> On 19 Jul 2018, at 11:30 pm, Juliusz Chroboczek <j...@irif.fr> wrote: > >> I am not speaking about discovery within the Homenet. I am speaking about >> exporting names into the global DNS, which is what Daniel's draft is >> about. > >> Yes, but the problem is that you are treating this as if these are two >> separate problems, but they are not. > > These are two completely different problems, with different default > behaviours and different failure modes. > > The default behaviour for the local zone is that devices should be > discoverable. The default behaviour for the public DNS is that a device > should not be published unless it takes explicit action. > > It makes a lot of sense to have two different protocols, rather than > essentially leaking a local zone into the ISP's DNS servers. > >> I'm not following your reasoning here -- why does the zone being tied to >> the ISP imply that we must use a more complex protocol? > >> Doing this transaction over HTTP means another service that the ISP has >> to operate, > > Not the ISP, a third-party DNS provider. That's the whole point. > >> and another service that the HNR has to connect to. > > Not the HNR, the end host. That's the whole point. > > And it's literally four lines of shell: > > while true; do > wget --post-data 'name=gameserver.myhome.net&password=topsecret' \ > https://dyndns.example.com > sleep $((24 * 3600)) > done
vs while true; do ( # delete all the existing AAAA records update delete host.example.com IN AAAA # add in all the GUA AAAA records ifconfig -a inet6 | sed -n -e '/%/d' -e '/ ::1 /d' -e '/ fd[0-9a-f][[0-9a-f]:/dā \ -e 's/inet6/update add host.example.com 3600 IN AAAA/ā \ -e 's/ prefixlen.*//pā # tell nsupdate to send the update request. Nsupdate will work out zone and # DNS servers to send the update request too. echo send ) | nsupdate -y Khost.example.net.+001+56524 sleep $((24 * 3600)) done >> Quite the opposite. In the trivial update protocol, the update is >> end-to-end, encrypted, and only the host and the DNS provider see the >> data. > >> You've published a record in a public zone. It doesn't matter that the >> protocol you used to publish it is privacy-protecting, because the >> publication of the name immediately negated that. > > With delegation through an ISP-controlled hidden master, the ISP gets > a database of all the names published by all of its users. > > With an encrypted connection to a DNS provider, the ISP needs to troll all > of the DNS providers in order to build such a database. > >> I actually share your concern that what he's got written down right now >> is more complicated than it needs to be, and this is partly because it >> was originally motivated by his work at an ISP. > > Uh-huh. > > -- Juliusz > > _______________________________________________ > homenet mailing list > homenet@ietf.org > https://www.ietf.org/mailman/listinfo/homenet -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet