Re: [homenet] Updating DNS [was: How many people have installed the homenet code?]

Tim Chown <> Wed, 11 May 2016 14:40 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id D2AF412D09C for <>; Wed, 11 May 2016 07:40:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.11
X-Spam-Status: No, score=-4.11 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=fail (1024-bit key) reason="fail (body has been altered)"
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id XSWn9n4xCPrL for <>; Wed, 11 May 2016 07:40:26 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 65D0A12DAAC for <>; Wed, 11 May 2016 07:40:25 -0700 (PDT)
Received: from ( []) (Using TLS) by with ESMTP id uk-mta-22-fXmR85QGSbqdijylWGHUUw-1; Wed, 11 May 2016 15:40:16 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector1-jisc-ac-uk; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=nZ8RaVq6qb19Bz08Yzw1mhPDT2bX/LVISFvW3ct54bg=; b=U4CurcG56QcvZz9rCm7QKGtzMFtKBUCig/tlBOSadvkobB5kTXbnQAriw4BxKmvLPUgCdLl8/L0c6WIGydw6X7o4Uy2yd+m4BejHDrz5hXgYaDhwopoktgXTF63xE+TeZbckk8/H2Tq/vnwmiig5WhTzjL7x3PAUG0nb6amUa2w=
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.1.492.11; Wed, 11 May 2016 14:40:09 +0000
Received: from ([]) by ([]) with mapi id 15.01.0492.016; Wed, 11 May 2016 14:40:09 +0000
From: Tim Chown <>
To: "Ray Hunter (v6ops)" <>
Thread-Topic: [homenet] Updating DNS [was: How many people have installed the homenet code?]
Thread-Index: AQHRpsXbmA7UhtPWP02AZdWH+hpp/p+Z6dOAgBBUBQCACY/egIAACsUA
Date: Wed, 11 May 2016 14:40:09 +0000
Message-ID: <>
References: <> <> <> <> <> <> <> <> <> <> <> <> <EMEW3|87dc38b1e390496e02166dafe2490d8as44D0U03tjc||> <>
In-Reply-To: <>
Accept-Language: en-GB, en-US
Content-Language: en-US
x-mailer: Apple Mail (2.3124)
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: []
x-ms-office365-filtering-correlation-id: 18326950-0660-49d5-4258-08d379aa26ec
x-microsoft-exchange-diagnostics: 1; AMSPR07MB456; 5:QAayIipBp4q5K/oKRrg0I5b9jR/YOPICOCppUz2bTfDPb9rST06xJVPn/dFV/IfS9CcUF7qhAl/zs/79Xht4PjoYZoqkB1rQnqmpekwhDsGDogNlM+cgZOrN4+TB4EuNpNErKUlVnWH2/oNaa7hU/w==; 24:NQrXwHqmRaTyJ28aBl7SKkOLoO4UCWBmCSx1w40CBAcDxfY5gJLWd5qQq0bPqXcgLrtT5WDQGB6zZzlyrB7YRZpmVWiP3ha+4gnzUM71Un8=; 7:YCMtO6O9qKcrucqdHnFQZaELzqoOAFRmnO6GezesBTzMapktCN6oe35s9NT1LWJrrq1FMRWLGZFgiGOBX/6WJL1owCJ/EgKFwuG82EFP1JH7wUNLkorNH297FdCqsR9OYzJUxdqVamM+V1K8LqoRaEYRdUk44+ICyHa8sIjULDpx7olSuBPsBA6h4ErVCPys; 20:VIdjvy3HmWm4TsOioTStyw7Z65Xt1MKZVWsTk3waDd85stEQSn61sGkm+6mIw5SFz9D2rTlJlVt1s2zAHB56Az4V7VxjQ7he7TWM+l94T83fcmmn0nltf5k2aorZefHsXNzbpu+njj5tPJNKAini8TLVHrTKhPmMVhhNNxXufQ8=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:AMSPR07MB456;
x-microsoft-antispam-prvs: <>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001); SRVR:AMSPR07MB456; BCL:0; PCL:0; RULEID:; SRVR:AMSPR07MB456;
x-forefront-prvs: 0939529DE2
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(377454003)(24454002)(106116001)(110136002)(189998001)(5008740100001)(122556002)(86362001)(93886004)(50226002)(87936001)(92566002)(11100500001)(8936002)(19580405001)(81166006)(2950100001)(19617315012)(2900100001)(19580395003)(33656002)(66066001)(5004730100002)(5002640100001)(50986999)(76176999)(15975445007)(3280700002)(4326007)(77096005)(586003)(16236675004)(74482002)(10400500002)(3660700001)(6116002)(3846002)(102836003)(57306001)(1220700001)(2906002)(36756003)(104396002); DIR:OUT; SFP:1101; SCL:1; SRVR:AMSPR07MB456;; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 May 2016 14:40:09.2697 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 48f9394d-8a14-4d27-82a6-f35f12361205
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AMSPR07MB456
X-MC-Unique: fXmR85QGSbqdijylWGHUUw-1
Content-Type: multipart/alternative; boundary="_000_CC7597904F9B47B8A42CA85F78AC9773jiscacuk_"
Archived-At: <>
Cc: "" <>, Markus Stenberg <>, Ted Lemon <>, Juliusz Chroboczek <>
Subject: Re: [homenet] Updating DNS [was: How many people have installed the homenet code?]
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF Homenet WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 11 May 2016 14:40:30 -0000

