Service Registration Protocol for DNS-Based Service Discovery
Apple Inc.
One Apple Park Way
Cupertino
California
95014
USA
+1 408 974 3207
cheshire@apple.com
Nibbhaya Consulting
P.O. Box 958
Brattleboro
Vermont
United States of America
05302
mellon@fugue.com
Internet
Internet Engineering Task Force
Multicast DNS
DNS-Based Service Discovery
DNS Update
SIG(0)
RFC
Request for Comments
I-D
Internet-Draft
The Service Registration Protocol for DNS-Based Service Discovery uses the standard DNS Update mechanism to
enable DNS-Based Service Discovery using only unicast packets. This makes it possible to deploy DNS
Service Discovery without multicast, which greatly improves scalability
and improves performance on networks where multicast service is not an optimal choice,
particularly 802.11 (Wi&nbhy;Fi) and 802.15.4 (IoT) networks. DNS&nbhy;SD Service registration uses
public keys and SIG(0) to allow services to defend their registrations against attack.
DNS-Based Service Discovery
is a component of Zero Configuration Networking
.
This document describes an enhancement to DNS-Based Service
Discovery that allows services to automatically register their services using the
DNS protocol rather than using Multicast
DNS (mDNS). There is already a large installed base of DNS&nbhy;SD
clients that can discover services using the DNS protocol. This extension makes it
much easier to take advantage of this existing functionality.
This document is intended for three audiences: implementors of software that provides
services that should be advertised using DNS&nbhy;SD, implementors of DNS servers that will be
used in contexts where DNS&nbhy;SD registration is needed, and administrators of networks where
DNS&nbhy;SD service is required. The document is intended to provide sufficient information to
allow interoperable implementation of the registration protocol.
DNS-Based Service Discovery (DNS&nbhy;SD) allows services to advertise the fact that they
provide service, and to provide the information required to access that service. Clients
can then discover the set of services of a particular type that are available. They can
then select a service from among those that are available and obtain the information
required to use it.
The Service Registration Protocol for DNS&nbhy;SD (SRP), described in this document, provides a
reasonably secure mechanism for publishing this information. Once published, these
services can be readily discovered by clients using standard DNS lookups.
The DNS&nbhy;SD specification, Section
10 (“Populating the DNS with Information”), briefly discusses ways that services can publish
their information in the DNS namespace. In the case of mDNS, it allows services to publish their information on the
local link, using names in the ".local" namespace, which makes their
services directly discoverable by peers attached to that same local link.
RFC6763 also allows clients to discover services using the DNS protocol.
This can be done by having a system administrator manually configure service
information in the DNS, but manually populating DNS authoritative server databases is
costly and potentially error-prone, and requires a knowledgable network administrator.
Consequently, although all DNS&nbhy;SD client implementations of which we are aware support
DNS&nbhy;SD using DNS queries, in practice it is used much less frequently than mDNS.
The Discovery Proxy provides one way to
automatically populate the DNS namespace, but is only appropriate on networks where
services are easily advertised using mDNS. This document describes a solution more
suitable for networks where multicast is inefficient, or where sleepy devices are common,
by supporting both offering of services, and discovery of services, using unicast.
Services that implement SRP use DNS Update
to publish service information in the DNS.
Two variants exist, one for full-featured hosts,
and one for devices designed for "Constrained-Node Networks" .
Full-featured hosts are either configured manually with a registration domain,
or use the "dr._dns&nbhy;sd._udp.<domain>" query ( Section 11)
to learn the default registration domain from the network.
RFC6763 says to discover the registration domain using either ".local" or a network-supplied
domain name for <domain>. Services using SRP MUST use
the domain name received through the DHCPv4 Domain Name option ( section 3.17),
if available, or the Neighbor Discovery DNS Search List option .
If the DNS Search List option contains more than one domain name, it MUST NOT be used.
If neither option is available, the Service Registration protocol is not available on
the local network.
Manual configuration of the registraton domain can be done either by querying the list
of available registration
zones ("r._dns&nbhy;sd._udp") and allowing the user to select one from the UI, or by any other
means appropriate to the particular use case being addressed.
Full-featured devices construct
the names of the SRV, TXT, and PTR records describing their service(s) as subdomains of
the chosen service registration domain.
For these names they then discover the zone apex of the closest enclosing DNS zone
using SOA queries .
