https://www.ietf.org/mailman/listinfo/dnssd

v2.23.0 | Report a Bug | By Email