Internet Draft BillIndependent Submission B. Manningdraft-manning-opcode-discover-07.txt Expires: 17 february 2013 17 septemberRequest for Comments: 6804 November 2012Intendend Status: HistoricalCategory: Historic ISSN: 2070-1721 DISCOVER: Supporting Multicast DNS Queries Abstract This document describes the DISCOVER opcode, an experimental extension to the Domain Name System (DNS) to use multicast queries for resource discovery. This opcode was tested in experiments run during 1995 and 1996 for theTBDSTopology Based Domain Search (TBDS) project. This project is no longer active and there are no current plans torestart.restart it. TBDS was the first known use of multicast transport for DNS. A client multicasts a DNS query using the DISCOVER opcode and processes the multiple responses that may result.Internet-Drafts are working documentsStatus of This Memo This document is not an Internet Standards Track specification; it is published for the historical record. This document defines a Historic Document for the InternetEngineering Task Force (IETF),community. This is a contribution to the RFC Series, independently of any other RFC stream. The RFC Editor has chosen to publish this document at itsareas,discretion and makes no statement about itsworking groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents validvalue fora maximum of six months and may be updated, replaced,implementation orobsoleteddeployment. Documents approved for publication byother documents atthe RFC Editor are not a candidate for anytime. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The listlevel of Internet Standard; see Section 2 of RFC 5741. Information about the currentInternet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The liststatus ofInternet-Draft Shadow Directories canthis document, any errata, and how to provide feedback on it may beaccessedobtained athttp://www.ietf.org/shadow.html. This Internet-Draft will expire on 17 february 2013. Distribution of this memo is unlimited. IETF Legal Noticeshttp://www.rfc-editor.org/info/rfc6804. Copyright Notice Copyright (c) 2012 IETF Trust and the persons identified as the document authors. All rights reserved. ThisInternet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Thisdocument is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document."This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights." "This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE." "The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79." "Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr." "The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org."1. Introduction The TBDS project developed extensions to existing network services to enableapplication client and serversoftware for clients and servers of an application to become more resilient to changes in topology by dynamically sensing changes and switching between client/server and peer-peer methods for both end-system-to-server and server-to-server communications. The first existing network service to be investigated was the Domain Name Systems(DNS)(DNS), which is used to map symbolic Internet names to numeric Internet addresses. Based upon a hierarchical tree structure, the DNS relies upon uninterrupted connectivity of nodes to a special set of static, manually configured root servers. To improve the robustness and availability of the DNS service, TBDS developed and defined enhancements that enable nodes to map names to numbers without the need for uninterrupted connectivity to the Internet root servers. These techniques were automated, allowing transition between connected and unconnected operations to be done without direct human intervention. These enhancements to the DNS server code are based on the open source BIND to support reception and processing of multicast packets.Proof of conceptProof-of-concept modifications to BIND 8.1.2 were made to show that multicast awareness could be added to BIND. An analysis was made of the existing DNS code deployment and the schedule of new feature deployment so that we could synchronize TBDS with a more appropriate code base. Testing identified a race condition due to overloading the semantics of the DNSOpcodeopcode that was used to communicate to servers. This race condition was explored within the IETFin ourregarding use of existing DNSOpcodes.opcodes. Discussion within the team and with others in the IETF led to the idea that we needed a newOpcodeopcode that would not overload the semantics of existingOpcodes.opcodes. The original DNS design specification presumes that few clients exist that would share common DNS data. To correct thisproblemproblem, a newOpcodeopcode was designed to disambiguate TBDS requests from normal nameserver requests. In the standard Domain NameSystem(DNS)[1][2],System (DNS) [1] [2], queries are always unicast using the QUERY opcode. The TBDS researchproject[4],project [5], funded under DARPA grant F30602-99-1-0523, explored the use of multicast DNS[1][2][1] [2] queries for resource discovery by autonomous, mobile nodes in disconnected networks. The operations model is covered in the TBDS documentation. Multicast queries may return multiple replies, while the standard DNS QUERY operation[3](see Sections 3.7, 4.3, and 5 of RFC 1034 [1]; and Section 4.1.1 of RFC 1035 [2]) expects a single reply. Instead of extending the QUERY opcode, the project developed and tested a new query operation, DISCOVER, that was designed to accommodate multiple responses from a multicast query. The ability to accept multiple replies provides a basis for discrimination ofMan In The Middleman-in-the-middle attacks, which succeed by being the first to respond. Use of DISCOVER requires the use of caching in the receiver, so the ephemeral nature of stub resovlvers is precluded. This memo documents the processing rules for DISCOVER, for possible incorporation in a future revision of the DNS specification. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14, RFC 2119 [3]. 