Having discovered the enclosing DNS zone, they query for the "_dnssd&nbhy;srp._tcp<zone>" SRV record
to discover the server to which they should send DNS updates. Hosts that support SRP updates using TLS use
the "_dnssd&nbhy;srp&nbhy;tls._tcp<zone>" SRV record instead.
For devices designed for Constrained-Node Networks some simplifications are available.
Instead of being configured with (or discovering) the service registration domain,
the (proposed) special-use domain name (see ) "default.service.arpa" is used.
Instead of learning the server to which they should send DNS updates,
a fixed IPv6 anycast address is used (value TBD). Anycasts are sent using UDP unless TCP is required due
to the size of the update.
It is the responsibility of a Constrained-Node Network supporting SRP
to provide appropriate anycast routing to deliver the DNS updates to the appropriate server.
It is the responsibility of the SRP server supporting a Constrained-Node Network
to handle the updates appropriately.
In some network environments, updates may be accepted directly into a local "default.service.arpa" zone,
which has only local visibility.
In other network environments, updates for names ending in "default.service.arpa" may be rewritten internally
to names with broader visibility.
The reason for these different assumptions is that Constrained-Node Networks generally require special
egress support, and Anycast packets captured at the Constrained-Node Network egress can be
assumed to have originated locally. Low-power devices that typically use Constrained-Node Networks may
have very limited battery power. The additional DNS lookups required to discover
an SRP server and then communicate with it will increase
the power required to advertise a service; for low-power devices, the additional flexibility
this provides does not justify the additional use of power.
General networks have the potential to have more complicated topologies at the
Internet layer, which makes anycast routing more difficult. Such networks may or may
not have the infrastructure required to route anycast to a server that can process it.
However, they can be assumed to be able to provide registration domain discovery and
routing. By requiring the use of TCP, the possibility of off-network spoofing is
eliminated.
We
will discuss several parts to this process: how to know what to publish, how to know where
to publish it (under what name), how to publish it, how to secure its publication, and how
to maintain the information once published.
We refer to the DNS Update message sent by services using SRP as an SRP update.
Three types of updates appear in an SRP update:
Service Discovery records,
Service Description records, and
Host Description records.
Service Discovery records are one or more PTR RRs,
mapping from the generic service type (or subtype)
to the specific Service Instance Name.
Service Description records are exactly one SRV RR, exactly one KEY RR, and one or more TXT RRs,
all with the same name, the Service Instance Name ( section 4.1).
In principle Service Description records can include other record types,
with the same Service Instance Name, though in practice they rarely do.
The Service Instance Name MUST be referenced by one or more Service Discovery PTR records,
unless it is a placeholder service registration for an intentionally non-discoverable service name.
The Host Description records for a service are a KEY RR,
used to claim exclusive ownership of the service registration,
and one or more RRs of type A or AAAA,
giving the IPv4 or IPv6 address(es) of the host where the service resides.
RFC 6763 describes the details of what each of these types of updates contains and is
the definitive source for information about what to publish; the reason for summarizing
this here is to provide the reader with enough information about what will be published
that the service registration process can be understood at a high level without first
learning the full details of DNS&nbhy;SD. Also, the "Service Instance Name" is an important
aspect of first-come, first-serve naming, which we describe later on in this
document.
Multicast DNS uses a single namespace, ".local", which is valid on the local link.
This convenience is not available for DNS&nbhy;SD using the DNS protocol:
services must exist in some specific unicast namespace.
As described above, full-featured devices are responsible for knowing
in what domain they should register their services.
Devices made for Constrained-Node Networks register in
the (proposed) special use domain name "default.service.arpa",
and let the SRP server handle rewriting that to
a different domain if necessary.
It is possible to issue a DNS Update that does several things at once; this means
that it's possible to do all the work of adding a PTR resource record to the PTR RRset
on the Service Name, and creating or
updating the Service Instance Name and Host Description, in a single transaction.
An SRP update takes advantage of this: it is implemented as a single DNS Update message
that contains a service's Service Discovery records, Service Description records, and Host
Description records.
Updates done according to this specification are somewhat different than regular DNS
Updates as defined in RFC2136. RFC2136 uses a fairly heavyweight process for updating:
you might first attempt to add a name if it doesn't exist; if that fails, then in a
second message you might update the name if it does exist but matches certain
preconditions. Because the registration protocol uses a single transaction, some of
this adaptability is lost.
