One document matched: draft-cheshire-dnssd-hybrid-01.xml
<?xml version="1.0" encoding="US-ASCII"?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd">
<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?>
<!--
Check output with <http://tools.ietf.org/tools/idnits/>
-->
<!-- used by XSLT processors -->
<!-- For a complete list and description of processing instructions (PIs),
please see http://xml.resource.org/authoring/README.html. -->
<!-- Below are generally applicable Processing Instructions (PIs) that most I-Ds might want to use.
(Here they are set differently than their defaults in xml2rfc v1.35) -->
<!-- give errors regarding ID-nits and DTD validation -->
<?rfc strict="yes" ?>
<!-- control the table of contents (ToC) -->
<!-- generate a ToC -->
<?rfc toc="yes"?>
<!-- the number of levels of subsections in ToC. default: 3 -->
<?rfc tocdepth="1"?>
<!-- control references -->
<!-- use anchors instead of numbers for refs, i.e, [RFC2119] instead of [1] -->
<?rfc symrefs="yes"?>
<!-- sort the reference entries alphabetically -->
<?rfc sortrefs="no" ?>
<!-- control vertical white space
(using these PIs as follows is recommended by the RFC Editor) -->
<!-- do not start each main section on a new page -->
<?rfc compact="yes" ?>
<!-- keep one blank line between list items -->
<?rfc subcompact="no" ?>
<!-- encourage use of "xml2rfc" tool -->
<?rfc rfcprocack="yes" ?>
<!-- end of list of popular I-D processing instructions -->
<rfc category="std" docName="draft-cheshire-dnssd-hybrid-01" ipr="trust200902">
<front>
<title abbrev='Hybrid uDNS/mDNS Service Discovery'>Hybrid
Unicast/Multicast DNS-Based Service Discovery</title>
<author initials='S.' surname='Cheshire' fullname='Stuart Cheshire'>
<organization>Apple Inc.</organization>
<address>
<postal>
<street>1 Infinite Loop</street>
<city>Cupertino</city>
<region>California</region>
<code>95014</code>
<country>USA</country>
</postal>
<phone>+1 408 974 3207</phone>
<email>cheshire@apple.com</email>
</address>
</author>
<date day='22' month='January' year='2014'/>
<area>General</area>
<workgroup>Internet Engineering Task Force</workgroup>
<keyword>Multicast DNS</keyword>
<keyword>DNS-Based Service Discovery</keyword>
<keyword>RFC</keyword>
<keyword>Request for Comments</keyword>
<keyword>I-D</keyword>
<keyword>Internet-Draft</keyword>
<keyword>XML</keyword>
<keyword>Extensible Markup Language</keyword>
<abstract>
<t>Performing DNS-Based Service Discovery using purely link-local
Multicast DNS enables discovery of services that are on the local link,
but not (without some kind of proxy or similar special support) of
services that are outside the local link.
Using a very large local link with thousands of hosts improves service
discovery, but at the cost of large amounts of multicast traffic.</t>
<t>Performing DNS-Based Service Discovery using purely Unicast DNS is
more efficient, but requires configuration of DNS Update keys on
the devices offering the services, which can be onerous for simple
devices like printers and network cameras.</t>
<t>Hence a compromise is needed, that provides easy service
discovery without requiring either large amounts of multicast
traffic or onerous configuration.</t>
</abstract>
</front>
<middle>
<section title="Introduction">
<t>Multicast DNS <xref target="RFC6762"/> and its companion technology
DNS-based Service Discovery <xref target="RFC6763"/> were created to provide
IP networking with the ease-of-use and autoconfiguration for which
AppleTalk was well known <xref target="RFC6760"/> <xref target="ZC"/>.</t>
<t>Section 10 ("Populating the DNS with Information") of the
DNS-SD specification <xref target="RFC6763"/> discusses possible ways that a
service's PTR, SRV, TXT and address records can make their way into the DNS
namespace, including manual zone file configuration
<xref target="RFC1034"/> <xref target="RFC1035"/>,
DNS Update <xref target="RFC2136"/> <xref target="RFC3007"/> and proxies.</t>
<t>This document specifies a type of proxy called a Hybrid Proxy that uses
Multicast DNS <xref target="RFC6762"/> to discover Multicast DNS records on its
local link, and makes corresponding DNS records visible in the Unicast DNS
namespace.</t>
</section>
<section title="Conventions and Terminology Used in this Document">
<t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL"
in this document are to be interpreted as described in "Key words for use
in RFCs to Indicate Requirement Levels" <xref target="RFC2119"/>.</t>
<t>Multicast DNS works between a hosts on the same link.
