Network Working Group P. Pfister
Internet-Draft Cisco Systems
Intended status: Standards Track October 31, 2016
Expires: May 4, 2017
Special Use Top Level Domain '.homenet'
draft-pfister-homenet-dot-00
Abstract
This document specifies the behavior that is expected from the Domain
Name System with regard to DNS queries for names ending with
'.homenet.', thereby defining this top-level domain as a special-use
domain name [RFC6761]. The '.homenet' top-level domain intends to
replace '.home' which was originally proposed in [RFC7788] as default
domain-name for home networks.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on May 4, 2017.
Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
Pfister Expires May 4, 2017 [Page 1]
�
Internet-Draft dot homenet October 2016
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. General Guidance . . . . . . . . . . . . . . . . . . . . . . 3
3. Domain Name Reservation Considerations . . . . . . . . . . . 3
4. Security Considerations . . . . . . . . . . . . . . . . . . . 4
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4
6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 5
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 5
7.1. Normative References . . . . . . . . . . . . . . . . . . 5
7.2. Informative References . . . . . . . . . . . . . . . . . 5
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 5
1. Introduction
Users and devices within a home network require other devices to be
identified by names that are unique within the boundaries of the home
network [RFC7368]. The naming mechanism also needs to function
without configuration from the user, and keep functioning in case of
upstream connexion failure. It is therefore expected that home
network routers and devices will derive their own names from one or
multiple domain-names that are assigned to the home network. Such
domain names could be assigned by the service providers, although
this would certainly lead to complicated names (e.g., 'cstmr6372514
.isp-foo.com.'), or be reserved and configured by an educated user.
But in the case of upstream connexion failure, or when the user
ignores how to reserve and configure a domain name, or does not care
enough to do it, a default name with local scope needs to be used.
The '.homenet' top-level domain intends to replace '.home' which was
originally proposed in [RFC7788] as default domain-name for home
networks. '.home' would certainly be the most user-friendly option,
but evidence indicates that '.home' queries frequently leak out and
reach the root name servers [ICANN1] [ICANN2]. This document is to
be bundled with another internet draft updating [RFC7788] and
deprecating the use of the '.home' TLD, replaced by '.homenet'.
This document registers the top-level domain '.homenet.' as a
special-use domain name [RFC6761] and specifies the behavior that is
expected from the Domain Name System with regard to such DNS queries.
Records for names ending with '.homenet.' are of local significance
within a home network, meaning that identical queries may result in
different results from one home network to another.
Pfister Expires May 4, 2017 [Page 2]
�
Internet-Draft dot homenet October 2016
2. General Guidance
The top-level domain name '.homenet.' is to be used for naming within
a home network. Names ending with '.homenet.' MUST refer to
services that are either located within a home network (e.g., a
printer, or a toaster), or only reachable from within the home
network (e.g., a web server hosted by the service provider and
providing a service that is specific to the home).
DNS queries for names ending with '.homenet.' MUST NOT be sent
outside of the logical boundaries of the home network. Which means
that, by default, such queries MUST NOT be sent outside of the
network boundaries of the home network, but home network devices MAY
be configured in order to send such queries to DNS servers located
outside of the home network when the DNS server is capable of
responding with values that are specific to the network where the
query is coming from.
Although home networks most often provide one or multiple service
discovery mechanisms, it is still expected that some users will see,
remember, and sometimes even type, names ending with '.homenet'. It
is therefore desireable that users identify the top-level domain and
associate it with the fact that the service they are connected to is
specific to the home network they are connected in. But, the
presence of this top-level domain name MUST NOT be considered as
improving the security of the connexion in any way.
3. Domain Name Reservation Considerations
This section defines the behavior of systems involved in domain name
resolution when serving queries for names ending with '.homenet.' (as
per [RFC6761]).
1. Users MAY use, type or remember names ending with '.homenet.'
just like any other fully qualified domain names. Users SHOULD
recognize the top-level domain and understand that its presence
at the end of a Fully Qualified Domain Name (FQDN) imply that the
service they are reaching is associated with the home network
they are connected in. In particular, users SHOULD understand
that a single name (e.g. www.homenet) may connect them to
different services when connected within different homes.
2. Applications SHOULD treat domain names ending with '.homenet.'
just like any other FQDN, and MUST NOT make any assumption on the
level of additional security implied by its presence.
3. Name resolution APIs and libraries SHOULD NOT recognize names
ending with '.homenet.' as special and SHOULD NOT treat them
Pfister Expires May 4, 2017 [Page 3]
�
Internet-Draft dot homenet October 2016
differently. Name resolution APIs SHOULD send queries for such
names to their configured caching DNS server(s).
4. Cachine DNS Servers SHOULD recognize such names as special use
and SHOULD NOT, by default, attempt to look up NS records for
them, or otherwise query authoritative DNS servers in an attempt
to resolve these names. Instead, recursive/caching DNS servers
that are not part of a home network SHOULD generate immediate
NXDOMAIN response. Caching DNS Servers that are part of a home
network MAY be configured manually or automatically (e.g., for
auto-configuration purposes) to act differently, e.g., by
querying another name server configured as authoritative for part
of the domain, or proxying the request through a different
mechanism.
5. Authoritative DNS Servers SHOULD recognize such names as special-
use and SHOULD NOT, by default, attempt to look up NS records for
these names. Servers that are part of a home network or
providing name resolution services for a home network MAY be
configured to act as authoritative for the whole top-level domain
or a part of it.
6. DNS server operators SHOULD NOT attempt to configure DNS servers
to act as authoriative for any of these names. Internet service
providers or, by extension, entities providing name resolution
services to home networks MAY configure their DNS servers to
answer such requests in a way which ensures total isolation
between different home networks.
7. DNS Registries and Registrars MUST NOT assign any sub-domain from
'.homenet.'.
4. Security Considerations
Although a DNS record returned as a response to a query ending with
'.homenet.' is expected to have local significance and be returned by
a server involved in name resolution for the home network the device
is connected in, such response MUST NOT be considered more
trustworthy than would be a similar response for any other DNS query.
5. IANA Considerations
[Once published, this should say] IANA has recorded the top-level
domain ".homenet" in the Special-Use Domain Names registry [SUDN].
Pfister Expires May 4, 2017 [Page 4]
�
Internet-Draft dot homenet October 2016
6. Acknowledgments
The author would like to thank Stuart Cheschire for his prior work on
'.home', as well as the homenet chairs: Mark Townsley and Ray Bellis.
7. References
7.1. Normative References
[RFC6761] Cheshire, S. and M. Krochmal, "Special-Use Domain Names",
RFC 6761, DOI 10.17487/RFC6761, February 2013,
<http://www.rfc-editor.org/info/rfc6761>.
7.2. Informative References
[RFC7368] Chown, T., Arkko, J., Brandt, A., Troan, O., and J. Weil,
"IPv6 Home Networking Architecture Principles", RFC 7368,
October 2014.
[RFC7788] Stenberg, M., Barth, S., and P. Pfister, "Home Networking
Control Protocol", RFC 7788, DOI 10.17487/RFC7788, April
2016, <http://www.rfc-editor.org/info/rfc7788>.
[ICANN1] "New gTLD Collision Risk Mitigation", October 2013,
<https://www.icann.org/en/system/files/files/resolutions-
new-gtld-annex-1-07oct13-en.pdf>.
[ICANN2] "New gTLD Collision Occurence Management", October 2013,
<https://www.icann.org/en/system/files/files/resolutions-
new-gtld-annex-1-07oct13-en.pdf>.
[SUDN] "Special-Use Domain Names Registry", July 2012,
<http://www.iana.org/assignments/special-use-domain-names/
special-use-domain-names.xhtml>.
Author's Address
Pierre Pfister
Cisco Systems
Paris
France
Email: pierre.pfister@darou.fr
Pfister Expires May 4, 2017 [Page 5]