Network Working Group | P. Pfister |
Internet-Draft | Cisco Systems |
Updates: RFC7788 (if approved) | T. Lemon |
Intended status: Standards Track | Nominum, Inc. |
Expires: August 3, 2017 | January 30, 2017 |
Special Use Top Level Domain '.homenet'
draft-ietf-homenet-dot-02
This document specifies the behavior that is expected from the Domain Name System with regard to DNS queries for names ending with '.homenet.', and designates this top-level domain as a special-use domain name. The '.homenet' top-level domain replaces '.home' as the default domain used by the Home Networking Control Protocol (HNCP).
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on August 3, 2017.
Copyright (c) 2017 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
Users and devices within a home network require devices and services to be identified by names that are unique within the boundaries of the home network [RFC7368]. The naming mechanism needs to function without configuration from the user. While it may be possible for a name to be delegated by an ISP, home networks must also function in the absence of such a delegation. A default name with a scope limited to each individual home network needs to be used.
The '.homenet' top-level domain replaces '.home' which was specified in [RFC7788] as the default domain-name for home networks. '.home' had been selected as the most user-friendly option. However, there are existing uses of '.home' that may be in conflict with this use: evidence indicates that '.home' queries frequently leak out and reach the root name servers [ICANN1] [ICANN2]. Also, ICANN has about a dozen applicants for the '.home' top-level domain name, which creates a significant risk of litigation if it were claimed by the IETF outside of that process. As a result, the use of '.home' has been deprecated; this document updates [RFC7788] to replace '.home' with '.homenet', while another document, [I-D.ietf-homenet-redact] deprecates the use of the '.home' TLD.
This document registers the top-level domain '.homenet.' as a special-use domain name [RFC6761] and specifies the behavior that is expected from the Domain Name System with regard to DNS queries for names whose rightmost non-terminal label is 'homenet'. Queries for names ending with '.homenet.' are of local significance within the scope of a home network, meaning that identical queries will result in different results from one home network to another. In other words, a name ending in '.homenet' is not globally unique.
The top-level domain name '.homenet.' is to be used for naming within a home network. Names ending with '.homenet.' reference a locally-served zone, the contents of which are unique only to a particular home network, and are not globally unique. Such names refer to nodes and/or services that are located within a home network (e.g., a printer, or a toaster).
DNS queries for names ending with '.homenet.' are resolved using local resolvers on the homenet. Such queries MUST NOT be recursively forwarded to servers outside the logical boundaries of the home network.
Some service discovery user interfaces that are expected to be used on homenets conceal information such as domain names from end users. However, it is still expected that in some cases, users will need to see, remember, and even type, names ending with '.homenet'. It is therefore desirable that users identify the top-level domain and understand that using it expresses the intention to connect to a service that is specific to the home network to which they are connected. Enforcing the fulfillment of this intention is out of scope for this document.
Domain Name: HOMENET Registrar: RESERVED-INTERNET ASSIGNED NUMBERS AUTHORITY Whois Server: whois.iana.org Referral URL: http://res-dom.iana.org Name Server: A.IANA-SERVERS.NET Name Server: B.IANA-SERVERS.NET Status: clientDeleteProhibited Status: clientTransferProhibited Status: clientUpdateProhibited
This section defines the behavior of systems involved in domain name resolution when serving queries for names ending with '.homenet.' (as per [RFC6761]).
The final paragraph of Homenet Considerations Protocol [RFC7788], section 8, is updated as follows:
OLD:
NEW:
Although a DNS record returned as a response to a query ending with '.homenet.' is expected to have local significance and be returned by a server involved in name resolution for the home network the device is connected in, such response MUST NOT be considered more trustworthy than would be a similar response for any other DNS query.
Because '.homenet' is not globally scoped and cannot be secured using DNSSEC based on the root domain's trust anchor, there is no way to tell, using a standard DNS query, in which home network scope an answer belongs. Consequently, users may experience surprising results with such names when roaming to different home networks. To prevent this from happening, it may be useful for the resolver to identify different home networks on which it has resolved names, but this is out of scope for this document.
In order to enable DNSSEC validation of a particular '.homenet', it might make sense to configure a trust anchor for that homenet. How this might be done is out of scope for this document.
IANA is requested to record the top-level domain ".homenet" in the Special-Use Domain Names registry [SUDN].
IANA is requested to set up insecure delegation for '.homenet' in the root zone pointing to the AS112 service [RFC7535], to break the DNSSEC chain of trust.
The authors would like to thank Stuart Cheshire for his prior work on '.home', as well as the homenet chairs: Mark Townsley and Ray Bellis.
[RFC6303] | Andrews, M., "Locally Served DNS Zones", BCP 163, RFC 6303, DOI 10.17487/RFC6303, July 2011. |
[RFC6761] | Cheshire, S. and M. Krochmal, "Special-Use Domain Names", RFC 6761, DOI 10.17487/RFC6761, February 2013. |
[RFC7535] | Abley, J., Dickson, B., Kumari, W. and G. Michaelson, "AS112 Redirection Using DNAME", RFC 7535, DOI 10.17487/RFC7535, May 2015. |
[I-D.ietf-homenet-redact] | Lemon, T., "Redacting .home from HNCP", Internet-Draft draft-ietf-homenet-redact-02, January 2017. |
[RFC1035] | Mockapetris, P., "Domain names - implementation and specification", STD 13, RFC 1035, DOI 10.17487/RFC1035, November 1987. |
[RFC7368] | Chown, T., Arkko, J., Brandt, A., Troan, O. and J. Weil, "IPv6 Home Networking Architecture Principles", RFC 7368, DOI 10.17487/RFC7368, October 2014. |
[RFC7788] | Stenberg, M., Barth, S. and P. Pfister, Home Networking Control Protocol", RFC 7788, DOI 10.17487/RFC7788, April 2016. |
[ICANN1] | New gTLD Collision Risk Mitigation", October 2013. |
[ICANN2] | New gTLD Collision Occurence Management", October 2013. |
[SUDN] | Special-Use Domain Names Registry", July 2012. |