A set of hosts is considered to be "on the same link", if:
<list style='symbols'>
<t>when any host A from that set sends a packet to any other host B
in that set, using unicast, multicast, or broadcast, the entire
link-layer packet payload arrives unmodified, and</t>
<t>a broadcast sent over that link by any host from that set of hosts
can be received by every other host in that set</t>
</list>
The link-layer *header* may be modified, such as in Token Ring
Source Routing [802.5], but not the link-layer *payload*. In
particular, if any device forwarding a packet modifies any part of
the IP header or IP payload then the packet is no longer
considered to be on the same link. This means that the packet may
pass through devices such as repeaters, bridges, hubs or switches
and still be considered to be on the same link for the purpose of
this document, but not through a device such as an IP router that
decrements the TTL or otherwise modifies the IP header.</t>
</section>
<section anchor="operation" title="Hybrid Proxy Operation">
<t>In its simplest form, each local link in an organization
is assigned a unique Unicast DNS domain name, such as
"Building 1.example.com." or "4th Floor.Building 1.example.com."
(Grouping multiple local links under the same Unicast DNS domain name
is to be specified in a future companion document, but for the purposes
of this document, assume that each link has its own unique Unicast DNS domain
name.)</t>
<t>Each link in an organization has a Hybrid Proxy which serves it. This
function could be performed by a router on that link, or, with appropriate
VLAN configuration, a single Hybrid Proxy could have a logical presence
on, and serve as the Hybrid Proxy for, multiple links. In the organization's
DNS server, NS records are used to delegate ownership of each defined link name
(e.g., "Building 1.example.com.") to the Hybrid Proxy which serves that link.</t>
<t>Domain Enumeration PTR records <xref target="RFC6763"/> are also
created to inform clients of available Device Discovery domains, e.g.,:</t>
<figure><artwork>
b._dns-sd._udp.example.com. PTR Building 1.example.com.
PTR Building 2.example.com.
PTR Building 3.example.com.
PTR Building 4.example.com.
lb._dns-sd._udp.example.com. PTR Building 1.example.com.</artwork></figure>
<t>When a DNS-SD client issues a Unicast DNS query to discover services
in a particular Unicast DNS (e.g., "_printer._tcp.Building 1.example.com. PTR ?")
the normal DNS delegation mechanism results in that query being served from
the delegated authoritative name server for that subdomain, namely the Hybrid
Proxy on the link in question.
Like a conventional Unicast DNS server,
a Hybrid Proxy implements the usual Unicast DNS protocol
<xref target="RFC1034"/> <xref target="RFC1035"/> over UDP and TCP.
However, unlike a conventional Unicast DNS server that
generates answers from the data in its manually-configured zone file,
a Hybrid Proxy generates answers by performing a Multicast DNS query
(e.g., "_printer._tcp.local. PTR ?") on its local link, and then,
from the data in the Multicast DNS replies it receives, generating
the corresponding Unicast DNS reply.</t>
<?rfc needLines="10" ?>
<section title="Data Translation">
<t>Generating the corresponding Unicast DNS reply involves, at the very least,
rewriting the "local" suffix to the appropriate Unicast DNS domain
(e.g., "Building 1.example.com").</t>
<t>In addition it would be desirable to suppress Unicast DNS replies for records
that are not useful outside the local link. For example, DNS A and AAAA records for
IPv4 link-local addresses <xref target="RFC3927"/> and
IPv6 link-local addresses <xref target="RFC4862"/> should be suppressed.
Similarly, for sites that have multiple private address realms <xref target="RFC1918"/>,
private addresses from one private address realm should not be
communicated to clients in a different private address realm.</t>
<t>By the same logic, DNS SRV records that reference target host
names that have no addresses usable by the requester should be
suppressed, and likewise, DNS PTR records that point to DNS names
with DNS SRV records that reference target host names that have no
addresses usable by the requester should be also be suppressed.</t>
<t>The same reachability requirement for advertised services also applies
to the Hybrid Proxy itself. The mechanism specified in this document only
works if the Hybrid Proxy is reachable from the client making the request.</t>
<?rfc needLines="26" ?>
<section title="Application-Specific Data Translation">
<t>There may be cases where Application-Specific Data Translation is appropriate.</t>
<t>For example, AirPrint printers tend to advertise fairly verbose
information about their capabilities in their DNS-SD TXT record.
This information is a legacy from LPR printing, because LPR does not
have in-band capability negotiation, so all of this information is put
in the DNS-SD TXT record instead.
