Re: [homenet] New version draft-mglt-homenet-naming-architecture-dhc-options-02.txt

Douglas Otis <> Thu, 03 July 2014 21:44 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id F0FD41B29F5 for <>; Thu, 3 Jul 2014 14:44:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id cVfKXmHkrQQw for <>; Thu, 3 Jul 2014 14:44:02 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:400e:c03::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 4F51A1A03F4 for <>; Thu, 3 Jul 2014 14:44:02 -0700 (PDT)
Received: by with SMTP id eu11so863514pac.19 for <>; Thu, 03 Jul 2014 14:44:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=NIvbVBkZjfjdr4pXHgqfUaiLgWxRF+z++sR3iqlI6T8=; b=FXa+xs7hgScx86PxzxiLv8JW6WtUxr3TWNDwmxJBGHisRTEq5K0K16tNXbTEPlrzCJ lCCGZ6ZOvjdDS335kVfQnqiWRCVdyyuBu9ww0NxY1JOkiOpbeVydDYzLpzW7V2TnzSDM N9l1eeDhpC5rQFmYwk4qaHHvx4cAgsJQFuJog6EdlpuAVH44z3kooySqP/opRseeWoQj Fl7HdFDk9H3tDumRtkqGyXMP/ty+ApUw1t+3SdIFFvw7KEvuKjClXaqDTqYLvaqExy94 d2Rp9v+MUNo3rIg/YLI2Nfh+IolvsJdcBM0dNnXJZAGP06EroCtZ28aV/cQPQ9fWpPFi A4eg==
X-Received: by with SMTP id q7mr6500023pdj.79.1404423842036; Thu, 03 Jul 2014 14:44:02 -0700 (PDT)
Received: from [] ( []) by with ESMTPSA id ia2sm42045520pbb.32.2014. for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 03 Jul 2014 14:44:01 -0700 (PDT)
Content-Type: multipart/alternative; boundary="Apple-Mail=_03A912B7-9031-4E07-BBED-F7ADAFFC73F1"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Douglas Otis <>
In-Reply-To: <>
Date: Thu, 3 Jul 2014 14:43:59 -0700
Message-Id: <>
References: <> <> <> <> <> <> <>
To: Andrew Sullivan <>
X-Mailer: Apple Mail (2.1878.6)
Subject: Re: [homenet] New version draft-mglt-homenet-naming-architecture-dhc-options-02.txt
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 03 Jul 2014 21:44:05 -0000

On Jul 3, 2014, at 7:00 AM, Andrew Sullivan <>; wrote:

> On Thu, Jul 03, 2014 at 02:39:26PM +0200, Juliusz Chroboczek wrote:
>> I'm increasingly confused.  RFC 5625 is about proxying DNS requests from
>> the LAN.  Daniel's draft is about proxying dynamic DNS updates, right?
> Yes.  My impression is that the idea in Daniel's draft is that the ISP
> will take the load of most DNS queries, and will effectively mark a
> boundary of split-horizon, so that some names resolve both outside and
> inside the local network, and some will resolve only inside.  This is
> really a formalization of the way many CPE systems already work, where
> they update services like Dyn (full disclosure: my employer), no-ip,
> and so on.  The differences seem to be (1) that the relationship is
> somehow stapled to the ISP rather than to an outside service and (2)
> that the commands all flow over Dynamic Update as opposed to any other
> protocol.  Personally, I see the value in (2), but I'm worried about
> (1).  Thinking as a vendor, I note that (2) basically means ditching a
> lot of running code, although for a protocol I think is poorly
> designed.

Dear Andrew,

Since mDNS is unable to make determinations regarding the ability of a device to safely interact with the Internet, an overlay approach could be taken.  Although details are missing from the Hybrid Unicast/Multicast DNS-Based Service Discovery draft, use of ULAs can better establish a secure separation than can a split-horizon.  DNS was never intended to keep information private, especially within an environment having uncertain network boundaries with informal input schemes.  Use of ULAs can replicate the securities permitted by use of link-local by mDNS while also permitting continued operation when ISP up-links are disrupted. 

For some references see:

Douglas Otis