rfc8766xml2.original.xml   rfc8766.xml 
<?xml version="1.0" encoding="UTF-8"?> <?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd"> <rfc xmlns:xi="http://www.w3.org/2001/XInclude" version="3" category="std" conse
nsus="true" docName="draft-ietf-dnssd-hybrid-10" indexInclude="true" ipr="trust2
<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?> 00902" number="8766" prepTime="2020-06-22T20:59:58" scripts="Common,Latin" sortR
efs="false" submissionType="IETF" symRefs="true" tocDepth="3" tocInclude="true"
<!-- xml:lang="en">
Check output with <http://tools.ietf.org/tools/idnits/> <link href="https://datatracker.ietf.org/doc/draft-ietf-dnssd-hybrid-10" rel="
prev"/>
<!-- used by XSLT processors --> <link href="https://dx.doi.org/10.17487/rfc8766" rel="alternate"/>
<!-- For a complete list and description of processing instructions (PIs), <link href="urn:issn:2070-1721" rel="alternate"/>
please see http://xml.resource.org/authoring/README.html. -->
<!-- Below are generally applicable Processing Instructions (PIs) that most
I-Ds might want to use.
(Here they are set differently than their defaults in xml2rfc v1.35) -->
<!-- give errors regarding ID-nits and DTD validation -->
<?rfc strict="yes" ?>
<!-- control the table of contents (ToC) -->
<!-- generate a ToC -->
<?rfc toc="yes"?>
<!-- the number of levels of subsections in ToC. default: 3 -->
<?rfc tocdepth="3"?>
<!-- control references -->
<!-- use anchors instead of numbers for refs, i.e, [RFC2119] instead of [1]
<?rfc symrefs="yes"?>
<!-- sort the reference entries alphabetically -->
<?rfc sortrefs="no" ?>
<!-- control vertical white space
(using these PIs as follows is recommended by the RFC Editor) -->
<!-- do not start each main section on a new page -->
<?rfc compact="yes" ?>
<!-- keep one blank line between list items -->
<?rfc subcompact="no" ?>
<!-- encourage use of "xml2rfc" tool -->
<?rfc rfcprocack="yes" ?>
<!-- end of list of popular I-D processing instructions -->
<rfc category="std" docName="draft-ietf-dnssd-hybrid-10" ipr="trust200902">
<front> <front>
<title abbrev='Multicast Service Discovery Proxy'>Discovery Proxy <title abbrev="Multicast Service Discovery Proxy">Discovery Proxy for Multic
for Multicast DNS-Based Service Discovery</title> ast DNS-Based Service Discovery</title>
<author initials='S.' surname='Cheshire' fullname='Stuart Cheshire'> <seriesInfo name="RFC" value="8766" stream="IETF"/>
<organization>Apple Inc.</organization> <author initials="S." surname="Cheshire" fullname="Stuart Cheshire">
<organization showOnFrontPage="true">Apple Inc.</organization>
<address> <address>
<postal> <postal>
<street>One Apple Park Way</street> <street>One Apple Park Way</street>
<city>Cupertino</city> <city>Cupertino</city>
<region>California</region> <region>California</region>
<code>95014</code> <code>95014</code>
<country>USA</country> <country>United States of America</country>
</postal> </postal>
<phone>+1 (408) 996-1010</phone> <phone>+1 (408) 996-1010</phone>
<email>cheshire@apple.com</email> <email>cheshire@apple.com</email>
</address> </address>
</author> </author>
<date year='2019' month='March' day='24'/> <date month="06" year="2020"/>
<area>Internet</area> <area>INT</area>
<workgroup>Internet Engineering Task Force</workgroup> <workgroup>DNSSD</workgroup>
<keyword>Multicast DNS</keyword> <keyword>Multicast DNS</keyword>
<keyword>DNS-Based Service Discovery</keyword> <keyword>DNS-Based Service Discovery</keyword>
<keyword>RFC</keyword> <abstract pn="section-abstract">
<keyword>Request for Comments</keyword> <t pn="section-abstract-1">This document specifies a network proxy that us
<keyword>I-D</keyword> es Multicast DNS
<keyword>Internet-Draft</keyword>
<abstract>
<t>This document specifies a network proxy that uses Multicast DNS
to automatically populate the wide-area unicast Domain Name System to automatically populate the wide-area unicast Domain Name System
namespace namespace
with records describing devices and services found on the local with records describing devices and services found on the local
link.</t> link.</t>
</abstract> </abstract>
<boilerplate>
<section anchor="status-of-memo" numbered="false" removeInRFC="false" toc=
"exclude" pn="section-boilerplate.1">
<name slugifiedName="name-status-of-this-memo">Status of This Memo</name
>
<t pn="section-boilerplate.1-1">
This is an Internet Standards Track document.
</t>
<t pn="section-boilerplate.1-2">
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by
the Internet Engineering Steering Group (IESG). Further
information on Internet Standards is available in Section 2 of
RFC 7841.
</t>
<t pn="section-boilerplate.1-3">
Information about the current status of this document, any
errata, and how to provide feedback on it may be obtained at
<eref target="https://www.rfc-editor.org/info/rfc8766" brackets="non
e"/>.
</t>
</section>
<section anchor="copyright" numbered="false" removeInRFC="false" toc="excl
ude" pn="section-boilerplate.2">
<name slugifiedName="name-copyright-notice">Copyright Notice</name>
<t pn="section-boilerplate.2-1">
Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved.
</t>
<t pn="section-boilerplate.2-2">
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(<eref target="https://trustee.ietf.org/license-info" brackets="none
"/>) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with
respect to this document. Code Components extracted from this
document must include Simplified BSD License text as described in
Section 4.e of the Trust Legal Provisions and are provided without
warranty as described in the Simplified BSD License.
</t>
</section>
</boilerplate>
<toc>
<section anchor="toc" numbered="false" removeInRFC="false" toc="exclude" p
n="section-toc.1">
<name slugifiedName="name-table-of-contents">Table of Contents</name>
<ul bare="true" empty="true" indent="2" spacing="compact" pn="section-to
c.1-1">
<li pn="section-toc.1-1.1">
<t keepWithNext="true" pn="section-toc.1-1.1.1"><xref derivedContent
="1" format="counter" sectionFormat="of" target="section-1"/>.  <xref derivedCon
tent="" format="title" sectionFormat="of" target="name-introduction">Introductio
n</xref></t>
</li>
<li pn="section-toc.1-1.2">
<t keepWithNext="true" pn="section-toc.1-1.2.1"><xref derivedContent
="2" format="counter" sectionFormat="of" target="section-2"/>.  <xref derivedCon
tent="" format="title" sectionFormat="of" target="name-operational-analogy">Oper
ational Analogy</xref></t>
</li>
<li pn="section-toc.1-1.3">
<t keepWithNext="true" pn="section-toc.1-1.3.1"><xref derivedContent
="3" format="counter" sectionFormat="of" target="section-3"/>.  <xref derivedCon
tent="" format="title" sectionFormat="of" target="name-conventions-and-terminolo
gy">Conventions and Terminology Used in This Document</xref></t>
</li>
<li pn="section-toc.1-1.4">
<t pn="section-toc.1-1.4.1"><xref derivedContent="4" format="counter
" sectionFormat="of" target="section-4"/>.  <xref derivedContent="" format="titl
e" sectionFormat="of" target="name-compatibility-consideration">Compatibility Co
nsiderations</xref></t>
</li>
<li pn="section-toc.1-1.5">
<t pn="section-toc.1-1.5.1"><xref derivedContent="5" format="counter
" sectionFormat="of" target="section-5"/>.  <xref derivedContent="" format="titl
e" sectionFormat="of" target="name-discovery-proxy-operation">Discovery Proxy Op
eration</xref></t>
<ul bare="true" empty="true" indent="2" spacing="compact" pn="sectio
n-toc.1-1.5.2">
<li pn="section-toc.1-1.5.2.1">
<t pn="section-toc.1-1.5.2.1.1"><xref derivedContent="5.1" forma
t="counter" sectionFormat="of" target="section-5.1"/>.  <xref derivedContent=""
format="title" sectionFormat="of" target="name-delegated-subdomain-for-dns">Dele
gated Subdomain for DNS-based Service Discovery
Records</xref></t>
</li>
<li pn="section-toc.1-1.5.2.2">
<t pn="section-toc.1-1.5.2.2.1"><xref derivedContent="5.2" forma
t="counter" sectionFormat="of" target="section-5.2"/>.  <xref derivedContent=""
format="title" sectionFormat="of" target="name-domain-enumeration">Domain Enumer
ation</xref></t>
<ul bare="true" empty="true" indent="2" spacing="compact" pn="se
ction-toc.1-1.5.2.2.2">
<li pn="section-toc.1-1.5.2.2.2.1">
<t pn="section-toc.1-1.5.2.2.2.1.1"><xref derivedContent="5.
2.1" format="counter" sectionFormat="of" target="section-5.2.1"/>.  <xref derive
dContent="" format="title" sectionFormat="of" target="name-domain-enumeration-vi
a-unic">Domain Enumeration via Unicast Queries</xref></t>
</li>
<li pn="section-toc.1-1.5.2.2.2.2">
<t pn="section-toc.1-1.5.2.2.2.2.1"><xref derivedContent="5.
2.2" format="counter" sectionFormat="of" target="section-5.2.2"/>.  <xref derive
dContent="" format="title" sectionFormat="of" target="name-domain-enumeration-vi
a-mult">Domain Enumeration via Multicast Queries</xref></t>
</li>
</ul>
</li>
<li pn="section-toc.1-1.5.2.3">
<t pn="section-toc.1-1.5.2.3.1"><xref derivedContent="5.3" forma
t="counter" sectionFormat="of" target="section-5.3"/>.  <xref derivedContent=""
format="title" sectionFormat="of" target="name-delegated-subdomain-for-ldh">Dele
gated Subdomain for LDH Host Names</xref></t>
</li>
<li pn="section-toc.1-1.5.2.4">
<t pn="section-toc.1-1.5.2.4.1"><xref derivedContent="5.4" forma
t="counter" sectionFormat="of" target="section-5.4"/>.  <xref derivedContent=""
format="title" sectionFormat="of" target="name-delegated-subdomain-for-rev">Dele
gated Subdomain for Reverse Mapping</xref></t>
</li>
<li pn="section-toc.1-1.5.2.5">
<t pn="section-toc.1-1.5.2.5.1"><xref derivedContent="5.5" forma
t="counter" sectionFormat="of" target="section-5.5"/>.  <xref derivedContent=""
format="title" sectionFormat="of" target="name-data-translation">Data Translatio
n</xref></t>
<ul bare="true" empty="true" indent="2" spacing="compact" pn="se
ction-toc.1-1.5.2.5.2">
<li pn="section-toc.1-1.5.2.5.2.1">
<t pn="section-toc.1-1.5.2.5.2.1.1"><xref derivedContent="5.
5.1" format="counter" sectionFormat="of" target="section-5.5.1"/>.  <xref derive
dContent="" format="title" sectionFormat="of" target="name-dns-ttl-limiting">DNS
TTL Limiting</xref></t>
</li>
<li pn="section-toc.1-1.5.2.5.2.2">
<t pn="section-toc.1-1.5.2.5.2.2.1"><xref derivedContent="5.
5.2" format="counter" sectionFormat="of" target="section-5.5.2"/>.  <xref derive
dContent="" format="title" sectionFormat="of" target="name-suppressing-unusable-
record">Suppressing Unusable Records</xref></t>
</li>
<li pn="section-toc.1-1.5.2.5.2.3">
<t pn="section-toc.1-1.5.2.5.2.3.1"><xref derivedContent="5.
5.3" format="counter" sectionFormat="of" target="section-5.5.3"/>.  <xref derive
dContent="" format="title" sectionFormat="of" target="name-nsec-and-nsec3-querie
s">NSEC and NSEC3 Queries</xref></t>
</li>
<li pn="section-toc.1-1.5.2.5.2.4">
<t pn="section-toc.1-1.5.2.5.2.4.1"><xref derivedContent="5.
5.4" format="counter" sectionFormat="of" target="section-5.5.4"/>.  <xref derive
dContent="" format="title" sectionFormat="of" target="name-no-text-encoding-tran
slatio">No Text-Encoding Translation</xref></t>
</li>
<li pn="section-toc.1-1.5.2.5.2.5">
<t pn="section-toc.1-1.5.2.5.2.5.1"><xref derivedContent="5.
5.5" format="counter" sectionFormat="of" target="section-5.5.5"/>.  <xref derive
dContent="" format="title" sectionFormat="of" target="name-application-specific-
data-t">Application-Specific Data Translation</xref></t>
</li>
</ul>
</li>
<li pn="section-toc.1-1.5.2.6">
<t pn="section-toc.1-1.5.2.6.1"><xref derivedContent="5.6" forma
t="counter" sectionFormat="of" target="section-5.6"/>.  <xref derivedContent=""
format="title" sectionFormat="of" target="name-answer-aggregation">Answer Aggreg
ation</xref></t>
</li>
</ul>
</li>
<li pn="section-toc.1-1.6">
<t pn="section-toc.1-1.6.1"><xref derivedContent="6" format="counter
" sectionFormat="of" target="section-6"/>.  <xref derivedContent="" format="titl
e" sectionFormat="of" target="name-administrative-dns-records">Administrative DN
S Records</xref></t>
<ul bare="true" empty="true" indent="2" spacing="compact" pn="sectio
n-toc.1-1.6.2">
<li pn="section-toc.1-1.6.2.1">
<t pn="section-toc.1-1.6.2.1.1"><xref derivedContent="6.1" forma
t="counter" sectionFormat="of" target="section-6.1"/>.  <xref derivedContent=""
format="title" sectionFormat="of" target="name-dns-soa-start-of-authority-">DNS
SOA (Start of Authority) Record</xref></t>
</li>
<li pn="section-toc.1-1.6.2.2">
<t pn="section-toc.1-1.6.2.2.1"><xref derivedContent="6.2" forma
t="counter" sectionFormat="of" target="section-6.2"/>.  <xref derivedContent=""
format="title" sectionFormat="of" target="name-dns-ns-records">DNS NS Records</x
ref></t>
</li>
<li pn="section-toc.1-1.6.2.3">
<t pn="section-toc.1-1.6.2.3.1"><xref derivedContent="6.3" forma
t="counter" sectionFormat="of" target="section-6.3"/>.  <xref derivedContent=""
format="title" sectionFormat="of" target="name-dns-delegation-records">DNS Deleg
ation Records</xref></t>
</li>
<li pn="section-toc.1-1.6.2.4">
<t pn="section-toc.1-1.6.2.4.1"><xref derivedContent="6.4" forma
t="counter" sectionFormat="of" target="section-6.4"/>.  <xref derivedContent=""
format="title" sectionFormat="of" target="name-dns-srv-records">DNS SRV Records<
/xref></t>
</li>
<li pn="section-toc.1-1.6.2.5">
<t pn="section-toc.1-1.6.2.5.1"><xref derivedContent="6.5" forma
t="counter" sectionFormat="of" target="section-6.5"/>.  <xref derivedContent=""
format="title" sectionFormat="of" target="name-domain-enumeration-records">Domai
n Enumeration Records</xref></t>
</li>
</ul>
</li>
<li pn="section-toc.1-1.7">
<t pn="section-toc.1-1.7.1"><xref derivedContent="7" format="counter
" sectionFormat="of" target="section-7"/>.  <xref derivedContent="" format="titl
e" sectionFormat="of" target="name-dnssec-considerations">DNSSEC Considerations<
/xref></t>
<ul bare="true" empty="true" indent="2" spacing="compact" pn="sectio
n-toc.1-1.7.2">
<li pn="section-toc.1-1.7.2.1">
<t pn="section-toc.1-1.7.2.1.1"><xref derivedContent="7.1" forma
t="counter" sectionFormat="of" target="section-7.1"/>.  <xref derivedContent=""
format="title" sectionFormat="of" target="name-online-signing-only">Online Signi
ng Only</xref></t>
</li>
<li pn="section-toc.1-1.7.2.2">
<t pn="section-toc.1-1.7.2.2.1"><xref derivedContent="7.2" forma
t="counter" sectionFormat="of" target="section-7.2"/>.  <xref derivedContent=""
format="title" sectionFormat="of" target="name-nsec-and-nsec3-records">NSEC and
NSEC3 Records</xref></t>
</li>
</ul>
</li>
<li pn="section-toc.1-1.8">
<t pn="section-toc.1-1.8.1"><xref derivedContent="8" format="counter
" sectionFormat="of" target="section-8"/>.  <xref derivedContent="" format="titl
e" sectionFormat="of" target="name-ipv6-considerations">IPv6 Considerations</xre
f></t>
</li>
<li pn="section-toc.1-1.9">
<t pn="section-toc.1-1.9.1"><xref derivedContent="9" format="counter
" sectionFormat="of" target="section-9"/>.  <xref derivedContent="" format="titl
e" sectionFormat="of" target="name-security-considerations">Security Considerati
ons</xref></t>
<ul bare="true" empty="true" indent="2" spacing="compact" pn="sectio
n-toc.1-1.9.2">
<li pn="section-toc.1-1.9.2.1">
<t pn="section-toc.1-1.9.2.1.1"><xref derivedContent="9.1" forma
t="counter" sectionFormat="of" target="section-9.1"/>.  <xref derivedContent=""
format="title" sectionFormat="of" target="name-authenticity">Authenticity</xref>
</t>
</li>
<li pn="section-toc.1-1.9.2.2">
<t pn="section-toc.1-1.9.2.2.1"><xref derivedContent="9.2" forma
t="counter" sectionFormat="of" target="section-9.2"/>.  <xref derivedContent=""
format="title" sectionFormat="of" target="name-privacy">Privacy</xref></t>
</li>
<li pn="section-toc.1-1.9.2.3">
<t pn="section-toc.1-1.9.2.3.1"><xref derivedContent="9.3" forma
t="counter" sectionFormat="of" target="section-9.3"/>.  <xref derivedContent=""
format="title" sectionFormat="of" target="name-denial-of-service">Denial of Serv
ice</xref></t>
</li>
</ul>
</li>
<li pn="section-toc.1-1.10">
<t pn="section-toc.1-1.10.1"><xref derivedContent="10" format="count
er" sectionFormat="of" target="section-10"/>. <xref derivedContent="" format="ti
tle" sectionFormat="of" target="name-iana-considerations">IANA Considerations</x
ref></t>
</li>
<li pn="section-toc.1-1.11">
<t pn="section-toc.1-1.11.1"><xref derivedContent="11" format="count
er" sectionFormat="of" target="section-11"/>. <xref derivedContent="" format="ti
tle" sectionFormat="of" target="name-references">References</xref></t>
<ul bare="true" empty="true" indent="2" spacing="compact" pn="sectio
n-toc.1-1.11.2">
<li pn="section-toc.1-1.11.2.1">
<t pn="section-toc.1-1.11.2.1.1"><xref derivedContent="11.1" for
mat="counter" sectionFormat="of" target="section-11.1"/>.  <xref derivedContent=
"" format="title" sectionFormat="of" target="name-normative-references">Normativ
e References</xref></t>
</li>
<li pn="section-toc.1-1.11.2.2">
<t pn="section-toc.1-1.11.2.2.1"><xref derivedContent="11.2" for
mat="counter" sectionFormat="of" target="section-11.2"/>.  <xref derivedContent=
"" format="title" sectionFormat="of" target="name-informative-references">Inform
ative References</xref></t>
</li>
</ul>
</li>
<li pn="section-toc.1-1.12">
<t pn="section-toc.1-1.12.1"><xref derivedContent="Appendix A" forma
t="default" sectionFormat="of" target="section-appendix.a"/>.  <xref derivedCont
ent="" format="title" sectionFormat="of" target="name-implementation-status">Imp
lementation Status</xref></t>
<ul bare="true" empty="true" indent="2" spacing="compact" pn="sectio
n-toc.1-1.12.2">
<li pn="section-toc.1-1.12.2.1">
<t pn="section-toc.1-1.12.2.1.1"><xref derivedContent="A.1" form
at="counter" sectionFormat="of" target="section-a.1"/>.  <xref derivedContent=""
format="title" sectionFormat="of" target="name-already-implemented-and-dep">Alr
eady Implemented and Deployed</xref></t>
</li>
<li pn="section-toc.1-1.12.2.2">
<t pn="section-toc.1-1.12.2.2.1"><xref derivedContent="A.2" form
at="counter" sectionFormat="of" target="section-a.2"/>.  <xref derivedContent=""
format="title" sectionFormat="of" target="name-already-implemented">Already Imp
lemented</xref></t>
</li>
<li pn="section-toc.1-1.12.2.3">
<t pn="section-toc.1-1.12.2.3.1"><xref derivedContent="A.3" form
at="counter" sectionFormat="of" target="section-a.3"/>.  <xref derivedContent=""
format="title" sectionFormat="of" target="name-partially-implemented">Partially
Implemented</xref></t>
</li>
</ul>
</li>
<li pn="section-toc.1-1.13">
<t pn="section-toc.1-1.13.1"><xref derivedContent="" format="none" s
ectionFormat="of" target="section-appendix.b"/><xref derivedContent="" format="t
itle" sectionFormat="of" target="name-acknowledgments">Acknowledgments</xref></t
>
</li>
<li pn="section-toc.1-1.14">
<t pn="section-toc.1-1.14.1"><xref derivedContent="" format="none" s
ectionFormat="of" target="section-appendix.c"/><xref derivedContent="" format="t
itle" sectionFormat="of" target="name-authors-address">Author's Address</xref></
t>
</li>
</ul>
</section>
</toc>
</front> </front>
<middle> <middle>
<?rfc needLines="31" ?> <section numbered="true" toc="include" removeInRFC="false" pn="section-1">
<section title="Introduction"> <name slugifiedName="name-introduction">Introduction</name>
<t><xref target="RFC6762">Multicast DNS</xref> and its companion <t pn="section-1-1">Multicast DNS <xref target="RFC6762" format="default"
technology sectionFormat="of" derivedContent="RFC6762"/> and its
DNS-based Service Discovery <xref target="RFC6763"/> were created to companion technology DNS-based Service Discovery <xref target="RFC6763" fo
provide rmat="default" sectionFormat="of" derivedContent="RFC6763"/> were created to pro
IP networking with the ease-of-use and autoconfiguration for which vide IP networking with the ease
AppleTalk was well known <xref target="RFC6760"/> <xref target="ZC"/> of use and autoconfiguration for which AppleTalk was well known <xref targ
<xref target="Roadmap"/>.</t> et="RFC6760" format="default" sectionFormat="of" derivedContent="RFC6760"/> <xre
f target="ZC" format="default" sectionFormat="of" derivedContent="ZC"/>
<t>For a small home network consisting of just a single link (or a few <xref target="I-D.cheshire-dnssd-roadmap" format="default" sectionFormat
="of" derivedContent="ROADMAP"/>.</t>
<t pn="section-1-2">For a small home network consisting of just a single l
ink (or a few
physical links bridged together to appear as a single logical link from physical links bridged together to appear as a single logical link from
the point of view of IP) the point of view of IP), Multicast DNS <xref target="RFC6762" format="def
<xref target="RFC6762">Multicast DNS</xref> is sufficient for client ault" sectionFormat="of" derivedContent="RFC6762"/> is sufficient for client dev
devices ices
to look up the ".local" host names of peers on the same home network, to look up the ".local" host names of peers on the same home network,
and and to use Multicast DNS-based
to use Multicast <xref target="RFC6763">DNS-Based Service Discovery Service Discovery (DNS-SD) <xref target="RFC6763" format="default" section
(DNS-SD)</xref> Format="of" derivedContent="RFC6763"/> to discover services offered on that
to discover services offered on that home network.</t> home network.</t>
<t pn="section-1-3">For a larger network consisting of multiple links that
<t>For a larger network consisting of multiple links that are are
interconnected using IP-layer routing instead of link-layer bridging, interconnected using IP-layer routing instead of link-layer bridging,
link-local Multicast DNS alone is insufficient because link-local link-local Multicast DNS alone is insufficient because link-local
Multicast DNS packets, by design, are not propagated onto other Multicast DNS packets, by design, are not propagated onto other
links.</t> links.</t>
<t pn="section-1-4">Using link-local multicast packets for Multicast DNS w
<t>Using link-local multicast packets for Multicast DNS as a conscious
was a conscious design choice <xref target="RFC6762"/>. design choice <xref target="RFC6762" format="default" sectionFormat="of" d
Even when limited to a single link, multicast traffic is still erivedContent="RFC6762"/>. Even when
generally considered to be more expensive than unicast, because limited to a single link, multicast traffic is still generally
multicast traffic impacts many devices, instead of just a single considered to be more expensive than unicast, because multicast traffic
recipient. impacts many devices instead of just a single recipient. In addition,
In addition, with some technologies like <xref with some technologies like Wi-Fi <xref target="IEEE-11" format="default"
target="IEEE-11">Wi-Fi</xref>, sectionFormat="of" derivedContent="IEEE-11"/>, multicast traffic is inherently l
multicast traffic is inherently less efficient and less reliable than ess
unicast, because efficient and less reliable than unicast, because Wi-Fi multicast
Wi-Fi multicast traffic is sent at lower data rates, and is not traffic is sent at lower data rates, and is not acknowledged <xref target=
acknowledged <xref target="Mcast"/>. "I-D.ietf-mboned-ieee802-mcast-problems" format="default" sectionFormat="of" der
Increasing the amount of expensive multicast traffic by flooding ivedContent="MCAST"/>.
it across multiple links would make the traffic load even worse.</t> Increasing the amount of expensive multicast traffic by flooding it
across multiple links would make the traffic load even worse.</t>
<t>Partitioning the network into many small links curtails the spread <t pn="section-1-5">Partitioning the network into many small links curtail
of expensive multicast traffic, but limits the discoverability of s the spread
of expensive multicast traffic but limits the discoverability of
services. services.
At the opposite end of the spectrum, using a very large local link with At the opposite end of the spectrum, using a very large local link with
thousands of hosts enables better thousands of hosts enables better
service discovery, but at the cost of larger amounts of multicast service discovery but at the cost of larger amounts of multicast
traffic.</t> traffic.</t>
<t pn="section-1-6">Performing DNS-based Service Discovery using purely Un
<t>Performing DNS-Based Service Discovery using purely Unicast DNS is icast DNS is
more efficient and doesn't require large multicast domains, but does more efficient and doesn't require large multicast domains but does
require that the relevant data be available in the Unicast DNS require that the relevant data be available in the Unicast DNS
namespace. namespace.