IPP printing does have in-band capability negotiation, but for
convenience printers tend to include the same capability information
in their IPP DNS-SD TXT records as well. For local mDNS use this
extra TXT record information is inefficient, but not fatal.
However, when a Hybrid Proxy aggregates data from multiple printers
on a link, and sends it via unicast (via UDP or TCP)
this amount of unnecessary TXT record information can
result in large replies. Therefore, a Hybrid Proxy that is aware of
the specifics of an application-layer protocol such as Apple's
AirPrint (which uses IPP) can elide unnecessary key/value pairs from
the DNS-SD TXT record for better network efficiency.</t>
<t>Note that this kind of Application-Specific Data Translation is
expected to be very rare. It is the exception, rather than the rule.
This is an example of a common theme in computing.
It is frequently the case that it is wise to start with a clean,
layered design, with clear boundaries. Then, in certain special cases,
those layer boundaries may be violated, where the performance and
efficiency benefits outweigh the inelegance of the layer violation.</t>
<t>As in other similar situations, these layer violations optional.
They are done only for efficiency reasons, and are not required for
correct operation. A Hybrid Proxy can operate solely at the mDNS layer,
without any knowledge of DNS-SD semantics, or of any DNS-SD client semantics.</t>
</section>
</section>
<?rfc needLines="16" ?>
<section title="Answer Aggregation">
<t>In a simple analysis, simply gathering multicast answers and forwarding them
in a unicast reply seems adequate, but it raises the
question of how long the Hybrid Proxy should wait to be sure that it has received
all the Multicast DNS replies it needs to form a complete Unicast DNS reply.
If it waits too little time, then it risks its Unicast DNS reply being incomplete.
If it waits too long, then it creates a poor user experience at the client end.</t>
<t>This dilemma is solved by use of DNS Long-Lived Queries (DNS LLQ)
<xref target="I-D.sekar-dns-llq"/>. The Hybrid Proxy replies immediately to the
Unicast DNS query using the Multicast DNS records it already has in its cache (if any).
This provides a good client user experience by providing a near-instantaneous
response. Simultaneously, the Hybrid Proxy issues a Multicast DNS query on the
local link to discover if there are any additional Multicast DNS records it
did not already know about. Should additional Multicast DNS replies be
received, these are then delivered to the client using DNS LLQ update messages.
The timeliness of such LLQ updates is limited only by the timeliness of the
device responding to the Multicast DNS query. If the Multicast DNS device
responds quickly, then the LLQ update is delivered quickly. If the Multicast
DNS device responds slowly, then the LLQ update is delivered slowly. The
benefit of using LLQ is that the Hybrid Proxy can respond promptly
because it doesn't have to delay its unicast reply to allow for
the expected worst-case delay for receiving all the Multicast DNS replies.
Even if a proxy were to try to provide reliability by assuming an
excessively pessimistic worst-case time (thereby giving a very
poor user experience) there would still be the risk of a slow
Multicast DNS device taking even longer than that (e.g, a device
that is not even powered on until ten seconds after the initial
query is received) resulting in incomplete replies. Using LLQs solves
this dilemma: even very late replies are not lost; they are delivered
in subsequent LLQ update messages.</t>
<?rfc needLines="16" ?>
<t>There are two factors that determine specifically how replies
are generated.
The first factor is whether the Hybrid Proxy already has at least
one record in its cache that positively answers the question.
The second factor is whether the query from the client includes
the LLQ option (typical with long-lived service browsing PTR
queries) or not (typical with one-shot operations like SRV or
address record queries).
<list style='symbols'>
<t>No answer in cache; no LLQ option: Do local mDNS query three times,
and then return NXDOMAIN if no answer after three tries.</t>
<t>No answer in cache; with LLQ option: As above, do local
mDNS query three times, and then return NXDOMAIN if no answer
after three tries. However, the query remains active for as
long as the client maintains the LLQ state, and if mDNS
answers are received later, LLQ update messages are sent.
(Reasoning: We don't need to rush to send an empty answer.)</t>
<t>At least one answer in cache; no LLQ option:
Send reply right away to minimise delay.
No local mDNS queries are performed.
(Reasoning: Given RRSet TTL harmonisation, if the proxy has
one answer in its cache, it should have all of them.)</t>
<t>At least one answer in cache; with LLQ option:
As above, send reply right away to minimise delay.
However, the query remains active for as long as the client
maintains the LLQ state, and if additional mDNS answers are
received later, LLQ update messages are sent.
