Hybrid
Unicast/Multicast DNS-Based Service Discovery
Apple Inc.
1 Infinite Loop
Cupertino
California
95014
USA
+1 408 974 3207
cheshire@apple.com
General
Internet Engineering Task Force
Multicast DNS
DNS-Based Service Discovery
RFC
Request for Comments
I-D
Internet-Draft
XML
Extensible Markup Language
Performing DNS-Based Service Discovery using purely Multicast
DNS allows discovery only of services present on the local link.
Using a very large local link with thousands of hosts improves service
discovery, but at the cost of large amounts of multicast traffic.
Performing DNS-Based Service Discovery using purely Unicast DNS is
more efficient, but requires configuration of DNS Update keys on
the devices offering the services, which can be onerous for simple
devices like printers and network cameras.
Hence a compromise is needed, that provides easy service
discovery without requiring either large amounts of multicast
traffic or onerous configuration.
Multicast DNS and its companion technology
DNS-based Service Discovery were created to provide
IP networking with the ease-of-use and autoconfiguration for which
AppleTalk was well known .
Section 10 ("Populating the DNS with Information") of the
DNS-SD specification discusses possible ways that a
service's PTR, SRV, TXT and address records can make their way into the DNS
namespace, including manual zone file configuration
,
DNS Update and proxies.
This document specifies a type of proxy called a Hybrid Proxy that uses
Multicast DNS to discover Multicast DNS records on its
local link, and makes corresponding DNS records visible in the Unicast DNS
namespace.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL"
in this document are to be interpreted as described in "Key words for use
in RFCs to Indicate Requirement Levels" .
Multicast DNS works between a hosts on the same link.
A set of hosts is considered to be "on the same link", if:
when any host A from that set sends a packet to any other host B
in that set, using unicast, multicast, or broadcast, the entire
link-layer packet payload arrives unmodified, and
a broadcast sent over that link by any host from that set of hosts
can be received by every other host in that set
The link-layer *header* may be modified, such as in Token Ring
Source Routing [802.5], but not the link-layer *payload*. In
particular, if any device forwarding a packet modifies any part of
the IP header or IP payload then the packet is no longer
considered to be on the same link. This means that the packet may
pass through devices such as repeaters, bridges, hubs or switches
and still be considered to be on the same link for the purpose of
this document, but not through a device such as an IP router that
decrements the TTL or otherwise modifies the IP header.
In its simplest form, each local link in an organization
is assigned a unique Unicast DNS domain name, such as
"Building 1.example.com." or "4th Floor.Building 1.example.com."
(Grouping multiple local links under the same Unicast DNS domain name
is to be specified in a future companion document, but for the purposes
of this document, assume that each link has its own unique Unicast DNS domain
name.)
Each link in an organization has a Hybrid Proxy which serves it. This
function could be performed by a router on that link, or, with appropriate
VLAN configuration, a single Hybrid Proxy could have a logical presence
on, and serve as the Hybrid Proxy for, multiple links. In the organization's
DNS server, NS records are used to delegate ownership of each defined link name
(e.g., "Building 1.example.com.") to the Hybrid Proxy which serves that link.
Domain Enumeration PTR records are also
created to inform clients of available Device Discovery domains, e.g.,:
b._dns-sd._udp.example.com. PTR Building 1.example.com.
When a DNS-SD client issues a Unicast DNS query to discover services
in a particular Unicast DNS (e.g., "_printer._tcp.Building 1.example.com. PTR ?")
the normal DNS delegation mechanism results in that query being served from
the delegated authoritative name server for that subdomain, namely the Hybrid
Proxy on the link in question. Although a Hybrid Proxy implements the usual
Unicast DNS protocol, in contrast to a conventional Unicast DNS server that
generates answers according to data in its manually-configured zone file,
a Hybrid Proxy gets its data by performing a Multicast DNS query
(e.g., "_printer._tcp.local. PTR ?") on its local link, and then, from the
Multicast DNS replies it receives, it generates a corresponding Unicast DNS reply.
Generating the corresponding Unicast DNS reply involves, at the very least,
rewriting the "local" suffix to the appropriate Unicast DNS domain
(e.g., "Building 1.example.com").
In addition it would be desirable to suppress Unicast DNS replies for records
that are not useful outside the local link. For example, DNS A and AAAA records for
IPv4 link-local addresses and
IPv6 link-local addresses should be suppressed.
Similarly, for sites that have multiple private address
realms, private addresses from one private address realm should not be
communicated to clients in a different private address realm.
By the same logic, DNS SRV records that reference target host
names that have no addresses usable by the requester should be
suppressed, and likewise, DNS PTR records that point to DNS names
with DNS SRV records that reference target host names that have no
addresses usable by the requester should be also be suppressed.
The same reachability requirement for advertised services also applies
to the Hybrid Proxy itself. The mechanism specified in this document only
works if the Hybrid Proxy is reachable from the client making the request.
In a simple analysis, this simple approach is adequate, but it raises the
question of how long the Hybrid Proxy should wait to be sure that it has received
all the Multicast DNS replies it needs to form a complete Unicast DNS reply.
If it waits too little time, then it risks its Unicast DNS reply being incomplete.
If it waits too long, then it creates a poor user experience at the client end.
This dilemma is solved by use of DNS Long-Lived Queries (DNS LLQ)
. The Hybrid Proxy replies immediately to the
Unicast DNS query using the Multicast DNS records it already has in its cache (if any).
This provides a good client user experience by providing a near-instantaneous
response. Simultaneously, the Hybrid Proxy issues a Multicast DNS query on the
local link to discover if there are additional Multicast DNS records it does
not already have in its cache (including the case where it has *no* appropriate
records in its cache). Should additional Multicast DNS replies be
received, these are then delivered to the client using DNS LLQ update events.
