< draft-ietf-homenet-dot   rfc8375.txt 
Network Working Group P. Pfister Internet Engineering Task Force (IETF) P. Pfister
Internet-Draft Cisco Systems Request for Comments: 8375 Cisco Systems
Updates: RFC7788 (if approved) T. Lemon Updates: 7788 T. Lemon
Intended status: Standards Track Nominum, Inc. Category: Standards Track Nibbhaya Consulting
Expires: March 5, 2018 September 1, 2017 ISSN: 2070-1721 May 2018
Special Use Domain 'home.arpa.' Special-Use Domain 'home.arpa.'
draft-ietf-homenet-dot-14
Abstract Abstract
This document specifies the behavior that is expected from the Domain This document specifies the behavior that is expected from the Domain
Name System with regard to DNS queries for names ending with Name System with regard to DNS queries for names ending with
'.home.arpa.', and designates this domain as a special-use domain '.home.arpa.' and designates this domain as a special-use domain
name. 'home.arpa.' is designated for non-unique use in residential name. 'home.arpa.' is designated for non-unique use in residential
home networks. Home Networking Control Protocol (HNCP) is updated to home networks. The Home Networking Control Protocol (HNCP) is
use the 'home.arpa.' domain instead of '.home'. updated to use the 'home.arpa.' domain instead of '.home'.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This is an Internet Standards Track document.
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months This document is a product of the Internet Engineering Task Force
and may be updated, replaced, or obsoleted by other documents at any (IETF). It represents the consensus of the IETF community. It has
time. It is inappropriate to use Internet-Drafts as reference received public review and has been approved for publication by the
material or to cite them other than as "work in progress." Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 7841.
This Internet-Draft will expire on March 5, 2018. Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc8375.
Copyright Notice Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Requirements Language . . . . . . . . . . . . . . . . . . . . 3 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 4
3. General Guidance . . . . . . . . . . . . . . . . . . . . . . 3 3. General Guidance . . . . . . . . . . . . . . . . . . . . . . 4
4. Domain Name Reservation Considerations . . . . . . . . . . . 4 4. Domain Name Reservation Considerations . . . . . . . . . . . 4
5. Updates to Home Networking Control Protocol . . . . . . . . . 6 5. Updates to Home Networking Control Protocol . . . . . . . . . 7
6. Security Considerations . . . . . . . . . . . . . . . . . . . 7 6. Security Considerations . . . . . . . . . . . . . . . . . . . 7
6.1. Local Significance . . . . . . . . . . . . . . . . . . . 7 6.1. Local Significance . . . . . . . . . . . . . . . . . . . 7
6.2. Insecure Delegation . . . . . . . . . . . . . . . . . . . 8 6.2. Insecure Delegation . . . . . . . . . . . . . . . . . . . 8
6.3. Bypassing Manually Configured Resolvers . . . . . . . . . 8 6.3. Bypassing Manually Configured Resolvers . . . . . . . . . 9
7. Delegation of 'home.arpa.' . . . . . . . . . . . . . . . . . 8 7. Delegation of 'home.arpa.' . . . . . . . . . . . . . . . . . 9
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9
9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 9 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 10
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 9.1. Normative References . . . . . . . . . . . . . . . . . . 10
10.1. Normative References . . . . . . . . . . . . . . . . . . 9 9.2. Informative References . . . . . . . . . . . . . . . . . 10
10.2. Informative References . . . . . . . . . . . . . . . . . 10 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 12
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12
1. Introduction 1. Introduction
Users and devices within a home network (hereafter "homenet") require Users and devices within a home network (hereafter referred to as
devices and services to be identified by names that are unique within "homenet") require devices and services to be identified by names
the boundaries of the homenet [RFC7368]. The naming mechanism needs that are unique within the boundaries of the homenet [RFC7368]. The
to function without configuration from the user. While it may be naming mechanism needs to function without configuration from the
possible for a name to be delegated by an ISP, homenets must also user. While it may be possible for a name to be delegated by an ISP,
function in the absence of such a delegation. This document reserves homenets must also function in the absence of such a delegation.
the name 'home.arpa.' to serve as the default name for this purpose, This document reserves the name 'home.arpa.' to serve as the default
with with a scope limited to each individual homenet. name for this purpose, with a scope limited to each individual
homenet.
This document corrects an error in [RFC7788], replacing '.home' with This document corrects an error in [RFC7788] by replacing '.home'
'home.arpa.' as the default domain-name for homenets. '.home' had with 'home.arpa.' as the default domain name for homenets. '.home'
been selected as the most user-friendly option. However, there are was selected as the most user-friendly option; however, there are
existing uses of '.home' that may be in conflict with this use: existing uses of '.home' that may be in conflict with this use.
evidence indicates that '.home' queries frequently leak out and reach Evidence indicates that '.home' queries frequently leak out and reach
the root name servers [ICANN1] [ICANN2]. the root name servers [ICANN1] [ICANN2].
