draft-ietf-dnssd-mdns-dns-interop-02.txt   draft-ietf-dnssd-mdns-dns-interop-03.txt 
DNSSD A. Sullivan DNSSD A. Sullivan
Internet-Draft Dyn Internet-Draft Dyn
Intended status: Informational October 31, 2015 Intended status: Informational July 3, 2016
Expires: May 3, 2016 Expires: January 4, 2017
On Interoperation of Labels Between DNS and Other Resolution Systems On Interoperation of Labels Among Conventional DNS and Other Resolution
draft-ietf-dnssd-mdns-dns-interop-02 Systems
draft-ietf-dnssd-mdns-dns-interop-03
Abstract Abstract
Despite its name, DNS-Based Service Discovery can use naming systems Despite its name, DNS-Based Service Discovery can use naming systems
other than the Domain Name System when looking for services. other than the Domain Name System when looking for services.
Moreover, when it uses the DNS, DNS-Based Service Discovery uses the Moreover, when it uses the DNS, DNS-Based Service Discovery uses the
full capability of DNS, rather than using a subset of available full capability of DNS, rather than using a subset of available
octets. In order for DNS-SD to be used effectively in environments octets. In order for DNS-SD to be used effectively in environments
where multiple different name systems and conventions for their where multiple different name systems and conventions for their
operation are in use, it is important to attend to differences in the operation are in use, it is important to attend to differences in the
skipping to change at page 1, line 40 skipping to change at page 1, line 41
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on May 3, 2016. This Internet-Draft will expire on January 4, 2017.
Copyright Notice Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
skipping to change at page 2, line 24 skipping to change at page 2, line 25
1.1. Conventions and terms used in this document . . . . . . . 3 1.1. Conventions and terms used in this document . . . . . . . 3
2. Why there could be a problem at all . . . . . . . . . . . . . 4 2. Why there could be a problem at all . . . . . . . . . . . . . 4
3. Requirements for a profile for label interoperation . . . . . 5 3. Requirements for a profile for label interoperation . . . . . 5
4. DNS-SD portions . . . . . . . . . . . . . . . . . . . . . . . 6 4. DNS-SD portions . . . . . . . . . . . . . . . . . . . . . . . 6
4.1. The <Instance> Portion of the Service 4.1. The <Instance> Portion of the Service
Instance Name . . . . . . . . . . . . . . . . . . . . . . 6 Instance Name . . . . . . . . . . . . . . . . . . . . . . 6
4.2. The <Service> Portion of the Service 4.2. The <Service> Portion of the Service
Instance Name . . . . . . . . . . . . . . . . . . . . . . 7 Instance Name . . . . . . . . . . . . . . . . . . . . . . 7
4.3. The <Domain> Portion of the Service Instance 4.3. The <Domain> Portion of the Service Instance
Name . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Name . . . . . . . . . . . . . . . . . . . . . . . . . . 7
5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 8 5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 9
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9
7. Security Considerations . . . . . . . . . . . . . . . . . . . 9 7. Security Considerations . . . . . . . . . . . . . . . . . . . 9
8. Informative References . . . . . . . . . . . . . . . . . . . 9 8. Informative References . . . . . . . . . . . . . . . . . . . 9
Appendix A. Change History . . . . . . . . . . . . . . . . . . . 10 Appendix A. Change History . . . . . . . . . . . . . . . . . . . 11
A.1. draft-ietf-dnssd-mdns-dns-interop-02 . . . . . . . . . . 10 A.1. draft-ietf-dnssd-mdns-dns-interop-03 . . . . . . . . . . 11
A.2. draft-ietf-dnssd-mdns-dns-interop-01 . . . . . . . . . . 11 A.2. draft-ietf-dnssd-mdns-dns-interop-02 . . . . . . . . . . 11
A.3. draft-ietf-dnssd-mdns-dns-interop-00 . . . . . . . . . . 11 A.3. draft-ietf-dnssd-mdns-dns-interop-01 . . . . . . . . . . 11
A.4. draft-sullivan-dnssd-mdns-dns-interop-01 . . . . . . . . 11 A.4. draft-ietf-dnssd-mdns-dns-interop-00 . . . . . . . . . . 11
A.5. draft-sullivan-dnssd-mdns-dns-interop-00 . . . . . . . . 11 A.5. draft-sullivan-dnssd-mdns-dns-interop-01 . . . . . . . . 11
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 11 A.6. draft-sullivan-dnssd-mdns-dns-interop-00 . . . . . . . . 12
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 12
1. Introduction 1. Introduction
DNS-Based Service Discovery (DNS-SD, [RFC6763]) specifies a mechanism DNS-Based Service Discovery (DNS-SD, [RFC6763]) specifies a mechanism
for discovering services using queries to the Domain Name System for discovering services using queries to the Domain Name System