In order to allow updates to happen in a single transaction, SRP updates do not
include update prerequisites. The specified in
are implicit in the processing of SRP updates, and so there is no need for the
service sending the SRP update to put in any explicit prerequisites.
DNS&nbhy;SD Service Registration is based on standard RFC2136 DNS Update, with some differences:
It implements first-come first-served name allocation, protected using SIG(0) .
It enforces policy about what updates are allowed.
It optionally performs rewriting of "default.service.arpa" to some other domain.
It optionally performs automatic population of the address-to-name reverse mapping domains.
An SRP server is not required to implement general DNS Update prerequsite processing.
Simplified clients are allowed to send updates to an anycast address, for names
ending in "default.service.arpa"
It may be useful to set up a DNS server for testing that does not implement SRP.
This can be done by configuring the server to listen on
the anycast address, or advertising it in the _dnssd&nbhy;srp._tcp.<zone> SRV and
_dnssd&nbhy;srp&nbhy;tls._tcp.<zone> record.
It must be configured to be authoritative for "default.service.arpa", and
to accept updates from hosts on local networks for names under "default.service.arpa" without
authentication, since such servers will not have support for FCFS authentication
.
A server configured in this way will be able to successfully accept and process
SRP updates from services that send SRP updates. However, no prerequisites will be
applied, and this means that the test server will accept internally inconsistent
SRP updates, and will not stop two SRP updates, sent by different services, that
claim the same name(s), from overwriting each other.
Since SRP updates are signed with keys, validation of the SIG(0) algorithm used
by the client can be done by manually installing the client public key on the DNS server
that will be receiving the updates. The key can then be used to authenticate the
client, and can be used as a requirement for the update. An example configuration
for testing SRP using BIND 9 is given in .
Ordinarily SRP updates will fail when sent to an RFC 2136-compliant
server that does not implement SRP
because the zone being updated is "default.service.arpa", and no DNS server that is
not an SRP server should normally be configured to be authoritative
for "default.service.arpa". Therefore, a service that sends an SRP update can tell that the
receiving server does not support SRP, but does support RFC2136,
because the RCODE will either be NOTZONE, NOTAUTH or REFUSED, or because there is no
response to the update request (when using the anycast address)
In this case a service MAY attempt to register itself using regular RFC2136 DNS
updates. To do so, it must discover the default registration zone and the DNS server
designated to receive updates for that zone, as described earlier, using the
_dns&nbhy;update._udp SRV record. It can then make the update using the port and host
pointed to by the SRV record, and should use appropriate prerequisites to avoid
overwriting competing records. Such updates are out of scope for SRP, and a service that
implements SRP MUST first attempt to use SRP to register itself, and should only attempt
to use RFC2136 backwards compatibility if that fails. Although the owner name for the SRV
record specifies the UDP protocol for updates, it is also possible to use TCP, and TCP
should be required to prevent spoofing.
Traditional DNS update is secured using the TSIG protocol, which uses a secret key
shared between the client (which issues the update) and the server (which authenticates
it). This model does not work for automatic service registration.
The goal of securing the DNS&nbhy;SD Registration Protocol is to provide the best possible
security given the constraint that service registration has to be automatic. It is
possible to layer more operational security on top of what we describe here, but what we
describe here improves upon the security of mDNS. The goal is not to provide the level
of security of a network managed by a skilled operator.
First-Come First-Serve naming provides a limited degree of security: a service that
registers its service using DNS&nbhy;SD Registration protocol is given ownership of a name
for an extended period of time based on the key used to authenticate the DNS Update.
As long as the registration service remembers the name and the key used
to register that name, no other service can add or update the information
associated with that.
FCFS naming is used to protect both the Service Description and the Host Description.
The service generates a public/private key pair. This key pair MUST be stored in
stable storage; if there is no writable stable storage on the client, the client
MUST be pre-configured with a public/private key pair in read-only storage that can
be used. This key pair MUST be unique to the device.
When sending DNS updates, the service includes a KEY record containing the public
portion of the key in each Host Description update and each Service Description update.
Each KEY record MUST contain the same public key.