In addition, it's necessary, for compatibility with DNSSEC In addition, for compatibility with DNSSEC (see Section 6), it's
(Section 6), that an insecure delegation ([RFC4035] section 4.3) be necessary that an insecure delegation (see Section 4.3 of [RFC4035])
present for the name. There is an existing process for allocating be present for the name. There is an existing process for allocating
names under '.arpa.' [RFC3172]. No such process is available for names under '.arpa.' [RFC3172]. No such process is available for
requesting a similar delegation in the root at the request of the requesting a similar delegation in the root at the request of the
IETF, which does not administer that zone. As a result, all IETF, which does not administer that zone. As a result, all
unregistered uses of '.home' (that is, all current uses at the time unregistered uses of '.home' (that is, all current uses at the time
of this document's publication), particularly as specified in of this document's publication), particularly as specified in
RFC7788, are deprecated. [RFC7788], are deprecated.
This document registers the domain 'home.arpa.' as a special-use This document registers the domain 'home.arpa.' as a special-use
domain name [RFC6761] and specifies the behavior that is expected domain name [RFC6761] and specifies the behavior that is expected
from the Domain Name System with regard to DNS queries for names from the Domain Name System with regard to DNS queries for names
whose rightmost non-terminal labels are 'home.arpa.'. Queries for whose rightmost non-terminal labels are 'home.arpa.'. Queries for
names ending with '.home.arpa.' are of local significance within the names ending with '.home.arpa.' are of local significance within the
scope of a homenet, meaning that identical queries will result in scope of a homenet, meaning that identical queries will result in
different results from one homenet to another. In other words, a different results from one homenet to another. In other words, a
name ending in '.home.arpa.' is not globally unique. name ending in '.home.arpa.' is not globally unique.
Although this document makes specific reference to RFC7788, it is not Although this document makes specific reference to [RFC7788], it is
intended that the use of 'home.arpa.' be restricted solely to not intended that the use of 'home.arpa.' be restricted solely to
networks where HNCP is deployed; it is rather the case that networks where HNCP is deployed. Rather, 'home.arpa.' is intended to
'home.arpa.' is the correct domain for uses like the one described be the correct domain for uses like the one described for '.home' in
for '.home' in RFC7788: local name service in residential homenets. [RFC7788]: local name service in residential homenets.
2. Requirements Language 2. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP "OPTIONAL" in this document are to be interpreted as described in
14 [RFC2119] [RFC8174] when, and only when, they appear in all BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
3. General Guidance 3. General Guidance
The domain name 'home.arpa.' is to be used for naming within The domain name 'home.arpa.' is to be used for naming within
residential homenets. Names ending with '.home.arpa.' reference a residential homenets. Names ending with '.home.arpa.' reference a
locally-served zone, the contents of which are unique only to a zone that is served locally, the contents of which are unique only to
particular homenet, and are not globally unique. Such names refer to a particular homenet and are not globally unique. Such names refer
nodes and/or services that are located within a homenet (e.g., a to nodes and/or services that are located within a homenet (e.g., a
printer, or a toaster). printer or a toaster).
DNS queries for names ending with '.home.arpa.' are resolved using DNS queries for names ending with '.home.arpa.' are resolved using
local resolvers on the homenet. Such queries MUST NOT be recursively local resolvers on the homenet. Such queries MUST NOT be recursively
forwarded to servers outside the logical boundaries of the homenet. forwarded to servers outside the logical boundaries of the homenet.
Some service discovery user interfaces that are expected to be used Some service discovery user interfaces that are expected to be used
on homenets conceal information such as domain names from end users. on homenets conceal information such as domain names from end users.
However, it is still expected that in some cases, users will need to However, in some cases, it is still expected that users will need to
see, remember, and even type, names ending with '.home.arpa.'. The see, remember, and even type names ending with '.home.arpa.'. The
working group hopes that this name will in some way indicate to as Homenet Working Group hopes that this name will in some way indicate
many readers as possible that such domain names are referring to to as many readers as possible that such domain names are referring
devices in the home, but we recognize that it is an imperfect to devices in the home, but we recognize that it is an imperfect
solution. solution.