(DNS, [RFC1034], [RFC1035]); and to any other system that uses domain (DNS, [RFC1034], [RFC1035]); and to any other system that uses domain
names, such as Multicast DNS (mDNS, [RFC6762]). Conventional use of names, such as Multicast DNS (mDNS, [RFC6762]). Many applications
the DNS generally follows the host name rules [RFC0952] for labels -- that use the DNS follow "Internet hostname" syntax [RFC0952] for
the so-called LDH rule. That convention is the reason behind the labels -- the so-called LDH rule. That convention is the reason
development of Internationalized Domain Names for Applications behind the development of Internationalized Domain Names for
(IDNA2008, [RFC5890], [RFC5891], [RFC5892], [RFC5893], [RFC5894], Applications (IDNA2008, [RFC5890], [RFC5891], [RFC5892], [RFC5893],
[RFC5895]). It is worth noting that the LDH rule is a convention, [RFC5894], [RFC5895]). It is worth noting that the LDH rule is a
and not a rule of the DNS; this is made entirely plain by [RFC2181], convention, and not a rule of the DNS; this is made entirely plain by
section 11. Nevertheless, there is a widespread belief that in many [RFC2181], section 11, and discussed further in [RFC6055], section 3.
circumstances domain names cannot be used in the DNS unless they Nevertheless, there is a widespread belief that in many circumstances
cleave to the LDH rule. domain names cannot be used in the DNS unless they cleave to the LDH
rule.
At the same time, mDNS requires that labels be encoded in UTF-8, and At the same time, mDNS requires that labels be encoded in UTF-8, and
permits a range of characters in labels that are not permitted by permits a range of characters in labels that are not permitted by
IDNA2008 or the LDH rule. For example, mDNS encourages the use of IDNA2008 or the LDH rule. For example, mDNS encourages the use of
spaces and punctuation in mDNS names (see [RFC6763], section 4.1.3). spaces and punctuation in mDNS names (see [RFC6763], section 4.1.3).
It does not restrict which Unicode code points may be used in those It does not restrict which Unicode code points may be used in those
labels, so long as the code points are UTF-8 in Net-Unicode [RFC5198] labels, so long as the code points are UTF-8 in Net-Unicode [RFC5198]
format. format.
Users of applications are, of course, frequently unconcerned with Users and developers of applications are, of course, frequently
(not to say oblivious to) the name-resolution system(s) in service at unconcerned with (not to say oblivious to) the name-resolution
any given moment, and are inclined simply to use the same domain system(s) in service at any given moment, and are inclined simply to
names in different contexts. As a result, the same domain name might use the same domain names in different contexts. As a result, the
be tried using different name resolution technologies. If DNS-SD is same domain name might be tried using different name resolution
to be used in an environment where multiple resolution systems (such technologies. If a given name will not work across the various
as mDNS and DNS) are to be queried for services, then some parts of environments, then user expectations are likely to be best satisfied
the domain names to be queried will need to be compatible with the when at least some parts of the domain names to be queried are
rules and conventions for all the relevant technologies. compatible with the rules and conventions for all the relevant
technologies. Given the uses of DNS-SD, a choice for such
compatibility likely lies with the application designer or service
operator.
One approach to interoperability under these circumstances is to use One approach to interoperability under these circumstances is to use
a single operational convention (a "profile") for domain names under a single operational convention (a "profile") for domain names under
the different naming systems. This memo assumes such a use profile, the different naming systems. This memo assumes such a use profile,
and attempts to outline what is necessary to make it work without and attempts to outline what is necessary to make it work without
specifying any particular technology. It does assume, however, that specifying any particular technology. It does assume, however, that
the global DNS is eventually likely to be implicated. Given the the global DNS is eventually likely to be implicated. Given the
general tendency of all resolution eventually to fall through to the general tendency of all resolution eventually to fall through to the
DNS, that assumption does not seem controversial. DNS, that assumption does not seem controversial.
