Hi all,We have submitted a new draft that focuses on the lack of specialized security operations to supervise link-local DNS resolution may lead to security risks.
Look forward to comments and feedbacks! Thank you! A new version of Internet-Draft draft-gong-dnsop-enhancing-local-use-domain-00.txt has been successfully submitted and posted to the IETF repository. Name: draft-gong-dnsop-enhancing-local-use-domain Revision: 00 Title: Enhancing Local-Use Domain Name Resolution within Link-Local Scope Date: 2025-05-28 Group: Individual Submission Pages: 7 URL: https://www.ietf.org/archive/id/draft-gong-dnsop-enhancing-local-use-domain-00.txt Status: https://datatracker.ietf.org/doc/draft-gong-dnsop-enhancing-local-use-domain/ HTMLized: https://datatracker.ietf.org/doc/html/draft-gong-dnsop-enhancing-local-use-domain Abstract: Link-local networks such as home Internet of Things (IoT) and industrial Internet of Things are becoming increasingly prosperous, with a large number of small devices deployed in the link-local networks. These devices discover each other through ".local." domain names of DNS-based zero-configuration network protocol. However, the lack of specialized security operations to supervise link-local DNS resolution leads to some security risks. This memo addresses the potential risks associated with the leakage of link-local DNS traffic to external networks, the lack of identity authentication on ".local." domain requests, and the lack of rate-limiting on ".local." domain responses, which poses the leakage of link-local device information and the risk of DDoS attacks. Furthermore, the document proposes a set of best practices and technical solutions to mitigate these risks and ensure that ".local." domain name resolution remains confined within the local network segment.
_______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