4. Domain Name Reservation Considerations 4. Domain Name Reservation Considerations
This section specifies considerations for systems involved in domain This section specifies considerations for systems involved in domain
name resolution when resolving queries for names ending with name resolution when resolving queries for names ending with
'.home.arpa.'. Each item in this section addresses some aspect of '.home.arpa.'. Each item in this section addresses some aspect of
the DNS or the process of resolving domain names that would be the DNS or the process of resolving domain names that would be
affected by this special use allocation. Detailed explanations of affected by this special-use allocation. Detailed explanations of
these items can be found in [RFC6761], Section 5. these items can be found in Section 5 of [RFC6761]. Although the
term 'homenet' in [RFC7788] refers to home networks that implement a
particular set of features, in this document the term is used to mean
any home network, regardless of the set of features it implements.
1. Users can use names ending with '.home.arpa.' just as they would 1. Users can use names ending with '.home.arpa.' just as they would
use any other domain name. The 'home.arpa.' name is chosen to be use any other domain name. The 'home.arpa.' name is chosen to be
readily recognized by users as signifying that the name is readily recognized by users as signifying that the name is
addressing a service on the homenet to which the user's device is addressing a service on the homenet to which the user's device is
connected. connected.
2. Application software SHOULD NOT treat names ending in 2. Application software SHOULD NOT treat names ending in
'.home.arpa.' differently than other names. In particular, there '.home.arpa.' differently than other names. In particular, there
is no basis for trusting names that are subdomains of is no basis for trusting names that are subdomains of
skipping to change at page 4, line 35 skipping to change at page 5, line 20
3. Name resolution APIs and libraries MUST NOT recognize names that 3. Name resolution APIs and libraries MUST NOT recognize names that
end in '.home.arpa.' as special and MUST NOT treat them as having end in '.home.arpa.' as special and MUST NOT treat them as having
special significance, except that it may be necessary that such special significance, except that it may be necessary that such
APIs not bypass the locally configured recursive resolvers. APIs not bypass the locally configured recursive resolvers.
One or more IP addresses for recursive DNS servers will usually One or more IP addresses for recursive DNS servers will usually
be supplied to the client through router advertisements or DHCP. be supplied to the client through router advertisements or DHCP.
For an administrative domain that uses subdomains of For an administrative domain that uses subdomains of
'home.arpa.', such as a homenet, the recursive resolvers provided 'home.arpa.', such as a homenet, the recursive resolvers provided
by that domain will be able to answer queries for subdomains of by that domain will be able to answer queries for subdomains of
'home.arpa.'; other resolvers will not, or will provide answers 'home.arpa.'; other resolvers will not, or they will provide
that are not correct within that administrative domain. answers that are not correct within that administrative domain.
A host that is configured to use a resolver other than one that A host that is configured to use a resolver other than one that
has been provided by the local network may be unable to resolve, has been provided by the local network may be unable to resolve,
or may receive incorrect results for, subdomains of 'home.arpa.'. or may receive incorrect results for, subdomains of 'home.arpa.'.
In order to avoid this, it is permissible that hosts use the In order to avoid this, it is permissible that hosts use the
locally-provided resolvers for resolving 'home.arpa.' even when resolvers that are locally provided for resolving 'home.arpa.',
they are configured to use other resolvers. even when they are configured to use other resolvers.
4. 4. There are three considerations for recursive resolvers that
follow this specification:
A. Recursive resolvers at sites using 'home.arpa.' MUST A. Recursive resolvers at sites using 'home.arpa.' MUST
transparently support DNSSEC queries: queries for DNSSEC transparently support DNSSEC queries: queries for DNSSEC
records and queries with the DO bit set ([RFC4035] section records and queries with the DNSSEC OK (DO) bit set (see
3.2.1). While validation is not required, it is strongly Section 3.2.1 of [RFC4035]). While validation is not
encouraged: a caching recursive resolver that does not required, it is strongly encouraged: a caching recursive
validate answers that can be validated may cache invalid resolver that does not validate answers that can be validated
data. This in turn will prevent validating stub resolvers may cache invalid data. This, in turn, will prevent
from successfully validating answers. validating stub resolvers from successfully validating
answers.
B. Unless configured otherwise, recursive resolvers and DNS B. Unless configured otherwise, recursive resolvers and DNS
proxies MUST behave as described in Locally Served Zones proxies MUST behave as described in Section 3 of the Locally
([RFC6303] Section 3). That is, queries for 'home.arpa.' and Served Zones document [RFC6303]. That is, queries for
subdomains of 'home.arpa.' MUST NOT be forwarded, with one 'home.arpa.' and subdomains of 'home.arpa.' MUST NOT be
important exception: a query for a DS record with the DO bit forwarded, with one important exception: a query for a DS
set MUST return the correct answer for that question, record with the DO bit set MUST return the correct answer for
including correct information in the authority section that that question, including correct information in the authority
proves that the record is nonexistent. section that proves that the record is nonexistent.