It is worth noting that users of DNS-SD do not use the service It is worth noting that users of DNS-SD do not use the service
discovery names in the same way that users of other domain names discovery names in the same way that users of other domain names
might. Domain names often might as easily be entered as direct user might. In many cases, domain names can be entered as direct user
input as by any other method. But the service discovery context input. But the service discovery context generally assumes users are
generally assumes users are picking a service from a list. As a picking a service from a list. As a result, the sorts of application
result, the sorts of application considerations that are appropriate considerations that are appropriate to the general-purpose DNS name,
to the general-purpose DNS name, and that resulted in the A-label/ and that resulted in the A-label/U-label split (see below) in
U-label split (see below) in IDNA2008, are not entirely the right IDNA2008, are not entirely the right approach for DNS-SD.
approach for DNS-SD.
1.1. Conventions and terms used in this document 1.1. Conventions and terms used in this document
Wherever appropriate, this memo uses the terminology defined in Wherever appropriate, this memo uses the terminology defined in
Section 2 of [RFC5890]. In particular, the reader is assumed to be Section 2 of [RFC5890]. In particular, the reader is assumed to be
familiar with the terms "U-label", "LDH label", and "A-label" from familiar with the terms "U-label", "LDH label", and "A-label" from
that document. Similarly, the reader is assumed to be familiar with that document. Similarly, the reader is assumed to be familiar with
the U+NNNN notation for Unicode code points used in [RFC5890] and the U+NNNN notation for Unicode code points used in [RFC5890] and
other documents dealing with Unicode code points. In the interests other documents dealing with Unicode code points. In the interests
of brevity and consistency, the definitions are not repeated here. of brevity and consistency, the definitions are not repeated here.
Sometimes this memo refers to names in the DNS as though the LDH rule Sometimes this memo refers to names in the DNS as though the LDH rule
and IDNA2008 are strict requirements. They are not. DNS labels are, and IDNA2008 are strict requirements. They are not. DNS labels are,
in principle, just collections of octets, and therefore in principle in principle, just collections of octets, and therefore in principle
the LDH rule is not a constraint. In practice, applications the LDH rule is not a constraint. In practice, applications
sometimes intercept labels that do not conform to the LDH rule and sometimes intercept labels that do not conform to the LDH rule and
apply IDNA and other transformations. apply IDNA and other transformations.
The DNS, perhaps unfortunately, has produced its own jargon. The DNS, perhaps unfortunately, has produced its own jargon.
Unfamiliar DNS-related terms in this memo should be found in Unfamiliar DNS-related terms in this memo should be found in
[I-D.ietf-dnsop-dns-terminology]. [RFC7719].
The term "owner name" (common to the DNS vernacular; see above) is The term "owner name" (common to the DNS vernacular; see above) is
used here to apply not just to the domain names to be looked up in used here to apply not just to the domain names to be looked up in
the DNS, but to any name that might be looked up either in the DNS or the DNS, but to any name that might be looked up either in the DNS or
using other technologies. It therefore includes names that might not using another technology. It therefore includes names that might not
actually exist anywhere. In addition, what follows depends on the actually exist anywhere. In addition, what follows depends on the
idea that not every domain name may be looked up in the DNS. For idea that not every domain name will be looked up in the DNS. For
instance, names ending in "local." (in the presentation format) are instance, names ending in "local." (in the presentation format) are
not ordinarily looked up in the DNS, but instead by querying mDNS. not ordinarily looked up using DNS, but instead looked up using mDNS.
DNS-SD specifies three portions of the owner name for a DNS-SD DNS-SD specifies three portions of the owner name for a DNS-SD
resource record. These are the <Instance> portion, the <Service> resource record. These are the <Instance> portion, the <Service>
portion, and the <Domain>. The owner name made of these three parts portion, and the <Domain> portion. The owner name made of these
is called the Service Instance Name. It is worth observing that a three parts is called the Service Instance Name. It is worth
portion may be more than one label long. See [RFC6763], section 4.1. observing that a portion may be more than one label long. See
Further discussion of the parts is found in Section 4. [RFC6763], section 4.1. Further discussion of the parts is found in
Section 4.