The Unicast DNS namespace in question could fall within a traditionally The Unicast DNS namespace in question could fall within a traditionally
assigned globally unique domain name, or could use a private local assigned globally unique domain name, or it could be within a private
unicast domain name such as ".home.arpa" <xref target="RFC8375"/>.</t> local
unicast domain name such as ".home.arpa" <xref target="RFC8375" format="de
<t>In the <xref target="RFC6763">DNS-SD specification</xref>, fault" sectionFormat="of" derivedContent="RFC8375"/>.</t>
Section 10 ("Populating the DNS with Information") <t pn="section-1-7">In the DNS-SD specification <xref target="RFC6763" sec
discusses various possible ways that a service's PTR, SRV, TXT and tionFormat="comma" section="10" format="default" derivedLink="https://rfc-editor
address records can make their way into the Unicast DNS namespace, .org/rfc/rfc6763#section-10" derivedContent="RFC6763"/> ("Populating
including manual zone file configuration the DNS with Information") discusses various possible ways that a
<xref target="RFC1034"/> <xref target="RFC1035"/>, service's PTR, SRV, TXT, and address records can make their way into the
DNS&nbsp;Update <xref target="RFC2136"/> <xref target="RFC3007"/> Unicast DNS namespace, including manual zone file configuration <xref targ
and proxies of various kinds.</t> et="RFC1034" format="default" sectionFormat="of" derivedContent="RFC1034"/> <xre
f target="RFC1035" format="default" sectionFormat="of" derivedContent="RFC1035"/
<t>Making the relevant data available in the Unicast DNS namespace >, DNS Update <xref target="RFC2136" format="default" sectionFormat="of" derived
by manual DNS configuration is one option. This option has been used Content="RFC2136"/> <xref target="RFC3007" format="default" sectionFormat="of" d
for many years at IETF meetings to advertise the IETF Terminal Room erivedContent="RFC3007"/>, and
printer. proxies
Details of this example are given in Appendix A of of various kinds.</t>
<xref target="Roadmap">the Roadmap document</xref>. <t pn="section-1-8">One option is to make the relevant data available in t
However, this manual DNS configuration is labor intensive, he Unicast DNS
error prone, and requires a reasonable degree of DNS expertise.</t> namespace by
manual DNS configuration. This option has been used for
<t>Populating the Unicast DNS namespace via DNS Update by the many years at IETF meetings to advertise the IETF terminal room printer.
devices offering the services themselves is another option <xref Details of this example are given in <xref target="I-D.cheshire-dnssd-road
target="RegProt"/> <xref target="DNS-UL"/>. map" sectionFormat="of" section="A" format="default" derivedLink="https://tools.
ietf.org/html/draft-cheshire-dnssd-roadmap-03#appendix-A" derivedContent="ROADMA
P">the
Roadmap document</xref>. However, this manual DNS configuration is
labor intensive, error prone, and requires a reasonable degree of DNS
expertise.</t>
<t pn="section-1-9">Another option is to populate the Unicast DNS namespac
e by having
the devices offering the services do that themselves, using DNS Update
<xref target="I-D.sctl-service-registration" format="default" sectionForma
t="of" derivedContent="REG-PROT"/>
<xref target="I-D.sekar-dns-ul" format="default" sectionFormat="of" deri
vedContent="DNS-UL"/>.
However, this requires configuration However, this requires configuration
of DNS Update keys on those devices, which has proven onerous and of DNS Update keys on those devices, which has proven onerous and
impractical for simple devices like printers and network cameras.</t> impractical for simple devices like printers and network cameras.</t>
<t pn="section-1-10">Hence, to facilitate efficient and reliable DNS-based
<t>Hence, to facilitate efficient and reliable DNS-Based Service Service
Discovery, Discovery,
a compromise is needed that combines the ease-of-use of a hybrid is needed that combines the ease of use of
Multicast DNS with the efficiency and scalability of Unicast DNS.</t> Multicast DNS with the efficiency and scalability of Unicast DNS.</t>
<t pn="section-1-11">This document specifies a type of proxy called a "Dis
<t>This document specifies a type of proxy called a "Discovery Proxy" covery Proxy"
that uses <xref target="RFC6762">Multicast DNS</xref> to discover that uses Multicast DNS <xref target="RFC6762" format="default" sectionFor
Multicast DNS records on its local link, and makes corresponding mat="of" derivedContent="RFC6762"/>
to discover
Multicast DNS records on its local link on demand, and makes
corresponding
DNS records visible in the Unicast DNS namespace.</t> DNS records visible in the Unicast DNS namespace.</t>
<t pn="section-1-12">In principle, similar mechanisms could be defined
<t>In principle, similar mechanisms could be defined using other for other local discovery protocols, by creating a proxy that
local service discovery protocols, to discover local information (i) uses the protocol in question to discover local information on
and then make corresponding DNS records visible in the Unicast demand, and then
DNS namespace. Such mechanisms for other local service discovery (ii) makes corresponding DNS records visible in the Unicast
DNS namespace. Such mechanisms for other local discovery
protocols could be addressed in future documents.</t> protocols could be addressed in future documents.</t>
<t pn="section-1-13">The design of the Discovery Proxy is guided by the pr
<t>The design of the Discovery Proxy is guided by the previously eviously
published published DNS-based Service Discovery requirements document
<xref target="RFC7558">requirements document</xref>.</t> <xref target="RFC7558" format="default" sectionFormat="of" derivedContent=
"RFC7558"/>.</t>
<t>In simple terms, a descriptive DNS name is chosen for <t pn="section-1-14">In simple terms, a descriptive DNS name is chosen for
each link in an organization. each link in an organization.
Using a DNS NS record, responsibility for that DNS name is delegated to Using a DNS NS record, responsibility for that DNS name is delegated to
a Discovery Proxy physically attached to that link. a Discovery Proxy physically attached to that link.
Now, when a remote client issues a unicast query for a name falling When a remote client issues a unicast query for a name falling
within within
the delegated subdomain, the normal DNS delegation mechanism the delegated subdomain, the normal DNS delegation mechanism
results in the unicast query arriving at the Discovery Proxy, results in the unicast query arriving at the Discovery Proxy,
since it has been declared authoritative for those names. since it has been declared authoritative for those names.
Now, instead of consulting a textual zone file on disk to discover Now, instead of consulting a textual zone file on disk to discover
the answer to the query, as a traditional DNS server would, the answer to the query as a traditional authoritative DNS server would,
a Discovery Proxy consults its local link, using Multicast DNS, a Discovery Proxy consults its local link, using Multicast DNS,
to find the answer to the question.</t> to find the answer to the question.</t>
<t pn="section-1-15">For fault tolerance reasons, there may be more than o
<t>For fault tolerance reasons there may be more than one ne
Discovery Proxy serving a given link.</t> Discovery Proxy serving a given link.</t>
<t pn="section-1-16">Note that the Discovery Proxy uses a "pull" model.
<t>Note that the Discovery Proxy uses a "pull" model. Until some remote client has requested data,
The local link is not queried using Multicast DNS until some remote the local link is not queried using Multicast DNS.
client has requested that data. In the idle state, in the absence In the idle state, in the absence
of client requests, the Discovery Proxy sends no packets and imposes of client requests, the Discovery Proxy sends no packets and imposes
no burden on the network. It operates purely "on demand".</t> no burden on the network. It operates purely "on demand".</t>
<t pn="section-1-17">An alternative proposal that has been discussed is a
<t>An alternative proposal that has been discussed is a proxy that proxy that
performs performs DNS updates to a remote DNS server on behalf of the Multicast
DNS updates to a remote DNS server on behalf of the Multicast DNS DNS devices on the local network. The difficulty with this is that
devices on the local network. Multicast DNS devices do not routinely announce their records on the
The difficulty with this is is that network. Generally, they remain silent until queried. This means that
Multicast DNS devices do not routinely announce their records the complete set of Multicast DNS records in use on a link can only be
on the network. Generally they remain silent until queried. discovered by active querying, not by passive listening. Because of
This means that the complete set of Multicast DNS records in use on a this, a proxy can only know what names exist on a link by issuing
link can only be discovered by active querying, not by passive queries for them, and since it would be impractical to issue queries for
listening. every possible name just to find out which names exist and which do not,
Because of this, a proxy can only know what names exist on a link there is no reasonable way for a proxy to programmatically learn all the
by issuing queries for them, and since it would be impractical to answers it would need to push up to the remote DNS server using DNS
issue queries for every possible name just to find out which names Update. Even if such a mechanism were possible, it would risk
exist and which do not, there is no reasonable way for a proxy to generating high load on the network continuously, even when there are no
programmatically learn all the answers it would need to push up to clients with any interest in that data.</t>
the remote DNS server using DNS Update. <t pn="section-1-18">Hence, having a model where the query comes to the Di
Even if such a mechanism were possible, it would risk generating scovery Proxy
high load on the network continuously, even when there are
no clients with any interest in that data.</t>
<t>Hence, having a model where the query comes to the Discovery Proxy
is much more efficient than is much more efficient than
a model where the Discovery Proxy pushes the answers out a model where the Discovery Proxy pushes the answers out
to some other remote DNS server.</t> to some other remote DNS server.</t>
<t pn="section-1-19">A client seeking to discover services and other infor
<t>A client seeking to discover services and other information mation performs
achieves this by sending traditional DNS queries to the Discovery Proxy, this by sending traditional DNS queries to the Discovery Proxy or by
or by sending sending DNS Push Notification subscription requests <xref target="RFC8765"
<xref target="Push">DNS Push Notification subscription format="default" sectionFormat="of" derivedContent="RFC8765"/>.</t>
requests</xref>.</t> <t pn="section-1-20">How a client discovers what domain name(s) to use for
its
<t>How a client discovers what domain name(s) to use for its service DNS-based Service Discovery queries
discovery queries, (and, consequently, what Discovery Proxy or Proxies to use)
(and consequently what Discovery Proxy or Proxies to use) is described in <xref target="dom-enum" format="default" sectionFormat="of
is described in <xref target="dom-enum"/>.</t> " derivedContent="Section 5.2"/>.</t>
<t pn="section-1-21">The diagram below illustrates a network topology usin
<t>The diagram below illustrates a network topology using a g a
Discovery Proxy to provide discovery service to a remote client.</t> Discovery Proxy to provide discovery service to a remote client.</t>
<figure align="left" suppress-title="false" pn="figure-1">
<figure><artwork> <name slugifiedName="name-example-deployment">Example Deployment</name>
+--------+ Unicast +-----------+ +---------+ +---------+ <artwork name="" type="" align="center" alt="" pn="section-1-22.1">
| Remote | Communcation | Discovery | | Network | | Network | +--------+ Unicast +-----------+ +---------+ +---------+
| Client |---- . . . -----| Proxy | | Printer | | Camera | | Remote | Communication | Discovery | | Network | | Network |
+--------+ +-----------+ +---------+ +---------+ | Client |---- . . . ----| Proxy | | Printer | | Camera |
| | | +--------+ +-----------+ +---------+ +---------+
-------------------------------------------- | | | |
------------ --------------------------------------------
Multicast-capable LAN segment (e.g., Ethernet) Multicast-capable LAN segment (e.g., Ethernet)
</artwork></figure>
<?rfc needLines="31" ?> </artwork>
</section> </figure>
<t pn="section-1-23">Note that there need not be any Discovery Proxy on th
<section title="Operational Analogy"> e link
<t>A Discovery Proxy does not operate as a multicast relay, or multicast to which the remote client is directly attached.
forwarder. The remote client communicates directly with the Discovery Proxy
There is no danger of multicast forwarding loops that result in traffic using normal unicast TCP/IP communication mechanisms,
storms, potentially spanning multiple IP hops,
because no multicast packets are forwarded. possibly including VPN tunnels and other similar
A Discovery Proxy operates as a *proxy* for a remote client, long-distance communication channels.
performing queries on its behalf and reporting the results back.</t> </t>
</section>
<t>A reasonable analogy is making a telephone call to a colleague <section numbered="true" toc="include" removeInRFC="false" pn="section-2">
at your workplace and saying, "I'm out of the office right now. Would <name slugifiedName="name-operational-analogy">Operational Analogy</name>
you <t pn="section-2-1">A Discovery Proxy does not operate as a multicast rela
y or multicast
forwarder. There is no danger of multicast forwarding loops that result
in traffic storms, because no multicast packets are forwarded. A
Discovery Proxy operates as a <em>proxy</em> for remote clients,
performing
queries on their behalf and reporting the results back.</t>
<t pn="section-2-2">A reasonable analogy is making a telephone call to a c
olleague at
your workplace and saying, "I'm out of the office right now. Would you
mind bringing up a printer browser window and telling me the names of mind bringing up a printer browser window and telling me the names of
the the printers you see?" That entails no risk of a forwarding loop causing
printers you see?" That entails no risk of a forwarding loop causing a a traffic storm, because no multicast packets are sent over the
traffic storm, because no multicast packets are sent over the telephone telephone call.</t>
call.</t> <t pn="section-2-3">A similar analogy, instead of enlisting another human
being
<t>A similar analogy, instead of enlisting another human being
to initiate the service discovery operation on your behalf, is to initiate the service discovery operation on your behalf, is
to log into your own desktop work computer using screen sharing, to log in to your own desktop work computer using screen sharing
and then run the printer browser yourself to see the list of printers. and then run the printer browser yourself to see the list of printers.
Or log in using ssh and type "dns-sd -B _ipp._tcp" and observe the Or, log in using Secure Shell (ssh) and type "dns-sd -B _ipp._tcp" and
observe the
list of discovered printer names. In neither case is there any risk list of discovered printer names. In neither case is there any risk
of a forwarding loop causing a traffic storm, because no multicast of a forwarding loop causing a traffic storm, because no multicast
packets are being sent over the screen sharing or ssh connection.</t> packets are being sent over the screen-sharing or ssh connection.</t>
<t pn="section-2-4">The Discovery Proxy provides another way of performing
<t>The Discovery Proxy provides another way of performing remote remote
queries, queries,
except using a different protocol instead of screen sharing or ssh.</t> which uses a different protocol instead of screen sharing or ssh.
The Discovery Proxy mechanism can be thought of as a custom Remote
<t>When the Discovery Proxy software performs Multicast DNS Procedure Call (RPC) protocol that allows a remote client to exercise
the Multicast DNS APIs on the Discovery Proxy device, just as a local
client running on the Discovery Proxy device would use those APIs.</t>
<t pn="section-2-5">When the Discovery Proxy software performs Multicast D
NS
operations, the exact same Multicast DNS caching mechanisms are operations, the exact same Multicast DNS caching mechanisms are
applied as when any other client software on that Discovery Proxy applied as when any other client software on that Discovery Proxy
device performs Multicast DNS operations, whether that be running device performs Multicast DNS operations, regardless of whether that be
a printer browser client locally, or a remote user running the running
printer browser client via a screen sharing connection, or a remote a printer browser client locally, a remote user running the
printer browser client via a screen-sharing connection, a remote
user logged in via ssh running a command-line tool like "dns-sd", user logged in via ssh running a command-line tool like "dns-sd",
or a remote user sending DNS requests that cause a Discovery Proxy or a remote user sending DNS requests that cause a Discovery Proxy
to perform discovery operations on its behalf.</t> to perform discovery operations on its behalf.</t>
<?rfc needLines="15" ?>
</section> </section>
<section numbered="true" toc="include" removeInRFC="false" pn="section-3">
<section title="Conventions and Terminology Used in this Document"> <name slugifiedName="name-conventions-and-terminology">Conventions and Ter
<t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", minology Used in This Document</name>
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY",<vspace <t pn="section-3-1">
/> The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>",
and "OPTIONAL" in this document are to be interpreted as "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL NOT</bcp14>
described<vspace /> ", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>",
in "Key words for use in RFCs to Indicate Requirement Levels",<vspace /> "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
when, and only when, they appear in all capitals, as shown here<vspace "<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are
/> to be interpreted as
<xref target="RFC2119"/> <xref target="RFC8174"/>.</t> described in BCP 14 <xref target="RFC2119" format="default" sectionFormat="o
f" derivedContent="RFC2119"/> <xref target="RFC8174" format="default" sectionFor
<t>The Discovery Proxy builds on Multicast DNS, mat="of" derivedContent="RFC8174"/>
when, and only when, they appear in all capitals, as shown here.
</t>
<t pn="section-3-2">The Discovery Proxy builds on Multicast DNS,
which works between hosts on the same link. which works between hosts on the same link.
For the purposes of this document For the purposes of this document,
a set of hosts is considered to be "on the same link" if: a set of hosts is considered to be "on the same link" if:
<list style='symbols'> </t>
<t>when any host from that set sends a packet to any other host <ul spacing="normal" bare="false" empty="false" pn="section-3-3">
<li pn="section-3-3.1">when any host from that set sends a packet to any
other host
in that set, using unicast, multicast, or broadcast, the entire in that set, using unicast, multicast, or broadcast, the entire
link-layer packet payload arrives unmodified, and</t> link-layer packet payload arrives unmodified, and</li>
<t>a broadcast sent over that link, by any host from that set of <li pn="section-3-3.2">a broadcast sent over that link, by any host from
that set of
hosts, hosts,
can be received by every other host in that set.</t> can be received by every other host in that set.</li>
</list> </ul>
<t pn="section-3-4">
The link-layer *header* may be modified, such as in The link-layer <em>header</em> may be modified, such as in Token Ring
<xref target="IEEE-5">Token Ring Source Routing</xref>, Source Routing
but not the link-layer *payload*. <xref target="IEEE-5" format="default" sectionFormat="of" derivedContent="
IEEE-5"/>,
but not the link-layer <em>payload</em>.
In particular, if any device forwarding a packet modifies any In particular, if any device forwarding a packet modifies any
part of the IP header or IP payload then the packet is no longer part of the IP header or IP payload, then the packet is no longer
considered to be on the same link. This means that the packet may considered to be on the same link. This means that the packet may
pass through devices such as repeaters, bridges, hubs or switches pass through devices such as repeaters, bridges, hubs, or switches
and still be considered to be on the same link for the purpose of and still be considered to be on the same link for the purpose of
this document, but not through a device such as an IP router that this document, but not through a device such as an IP router that
decrements the IP TTL or otherwise modifies the IP header.</t> decrements the IP TTL or otherwise modifies the IP header.</t>
</section> </section>
<section anchor="compatibility" numbered="true" toc="include" removeInRFC="f
<section anchor="compatibility" title="Compatibility Considerations"> alse" pn="section-4">
<t>No changes to existing devices are required to work with a Discovery <name slugifiedName="name-compatibility-consideration">Compatibility Consi
derations</name>
<t pn="section-4-1">No changes to existing devices are required to work wi
th a Discovery
Proxy.</t> Proxy.</t>
<t pn="section-4-2">Existing devices that advertise services using Multica
<t>Existing devices that advertise services using Multicast DNS work st DNS work
with Discovery Proxy.</t> with a Discovery Proxy.</t>
<t pn="section-4-3">Existing clients that support DNS-based Service Discov
<t>Existing clients that support DNS-Based Service Discovery over ery over
Unicast DNS Unicast DNS work with a Discovery Proxy. DNS-based Service Discovery
work with Discovery Proxy. over Unicast
Service Discovery over Unicast DNS was introduced in Mac OS X 10.4 in DNS was introduced in Mac OS X 10.4 Tiger in April 2005 and has been
April 2005, included in
as is included in Apple products introduced since then, including iPhone Apple products introduced since then, including the iPhone and iPad.
and iPad, It has also been included in
as well as products from other vendors, such as Microsoft Windows products from other vendors, such as Microsoft Windows 10.</t>
10.</t> <t pn="section-4-4">An overview of the larger collection of associated DNS
-based Service
<t>An overview of the larger collection of related Service Discovery Discovery
technologies, and how Discovery Proxy relates to those, is given in technologies, and how the Discovery Proxy technology relates to those,
<xref target="Roadmap">the Service Discovery Road Map is given in the
document</xref>.</t> Service Discovery Road Map document <xref target="I-D.cheshire-dnssd-roadm
ap" format="default" sectionFormat="of" derivedContent="ROADMAP"/>.</t>
<?rfc needLines="22" ?>
</section> </section>
<section anchor="operation" numbered="true" toc="include" removeInRFC="false
<section anchor="operation" title="Discovery Proxy Operation"> " pn="section-5">
<t>In a typical configuration, a Discovery Proxy is configured <name slugifiedName="name-discovery-proxy-operation">Discovery Proxy Opera
to be authoritative <xref target="RFC1034"/> <xref target="RFC1035"/> tion</name>
for four or more DNS subdomains, and authority <t pn="section-5-1">In a typical configuration, a Discovery Proxy is confi
for these subdomains is delegated to it via NS records: gured
<list style="hanging"> to be authoritative <xref target="RFC1034" format="default" sectionFormat=
<t hangText="A DNS subdomain for service discovery records."><vspace "of" derivedContent="RFC1034"/> <xref target="RFC1035" format="default" sectionF
/> ormat="of" derivedContent="RFC1035"/>
for four or more DNS subdomains, listed below.
Authority for these subdomains is delegated
from the parent domain to the Discovery Proxy
in the usual way for DNS delegation, via NS records.
</t>
<dl newline="true" spacing="normal" pn="section-5-2">
<dt pn="section-5-2.1">A DNS subdomain for DNS-based Service Discovery r
ecords.</dt>
<dd pn="section-5-2.2">
This subdomain name may contain rich text, including This subdomain name may contain rich text, including
spaces and other punctuation. This is because this spaces and other punctuation. This is because this
subdomain name is used only in graphical user interfaces, subdomain name is used only in graphical user interfaces,
where rich text is appropriate.</t> where rich text is appropriate.</dd>
<t hangText="A DNS subdomain for host name records."><vspace /> <dt pn="section-5-2.3">A DNS subdomain for host name records.</dt>
This subdomain name SHOULD be limited to letters, digits and <dd pn="section-5-2.4">
hyphens, This subdomain name <bcp14>SHOULD</bcp14> be limited to letters,
to facilitate convenient use of host names in command-line digits, and
interfaces.</t> hyphens in order to facilitate the convenient use of host
<t hangText="One or more DNS subdomains for IPv4 Reverse Mapping names in
records."><vspace /> command-line
These subdomains will have names that ends in "in-addr.arpa."</t> interfaces.</dd>
<t hangText="One or more DNS subdomains for IPv6 Reverse Mapping <dt pn="section-5-2.5">One or more DNS subdomains for IPv4 Reverse Mappi
records."><vspace /> ng records.</dt>
These subdomains will have names that ends in "ip6.arpa."</t> <dd pn="section-5-2.6">
</list> These subdomains will have names that end in "in-addr.arpa".</dd>
</t> <dt pn="section-5-2.7">One or more DNS subdomains for IPv6 Reverse Mappi
ng records.</dt>
<t>In an enterprise network the naming and delegation of these <dd pn="section-5-2.8">
These subdomains will have names that end in "ip6.arpa".</dd>
</dl>
<t pn="section-5-3">In an enterprise network, the naming and delegation of
these
subdomains subdomains
is typically performed by conscious action of the network administrator. is typically performed by conscious action of the network administrator.
In a home network naming and delegation would typically be performed In a home network, naming and delegation would typically be performed
using some automatic configuration mechanism such as HNCP using some automatic configuration mechanism such as Home Networking
<xref target="RFC7788"/>.</t> Control Protocol (HNCP)
<xref target="RFC7788" format="default" sectionFormat="of" derivedContent=
<t>These three varieties of delegated subdomains "RFC7788"/>.</t>
<t pn="section-5-4">These three varieties of delegated subdomains
(service discovery, host names, and reverse mapping) are described below (service discovery, host names, and reverse mapping) are described below
in in Sections <xref target="dom-sd" format="counter" sectionFormat="of" deri
<xref target="dom-sd"/>, vedContent="5.1"/>, <xref target="dom-host" format="counter" sectionFormat="of"
<xref target="dom-host"/> and derivedContent="5.3"/>, and <xref target="dom-rev" format="counter" sectionForma
<xref target="dom-rev"/>.</t> t="of" derivedContent="5.4"/>.</t>
<t pn="section-5-5">How a client discovers where to issue its DNS-based Se
<t>How a client discovers where to issue its service discovery queries rvice Discovery
is described queries
below in <xref target="dom-enum"/>.</t> is described in <xref target="dom-enum" format="default" sectionFormat="of
" derivedContent="Section 5.2"/>.</t>
<?rfc needLines="28" ?> <section anchor="dom-sd" numbered="true" toc="include" removeInRFC="false"
<section anchor="dom-sd" title="Delegated Subdomain for Service pn="section-5.1">
Discovery Records"> <name slugifiedName="name-delegated-subdomain-for-dns">Delegated Subdoma
<t>In its simplest form, each link in an organization in for DNS-based Service Discovery
is assigned a unique Unicast DNS domain name, such as Records</name>
"Building&nbsp;1.example.com" or <t pn="section-5.1-1">In its simplest form, each link in an organization
"2nd&nbsp;Floor.Building&nbsp;3.example.com". is assigned a unique Unicast DNS domain name such as
"Building 1.example.com" or
"2nd Floor.Building 3.example.com".
Grouping multiple links under a single Unicast DNS domain Grouping multiple links under a single Unicast DNS domain
name is to be specified in a future companion document, but for name is to be specified in a future companion document, but for
the purposes of this document, assume that each link has its own the purposes of this document, assume that each link has its own
unique Unicast DNS domain name. unique Unicast DNS domain name.
In a graphical user interface these names are not displayed In a graphical user interface these names are not displayed
as strings with dots as shown above, but something more as strings with dots as shown above, but something more
akin to a typical file browser graphical user interface akin to a typical file browser graphical user interface
(which is harder to illustrate in a text-only document) (which is harder to illustrate in a text-only document)
showing folders, subfolders and files in a file system. showing folders, subfolders, and files in a file system.
<figure align="left" anchor="browser" title="Illustrative </t>
GUI"><artwork><![CDATA[ <figure anchor="browser" align="left" suppress-title="false" pn="figure-
2">
<name slugifiedName="name-illustrative-gui">Illustrative GUI
</name>
<artwork align="center" name="" type="" alt="" pn="section-5.1-2.1">
+---------------+--------------+-------------+-------------------+ +---------------+--------------+-------------+-------------------+
| *example.com* | Building 1 | 1st Floor | Alice's printer | | *example.com* | Building 1 | 1st Floor | Alice's printer |
| | Building 2 | *2nd Floor* | Bob's printer | | | Building 2 | *2nd Floor* | Bob's printer |
| | *Building 3* | 3rd Floor | Charlie's printer | | | *Building 3* | 3rd Floor | Charlie's printer |
| | Building 4 | 4th Floor | | | | Building 4 | 4th Floor | |
| | Building 5 | | | | | Building 5 | | |
| | Building 6 | | | | | Building 6 | | |
+---------------+--------------+-------------+-------------------+]]></artwork> +---------------+--------------+-------------+-------------------+
</figure>
</t>
<t>Each named link in an organization has one or more Discovery Proxies
which
serve it. This Discovery Proxy function for each link could be performed
by a
device like a router or switch that is physically attached to that link.
In the parent domain, NS records
are used to delegate ownership of each defined link name
(e.g.,&nbsp;"Building&nbsp;1.example.com")
to the one or more Discovery Proxies that serve the named link.
In other words, the Discovery Proxies are the authoritative name
servers for that subdomain.
As in the rest of DNS-Based Service Discovery, all names are represented
as-is
using plain UTF-8 encoding, and, as described in <xref
target="notrans"/>,
no text encoding translations are performed.</t>
<t>With appropriate <xref target="IEEE-1Q">VLAN configuration</xref>
a single Discovery Proxy device could have a logical presence on
many links, and serve as the Discovery Proxy for all those links.
