IETF Logo Mail Archive

Re: [mdnsext] mDNSext features/requirements rollup

vortex <vortex@networkcommons.org> Tue, 29 January 2013 19:34 UTC

Return-Path: <vortex@networkcommons.org>
X-Original-To: mdnsext@ietfa.amsl.com
Delivered-To: mdnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41A8521F87B3 for <mdnsext@ietfa.amsl.com>; Tue, 29 Jan 2013 11:34:10 -0800 (PST)
X-Quarantine-ID: <TnXHAdPKcxNz>
X-Virus-Scanned: amavisd-new at amsl.com
X-Amavis-Alert: BAD HEADER SECTION, Duplicate header field: "Subject"
X-Spam-Flag: NO
X-Spam-Score: 1.097
X-Spam-Level: *
X-Spam-Status: No, score=1.097 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HEADER_COUNT_SUBJECT=3.096, J_CHICKENPOX_13=0.6]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TnXHAdPKcxNz for <mdnsext@ietfa.amsl.com>; Tue, 29 Jan 2013 11:34:09 -0800 (PST)
Received: from abulafia.free2air.net (abulafia.free2air.net [87.106.251.70]) by ietfa.amsl.com (Postfix) with ESMTP id 2C93F21F86B7 for <mdnsext@ietf.org>; Tue, 29 Jan 2013 11:34:09 -0800 (PST)
Received: from host86-178-159-153.range86-178.btcentralplus.com ([86.178.159.153] helo=[192.168.1.64]) by abulafia.free2air.net with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63) (envelope-from <vortex@networkcommons.org>) id 1U0GwX-0000s5-Fj for mdnsext@ietf.org; Tue, 29 Jan 2013 19:34:07 +0000
Message-ID: <51082424.9090404@networkcommons.org>
Date: Tue, 29 Jan 2013 19:33:56 +0000
From: vortex <vortex@networkcommons.org>
Organization: free2air
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130107 Thunderbird/17.0.2
MIME-Version: 1.0
To: mdnsext@ietf.org
References: <mailman.97.1359403423.10833.mdnsext@ietf.org> <D99048ACAF96354EBFD6A811E3C65ACD10977A7C@CH1PRD0811MB407.namprd08.prod.outlook.com> <1359484752.31527.140661184088257.2DD91FC3@webmail.messagingengine.com>
In-Reply-To: <1359484752.31527.140661184088257.2DD91FC3@webmail.messagingengine.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Subject: Re: [mdnsext] mDNSext features/requirements rollup
X-BeenThere: mdnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: vortex@networkcommons.org
List-Id: "Discussion of extensions to Bonjour \(mDNS and DNS-SD\) for routed networks." <mdnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mdnsext>, <mailto:mdnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mdnsext>
List-Post: <mailto:mdnsext@ietf.org>
List-Help: <mailto:mdnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mdnsext>, <mailto:mdnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Jan 2013 19:34:10 -0000

The problem has been that the POSIX and non-apple WAB component for
read/write DNS-SD under the bonjour stack has been broken and ignored
for years.

Integrating mDNS & WAB has been close on impossible because of this
(reference all the frustrations on the bonjour-dev mailing list without
resolution, again, it's been years!).

Alternate stacks such as avahi (non-cross platform) have waited for
"vital" security implementations for DNSSEC before implementing write
enabled DNS-SD (a big mistake IMHO!), and because DNSSEC is so hairy
this has not happened either (on their roadmap unimplemented/delayed for
years).

WAB & m~DNS has had the potential to be an exciting cross platform
Internet-wide resource publishing and discovery mechanism, but their
seems little interest in the past to make this happen,

Regards to all,

.v

On 29/01/2013 18:39, nudge wrote:
> On Tue, Jan 29, 2013, at 07:07 PM, Alf Watt wrote:
>>
>> I think Andrew's point is worth taking the time to seriously consider. We
>> already have dynamic DNS update but as previously mentioned configuration
>> of the DNS server and it's clients out has proven to be either too
>> difficult or not of interest to various OS vendors.
>>
>> It's worth mentioning that Apple has all the parts in place to pull this
>> off:
>>
>> - A Server OS with an embedded DNS server which they provide a UI to
>> manage
>> - Traditional and Mobile Clients with mDNSResolvers running on them
>> - A profile distribution system which make pushing configuration options
>> including keys easy
>>
>> Given the will to get the features implemented Apple could solve part of
>> the problem this without any changes to mdns.
>>
>> There are still things that fall outside of that scope which we should
>> consider, but ignoring the opportunity to uses the existing protocols
>> seems like a lot of effort to reproduce work that already exists.
>>
>> Best,
>> Alf
>>
> 
> As someone who successfully tested and implemented WAB with TSIG
> protected updates[1] in an Apple environment about a year or so ago, I
> would tend to agree. It wasn't as difficult as I imagined partly because
> of a lack of documentation. Of course, things have changed since and I
> need to test again soon. But back then you had to front-end named with
> dnsextd if you needed llq (obviously you do). If that's still true it
> blocks other useful stuff such as rpz and rrl and needs fixing IMO.
> 
> [1]I also tested TSIG protected reads DNSprivate, where's that going ?
> 
> _______________________________________________
> mdnsext mailing list
> mdnsext@ietf.org
> https://www.ietf.org/mailman/listinfo/mdnsext
>

v2.23.0 | Report a Bug | By Email