Re: [Geopriv] Proposal for LIS discovery (DNS)
Richard Barnes <rbarnes@bbn.com> Thu, 11 December 2008 21:36 UTC
Return-Path: <geopriv-bounces@ietf.org>
X-Original-To: geopriv-archive@megatron.ietf.org
Delivered-To: ietfarch-geopriv-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3BE143A6933; Thu, 11 Dec 2008 13:36:05 -0800 (PST)
X-Original-To: geopriv@core3.amsl.com
Delivered-To: geopriv@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5393A3A67AB for <geopriv@core3.amsl.com>; Thu, 11 Dec 2008 13:36:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KKqrcjrULvPZ for <geopriv@core3.amsl.com>; Thu, 11 Dec 2008 13:36:02 -0800 (PST)
Received: from mx3.bbn.com (mx3.bbn.com [128.33.1.81]) by core3.amsl.com (Postfix) with ESMTP id 8D28F3A6964 for <geopriv@ietf.org>; Thu, 11 Dec 2008 13:35:51 -0800 (PST)
Received: from col-dhcp33-244-182.bbn.com ([128.33.244.182]) by mx3.bbn.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63) (envelope-from <rbarnes@bbn.com>) id 1LAtCA-0007rP-Aj; Thu, 11 Dec 2008 16:35:42 -0500
Message-ID: <494187AD.9040200@bbn.com>
Date: Thu, 11 Dec 2008 16:35:41 -0500
From: Richard Barnes <rbarnes@bbn.com>
User-Agent: Thunderbird 2.0.0.18 (Macintosh/20081105)
MIME-Version: 1.0
To: Ray.Bellis@nominet.org.uk
References: <E51D5B15BFDEFD448F90BDD17D41CFF10526006B@AHQEX1.andrew.com> <492DF3C6.5090500@bbn.com> <OFFD6D86A7.D206C780-ON8025750E.00345D1D-8025750E.00355895@nominet.org.uk> <492EAE7A.7020304@bbn.com> <OF4823B440.6A60559F-ON8025750E.0057CE7E-8025750E.0058A8D2@nominet.org.uk>
In-Reply-To: <OF4823B440.6A60559F-ON8025750E.0057CE7E-8025750E.0058A8D2@nominet.org.uk>
Cc: geopriv@ietf.org
Subject: Re: [Geopriv] Proposal for LIS discovery (DNS)
X-BeenThere: geopriv@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Geographic Location/Privacy <geopriv.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/geopriv>, <mailto:geopriv-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/geopriv>
List-Post: <mailto:geopriv@ietf.org>
List-Help: <mailto:geopriv-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/geopriv>, <mailto:geopriv-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: geopriv-bounces@ietf.org
Errors-To: geopriv-bounces@ietf.org
Ray, I'm willing to grant that the local gateway shouldn't pass through option 15. My mistake. However, I still don't understand why it doesn't make sense for a host to use option 12 or option 15 to look for a LIS. Those domains are supposed to label the host (12) or local network (15), so wouldn't it make sense to use a query for those names to ask for information on those entities? Perhaps there's a disconnect here because the local network (in the sense of the entity that's providing DHC) isn't always the network that can sensibly provide a LIS. We've talked about this being the case when the layer-3 provider needs to talk (LIS-to-LIS) with a layer-2 provider. But it can also happen when the local network delegates positioning to an upstream provider, as when a home LAN (with its own DHCP) relies on a broadband provider for positioning. Even in these cases, I think it still makes sense for a host to use the name of the local network to discover the local (possibly delegated) LIS. It is, however, the responsibility of the local network to enable this delegation by redirecting clients appropriately. There are several ways to effect this delegation, many of which don't meet Barbara's "unmodified gateway/CPE" requirement. One option that seems appealing for me is for the gateway to do LIS discovery upstream, and use the result to act to answer NAPTR queries for its own domain (acting as a DNS proxy). It's harder when the gateway is completely oblivious, especially given that lots of gateway manufacturers set all their devices to return the same value in option 15. In this case, the responsibility for delegation is on the gateway vendor to answer NAPTR queries to the appropriate domain(s), but they could still use those answers to delegate to the appropriate upstream networks (and here those NAPTR records in in-addr.arpa might actually be helpful!). --Richard Ray.Bellis@nominet.org.uk wrote: >> I didn't mean to say "if you use Option 15, then you MUST provision >> NAPTR records". The MUSTs only apply if the access network wants to >> enable DNS-based discovery (and maybe they're SHOULDs). > > That's sort of the point. There is _no_ guaranteed linkage between the > access network and the domain names used by the end-user within the LAN. > DNS based discovery based on the RDATA of a PTR record could never work > reliably. > > Putting NAPTR records directly into in-addr.arpa (looked up based on a > STUN/UPnP discovered WAN address) might work better, although there'd > still be issues where the customer has a routed CIDR block and the ISP has > delegated some part of in-addr.arpa directly to the end-user. > >> Were you thinking about a network that supports DNS-based discovery, but > >> doesn't use DHCP to distribute the domain name to clients? (I imagine >> this is one way you could hack around the "belkin" issue below.) You're > >> right that argues for the MUSTs to be SHOULDs (at least the first one). >> >> But even in that case, the network operator should be aware that clients > >> on their network that don't have the static domain configured are still >> going to try the domain they get from option 15 first. > > I strongly believe option 15 should not be used. > > 1. It's an abuse of the option > 2. It relies on the incorrect assumption above > >> One other thing that would be helpful to add (maybe in S6) is some >> guidance for middle-box makers on how to do better than this. If the >> gateway is provisioned over PPP, maybe you can't do much better, but if >> the gateway is getting option 15 on its upstream/public face, then it >> MUST pass it through to option 15 on the downstream/private face. > > I've already written a draft about middle-box behaviour > (draft-bellis-dnsext-dnsproxy-00) which will be available as > draft-ietf-dnsext-proxy-00 any day now. > > Middle boxes absolutely must NOT copy option 15 from WAN DHCP into LAN > DHCP. Option 15 is intended for site-network configuration, not access > provider configuration. > > Ray > _______________________________________________ Geopriv mailing list Geopriv@ietf.org https://www.ietf.org/mailman/listinfo/geopriv
- [Geopriv] Proposal for LIS discovery (DNS) Thomson, Martin
- Re: [Geopriv] Proposal for LIS discovery (DNS) Richard Barnes
- Re: [Geopriv] Proposal for LIS discovery (DNS) Ray.Bellis
- Re: [Geopriv] Proposal for LIS discovery (DNS) Richard Barnes
- Re: [Geopriv] Proposal for LIS discovery (DNS) Ray.Bellis
- Re: [Geopriv] Proposal for LIS discovery (DNS) Stark, Barbara
- Re: [Geopriv] Proposal for LIS discovery (DNS) Thomson, Martin
- Re: [Geopriv] Proposal for LIS discovery (DNS) Richard Barnes
- Re: [Geopriv] Proposal for LIS discovery (DNS) Thomson, Martin
- Re: [Geopriv] Proposal for LIS discovery (DNS) Richard Barnes
- Re: [Geopriv] Proposal for LIS discovery (DNS) Thomson, Martin
- Re: [Geopriv] Proposal for LIS discovery (DNS) Ray.Bellis