The update is signed using SIG(0), using
the private key that corresponds to the public key in the KEY record. The lifetimes
of the records in the update is set using the EDNS(0) Update Lease option
.
The KEY record in Service Description updates MAY be omitted for brevity; if it is
omitted, the SRP server MUST behave as if the same KEY record that is given for the Host
Description is also given for each Service Description for which no KEY record is provided.
Omitted KEY records are not used when computing the SIG(0) signature.
The lifetime of the DNS&nbhy;SD PTR, SRV, A, AAAA and TXT
records uses the LEASE field of the Update Lease option, and is typically set
to two hours. This means that if a device is disconnected from the network, it does
not appear in the user interfaces of devices looking for services of that type for
too long.
The lifetime of the KEY records is set using the KEY-LEASE field of the Update Lease
Option, and should be set to a much longer time,
typically 14 days. The result of this is that even though a device may be
temporarily unplugged, disappearing from the network for a few days, it makes a
claim on its name that lasts much longer.
This means that even if a device is unplugged from the network for a few days,
and its services are not available for that time, no other rogue device
can come along and immediately claim its name the moment it disappears
from the network.
In the event that a device is unplugged from the network and permanently discarded,
then its name is eventually cleaned up and made available for
re-use.
The SRP server first validates that the SRP update is a syntactically and semantically valid
DNS Update according to the rules specified in RFC2136.
The SRP server checks each update in the SRP update to see that it contains
a Service Discovery update,
a Service Description update, and
a Host Description update.
Order matters in DNS updates. Specifically, deletes must precede adds for records
that the deletes would affect; otherwise the add will have no effect. This is the
only ordering constraint; aside from this constraint, updates may appear in whatever
order is convenient when constructing the update.
Because the SRP update is a DNS update, it MUST contain a single question that
indicates the zone to be updated. Every delete and update in an SRP update MUST be within
the zone that is specified for the SRP Update.
An update is a Service Discovery update if it contains
exactly one RRset update,
which is for a PTR RR,
which points to a Service Instance Name
for which an update is present in the SRP update.
Service Discovery updates do not contain any deletes, and do not contain any other updates.
An update is a Service Description update if, for the appropriate Service Instance Name, it contains
exactly one "Delete all RRsets from a name" update,
exactly one SRV RRset update,
zero or one KEY RR update that adds a KEY RR that contains the public key
corresponding to the private key that was used to sign the message (if present, the KEY
MUST match the KEY RR given in the Host Description),
one or more TXT RRset updates,
and the target of the SRV record update references a hostname for which
there is a Host Description update in the SRP update.
Service Descriptions do not update any other records.
An update is a Host Description update if, for the appropriate hostname, it contains
exactly one "Delete all RRsets from a name" update,
one or more A or AAAA RR update(s)
exactly one KEY RR update that adds a KEY RR that contains the public key corresponding to the
private key that was used to sign the message,
there is a Service Instance Name update in the SRP update that updates an
SRV RR so that it points to the hostname being updated by this update.
Host Description updates do not update any other records.
An SRP update MUST include at least one Service Discovery update, at least one Service
Description update, and exactly one Host Description update. An update message that does
not is not an SRP update. An update message that contains any other updates, any other
deletes, or any update prerequisites, is not an SRP update. Such messages should either be
processed as regular RFC2136 updates, including access control checks and constraint
checks, if supported, or else rejected with RCODE=REFUSED.
Note that if the definitions of each of these update types are followed carefully,
this means that many things that look very much like SRP updates nevertheless are
not. For example, a DNS update that contains an update to a Service Name and an
update to a Service Instance Name, where the Service Name does not reference the
Service Instance Name, is not a valid SRP update message, but may be a valid RFC2136
update.
Assuming that an update message has been validated with these conditions and is a
valid SRP update, the server checks that the name in the Host Description update
exists. If so, then the server checks to see if the KEY record on the name is the
same as the KEY record in the update. The server performs the same check for the KEY records in
any Service Description update. For KEY records that were omitted, the KEY from the
Host Description update is used.
If any existing KEY record corresponding to a KEY record in the SRP update does not match
the KEY record in the SRP update, then the server MUST reject
the SRP update
with the YXDOMAIN RCODE.
Otherwise, the server validates the SRP update using SIG(0) on the public key in the
KEY record of the Host Description update. If the validation fails, the server MUST
reject the
SRP Update with the REFUSED RCODE. Otherwise, the SRP update is considered valid and authentic, and
is processed according to the method described in RFC2136.