2. DISCOVER Processing Rules A requester will send a DISCOVER query message to a multicast destination address, with some particular multicast scope. The requester must be prepared to receive multiple replies from multiple responders, although we expect that there will be a single reply per responder. DISCOVER responses (i.e., response messages from DISCOVER queries) have standard Answer, Authority, and Additional sections. For example, the DISCOVER response is the same as the response to a QUERY operation. Zero-content answers should not be sent, to avoid badly formed or unfulfilled requests. Responses should be sent toththe unicast address of the requester, and the source address should reflect the unicast address of the responder. DISCOVER responses may echo the request's Question section or leave it blank, just as for QUERY. DISCOVER works like QUERY,except:with the following exceptions: 1. The Question section of a DISCOVER operation contains <QNAME=zonename,QTYPE=SOA> tuples, if the section is present. Within TBDS, this structure was augmented with: <QNAME=service,QTYPE=SRV>. While this worked, it would be cleaner to ask the SRV question in a separatepass, andpass; any future work should take this into consideration. 2. If QDCOUNT equals 0, then only servers willing to do recursion should answer; other servers must silently discard a DISCOVER request with QDCOUNT equals 0. 3.ifIf QDCOUNT is not equal to 0, then only servers that are authoritative for the zones named by some QNAME should answer. Hence, replies to DISCOVER queries will always be authoritative or else have RA (Recursion Available) set. 3. Using DISCOVER Queries3.13.1. Performing Host Lookups To perform a hostname lookup using DISCOVER, a node could: o Compute the zone name of the enclosing in-addr.arpa, ip6.int, or ip6.arpa domain. o DISCOVER whether any in-scope server(s) are authoritative for this zone. If so, query these authoritative servers for local in-addr/ip6 names. o If not, DISCOVER whether there are recursive servers available. If so, query these recursive servers for local in-addr/ip6 names. The requester can determine from the replies whether there are any DNS servers that are authoritative (or support recursion) for the zone. o Once the host'sFQDNFully Qualified Domain Name (FQDN) is known, repeat the process to discover the closest enclosing authoritative server for this local name. o Cache all NS and A data learned in this process, respectingTTL's. 3.2Times To Live (TTLs). 3.2. Performing Service Lookups To lookup a service name using DISCOVER, the following steps may be used: o Use DISCOVER as outlined in Section 3.1 to perform gethostbyaddr() and then gethostbyname() on one's ownlink-locallink- local address. This gives a list of local authoritative servers. o Assume that the closest enclosing zone for which an authoritative server responds to an in-scope DISCOVER message is this host's "parent domain", and compute the SRV name as _service._transport.*.parentdomain. This is a change to the definitionas definedprovided in RFC 1034 [1]. A wildcard label ("*") in the QNAME used in a DNS message withop-codethe opcode DISCOVER should be evaluated with special rules: thewildcardshouldwildcard should match any label for which the DNS server data is authoritative. For example 'x.*.example.com.' would match 'x.y.example.com.' and 'x.yy.example.com.', provided that the server was authoritative for 'example.com.' o Finally, sendaan SRV query for this SRV name to the discovered local authoritativeservers,servers to complete the getservbyname() call. This call returns a structure that can be populated by response values, as follows: s_name The name of the service, "_service" without the preceding underscore. s_aliases The names returned in the SRVRRsResource Records (RRs) in replies to the query. s_port The port number in the SRV RRs replies to the query. If these port numbersdisagree -do not match, one of the port numbers is chosen, and only those nameswhichthat correspond are returned. s_proto The transport protocol passed fromnamed bythe DNS process using the "_transport" label, without the preceding underscore.3.33.3. Using DISCOVER for Disconnected Names DISCOVER allows discovery of a host (for example, a printer offering LPD services) whose DNS server answers authoritatively for a domain name that hasn't been delegated to it, but is defined within some local scope. Since DISCOVER is explicitly defined to discover undelegated zones fortightly-scopedtightly scoped queries, this behavior isn't a violation of DNS's coherency principles. Note that a responder to DISCOVER might not be traditional DNS software, it could bespecial-purposespecial- purpose software. DISCOVER usage for disconnected networks with no authoritative servers can be achieved using the followingconditions.conditions: o Hosts run a "stub authoritative server" that acts as though its FQDN were a zone name. o The computed SOA gives the host's FQDN as the MNAME, "." as the ANAME, seconds-since-1Jan2000 as the SERIAL, and low constants for EXPIRE and the other SOA timers. o NS is used as the host's FQDN. o The glue is computed as the host's link-local address, or hosts may run a "DNS stub server" that acts as though its FQDN were a zone name. The rules governing the behavior of this serverconsistsconsist of a single change to the method of use, and no change whatsoever to the current format of DNS packets. Specifically, this extension allows UDP DNS queries, as documented in RFC 1035,sectionsSections 4.1.1,4.1.24.1.2, and 4.2.1, to be addressed to port 53 ofstatically-assignedstatically assigned relative offset -4 within the range of multicast addresses defined as "administratively scoped" by Section 9 of RFC2365, section 9.2365 [6]. Within the full /8 of administratively scoped addresses, this corresponds to the destination address 239.255.255.251. UntilMZAPthe Multicast-Scope Zone Announcement Protocol (MZAP) or a similar protocol is implemented to allow hosts to discover the extent of the local multicast scopeswhichthat enclose them, it is anticipated that implementations will simply utilize the destination address 239.255.255.251. Queries sent via multicast MUST NOT