So for example a query for the NS record for 'home.arpa.' So, for example, a query for the NS record for 'home.arpa.'
MUST NOT result in that query being forwarded to an upstream MUST NOT result in that query being forwarded to an upstream
cache nor to the authoritative DNS server for '.arpa.'. cache nor to the authoritative DNS server for '.arpa.'.
However, as necessary to provide accurate authority However, as necessary to provide accurate authority
information, a query for the DS record MUST result in information, a query for the DS record MUST result in
whatever queries are necessary being forwarded; typically, forwarding whatever queries are necessary; typically, this
this will just be a query for the DS record, since the will just be a query for the DS record, since the necessary
necessary authority information will be included in the authority information will be included in the authority
authority section of the response if the DO bit is set. section of the response if the DO bit is set.
C. In addition to the behavior specified above, recursive C. In addition to the behavior specified above, recursive
resolvers that can be used in a homenet MUST be configurable resolvers that can be used in a homenet MUST be configurable
to forward queries for 'home.arpa.' and subdomains of to forward queries for 'home.arpa.' and subdomains of
'home.arpa.' to an authoritative server for 'home.arpa.'. 'home.arpa.' to an authoritative server for 'home.arpa.'.
This server will provide authoritative data for 'home.arpa.' This server will provide authoritative data for 'home.arpa.'
within a particular homenet. The special handling for DS within a particular homenet. The special handling for DS
records for the 'home.arpa.' delegation is still required. records for the 'home.arpa.' delegation is still required.
It is permissible to combine the recursive resolver function It is permissible to combine the recursive resolver function
skipping to change at page 5, line 47 skipping to change at page 6, line 36
for subdomains of 'home.arpa.' to an authoritative server, for subdomains of 'home.arpa.' to an authoritative server,
the resolver answers them authoritatively. The behavior with the resolver answers them authoritatively. The behavior with
respect to forwarding queries specifically for 'home.arpa.' respect to forwarding queries specifically for 'home.arpa.'
remains the same. remains the same.
5. No special processing of 'home.arpa.' is required for 5. No special processing of 'home.arpa.' is required for
authoritative DNS server implementations. It is possible that an authoritative DNS server implementations. It is possible that an
authoritative DNS server might attempt to check the authoritative authoritative DNS server might attempt to check the authoritative
servers for 'home.arpa.' for a delegation beneath that name servers for 'home.arpa.' for a delegation beneath that name
before answering authoritatively for such a delegated name. In before answering authoritatively for such a delegated name. In
such a case, because the name always has only local significance such a case, because the name always has only local significance,
there will be no such delegation in the 'home.arpa.' zone, and so there will be no such delegation in the 'home.arpa.' zone, and so
the server would refuse to answer authoritatively for such a the server would refuse to answer authoritatively for such a
zone. A server that implements this sort of check MUST be zone. A server that implements this sort of check MUST be
configurable so that either it does not do this check for the configurable so that either it does not do this check for the
'home.arpa.' domain, or it ignores the results of the check. 'home.arpa.' domain or it ignores the results of the check.
6. DNS server operators MAY configure an authoritative server for 6. DNS server operators MAY configure an authoritative server for
'home.arpa.' for use in homenets and other home networks. The 'home.arpa.' for use in homenets and other home networks. The
operator for the DNS servers authoritative for 'home.arpa.' in operator for the DNS servers authoritative for 'home.arpa.' in
the global DNS will configure any such servers as described in the global DNS will configure any such servers as described in
Section 7. Section 7.
7. 'home.arpa.' is a subdomain of the 'arpa' top-level domain, which 7. 'home.arpa.' is a subdomain of the 'arpa' top-level domain, which
is operated by IANA under the authority of the Internet is operated by IANA under the authority of the Internet
Architecture Board according to the rules established in Architecture Board according to the rules established in
[RFC3172]. There are no other registrars for .arpa. [RFC3172]. There are no other registrars for '.arpa'.
5. Updates to Home Networking Control Protocol 5. Updates to Home Networking Control Protocol
The final paragraph of Home Networking Control Protocol [RFC7788], The final paragraph in Section 8 of [RFC7788], the Home Networking
section 8, is updated as follows: Control Protocol, is updated as follows:
OLD: OLD:
Names and unqualified zones are used in an HNCP network to provide Names and unqualified zones are used in an HNCP network to provide
naming and service discovery with local significance. A network- naming and service discovery with local significance. A network-
wide zone is appended to all single labels or unqualified zones in wide zone is appended to all single labels or unqualified zones in
order to qualify them. ".home" is the default; however, an order to qualify them. ".home" is the default; however, an
administrator MAY configure the announcement of a Domain-Name TLV administrator MAY configure the announcement of a Domain-Name TLV
(Section 10.6) for the network to use a different one. In case (Section 10.6) for the network to use a different one. In case
multiple are announced, the domain of the node with the greatest multiple are announced, the domain of the node with the greatest
node identifier takes precedence. node identifier takes precedence.