(Reasoning: We want UI that is displayed very rapidly, yet continues
to remain accurate even as the network environment changes.)</t>
</list>
</t>
</section>
</section>
<?rfc needLines="19" ?>
<section anchor="implementation" title="Implementation Status">
<t>Some aspects of the mechanism specified in this document already exist in
deployed software. Some aspects are new. This section outlines which aspects
already exist and which are new.</t>
<section title="Already Implemented and Deployed">
<t>Domain enumeration discovery by the client (the
"b._dns-sd._udp" queries) is already implemented and deployed.</t>
<t>Unicast queries to the indicated discovery domain is already
implemented and deployed.</t>
<t>These are implemented and deployed in Mac OS X 10.4 and later
(including all versions of Apple iOS, on all iPhone and iPads),
in Bonjour for Windows,
and in Android 4.1 "Jelly Bean" (API Level 16) and later.</t>
<t>Domain enumeration discovery and unicast querying have been
used for several years at IETF meetings to make Terminal Room
printers discoverable from outside the Terminal room. When you
Press Cmd-P on your Mac, or select AirPrint on your iPad or
iPhone, and the Terminal room printers appear, that is because
your client is doing unicast DNS queries to the IETF DNS servers.</t>
</section>
<section title="Partially Implemented">
<t>The current APIs make multiple domains visible to client
software, but most client UI today lumps all discovered services
into a single flat list. This is largely a chicken-and-egg
problem. Application writers were naturally reluctant to spend
time writing domain-aware UI code when few customers today would
benefit from it. If Hybrid Proxy deployment becomes common, then
application writers will have a reason to provide better UI.
Existing applications will work with the Hybrid Proxy, but will
show all services in a single flat list. Applications with
improved UI will group services by domain.</t>
<t>The Long-Lived Query mechanism <xref target="I-D.sekar-dns-llq"/>
referred to in this specification exists and is deployed,
but has not been standardized by the IETF. It is possible that the
IETF may choose to standardize a different or better Long-Lived Query mechanism.
In that case, the pragmatic deployment approach would be for vendors
to produce Hybrid Proxies that implement both the deployed
Long-Lived Query mechanism <xref target="I-D.sekar-dns-llq"/>
(for today's clients) and a new IETF Standard Long-Lived Query
mechanism (as the future long-term direction).</t>
</section>
<section title="Not Yet Implemented">
<t>The translating/filtering Hybrid Proxy specified in this document.
Once implemented, such a Hybrid Proxy will immediately make
wide-area discovery available with today's existing clients and devices.</t>
<t>A mechanism to 'stitch' together multiple ".local." zones so
that they appear as one. Such a mechanism will be specified in a
future companion document.</t>
</section>
</section>
<?rfc needLines="40" ?>
<section title="IPv6 Considerations">
<t>An IPv4-only host and an IPv6-only host behave as "ships that pass in
the night". Even if they are on the same Ethernet, neither is aware
of the other's traffic. For this reason, each physical link may have
*two* unrelated ".local." zones, one for IPv4 and one for IPv6.
Since for practical purposes, a group of IPv4-only hosts and a group
of IPv6-only hosts on the same Ethernet act as if they were on two
entirely separate Ethernet segments, it is unsurprising that their
use of the ".local." zone should occur exactly as it would if
they really were on two entirely separate Ethernet segments.</t>
<t>It will be desirable to have a mechanism to 'stitch' together
these two unrelated ".local." zones so that they appear as one.
Such mechanism will need to be able to differentiate between a
dual-stack (v4/v6) host participating in both ".local."
zones, and two different hosts, one IPv4-only and the other IPv6-only,
which are both trying to use the same name(s). Such a mechanism
will be specified in a future companion document.</t>
</section>
<section title="Security Considerations">
<t>A service proves its presence on a local link by its ability to
answer link-local multicast queries on that link.
