IETF Logo Mail Archive

Re: [homenet] Understanding DNS-SD hybrid proxying [was: Firewall hole punching]

Tim Chown <Tim.Chown@jisc.ac.uk> Thu, 24 November 2016 09:28 UTC

Return-Path: <tim.chown@jisc.ac.uk>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF131129ECF for <homenet@ietfa.amsl.com>; Thu, 24 Nov 2016 01:28:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.11
X-Spam-Level:
X-Spam-Status: No, score=-4.11 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=jisc365.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AhGpH5EGmZi1 for <homenet@ietfa.amsl.com>; Thu, 24 Nov 2016 01:28:48 -0800 (PST)
Received: from eu-smtp-delivery-189.mimecast.com (eu-smtp-delivery-189.mimecast.com [146.101.78.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A3288129ED1 for <homenet@ietf.org>; Thu, 24 Nov 2016 01:28:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jisc365.onmicrosoft.com; s=selector1-jisc-ac-uk; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=wrCGmdMzvvG7FblOJ1dHlv9IQWAkbgCYSYVAIKMAJUM=; b=hHDjEXXfax/YcV7sM5qCo3RwupW0rMqvA7modZekAX6/AmeITgMUl5/9Tw6soB+bfzgDR525quwnIlNJSC0QjMOjfLRTdpo+xInooyQtwa03CHhsY7QOQm2TJJT6zxl3euytzK9/Rz7iZzJx96bC/3AvlFkeKdiQuTE6h7Jw9ow=
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01lp0182.outbound.protection.outlook.com [213.199.154.182]) (Using TLS) by eu-smtp-1.mimecast.com with ESMTP id uk-mta-15-SatCUdw1NA6kwrNIrXx03Q-1; Thu, 24 Nov 2016 09:28:37 +0000
Received: from AM3PR07MB1140.eurprd07.prod.outlook.com (10.163.188.14) by AM3PR07MB1137.eurprd07.prod.outlook.com (10.163.188.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.747.5; Thu, 24 Nov 2016 09:28:36 +0000
Received: from AM3PR07MB1140.eurprd07.prod.outlook.com ([fe80::d9ee:f373:b37e:9c77]) by AM3PR07MB1140.eurprd07.prod.outlook.com ([fe80::d9ee:f373:b37e:9c77%15]) with mapi id 15.01.0734.007; Thu, 24 Nov 2016 09:28:36 +0000
From: Tim Chown <Tim.Chown@jisc.ac.uk>
To: Juliusz Chroboczek <jch@irif.fr>
Thread-Topic: [homenet] Understanding DNS-SD hybrid proxying [was: Firewall hole punching]
Thread-Index: AQHSRcI2UVM8ajH1zEeQJk5gd84MwqDn3roA
Date: Thu, 24 Nov 2016 09:28:36 +0000
Message-ID: <8F1D21A3-239F-43A3-B6B1-550F47CAF993@jisc.ac.uk>
References: <871syc54d1.wl-jch@pps.univ-paris-diderot.fr> <CAPt1N1=eXRBh6UqGGqUSK9cH_jY5MvPcE4MFZUPe2Z48LF7bkA@mail.gmail.com> <87lgwj504t.wl-jch@irif.fr> <CAPt1N1kDCMDBEpt7QYhHtPYjaMJAzw8G81=2y2f=y0ZProeCPA@mail.gmail.com> <13675.1479346312@dooku.sandelman.ca> <3B35AF68-4792-4B2A-8277-A7B49206581F@google.com> <74143607-B81E-4D4C-89D3-4754E0DA7DE1@jisc.ac.uk> <790beb67-a62e-b7dc-b64e-a3fcecfbdb12@mtcc.com> <87zikrihl7.wl-jch@irif.fr> <2EEB3CCD-3C25-4844-95B5-DDE31F982EA2@iki.fi> <87oa17i9eq.wl-jch@irif.fr> <2DAA6FEB-8C87-42DA-9465-E740669C563A@iki.fi> <7i37iinfoa.wl-jch@irif.fr>
In-Reply-To: <7i37iinfoa.wl-jch@irif.fr>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3251)
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [2001:a88:d510:1101:35ef:6bb7:c751:796]
x-ms-office365-filtering-correlation-id: 25f88bd6-c501-4942-ac8d-08d4144c4439
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001);SRVR:AM3PR07MB1137;
x-microsoft-exchange-diagnostics: 1; AM3PR07MB1137; 7:Eec8Iwgwm7/Yn/SVdyRO8vjtHt9umOqObXLPMrOEYVlqbfOGKv8kFXPNOatCDlTGcMfvE6RS7vRW20Jy7T3WJmV1PT0XyCbDpNuGD27hF39HcKH8UIM5nuwXBxCwPBdB7PBE36R8mQfi4S5FSFj7zRmY9bgQ0MKhUIrdyMDfJJjUmrkFo2O5Q2urgdpjt0tNF8pndFjQ2fzgj1JfA0Q5CZhFDmtnW0RnCBwEIklwiLOZDkBaCo+J4gfy4vgiZDoNCz5di3+tVvQHjy42L8ES1BFMJElLb4fGkF3LSmDobrQT+jja0gwlyFhA7N0ZEto6kyQshvs+uv6q+Z/UNHTDw/OU5f9MTEgm+TSbpVRw8s9V/YxxwOjfnglP/pCmY6oXnl31WbE04MEMCeCqY7IiHB977NexWOHYggbbyNw0VDFO6ELcTtXPvl2VClTgQNZZ4dW2IxJGmI0qp5Ao5BXLEg==; 20:XdRDT49usE9nyXMoTT6prW34vmo50z1Uqp6MA7B8dXmT1GAVnS561xLIVgJXHJxBphIGnxpoLmygdnIW65nYgDEdhhrbxsRV+9Qv+7SxoJz+BV+TR8f2Txj6xDuHLZQU+eVhpT976HjfjNnpy8mxR+9EOrL9Xo+I4tEAGnzvyGw=
x-microsoft-antispam-prvs: <AM3PR07MB11379413A8AA419B72FF03BAD6B60@AM3PR07MB1137.eurprd07.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6060326)(6045199)(6040361)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6041248)(6061324)(20161123555025)(20161123564025)(20161123560025)(20161123562025); SRVR:AM3PR07MB1137; BCL:0; PCL:0; RULEID:; SRVR:AM3PR07MB1137;
x-forefront-prvs: 0136C1DDA4
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(7916002)(199003)(189002)(51914003)(24454002)(76176999)(50226002)(39410400001)(68736007)(101416001)(57306001)(42882006)(8936002)(2950100002)(6116002)(81156014)(81166006)(7846002)(5660300001)(2900100001)(33656002)(106116001)(102836003)(38730400001)(110136003)(105586002)(92566002)(606004)(86362001)(106356001)(6916009)(36756003)(3660700001)(74482002)(93886004)(6506003)(4326007)(50986999)(97736004)(3280700002)(7906003)(7736002)(6512003)(2906002)(5250100002)(229853002)(83716003)(82746002)(39400400001)(39380400001)(189998001)(104396002); DIR:OUT; SFP:1101; SCL:1; SRVR:AM3PR07MB1137; H:AM3PR07MB1140.eurprd07.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
MIME-Version: 1.0
X-OriginatorOrg: jisc.ac.uk
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Nov 2016 09:28:36.0162 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 48f9394d-8a14-4d27-82a6-f35f12361205
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM3PR07MB1137
X-MC-Unique: SatCUdw1NA6kwrNIrXx03Q-1
Content-Type: multipart/alternative; boundary="_000_8F1D21A3239F43A3B6B1550F47CAF993jiscacuk_"
Archived-At: <https://mailarchive.ietf.org/arch/msg/homenet/uf6edGxQyPIY4XHS4k0cSJ0xYrw>
Cc: "homenet@ietf.org" <homenet@ietf.org>, Markus Stenberg <markus.stenberg@iki.fi>
Subject: Re: [homenet] Understanding DNS-SD hybrid proxying [was: Firewall hole punching]
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Nov 2016 09:28:51 -0000