NEW: NEW:
skipping to change at page 6, line 35 skipping to change at page 7, line 21
Names and unqualified zones are used in an HNCP network to provide Names and unqualified zones are used in an HNCP network to provide
naming and service discovery with local significance. A network- naming and service discovery with local significance. A network-
wide zone is appended to all single labels or unqualified zones in wide zone is appended to all single labels or unqualified zones in
order to qualify them. ".home" is the default; however, an order to qualify them. ".home" is the default; however, an
administrator MAY configure the announcement of a Domain-Name TLV administrator MAY configure the announcement of a Domain-Name TLV
(Section 10.6) for the network to use a different one. In case (Section 10.6) for the network to use a different one. In case
multiple are announced, the domain of the node with the greatest multiple are announced, the domain of the node with the greatest
node identifier takes precedence. node identifier takes precedence.
NEW: NEW:
Names and unqualified zones are used in an HNCP network to provide Names and unqualified zones are used in an HNCP network to provide
naming and service discovery with local significance. A network- naming and service discovery with local significance. A network-
wide zone is appended to all single labels or unqualified zones in wide zone is appended to all single labels or unqualified zones in
order to qualify them. 'home.arpa.' is the default; however, an order to qualify them. 'home.arpa.' is the default; however, an
administrator MAY configure the announcement of a Domain-Name TLV administrator MAY configure the announcement of a Domain-Name TLV
(Section 10.6) for the network to use a different one. In case (Section 10.6) for the network to use a different one. In case
multiple are announced, the domain of the node with the greatest multiple TLVs are announced, the domain of the node with the
node identifier takes precedence. greatest node identifier takes precedence.
The 'home.arpa.' special-use name does not require a special The 'home.arpa.' special-use name does not require a special
resolution protocol. Names for which the rightmost two labels are resolution protocol. Names for which the rightmost two labels are
'home.arpa.' are resolved using the DNS protocol [RFC1035]. 'home.arpa.' are resolved using the DNS protocol [RFC1035].
6. Security Considerations 6. Security Considerations
6.1. Local Significance 6.1. Local Significance
A DNS record that is returned as a response to a query for an FQDN A DNS record that is returned as a response to a query for a Fully
that is a subdomain of 'home.arpa.' is expected to have local Qualified Domain Name (FQDN) that is a subdomain of 'home.arpa.' is
significance. It is expected to be returned by a server involved in expected to have local significance. It is expected to be returned
name resolution for the homenet the device is connected in. However, by a server involved in name resolution for the homenet the device is
such response MUST NOT be considered more trustworthy than would be a connected in. However, such a response MUST NOT be considered more
similar response for any other DNS query. trustworthy than a similar response for any other DNS query.
Because 'home.arpa.' is not globally scoped and cannot be secured Because 'home.arpa.' is not globally scoped and cannot be secured
using DNSSEC based on the root domain's trust anchor, there is no way using DNSSEC based on the root domain's trust anchor, there is no way
to tell, using a standard DNS query, in which homenet scope an answer to tell, using a standard DNS query, in which homenet scope an answer
belongs. Consequently, users may experience surprising results with belongs. Consequently, users may experience surprising results with
such names when roaming to different homenets. such names when roaming to different homenets.
To prevent this from happening, it could be useful for the resolver To prevent this from happening, it could be useful for the resolver
on the host to securely differentiate between different homenets, and on the host to securely differentiate between different homenets and
between identical names on different homenets. However, a mechanism between identical names on different homenets. However, a mechanism
for doing this has not yet been standardized, and doing so is out of for doing this has not yet been standardized and doing so is out of
scope for this document. It is expected that this will be explored scope for this document. It is expected that this will be explored
in future work. in future work.
Locally Served Zones ([RFC6303] section 7) recommends installing The advice in [RFC6303], Section 7, to install local trust anchors
trust anchors for locally served zones. However, in order for this for locally served zones can only work if there is some way of
to be effective, there must be some way of configuring the trust configuring the trust anchor in the host. Homenet currently
anchor in the host. Homenet currently specifies no mechanism for specifies no mechanism for configuring such trust anchors. As a
configuring such trust anchors. As a result, while this advice result, while this advice sounds good, it is not practicable.
sounds good, it is not practicable.
Also, although in principle it might be useful to install a trust Also, although it might be useful to install a trust anchor for a
anchor for a particular instance of 'home.arpa.', it's reasonable to particular instance of 'home.arpa.', it's reasonable to expect that a
expect that a host with such a trust anchor might from time to time host with such a trust anchor might, from time to time, connect to
connect to more than one network with its own instance of more than one network with its own instance of 'home.arpa.'. Such a
'home.arpa.'. Such a host would be unable to access services on any host would be unable to access services on any instance of
instance of 'home.arpa.' other than the one for which a trust anchor 'home.arpa.' other than the one for which a trust anchor was
was configured. configured.
It is in principle possible to attach an identifier to an instance of It is, in principle, possible to attach an identifier to an instance
'home.arpa.' that could be used to identify which trust anchor to of 'home.arpa.' that could be used to identify which trust anchor to
rely on for validating names in that particular instance. However, rely on for validating names in that particular instance. However,
the security implications of this are complicated, and such a the security implications of this are complicated, and such a
mechanism, as well as a discussion of those implications, is out of mechanism, as well as a discussion of those implications, is out of
scope for this document. scope for this document.
6.2. Insecure Delegation 6.2. Insecure Delegation
It is not possible to install a trust anchor (a DS RR) for this zone It is not possible to install a trust anchor (a DS RR) for this zone
in the '.arpa' zone. The reason for this is that in order to do so, in the '.arpa' zone. The reason for this is that in order to do so,
it would be necessary to have the key-signing key for the zone it would be necessary to have the key-signing key for the zone (see
([RFC4034] Section 5). Since the zone is not globally unique, no one Section 5 of [RFC4034]). Since the zone is not globally unique, no
key would work. one key would work.
An alternative would be to provide a authenticated denial of An alternative would be to provide an authenticated denial of
existence ([RFC4033] Section 3.2). This would be done simply by not existence (see Section 3.2 of [RFC4033]). This would be done simply
having a delegation from the 'arpa.' zone. However, this requires by not having a delegation from the 'arpa.' zone. However, this
the validating resolver to treat 'home.arpa.' specially. If a requires the validating resolver to treat 'home.arpa.' specially. If
validating resolver that doesn't treat 'home.arpa.' specially a validating resolver that doesn't treat 'home.arpa.' specially
attempts to validate a name in 'home.arpa.', an authenticated denial attempts to validate a name in 'home.arpa.', an authenticated denial
of existence of 'home' as a subdomain of 'arpa.' would cause the of existence of 'home' as a subdomain of 'arpa.' would cause the
validation to fail. Therefore, the only delegation that will allow validation to fail. Therefore, the only delegation that will allow
names under 'home.arpa.' to be resolved by all validating resolvers names under 'home.arpa.' to be resolved by all validating resolvers
is an insecure delegation as in [RFC6303] section 7. is an insecure delegation, as in Section 7 of [RFC6303].
Consequently, unless a trust anchor for the particular instance of Consequently, unless a trust anchor for the particular instance of
the 'home.arpa.' zone being validated is manually configured on the the 'home.arpa.' zone being validated is manually configured on the
validating resolver, DNSSEC signing and validation of names within validating resolver, DNSSEC signing and validation of names within
the 'home.arpa.' zone is not possible. the 'home.arpa.' zone is not possible.
6.3. Bypassing Manually Configured Resolvers 6.3. Bypassing Manually Configured Resolvers
In Section 4, item 3, an exception is made to the behavior of stub In item 3 of Section 4, an exception is made to the behavior of stub
resolvers allowing them to query local resolvers for subdomains of resolvers that allows them to query local resolvers for subdomains of
'home.arpa.' even when they have been manually configured to use 'home.arpa.' even when they have been manually configured to use
other resolvers. This behavior obviously has security and privacy other resolvers. This behavior obviously has security and privacy
implications, and may not be desirable depending on the context. It implications and may not be desirable depending on the context. It
may be better to simply ignore this exception and, when one or more may be better to simply ignore this exception and, when one or more
recursive resolvers are configured manually, simply fail to provide recursive resolvers are configured manually, simply fail to provide
correct answers for subdomains of 'home.arpa.'. At this time we do correct answers for subdomains of 'home.arpa.'. At this time, we do
not have operational experience that would guide us in making this not have operational experience that would guide us in making this
decision; implementors are encouraged to consider the context in decision; implementors are encouraged to consider the context in
which their software will be deployed when deciding how to resolve which their software will be deployed when deciding how to resolve
this question. this question.
7. Delegation of 'home.arpa.' 7. Delegation of 'home.arpa.'
In order to be fully functional, there must be a delegation of In order to be fully functional, there must be a delegation of
'home.arpa.' in the '.arpa.' zone [RFC3172]. This delegation MUST 'home.arpa.' in the '.arpa.' zone [RFC3172]. This delegation MUST
NOT include a DS record, and MUST point to one or more black hole NOT include a DS record and MUST point to one or more black hole
servers, for example 'blackhole-1.iana.org.' and 'blackhole- servers, for example, 'blackhole-1.iana.org.' and 'blackhole-
2.iana.org.'. The reason that this delegation must not be signed is 2.iana.org.'. The reason that this delegation must not be signed is
that not signing the delegation breaks the DNSSEC chain of trust, that not signing the delegation breaks the DNSSEC chain of trust,
which prevents a validating stub resolver from rejecting names which prevents a validating stub resolver from rejecting names
published under 'home.arpa.' on a homenet name server. published under 'home.arpa.' on a homenet name server.
8. IANA Considerations 8. IANA Considerations
IANA is requested to record the domain name 'home.arpa.' in the IANA has recorded the domain name 'home.arpa.' in the "Special-Use
Special-Use Domain Names registry [SUDN]. IANA is requested, with Domain Names" registry [SUDN]. IANA, with the approval of the IAB,
the approval of IAB, to implement the delegation requested in has implemented the delegation requested in Section 7.
Section 7.
IANA is further requested to create a new subregistry within the
"Locally-Served DNS Zones" registry [LSDZ], titled "Transport-
Independent Locally-Served DNS Zones", with the same format as the
other subregistries. IANA is requested to add an entry in this new
registry for 'home.arpa.' with the description "Homenet Special-Use
Domain", listing this document as the reference. The registration
procedure for this subregistry should be the same as for the others,
currently "IETF Review" ([RFC8126] Section 4.8).
9. Acknowledgments
The authors would like to thank Stuart Cheshire for his prior work on IANA has created a new subregistry within the "Locally-Served DNS
'.home', as well as the homenet chairs: Mark Townsley and Ray Bellis. Zones" registry [LSDZ], titled "Transport-Independent Locally-Served
We would also like to thank Paul Hoffman for providing review and DNS Zone Registry", with the same format as the other subregistries.
comments on the IANA considerations section, Andrew Sullivan for his IANA has added an entry in this new registry for 'home.arpa.' with
review and proposed text, and Suzanne Woolf and Ray Bellis for their the description "Homenet Special-Use Domain", listing this document
very detailed review comments and process insights. Thanks to Mark as the reference. The registration procedure for this subregistry
Andrews for providing an exhaustive reference list on the topic of should be the same as for the others, currently "IETF Review" (see
insecure delegations. Thanks to Dale Worley for catching a rather Section 4.8 of [RFC8126]).
egregious mistake and for the Gen-Art review, and to Daniel Migault
for a thorough SecDir review. Thanks to Warren Kumari for catching
some additional issues, and to Adam Roach for some helpful
clarifications.
10. References 9. References
10.1. Normative References 9.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, <https://www.rfc- DOI 10.17487/RFC2119, March 1997,
editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC3172] Huston, G., Ed., "Management Guidelines & Operational [RFC3172] Huston, G., Ed., "Management Guidelines & Operational
Requirements for the Address and Routing Parameter Area Requirements for the Address and Routing Parameter Area
Domain ("arpa")", BCP 52, RFC 3172, DOI 10.17487/RFC3172, Domain ("arpa")", BCP 52, RFC 3172, DOI 10.17487/RFC3172,
September 2001, <https://www.rfc-editor.org/info/rfc3172>. September 2001, <https://www.rfc-editor.org/info/rfc3172>.
[RFC4035] Arends, R., Austein, R., Larson, M., Massey, D., and S. [RFC4035] Arends, R., Austein, R., Larson, M., Massey, D., and S.
Rose, "Protocol Modifications for the DNS Security Rose, "Protocol Modifications for the DNS Security
Extensions", RFC 4035, DOI 10.17487/RFC4035, March 2005, Extensions", RFC 4035, DOI 10.17487/RFC4035, March 2005,
<https://www.rfc-editor.org/info/rfc4035>. <https://www.rfc-editor.org/info/rfc4035>.
skipping to change at page 10, line 22 skipping to change at page 10, line 36
<https://www.rfc-editor.org/info/rfc6303>. <https://www.rfc-editor.org/info/rfc6303>.