Throughout this memo, mDNS is used liberally as the alternative Throughout this memo, mDNS is used liberally as the alternative
resolution mechanism to DNS. This is for convenience rather than resolution mechanism to DNS. This is for convenience rather than
rigour: any alternative name resolution to DNS could present the same rigour: any alternative name resolution to DNS could present the same
friction with the prevailing operational conventions of the global friction with the prevailing operational conventions of the global
DNS. It so happens that mDNS is the overwhelmingly successful DNS. It so happens that mDNS is the overwhelmingly successful
alternative as of this writing, so it is used in order to make the alternative as of this writing, so it is used in order to make the
issues plainer to the reader. Other alternative resolution issues plainer to the reader. Other alternative resolution
mechanisms may in general be read wherever mDNS appears in the text, mechanisms may in general be read wherever mDNS appears in the text,
except where details of the mDNS specification appear. except where details of the mDNS specification appear.
skipping to change at page 5, line 5 skipping to change at page 5, line 10
One might reasonably wonder why there is a problem to be solved at One might reasonably wonder why there is a problem to be solved at
all. After all, DNS labels permit any octet whatsoever, and anything all. After all, DNS labels permit any octet whatsoever, and anything
that can be useful with DNS-SD cannot use any names that are outside that can be useful with DNS-SD cannot use any names that are outside
the protocol strictures of the DNS. the protocol strictures of the DNS.
The reason for the trouble is twofold. First, and least troublesome, The reason for the trouble is twofold. First, and least troublesome,
is the possibility of resolvers that are attempting to offer IDNA is the possibility of resolvers that are attempting to offer IDNA
service system-wide. Given the design of IDNA2008, it is reasonable service system-wide. Given the design of IDNA2008, it is reasonable
to suppose that on some systems high-level name resolution libraries to suppose that on some systems high-level name resolution libraries
will perform the U-label/A-label transformation automatically, saving will perform the U-label/A-label transformation automatically, saving
applications from these details. If this were the main problem, applications from these details. But system-level services do not
however, it would presumably be self-correcting; for the right answer always have available to them the resolution context, and may apply
would be, "Don't use those libraries for DNS-SD," and DNS-SD would the transformation in a way that foils rather than helps the
not work reliably in cases where such libraries were in use. This application. Of course, if this were the main problem, it would
would be unfortunate; but given that DNS-SD in Internet contexts is presumably be self-correcting; for the right answer would be, "Don't
as of this writing not in ubiquitous use, it should not represent a use those libraries for DNS-SD," and DNS-SD would not work reliably
fatal issue. in cases where such libraries were in use. This would be
unfortunate; but given that DNS-SD in Internet contexts is as of this
writing not in ubiquitous use, it should not represent a fatal issue.
The greater problem is that the "infrastructure" types of DNS service The greater problem is that the "infrastructure" types of DNS service
-- the root zone, the top-level domains, and so on -- have embraced -- the root zone, the top-level domains, and so on -- have embraced
IDNA and refuse registration of raw UTF-8 into their zones. As of IDNA and refuse registration of raw UTF-8 into their zones. As of
this writing there is (perhaps unfortunately) no reliable way to this writing there is (perhaps unfortunately) no reliable way to
discover where these sorts of DNS services end. Nevertheless, some discover where these sorts of DNS services end. Nevertheless, some
client programs (notably web browsers) have adopted a number of client programs (notably web browsers) have adopted a number of
different policies about how domain names will be looked up and different policies about how domain names will be looked up and
presented to users given the policies of the relevant DNS zone presented to users given the policies of the relevant DNS zone
operators. None of these policies permit raw UTF-8. Since it is operators. None of these policies permit raw UTF-8. Since it is
skipping to change at page 5, line 44 skipping to change at page 5, line 51
Name that are implicated in regular DNS lookups. Only some portions Name that are implicated in regular DNS lookups. Only some portions
are implicated. In any case, if a given portion is implicated, the are implicated. In any case, if a given portion is implicated, the
profile will need to apply to all labels in that portion. profile will need to apply to all labels in that portion.
