On Jul 3, 2014, at 7:00 AM, Andrew Sullivan <[email protected]> wrote:
> On Thu, Jul 03, 2014 at 02:39:26PM +0200, Juliusz Chroboczek wrote: >> I'm increasingly confused. RFC 5625 is about proxying DNS requests from >> the LAN. Daniel's draft is about proxying dynamic DNS updates, right? > > Yes. My impression is that the idea in Daniel's draft is that the ISP > will take the load of most DNS queries, and will effectively mark a > boundary of split-horizon, so that some names resolve both outside and > inside the local network, and some will resolve only inside. This is > really a formalization of the way many CPE systems already work, where > they update services like Dyn (full disclosure: my employer), no-ip, > and so on. The differences seem to be (1) that the relationship is > somehow stapled to the ISP rather than to an outside service and (2) > that the commands all flow over Dynamic Update as opposed to any other > protocol. Personally, I see the value in (2), but I'm worried about > (1). Thinking as a vendor, I note that (2) basically means ditching a > lot of running code, although for a protocol I think is poorly > designed. Dear Andrew, Since mDNS is unable to make determinations regarding the ability of a device to safely interact with the Internet, an overlay approach could be taken. Although details are missing from the Hybrid Unicast/Multicast DNS-Based Service Discovery draft, use of ULAs can better establish a secure separation than can a split-horizon. DNS was never intended to keep information private, especially within an environment having uncertain network boundaries with informal input schemes. Use of ULAs can replicate the securities permitted by use of link-local by mDNS while also permitting continued operation when ISP up-links are disrupted. For some references see: https://tools.ietf.org/html/draft-otis-dnssd-mdns-xlink Regards, Douglas Otis
_______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
