Re: [mdnsext] mDNSext features/requirements rollup
Andrew Sullivan <ajs@anvilwalrusden.com> Thu, 07 February 2013 23:40 UTC
Return-Path: <ajs@anvilwalrusden.com>
X-Original-To: mdnsext@ietfa.amsl.com
Delivered-To: mdnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB7B821F89AE for <mdnsext@ietfa.amsl.com>; Thu, 7 Feb 2013 15:40:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.84
X-Spam-Level:
X-Spam-Status: No, score=-0.84 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_MISMATCH_INFO=1.448, HOST_MISMATCH_NET=0.311]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ClA-hT353VQg for <mdnsext@ietfa.amsl.com>; Thu, 7 Feb 2013 15:40:09 -0800 (PST)
Received: from mx1.yitter.info (ow5p.x.rootbsd.net [208.79.81.114]) by ietfa.amsl.com (Postfix) with ESMTP id 1669021F89AA for <mdnsext@ietf.org>; Thu, 7 Feb 2013 15:40:08 -0800 (PST)
Received: from mx1.yitter.info (69-196-144-227.dsl.teksavvy.com [69.196.144.227]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.yitter.info (Postfix) with ESMTPSA id B10E58A031 for <mdnsext@ietf.org>; Thu, 7 Feb 2013 23:40:06 +0000 (UTC)
Date: Thu, 07 Feb 2013 18:40:04 -0500
From: Andrew Sullivan <ajs@anvilwalrusden.com>
To: mdnsext@ietf.org
Message-ID: <20130207234004.GH484@mx1.yitter.info>
References: <4D4B5680-EF92-4646-957F-5FF4E588DFEF@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <4D4B5680-EF92-4646-957F-5FF4E588DFEF@gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: Re: [mdnsext] mDNSext features/requirements rollup
X-BeenThere: mdnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discussion of extensions to Bonjour \(mDNS and DNS-SD\) for routed networks." <mdnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mdnsext>, <mailto:mdnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mdnsext>
List-Post: <mailto:mdnsext@ietf.org>
List-Help: <mailto:mdnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mdnsext>, <mailto:mdnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Feb 2013 23:40:09 -0000
On Thu, Feb 07, 2013 at 08:58:53AM -0500, RJ Atkinson wrote: > Much later, on 6th February 2013, Andrew Sullivan wrote, in part: > > > > It seems to me that, in Internet terms, we really have three > > scopes: > > > > 1. my network; > > 2. my network_s_; > > 3. the Internet. > > I'm not entirely clear on Andrew's terminology, but my guess > is that by (1) he means this subnet/link and (2) the set of > inter-connected subnets/links at my site/building/home/campus. I was being deliberately vague partly because of the whole do-what-I-mean flavour of this set of problems, but I think the distinctions you're making are probably good enough operationalizations for our purposes. > The claim above is not obviously true for several reasons: > > A) Split-horizon DNS deployments have been around since > the 1990s at least. THese are widely deployed. Few > problems have arisen in practice, as a percentage of > split-horizon deployments. Yes, problems could arise, > for example if a human misconfigures something, but > it isn't inherent in a split-horizon DNS deployment. Problems have in fact arisen. The root DNS servers receive a large amount of traffic for names that don't exist and that are clearly leakage of split horizon queries and of local-scope queries (*.local) that have escaped. One of the reasons the SiteFinder idea caused so much anguish was that, while wilcards in some other TLDs had worked for some time, .com turned out to be special in that failed queries were implicitly assumed to be inside .com (so local-use-only DNS names worked just fine before SiteFinderDay, but suddenly all got resolved inside .com on SiteFinderDay). From the point of view of end users, there are no problems; from the point of view of the Internet infrasrtucture, there are plenty of problems. > B) The current work here on (2) is extending mDNS rather than > putting a bunch of *.LOCAL data into the unicast DNS system > (which in many ways is a different system entirely, although > they have compatible namespaces). Except that all the clients need to work as though the mDNS (".local") names and the Internet DNS names are part of a single naming