Hi Ray,

On 11 May 2016, at 15:01, Ray Hunter (v6ops) <<>> wrote:

Tim Chown wrote:
On 25 Apr 2016, at 03:39, Ted Lemon <<>> wrote:

On Sun, Apr 24, 2016 at 12:29 PM, Juliusz Chroboczek <<>> wrote:
> Juliusz, the problem is that existing home network devices that do
> DNS-based service discovery do not support DNS update. They could, but
> they don't, because we didn't define an easy way for them to do it.

I'd be grateful if you could expand on that.  Why can't we define a way
for clients to do DDNS?

We can and should.   The problem is that we won't see that code ship in new devices anytime soon, so we still have to make mDNS work.

And this is why the dnssd WG is focused on making mDNS work on multi-subnet networks.
That to me seems to be putting pragmatism before requirements.

To an extent it is. The Bonjour protocols are much more widely implemented and deployed than DNS Update.

I'm not entirely convinced by the dnssd work, and have said so on the relevant WG.

Do you mean the need for it based on Bonjour, or the solution given we’re building on that?

Note that one requirement was that other SD protocols could be integrated into the hybrid proxy model. That’s still possible, but no one has expressed any interest as yet.

But Ted has raised the question of DNS Update there, and we agreed in BA that we’d accept a draft on issues around coexistence of mDNS and DNS Update.
If "it" (multi-subnet mDNS) is going to cause more issues down the line, is it sensible to pull this into Homenet now?

I think this is why Ted is doing what he is doing.  Homenet is a different environment - smaller and unmanaged, generally.

Is that the intended question to be answered by that draft?

The question is what happens in environments where both might mix.  Well, that’s one question.  Ted offered to draft a -00 on that topic, in one of his spare moments ;)

> Just 2136 isn't enfough, because there's no authentication scheme,

I don't understand this argument.  How is non-secured DDNS any less secure
than mDNS?  What am I missing?

This is an implementation issue, not a security issue--sorry for not making that clear.   In order to preserve the same security characteristics that mDNS has, we have to ensure that the update actually originated on the local link, which requires a different sort of listener than is present in a typical DNS server.   And existing DNS servers typically don't have any way to support unauthenticated updates on a first-come, first-served basis, so if you allow unauthenticated updates, you don't have any way to avoid collisions.   Otherwise you are correct.   The answer is to write a document that describes how to do that, and if you read the homenet naming arch document, you can see that I actually sketched out a solution there, which I expect to go in a different document, likely in a different working group.

There are many worms in that can :)
I understand that this is potentially a huge can of worms, but if no one opens it, it'll never get solved.

So my preference would be to write down what we want in Homenet (in the naming architecture document, in a technology-agnostic way), analyse the gaps against competing current technologies, and then see what people propose to close those gaps.

That sounds like a good start.

If multi-subnet mDNS comes out a clear winner, then I'll shut up.

But I'm not even convinced that the gaps are understood/ documented at this time.

No, and I agree there. But that doesn’t preclude delivering the hybrid proxy model, which is certainly applicable in campus environments (and was in response in part to an educause petition), and for which Markus has presented a draft for how that model could work in homenets.


Oh, sure, we Poles are not quite as pessimistic as the Finns.  I'm
actually of a divided mind here -- I rather like distributed solutions
(hence prefer mDNS to DDNS) but dislike proxying.  Part of me just wishes
we'd mandate site-local multicast and do mDNS over that

The problem with site-local multicast for mDNS is that multicast isn't a great solution even on the local wire when that wire is wireless.    And, you have to do modify the client anyway.

Indeed; this was discussed early on in the dnssd WG, and not considered for those reasons.

Furthermore, if you consider the mdns hybrid proxy stateless, then you can have a DNS server that is roughly that stateless too.   I think it provides better service continuity if you are willing to retain some state, but everything will still work even if you don't, just as the hybrid proxy does.



homenet mailing list<>

homenet mailing list<>