request recursion. In order to receive multicasted queries, DNS server implementations MUST listen on the -4 offset to their local scope (as above, in the absence of a method of determining the scope, this will be assumed to be relative to the full /8 allocated foradministratively-scopedadministratively scoped multicast use, or239.255.255.251),239.255.255.251) and respond via ordinary unicast UDP to ONLY those queries for which they have a positive answerwhichthat originated within a locally-configured zone file. That is, a server MUST NOT answer a multicasted query with cached informationwhichthat it received from another server, nor may it request further resolution from other servers on behalf of a multicasted query. Amulticast-capablemulticast- capable server may, however, utilize multicast queries to perform further resolution on behalf of queries received via ordinary unicast. This is referred to as "proxy" operation.Multicast-enabledMulticast- enabled DNS servers MUST answer multicasted queriesnon-authoritatively.non- authoritatively. That is, when responding to a querywhichthat was received via multicast, they MUST NOT include an NS recordwhichthat contains datawhichthat resolves back to their own IP address and MUST NOT set the AA bit. Resolvers MUST anticipate receiving no replies to some multicasted queries, in the event that no multicast-enabled DNS server implementations are active within the local scope, or in the event that no positive responses exist to the transmitted query. That is, a query for the MX record for host.domain.com would go unanswered if no local server was able to resolve that request, if no MX record exists for host.domain.com, or if no local servers were capable of receiving multicast queries. The resolverwhichthat initiated the query MUST treat such non-response as a non-cacheable negative response. Since this multicast transmission does not provide reliable delivery, resolvers MAY repeat the transmission of a query in order to assure themselves that is has been received by any hosts capable ofanswering, howeveranswering; however, any resolverswhichthat repeat a query MUST increase the interval by a factor of two between each repetition. It is more likely, however, that any repeated queries will be performed under the explicit direction of the application driving the query, rather than autonomously by the resolver implementation. It will often be the case that multicast queries will result in responses from multiple servers. In the event that the multicast query was generated via a current API such as gethostbyname, or as the result of a proxy operation, the first response received must be passed to the requesting application or host, and allsubsequently-receivedsubsequently received responses must be discarded. Future multicast-aware APIs that use DISCOVER should anticipate receiving multiple independentRR-setsRR sets in response to queries and using external heristics for selecting the most appropriateRR-set.RR set. Such servers should answer DISCOVER packets for its zone, and will be found by the iterative "discover closest enclosing authority server" by DISCOVER clients, in either the gethostbyname() or SRV cases described above. Note that stub servers answer only with zone nameswhichthat exactly match QNAME's, not with zone nameswhichthat are owned by QNAME's. 4. IANA Considerations At such time as this idea might be considered for a future addition to the DNS protocol,theIANA would need to assign a value for the opcode. 5. Security Considerations The following paragraph on security considerations was written very early in the use and exploration of IP multicastandand, as such, represents a fairly naive view on the type and scope of exploits that are enabled through the use of IP multicast. A moreup to dateup-to-date understanding of multicast security considerations may be found in RFC5294[3].5294 [4]. No new security considerations are known to be introduced with a new DNS query operation. However, using multicast for service discovery has the potential for denial of service from flooding attacks. How to scope multicast is not part of the DISCOVER processing rules. It may also be possible to enable deliberate misconfiguration of clients simply by running a malicious DNS server that falsely claims to be authoritative for delegations. One possible way to mitigate this threat is to use credentials, such as CERT resource records within an RR set. The TBDS project took this approach. TBDS did not directly utilizeDNSSEC andDNS Security (DNSSEC), so possible interactions withDNSSEC aware/capableDNSSEC- aware/-capable servers are unknown. 6. Acknowledgments This material was generated in discussions on the mdns mailing list hosted by Zocalo in March 2000 and updated by discussions in September/October 2003 on a closed mailing list. David Lawrence, Scott Rose, Stuart Cheshire, Bill Woodcock, and Erik Guttman were active contributors. Suzanne Woolf was part of the original implementation team and an invaluable sanity checker. Funding for the RFC Editor function is currently provided by the Internet Society. 7. ReferencesNormative:7.1. Normative References [1] Mockapetris, P., "DOMAIN NAMES - CONCEPTS AND FACILITIES", STD 13, RFC 1034, November 1987. [2] Mockapetris, P., "DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION", STD 13, RFC 1035, November 1987. [3] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [4] Savola,P., Lingard,P. and J. Lingard, "Host Threats to Protocol Independent Multicast (PIM)", RFC 5294, August2008 Informative: [3] QUERY opcode -- defined in section 3.7, 4.3, and section 5 of RFC 1034 and in section 4.1.1 of RFC 1035. [4]2008. 7.2. Informative References [5] Manning, B.,"TBDS - Topology"Topology Based DomainSearch.", ProjectSearch (TBDS)", Final Report,http://www.dtic.mil/docs/citations/ADA407598June 2002, <http://www.dtic.mil/docs/citations/ADA407598>. [6] Meyer, D., "Administratively Scoped IP Multicast", BCP 23, RFC 2365, July 1998. Authors' Addresses Bill Manning PO 12317 Marina del Rey, CA. 90295 United States EMail: bmanning@sfc.keio.ac.jp