continuum. This fact is why .local names leak out to the Internet. In the case of the current mDNS, at the very least it's possible to identify (just from network topology) the border one shouldn't traverse. The same is not true in case (2): there's just no way to infer the scope of the site of inter-connected links at "my site", because we don't have a way to identify that. (In some ways, we are walking in sideways to the same problem people have experienced in the DNS -- attempting to infer organizational boundaries from delegation boundaries, or trying to infer "my domain" from the search path or other such tricks used by standard resolver libraries.) I've been musing over one possible strategy: to use the DNS to assert some network boundaries. But I haven't worked out the details of how this might help. Maybe a clue for mDNS responders? That seems to foil the whole zeroconf point of all this, though. > I don't agree with the idea of eliminating .LOCAL or > similar scoped domains or information advertised in those > domains. Its unrealistic to believe that a typical home > deployment will use global-scope DNS naming for devices > not intended to be accessible from outside the home. Well, obviously we can't ditch this: it's widely deployed. Also IMO it's not realistic to expect local-scope names to work across network boundaries. So we're now arguing about whose scope gets to be called "local" :) Best, A -- Andrew Sullivan ajs@anvilwalrusden.com
- [mdnsext] mDNSext features/requirements rollup Alf Watt
- [mdnsext] mDNSext features/requirements rollup RJ Atkinson
- [mdnsext] mDNSext features/requirements rollup RJ Atkinson
- Re: [mdnsext] mDNSext features/requirements rollup Andrew Sullivan
- Re: [mdnsext] mDNSext features/requirements rollup nudge
- Re: [mdnsext] mDNSext features/requirements rollup Andrew Sullivan
- Re: [mdnsext] mDNSext features/requirements rollup Brian Dickson
- Re: [mdnsext] mDNSext features/requirements rollup Andrew Sullivan
- Re: [mdnsext] mDNSext features/requirements rollup Tim Chown
- Re: [mdnsext] mDNSext features/requirements rollup David Farmer
- Re: [mdnsext] mDNSext features/requirements rollup David Farmer
- Re: [mdnsext] mDNSext features/requirements rollup peter van der Stok
- Re: [mdnsext] mDNSext features/requirements rollup RJ Atkinson
- Re: [mdnsext] mDNSext features/requirements rollup Dan Harkins
- Re: [mdnsext] mDNSext features/requirements rollup Alf Watt
- Re: [mdnsext] mDNSext features/requirements rollup Stephen Orr (sorr)
- Re: [mdnsext] mDNSext features/requirements rollup nudge
- Re: [mdnsext] mDNSext features/requirements rollup David Farmer
- Re: [mdnsext] mDNSext features/requirements rollup vortex
- Re: [mdnsext] mDNSext features/requirements rollup Andrew Sullivan
- Re: [mdnsext] mDNSext features/requirements rollup vortex
- [mdnsext] mDNSext features/requirements rollup Olivier Levon
- Re: [mdnsext] mDNSext features/requirements rollup James Andrewartha
- Re: [mdnsext] mDNSext features/requirements rollup Andrew Sullivan
- Re: [mdnsext] mDNSext features/requirements rollup James Andrewartha
- Re: [mdnsext] mDNSext features/requirements rollup RJ Atkinson
- Re: [mdnsext] mDNSext features/requirements rollup Michael Richardson
- Re: [mdnsext] mDNSext features/requirements rollup Michael Richardson
- Re: [mdnsext] mDNSext features/requirements rollup Andrew Sullivan
- Re: [mdnsext] mDNSext features/requirements rollup David Farmer
- Re: [mdnsext] mDNSext features/requirements rollup David Farmer
- Re: [mdnsext] mDNSext features/requirements rollup David Farmer
- Re: [mdnsext] mDNSext features/requirements rollup RJ Atkinson
- Re: [mdnsext] mDNSext features/requirements rollup RJ Atkinson
- Re: [mdnsext] mDNSext features/requirements rollup RJ Atkinson
- Re: [mdnsext] mDNSext features/requirements rollup Joe Touch
- Re: [mdnsext] mDNSext features/requirements rollup RJ Atkinson
- Re: [mdnsext] mDNSext features/requirements rollup Joe Touch
- Re: [mdnsext] mDNSext features/requirements rollup RJ Atkinson
- Re: [mdnsext] mDNSext features/requirements rollup Johnson, Neil M
- Re: [mdnsext] mDNSext features/requirements rollup Joe Touch