If greater security is desired, then the Hybrid Proxy mechanism
should not be used, and something with stronger security should
be used instead, such as authenticated secure DNS Update
<xref target="RFC2136"/> <xref target="RFC3007"/>.</t>
</section>
<section title="Intelectual Property Rights">
<t>Apple has submitted an IPR disclosure concerning the technique
proposed in this document. Details are available on
<xref target="IPR2119">the IETF IPR disclosure page</xref>.</t>
</section>
<section title="IANA Considerations">
<t>This document has no IANA Considerations.</t>
</section>
<section title="Acknowledgments">
<t>Thanks to Markus Stenberg for helping develop the policy
regarding the four styles of unicast reply.</t>
</section>
</middle>
<back>
<references title="Normative References">
<?rfc include="reference.RFC.1034" ?>
<?rfc include="reference.RFC.1035" ?>
<?rfc include="reference.RFC.1918" ?>
<?rfc include="reference.RFC.2119" ?>
<?rfc include="reference.RFC.3927" ?>
<?rfc include="reference.RFC.4862" ?>
<reference anchor='RFC6762'>
<front>
<title>Multicast DNS</title>
<author initials='S' surname='Cheshire' fullname='Stuart Cheshire'><organization /></author>
<author initials='M' surname='Krochmal' fullname='Marc Krochmal'><organization /></author>
<date year='2012' month='December' />
<abstract>
<t>As networked devices become smaller, more portable, and
more ubiquitous, the ability to operate with less configured
infrastructure is increasingly important. In particular,
the ability to look up DNS resource record data types
(including, but not limited to, host names) in the absence
of a conventional managed DNS server is useful.</t>
<t>Multicast DNS (mDNS) provides the ability to perform
DNS-like operations on the local link in the absence of any
conventional unicast DNS server. In addition, Multicast DNS
designates a portion of the DNS namespace to be free for
local use, without the need to pay any annual fee, and
without the need to set up delegations or otherwise
configure a conventional DNS server to answer for those names.</t>
<t>The primary benefits of Multicast DNS names are that (i)
they require little or no administration or configuration to
set them up, (ii) they work when no infrastructure is
present, and (iii) they work during infrastructure failures.</t>
</abstract>
</front>
<seriesInfo name='RFC' value='6762' />
<format type='TXT' target='http://www.rfc-editor.org/rfc/rfc6762.txt' />
</reference>
<reference anchor='RFC6763'>
<front>
<title>DNS-Based Service Discovery</title>
<author initials='S' surname='Cheshire' fullname='Stuart Cheshire'><organization /></author>
<author initials='M' surname='Krochmal' fullname='Marc Krochmal'><organization /></author>
<date year='2012' month='December' />
<abstract><t>This document specifies how DNS resource records are named and structured
to facilitate service discovery. Given a type of service that a client is looking for,
and a domain in which the client is looking for that service, this allows clients to
discover a list of named instances of that desired service, using standard DNS
queries. This is referred to as DNS-based Service Discovery, or DNS-SD.</t></abstract>
</front>
<seriesInfo name='RFC' value='6763' />
<format type='TXT' target='http://www.rfc-editor.org/rfc/rfc6763.txt' />
</reference>
<?rfc include="reference.I-D.sekar-dns-llq" ?>
</references>
<?rfc needLines="6" ?>
<references title="Informative References">
<reference anchor="IPR2119" target="https://datatracker.ietf.org/ipr/2119/">
<front>
<title>Apple Inc.'s Statement about IPR related to Hybrid Unicast/Multicast DNS-Based Service Discovery</title>
<author/>
<date/>
</front>
</reference>
<?rfc include="reference.RFC.2136" ?>
<?rfc include="reference.RFC.3007" ?>
<reference anchor='RFC6760'>
<front>
<title>Requirements for a Protocol to Replace the AppleTalk Name Binding Protocol (NBP)</title>
<author initials='S' surname='Cheshire' fullname='Stuart Cheshire'><organization /></author>
<author initials='M' surname='Krochmal' fullname='Marc Krochmal'><organization /></author>
<date year='2012' month='December' />
<abstract>
<t>One of the goals of the authors of Multicast DNS (mDNS)
and DNS-Based Service Discovery (DNS-SD) was to retire
AppleTalk and the AppleTalk Name Binding Protocol (NBP) and
to replace them with an IP-based solution. This document
presents a brief overview of the capabilities of AppleTalk
NBP and outlines the properties required of an IP-based replacement.</t>
</abstract>
</front>
<seriesInfo name='RFC' value='6760' />
<format type='TXT' target='http://www.rfc-editor.org/rfc/rfc6760.txt' />
</reference>
<reference anchor="ZC">
<front>
<title>Zero Configuration Networking: The Definitive Guide</title>
<author initials="S." surname="Cheshire" fullname="Stuart Cheshire"/>
<author initials="D.H." surname="Steinberg" fullname="Daniel H. Steinberg"/>
<date year="2005" month="December"/>
</front>
<seriesInfo name="O'Reilly Media, Inc." value=""/>
<seriesInfo name="ISBN" value="0-596-10100-7"/>
</reference>
</references>
</back>
</rfc>
| PAFTECH AB 2003-2026 | 2026-04-23 20:04:54 |