In addition, because DNS-SD Service Instance Names can be used in a In addition, because DNS-SD Service Instance Names can be used in a
domain name slot, care must be taken by DNS-SD-aware resolvers to domain name slot, care must be taken by DNS-SD-aware resolvers to
handle the different portions as outlined here, so that DNS-SD handle the different portions as outlined here, so that DNS-SD
portions that do not use IDNA2008 will not be treated as U-labels and portions that do not use IDNA2008 will not be treated as U-labels and
will not accidentally undergo IDNA processing. will not accidentally undergo IDNA processing.
Because the profile will need to apply to names that might need to Because the profile will apply to names that might appear in the
interoperate with names in the public DNS, and because other public DNS, and because other resolution mechanisms (such as mDNS)
resolution mechanisms (such as mDNS) could permit labels that IDNA could permit labels that IDNA does not, the profile might reduce the
does not, the profile might reduce the labels that could be used with labels that could be used with those other resolution mechanisms.
those other resolution mechanisms. One consequence of this is that One consequence of this is that some recommendations from [RFC6763]
some recommendations from [RFC6763] will not really be possible to will not really be possible to implement using names subject to the
implement using names subject to the profile. In particular, profile. In particular, [RFC6763], section 4.1.3 recommends that
[RFC6763], section 4.1.3 recommends that labels always be stored and labels always be stored and communicated as UTF-8, even in the DNS.
communicated as UTF-8, even in the DNS. Because of the way the Because of the way the public DNS is currently operated (see
public DNS is currently operated (see Section 2), the advice to store Section 2), the advice to store and transmit labels as UTF-8 in the
and transmit labels as UTF-8 in the DNS is likely either to encounter DNS is likely either to encounter problems, or to result in
problems or result in unnecessary traffic to the public DNS (or unnecessary traffic to the public DNS, or both. In particular, many
both). In particular, many labels in the <Domain> part of a Service labels in the <Domain> part of a Service Instance Name are unlikely
Instance Name is unlikely to be found in its UTF-8 form in the public to be found in the UTF-8 form in the public DNS tree for zones that
DNS tree for zones that are using IDNA2008. By contrast, for are using IDNA2008. By contrast, for example, mDNS normally uses
example, mDNS normally uses UTF-8. UTF-8.
U-labels cannot contain upper case letters. That restriction extends U-labels cannot contain upper case letters (see [RFC5894], sections
to ASCII-range upper case letters that work fine in LDH-labels. It 3.1.3 and 4.2). That restriction extends to ASCII-range upper case
may be confusing that the character "A" works in the DNS when none of letters that work fine in LDH-labels. It may be confusing that the
the characters in the label has a diacritic, but does not work when character "A" works in the DNS when none of the characters in the
there is such a diacritic in the label. Labels in mDNS names (or label has a diacritic, but does not work when there is such a
other resolution technologies) may contain upper case characters, so diacritic in the label. Labels in mDNS names (or other resolution
the profile will need either to restrict the use of upper case or technologies) may contain upper case characters, so the profile will
come up with a reliable and predictable (to users) convention for need either to restrict the use of upper case or come up with a
case folding even in the presence of diacritics. convention for case folding (even in the presence of diacritics) that
is reliable and predictable to users.
4. DNS-SD portions 4. DNS-SD portions
Service Instance Names are made up of three portions. Service Instance Names are made up of three portions.
4.1. The <Instance> Portion of the Service Instance Name 4.1. The <Instance> Portion of the Service Instance Name
[RFC6763] is clear that the <Instance> portion of the Service [RFC6763] is clear that the <Instance> portion of the Service
Instance Name is intended for presentation to users, and therefore Instance Name is intended for presentation to users, and therefore
virtually any character is permitted in it. There are two ways that virtually any character is permitted in it. There are two ways that
a profile might address this portion. a profile might address this portion.