In such a configuration the Discovery Proxy device would have a single
physical <xref target="IEEE-3">Ethernet</xref> port, configured as a
VLAN trunk port, which would appear to software on that device as
multiple
virtual Ethernet interfaces, one connected to each of the VLAN
links.</t>
<t>As an alternative to using VLAN technology, using a </artwork>
<xref target="Relay">Multicast DNS Discovery Relay</xref> </figure>
<t pn="section-5.1-3">Each named link in an organization has one or more
Discovery
Proxies that serve it. This Discovery Proxy function
could be performed by a device like a router or switch that is
physically attached to that link. In the parent domain, NS records
are used to delegate ownership of each defined link name
(e.g., "Building 1.example.com") to one or more
Discovery Proxies that serve the named link. In other words, the
Discovery Proxies are the authoritative name servers for that
subdomain. As in the rest of DNS-based Service Discovery, all names
are represented as-is using plain UTF-8 encoding and, as described in
<xref target="notrans" format="default" sectionFormat="of" derivedConten
t="Section 5.5.4"/>, no text-encoding
translations are performed.</t>
<t pn="section-5.1-4">With appropriate VLAN
configuration <xref target="IEEE-1Q" format="default" sectionFormat="of"
derivedContent="IEEE-1Q"/>, a
single Discovery Proxy device could have a
logical presence on many links and serve as the Discovery Proxy for
all those links. In such a configuration, the Discovery Proxy device
would have a single physical Ethernet <xref target="IEEE-3" format="defa
ult" sectionFormat="of" derivedContent="IEEE-3"/> port, configured as a VLAN tru
nk
port, which would appear to software on that device as multiple
virtual Ethernet interfaces, one connected to each of the VLAN
links.</t>
<t pn="section-5.1-5">As an alternative to using VLAN technology, using
a Multicast DNS
Discovery Relay
<xref target="I-D.sctl-dnssd-mdns-relay" format="default" sectionFormat="o
f" derivedContent="RELAY"/>
is another way that a Discovery Proxy can have is another way that a Discovery Proxy can have
a ‘virtual’ presence on a remote link.</t> a "virtual" presence on a remote link.</t>
<t pn="section-5.1-6">When a DNS-SD client issues a Unicast DNS query to
<?rfc needLines="6" ?> discover
<t>When a DNS-SD client issues a Unicast DNS query to discover services services in a particular Unicast DNS subdomain
in a particular Unicast DNS subdomain (e.g., "_ipp._tcp.Building 1.example.com. PTR ?"),
(e.g.,&nbsp;"_printer._tcp.Building&nbsp;1.example.com.&nbsp;PTR&nbsp;?") the normal DNS delegation mechanism results in that query being
the normal DNS delegation mechanism results in that query being forwarded until it reaches the delegated authoritative name server for
forwarded until it reaches the delegated authoritative name server that subdomain, namely, the Discovery Proxy on the link in question.
for that subdomain, namely the Discovery Proxy on the link in question. Like a conventional Unicast DNS server, a Discovery Proxy implements
Like a conventional Unicast DNS server, the usual Unicast DNS protocol <xref target="RFC1034" format="default" s
a Discovery Proxy implements the usual Unicast DNS protocol ectionFormat="of" derivedContent="RFC1034"/> <xref target="RFC1035" format="defa
<xref target="RFC1034"/> <xref target="RFC1035"/> over UDP and TCP. ult" sectionFormat="of" derivedContent="RFC1035"/> over UDP
However, unlike a conventional Unicast DNS server that and TCP. However, unlike a conventional Unicast DNS server that
generates answers from the data in its manually-configured zone file, generates answers from the data in its manually configured zone file,
a Discovery Proxy generates answers using Multicast DNS. a Discovery Proxy learns answers using Multicast DNS. A Discovery
A Discovery Proxy does this by consulting Proxy does this by consulting its Multicast DNS cache and/or issuing
its Multicast DNS cache and/or issuing Multicast DNS queries, Multicast DNS queries, as appropriate according to the usual protocol
as appropriate, according to the usual protocol rules of Multicast DNS <xref target="RFC6762" format="default" sectionFo
rules of <xref target="RFC6762">Multicast DNS</xref>, rmat="of" derivedContent="RFC6762"/>,
for the corresponding Multicast DNS name, type and class, for the corresponding Multicast DNS name, type, and class, with the
with the delegated zone part of the name replaced with ".local" delegated zone part of the name replaced with ".local" (e.g., in
(e.g.,&nbsp;in this case, "_printer._tcp.local.&nbsp;PTR&nbsp;?"). this case, "_ipp._tcp.local. PTR ?"). Then, from the
Then, from the received Multicast DNS data, the Discovery Proxy received Multicast DNS data, the Discovery Proxy synthesizes the
synthesizes the appropriate Unicast DNS response, with the appropriate Unicast DNS response, with the ".local" top-level label
".local" top-level label replaced with with the name of the delegated of the owner name
zone. replaced with the name of the delegated zone.
How long the Discovery Proxy should wait to accumulate Multicast DNS Further details of the name translation rules are
responses before sending its unicast reply is described below in <xref described in <xref target="translation" format="default" sectionFormat="
target="aggregation"/>.</t> of" derivedContent="Section 5.5"/>.
Rules specifying how long the Discovery
<t>The existing Multicast DNS caching mechanism is used Proxy should wait to accumulate Multicast DNS responses before sending
to minimize unnecessary Multicast DNS queries on the wire. its unicast reply are described in <xref target="aggregation" format="de
The Discovery Proxy is acting as a client of the underlying Multicast fault" sectionFormat="of" derivedContent="Section 5.6"/>.
DNS </t>
subsystem, and benefits from the same caching and efficiency <t pn="section-5.1-7">The existing Multicast DNS caching mechanism is us
measures as any other client using that subsystem.</t> ed to minimize
unnecessary Multicast DNS queries on the wire. The Discovery Proxy is
<t>Note that the contents of the delegated zone, acting as a client of the underlying Multicast DNS subsystem and
generated as it is by performing ".local" Multicast DNS queries, benefits from the same caching and efficiency measures as any other
mirrors the records available on the local link via Multicast DNS client using that subsystem.</t>
very closely, but not precisely. <t pn="section-5.1-8">Note that the contents of the delegated zone, gene
There is not a full bidirectional equivalence between the two. rated as it is by
Certain records that are available via Multicast DNS may not have performing ".local" Multicast DNS queries, mirrors the records
equivalents in the delegated zone, available on the local link via Multicast DNS very closely, but not
possibly because they are invalid or not relevant in the delegated zone, precisely. There is not a full bidirectional equivalence between the
or two. Certain records that are available via Multicast DNS may not
because they are being supressed because they are unusable outside the have equivalents in the delegated zone possibly because they are
local link invalid or not relevant in the delegated zone or because they are
(see <xref target="unusable"/>). being suppressed because they are unusable outside the local link (see
Conversely, certain records that appear in the delegated zone may not <xref target="unusable" format="default" sectionFormat="of" derivedConte
have nt="Section 5.5.2"/>). Conversely, certain
corresponding records available on the local link via Multicast DNS. records that appear in the delegated zone may not have corresponding
In particular there are certain administrative SRV records records available on the local link via Multicast DNS. In particular,
(see <xref target="admin"/>) that logically fall within the delegated there are certain administrative SRV records (see <xref target="admin" f
zone, ormat="default" sectionFormat="of" derivedContent="Section 6"/>) that logically
but semantically represent metadata *about* the zone rather than records fall within the delegated zone but
*within* the zone, and consequently these administrative records in the semantically represent metadata <em>about</em> the zone rather than
delegated zone records
do not have any corresponding counterparts in the Multicast DNS <em>within</em> the zone. Consequently, these administrative records
namespace of the local link.</t> in
the delegated zone do not have any corresponding counterparts in the
<?rfc needLines="26" ?> Multicast DNS namespace of the local link.</t>
</section> </section>
<section anchor="dom-enum" numbered="true" toc="include" removeInRFC="fals
<section anchor="dom-enum" title="Domain Enumeration"> e" pn="section-5.2">
<t>A DNS-SD client performs Domain Enumeration <xref <name slugifiedName="name-domain-enumeration">Domain Enumeration</name>
target="RFC6763"/> <t pn="section-5.2-1">A DNS-SD client performs Domain Enumeration <xref
via certain PTR queries, using both unicast and multicast. target="RFC6763" format="default" sectionFormat="of" derivedContent="RFC6763"/>
If it receives a Domain Name configuration via via certain PTR queries, using both unicast and
<xref target="RFC2132">DHCP option 15</xref>, multicast.</t>
then it issues unicast queries using this domain. <t pn="section-5.2-2">If a DNS-SD client receives a Domain Name configur
It issues unicast queries using names derived from its ation via DHCP
IPv4 subnet address(es) and then it issues
IPv6 prefix(es). unicast queries derived from this domain name. It also issues unicast
These are described below in <xref target="unicast"/>. queries using
It also issues multicast Domain Enumeration queries in the "local" names derived from its IPv4 subnet address(es) and IPv6 prefix(es).
domain These unicast Domain Enumeration queries are described
<xref target="RFC6762"/>. in <xref target="unicast" format="default" sectionFormat="of" derivedCon
These are described below in <xref target="multicast"/>. tent="Section 5.2.1"/>.
The results of all the Domain Enumeration queries are combined for A DNS-SD client
Service Discovery purposes.</t> also issues multicast Domain Enumeration queries in the "local" domain
<xref target="RFC6762" format="default" sectionFormat="of" derivedConten
<section anchor="unicast" title="Domain Enumeration via Unicast t="RFC6762"/>, as described in
Queries"> <xref target="multicast" format="default" sectionFormat="of" derivedCont
<t>The administrator creates Domain Enumeration ent="Section 5.2.2"/>. The results of all the
PTR records <xref target="RFC6763"/> Domain Enumeration queries are combined for DNS-based Service
to inform clients of available service discovery domains. Discovery
Two varieties of such Domain Enumeration PTR records exist; purposes.</t>
those with names derived from the domain name communicated to the <section anchor="unicast" numbered="true" toc="include" removeInRFC="fal
clients via DHCP, se" pn="section-5.2.1">
and those with names derived from IPv4 subnet address(es) and IPv6 <name slugifiedName="name-domain-enumeration-via-unic">Domain Enumerat
prefix(es) in use by the clients. ion via Unicast Queries</name>
Below is an example showing the name-based variety:</t> <t pn="section-5.2.1-1">The (human or automated) administrator creates
<figure><artwork> Unicast DNS Domain Enumeration PTR records <xref target="RFC6763" form
at="default" sectionFormat="of" derivedContent="RFC6763"/> to inform clients of
available
service discovery domains. Two varieties of such Unicast DNS Domain
Enumeration
PTR records exist: those with names derived from the domain name
communicated to the clients via
<xref target="RFC2132" format="default" sectionFormat="of" derivedCont
ent="RFC2132">DHCP option 15</xref>,
and those with names derived
from either IPv4 subnet address(es) or IPv6 prefix(es) in use by the
clients. Below is an example showing the name-based variety,
where the DHCP server configured the client with the domain name
"example.com":</t>
<artwork name="" type="" align="center" alt="" pn="section-5.2.1-2">
b._dns-sd._udp.example.com. PTR Building 1.example.com. b._dns-sd._udp.example.com. PTR Building 1.example.com.
PTR Building 2.example.com. PTR Building 2.example.com.
PTR Building 3.example.com. PTR Building 3.example.com.
PTR Building 4.example.com. PTR Building 4.example.com.
db._dns-sd._udp.example.com. PTR Building 1.example.com. db._dns-sd._udp.example.com. PTR Building 1.example.com.
lb._dns-sd._udp.example.com. PTR Building lb._dns-sd._udp.example.com. PTR Building 1.example.com.</artwork>
1.example.com.</artwork></figure> <t pn="section-5.2.1-3">The meaning of these records is defined in the
<xref target="RFC6763" format="default" sectionFormat="of" derivedContent="RFC6
<t>The meaning of these records is defined in the 763">DNS-based Service
<xref target="RFC6763">DNS Service Discovery specification</xref> Discovery specification</xref> but, for convenience, is repeated
but for convenience is repeated here. here.
The "b" ("browse") records tell the client device the The "b" ("browse") records tell the client device the list of
list of browsing domains to display for the user to select from. browsing domains to display for the user to select from. The "db"
The "db" ("default browse") record tells the client device ("default browse") record tells the client device which domain in
which domain in that list should be selected by default. that list should be selected by default. The "db" domain
The "db" domain MUST be one of the domains in the "b" list; <bcp14>MUST</bcp14> be one of the domains in the "b" list; if not,
if not then no domain is selected by default. then no domain is selected by default. The "lb" ("legacy browse")
The "lb" ("legacy browse") record tells the client device which domain record tells the client device which domain to automatically browse
to automatically browse on behalf of applications that don't implement on behalf of applications that don't implement user interface for
UI for multi-domain browsing (which is most of them, at the time of multi-domain
writing). browsing (which is most of them at the time of writing). The "lb"
The "lb" domain is often the same as the "db" domain, or sometimes domain is often the same as the "db" domain, or sometimes the "db"
the "db" domain plus one or more others that should be included in domain plus one or more others that should be included in the list
the list of automatic browsing domains for legacy clients.</t> of automatic browsing domains for legacy clients.</t>
<t pn="section-5.2.1-4">Note that in the example above, for clarity, s
<t>Note that in the example above, for clarity, pace characters in
space characters in names are shown as actual spaces. names are shown as actual spaces. If this data is manually entered
If this data is manually entered into a textual zone file for into a textual zone file for authoritative server software such as
authoritative server BIND, care must be taken because the space character is used as a
software such as BIND, care must be taken because the space character field separator, and other characters like dot ('.'), semicolon
is used as (';'), dollar ('$'), backslash ('\'), etc., also have special
a field separator, and other characters like dot ('.'), semicolon meaning. These characters have to be escaped when entered into a
(';'), textual zone file, following the rules in <xref target="RFC1035" secti
dollar ('$'), backslash ('\'), etc., also have special meaning. onFormat="of" section="5.1" format="default" derivedLink="https://rfc-editor.org
These characters have to be escaped when entered into a textual zone /rfc/rfc1035#section-5.1" derivedContent="RFC1035">the DNS specification</xref>.
file, For
following the rules in Section 5.1 of the example, a literal space in a name is represented in the textual
<xref target="RFC1035">DNS specification</xref>. zone file using '\032', so "Building 1.example.com" is entered
For example, a literal space in a name is represented in the textual as "Building\0321.example.com".</t>
zone file <t pn="section-5.2.1-5">DNS responses are limited to a maximum size of
using '\032', so "Building 1.example.com." is entered as 65535 bytes.
"Building\0321.example.com."</t>
<?rfc needLines="15" ?>
<t>DNS responses are limited to a maximum size of 65535 bytes.
This limits the maximum number of domains that can be returned for This limits the maximum number of domains that can be returned for
a Domain Enumeration query, as follows:</t> a Domain Enumeration query as follows:</t>
<t pn="section-5.2.1-6">A DNS response header is 12 bytes.
<t>A DNS response header is 12 bytes.
That's typically followed by a single qname (up to 256 bytes) That's typically followed by a single qname (up to 256 bytes)
plus qtype (2&nbsp;bytes) and qclass (2&nbsp;bytes), leaving 65275 plus qtype (2 bytes) and qclass (2 bytes), leaving 65275
for the Answer Section.</t> for the Answer Section.</t>
<t pn="section-5.2.1-7">An Answer Section Resource Record consists of:
<t>An Answer Section Resource Record consists of: </t>
<?rfc subcompact="yes" ?> <ul spacing="compact" bare="false" empty="false" pn="section-5.2.1-8">
<list style='symbols'> <li pn="section-5.2.1-8.1">Owner name, encoded as a compression poin
<t>Owner name, encoded as a two-byte compression pointer</t> ter, 2 bytes</li>
<t>Two-byte rrtype (type PTR)</t> <li pn="section-5.2.1-8.2">RRTYPE (type PTR), 2 bytes</li>
<t>Two-byte rrclass (class IN)</t> <li pn="section-5.2.1-8.3">RRCLASS (class IN), 2 bytes</li>
<t>Four-byte ttl</t> <li pn="section-5.2.1-8.4">TTL, 4 bytes</li>
<t>Two-byte rdlength</t> <li pn="section-5.2.1-8.5">RDLENGTH, 2 bytes</li>
<t>rdata (domain name, up to 256 bytes)</t> <li pn="section-5.2.1-8.6">RDATA (domain name), up to 256 bytes</li>
</list> </ul>
<?rfc subcompact="no" ?> <t pn="section-5.2.1-9">This means that each Resource Record in the An
</t> swer Section can
<t>This means that each Resource Record in the Answer Section can
take up to 268 bytes total, which means that the Answer Section take up to 268 bytes total, which means that the Answer Section
can contain, in the worst case, no more than 243 domains.</t> can contain, in the worst case, no more than 243 domains.</t>
<t pn="section-5.2.1-10">In a more typical scenario, where the domain
<t>In a more typical scenario, where the domain names are not all names are not all
maximum-sized names, and there is some similarity between names maximum-sized names, and there is some similarity between names
so that reasonable name compression is possible, each Answer so that reasonable name compression is possible, each Answer
Section Resource Record may average 140 bytes, which means that Section Resource Record may average 140 bytes, which means that
the Answer Section can contain up to 466 domains.</t> the Answer Section can contain up to 466 domains.</t>
<t pn="section-5.2.1-11">It is anticipated that this should be suffici
<t>It is anticipated that this should be sufficient for even a large ent for even a large
corporate network or university campus.</t> corporate network or university campus.</t>
<?rfc needLines="21" ?> </section>
</section> <section anchor="multicast" numbered="true" toc="include" removeInRFC="f
alse" pn="section-5.2.2">
<section anchor="multicast" title="Domain Enumeration via Multicast <name slugifiedName="name-domain-enumeration-via-mult">Domain Enumerat
Queries"> ion via Multicast Queries</name>
<t pn="section-5.2.2-1">In the case where Discovery Proxy functionalit
<t>In the case where Discovery Proxy functionality is widely deployed y is widely
within an enterprise (either by having a Discovery Proxy on each link, deployed within an enterprise (either by having a Discovery Proxy
or by having a Discovery Proxy with a remote ‘virtual’ presence on physically on
each link each link, or by having a Discovery Proxy with a remote "virtual"
using VLANs or <xref target="Relay">Multicast DNS Discovery presence on each link using VLANs or Multicast DNS Discovery Relays
Relays</xref>) <xref target="I-D.sctl-dnssd-mdns-relay" format="default" sectionForma
this offers an additional way to provide Domain Enumeration data for t="of" derivedContent="RELAY"/>),
clients.</t> this offers an additional way to provide Domain Enumeration
configuration data for
<t>A Discovery Proxy can be configured to generate Multicast DNS clients.</t>
responses <t pn="section-5.2.2-2">Note that this function of the Discovery Proxy
is
supplementary to the primary purpose of the Discovery Proxy,
which is to facilitate <em>remote</em> clients discovering services
on the Discovery Proxy's local link.
This publication of Domain Enumeration configuration data
via link-local multicast on the Discovery
Proxy's local link is performed for the benefit of <em>local</em>
clients
attached to that link, and typically directs those clients to
contact other distant Discovery Proxies attached to other links.
Generally, a client does not need to use the local Discovery
Proxy on its own link, because a client is generally able to
perform its own Multicast DNS queries on that link.
(The exception to this is when the local Wi-Fi access point is
blocking or filtering local multicast traffic, requiring even local
clients to use their local Discovery Proxy to perform local
discovery.)</t>
<t pn="section-5.2.2-3">A Discovery Proxy can be configured to generat
e Multicast DNS
responses
for the following Multicast DNS Domain Enumeration queries issued by for the following Multicast DNS Domain Enumeration queries issued by
clients:</t> clients:</t>
<artwork name="" type="" align="left" alt="" pn="section-5.2.2-4">
<figure><artwork>
b._dns-sd._udp.local. PTR ? b._dns-sd._udp.local. PTR ?
db._dns-sd._udp.local. PTR ? db._dns-sd._udp.local. PTR ?
lb._dns-sd._udp.local. PTR ?</artwork></figure> lb._dns-sd._udp.local. PTR ?</artwork>
<t pn="section-5.2.2-5">This provides the ability for Discovery Proxie
<t>This provides the ability for Discovery Proxies to indicate s to indicate
recommended browsing domains recommended browsing domains to DNS-SD clients on a per-link
to DNS-SD clients on a per-link granularity. In some enterprises it granularity. In some enterprises, it may be preferable to provide
may be this per-link configuration information in the form of Discovery
preferable to provide this per-link configuration data in the form of Proxy
Discovery Proxy configuration, rather than populating the Unicast DNS configuration data rather than by populating the Unicast DNS servers
servers with
with the same data (in the "ip6.arpa" or "in-addr.arpa" domains).</t> the same data (in the "ip6.arpa" or "in-addr.arpa" domains).</t>
<t pn="section-5.2.2-6">Regardless of how the network operator chooses
<t>Regardless of how the network operator chooses to provide this to provide this
configuration configuration
data, clients will perform Domain Enumeration via both unicast and data, clients will perform Domain Enumeration via both unicast and
multicast multicast
queries, and then combine the results of these queries.</t> queries and then combine the results of these queries.</t>
<?rfc needLines="30" ?>
</section> </section>
</section> </section>
<section anchor="dom-host" numbered="true" toc="include" removeInRFC="fals
<section anchor="dom-host" title="Delegated Subdomain for LDH Host e" pn="section-5.3">
Names"> <name slugifiedName="name-delegated-subdomain-for-ldh">Delegated Subdoma
<t>DNS-SD service instance names and domains are allowed in for LDH Host Names</name>
to contain arbitrary <xref target="RFC5198">Net-Unicode text</xref>, <t pn="section-5.3-1">DNS-SD service instance names and domains are allo
encoded as <xref target="RFC3629">precomposed UTF-8</xref>.</t> wed
to contain arbitrary Net-Unicode text <xref target="RFC5198" format="def
<t>Users typically interact with service discovery software by ault" sectionFormat="of" derivedContent="RFC5198"/>,
viewing a list of discovered service instance names on a display, encoded as precomposed UTF-8 <xref target="RFC3629" format="default" sec
tionFormat="of" derivedContent="RFC3629"/>.</t>
<t pn="section-5.3-2">Users typically interact with service discovery so
ftware by
viewing a list of discovered service instance names on a display
and selecting one of them by pointing, touching, or clicking. and selecting one of them by pointing, touching, or clicking.
Similarly, in software that provides a multi-domain DNS-SD user Similarly, in software that provides a multi-domain DNS-SD user
interface, users view a list of offered domains on the display interface, users view a list of offered domains on the display
and select one of them by pointing, touching, or clicking. and select one of them by pointing, touching, or clicking.
To use a service, users don't have to remember domain or instance To use a service, users don't have to remember domain or instance
names, or type them; users just have to be able to recognize what names, or type them; users just have to be able to recognize what
they see on the display and touch or click on the thing they want.</t> they see on the display and touch or click on the thing they want.</t>
<t pn="section-5.3-3">In contrast, host names are often remembered and t
<t>In contrast, host names are often remembered and typed. yped. Also, host
Also, host names have historically been used in command-line names have historically been used in command-line interfaces where
interfaces spaces can be inconvenient. For this reason, host names have
where spaces can be inconvenient. For this reason, host names have traditionally been restricted to letters, digits, and hyphens (LDH)
traditionally been restricted to letters, digits and hyphens (LDH), with no spaces or other punctuation.</t>
with <t pn="section-5.3-4">While we do want to allow
no spaces or other punctuation.</t> rich text for DNS-SD service instance names and domains, it is
advisable, for maximum compatibility with existing usage, to restrict
<t>While we do want to allow rich text for DNS-SD service host names to the traditional letter-digit-hyphen rules. This means
instance names and domains, it is advisable, for maximum that while the service name
compatibility with existing usage, to restrict host names "My Printer._ipp._tcp.Building 1.example.com" is acceptable
to the traditional letter-digit-hyphen rules. and desirable (it is displayed in a graphical user interface as an
This means that while a service name instance called "My Printer" in the domain "Building 1" at
"My&nbsp;Printer._ipp._tcp.Building&nbsp;1.example.com" "example.com"), the host name "My-Printer.Building 1.example.com"
is acceptable and desirable is less desirable (because of the space in "Building 1").</t>
(it is displayed in a graphical user interface as an instance called <t pn="section-5.3-5">To accommodate this difference in allowable charac
"My&nbsp;Printer" in the domain "Building&nbsp;1" at "example.com"), ters, a Discovery
a host name "My-Printer.Building&nbsp;1.example.com" is less desirable Proxy <bcp14>SHOULD</bcp14> support having two separate subdomains
(because of the space in "Building&nbsp;1").</t> delegated to it for each link it serves: one whose name is allowed to
contain arbitrary Net-Unicode text <xref target="RFC5198" format="defaul
<t>To accomodate this difference in allowable characters, a Discovery t" sectionFormat="of" derivedContent="RFC5198"/>, and a second more constrained
Proxy subdomain whose name
SHOULD support having two separate subdomains delegated to it is restricted to contain only letters, digits, and hyphens, to be used
for each link it serves, one whose name for host name records (names of 'A' and 'AAAA' address records). The
is allowed to contain arbitrary Net-Unicode text <xref restricted names may be any valid name consisting of only letters,
target="RFC5198"/>, digits, and hyphens, including Punycode-encoded names <xref target="RFC3
and a second more constrained subdomain whose name is restricted to 492" format="default" sectionFormat="of" derivedContent="RFC3492"/>.
contain
only letters, digits, and hyphens, to be used for host name records
(names of 'A' and 'AAAA' address records).
The restricted names may be any valid name consisting of only
letters, digits, and hyphens, including Punycode-encoded names <xref
target="RFC3492"/>.
</t> </t>
<t pn="section-5.3-6">For example, a Discovery Proxy could have the two
<?rfc needLines="12" ?> subdomains
<t>For example, a Discovery Proxy could have the two subdomains "Building 1.example.com" and "bldg‑1.example.com" delegated
"Building&nbsp;1.example.com" and "bldg1.example.com" delegated to it. to it.
The Discovery Proxy would then translate these two Multicast DNS The Discovery Proxy would then translate these two Multicast DNS
records:</t> records:</t>
<artwork name="" type="" align="left" alt="" pn="section-5.3-7">
<figure><artwork>
My Printer._ipp._tcp.local. SRV 0 0 631 prnt.local. My Printer._ipp._tcp.local. SRV 0 0 631 prnt.local.
prnt.local. A 203.0.113.2</artwork></figure> prnt.local. A 203.0.113.2</artwork>
<t pn="section-5.3-8">into Unicast DNS records as follows:</t>
<t>into Unicast DNS records as follows:</t> <artwork name="" type="" align="left" alt="" pn="section-5.3-9">
<figure><artwork>
My Printer._ipp._tcp.Building 1.example.com. My Printer._ipp._tcp.Building 1.example.com.
SRV 0 0 631 prnt.bldg1.example.com. SRV 0 0 631 prnt.bldg-1.example.com.
prnt.bldg1.example.com. A 203.0.113.2</artwork></figure> prnt.bldg-1.example.com. A 203.0.113.2</artwork>
<t pn="section-5.3-10">Note that the SRV record name is translated using
<t>Note that the SRV record name is translated using the rich-text the rich-text
domain name ("Building&nbsp;1.example.com") and the address record domain name ("Building 1.example.com"), and the address record
name is translated using the LDH domain ("bldg1.example.com").</t> name is translated using the LDH domain ("bldg‑1.example.com").