The timeliness of such LLQ updates is limited only by the timeliness of the
device responding to the Multicast DNS query. If the Multicast DNS device
responds quickly, then the LLQ update is delivered quickly. If the Multicast
DNS device responds slowly, then the LLQ update is delivered slowly. The
benefit of using LLQ is that the Hybrid Proxy can respond promptly because it doesn't have
to delay its unicast reply to allow for the expected worst-case delay receiving
a Multicast DNS reply. Even in the event that a Multicast DNS device takes even
longer than the expected worst-case time, its reply is not lost; it is
delivered when it arrives, in the form of a subsequent DNS LLQ update.
Some aspects of the mechanism specified in this document already exist in
deployed software. Some aspects are new. This section outlines which aspects
already exist and which are new.
Domain enumeration discovery by the client (the
"b._dns-sd._udp" queries) is already implemented and deployed.
Unicast queries to the indicated discovery domain is already
implemented and deployed.
These are implemented and deployed in Mac OS X 10.4 and later
(including all versions of Apple iOS, on all iPhone and iPads),
in Bonjour for Windows,
and in Android 4.1 "Jelly Bean" (API Level 16) and later.
Domain enumeration discovery and unicast querying have been
used for several years at IETF meetings to make Terminal Room
printers discoverable from outside the Terminal room. When you
Press Cmd-P on your Mac, or select AirPrint on your iPad or
iPhone, and the Terminal room printers appear, that is because
your client is doing unicast DNS queries to the IETF DNS servers.
The current APIs make multiple domains visible to client
software, but most client UI today lumps all discovered services
into a single flat list. This is largely a chicken-and-egg
problem. Application writers were naturally reluctant to spend
time writing domain-aware UI code when few customers today would
benefit from it. If Hybrid Proxy deployment becomes common, then
application writers will have a reason to provide better UI.
Existing applications will work with the Hybrid Proxy, but will
show all services in a single flat list. Applications with
improved UI will group services by domain.
The Long-Lived Query mechanism
referred to in this specification exists and is deployed,
but has not been standardized by the IETF. It is possible that the
IETF may choose to standardize a different or better Long-Lived Query mechanism.
In that case, the pragmatic deployment approach would be for vendors
to produce Hybrid Proxies that implement both the deployed
Long-Lived Query mechanism
(for today's clients) and a new IETF Standard Long-Lived Query
mechanism (as the future long-term direction).
The translating/filtering Hybrid Proxy specified in this document.
Once implemented, such a Hybrid Proxy will immediately make
wide-area discovery available with today's existing clients and devices.
A mechanism to 'stitch' together multiple ".local." zones so
that they appear as one. Such a mechanism will be specified in a
future companion document.
An IPv4-only host and an IPv6-only host behave as "ships that pass in
the night". Even if they are on the same Ethernet, neither is aware
of the other's traffic. For this reason, each physical link may have
*two* unrelated ".local." zones, one for IPv4 and one for IPv6.
Since for practical purposes, a group of IPv4-only hosts and a group
of IPv6-only hosts on the same Ethernet act as if they were on two
entirely separate Ethernet segments, it is unsurprising that their
use of the ".local." zone should occur exactly as it would if
they really were on two entirely separate Ethernet segments.
It will be desirable to have a mechanism to 'stitch' together
these two unrelated ".local." zones so that they appear as one.
Such mechanism will need to be able to differentiate between a
dual-stack (v4/v6) host participating in both ".local."
zones, and two different hosts, one IPv4-only and the other IPv6-only,
which are both trying to use the same name(s). Such a mechanism
will be specified in a future companion document.
A service proves its presence on a local link by its ability to answer
link-local multicast queries on that link. If greater security is
desired, then the Hybrid Proxy mechanism should not be used, and instead
authenticated secure DNS Update should be used
.
Apple has submitted an IPR disclosure concerning the technique
proposed in this document. Details are available on
the IETF IPR disclosure page.
This document has no IANA Considerations.
Multicast DNS
As networked devices become smaller, more portable, and
more ubiquitous, the ability to operate with less configured
infrastructure is increasingly important. In particular,
the ability to look up DNS resource record data types
(including, but not limited to, host names) in the absence
of a conventional managed DNS server is useful.
Multicast DNS (mDNS) provides the ability to perform
DNS-like operations on the local link in the absence of any
conventional unicast DNS server. In addition, Multicast DNS
designates a portion of the DNS namespace to be free for
local use, without the need to pay any annual fee, and
without the need to set up delegations or otherwise
configure a conventional DNS server to answer for those names.
The primary benefits of Multicast DNS names are that (i)
they require little or no administration or configuration to
set them up, (ii) they work when no infrastructure is
present, and (iii) they work during infrastructure failures.
DNS-Based Service Discovery
This document specifies how DNS resource records are named and structured
to facilitate service discovery. Given a type of service that a client is looking for,
and a domain in which the client is looking for that service, this allows clients to
discover a list of named instances of that desired service, using standard DNS
queries. This is referred to as DNS-based Service Discovery, or DNS-SD.
Apple Inc.'s Statement about IPR related to draft-cheshire-mdnsext-hybrid
Requirements for a Protocol to Replace the AppleTalk Name Binding Protocol (NBP)
One of the goals of the authors of Multicast DNS (mDNS)
and DNS-Based Service Discovery (DNS-SD) was to retire
AppleTalk and the AppleTalk Name Binding Protocol (NBP) and
to replace them with an IP-based solution. This document
presents a brief overview of the capabilities of AppleTalk
NBP and outlines the properties required of an IP-based replacement.
Zero Configuration Networking: The Definitive Guide