The first way would be to treat this portion as likely to be The first way would be to treat this portion as likely to be
intercepted by system-wide IDNA-aware resolvers, or likely subject to intercepted by system-wide IDNA-aware (but otherwise context-unaware)
strict IDNA conformance requirements for publication in the relevant resolvers, or likely subject to strict IDNA conformance requirements
zone. In this case, the portion would need to be made subject to the for publication in the relevant zone. In this case, the portion
profile, thereby curtailing what characters may appear in this would need to be made subject to the profile, thereby curtailing what
portion. This approach permits DNS-SD to use any standard system characters may appear in this portion. This approach permits DNS-SD
resolver but presents inconsistencies with the DNS-SD specification to use any standard system resolver but presents inconsistencies with
and with DNS-SD that is exclusively mDNS-based. Therefore, this the DNS-SD specification and with DNS-SD use that is exclusively
strategy is rejected. mDNS-based. Therefore, this strategy is rejected.
Instead, DNS-SD implementations can intercept the <Instance> portion Instead, DNS-SD implementations can intercept the <Instance> portion
of a Service Instance Name and ensure that those labels are never of a Service Instance Name and ensure that those labels are never
handed to IDNA-aware resolvers that might attempt to convert these handed to IDNA-aware resolvers that might attempt to convert these
labels into A-labels. Under this approach, the DNS-SD <Instance> labels into A-labels. Under this approach, the DNS-SD <Instance>
portion works as it always does, but at the cost of using special portion works as it always does, but at the cost of using special
resolution code built into the DNS-SD system. A practical resolution code built into the DNS-SD system. A practical
consequence of this is that zone operators need to be prepared not to consequence of this is that zone operators need to be prepared not to
apply the LDH rule to all labels, and may need to make special apply the LDH rule to all labels, and may need to make special
concessions to ensure that the <Instance> portion can contain spaces, concessions to ensure that the <Instance> portion can contain spaces,
upper and lower case, and any UTF-8 code point; or else to prepare a upper and lower case, and any UTF-8 code point; or else to prepare a
user interface to handle the exceptions that would otherwise be user interface to handle the exceptions that would otherwise be
generated. Automatic conversion to A-labels is not acceptable. generated. Automatic conversion to A-labels is not acceptable.
It is worth noting that this advice is not actually compatible with
advice in [RFC6055], section 4. That section appears to assume that
names are not really composed of subsections, but because [RFC6763]
specifies portions of names, the advice in this memo is to follow the
advice of [RFC6055] according to the portion of the domain name,
rather than for the whole domain name. As a practical matter, this
likely means special-purpose name resolution software for DNS-SD.
4.2. The <Service> Portion of the Service Instance Name 4.2. The <Service> Portion of the Service Instance Name
DNS-SD includes a <Service> component in the Service Instance Name. DNS-SD includes a <Service> component in the Service Instance Name.
This component is not really user-facing data, but is instead control This component is not really user-facing data, but is instead control
data embedded in the Service Instance Name. This component includes data embedded in the Service Instance Name. This component includes
so-called "underscore labels", which are labels prepended with U+005F so-called "underscore labels", which are labels prepended with U+005F
(_). The underscore label convention was established by DNS SRV (_). The underscore label convention was established by DNS SRV
([RFC2782]) for identifying metadata inside DNS names. A system-wide ([RFC2782]) for identifying metadata inside DNS names. A system-wide
resolver (or DNS middlebox) that cannot handle underscore labels will resolver (or DNS middlebox) that cannot handle underscore labels will
not work with DNS-SD at all, so it is safe to suppose that such not work with DNS-SD at all, so it is safe to suppose that such
resolvers will not attempt to do special processing on these labels. resolvers will not attempt to do special processing on these labels.
Therefore, the <Service> portion of the Service Instance Name will Therefore, the <Service> portion of the Service Instance Name will
not be subject to the profile. By the same token, it should be noted not be subject to the profile. By the same token, underscore labels
that underscore labels are never subject to IDNA processing (they're are never subject to IDNA processing (they are formally
formally incompatible), and therefore concerns about IDNA are incompatible), and therefore concerns about IDNA are irrelevant for
irrelevant for these labels. these labels.