Further details of the name translation rules are
<t>A Discovery Proxy MAY support only a single rich text Net-Unicode described in <xref target="translation" format="default" sectionFormat="
domain, and of" derivedContent="Section 5.5"/>.</t>
use that domain for all records, including 'A' and 'AAAA' address <t pn="section-5.3-11">A Discovery Proxy <bcp14>MAY</bcp14> support only
records, a single
but implementers choosing this option should be aware that this choice rich-text Net-Unicode domain and use that domain for all records,
may produce host names that are awkward to use in command-line including 'A' and 'AAAA' address records, but implementers choosing
environments. this option should be aware that this choice may produce host names
Whether this is an issue depends on whether users in the target that are awkward to use in command-line environments. Whether or not
environment this is
are expected to be using command-line interfaces.</t> an issue depends on whether users in the target environment are
expected to be using command-line interfaces.</t>
<t>A Discovery Proxy MUST NOT be restricted to support only a <t pn="section-5.3-12">A Discovery Proxy <bcp14>MUST NOT</bcp14> be rest
ricted to support
only a
letter-digit-hyphen letter-digit-hyphen
subdomain, because that results in an unnecessarily poor user subdomain, because that results in an unnecessarily poor user
experience.</t> experience.</t>
<t pn="section-5.3-13">As described in <xref target="unicast" format="de
<t>As described above in <xref target="unicast"/>, for clarity, fault" sectionFormat="of" derivedContent="Section 5.2.1"/>, for
space characters in names are shown as actual spaces. clarity, in examples here space characters in names are shown as
If this data were to be manually entered into a textual zone file actual spaces. If
(which it isn't) this dynamically discovered data were to be manually entered into a
then spaces would need to be represented using '\032', so textual zone file (which
"My&nbsp;Printer._ipp._tcp.Building&nbsp;1.example.com." would become it isn't), then spaces would need to be represented using '\032', so
"My\032Printer._ipp._tcp.Building\0321.example.com."<vspace /> "My Printer._ipp._tcp.Building 1.example.com" would become
Note that the '\032' representation does not appear "My\032Printer._ipp._tcp.Building\0321.example.com".</t>
in the network packets sent over the air. <t pn="section-5.3-14">
In the wire format of DNS messages, spaces are sent as spaces, not as Note that the '\032' representation does not appear in DNS messages
'\032', sent over the air. In the wire format of DNS messages, spaces are sent as
and likewise, in a graphical user interface at the client device, spaces, not as '\032', and likewise, in a graphical user interface at the
spaces are shown as spaces, not as '\032'. client device, spaces are shown as spaces, not as '\032'.
</t> </t>
</section>
<?rfc needLines="36" ?> <section anchor="dom-rev" numbered="true" toc="include" removeInRFC="false
</section> " pn="section-5.4">
<name slugifiedName="name-delegated-subdomain-for-rev">Delegated Subdoma
<section anchor="dom-rev" title="Delegated Subdomain for Reverse in for Reverse Mapping</name>
Mapping"> <t pn="section-5.4-1">A Discovery Proxy can facilitate easier management
<t>A Discovery Proxy can facilitate easier management of reverse of reverse
mapping domains, particularly for IPv6 addresses where manual mapping domains, particularly for IPv6 addresses where manual
management may be more onerous than it is for IPv4 addresses.</t> management may be more onerous than it is for IPv4 addresses.</t>
<t pn="section-5.4-2">To achieve this, in the parent domain, NS records
<t>To achieve this, in the parent domain, NS records are used to are used to
delegate ownership of the appropriate reverse mapping domain to delegate ownership of the appropriate reverse mapping domain to
the Discovery Proxy. In other words, the Discovery Proxy becomes the the Discovery Proxy. In other words, the Discovery Proxy becomes the
authoritative name server for the reverse mapping domain. authoritative name server for the reverse mapping domain.
For fault tolerance reasons there may be more than one For fault tolerance reasons, there may be more than one
Discovery Proxy serving a given link.</t> Discovery Proxy serving a given link.</t>
<t pn="section-5.4-3">If a given link is using the IPv4 subnet 203.0.113
<t>If a given link is using the IPv4 subnet 203.0.113/24,<vspace/> /24,
then the domain "113.0.203.in-addr.arpa"<vspace/> then the domain "113.0.203.in-addr.arpa"
is delegated to the Discovery Proxy for that link.</t> is delegated to the Discovery Proxy for that link.</t>
<t pn="section-5.4-4">If a given link is using the
<t>For example, if a given link is using the<vspace/> IPv6 prefix 2001:0DB8:1234:5678::/64,
IPv6 prefix 2001:0DB8:1234:5678/64,<vspace/> then the domain "8.7.6.5.4.3.2.1.8.b.d.0.1.0.0.2.ip6.arpa"
then the domain "8.7.6.5.4.3.2.1.8.b.d.0.1.0.0.2.ip6.arpa"<vspace/>
is delegated to the Discovery Proxy for that link.</t> is delegated to the Discovery Proxy for that link.</t>
<t pn="section-5.4-5">When a reverse mapping query arrives at the Discov
<t>When a reverse mapping query arrives at the Discovery Proxy, it ery Proxy, it
issues issues the identical query on its local link, as a Multicast DNS
the identical query on its local link as a Multicast DNS query. query.
The mechanism to force an apparently unicast name to be resolved The mechanism to force an apparently unicast name to be resolved using
using link-local Multicast DNS varies depending on the API set being link-local Multicast DNS varies depending on the API set being used.
used. For example, in the "dns_sd.h" APIs (available on macOS, iOS, Bonjour
For example, in the "dns_sd.h" APIs<vspace/> for Windows, Linux, and Android), using kDNSServiceFlagsForceMulticast
(available on macOS, iOS, Bonjour for Windows, Linux and Android), indicates that the DNSServiceQueryRecord() call should perform the
using kDNSServiceFlagsForceMulticast query using Multicast DNS. Other API sets have different ways of
indicates that the DNSServiceQueryRecord() forcing multicast queries. When the host owning that IPv4 or IPv6
call should perform the query using Multicast DNS. address responds with a name of the form "something.local", the
Other APIs sets have different ways of forcing multicast queries. Discovery Proxy rewrites it to use its configured LDH host name
When the host owning that IPv4 or IPv6 address responds domain instead of ".local" and returns the response to the caller.</t>
with a name of the form "something.local", the Discovery Proxy <t pn="section-5.4-6">For example, a Discovery Proxy with the two subdom
rewrites that to use its configured LDH host name domain instead ains
of "local", and returns the response to the caller.</t> "113.0.203.in‑addr.arpa" and "bldg‑1.example.com" delegated
to it
<?rfc needLines="15" ?>
<t>For example, a Discovery Proxy with the two subdomains
"113.0.203.in&nbhy;addr.arpa" and "bldg1.example.com" delegated to it
would translate this Multicast DNS record:</t> would translate this Multicast DNS record:</t>
<artwork name="" type="" align="left" alt="" pn="section-5.4-7">
<figure><artwork> 2.113.0.203.in-addr.arpa. PTR prnt.local.</artwork>
2.113.0.203.in-addr.arpa. PTR prnt.local.</artwork></figure> <t pn="section-5.4-8">into this Unicast DNS response:</t>
<artwork name="" type="" align="left" alt="" pn="section-5.4-9">
<t>into this Unicast DNS response:</t> 2.113.0.203.in-addr.arpa. PTR prnt.bldg-1.example.com.</artwork>
<t pn="section-5.4-10">In this example the "prnt.local" host name is tra
<figure><artwork> nslated
2.113.0.203.in-addr.arpa. PTR prnt.bldg1.example.com.</artwork></figure> using the delegated LDH subdomain, as described in
<xref target="translation" format="default" sectionFormat="of" derivedCo
<t>Subsequent queries for the prnt.bldg1.example.com address ntent="Section 5.5"/>.</t>
record, falling as it does within the bldg1.example.com domain, <t pn="section-5.4-11">Subsequent queries for the prnt.bldg‑1.example.co
which is delegated to the Discovery Proxy, will arrive at the m address
Discovery Proxy, where they are answered by issuing Multicast DNS record, falling as it does within the bldg‑1.example.com domain,
which is delegated to this Discovery Proxy, will arrive at this
Discovery Proxy where they are answered by issuing Multicast DNS
queries queries
and using the received Multicast DNS answers to synthesize Unicast and using the received Multicast DNS answers to synthesize Unicast
DNS responses, as described above.</t> DNS responses, as described above.</t>
<t pn="section-5.4-12">Note that this description assumes that all addre
<t>Note that this design assumes that all addresses on a given sses on a given
IPv4 subnet or IPv6 prefix are mapped to hostnames using the Discovery IPv4 subnet or IPv6 prefix are mapped to host names using the
Discovery
Proxy mechanism. Proxy mechanism.
It would be possible to implement a Discovery Proxy that can be It would be possible to implement a Discovery Proxy that can be
configured configured
so that some address-to-name mappings are performed using Multicast so that some address-to-name mappings are performed using Multicast
DNS DNS
on the local link, while other address-to-name mappings within the on the local link, while other address-to-name mappings within the
same same
IPv4 subnet or IPv6 prefix are configured manually.</t> IPv4 subnet or IPv6 prefix are configured manually.</t>
<?rfc needLines="46" ?>
</section> </section>
<section anchor="translation" numbered="true" toc="include" removeInRFC="f
<section title="Data Translation"> alse" pn="section-5.5">
<t>Generating the appropriate Multicast DNS queries involves,<vspace/> <name slugifiedName="name-data-translation">Data Translation</name>
at the very least, translating from the configured DNS domain <t pn="section-5.5-1">For the delegated rich-text and LDH subdomains,
(e.g.,&nbsp;"Building&nbsp;1.example.com") on the Unicast DNS side generating appropriate Multicast DNS queries
to "local" on the Multicast DNS side.</t> involves translating from the configured DNS domain
(e.g., "Building 1.example.com") on the Unicast DNS side
<t>Generating the appropriate Unicast DNS responses involves to ".local" on the Multicast DNS side.</t>
translating back from "local" to the appropriate configured DNS <t pn="section-5.5-2">For the delegated reverse-mapping subdomain,
Unicast domain.</t> generating appropriate Multicast DNS queries
involves using the appropriate API mechanism to
<t>Other beneficial translation and filtering operations are described indicate that a query should be performed using
Multicast DNS, as described in
<xref target="dom-rev" format="default" sectionFormat="of" derivedConten
t="Section 5.4"/>.</t>
<t pn="section-5.5-3">Generating appropriate Unicast DNS responses from
the
received Multicast DNS answers involves translating back
from ".local" to the appropriate configured Unicast DNS
domain as necessary, as described below.</t>
<t pn="section-5.5-4">In the examples below, the delegated subdomains ar
e as follows:</t>
<artwork name="" type="" align="left" alt="" pn="section-5.5-5">
Delegated subdomain for rich-text names Building 1.example.com.
Delegated subdomain for LDH names bldg‑1.example.com.
Delegated subdomain for IPv4 reverse mapping 113.0.203.in-addr.arpa.</artwork>
<t pn="section-5.5-6">Names in Multicast DNS answers that do not end in
".local"
do not require any translation.</t>
<t pn="section-5.5-7">Names in Multicast DNS answers that end in ".local
"
are only meaningful on the local link, and require translation
to make them useable by clients outside the local link.</t>
<t pn="section-5.5-8">Names that end in ".local" may appear both as the
owner names of received Multicast DNS answer records,
and in the RDATA of received Multicast DNS answer records.</t>
<t pn="section-5.5-9">In a received Multicast DNS answer record,
if the owner name ends with ".local",
then the ".local" top-level label is replaced with the name
of the delegated subdomain as was used in the originating query.</t>
<t pn="section-5.5-10">In a received Multicast DNS answer record,
if a name in the RDATA ends with ".local",
then the name is translated according to the delegated subdomain
that was used in the originating query, as explained below.</t>
<t pn="section-5.5-11">For queries in subdomains delegated for LDH host
names,
".local" names in RDATA
are translated to that delegated LDH subdomain.
For example, a query for "thing.bldg‑1.example.com" will be
translated to a
Multicast DNS query for "thing.local". If that query returns this
CNAME record:</t>
<artwork name="" type="" align="left" alt="" pn="section-5.5-12">
thing.local. CNAME prnt.local.</artwork>
<t pn="section-5.5-13">then both the owner name and the name in the RDAT
A
are translated from ".local" to the LDH subdomain
"bldg‑1.example.com":</t>
<artwork name="" type="" align="left" alt="" pn="section-5.5-14">
thing.bldg‑1.example.com. CNAME prnt.bldg‑1.example.com.</artwork>
<t pn="section-5.5-15">For queries in subdomains delegated for reverse m
apping names,
".local" names in RDATA
are translated to the delegated LDH subdomain, if one is configured,
or to the delegated rich-text subdomain otherwise.
For example, consider a reverse mapping query that returns this PTR
record:</t>
<artwork name="" type="" align="left" alt="" pn="section-5.5-16">
2.113.0.203.in-addr.arpa. PTR prnt.local.</artwork>
<t pn="section-5.5-17">The owner name is not translated because it does
not end in
".local".
The name in the RDATA is
translated from ".local" to the LDH subdomain
"bldg‑1.example.com":</t>
<artwork name="" type="" align="left" alt="" pn="section-5.5-18">
2.113.0.203.in-addr.arpa. PTR prnt.bldg‑1.example.com.</artwork>
<t pn="section-5.5-19">For queries in subdomains delegated for rich-text
names,
".local" names in RDATA
are translated according to whether or not they represent host names
(i.e., RDATA names that are the owner names of A and AAAA DNS
records).
RDATA names ending in ".local" that represent host names
are translated to the delegated LDH subdomain, if one is configured,
or to the delegated rich-text subdomain otherwise.
All other RDATA names ending in ".local"
are translated to the delegated rich-text subdomain.
For example, consider a DNS-SD service browsing PTR query
that returns this PTR record for IPP printing:</t>
<artwork name="" type="" align="left" alt="" pn="section-5.5-20">
_ipp._tcp.local. PTR My Printer._ipp._tcp.local.</artwork>
<t pn="section-5.5-21">Both the owner name and the name in the RDATA
are translated from ".local" to the rich-text subdomain:</t>
<artwork name="" type="" align="left" alt="" pn="section-5.5-22">
_ipp._tcp.Building 1.example.com.
PTR My Printer._ipp._tcp.Building 1.example.com.</artwork>
<t pn="section-5.5-23">In contrast, consider a query
that returns this SRV record for a specific IPP printing instance:</t>
<artwork name="" type="" align="left" alt="" pn="section-5.5-24">
My Printer._ipp._tcp.local. SRV 0 0 631 prnt.local.</artwork>
<t pn="section-5.5-25">As for all queries, the owner name
is translated to the delegated subdomain of the originating query,
the delegated rich-text subdomain "Building 1.example.com".
However, the ".local" name in the RDATA
is the target host name field of an SRV record,
a field that is used exclusively for host names.
Consequently it is translated to the LDH subdomain
"bldg‑1.example.com",
if configured, instead of the rich-text subdomain:
</t>
<artwork name="" type="" align="left" alt="" pn="section-5.5-26">
My Printer._ipp._tcp.Building 1.example.com.
SRV 0 0 631 prnt.bldg‑1.example.com.</artwork>
<t pn="section-5.5-27">Other beneficial translation and filtering operat
ions are described
below.</t> below.</t>
<section anchor="ttl" numbered="true" toc="include" removeInRFC="false"
<section anchor="ttl" title="DNS TTL limiting"> pn="section-5.5.1">
<t>For efficiency, Multicast DNS typically uses moderately high <name slugifiedName="name-dns-ttl-limiting">DNS TTL Limiting</name>
DNS TTL values. For example, the typical TTL on DNS-SD PTR records <t pn="section-5.5.1-1">For efficiency, Multicast DNS typically uses m
is 75 minutes. What makes these moderately high TTLs acceptable oderately high DNS
is the cache coherency mechanisms built in to the Multicast DNS TTL values. For example, the typical TTL on DNS-SD service browsing
protocol which protect against stale data persisting for too long. PTR records is 75
When a service shuts down gracefully, it sends goodbye packets minutes. What makes these moderately high TTLs acceptable is the
to remove its PTR records immediately from neighboring caches. cache coherency mechanisms built in to the Multicast DNS protocol,
If a service shuts down abruptly without sending goodbye packets, which protect against stale data persisting for too long. When a
the Passive Observation Of Failures (POOF) mechanism described service shuts down gracefully, it sends goodbye packets to remove
in Section 10.5 of the <xref target="RFC6762">Multicast DNS its service browsing PTR record(s) immediately from neighboring
specification</xref> caches. If a service
comes into play to purge the cache of stale data.</t> shuts down abruptly without sending goodbye packets, the Passive
Observation Of Failures (POOF) mechanism described in <xref target="RF
<t>A traditional Unicast DNS client on a distant remote link does C6762" sectionFormat="of" section="10.5" format="default" derivedLink="https://r
not get to participate fc-editor.org/rfc/rfc6762#section-10.5" derivedContent="RFC6762">the Multicast D
in these Multicast DNS cache coherency mechanisms on the local link. NS
For traditional Unicast DNS queries specification</xref> comes into play to purge the cache of stale
(those received without using Long-Lived Query <xref target="LLQ"/> data.</t>
or DNS Push Notification subscriptions <xref target="Push"/>) <t pn="section-5.5.1-2">A traditional Unicast DNS client on a distant
the DNS TTLs reported in the resulting Unicast DNS response remote link does
MUST be capped to be no more than ten seconds.</t> not get to participate in these Multicast DNS cache coherency
mechanisms on the local link. For traditional Unicast DNS queries
<t>Similarly, for negative responses, the negative caching TTL (those received without using Long-Lived Queries (LLQ) <xref target="R
indicated FC8764" format="default" sectionFormat="of" derivedContent="RFC8764"/> or DNS Pu
in the SOA record <xref target="RFC2308"/> should also be ten sh
seconds Notification subscriptions <xref target="RFC8765" format="default" sec
(<xref target="soa"/>).</t> tionFormat="of" derivedContent="RFC8765"/>), the DNS TTLs reported in the result
ing Unicast
<t>This value of ten seconds is chosen based on user-experience DNS response <bcp14>MUST</bcp14> be capped to be no more than ten
considerations.</t> seconds.</t>
<t pn="section-5.5.1-3">Similarly, for negative responses, the negativ
<t>For negative caching, suppose a user is attempting to access a e caching TTL
remote indicated in the SOA record <xref target="RFC2308" format="default" se
device (e.g., a printer), and they are unsuccessful because that ctionFormat="of" derivedContent="RFC2308"/> should also be ten seconds (see <xre
device f target="soa" format="default" sectionFormat="of" derivedContent="Section 6.1"/
is powered off. Suppose they then place a telephone call and ask for >).</t>
the <t pn="section-5.5.1-4">This value of ten seconds is chosen based on u
device to be powered on. We want the device to become available to ser-experience
the considerations.</t>
user within a reasonable time period. It is reasonable to expect it <t pn="section-5.5.1-5">For negative caching, suppose a user is attemp
to ting to access a
take on the order of ten seconds for a simple device with a simple remote device (e.g., a printer), and they are unsuccessful because
embedded operating system to power on. Once the device is powered on that device is powered off. Suppose they then place a telephone call
and and ask for the device to be powered on. We want the device to
has announced its presence on the network via Multicast DNS, we become available to the user within a reasonable time period. It is
would reasonable to expect it to take on the order of ten seconds for a
like it to take no more than a further ten seconds for stale simple device with a simple embedded operating system to power
negative on. Once the device is powered on and has announced its presence on
cache entries to expire from Unicast DNS caches, making the device the network via Multicast DNS, we would like it to take no more than
available to the user desiring to access it.</t> a further ten seconds for stale negative cache entries to expire
from Unicast DNS caches, making the device available to the user
<t>Similar reasoning applies to capping positive TTLs at ten desiring to access it.</t>
seconds. <t pn="section-5.5.1-6">Similar reasoning applies to capping positive
TTLs at ten
seconds.
In the event of a device moving location, getting a new DHCP In the event of a device moving location, getting a new DHCP
address, address,
or other renumbering events, we would like the updated information or other renumbering events, we would like the updated information
to to
be available to remote clients in a relatively timely fashion.</t> be available to remote clients in a relatively timely fashion.</t>
<t pn="section-5.5.1-7">However, network administrators should be awar
<t>However, network administrators should be aware that many e that many
recursive recursive
(caching) DNS servers by default are configured to impose a minimum resolvers by default are configured to impose a minimum
TTL of TTL of
30 seconds. If stale data appears to be persisting in the network to 30 seconds. If stale data appears to be persisting in the network to
the the
extent that it adversely impacts user experience, network extent that it adversely impacts user experience, network
administrators administrators
are advised to check the configuration of their recursive DNS are advised to check the configuration of their recursive
servers.</t> resolvers.</t>
<t pn="section-5.5.1-8">For received Unicast DNS queries that use LLQ
<t>For received Unicast DNS queries that use LLQ <xref <xref target="RFC8764" format="default" sectionFormat="of" derivedContent="RFC87
target="LLQ"/> or 64"/> or
DNS Push Notifications <xref target="Push"/>, the Multicast DNS DNS Push Notifications <xref target="RFC8765" format="default" section
record's TTL SHOULD be Format="of" derivedContent="RFC8765"/>,
returned unmodified, because the Push Notification channel exists the Multicast DNS
record's TTL <bcp14>SHOULD</bcp14> be
returned unmodified, because the notification channel exists
to inform the remote client as records come and go. to inform the remote client as records come and go.
For further details about Long-Lived Queries, and its newer For further details about Long-Lived Queries and its newer
replacement, replacement,
DNS Push Notifications, see <xref target="aggregation"/>.</t> DNS Push Notifications, see <xref target="aggregation" format="default
" sectionFormat="of" derivedContent="Section 5.6"/>.</t>
</section> </section>
<section anchor="unusable" numbered="true" toc="include" removeInRFC="fa
<section anchor="unusable" title="Suppressing Unusable Records"> lse" pn="section-5.5.2">
<t>A Discovery Proxy SHOULD offer a configurable option, <name slugifiedName="name-suppressing-unusable-record">Suppressing Unu
sable Records</name>
<t pn="section-5.5.2-1">A Discovery Proxy <bcp14>SHOULD</bcp14> offer
a configurable
option,
enabled by default, to suppress Unicast DNS answers enabled by default, to suppress Unicast DNS answers
for records that are not useful outside the local link. for records that are not useful outside the local link.
When the option to suppress unusable records is enabled: When the option to suppress unusable records is enabled:
<list style='symbols'> </t>
<ul spacing="normal" bare="false" empty="false" pn="section-5.5.2-2">
<t>DNS A and AAAA records for <li pn="section-5.5.2-2.1">For a Discovery Proxy that is serving onl
IPv4 link-local addresses <xref target="RFC3927"/> y clients outside the
local link,
DNS A and AAAA records for
IPv4 link-local addresses <xref target="RFC3927" format="default"
sectionFormat="of" derivedContent="RFC3927"/>
and and
IPv6 link-local addresses <xref target="RFC4862"/> IPv6 link-local addresses <xref target="RFC4862" format="default"
SHOULD be suppressed.</t> sectionFormat="of" derivedContent="RFC4862"/>
<bcp14>SHOULD</bcp14> be suppressed.</li>
<t>Similarly, for sites that have multiple private address <li pn="section-5.5.2-2.2">Similarly, for sites that have multiple p
realms <xref target="RFC1918"/>, rivate address
realms <xref target="RFC1918" format="default" sectionForma
t="of" derivedContent="RFC1918"/>,
in cases where the Discovery Proxy can determine that the in cases where the Discovery Proxy can determine that the
querying client querying client
is in a different address realm, private addresses SHOULD NOT be is in a different address realm, private addresses <bcp14>SHOULD N
communicated to that client.</t> OT</bcp14> be
communicated to that client.</li>
<t><xref target="RFC4193">IPv6 Unique Local Addresses</xref> <li pn="section-5.5.2-2.3">
SHOULD be suppressed IPv6 Unique Local Addresses <xref target="RFC4193" format="default
" sectionFormat="of" derivedContent="RFC4193"/>
<bcp14>SHOULD</bcp14> be suppressed
in cases where the Discovery Proxy can determine that the in cases where the Discovery Proxy can determine that the
querying client querying client
is in a different IPv6 address realm.</t> is in a different IPv6 address realm.</li>
<li pn="section-5.5.2-2.4">By the same logic, DNS SRV records that r
<t>By the same logic, DNS SRV records that reference target host eference target host
names that have no addresses usable by the requester should be names that have no addresses usable by the requester should be
suppressed, and likewise, DNS PTR records that point to unusable suppressed, and likewise, DNS-SD service browsing PTR records
SRV records should be similarly be suppressed.</t> that point to unusable
</list> SRV records should similarly be suppressed.</li>
</t> </ul>
<?rfc needLines="8" ?>
</section> </section>
<section numbered="true" toc="include" removeInRFC="false" pn="section-5
<section title="NSEC and NSEC3 queries"> .5.3">
<t>Multicast DNS devices do not routinely announce their records <name slugifiedName="name-nsec-and-nsec3-queries">NSEC and NSEC3 Queri
on the network. Generally they remain silent until queried. es</name>
<t pn="section-5.5.3-1">Multicast DNS devices do not routinely announc
e their records
on the network. Generally, they remain silent until queried.
This means that the complete set of Multicast DNS records in use on This means that the complete set of Multicast DNS records in use on
a a
link can only be discovered by active querying, not by passive link can only be discovered by active querying, not by passive
listening. listening.
Because of this, a Discovery Proxy can only know what names exist on Because of this, a Discovery Proxy can only know what names exist on
a link a link
by issuing queries for them, and since it would be impractical to by issuing queries for them, and since it would be impractical to
issue queries for every possible name just to find out which names issue queries for every possible name just to find out which names
exist and which do not, a Discovery Proxy cannot programmatically exist and which do not, a Discovery Proxy cannot programmatically
generate the traditional generate the traditional Unicast DNS
<xref target="RFC4034">NSEC</xref> and NSEC <xref target="RFC4034" format="default" sectionFormat="of" derive
<xref target="RFC5155">NSEC3</xref> records dContent="RFC4034"/> and
which assert the nonexistence of a large range of names.</t> NSEC3 <xref target="RFC5155" format="default" sectionFormat="of" deriv
edContent="RFC5155"/> records
<t>When queried for an NSEC or NSEC3 record type, the Discovery that assert the nonexistence of a large range of names.</t>
Proxy issues <t pn="section-5.5.3-2">When queried for an NSEC or NSEC3 record type,
a qtype "ANY" query using Multicast DNS on the local link, and then the Discovery
Proxy issues
a qtype "ANY" query using Multicast DNS on the local link and then
generates an NSEC or NSEC3 response with a Type Bit Map signifying generates an NSEC or NSEC3 response with a Type Bit Map signifying
which record types do and do not exist for just the specific name which record types do and do not exist for just the specific name
queried, queried,
and no other names.</t> and no other names.</t>
<t pn="section-5.5.3-3">Multicast DNS NSEC records received on the loc
<t>Multicast DNS NSEC records received on the local link al link
MUST NOT be forwarded unmodified to a unicast querier, because there <bcp14>MUST NOT</bcp14> be forwarded unmodified to a unicast
are querier, because there
are
slight differences in the NSEC record data. slight differences in the NSEC record data.