On 23 Nov 2016, at 19:45, Juliusz Chroboczek <jch@irif.fr<mailto:jch@irif.fr>> wrote:

- ohybridproxy (only really scalable and sensible IPv6 rdns source that
I am aware of, given nodes talk mdns)

Noted, thanks for the opinion.  I still don't understand how it works (who
gets port 53?  how are data from multiple links merged?), but I intend to
do my homework.

I give dnsmasq port 53, and then have it forward queries for .home
(chuckle) and my IPv4/IPv6 reverses in .arpa-land to 127.0.0.1:54 where
ohp listens on my routers.

Ok, makes sense (except for the choice of 54).  Two more questions:

 - who merges data from multiple links?  (I'd wish that the hybrid
   proxies compute a minimal spanning tree and perform peer-to-peer
   magic, but I suspect you're generating a config file dynamically
   and restarting dnsmasq whenever the set of hybrid proxies changes.)

In dnssd we have the “stitching” topic on our plate, around operation of dns-sd in unmanaged multi-link networks.  So this is timely discussion.

We’re beginning work on a BCP for the use of the discovery/advertising proxy in enterprise/campus networks, where there is administrative configuration, and scalability is a concern. The stitching topic would likely form part of a corresponding BCP for unmanaged operation, as per a multi-link homenet.

 - who speaks mDNS?  The Hybrid proxies?  Or do they communicate with
   a dedicated mDNS speaker?

The proxies ask about (discover) services on the link(s) they serve on behalf of the (remote) querier. For general info on how dns-sd works, see https://tools.ietf.org/html/draft-ietf-dnssd-hybrid-05, Section 5 in particular.

For info the “hybrid proxy” has been renamed the “discovery proxy”, which will be reflected in the -06 draft, and Stuart will be publishing a separate “advertising proxy”, which will allow (remote) proxy advertisements of services in addition to proxy discovery of them.  For more info on that, see https://www.ietf.org/proceedings/97/slides/slides-97-dnssd-hybrid-proxy-00.pdf

The other thing to be aware of is that there is “long lived query” support for the proxies being defined via the DNS Push Notifications and DNS Session Signalling drafts (https://tools.ietf.org/html/draft-ietf-dnssd-push-09 and https://tools.ietf.org/html/draft-ietf-dnsop-session-signal-01). These allow clients to get timely notifications of changes.

Tim

v2.23.0 | Report a Bug | By Email