4.3. The <Domain> Portion of the Service Instance Name 4.3. The <Domain> Portion of the Service Instance Name
The <Domain> portion of the Service Instance Name forms an integral The <Domain> portion of the Service Instance Name forms an integral
part of the owner name submitted for DNS resolution. A system-wide part of the owner name submitted for DNS resolution. A system-wide
resolver that is IDNA2008-aware is likely to interpret labels with resolver that is IDNA2008-aware is likely to interpret labels with
UTF-8 in the owner name as candidates for IDNA2008 processing. More UTF-8 in the owner name as candidates for IDNA2008 processing. More
important, operators of internationalized domain names will important, operators of internationalized domain names will
frequently publish such names in the DNS as A-labels; certainly, the frequently publish such names in the public DNS as A-labels;
top-most labels will always be A-labels. Therefore, these labels certainly, the top-most labels will always be A-labels. Therefore,
will need to be subject to the profile. DNS-SD implementations ought these labels will need to be subject to the profile. DNS-SD
to identify the <Domain> portion of the Service Instance Name and implementations ought somehow to identify the <Domain> portion of the
treat it subject to IDNA2008 in case the domain is to be queried from Service Instance Name and treat it subject to IDNA2008 in case the
the global DNS. In the event that the <Domain> portion of the domain is to be queried from the global DNS. In the event that the
Service Instance Name fails to resolve, it is acceptable to <Domain> portion of the Service Instance Name fails to resolve, it is
substitute labels with plain UTF-8, starting at the lowest label in acceptable to substitute labels with plain UTF-8, starting at the
the DNS tree and working toward the root. This approach differs from lowest label in the DNS tree and working toward the root. This
the rule for resolution published in [RFC6763], because it privileges approach differs from the rule for resolution published in [RFC6763],
IDNA2008-compatible labels over UTF-8 labels. because it privileges IDNA2008-compatible labels over UTF-8 labels.
There is more than one way to achieve such a result, but in terms of
predictability it is probably best if the lowest-level resolution
component is able to learn the correct resolution context, so that it
can perform the correct transformations on the various domain
portions.
One might argue against this restriction on either of two grounds: One might argue against the above restriction on either of two
grounds:
1. It is possible the names may be in the DNS in UTF-8, and RFC 6763 1. It is possible the names may be in the DNS in UTF-8, and RFC 6763
already specifies a fallback strategy of progressively attempting already specifies a fallback strategy of progressively attempting
first the UTF-8 label lookup (it might not be a U-label) and then first the UTF-8 label lookup (it might not be a U-label) and then
if possible the A-label lookup. if possible the A-label lookup.
2. Zone administrators that wish to support DNS-SD can publish a 2. Zone administrators that wish to support DNS-SD can publish a
UTF-8 version of the zone along side the A-label version of the UTF-8 version of the zone along side the A-label version of the
zone. zone.
skipping to change at page 9, line 22 skipping to change at page 9, line 44
This memo presents some requirements for future development, but does This memo presents some requirements for future development, but does
not specify anything. It makes no additional security-specific not specify anything. It makes no additional security-specific
requirements. Issues arising due to visual confusability of names requirements. Issues arising due to visual confusability of names
apply to this case as well as to any other case of internationalized apply to this case as well as to any other case of internationalized
names, but interoperation between different resolution systems and names, but interoperation between different resolution systems and
conventions does not alter the severity of those issues. conventions does not alter the severity of those issues.
8. Informative References 8. Informative References
[I-D.ietf-dnsop-dns-terminology]
Hoffman, P., Sullivan, A., and K. Fujiwara, "DNS
Terminology", draft-ietf-dnsop-dns-terminology-05 (work in
progress), September 2015.
[RFC0952] Harrenstien, K., Stahl, M., and E. Feinler, "DoD Internet [RFC0952] Harrenstien, K., Stahl, M., and E. Feinler, "DoD Internet
host table specification", RFC 952, October 1985. host table specification", RFC 952, October 1985.
[RFC1034] Mockapetris, P., "Domain names - concepts and facilities", [RFC1034] Mockapetris, P., "Domain names - concepts and facilities",
STD 13, RFC 1034, November 1987. STD 13, RFC 1034, November 1987.
[RFC1035] Mockapetris, P., "Domain names - implementation and [RFC1035] Mockapetris, P., "Domain names - implementation and
specification", STD 13, RFC 1035, November 1987. specification", STD 13, RFC 1035, November 1987.