In particular, Multicast DNS NSEC records do not have the NSEC In particular, Multicast DNS NSEC records do not have the NSEC
bit set in the Type Bit Map, whereas conventional Unicast DNS bit set in the Type Bit Map, whereas conventional Unicast DNS
NSEC records do have the NSEC bit set.</t> NSEC records do have the NSEC bit set.</t>
</section> </section>
<section anchor="notrans" numbered="true" toc="include" removeInRFC="fal
<section anchor="notrans" title="No Text Encoding Translation"> se" pn="section-5.5.4">
<t>A Discovery Proxy does no translation between text encodings. <name slugifiedName="name-no-text-encoding-translatio">No Text-Encodin
Specifically, a Discovery Proxy does no translation between g Translation</name>
<xref target="RFC3492">Punycode encoding</xref> and <t pn="section-5.5.4-1">A Discovery Proxy does no translation between
<xref target="RFC3629">UTF-8 encoding</xref>, text encodings.
either in the owner name of DNS records, or anywhere in the RDATA of Specifically, a Discovery Proxy does no translation between Punycode
DNS records encoding <xref target="RFC3492" format="default" sectionFormat="of"
(such as the RDATA of PTR records, SRV records, NS records, or other derivedContent="RFC3492"/> and UTF-8 encoding <xref target="RFC3629" format="de
record types fault" sectionFormat="of" derivedContent="RFC3629"/>, either in
like TXT, where it is ambiguous whether the RDATA may contain DNS the owner name of DNS records or anywhere in the RDATA of DNS
names). records (such as the RDATA of PTR records, SRV records, NS records,
All bytes are treated as-is, with no attempt at text encoding or other record types like TXT, where it is ambiguous whether the
translation. RDATA may contain DNS names). All bytes are treated as-is with no
A client implementing DNS-based Service Discovery <xref attempt at text-encoding translation. A client implementing
target="RFC6763"/> DNS-based Service Discovery <xref target="RFC6763" format="default" se
will use UTF-8 encoding for its service discovery queries, which the ctionFormat="of" derivedContent="RFC6763"/> will use UTF-8 encoding for its unic
Discovery Proxy passes through without any text encoding translation ast DNS-based
to the Multicast DNS subsystem. Service Discovery
Responses from the Multicast DNS subsystem are similarly returned, queries, which the Discovery Proxy passes through without any
without any text encoding translation, back to the requesting text-encoding translation to the Multicast DNS subsystem. Responses
client.</t> from the Multicast DNS subsystem are similarly returned, without any
text-encoding translation, back to the requesting unicast
<?rfc needLines="13" ?> client.</t>
</section> </section>
<section numbered="true" toc="include" removeInRFC="false" pn="section-5
<section title="Application-Specific Data Translation"> .5.5">
<t>There may be cases where Application-Specific Data Translation is <name slugifiedName="name-application-specific-data-t">Application-Spe
appropriate.</t> cific Data Translation</name>
<t pn="section-5.5.5-1">There may be cases where Application-Specific
<t>For example, AirPrint printers tend to advertise fairly verbose Data Translation is
appropriate.</t>
<t pn="section-5.5.5-2">For example, AirPrint printers tend to adverti
se fairly verbose
information about their capabilities in their DNS-SD TXT record. information about their capabilities in their DNS-SD TXT record.
TXT record sizes in the range 500-1000 bytes are not uncommon. TXT record sizes in the range of 500-1000 bytes are not uncommon.
This information is a legacy from LPR printing, because LPR does not This information is a legacy from lineprinter (LPR) printing,
have in-band capability negotiation, so all of this information is because LPR does not have in-band capability negotiation, so all of
conveyed using the DNS-SD TXT record instead. this information is conveyed using the DNS-SD TXT record instead.
IPP printing does have in-band capability negotiation, but for Internet Printing Protocol (IPP) printing does have in-band
convenience printers tend to include the same capability information capability negotiation, but for convenience, printers tend to
in their IPP DNS-SD TXT records as well. For local mDNS use this include
extra TXT record information is inefficient, but not fatal. the same capability information in their IPP DNS-SD TXT records as
However, when a Discovery Proxy aggregates data from multiple well. For local Multicast DNS (mDNS) use, this extra TXT record
printers information is
on a link, and sends it via unicast (via UDP or TCP) wasteful but not fatal. However, when a Discovery Proxy
this amount of unnecessary TXT record information can aggregates data from multiple printers on a link, and sends it via
result in large responses. unicast (via UDP or TCP), this amount of unnecessary TXT record
A DNS reply over TCP carrying information about 70 printers information can result in large responses. A DNS reply over TCP
with an average of 700 bytes per printer adds up to about carrying information about 70 printers with an average of 700 bytes
50 kilobytes of data. per printer adds up to about 50 kilobytes of data. Therefore, a
Therefore, a Discovery Proxy that is aware of Discovery Proxy that is aware of the specifics of an
the specifics of an application-layer protocol such as application-layer protocol such as AirPrint (which uses IPP) can
AirPrint (which uses IPP) can elide unnecessary key/value pairs from elide unnecessary key/value pairs from the DNS-SD TXT record for
the DNS-SD TXT record for better network efficiency.</t> better network efficiency.</t>
<t pn="section-5.5.5-3">Also, the DNS-SD TXT record for many printers
<t>Also, the DNS-SD TXT record for many printers contains an contains an
"adminurl" "adminurl" key (e.g.,
key something like "adminurl=http://printername.local/status.html". "adminurl=http://printername.local/status.html"). For this URL to
For this URL to be useful outside the local link, the embedded be
".local" useful outside the local link, the embedded ".local" host name needs
hostname needs to be translated to an appropriate name with larger to be translated to an appropriate name with larger scope. It is
scope. easy to translate ".local" names when they appear in well-defined
It is easy to translate ".local" names when they appear in places: as a record's owner name, or in domain name fields in the
well-defined places, RDATA of record types
either as a record's name, or in the rdata of record types like PTR like PTR and SRV. In the printing case, some application-specific
and SRV. knowledge about the semantics of the "adminurl" key is needed for
In the printing case, some application-specific knowledge about the the Discovery Proxy to know that it contains a name that needs to be
semantics of the "adminurl" key is needed for the Discovery Proxy translated. This is somewhat analogous to the need for NAT gateways
to know that it contains a name that needs to be translated. to contain ALGs (Application-Level Gateways) to facilitate the
This is somewhat analogous to the need for NAT gateways to contain correct translation of protocols that embed addresses in unexpected
ALGs places.</t>
(Application-Specific Gateways) to facilitate the correct <t pn="section-5.5.5-4">To avoid the need for application-specific kno
translation wledge about the
of protocols that embed addresses in unexpected places.</t>
<t>To avoid the need for application-specific knowledge about the
semantics of particular TXT record keys, protocol designers are semantics of particular TXT record keys, protocol designers are
advised to avoid advised to avoid placing link-local names or link-local IP addresses
placing link-local names or link-local IP addresses in TXT record in TXT record keys if translation of those names or addresses would
keys, be required for off-link operation. In the printing case, the
if translation of those names or addresses would be required for consequence of failing to translate the "adminurl" key
off-link operation. correctly would be that, when accessed from a different link,
In the printing case, the operational failure of failing to printing
translate will still work, but clicking the "Admin" user interface button will
the "adminurl" key correctly is that, when accessed from a different fail to
link, open the printer's administration page. Rather than duplicating the
printing will still work, but clicking the "Admin" UI button host name from the service's SRV record in its "adminurl" key,
will fail to open the printer's administration page. thereby having the same host name appear in two places, a better
Rather than duplicating the host name from the service's SRV record design might have been to omit the host name from the "adminurl"
in its key and instead have the client implicitly substitute the target
"adminurl" key, thereby having the same host name appear in two host name from the service's SRV record in place of a missing host
places, name in the "adminurl" key. That way, the desired host name only
a better design might have been to omit the host name from the appears once and is in a well-defined place where software like
"adminurl" key, the Discovery Proxy is expecting to find it.</t>
and instead have the client implicitly substitute the target host <t pn="section-5.5.5-5">Note that this kind of Application-Specific Da
name from the service's SRV record in place of a missing host name ta Translation is
in the "adminurl" key. expected to be very rare; it is the exception rather than the rule.
That way the desired host name only appears once, and it is in a This is an example of a common theme in computing. It is frequently
well-defined place the case that it is wise to start with a clean, layered design with
where software like the Discovery Proxy is expecting to find it.</t> clear boundaries. Then, in certain special cases, those layer
boundaries may be violated where the performance and efficiency
<t>Note that this kind of Application-Specific Data Translation is benefits outweigh the inelegance of the layer violation.</t>
expected to be very rare. It is the exception, rather than the rule. <t pn="section-5.5.5-6">These layer violations are optional. They are
This is an example of a common theme in computing. done primarily for
It is frequently the case that it is wise to start with a clean, efficiency reasons and generally should not be required for correct
layered design, with clear boundaries. Then, in certain special operation. A Discovery Proxy <bcp14>MAY</bcp14> operate solely at
cases, the mDNS layer without any knowledge of semantics at the DNS-SD
those layer boundaries may be violated, where the performance and layer or above.</t>
efficiency benefits outweigh the inelegance of the layer </section>
violation.</t>
<t>These layer violations are optional. They are done primarily for
efficiency
reasons, and generally should not be required for correct operation.
A Discovery Proxy MAY operate solely at the mDNS layer,
without any knowledge of semantics at the DNS-SD layer or above.</t>
<?rfc needLines="30" ?>
</section> </section>
</section> <section anchor="aggregation" numbered="true" toc="include" removeInRFC="f
alse" pn="section-5.6">
<section anchor="aggregation" title="Answer Aggregation"> <name slugifiedName="name-answer-aggregation">Answer Aggregation</name>
<t>In a simple analysis, simply gathering multicast answers and <t pn="section-5.6-1">In a simple analysis, simply gathering multicast a
forwarding them nswers and
in a unicast response seems adequate, but it raises the forwarding them in a unicast response seems adequate, but it raises
question of how long the Discovery Proxy should wait to be sure that the question of how long the Discovery Proxy should wait to be sure
it has received that it has received all the Multicast DNS answers it needs to form a
all the Multicast DNS answers it needs to form a complete Unicast DNS complete Unicast DNS response. If it waits too little time, then it
response. risks its Unicast DNS response being incomplete. If it waits too
If it waits too little time, then it risks its Unicast DNS response long, then it creates a poor user experience at the client end. In
being incomplete. fact, there may be no time that is both short enough to produce a
If it waits too long, then it creates a poor user experience at the good user experience and at the same time long enough to reliably
client end. produce complete results.</t>
In fact, there may be no time which is both short enough to produce a <t pn="section-5.6-2">Similarly, the Discovery Proxy (the authoritative
good name server for
user experience and at the same time long enough to reliably produce the subdomain in question) needs to decide what DNS TTL to report
complete results.</t> for these records. If the TTL is too long, then the recursive
resolvers issuing queries on behalf of their clients risk
<t>Similarly, the Discovery Proxy caching stale data for too long. If the TTL is too short, then the
-- the authoritative name server for the subdomain in question -- amount of network traffic will be more than necessary. In fact, there
needs to decide what DNS TTL to report for these records. may be no TTL that is both short enough to avoid undesirable stale
If the TTL is too long then the recursive (caching) name servers data and, at the same time, long enough to be efficient on the
issuing queries on behalf of their clients risk caching stale network.</t>
data for too long. If the TTL is too short then the amount of <t pn="section-5.6-3">Both these dilemmas are solved by the use of DNS L
network traffic will be more than necessary. ong-Lived Queries
In fact, there may be no TTL which is both short enough to avoid (LLQ)
undesirable stale data and at the same time long enough to be <xref target="RFC8764" format="default" sectionFormat="of" derivedConten
efficient on the network.</t> t="RFC8764"/> or its newer replacement,
DNS Push Notifications <xref target="RFC8765" format="default" sectionFo
<t>Both these dilemmas are solved by use of DNS Long-Lived Queries rmat="of" derivedContent="RFC8765"/>.</t>
(DNS&nbsp;LLQ) <t pn="section-5.6-4">Clients supporting unicast DNS-based Service Disco
<xref target="LLQ"/> or its newer replacement, very
<xref target="Push">DNS Push Notifications</xref>.</t> <bcp14>SHOULD</bcp14> implement
DNS Push Notifications <xref target="RFC8765" format="default" sectionFo
<t>Clients supporting unicast DNS Service Discovery SHOULD implement rmat="of" derivedContent="RFC8765"/>
<xref target="Push">DNS Push Notifications</xref>
for improved user experience.</t> for improved user experience.</t>
<t pn="section-5.6-5">Clients and Discovery Proxies <bcp14>MAY</bcp14> s
<t>Clients and Discovery Proxies MAY support both DNS&nbsp;LLQ and upport both
DNS&nbsp;Push, LLQ and DNS Push Notifications, and when talking to a
and when talking to a Discovery Proxy that supports both, the client Discovery Proxy that supports both, the client may use either
may use either protocol, as it chooses, though it is expected protocol, as it chooses, though it is expected that only
that only DNS&nbsp;Push will continue to be supported in the long DNS Push Notifications will continue to be supported in the long
run.</t> run.</t>
<t pn="section-5.6-6">When a Discovery Proxy receives a query using LLQ
<t>When a Discovery Proxy receives a query using DNS&nbsp;LLQ or or DNS Push Notifications, it responds immediately using the Multicast
DNS Push Notifications, it responds immediately using the DNS records it already has in its cache (if any). This provides a
Multicast DNS records it already has in its cache (if any). good client user experience by providing a near-instantaneous
This provides a good client user experience by providing a
near-instantaneous
response. Simultaneously, the Discovery Proxy issues a Multicast DNS response. Simultaneously, the Discovery Proxy issues a Multicast DNS
query on the query on the local link to discover if there are any additional
local link to discover if there are any additional Multicast DNS Multicast DNS records it did not already know about. Should additional
records it Multicast DNS responses be received, these are then delivered to the
did not already know about. Should additional Multicast DNS responses client using additional LLQ or DNS Push Notification update
be messages. The timeliness of such update messages is limited only by
received, these are then delivered to the client using additional the timeliness of the device responding to the Multicast DNS query. If
DNS&nbsp;LLQ the Multicast DNS device responds quickly, then the update message is
or DNS Push Notification update messages. delivered quickly. If the Multicast DNS device responds slowly, then
The timeliness of such update messages is limited only by the the update message is delivered slowly. The benefit of using multiple
timeliness of the update
device responding to the Multicast DNS query. If the Multicast DNS messages to deliver results as they become available is that the
device Discovery
responds quickly, then the update message is delivered quickly. If the Proxy can respond promptly because it doesn't have to deliver all the
Multicast results in a single response that needs to be delayed to allow for the
DNS device responds slowly, then the update message is delivered expected worst-case delay for receiving all the Multicast DNS
slowly. responses.</t>
The benefit of using update messages is that the Discovery Proxy can <t pn="section-5.6-7">With a proxy that supported only standard DNS quer
respond promptly ies, even if it
because it doesn't have to delay its unicast response to allow for were to try to provide reliability by assuming an
the expected worst-case delay for receiving all the Multicast DNS excessively pessimistic worst-case time (thereby giving a very poor
responses. user experience), there would still be the risk of a slow Multicast
Even if a proxy were to try to provide reliability by assuming an DNS device taking even longer than that worst-case time (e.g., a
excessively pessimistic worst-case time (thereby giving a very device that is not
poor user experience) there would still be the risk of a slow even powered on until ten seconds after the initial query is
Multicast DNS device taking even longer than that (e.g., a device received),
that is not even powered on until ten seconds after the initial resulting in incomplete responses.
query is received) resulting in incomplete responses. Using update Using update messages to deliver subsequent asynchronous replies
message solves solves this
this dilemma: even very late responses are not lost; they are dilemma: even very late responses are not lost; they are delivered in
delivered subsequent update messages.</t>
in subsequent update messages.</t> <t pn="section-5.6-8">Note that while normal DNS queries are generally r
eceived via the
<?rfc needLines="16" ?> client's configured
<t>There are two factors that determine specifically how responses recursive resolver, LLQ and DNS Push Notification subscriptions may be
received directly from the client.</t>
<t pn="section-5.6-9">There are two factors that determine how unicast r
esponses
are generated:</t> are generated:</t>
<t pn="section-5.6-10">The first factor is whether or not the Discovery
<t>The first factor is whether the query from the client used Proxy already has
LLQ or DNS Push Notifications at least one record in its cache that answers the question.
(used for long-lived service browsing PTR queries) </t>
or not (used for one-shot operations like SRV or address record <t pn="section-5.6-11">
queries). The second factor is whether the client used a normal DNS query,
Note that queries using LLQ or DNS Push Notifications are received or established a subscription using LLQ or DNS Push Notifications.
directly Normal DNS queries
from the client. are typically used for one-shot operations like SRV or address record
Queries not using LLQ or DNS Push Notifications are generally received queries.
via the LLQ and DNS Push Notification subscriptions
client's configured recursive (caching) name server.</t> are typically used for long-lived service browsing PTR queries.
Normal DNS queries and LLQ each have different response timing depending
<t>The second factor is whether the Discovery Proxy already has at on the cache state, yielding the first four cases listed below.
least DNS Push Notifications, the newer protocol, has uniform behavior
one record in its cache that positively answers the question. regardless of cache state, yielding the fifth case listed below.</t>
<list style='symbols'> <ul spacing="normal" bare="false" empty="false" pn="section-5.6-12">
<t>Not using LLQ or Push Notifications; no answer in <li pn="section-5.6-12.1">
cache:<vspace/> <t pn="section-5.6-12.1.1">Standard DNS query; no answer in
Issue an mDNS query, exactly as a local client would issue an mDNS cache:</t>
query on the local link for the desired record name, type and <t pn="section-5.6-12.1.2">
class, including retransmissions, as appropriate, according to Issue an mDNS query on the local link, exactly as a local client
the established mDNS retransmission schedule <xref would issue an mDNS query, for the desired record name, type, and
target="RFC6762"/>. class, including retransmissions, as appropriate, according to the
As soon as any Multicast DNS response packet is received that established mDNS retransmission schedule <xref target="RFC6762" form
contains one or more positive answers to that question at="default" sectionFormat="of" derivedContent="RFC6762"/>. The Discovery Proxy
(with or without the Cache Flush bit <xref target="RFC6762"/> awaits Multicast DNS
set), responses.</t>
or a negative answer (signified via a Multicast DNS NSEC record <t pn="section-5.6-12.1.3">
<xref target="RFC6762"/>), As soon as any Multicast DNS response packet
the Discovery Proxy generates a Unicast DNS response packet is received that contains one or more positive answers to that
containing the question (with or without the Cache Flush bit <xref target="RFC6762"
corresponding (filtered and translated) answers and sends it to format="default" sectionFormat="of" derivedContent="RFC6762"/> set) or a negati
the remote ve answer
client. If after six seconds no Multicast DNS answers have been (signified via a Multicast DNS NSEC record <xref target="RFC6762" fo
received, rmat="default" sectionFormat="of" derivedContent="RFC6762"/>), the Discovery Pro
cancel the mDNS query and xy generates a Unicast DNS
return a negative response to the remote client. response message containing the corresponding (filtered and
Six seconds is enough time to transmit three mDNS queries, translated) answers and sends it to the remote client.</t>
and allow some time for responses to arrive.<vspace/> <t pn="section-5.6-12.1.4">
DNS TTLs in responses MUST be capped to at most ten If after
seconds.<vspace/> six seconds no relevant Multicast DNS answers have been received,
cancel
the mDNS query and return a negative response to the remote
client. Six seconds is enough time
for the underlying Multicast DNS subsystem
to transmit three mDNS queries
and allow some time for responses to arrive.</t>
<t pn="section-5.6-12.1.5">
(Reasoning: Queries not using LLQ or Push Notifications are (Reasoning: Queries not using LLQ or Push Notifications are
generally queries generally queries
that that expect an answer from only one device, that expect an answer from only one device,
so the first response is also the only response.) so the first response is also the only response.)</t>
<vspace blankLines="1"/> <t pn="section-5.6-12.1.6">
</t> DNS TTLs in responses <bcp14>MUST</bcp14> be capped to at most ten
seconds.</t>
<t>Not using LLQ or Push Notifications; at least one answer in </li>
cache:<vspace/> <li pn="section-5.6-12.2">
Send response right away to minimise delay.<vspace/> <t pn="section-5.6-12.2.1">Standard DNS query; at least one answer i
DNS TTLs in responses MUST be capped to at most ten n
seconds.<vspace/> cache:</t>
No local mDNS queries are performed.<vspace/> <t pn="section-5.6-12.2.2">
No local mDNS queries are performed.</t>
<t pn="section-5.6-12.2.3">
The Discovery Proxy generates a Unicast DNS
response message containing the answer(s) from the cache right
away, to minimize delay.</t>
<t pn="section-5.6-12.2.4">
(Reasoning: Queries not using LLQ or Push Notifications are (Reasoning: Queries not using LLQ or Push Notifications are
generally queries generally queries
that that expect an answer from only one device. that expect an answer from only one device.
Given RRSet TTL harmonisation, if the proxy has Given RRSet TTL harmonization, if the proxy has
one Multicast DNS answer in its cache, it can reasonably one Multicast DNS answer in its cache, it can reasonably
assume that it has all of them.)</t> assume that it has the whole set.)</t>
<t pn="section-5.6-12.2.5">
<t>Using LLQ or Push Notifications; no answer in cache:<vspace/> DNS TTLs in responses <bcp14>MUST</bcp14> be capped to at most ten
As in the case above with no answer in the cache, perform mDNS seconds.</t>
querying for six seconds, and send a response to the remote </li>
client as soon as any relevant mDNS response is received.<vspace/> <li pn="section-5.6-12.3">
If after six seconds no relevant mDNS response has been received, <t pn="section-5.6-12.3.1">Long-Lived Query (LLQ); no answer in cach
return negative response to the remote client e:</t>
(for LLQ; not applicable for Push Notifications).<vspace/> <t pn="section-5.6-12.3.2">
As in the case above with no answer in the cache, plan to perform
mDNS
querying for six seconds, returning an LLQ response message to the
remote
client as soon as any relevant mDNS response is received.</t>
<t pn="section-5.6-12.3.3">
If after six seconds no relevant mDNS answers have been received,
and the client has not cancelled its Long-Lived Query,
return a negative LLQ response message to the remote client.</t>
<t pn="section-5.6-12.3.4">
(Reasoning: We don't need to rush to send an empty (Reasoning: We don't need to rush to send an empty
answer.)<vspace/> answer.)</t>
Whether or not a relevant mDNS response is received within <t pn="section-5.6-12.3.5">
six seconds, the query remains active for as long as the Regardless of whether or not a relevant mDNS response is received
client maintains the LLQ or Push Notification state, and if mDNS within
answers are six seconds, the Long-Lived Query remains active for as long as
received later, LLQ or Push Notification messages are the
sent.<vspace/> client maintains the LLQ state, and results in the ongoing
transmission of mDNS queries until the Long-Lived Query is
cancelled.
If the set of mDNS answers changes, LLQ Event Response messages
are sent.</t>
<t pn="section-5.6-12.3.6">
DNS TTLs in responses are returned unmodified.</t> DNS TTLs in responses are returned unmodified.</t>
</li>
<t>Using LLQ or Push Notifications; at least one answer in <li pn="section-5.6-12.4">
cache:<vspace/> <t pn="section-5.6-12.4.1">Long-Lived Query (LLQ); at least one answ
As in the case above with at least one answer in cache, er in
send response right away to minimise delay.<vspace/> cache:</t>
The query remains active for as long as the client <t pn="section-5.6-12.4.2">
maintains the LLQ or Push Notification state, and As in the case above with at least one answer in the cache,
results in transmission of mDNS queries, with appropriate Known the Discovery Proxy generates a unicast LLQ
Answer lists, response message containing the answer(s) from the cache right
away, to minimize delay.</t>
<t pn="section-5.6-12.4.3">
The Long-Lived Query remains active for as long as the client
maintains the LLQ state,
and results in the transmission of mDNS queries
(with appropriate Known Answer lists)
to determine if further answers are available. to determine if further answers are available.
If additional mDNS answers are If the set of mDNS answers changes, LLQ Event Response messages
received later, LLQ or Push Notification messages are are sent.</t>
sent.<vspace/> <t pn="section-5.6-12.4.4">
(Reasoning: We want UI that is displayed very rapidly, yet (Reasoning: We want a user interface that is displayed very
continues rapidly yet
to remain accurate even as the network environment continues to remain accurate even as the network environment
changes.)<vspace/> changes.)</t>
<t pn="section-5.6-12.4.5">
DNS TTLs in responses are returned unmodified.</t> DNS TTLs in responses are returned unmodified.</t>
</list> </li>
</t> <li pn="section-5.6-12.5">
<t pn="section-5.6-12.5.1">Push Notification Subscription</t>
<t>The "negative responses" referred to above are <t pn="section-5.6-12.5.2">
"no error no answer" negative responses, not NXDOMAIN. The Discovery Proxy acknowledges the subscription request
This is because the Discovery Proxy cannot know all the Multicast immediately.</t>
DNS domain names that may exist on a link at any given time, <t pn="section-5.6-12.5.3">
so any name with no answers may have child names that do exist, If one or more answers are already available in the cache,
making it an "empty nonterminal" name.</t> those answers are then sent in an immediately following DNS PUSH
message.</t>
<?rfc needLines="30" ?> <t pn="section-5.6-12.5.4">
<t>Note that certain aspects of the behavior described here The Push Notification subscription remains active until the client
cancels the subscription,
and results in the transmission of mDNS queries
(with appropriate Known Answer lists)
to determine if further answers are available.