[RFC6761] Cheshire, S. and M. Krochmal, "Special-Use Domain Names", [RFC6761] Cheshire, S. and M. Krochmal, "Special-Use Domain Names",
RFC 6761, DOI 10.17487/RFC6761, February 2013, RFC 6761, DOI 10.17487/RFC6761, February 2013,
<https://www.rfc-editor.org/info/rfc6761>. <https://www.rfc-editor.org/info/rfc6761>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
10.2. Informative References 9.2. Informative References
[ICANN1] "New gTLD Collision Risk Mitigation", October 2013, [ICANN1] "New gTLD Collision Risk Mitigation", August 2013,
<https://www.icann.org/en/system/files/files/new-gtld- <https://www.icann.org/en/system/files/files/
collision-mitigation-05aug13-en.pdf>. new-gtld-collision-mitigation-05aug13-en.pdf>.
[ICANN2] "New gTLD Collision Occurence Management", October 2013, [ICANN2] "New gTLD Collision Occurence Management", October 2013,
<https://www.icann.org/en/system/files/files/resolutions- <https://www.icann.org/en/system/files/files/
new-gtld-annex-1-07oct13-en.pdf>. resolutions-new-gtld-annex-1-07oct13-en.pdf>.
[LSDZ] "Locally-Served DNS Zones Registry", July 2011, [LSDZ] "Locally-Served DNS Zones", July 2011,
<https://www.iana.org/assignments/locally-served-dns- <https://www.iana.org/assignments/
zones/locally-served-dns-zones.xhtml>. locally-served-dns-zones/>.
[RFC1035] Mockapetris, P., "Domain names - implementation and [RFC1035] Mockapetris, P., "Domain names - implementation and
specification", STD 13, RFC 1035, DOI 10.17487/RFC1035, specification", STD 13, RFC 1035, DOI 10.17487/RFC1035,
November 1987, <https://www.rfc-editor.org/info/rfc1035>. November 1987, <https://www.rfc-editor.org/info/rfc1035>.
[RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S. [RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S.
Rose, "DNS Security Introduction and Requirements", Rose, "DNS Security Introduction and Requirements",
RFC 4033, DOI 10.17487/RFC4033, March 2005, RFC 4033, DOI 10.17487/RFC4033, March 2005,
<https://www.rfc-editor.org/info/rfc4033>. <https://www.rfc-editor.org/info/rfc4033>.
skipping to change at page 11, line 19 skipping to change at page 11, line 29
[RFC7788] Stenberg, M., Barth, S., and P. Pfister, "Home Networking [RFC7788] Stenberg, M., Barth, S., and P. Pfister, "Home Networking
Control Protocol", RFC 7788, DOI 10.17487/RFC7788, April Control Protocol", RFC 7788, DOI 10.17487/RFC7788, April
2016, <https://www.rfc-editor.org/info/rfc7788>. 2016, <https://www.rfc-editor.org/info/rfc7788>.
[RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for
Writing an IANA Considerations Section in RFCs", BCP 26, Writing an IANA Considerations Section in RFCs", BCP 26,
RFC 8126, DOI 10.17487/RFC8126, June 2017, RFC 8126, DOI 10.17487/RFC8126, June 2017,
<https://www.rfc-editor.org/info/rfc8126>. <https://www.rfc-editor.org/info/rfc8126>.
[SUDN] "Special-Use Domain Names Registry", July 2012, [SUDN] "Special-Use Domain Names", July 2012,
<https://www.iana.org/assignments/special-use-domain- <https://www.iana.org/assignments/
names/special-use-domain-names.xhtml>. special-use-domain-names/>.
Acknowledgments
The authors would like to thank Stuart Cheshire, as well as the
homenet chairs, Mark Townsley and Ray Bellis, for their prior work on
'.home'. We would also like to thank Paul Hoffman for providing
review and comments on the IANA Considerations section, Andrew
Sullivan for his review and proposed text, and Suzanne Woolf and Ray
Bellis for their very detailed review comments and process insights.
Thanks to Mark Andrews for providing an exhaustive reference list on
the topic of insecure delegations. Thanks to Dale Worley for
catching a rather egregious mistake and for the Gen-Art review, and
thanks to Daniel Migault for a thorough SecDir review. Thanks to
Warren Kumari for catching some additional issues and to Adam Roach
for some helpful clarifications.
Authors' Addresses Authors' Addresses
Pierre Pfister Pierre Pfister
Cisco Systems Cisco Systems
Paris Paris
France France
Email: pierre.pfister@darou.fr Email: pierre.pfister@darou.fr
Ted Lemon Ted Lemon
Nominum, Inc. Nibbhaya Consulting
800 Bridge Parkway P.O. Box 958
Redwood City, California 94065 Brattleboro, Vermont 05301-0958
United States of America United States of America
Phone: +1 650 381 6000 Email: mellon@fugue.com
Email: ted.lemon@nominum.com
 End of changes. 61 change blocks. 
186 lines changed or deleted 184 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/