[RFC2181] Elz, R. and R. Bush, "Clarifications to the DNS [RFC2181] Elz, R. and R. Bush, "Clarifications to the DNS
skipping to change at page 10, line 34 skipping to change at page 11, line 5
[RFC6672] Rose, S. and W. Wijngaards, "DNAME Redirection in the [RFC6672] Rose, S. and W. Wijngaards, "DNAME Redirection in the
DNS", RFC 6672, June 2012. DNS", RFC 6672, June 2012.
[RFC6762] Cheshire, S. and M. Krochmal, "Multicast DNS", RFC 6762, [RFC6762] Cheshire, S. and M. Krochmal, "Multicast DNS", RFC 6762,
February 2013. February 2013.
[RFC6763] Cheshire, S. and M. Krochmal, "DNS-Based Service [RFC6763] Cheshire, S. and M. Krochmal, "DNS-Based Service
Discovery", RFC 6763, February 2013. Discovery", RFC 6763, February 2013.
[RFC7719] Hoffman, P., Sullivan, A., and K. Fujiwara, "DNS
Terminology", RFC 7719, DOI 10.17487/RFC7719, December
2015, <http://www.rfc-editor.org/info/rfc7719>.
Appendix A. Change History Appendix A. Change History
Note to RFC Editor: this section should be removed prior to Note to RFC Editor: this section should be removed prior to
publication. publication.
A.1. draft-ietf-dnssd-mdns-dns-interop-02 A.1. draft-ietf-dnssd-mdns-dns-interop-03
o Additional alteration of title
o Attempt to address WGLC comments from Dave Thaler (2016-04-02)
A.2. draft-ietf-dnssd-mdns-dns-interop-02
o Altered the title to make it more generic than mDNS. o Altered the title to make it more generic than mDNS.
o Addressed issues raised by Dave Thaler in review on 2015-07-18. o Addressed issues raised by Dave Thaler in review on 2015-07-18.
o Added a note to Section 7 about visual confusion. I don't know o Added a note to Section 7 about visual confusion. I don't know
whether this will satisfy Doug Otis but it is the only thing I can whether this will satisfy Doug Otis but it is the only thing I can
see that could possibly be relevant. see that could possibly be relevant.
o Added discussion of finding "boundary" in Section 4.3. o Added discussion of finding "boundary" in Section 4.3.
A.2. draft-ietf-dnssd-mdns-dns-interop-01 A.3. draft-ietf-dnssd-mdns-dns-interop-01
Alter text to make clear that the main issue is the way the public Alter text to make clear that the main issue is the way the public
DNS is currently administered, not system resolvers. I suppose this DNS is currently administered, not system resolvers. I suppose this
should have been clear before, but I didn't do that. Many thanks to should have been clear before, but I didn't do that. Many thanks to
Kerry Lynn for penetrating questions that illuminated what I'd left Kerry Lynn for penetrating questions that illuminated what I'd left
out. out.
A.3. draft-ietf-dnssd-mdns-dns-interop-00 A.4. draft-ietf-dnssd-mdns-dns-interop-00
1st WG version 1st WG version
Add text to make clear that fallback from A-label lookup to UTF-8 Add text to make clear that fallback from A-label lookup to UTF-8
label lookup ok, per WG comments at IETF 91 label lookup ok, per WG comments at IETF 91
A.4. draft-sullivan-dnssd-mdns-dns-interop-01 A.5. draft-sullivan-dnssd-mdns-dns-interop-01
o Decided which portions would be affected o Decided which portions would be affected
o Explained the difference in user interfaces between DNS-SD and o Explained the difference in user interfaces between DNS-SD and
usual DNS operation usual DNS operation
o Provided background on why the Domain portion should be treated o Provided background on why the Domain portion should be treated
differently differently
A.5. draft-sullivan-dnssd-mdns-dns-interop-00 A.6. draft-sullivan-dnssd-mdns-dns-interop-00
Initial version. Initial version.
Author's Address Author's Address
Andrew Sullivan Andrew Sullivan
Dyn Dyn
150 Dow St. 150 Dow St.
Manchester, NH 03101 Manchester, NH 03101
U.S.A. U.S.A.
 End of changes. 29 change blocks. 
114 lines changed or deleted 142 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/