If the set of mDNS answers changes, further DNS PUSH messages are
sent.</t>
<t pn="section-5.6-12.5.5">
(Reasoning: We want a user interface that is displayed very
rapidly yet
continues to remain accurate even as the network environment
changes.)</t>
<t pn="section-5.6-12.5.6">
DNS TTLs in responses are returned unmodified.</t>
</li>
</ul>
<t pn="section-5.6-13">Where the text above refers to returning "a negat
ive response to
the remote client", it is describing returning a "no error no answer"
negative response, not NXDOMAIN. This is because the Discovery Proxy
cannot know all the Multicast DNS domain names that may exist on a
link at any given time, so any name with no answers may have child
names that do exist, making it an "empty non-terminal" name.</t>
<t pn="section-5.6-14">Note that certain aspects of the behavior describ
ed here
do not have to be implemented overtly by the Discovery Proxy; do not have to be implemented overtly by the Discovery Proxy;
they occur naturally as a result of using existing Multicast DNS they occur naturally as a result of using existing Multicast DNS
APIs.</t> APIs.</t>
<t pn="section-5.6-15">For example, in the first case above (standard DN
<t>For example, S query and no
in the first case above (no LLQ or Push Notifications, and no answers answers in the cache), if a new Multicast DNS query is requested
in the cache) (either by a local client on the Discovery Proxy device, or by the
if a new Multicast DNS query is requested Discovery Proxy software on that device on behalf of a remote client),
(either by a local client, or by the Discovery Proxy on behalf of a and there is not already an identical Multicast DNS query active and
remote client), there are no matching answers already in the Multicast DNS cache on
and there is not already an identical Multicast DNS query active, the Discovery Proxy device, then this will cause a series of Multicast
and there are no matching answers already in the DNS query packets to be issued with exponential backoff. The
Multicast DNS cache on the Discovery Proxy device, exponential backoff sequence in some implementations starts at one
then this will cause a series second and then doubles for each retransmission (0, 1, 3, 7 seconds,
of Multicast DNS query packets to be issued with exponential backoff. etc.), and in others, it starts at one second and then triples for
The exponential backoff sequence in some implementations starts at one each retransmission (0, 1, 4, 13 seconds, etc.). In either case, if
second no response has been received after six seconds, that is long enough
and then doubles for each retransmission (0, 1, 3, 7 seconds, etc.) that the underlying Multicast DNS implementation will have sent three
and in others starts at one second query packets without receiving any response. At that point, the
and then triples for each retransmission (0, 1, 4, 13 seconds, etc.). Discovery Proxy cancels its Multicast DNS query (so no further
In either case, if no response has been received after six seconds, Multicast DNS query packets will be sent for this query) and returns a
that is long enough that the underlying Multicast DNS implementation negative response to the remote client via unicast.</t>
will have sent three query packets without receiving any response. <t pn="section-5.6-16">The six-second delay is chosen to be long enough
At that point the Discovery Proxy cancels its Multicast DNS query to give enough
(so no further Multicast DNS query packets will be sent for this time for devices to respond, yet short enough not to be too onerous
query) for a human user waiting for a response. For example, using the "dig"
and returns a negative response to the remote client via unicast.</t> DNS debugging tool, the current default settings result in it waiting
a total of 15 seconds for a reply (three transmissions of the DNS UDP
<t>The six-second delay is chosen to be query packet, with a wait of 5 seconds after each packet), which is
long enough to give enough time for devices to respond, yet ample time for it to have received a negative reply from a Discovery
short enough not to be too onerous for a human user waiting for a Proxy after six seconds.</t>
response. <t pn="section-5.6-17">The text above states that for a standard DNS que
For example, using the "dig" DNS debugging tool, the current default ry,
settings if at least one answer is already available in the cache, then a
result in it waiting a total of 15 seconds for a reply Discovery Proxy should not issue additional mDNS query packets.
(three transmissions of the query packet, with a wait of 5 seconds This also occurs naturally as a result of using existing
after each packet) Multicast DNS APIs.
which is ample time for it to have received a negative reply from a If a new Multicast DNS query is requested
Discovery Proxy (either locally, or by the Discovery Proxy on behalf of a remote client)
after six seconds.</t> for which there are relevant answers already in the Multicast DNS
cache on the Discovery Proxy device, and after the answers are
<t>The statement that for a one-shot query (i.e., no LLQ or Push delivered the Multicast DNS query is immediately cancelled, then
Notifications requested), no Multicast DNS query packets will be generated for this query.
if at least one answer is already available in the cache </t>
then a Discovery Proxy should not issue additional mDNS query packets, </section>
also occurs naturally as a result of using existing Multicast DNS
APIs.
If a new Multicast DNS query is requested
(either locally, or by the Discovery Proxy on behalf of a remote
client),
for which there are relevant answers already in the
Multicast DNS cache on the Discovery Proxy device,
and after the answers are delivered the Multicast DNS query is then
cancelled immediately,
then no Multicast DNS query packets will be generated for this
query.</t>
<?rfc needLines="19" ?>
</section> </section>
</section> <section anchor="admin" numbered="true" toc="include" removeInRFC="false" pn
="section-6">
<section anchor="admin" title="Administrative DNS Records"> <name slugifiedName="name-administrative-dns-records">Administrative DNS R
ecords</name>
<section anchor="soa" title="DNS SOA (Start of Authority) Record"> <section anchor="soa" numbered="true" toc="include" removeInRFC="false" pn
="section-6.1">
<t>The MNAME field SHOULD contain the host name of the Discovery Proxy <name slugifiedName="name-dns-soa-start-of-authority-">DNS SOA (Start of
Authority) Record</name>
<t pn="section-6.1-1">The MNAME field <bcp14>SHOULD</bcp14> contain the
host name of the
Discovery Proxy
device device
(i.e., the same domain name as the rdata of the NS record delegating (i.e., the same domain name as the RDATA of the NS record delegating
the the
relevant zone(s) to this Discovery Proxy device).</t> relevant zone(s) to this Discovery Proxy device).</t>
<t pn="section-6.1-2">The RNAME field <bcp14>SHOULD</bcp14> contain the
<t>The RNAME field SHOULD contain the mailbox of the person mailbox of the
person
responsible responsible
for administering this Discovery Proxy device.</t> for administering this Discovery Proxy device.</t>
<t pn="section-6.1-3">The SERIAL field <bcp14>MUST</bcp14> be zero.</t>
<t>The SERIAL field MUST be zero.</t> <t pn="section-6.1-4">Zone transfers are undefined for Discovery Proxy z
ones, and
<t>Zone transfers are undefined for Discovery Proxy zones, and consequently, the REFRESH, RETRY, and EXPIRE fields have no useful
consequently the meaning for Discovery Proxy zones. These fields <bcp14>SHOULD</bcp14>
REFRESH, RETRY and EXPIRE fields have no useful meaning for Discovery contain reasonable default values. The <bcp14>RECOMMENDED</bcp14>
Proxy zones. values are: REFRESH 7200, RETRY 3600, and EXPIRE 86400.</t>
These fields SHOULD contain reasonable default values. <t pn="section-6.1-5">The MINIMUM field (used to control the lifetime of
The RECOMMENDED values are: REFRESH 7200, RETRY 3600, EXPIRE negative cache
86400.</t>
<t>The MINIMUM field (used to control the lifetime of negative cache
entries) entries)
SHOULD contain the value 10. <bcp14>SHOULD</bcp14> contain the value 10.
The value of ten seconds is chosen based on user-experience This value is chosen based on user-experience
considerations considerations
(see <xref target="ttl"/>).</t> (see <xref target="ttl" format="default" sectionFormat="of" derivedConte
nt="Section 5.5.1"/>).</t>
<t>In the event that there are multiple Discovery Proxy devices on a <t pn="section-6.1-6">In the event that there are multiple Discovery Pro
xy devices on a
link for fault tolerance reasons, this will result in clients link for fault tolerance reasons, this will result in clients
receiving inconsistent SOA records (different MNAME, and possibly receiving inconsistent SOA records (different MNAME and possibly
RNAME) RNAME) depending on which Discovery Proxy answers their SOA query.
depending on which Discovery Proxy answers their SOA query.
However, since clients generally have no reason to use the MNAME or However, since clients generally have no reason to use the MNAME or
RNAME RNAME data, this is unlikely to cause any problems.</t>
data, this is unlikely to cause any problems.</t>
<?rfc needLines="22" ?>
</section> </section>
<section anchor="ns" numbered="true" toc="include" removeInRFC="false" pn=
<section anchor="ns" title="DNS NS Records"> "section-6.2">
<t>In the event that there are multiple Discovery Proxy devices on a <name slugifiedName="name-dns-ns-records">DNS NS Records</name>
link for fault tolerance reasons, the parent zone MUST <t pn="section-6.2-1">In the event that there are multiple Discovery Pro
xy devices on a
link for fault tolerance reasons, the parent zone <bcp14>MUST</bcp14>
be configured with NS records giving the names be configured with NS records giving the names
of all the Discovery Proxy devices on the link.</t> of all the Discovery Proxy devices on the link.</t>
<t pn="section-6.2-2">Each Discovery Proxy device <bcp14>MUST</bcp14> be
<t>Each Discovery Proxy device MUST be configured to answer NS queries configured to
answer NS queries
for the zone apex name by giving its own NS record, for the zone apex name by giving its own NS record,
and the NS records of its fellow Discovery Proxy devices on the same and the NS records of its fellow Discovery Proxy devices on the same
link, so that it can return the correct answers for NS queries.</t> link, so that it can return the correct answers for NS queries.</t>
<t pn="section-6.2-3">The target host name in the RDATA of an NS record
<t>The target host name in the RDATA of an NS record MUST NOT <bcp14>MUST NOT</bcp14>
reference reference
a name that falls within any zone delegated to a Discovery Proxy. a name that falls within any zone delegated to a Discovery Proxy.
Apart from the zone apex name, Apart from the zone apex name,
all other host names that fall within a zone delegated to a Discovery all other host names (names of A and AAAA DNS records)
that fall within a zone delegated to a Discovery
Proxy Proxy
correspond to local Multicast DNS host names, correspond to local Multicast DNS host names,
which logically belong to the respective Multicast DNS hosts defending which logically belong to the respective Multicast DNS hosts defending
those names, those names,
not the Discovery Proxy. not the Discovery Proxy.
Generally speaking, the Discovery Proxy does not own or control the Generally speaking, the Discovery Proxy does not own or control the
delegated zone; delegated zone;
it is merely a conduit to the corresponding ".local" namespace, it is merely a conduit to the corresponding ".local" namespace,
which is controlled by the Multicast DNS hosts on that link. which is controlled by the Multicast DNS hosts on that link.
If an NS record were to reference a manually-determined host name If an NS record were to reference a manually determined host name
that falls within a delegated zone, that falls within a delegated zone,
that manually-determined host name may inadvertently conflict with a that manually determined host name may inadvertently conflict with a
corresponding corresponding
".local" host name that is owned and controlled by some device on that ".local" host name that is owned and controlled by some device on that
link. link.
</t> </t>
</section> </section>
<section anchor="delegation" numbered="true" toc="include" removeInRFC="fa
<section anchor="delegation" title="DNS Delegation Records"> lse" pn="section-6.3">
<t>Since the <xref target="RFC6762">Multicast DNS specification</xref> <name slugifiedName="name-dns-delegation-records">DNS Delegation Records
states that there can be no delegation (subdomains) within a ".local" </name>
namespace, <t pn="section-6.3-1">Since the <xref target="RFC6762" format="default"
this implies that sectionFormat="of" derivedContent="RFC6762">Multicast DNS
any name within a zone delegated to a Discovery Proxy specification</xref> states that there can be no delegation
(except for the zone apex name itself) (subdomains) within a ".local" namespace, this implies that any name
cannot have any answers for any DNS queries for RRTYPEs SOA, NS, or within a zone delegated to a Discovery Proxy (except for the zone apex
DS. name itself) cannot have any answers for any DNS queries for RRTYPEs
Consequently: SOA, NS, or DS. Consequently:
<list style='symbols'>
<t>for any query for the zone apex name of a zone delegated to a
Discovery Proxy,
the Discovery Proxy MUST generate the appropriate immediate
answers as described above, and</t>
<t>for any query for RRTYPEs SOA, NS, or DS,
for any name within a zone delegated to a Discovery Proxy,
other than the zone apex name,
instead of translating the query to its corresponding Multicast
DNS ".local" equivalent,
a Discovery Proxy MUST generate an immediate negative answer.</t>
</list>
</t> </t>
<ul spacing="normal" bare="false" empty="false" pn="section-6.3-2">
<li pn="section-6.3-2.1">for any query for the zone apex name of a zon
e delegated to a
Discovery Proxy, the Discovery Proxy <bcp14>MUST</bcp14> generate
the appropriate immediate answers as described above, and</li>
<li pn="section-6.3-2.2">
for any query for any name below the zone apex, for RRTYPEs SOA, NS,
or DS,
the Discovery Proxy <bcp14>MUST</bcp14> generate
an immediate negative answer.
</li>
</ul>
</section> </section>
<section anchor="srv" numbered="true" toc="include" removeInRFC="false" pn
<section anchor="srv" title="DNS SRV Records"> ="section-6.4">
<t>There are certain special DNS records that logically <name slugifiedName="name-dns-srv-records">DNS SRV Records</name>
fall within the delegated unicast DNS subdomain, <t pn="section-6.4-1">There are certain special DNS records that logical
but rather than mapping to their corresponding ".local" namesakes, ly fall within
they actually contain metadata pertaining to the operation the delegated Unicast DNS subdomain, but rather than mapping to their
of the delegated unicast DNS subdomain itself. corresponding ".local" namesakes, they actually contain metadata
They do not exist in the corresponding ".local" namespace of the local pertaining to the operation of the delegated Unicast DNS subdomain
link. itself. They do not exist in the corresponding ".local" namespace of
For these queries a Discovery Proxy MUST generate immediate answers, the local link. For these queries, a Discovery Proxy
whether positive or negative, to avoid delays while clients wait for <bcp14>MUST</bcp14> generate immediate answers, whether positive or
their query to be answered. negative, to avoid delays while clients wait for their query to be
For example, if a Discovery Proxy does not implement answered.</t>
<xref target="LLQ">Long-Lived Queries</xref> <t pn="section-6.4-2">For example, if a Discovery Proxy implements Long-
then it MUST return an immediate negative answer to tell the client Lived Queries
this without delay, <xref target="RFC8764" format="default" sectionFormat="of" derivedConten
instead of passing the query through to the local network as a query t="RFC8764"/>, then it
for <bcp14>MUST</bcp14> positively respond to
<spanx style="verb">_dns&nbhy;llq._udp.local.</spanx>, <tt>_dns‑llq._udp.&lt;zone&gt; SRV</tt> queries,
and then waiting unsuccessfully for answers that will not be <tt>_dns‑llq._tcp.&lt;zone&gt; SRV</tt> queries, and
forthcoming.</t> <tt>_dns‑llq‑tls._tcp.&lt;zone&gt; SRV</tt> queries as
appropriate. If it does not implement Long-Lived Queries, it
<t>If a Discovery Proxy implements <bcp14>MUST</bcp14> return an immediate negative answer for those
<xref target="LLQ">Long-Lived Queries</xref> queries, instead of passing those queries through to the local network
then it MUST positively respond to as Multicast DNS queries and then waiting unsuccessfully for answers
<spanx style="verb">_dns&nbhy;llq._udp.&lt;zone&gt;&nbsp;SRV</spanx> that will not be forthcoming.</t>
queries, <t pn="section-6.4-3">If a Discovery Proxy implements
<spanx style="verb">_dns&nbhy;llq._tcp.&lt;zone&gt;&nbsp;SRV</spanx> DNS Push Notifications <xref target="RFC8765" format="default" sectionFo
queries, and rmat="of" derivedContent="RFC8765"/>,
<spanx then it <bcp14>MUST</bcp14> positively respond to
style="verb">_dns&nbhy;llq&nbhy;tls._tcp.&lt;zone&gt;&nbsp;SRV</spanx <tt>_dns‑push‑tls._tcp.&lt;zone&gt;</tt>
> queries.
queries as appropriate, Otherwise, it <bcp14>MUST</bcp14> return an immediate negative answer
else it MUST return an immediate negative answer for those for those
queries.</t>
<t>If a Discovery Proxy implements
<xref target="Push">DNS Push Notifications</xref>
then it MUST positively respond to
<spanx style="verb">_dns&nbhy;push&nbhy;tls._tcp.&lt;zone&gt;</spanx>
queries,
else it MUST return an immediate negative answer for those
queries.</t> queries.</t>
<t pn="section-6.4-4">A Discovery Proxy <bcp14>MUST</bcp14> return an im
<t>A Discovery Proxy MUST return an immediate negative answer for mediate negative
<spanx answer for
style="verb">_dns&nbhy;update._udp.&lt;zone&gt;&nbsp;SRV</spanx> <tt>_dns‑update._udp.&lt;zone&gt; SRV</tt>
queries, queries,
<spanx <tt>_dns‑update._tcp.&lt;zone&gt; SRV</tt>
style="verb">_dns&nbhy;update._tcp.&lt;zone&gt;&nbsp;SRV</spanx>
queries, and queries, and
<spanx <tt>_dns‑update-tls._tcp.&lt;zone&gt; SRV</tt>
style="verb">_dns&nbhy;update-tls._tcp.&lt;zone&gt;&nbsp;SRV</spanx>
queries, queries,
since using <xref target="RFC2136">DNS Update</xref> to change since using DNS Update <xref target="RFC2136" format="default" sectionFo
rmat="of" derivedContent="RFC2136"/>
to change
zones generated dynamically from local Multicast DNS data is not zones generated dynamically from local Multicast DNS data is not
possible.</t> possible.</t>
</section>
<?rfc needLines="29" ?> <section numbered="true" toc="include" removeInRFC="false" pn="section-6.5
">
<name slugifiedName="name-domain-enumeration-records">Domain Enumeration
Records</name>
<t pn="section-6.5-1">If the network operator chooses to use address-bas
ed
unicast Domain Enumeration queries for client configuration
(see <xref target="unicast" format="default" sectionFormat="of" derivedC
ontent="Section 5.2.1"/>),
and the network operator also chooses to delegate the enclosing
reverse mapping subdomain to a Discovery Proxy,
then that Discovery Proxy becomes responsible for serving
the answers to those address-based unicast Domain Enumeration
queries.</t>
<t pn="section-6.5-2">As with the SRV metadata records described above,
a Discovery Proxy
configured with delegated reverse mapping subdomains is responsible
for generating immediate (positive or negative) answers for
address-based unicast Domain Enumeration queries, rather than
passing them though to the underlying Multicast DNS subsystem and
then waiting unsuccessfully for answers that will not be
forthcoming.</t>
</section> </section>
</section> </section>
<section anchor="DNSSEC" numbered="true" toc="include" removeInRFC="false" p
<section anchor="DNSSEC" title="DNSSEC Considerations"> n="section-7">
<name slugifiedName="name-dnssec-considerations">DNSSEC Considerations</na
<section title="On-line signing only"> me>
<t>The Discovery Proxy acts as the authoritative name server for <section numbered="true" toc="include" removeInRFC="false" pn="section-7.1
">
<name slugifiedName="name-online-signing-only">Online Signing Only</name
>
<t pn="section-7.1-1">The Discovery Proxy acts as the authoritative name
server for
designated subdomains, and if DNSSEC is to be used, the Discovery designated subdomains, and if DNSSEC is to be used, the Discovery
Proxy needs to Proxy needs to possess a copy of the signing keys in order to
possess a copy of the signing keys, in order to generate authoritative generate authoritative signed data from the local Multicast DNS
signed data from the local Multicast DNS responses it receives. responses it receives. Offline signing is not applicable to
Off-line signing is not applicable to Discovery Proxy.</t> Discovery Proxy.</t>
</section> </section>
<section numbered="true" toc="include" removeInRFC="false" pn="section-7.2
<section title="NSEC and NSEC3 Records"> ">
<t>In DNSSEC <name slugifiedName="name-nsec-and-nsec3-records">NSEC and NSEC3 Records
<xref target="RFC4034">NSEC</xref> and </name>
<xref target="RFC5155">NSEC3</xref> records <t pn="section-7.2-1">In DNSSEC,
NSEC and NSEC3 records
are used to assert the nonexistence of certain names, are used to assert the nonexistence of certain names,
also described as "authenticated denial of existence".</t> also described as "authenticated denial of existence"
<xref target="RFC4034" format="default" sectionFormat="of" derivedConten
<t>Since a Discovery Proxy only knows what names exist on the local t="RFC4034"/>
link <xref target="RFC5155" format="default" sectionFormat="of" derivedCont
by issuing queries for them, and since it would be impractical to ent="RFC5155"/>.</t>
<t pn="section-7.2-2">Since a Discovery Proxy only knows what names exis
t on the local
link by issuing queries for them, and since it would be impractical to
issue queries for every possible name just to find out which names issue queries for every possible name just to find out which names
exist and which do not, a Discovery Proxy cannot programmatically exist and which do not, a Discovery Proxy cannot programmatically
synthesize the traditional NSEC and NSEC3 records which assert the synthesize the traditional NSEC and NSEC3 records that assert the
nonexistence of a large range of names. nonexistence of a large range of names. Instead, when generating a
Instead, when generating a negative response, negative response, a Discovery Proxy programmatically synthesizes a
a Discovery Proxy programmatically synthesizes a single NSEC record single NSEC record asserting the nonexistence of just the specific
assert the nonexistence of just the specific name queried, and no name queried and no others. Since the Discovery Proxy has the zone
others. signing key, it can do this on demand. Since the NSEC record asserts
Since the Discovery Proxy has the zone signing key, it can do this on the nonexistence of only a single name, zone walking is not a concern,
demand. and NSEC3 is therefore not necessary.</t>
Since the NSEC record asserts the nonexistence of only a single name, <t pn="section-7.2-3">Note that this applies only to traditional immedia
zone walking is not a concern, so NSEC3 is not necessary.</t> te DNS queries,
which may return immediate negative answers when no immediate positive
<t>Note that this applies only to traditional immediate DNS queries, answer is available. When used with a DNS Push Notification
which may return immediate negative answers when subscription <xref target="RFC8765" format="default" sectionFormat="of"
no immediate positive answer is available. derivedContent="RFC8765"/>, there are no negative answers, merely the
When used with a absence of answers so far, which may change in the future if answers
<xref target="Push">DNS Push Notification subscription</xref> become available.</t>
there are no negative answers, merely the absence of answers so far,
which may change in the future if answers become available.</t>
<?rfc needLines="19" ?>
</section> </section>
</section> </section>
<section numbered="true" toc="include" removeInRFC="false" pn="section-8">
<section title="IPv6 Considerations"> <name slugifiedName="name-ipv6-considerations">IPv6 Considerations</name>
<t>An IPv4-only host and an IPv6-only host behave as "ships that pass in <t pn="section-8-1">An IPv4-only host and an IPv6-only host behave as "shi
the night". Even if they are on the same <xref ps that pass in
target="IEEE-3">Ethernet</xref>, neither is aware the night". Even if they are on the same Ethernet <xref target="IEEE-3" fo
of the other's traffic. For this reason, each link may have rmat="default" sectionFormat="of" derivedContent="IEEE-3"/>, neither is aware of
*two* unrelated ".local." zones, one for IPv4 and one for IPv6. the other's traffic. For
Since for practical purposes, a group of IPv4-only hosts and a group this reason, each link may have <em>two</em> unrelated ".local." zones:
of IPv6-only hosts on the same Ethernet act as if they were on two one for
entirely separate Ethernet segments, it is unsurprising that their IPv4 and one for IPv6. Since, for practical purposes, a group of
use of the ".local." zone should occur exactly as it would if IPv4-only hosts and a group of IPv6-only hosts on the same Ethernet act
they really were on two entirely separate Ethernet segments.</t> as if they were on two entirely separate Ethernet segments, it is
unsurprising that their use of the ".local." zone should occur exactly
<t>It will be desirable to have a mechanism to 'stitch' together as it would if they really were on two entirely separate Ethernet
segments.</t>
<t pn="section-8-2">It will be desirable to have a mechanism to "stitch" t
ogether
these two unrelated ".local." zones so that they appear as one. these two unrelated ".local." zones so that they appear as one.
Such mechanism will need to be able to differentiate between a Such a mechanism will need to be able to differentiate between a
dual-stack (v4/v6) host participating in both ".local." dual-stack (v4/v6) host participating in both ".local."
zones, and two different hosts, one IPv4-only and the other IPv6-only, zones, and two different hosts: one IPv4-only and the other IPv6-only,
which are both trying to use the same name(s). Such a mechanism which are both trying to use the same name(s). Such a mechanism
will be specified in a future companion document.</t> will be specified in a future companion document.</t>
<t pn="section-8-3">At present, it is <bcp14>RECOMMENDED</bcp14> that a Di
<t>At present, it is RECOMMENDED that a Discovery Proxy be configured scovery Proxy
be configured
with a single domain name for both the IPv4 and IPv6 ".local." zones with a single domain name for both the IPv4 and IPv6 ".local." zones
on the local link, and when a unicast query is received, it should on the local link, and when a unicast query is received, it should
issue Multicast DNS queries using both IPv4 and IPv6 on the local link, issue Multicast DNS queries using both IPv4 and IPv6 on the local link
and then combine the results.</t> and then combine the results.</t>
<?rfc needLines="25" ?>
</section> </section>
<section numbered="true" toc="include" removeInRFC="false" pn="section-9">
<section title="Security Considerations"> <name slugifiedName="name-security-considerations">Security Considerations
<section title="Authenticity"> </name>
<t>A service proves its presence on a link by its ability to <section numbered="true" toc="include" removeInRFC="false" pn="section-9.1
">
<name slugifiedName="name-authenticity">Authenticity</name>
<t pn="section-9.1-1">A service proves its presence on a link by its abi
lity to
answer link-local multicast queries on that link. answer link-local multicast queries on that link.
If greater security is desired, then the Discovery Proxy mechanism If greater security is desired, then the Discovery Proxy mechanism
should not be used, and something with stronger security should should not be used, and something with stronger security should
be used instead, such as authenticated secure DNS Update be used instead such as authenticated secure DNS Update
<xref target="RFC2136"/> <xref target="RFC3007"/>.</t> <xref target="RFC2136" format="default" sectionFormat="of" derivedConten
t="RFC2136"/> <xref target="RFC3007" format="default" sectionFormat="of" derived
Content="RFC3007"/>.</t>
</section> </section>
<section numbered="true" toc="include" removeInRFC="false" pn="section-9.2
<section title="Privacy"> ">
<t>The Domain Name System is, generally speaking, a global public <name slugifiedName="name-privacy">Privacy</name>
database. <t pn="section-9.2-1">The Domain Name System is, generally speaking,
Records that exist in the Domain Name System name hierarchy a global public database. Records that exist in the Domain Name
can be queried by name from, in principle, anywhere in the world. System name hierarchy can be queried by name from, in principle,
If services on a mobile device (like a laptop computer) are made anywhere in the world. If services on a mobile device (like a laptop
visible computer) are made visible via the Discovery Proxy mechanism, then
via the Discovery Proxy mechanism, then when those services become when those services become visible in a domain such as
visible "My House.example.com", it might indicate to (potentially
in a domain such as "My&nbsp;House.example.com" that might indicate to hostile) observers that the mobile device is in the owner's home.
(potentially hostile) observers that the mobile device is in my house. When those
When those services disappear from "My&nbsp;House.example.com" services disappear from "My House.example.com", that change could
that change could be used by observers to infer when the be used by observers to infer when the mobile device (and possibly its
mobile device (and possibly its owner) may have left the house. owner) may have left the house. The privacy of this information may
The privacy of this information may be protected using techniques be protected using techniques like firewalls, split-view DNS, and
like firewalls, split-view DNS, and Virtual Private Networks (VPNs), Virtual Private Networks (VPNs), as are customarily used today to
as are customarily used today protect the privacy of corporate DNS information.</t>
to protect the privacy of corporate DNS information.</t> <t pn="section-9.2-2">The privacy issue is particularly serious for the
IPv4 and IPv6
<t>The privacy issue is particularly serious for the IPv4 and IPv6
reverse zones. reverse zones.
If the public delegation of the reverse zones points to the If the public delegation of the reverse zones points to the
Discovery Proxy, and the Discovery Proxy is reachable globally, Discovery Proxy, and the Discovery Proxy is reachable globally,
then it could leak a significant amount of information. then it could leak a significant amount of information.
Attackers could discover hosts that otherwise might Attackers could discover hosts that otherwise might
not be easy to identify, and learn their hostnames. not be easy to identify, and learn their host names.
Attackers could also discover the existence of links Attackers could also discover the existence of links
where hosts frequently come and go.</t> where hosts frequently come and go.</t>
<t pn="section-9.2-3">The Discovery Proxy could provide sensitive record
<t>The Discovery Proxy could also provide sensitive records only to s only to
authenticated authenticated
users. This is a general DNS problem, not specific to the Discovery users. This is a general DNS problem, not specific to the Discovery
Proxy. Proxy.
Work is underway in the IETF to tackle this problem <xref Work is underway in the IETF to tackle this problem <xref target="RFC762
target="RFC7626"/>.</t> 6" format="default" sectionFormat="of" derivedContent="RFC7626"/>.</t>
</section> </section>
<section numbered="true" toc="include" removeInRFC="false" pn="section-9.3
<section title="Denial of Service"> ">
<t>A remote attacker could use a rapid series of unique Unicast DNS <name slugifiedName="name-denial-of-service">Denial of Service</name>
<t pn="section-9.3-1">A remote attacker could use a rapid series of uniq
ue Unicast DNS
queries to induce a Discovery Proxy to generate a rapid series of queries to induce a Discovery Proxy to generate a rapid series of
corresponding Multicast DNS queries on one or more of its local links. corresponding Multicast DNS queries on one or more of its local links.
Multicast traffic is generally more expensive than unicast traffic Multicast traffic is generally more expensive than unicast traffic,
-- especially on Wi-Fi links -- especially on Wi-Fi links
which makes this attack particularly serious. <xref target="I-D.ietf-mboned-ieee802-mcast-problems" format="default" s
To limit the damage that can be caused by such attacks, a Discovery ectionFormat="of" derivedContent="MCAST"/>,
Proxy which makes this attack particularly
(or the underlying Multicast DNS subsystem which it utilizes) MUST serious. To limit the damage that can be caused by such attacks, a
implement Multicast DNS query rate limiting appropriate to the link Discovery Proxy (or the underlying Multicast DNS subsystem that it
technology in question. For today's 802.11b/g/n/ac Wi-Fi links utilizes) <bcp14>MUST</bcp14> implement Multicast DNS query rate
(for which approximately 200 multicast packets per second is limiting appropriate to the link technology in question. For today's
sufficient 802.11b/g/n/ac Wi-Fi links (for which approximately 200 multicast
to consume approximately 100% of the wireless spectrum) packets per second is sufficient to consume approximately 100% of the
a limit of 20 Multicast DNS query packets per second is RECOMMENDED. wireless spectrum), a limit of 20 Multicast DNS query packets per
On other link technologies like Gigabit Ethernet higher limits second is <bcp14>RECOMMENDED</bcp14>. On other link technologies like
may be appropriate. Gigabit Ethernet, higher limits may be appropriate. A consequence of
A consequence of this rate limiting is that a rogue remote client this rate limiting is that a rogue remote client could issue an
could issue an excessive number of queries, resulting in denial of excessive number of queries resulting in denial of service to other
service to other legitimate remote clients attempting to use that legitimate remote clients attempting to use that Discovery Proxy.
Discovery Proxy.
However, this is preferable to a rogue remote client being able to However, this is preferable to a rogue remote client being able to
inflict even greater harm on the local network, which could impact inflict even greater harm on the local network, which could impact the
the correct operation of all local clients on that network.</t> correct operation of all local clients on that network.</t>
<?rfc needLines="28" ?>
</section> </section>
</section> </section>
<section numbered="true" toc="include" removeInRFC="false" pn="section-10">
<section title="IANA Considerations"> <name slugifiedName="name-iana-considerations">IANA Considerations</name>
<t>This document has no IANA Considerations.</t> <t pn="section-10-1">This document has no IANA actions.</t>
</section>
<section title="Acknowledgments">
<t>Thanks to Markus Stenberg for helping develop the policy
regarding the four styles of unicast response according to what
data is immediately available in the cache.
Thanks to
Anders Brandt,
Ben Campbell,
Tim Chown,
Alissa Cooper,
Spencer Dawkins,
Ralph Droms,
Joel Halpern,
Ray Hunter,
Joel Jaeggli,
Warren Kumari,
Ted Lemon,
Alexey Melnikov,
Kathleen Moriarty,
Tom Pusateri,
Eric Rescorla,
Adam Roach,
David Schinazi,
Markus Stenberg,
Dave Thaler,
and Andrew Yourtchenko for their comments.</t>
<?rfc needLines="33" ?>
</section> </section>
</middle> </middle>
<back> <back>
<references title="Normative References"> <displayreference target="I-D.cheshire-dnssd-roadmap" to="ROADMAP"/>
<?rfc include="reference.RFC.1034" ?> <displayreference target="I-D.sctl-service-registration" to="REG-PROT"/>
<?rfc include="reference.RFC.1035" ?> <displayreference target="I-D.sctl-dnssd-mdns-relay" to="RELAY"/>
<?rfc include="reference.RFC.1918" ?> <displayreference target="I-D.ietf-mboned-ieee802-mcast-problems" to="MCAST"
<?rfc include="reference.RFC.2119" ?> />
<?rfc include="reference.RFC.2308" ?> <displayreference target="I-D.sekar-dns-ul" to="DNS-UL"/>
<?rfc include="reference.RFC.3629" ?> <references pn="section-11">
<?rfc include="reference.RFC.3927" ?> <name slugifiedName="name-references">References</name>
<?rfc include="reference.RFC.4034" ?> <references pn="section-11.1">
<?rfc include="reference.RFC.4862" ?> <name slugifiedName="name-normative-references">Normative References</na
<?rfc include="reference.RFC.5155" ?> me>
<?rfc include="reference.RFC.5198" ?> <reference anchor="RFC1034" target="https://www.rfc-editor.org/info/rfc1
<?rfc include="reference.RFC.6762" ?> 034" quoteTitle="true" derivedAnchor="RFC1034">
<?rfc include="reference.RFC.6763" ?> <front>
<?rfc include="reference.RFC.8174" ?> <title>Domain names - concepts and facilities</title>
<?rfc include="reference.RFC.8490" ?> <author initials="P.V." surname="Mockapetris" fullname="P.V. Mockape
tris">
<?rfc include="reference.I-D.ietf-dnssd-push" anchor='Push' <organization showOnFrontPage="true"/>
?> </author>
<date year="1987" month="November"/>
</references> <abstract>
<t>This RFC is the revised basic definition of The Domain Name Sys
<?rfc needLines="6" ?> tem. It obsoletes RFC-882. This memo describes the domain style names and thei
<references title="Informative References"> r used for host address look up and electronic mail forwarding. It discusses th
e clients and servers in the domain name system and the protocol used between th
<?rfc include="reference.I-D.cheshire-dnssd-roadmap" em.</t>
anchor='Roadmap' ?> </abstract>
<?rfc include="reference.I-D.sekar-dns-ul" </front>
anchor='DNS-UL' ?> <seriesInfo name="STD" value="13"/>
<?rfc include="reference.I-D.sekar-dns-llq" anchor='LLQ' <seriesInfo name="RFC" value="1034"/>
?> <seriesInfo name="DOI" value="10.17487/RFC1034"/>
<?rfc include="reference.I-D.sctl-service-registration" </reference>
anchor='RegProt' ?> <reference anchor="RFC1035" target="https://www.rfc-editor.org/info/rfc1
<?rfc include="reference.I-D.sctl-dnssd-mdns-relay" anchor='Relay' 035" quoteTitle="true" derivedAnchor="RFC1035">
?> <front>
<?rfc include="reference.I-D.ietf-mboned-ieee802-mcast-problems" <title>Domain names - implementation and specification</title>
anchor='Mcast' ?> <author initials="P.V." surname="Mockapetris" fullname="P.V. Mockape
<?rfc include="reference.RFC.2132" ?> tris">
<?rfc include="reference.RFC.2136" ?> <organization showOnFrontPage="true"/>
<?rfc include="reference.RFC.3007" ?> </author>
<?rfc include="reference.RFC.3492" ?> <date year="1987" month="November"/>
<?rfc include="reference.RFC.4193" ?> <abstract>
<?rfc include="reference.RFC.6760" ?> <t>This RFC is the revised specification of the protocol and forma
<?rfc include="reference.RFC.7558" ?> t used in the implementation of the Domain Name System. It obsoletes RFC-883. T
<?rfc include="reference.RFC.7626" ?> his memo documents the details of the domain name client - server communication.
<?rfc include="reference.RFC.7788" ?> </t>
<?rfc include="reference.RFC.8375" ?> </abstract>
</front>
<reference anchor="ohp" target="https://github.com/sbyx/ohybridproxy/"> <seriesInfo name="STD" value="13"/>
<front> <seriesInfo name="RFC" value="1035"/>
<title>Discovery Proxy (Hybrid Proxy) implementation for <seriesInfo name="DOI" value="10.17487/RFC1035"/>
OpenWrt</title> </reference>
<author/> <reference anchor="RFC1918" target="https://www.rfc-editor.org/info/rfc1
<date/> 918" quoteTitle="true" derivedAnchor="RFC1918">
</front> <front>
</reference> <title>Address Allocation for Private Internets</title>
<author initials="Y." surname="Rekhter" fullname="Y. Rekhter">
<reference anchor="ZC"> <organization showOnFrontPage="true"/>
<front> </author>
<title>Zero Configuration Networking: The Definitive Guide</title> <author initials="B." surname="Moskowitz" fullname="B. Moskowitz">
<author initials="S." surname="Cheshire" fullname="Stuart <organization showOnFrontPage="true"/>
Cheshire"/> </author>
<author initials="D.H." surname="Steinberg" fullname="Daniel <author initials="D." surname="Karrenberg" fullname="D. Karrenberg">
H. Steinberg"/> <organization showOnFrontPage="true"/>
<date year="2005" month="December"/> </author>
</front> <author initials="G. J." surname="de Groot" fullname="G. J. de Groot
<seriesInfo name="O'Reilly Media, Inc." value=""/> ">
<seriesInfo name="ISBN" value="0-596-10100-7"/> <organization showOnFrontPage="true"/>
</reference> </author>
<author initials="E." surname="Lear" fullname="E. Lear">
<!-- Patterned after <organization showOnFrontPage="true"/>
http://xml.resource.org/public/rfc/bibxml2/_reference.IEEE.802-3.1998.xml </author>
--> <date year="1996" month="February"/>
<reference anchor="IEEE-1Q" <abstract>
target="http://standards.ieee.org/getieee802/download/802-1Q-201 <t>This document describes address allocation for private internet
4.pdf"> s. This document specifies an Internet Best Current Practices for the Internet
<front> Community, and requests discussion and suggestions for improvements.</t>
<title> </abstract>
IEEE Standard for Local and metropolitan area networks -- </front>
Bridges and Bridged Networks <seriesInfo name="BCP" value="5"/>
</title> <seriesInfo name="RFC" value="1918"/>
<author/> <seriesInfo name="DOI" value="10.17487/RFC1918"/>
<date year="2014" month="November"/> </reference>
</front> <reference anchor="RFC2119" target="https://www.rfc-editor.org/info/rfc2
<seriesInfo name="IEEE" value="Std 802.1Q-2014"/> 119" quoteTitle="true" derivedAnchor="RFC2119">
</reference> <front>
<title>Key words for use in RFCs to Indicate Requirement Levels</tit
<reference anchor="IEEE-3" le>
target="http://standards.ieee.org/getieee802/802.3.html"> <author initials="S." surname="Bradner" fullname="S. Bradner">
<front> <organization showOnFrontPage="true"/>
<title> </author>
Information technology - Telecommunications and information <date year="1997" month="March"/>
exchange between systems - <abstract>
Local and metropolitan area networks - Specific requirements - <t>In many standards track documents several words are used to sig
Part 3: Carrier Sense Multiple Access with Collision Detection nify the requirements in the specification. These words are often capitalized.
(CMSA/CD) This document defines these words as they should be interpreted in IETF document
Access Method and Physical Layer Specifications s. This document specifies an Internet Best Current Practices for the Internet
</title> Community, and requests discussion and suggestions for improvements.</t>
<author/> </abstract>
<date year="2008" month="December"/> </front>
</front> <seriesInfo name="BCP" value="14"/>
<seriesInfo name="IEEE" value="Std 802.3-2008"/> <seriesInfo name="RFC" value="2119"/>
</reference> <seriesInfo name="DOI" value="10.17487/RFC2119"/>
</reference>
<reference anchor="IEEE-5"> <reference anchor="RFC2308" target="https://www.rfc-editor.org/info/rfc2
<front> 308" quoteTitle="true" derivedAnchor="RFC2308">
<title>Information technology - Telecommunications and information <front>
exchange <title>Negative Caching of DNS Queries (DNS NCACHE)</title>
between systems - Local and metropolitan area networks - Specific <author initials="M." surname="Andrews" fullname="M. Andrews">
requirements - <organization showOnFrontPage="true"/>
Part 5: Token ring access method and physical layer </author>
specification</title> <date year="1998" month="March"/>
<author><organization>Institute of Electrical and Electronics <abstract>
Engineers</organization></author> <t>RFC1034 provided a description of how to cache negative respons
<date month="" year="1995" /> es. It however had a fundamental flaw in that it did not allow a name server to
</front> hand out those cached responses to other resolvers, thereby greatly reducing th
<seriesInfo name="IEEE" value="Std 802.5-1998"/> e effect of the caching. This document addresses issues raise in the light of e
</reference> xperience and replaces RFC1034 Section 4.3.4. [STANDARDS-TRACK]</t>
</abstract>
<reference anchor="IEEE-11" </front>
target="http://standards.ieee.org/getieee802/802.11.html"> <seriesInfo name="RFC" value="2308"/>
<front> <seriesInfo name="DOI" value="10.17487/RFC2308"/>
<title> </reference>
Information technology - Telecommunications and information <reference anchor="RFC3629" target="https://www.rfc-editor.org/info/rfc3
exchange between systems - 629" quoteTitle="true" derivedAnchor="RFC3629">
Local and metropolitan area networks - Specific requirements - <front>
Part 11: Wireless LAN Medium Access Control (MAC) and Physical <title>UTF-8, a transformation format of ISO 10646</title>
Layer (PHY) Specifications <author initials="F." surname="Yergeau" fullname="F. Yergeau">
</title> <organization showOnFrontPage="true"/>
<author/> </author>
<date year="2007" month="June"/> <date year="2003" month="November"/>
</front> <abstract>
<seriesInfo name="IEEE" value="Std 802.11-2007"/> <t>ISO/IEC 10646-1 defines a large character set called the Univer
</reference> sal Character Set (UCS) which encompasses most of the world's writing systems.
The originally proposed encodings of the UCS, however, were not compatible with
many current applications and protocols, and this has led to the development of
UTF-8, the object of this memo. UTF-8 has the characteristic of preserving the
full US-ASCII range, providing compatibility with file systems, parsers and othe
r software that rely on US-ASCII values but are transparent to other values. Th
is memo obsoletes and replaces RFC 2279.</t>
</abstract>
</front>
<seriesInfo name="STD" value="63"/>
<seriesInfo name="RFC" value="3629"/>
<seriesInfo name="DOI" value="10.17487/RFC3629"/>
</reference>
<reference anchor="RFC3927" target="https://www.rfc-editor.org/info/rfc3
927" quoteTitle="true" derivedAnchor="RFC3927">
<front>
<title>Dynamic Configuration of IPv4 Link-Local Addresses</title>
<author initials="S." surname="Cheshire" fullname="S. Cheshire">
<organization showOnFrontPage="true"/>
</author>
<author initials="B." surname="Aboba" fullname="B. Aboba">
<organization showOnFrontPage="true"/>
</author>
<author initials="E." surname="Guttman" fullname="E. Guttman">
<organization showOnFrontPage="true"/>
</author>
<date year="2005" month="May"/>
<abstract>
<t>To participate in wide-area IP networking, a host needs to be c
onfigured with IP addresses for its interfaces, either manually by the user or a
utomatically from a source on the network such as a Dynamic Host Configuration P
rotocol (DHCP) server. Unfortunately, such address configuration information ma
y not always be available. It is therefore beneficial for a host to be able to d
epend on a useful subset of IP networking functions even when no address configu
ration is available. This document describes how a host may automatically confi
gure an interface with an IPv4 address within the 169.254/16 prefix that is vali
d for communication with other devices connected to the same physical (or logica
l) link.</t>
<t>IPv4 Link-Local addresses are not suitable for communication wi
th devices not directly connected to the same physical (or logical) link, and ar
e only used where stable, routable addresses are not available (such as on ad ho
c or isolated networks). This document does not recommend that IPv4 Link-Local
addresses and routable addresses be configured simultaneously on the same interf
ace. [STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="3927"/>
<seriesInfo name="DOI" value="10.17487/RFC3927"/>
</reference>
<reference anchor="RFC4034" target="https://www.rfc-editor.org/info/rfc4
034" quoteTitle="true" derivedAnchor="RFC4034">
<front>
<title>Resource Records for the DNS Security Extensions</title>
<author initials="R." surname="Arends" fullname="R. Arends">
<organization showOnFrontPage="true"/>
</author>
<author initials="R." surname="Austein" fullname="R. Austein">
<organization showOnFrontPage="true"/>
</author>
<author initials="M." surname="Larson" fullname="M. Larson">
<organization showOnFrontPage="true"/>
</author>
<author initials="D." surname="Massey" fullname="D. Massey">
<organization showOnFrontPage="true"/>
</author>
<author initials="S." surname="Rose" fullname="S. Rose">
<organization showOnFrontPage="true"/>
</author>
<date year="2005" month="March"/>
<abstract>
<t>This document is part of a family of documents that describe th
e DNS Security Extensions (DNSSEC). The DNS Security Extensions are a collectio
n of resource records and protocol modifications that provide source authenticat
ion for the DNS. This document defines the public key (DNSKEY), delegation sign
er (DS), resource record digital signature (RRSIG), and authenticated denial of
existence (NSEC) resource records. The purpose and format of each resource reco
rd is described in detail, and an example of each resource record is given. </t>
<t> This document obsoletes RFC 2535 and incorporates changes from
all updates to RFC 2535. [STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="4034"/>
<seriesInfo name="DOI" value="10.17487/RFC4034"/>
</reference>
<reference anchor="RFC4862" target="https://www.rfc-editor.org/info/rfc4
862" quoteTitle="true" derivedAnchor="RFC4862">
<front>
<title>IPv6 Stateless Address Autoconfiguration</title>
<author initials="S." surname="Thomson" fullname="S. Thomson">
<organization showOnFrontPage="true"/>
</author>
<author initials="T." surname="Narten" fullname="T. Narten">
<organization showOnFrontPage="true"/>
</author>
<author initials="T." surname="Jinmei" fullname="T. Jinmei">
<organization showOnFrontPage="true"/>
</author>
<date year="2007" month="September"/>
<abstract>
<t>This document specifies the steps a host takes in deciding how
to autoconfigure its interfaces in IP version 6. The autoconfiguration process
includes generating a link-local address, generating global addresses via statel
ess address autoconfiguration, and the Duplicate Address Detection procedure to
verify the uniqueness of the addresses on a link. [STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="4862"/>
<seriesInfo name="DOI" value="10.17487/RFC4862"/>
</reference>
<reference anchor="RFC5155" target="https://www.rfc-editor.org/info/rfc5
155" quoteTitle="true" derivedAnchor="RFC5155">
<front>
<title>DNS Security (DNSSEC) Hashed Authenticated Denial of Existenc
e</title>
<author initials="B." surname="Laurie" fullname="B. Laurie">
<organization showOnFrontPage="true"/>
</author>
<author initials="G." surname="Sisson" fullname="G. Sisson">
<organization showOnFrontPage="true"/>
</author>
<author initials="R." surname="Arends" fullname="R. Arends">
<organization showOnFrontPage="true"/>
</author>
<author initials="D." surname="Blacka" fullname="D. Blacka">
<organization showOnFrontPage="true"/>
</author>
<date year="2008" month="March"/>
<abstract>
<t>The Domain Name System Security (DNSSEC) Extensions introduced
the NSEC resource record (RR) for authenticated denial of existence. This docume
nt introduces an alternative resource record, NSEC3, which similarly provides au
thenticated denial of existence. However, it also provides measures against zon
e enumeration and permits gradual expansion of delegation-centric zones. [STAND
ARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="5155"/>
<seriesInfo name="DOI" value="10.17487/RFC5155"/>
</reference>
<reference anchor="RFC5198" target="https://www.rfc-editor.org/info/rfc5
198" quoteTitle="true" derivedAnchor="RFC5198">
<front>
<title>Unicode Format for Network Interchange</title>
<author initials="J." surname="Klensin" fullname="J. Klensin">
<organization showOnFrontPage="true"/>
</author>
<author initials="M." surname="Padlipsky" fullname="M. Padlipsky">
<organization showOnFrontPage="true"/>
</author>
<date year="2008" month="March"/>
<abstract>
<t>The Internet today is in need of a standardized form for the tr
ansmission of internationalized "text" information, paralleling the specificatio
ns for the use of ASCII that date from the early days of the ARPANET. This docu
ment specifies that format, using UTF-8 with normalization and specific line-end
ing sequences. [STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="5198"/>
<seriesInfo name="DOI" value="10.17487/RFC5198"/>
</reference>
<reference anchor="RFC6762" target="https://www.rfc-editor.org/info/rfc6
762" quoteTitle="true" derivedAnchor="RFC6762">
<front>
<title>Multicast DNS</title>
<author initials="S." surname="Cheshire" fullname="S. Cheshire">
<organization showOnFrontPage="true"/>
</author>
<author initials="M." surname="Krochmal" fullname="M. Krochmal">
<organization showOnFrontPage="true"/>
</author>
<date year="2013" month="February"/>
<abstract>
<t>As networked devices become smaller, more portable, and more ub
iquitous, the ability to operate with less configured infrastructure is increasi
ngly important. In particular, the ability to look up DNS resource record data
types (including, but not limited to, host names) in the absence of a convention
al managed DNS server is useful.</t>
<t>Multicast DNS (mDNS) provides the ability to perform DNS-like o
perations on the local link in the absence of any conventional Unicast DNS serve
r. In addition, Multicast DNS designates a portion of the DNS namespace to be f
ree for local use, without the need to pay any annual fee, and without the need
to set up delegations or otherwise configure a conventional DNS server to answer
for those names.</t>
<t>The primary benefits of Multicast DNS names are that (i) they r
equire little or no administration or configuration to set them up, (ii) they wo
rk when no infrastructure is present, and (iii) they work during infrastructure
failures.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="6762"/>
<seriesInfo name="DOI" value="10.17487/RFC6762"/>
</reference>
<reference anchor="RFC6763" target="https://www.rfc-editor.org/info/rfc6
763" quoteTitle="true" derivedAnchor="RFC6763">
<front>
<title>DNS-Based Service Discovery</title>
<author initials="S." surname="Cheshire" fullname="S. Cheshire">
<organization showOnFrontPage="true"/>
</author>
<author initials="M." surname="Krochmal" fullname="M. Krochmal">
<organization showOnFrontPage="true"/>
</author>
<date year="2013" month="February"/>
<abstract>
<t>This document specifies how DNS resource records are named and
structured to facilitate service discovery. Given a type of service that a clie
nt is looking for, and a domain in which the client is looking for that service,
this mechanism allows clients to discover a list of named instances of that des
ired service, using standard DNS queries. This mechanism is referred to as DNS-b
ased Service Discovery, or DNS-SD.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="6763"/>
<seriesInfo name="DOI" value="10.17487/RFC6763"/>
</reference>
<reference anchor="RFC8174" target="https://www.rfc-editor.org/info/rfc8
174" quoteTitle="true" derivedAnchor="RFC8174">
<front>
<title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</ti
tle>
<author initials="B." surname="Leiba" fullname="B. Leiba">
<organization showOnFrontPage="true"/>
</author>
<date year="2017" month="May"/>
<abstract>
<t>RFC 2119 specifies common key words that may be used in protoco
l specifications. This document aims to reduce the ambiguity by clarifying tha
t only UPPERCASE usage of the key words have the defined special meanings.</t>
</abstract>
</front>
<seriesInfo name="BCP" value="14"/>
<seriesInfo name="RFC" value="8174"/>
<seriesInfo name="DOI" value="10.17487/RFC8174"/>
</reference>
<reference anchor="RFC8490" target="https://www.rfc-editor.org/info/rfc8
490" quoteTitle="true" derivedAnchor="RFC8490">
<front>
<title>DNS Stateful Operations</title>
<author initials="R." surname="Bellis" fullname="R. Bellis">
<organization showOnFrontPage="true"/>
</author>
<author initials="S." surname="Cheshire" fullname="S. Cheshire">
<organization showOnFrontPage="true"/>
</author>
<author initials="J." surname="Dickinson" fullname="J. Dickinson">
<organization showOnFrontPage="true"/>
</author>
<author initials="S." surname="Dickinson" fullname="S. Dickinson">
<organization showOnFrontPage="true"/>
</author>
<author initials="T." surname="Lemon" fullname="T. Lemon">
<organization showOnFrontPage="true"/>
</author>
<author initials="T." surname="Pusateri" fullname="T. Pusateri">
<organization showOnFrontPage="true"/>
</author>
<date year="2019" month="March"/>
<abstract>
<t>This document defines a new DNS OPCODE for DNS Stateful Operati
ons (DSO). DSO messages communicate operations within persistent stateful sessi
ons using Type Length Value (TLV) syntax. Three TLVs are defined that manage se
ssion timeouts, termination, and encryption padding, and a framework is defined
for extensions to enable new stateful operations. This document updates RFC 103
5 by adding a new DNS header OPCODE that has both different message semantics an
d a new result code. This document updates RFC 7766 by redefining a session, pr
oviding new guidance on connection reuse, and providing a new mechanism for hand
ling session idle timeouts.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="8490"/>
<seriesInfo name="DOI" value="10.17487/RFC8490"/>
</reference>
<reference anchor="RFC8765" target="https://www.rfc-editor.org/info/rfc8
765" quoteTitle="true" derivedAnchor="RFC8765">
<front>
<title>DNS Push Notifications</title>
<author initials="T" surname="Pusateri" fullname="Tom Pusateri">
<organization showOnFrontPage="true"/>
</author>
<author initials="S" surname="Cheshire" fullname="Stuart Cheshire">
<organization showOnFrontPage="true"/>
</author>
<date month="June" year="2020"/>
</front>
<seriesInfo name="RFC" value="8765"/>
<seriesInfo name="DOI" value="10.17487/RFC8765"/>
</reference>
</references>
<references pn="section-11.2">
<name slugifiedName="name-informative-references">Informative References
</name>
<reference anchor="I-D.sekar-dns-ul" quoteTitle="true" target="https://t
ools.ietf.org/html/draft-sekar-dns-ul-02" derivedAnchor="DNS-UL">
<front>
<title>Dynamic DNS Update Leases</title>
<author initials="S" surname="Cheshire" fullname="Stuart Cheshire">
<organization showOnFrontPage="true"/>
</author>
<author initials="T" surname="Lemon" fullname="Ted Lemon">
<organization showOnFrontPage="true"/>
</author>
<date month="August" day="2" year="2018"/>
<abstract>
<t>This document proposes a method of extending Dynamic DNS Update
to contain an update lease lifetime, allowing a server to garbage collect stale
resource records.</t>
</abstract>
</front>
<seriesInfo name="Internet-Draft" value="draft-sekar-dns-ul-02"/>
<format type="TXT" target="http://www.ietf.org/internet-drafts/draft-s
ekar-dns-ul-02.txt"/>
<refcontent>Work in Progress</refcontent>
</reference>
<reference anchor="IEEE-1Q" target="https://ieeexplore.ieee.org/document
/6991462" quoteTitle="true" derivedAnchor="IEEE-1Q">
<front>
<title>IEEE Standard for Local and metropolitan area networks -- Bri
dges and Bridged Networks</title>
<author>
<organization showOnFrontPage="true">IEEE</organization>
</author>
<date year="2014"/>
</front>
<seriesInfo name="IEEE Std" value="802.1Q-2014"/>
<seriesInfo name="DOI" value="10.1109/IEEESTD.2014.6991462"/>
</reference>
<reference anchor="IEEE-3" target="https://ieeexplore.ieee.org/document/
8457469" quoteTitle="true" derivedAnchor="IEEE-3">
<front>
<title>IEEE Standard for Ethernet</title>
<seriesInfo name="DOI" value="10.1109/IEEESTD.2018.8457469"/>
<seriesInfo name="IEEE Std" value="802.3-2018"/>
<author>
<organization showOnFrontPage="true">IEEE</organization>
</author>
<date year="2008" month="December"/>
</front>
</reference>
<reference anchor="IEEE-5" target="https://standards.ieee.org/standard/8
02_5-1998.html" quoteTitle="true" derivedAnchor="IEEE-5">
<front>
<title>Telecommunications and information exchange between systems -
Local and metropolitan area networks - Part 5: Token ring access method and phy
sical layer specifications</title>
<seriesInfo name="IEEE Std" value="802.5-1998"/>
<author>
<organization showOnFrontPage="true">IEEE</organization>
</author>
<date year="1998"/>
</front>
</reference>
<reference anchor="IEEE-11" target="https://standards.ieee.org/standard/
802_11-2016.html" quoteTitle="true" derivedAnchor="IEEE-11">
<front>
<title>Information technology - Telecommunications and information e
xchange between systems - Local and metropolitan area networks - Specific requir
ements - Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (P
HY) Specifications</title>
<seriesInfo name="IEEE Std" value="802.11-2016"/>
<author>
<organization showOnFrontPage="true">IEEE</organization>
</author>
<date year="2016" month="December"/>
</front>
</reference>
<reference anchor="I-D.ietf-mboned-ieee802-mcast-problems" quoteTitle="t
rue" target="https://tools.ietf.org/html/draft-ietf-mboned-ieee802-mcast-problem
s-11" derivedAnchor="MCAST">
<front>
<title>Multicast Considerations over IEEE 802 Wireless Media</title>
<author initials="C" surname="Perkins" fullname="Charles Perkins">
<organization showOnFrontPage="true"/>
</author>
<author initials="M" surname="McBride" fullname="Mike McBride">
<organization showOnFrontPage="true"/>
</author>
<author initials="D" surname="Stanley" fullname="Dorothy Stanley">
<organization showOnFrontPage="true"/>
</author>
<author initials="W" surname="Kumari" fullname="Warren Kumari">
<organization showOnFrontPage="true"/>
</author>
<author initials="J" surname="Zuniga" fullname="Juan Zuniga">
<organization showOnFrontPage="true"/>
</author>
<date month="December" day="11" year="2019"/>
<abstract>
<t>Well-known issues with multicast have prevented the deployment
of multicast in 802.11 (wifi) and other local-area wireless environments. This
document describes the problems of known limitations with wireless (primarily 80
2.11) Layer-2 multicast. Also described are certain multicast enhancement featu
res that have been specified by the IETF, and by IEEE 802, for wireless media, a
s well as some operational choices that can be taken to improve the performance
of the network. Finally, some recommendations are provided about the usage and
combination of these features and operational choices.</t>
</abstract>
</front>
<seriesInfo name="Internet-Draft" value="draft-ietf-mboned-ieee802-mca
st-problems-11"/>
<format type="TXT" target="http://www.ietf.org/internet-drafts/draft-i
etf-mboned-ieee802-mcast-problems-11.txt"/>
<refcontent>Work in Progress</refcontent>
</reference>
<reference anchor="OHP" target="https://github.com/sbyx/ohybridproxy/" q
uoteTitle="true" derivedAnchor="OHP">
<front>
<title>ohybridproxy - an mDNS/DNS hybrid-proxy based on mDNSResponde
r</title>
<author/>
<date month="June" year="2017"/>
</front>
<refcontent>commit 464d6c9</refcontent>
</reference>
<reference anchor="I-D.sctl-service-registration" quoteTitle="true" targ
et="https://tools.ietf.org/html/draft-sctl-service-registration-02" derivedAncho
r="REG-PROT">
<front>
<title>Service Registration Protocol for DNS-Based Service Discovery
</title>
<author initials="S" surname="Cheshire" fullname="Stuart Cheshire">
<organization showOnFrontPage="true"/>
</author>
<author initials="T" surname="Lemon" fullname="Ted Lemon">
<organization showOnFrontPage="true"/>
</author>
<date month="July" day="15" year="2018"/>
<abstract>
<t>The DNS-SD Service Registration Protocol uses the standard DNS
Update mechanism to enable DNS-Based Service Discovery using only unicast packet
s. This eliminates the dependency on Multicast DNS as the foundation layer, whi
ch greatly improves scalability and improves performance on networks where multi
cast service is not an optimal choice, particularly 802.11 (Wi-Fi) and 802.15.4
(IoT) networks. DNS-SD Service registration uses public keys and SIG(0) to allow
services to defend their registrations against attack.</t>
</abstract>
</front>
<seriesInfo name="Internet-Draft" value="draft-sctl-service-registrati
on-02"/>
<format type="TXT" target="http://www.ietf.org/internet-drafts/draft-s
ctl-service-registration-02.txt"/>
<refcontent>Work in Progress</refcontent>
</reference>
<reference anchor="I-D.sctl-dnssd-mdns-relay" quoteTitle="true" target="
https://tools.ietf.org/html/draft-sctl-dnssd-mdns-relay-04" derivedAnchor="RELAY
">
<front>
<title>Multicast DNS Discovery Relay</title>
<author initials="S" surname="Cheshire" fullname="Stuart Cheshire">
<organization showOnFrontPage="true"/>
</author>
<author initials="T" surname="Lemon" fullname="Ted Lemon">
<organization showOnFrontPage="true"/>
</author>
<date month="March" day="21" year="2018"/>
<abstract>
<t>This document extends the specification of the Discovery Proxy
for Multicast DNS-Based Service Discovery. It describes a lightweight relay mec
hanism, a Discovery Relay, which allows Discovery Proxies to provide service on
multicast links to which they are not directly attached.</t>
</abstract>
</front>
<seriesInfo name="Internet-Draft" value="draft-sctl-dnssd-mdns-relay-0
4"/>
<format type="TXT" target="http://www.ietf.org/internet-drafts/draft-s
ctl-dnssd-mdns-relay-04.txt"/>
<refcontent>Work in Progress</refcontent>
</reference>
<reference anchor="RFC2132" target="https://www.rfc-editor.org/info/rfc2
132" quoteTitle="true" derivedAnchor="RFC2132">
<front>
<title>DHCP Options and BOOTP Vendor Extensions</title>
<author initials="S." surname="Alexander" fullname="S. Alexander">
<organization showOnFrontPage="true"/>
</author>
<author initials="R." surname="Droms" fullname="R. Droms">
<organization showOnFrontPage="true"/>
</author>
<date year="1997" month="March"/>
<abstract>
<t>This document specifies the current set of DHCP options. Futur
e options will be specified in separate RFCs. The current list of valid options
is also available in ftp://ftp.isi.edu/in-notes/iana/assignments. [STANDARDS-TR
ACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="2132"/>
<seriesInfo name="DOI" value="10.17487/RFC2132"/>
</reference>
<reference anchor="RFC2136" target="https://www.rfc-editor.org/info/rfc2
136" quoteTitle="true" derivedAnchor="RFC2136">
<front>
<title>Dynamic Updates in the Domain Name System (DNS UPDATE)</title
>
<author initials="P." surname="Vixie" fullname="P. Vixie" role="edit
or">
<organization showOnFrontPage="true"/>
</author>
<author initials="S." surname="Thomson" fullname="S. Thomson">
<organization showOnFrontPage="true"/>
</author>
<author initials="Y." surname="Rekhter" fullname="Y. Rekhter">
<organization showOnFrontPage="true"/>
</author>
<author initials="J." surname="Bound" fullname="J. Bound">
<organization showOnFrontPage="true"/>
</author>
<date year="1997" month="April"/>
<abstract>
<t>Using this specification of the UPDATE opcode, it is possible t
o add or delete RRs or RRsets from a specified zone. Prerequisites are specifie
d separately from update operations, and can specify a dependency upon either th
e previous existence or nonexistence of an RRset, or the existence of a single R
R. [STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="2136"/>
<seriesInfo name="DOI" value="10.17487/RFC2136"/>
</reference>
<reference anchor="RFC3007" target="https://www.rfc-editor.org/info/rfc3
007" quoteTitle="true" derivedAnchor="RFC3007">
<front>
<title>Secure Domain Name System (DNS) Dynamic Update</title>
<author initials="B." surname="Wellington" fullname="B. Wellington">
<organization showOnFrontPage="true"/>
</author>
<date year="2000" month="November"/>
<abstract>
<t>This document proposes a method for performing secure Domain Na
me System (DNS) dynamic updates. [STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="3007"/>
<seriesInfo name="DOI" value="10.17487/RFC3007"/>
</reference>
<reference anchor="RFC3492" target="https://www.rfc-editor.org/info/rfc3
492" quoteTitle="true" derivedAnchor="RFC3492">
<front>
<title>Punycode: A Bootstring encoding of Unicode for Internationali
zed Domain Names in Applications (IDNA)</title>
<author initials="A." surname="Costello" fullname="A. Costello">
<organization showOnFrontPage="true"/>
</author>
<date year="2003" month="March"/>
<abstract>
<t>Punycode is a simple and efficient transfer encoding syntax des
igned for use with Internationalized Domain Names in Applications (IDNA). It un
iquely and reversibly transforms a Unicode string into an ASCII string. ASCII c
haracters in the Unicode string are represented literally, and non-ASCII charact
ers are represented by ASCII characters that are allowed in host name labels (le
tters, digits, and hyphens). This document defines a general algorithm called Bo
otstring that allows a string of basic code points to uniquely represent any str
ing of code points drawn from a larger set. Punycode is an instance of Bootstri
ng that uses particular parameter values specified by this document, appropriate
for IDNA. [STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="3492"/>
<seriesInfo name="DOI" value="10.17487/RFC3492"/>
</reference>
<reference anchor="RFC4193" target="https://www.rfc-editor.org/info/rfc4
193" quoteTitle="true" derivedAnchor="RFC4193">
<front>
<title>Unique Local IPv6 Unicast Addresses</title>
<author initials="R." surname="Hinden" fullname="R. Hinden">
<organization showOnFrontPage="true"/>
</author>
<author initials="B." surname="Haberman" fullname="B. Haberman">
<organization showOnFrontPage="true"/>
</author>
<date year="2005" month="October"/>
<abstract>
<t>This document defines an IPv6 unicast address format that is gl
obally unique and is intended for local communications, usually inside of a site
. These addresses are not expected to be routable on the global Internet. [STAN
DARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="4193"/>
<seriesInfo name="DOI" value="10.17487/RFC4193"/>
</reference>
<reference anchor="RFC6760" target="https://www.rfc-editor.org/info/rfc6
760" quoteTitle="true" derivedAnchor="RFC6760">
<front>
<title>Requirements for a Protocol to Replace the AppleTalk Name Bin
ding Protocol (NBP)</title>
<author initials="S." surname="Cheshire" fullname="S. Cheshire">
<organization showOnFrontPage="true"/>
</author>
<author initials="M." surname="Krochmal" fullname="M. Krochmal">
<organization showOnFrontPage="true"/>
</author>
<date year="2013" month="February"/>
<abstract>
<t>One of the goals of the authors of Multicast DNS (mDNS) and DNS
-Based Service Discovery (DNS-SD) was to retire AppleTalk and the AppleTalk Name
Binding Protocol (NBP) and to replace them with an IP-based solution. This doc
ument presents a brief overview of the capabilities of AppleTalk NBP and outline
s the properties required of an IP-based replacement.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="6760"/>
<seriesInfo name="DOI" value="10.17487/RFC6760"/>
</reference>
<reference anchor="RFC7558" target="https://www.rfc-editor.org/info/rfc7
558" quoteTitle="true" derivedAnchor="RFC7558">
<front>
<title>Requirements for Scalable DNS-Based Service Discovery (DNS-SD
) / Multicast DNS (mDNS) Extensions</title>
<author initials="K." surname="Lynn" fullname="K. Lynn">
<organization showOnFrontPage="true"/>
</author>
<author initials="S." surname="Cheshire" fullname="S. Cheshire">
<organization showOnFrontPage="true"/>
</author>
<author initials="M." surname="Blanchet" fullname="M. Blanchet">
<organization showOnFrontPage="true"/>
</author>
<author initials="D." surname="Migault" fullname="D. Migault">
<organization showOnFrontPage="true"/>
</author>
<date year="2015" month="July"/>
<abstract>
<t>DNS-based Service Discovery (DNS-SD) over Multicast DNS (mDNS)
is widely used today for discovery and resolution of services and names on a loc
al link, but there are use cases to extend DNS-SD/mDNS to enable service discove
ry beyond the local link. This document provides a problem statement and a list
of requirements for scalable DNS-SD.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="7558"/>
<seriesInfo name="DOI" value="10.17487/RFC7558"/>
</reference>
<reference anchor="RFC7626" target="https://www.rfc-editor.org/info/rfc7
626" quoteTitle="true" derivedAnchor="RFC7626">
<front>
<title>DNS Privacy Considerations</title>
<author initials="S." surname="Bortzmeyer" fullname="S. Bortzmeyer">
<organization showOnFrontPage="true"/>
</author>
<date year="2015" month="August"/>
<abstract>
<t>This document describes the privacy issues associated with the
use of the DNS by Internet users. It is intended to be an analysis of the prese
nt situation and does not prescribe solutions.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="7626"/>
<seriesInfo name="DOI" value="10.17487/RFC7626"/>
</reference>
<reference anchor="RFC7788" target="https://www.rfc-editor.org/info/rfc7
788" quoteTitle="true" derivedAnchor="RFC7788">
<front>
<title>Home Networking Control Protocol</title>
<author initials="M." surname="Stenberg" fullname="M. Stenberg">
<organization showOnFrontPage="true"/>
</author>
<author initials="S." surname="Barth" fullname="S. Barth">
<organization showOnFrontPage="true"/>
</author>
<author initials="P." surname="Pfister" fullname="P. Pfister">
<organization showOnFrontPage="true"/>
</author>
<date year="2016" month="April"/>
<abstract>
<t>This document describes the Home Networking Control Protocol (H
NCP), an extensible configuration protocol, and a set of requirements for home n
etwork devices. HNCP is described as a profile of and extension to the Distribu
ted Node Consensus Protocol (DNCP). HNCP enables discovery of network borders,
automated configuration of addresses, name resolution, service discovery, and th
e use of any routing protocol that supports routing based on both the source and
destination address.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="7788"/>
<seriesInfo name="DOI" value="10.17487/RFC7788"/>
</reference>
<reference anchor="RFC8375" target="https://www.rfc-editor.org/info/rfc8
375" quoteTitle="true" derivedAnchor="RFC8375">
<front>
<title>Special-Use Domain 'home.arpa.'</title>
<author initials="P." surname="Pfister" fullname="P. Pfister">
<organization showOnFrontPage="true"/>
</author>
<author initials="T." surname="Lemon" fullname="T. Lemon">
<organization showOnFrontPage="true"/>
</author>
<date year="2018" month="May"/>
<abstract>
<t>This document specifies the behavior that is expected from the
Domain Name System with regard to DNS queries for names ending with '.home.arpa.
' and designates this domain as a special-use domain name. 'home.arpa.' is desig
nated for non-unique use in residential home networks. The Home Networking Cont
rol Protocol (HNCP) is updated to use the 'home.arpa.' domain instead of '.home'
.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="8375"/>
<seriesInfo name="DOI" value="10.17487/RFC8375"/>
</reference>
<reference anchor="RFC8764" target="https://www.rfc-editor.org/info/rfc8
764" quoteTitle="true" derivedAnchor="RFC8764">
<front>
<title>Apple's DNS Long-Lived Queries Protocol</title>
<author initials="S" surname="Cheshire" fullname="Stuart Cheshire">
<organization showOnFrontPage="true"/>
</author>
<author initials="M" surname="Krochmal" fullname="Marc Krochmal">
<organization showOnFrontPage="true"/>
</author>
<date month="June" year="2020"/>
</front>
<seriesInfo name="RFC" value="8764"/>
<seriesInfo name="DOI" value="10.17487/RFC8764"/>
</reference>
<reference anchor="I-D.cheshire-dnssd-roadmap" quoteTitle="true" target=
"https://tools.ietf.org/html/draft-cheshire-dnssd-roadmap-03" derivedAnchor="ROA
DMAP">
<front>
<title>Service Discovery Road Map</title>
<author initials="S" surname="Cheshire" fullname="Stuart Cheshire">
<organization showOnFrontPage="true"/>
</author>
<date month="October" day="23" year="2018"/>
<abstract>
<t>Over the course of several years, a rich collection of technolo
gies has developed around DNS-Based Service Discovery, described across multiple
documents. This "Road Map" document gives an overview of how these related but
separate technologies (and their documents) fit together, to facilitate service
discovery in various environments.</t>
</abstract>
</front>
<seriesInfo name="Internet-Draft" value="draft-cheshire-dnssd-roadmap-
03"/>
<format type="TXT" target="http://www.ietf.org/internet-drafts/draft-c
heshire-dnssd-roadmap-03.txt"/>
<refcontent>Work in Progress</refcontent>
</reference>
<reference anchor="ZC" quoteTitle="true" derivedAnchor="ZC">
<front>
<title>Zero Configuration Networking: The Definitive Guide</title>
<seriesInfo name="ISBN" value="0-596-10100-7"/>
<author initials="S." surname="Cheshire" fullname="Stuart
Cheshire"/>
<author initials="D.H." surname="Steinberg" fullname="Daniel
H. Steinberg"/>
<date year="2005" month="December"/>
</front>
<refcontent>O'Reilly Media, Inc.</refcontent>
</reference>
</references>
</references> </references>
<section anchor="implementation" numbered="true" toc="include" removeInRFC="
<?rfc needLines="40" ?> false" pn="section-appendix.a">
<section anchor="implementation" title="Implementation Status"> <name slugifiedName="name-implementation-status">Implementation Status</na
<t>Some aspects of the mechanism specified in this document already me>
<t pn="section-appendix.a-1">Some aspects of the mechanism specified in th
is document already
exist in exist in
deployed software. Some aspects are new. This section outlines which deployed software. Some aspects are new. This section outlines which
aspects aspects
already exist and which are new.</t> already exist and which are new.</t>
<section numbered="true" toc="include" removeInRFC="false" pn="section-a.1
<section title="Already Implemented and Deployed"> ">
<t>Domain enumeration by the client (the <name slugifiedName="name-already-implemented-and-dep">Already Implement
"b._dns-sd._udp" queries) is already implemented and deployed.</t> ed and Deployed</name>
<t pn="section-a.1-1">Domain enumeration by the client
<t>Unicast queries to the indicated discovery domain is already ("b._dns-sd._udp.&lt;zone&gt;" queries) is already implemented and
deployed.</t>
<t pn="section-a.1-2">Performing unicast queries to the indicated discov
ery domain is
already
implemented and deployed.</t> implemented and deployed.</t>
<t pn="section-a.1-3">These are implemented and deployed in Mac OS X 10.
<t>These are implemented and deployed in Mac OS X 10.4 and later 4 Tiger and later
(including all versions of Apple iOS, on all iPhone and iPads), (including all versions of Apple iOS, on all models of iPhones, iPads,
Apple TVs and HomePods),
in Bonjour for Windows, in Bonjour for Windows,
and in Android 4.1 "Jelly Bean" (API Level 16) and later.</t> and in Android 4.1 "Jelly Bean" (API Level 16) and later.</t>
<t pn="section-a.1-4">Domain enumeration and unicast querying have been
<t>Domain enumeration and unicast querying have been used for several years at IETF meetings to make terminal room
used for several years at IETF meetings to make Terminal Room printers discoverable from outside the terminal room. When an IETF
printers discoverable from outside the Terminal room. When an IETF attendee presses "Cmd‑P" on a Mac, or selects AirPrint on an iPad
attendee presses Cmd-P on a Mac, or selects AirPrint on an iPad or iPhone, and the terminal room printers appear, it is because
or iPhone, and the Terminal room printers appear, that is because the client is sending Unicast DNS queries to the IETF DNS servers.
the client is sending unicast DNS queries to the IETF DNS servers.
A walk-through giving the details of this particular specific example A walk-through giving the details of this particular specific example
is given in Appendix A of <xref target="Roadmap">the Roadmap is given in <xref target="I-D.cheshire-dnssd-roadmap" sectionFormat="of" section="A" format="default" derivedLink="https://tools.ietf.org/html/draft-che shire-dnssd-roadmap-03#appendix-A" derivedContent="ROADMAP">the Roadmap
document</xref>.</t> document</xref>.</t>
<t pn="section-a.1-5">The Long-Lived Query mechanism <xref target="RFC87
64" format="default" sectionFormat="of" derivedContent="RFC8764"/>
referred to in this specification exists and is deployed
but was not standardized by the IETF.
The IETF has developed a superior Long-Lived Query mechanism
called DNS Push Notifications <xref target="RFC8765" format="default" se
ctionFormat="of" derivedContent="RFC8765"/>,
which is built on DNS Stateful Operations <xref target="RFC8490" format=
"default" sectionFormat="of" derivedContent="RFC8490"/>.
DNS Push Notifications is implemented and deployed in Mac OS X 10.15
and later,
and iOS 13 and later.</t>
</section> </section>
<section numbered="true" toc="include" removeInRFC="false" pn="section-a.2
<section title="Already Implemented"> ">
<name slugifiedName="name-already-implemented">Already Implemented</name
<t>A minimal portable Discovery Proxy implementation has been produced >
<t pn="section-a.2-1">A minimal portable Discovery Proxy implementation
has been produced
by by
Markus Stenberg and Steven Barth, which runs on OS X and several Linux Markus Stenberg and Steven Barth, which runs on OS X and several Linux
variants including OpenWrt <xref target="ohp"/>. variants including OpenWrt <xref target="OHP" format="default" sectionFo rmat="of" derivedContent="OHP"/>.
It was demonstrated at the Berlin IETF in July 2013.</t> It was demonstrated at the Berlin IETF in July 2013.</t>
<t pn="section-a.2-2">Tom Pusateri has an implementation that runs on an
<t>Tom Pusateri has an implementation that runs on any Unix/Linux. y Unix/Linux
It has a RESTful interface for management and an experimental demo CLI system. It
and web interface.</t> has a RESTful interface for management and an experimental demo
command-line interface (CLI) and web interface.</t>
<t>Ted Lemon also has produced a portable implementation of Discovery <t pn="section-a.2-3">Ted Lemon also has produced a portable implementat
ion of Discovery
Proxy, Proxy,
which is available in the mDNSResponder open source code.</t> which is available in the mDNSResponder open source code.</t>
<t>The Long-Lived Query mechanism <xref target="LLQ"/>
referred to in this specification exists and is deployed,
but was not standardized by the IETF.
The IETF has developed a superior Long-Lived Query mechanism
called DNS Push Notifications <xref target="Push"/>,
which is built on DNS Stateful Operations <xref target="RFC8490"/>.
The pragmatic short-term deployment approach is for vendors
to produce Discovery Proxies that implement both the deployed
Long-Lived Query mechanism <xref target="LLQ"/>
(for today's clients) and the new
DNS Push Notifications mechanism <xref target="Push"/>
as the preferred long-term direction.</t>
</section> </section>
<section numbered="true" toc="include" removeInRFC="false" pn="section-a.3
<section title="Partially Implemented"> ">
<t>The current APIs make multiple domains visible to client <name slugifiedName="name-partially-implemented">Partially Implemented</
software, but most client UI today lumps all discovered services name>
<t pn="section-a.3-1">At the time of writing,
existing APIs make multiple domains visible to client software,
but most client user interfaces lump all discovered services
into a single flat list. This is largely a chicken-and-egg into a single flat list. This is largely a chicken-and-egg
problem. Application writers were naturally reluctant to spend problem. Application writers were naturally reluctant to spend
time writing domain-aware UI code when few customers today would time writing domain-aware user interface code when few customers would
benefit from it. If Discovery Proxy deployment becomes common, then benefit from it. If Discovery Proxy deployment becomes common, then
application writers will have a reason to provide better UI. application writers will have a reason to provide a better user
Existing applications will work with the Discovery Proxy, but will experience.
Existing applications will work with the Discovery Proxy but will
show all services in a single flat list. Applications with show all services in a single flat list. Applications with
improved UI will group services by domain.</t> improved user interfaces will show services grouped by domain.</t>
</section> </section>
</section> </section>
<section numbered="false" toc="include" removeInRFC="false" pn="section-appe
ndix.b">
<name slugifiedName="name-acknowledgments">Acknowledgments</name>
<t pn="section-appendix.b-1">Thanks to <contact fullname="Markus Stenberg"
/> for helping develop
the policy
regarding the four styles of unicast response according to what
data is immediately available in the cache.
Thanks to
<contact fullname="Anders Brandt"/>,
<contact fullname="Ben Campbell"/>,
<contact fullname="Tim Chown"/>,
<contact fullname="Alissa Cooper"/>,
<contact fullname="Spencer Dawkins"/>,
<contact fullname="Ralph Droms"/>,
<contact fullname="Joel Halpern"/>,
<contact fullname="Ray Hunter"/>,
<contact fullname="Joel Jaeggli"/>,
<contact fullname="Warren Kumari"/>,
<contact fullname="Ted Lemon"/>,
<contact fullname="Alexey Melnikov"/>,
<contact fullname="Kathleen Moriarty"/>,
<contact fullname="Tom Pusateri"/>,
<contact fullname="Eric Rescorla"/>,
<contact fullname="Adam Roach"/>,
<contact fullname="David Schinazi"/>,
<contact fullname="Markus Stenberg"/>,
<contact fullname="Dave Thaler"/>,
and <contact fullname="Andrew Yourtchenko"/> for their comments.</t>
</section>
<section anchor="authors-addresses" numbered="false" removeInRFC="false" toc
="include" pn="section-appendix.c">
<name slugifiedName="name-authors-address">Author's Address</name>
<author initials="S." surname="Cheshire" fullname="Stuart Cheshire">
<organization showOnFrontPage="true">Apple Inc.</organization>
<address>
<postal>
<street>One Apple Park Way</street>
<city>Cupertino</city>
<region>California</region>
<code>95014</code>
<country>United States of America</country>
</postal>
<phone>+1 (408) 996-1010</phone>
<email>cheshire@apple.com</email>
</address>
</author>
</section>
</back> </back>
</rfc> </rfc>
 End of changes. 175 change blocks. 
1642 lines changed or deleted 2979 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/