KEY record updates omitted from Service Description update are processed as if they had
been explicitly present: every Service Description that is updated MUST, after the update,
have a KEY RR, and it must be the same KEY RR that is present in the Host Description to
which the Service Description refers.
The status that is returned depends on the result of processing the update, and can be
either SUCCESS or SERVFAIL: all other possible outcomes should already have been accounted
for when applying the constraints that qualify the update as an SRP Update.
The server MAY add a Reverse Mapping that corresponds to the Host Description.
This is not required because the Reverse Mapping serves no protocol function, but
it may be useful for debugging, e.g. in annotating network packet traces or logs.
In order for the server to add a reverse mapping update, it must be authoritative for
the zone or have credentials to do the update. The client MAY also do a reverse
mapping update if it has credentials to do so.
The server MAY apply additional criteria when accepting updates. In some networks,
it may be possible to do out-of-band registration of keys, and only accept updates
from pre-registered keys. In this case, an update for a key that has not been registered
should be rejected with the REFUSED RCODE.
There are at least two benefits to doing this rather than simply using normal
SIG(0) DNS updates. First, the same registration protocol can be used in both cases,
so both use cases can be addressed by the same service implementation. Second, the
registration protocol includes maintenance functionality not present with normal DNS
updates.
Note that the semantics of using SRP in this way are different than
for typical RFC2136 implementations: the KEY used to sign the SRP update
only allows the client to update records that refer to its Host Description. RFC2136
implementations do not normally provide a way to enforce a constraint of this type.
The server may also have a dictionary of names or name patterns that are not
permitted. If such a list is used, updates for Service Instance Names that match
entries in the dictionary are rejected with YXDOMAIN.
All RRs within an RRset are required to have the same TTL
(Clarifications to the DNS Specification, Section 5.2).
In order to avoid inconsistencies, SRP places restrictions
on TTLs sent by services and requires that SRP Servers enforce
consistency.
Services sending SRP updates MUST use consistent TTLs in all RRs within the
SRP update.
SRP update servers MUST check that the TTLs for all RRs within
the SRP update are the same. If they are not, the SRP update MUST be rejected
with a REFUSED RCODE.
Additionally, when adding RRs to an RRset, for example when processing Service
Discovery records, the server MUST use the same TTL on all RRs in the RRset.
How this consistency is enforced is up to the implementation.
TTLs sent in SRP updates are advisory: they indicate the client's guess as to what
a good TTL would be. SRP servers may override these TTLs.
SRP servers SHOULD ensure that TTLs are reasonable: neither
too long nor too short. The TTL should never be longer than the lease time
. Shorter TTLs will result in more frequent data refreshes;
this increases latency on the client side, and increases load on any caching resolvers
and on the authoritative server. Longer TTLs will increase the likelihood that data
in caches will be stale. TTL minimums and maximums SHOULD be configurable by the
operator of the SRP server.
Because the DNS&nbhy;SD registration protocol is automatic, and not managed by humans,
some additional bookkeeping is required. When an update is constructed by the client,
it MUST include include an EDNS(0) Update Lease Option .
The Update Lease Option contains two lease times: the Lease Time and the Key
Lease Time.
These leases are promises, similar to DHCP leases,
from the client that it will send a new update for the service registration before the
lease time expires. The Lease time is chosen to represent the time after the
update during which the registered records other than the KEY record should be assumed
to be valid. The Key Lease time represents the time after the update during
which the KEY record should be assumed to be valid.
The reasoning behind the different lease times is discussed in the section on first-come,
first-served naming . SRP servers may be configured
with limits for these values. A default limit of two hours for the Lease and 14 days for the
SIG(0) KEY are currently thought to be good choices. Clients that are going to continue to use
names on which they hold leases should update well before the lease ends, in case the registration
service is unavailable or under heavy load.
The SRP server MUST include an EDNS(0) Update Lease option in the
response if the lease time proposed by the service has been shortened or lengthened. The service
MUST check for the EDNS(0) Update Lease option in the response and MUST use the lease
times from that option in place of the options that it sent to the server when
deciding when to update its registration. The times may be shorter or longer than
those specified in the SRP update; the client must honor them in either case.
Clients should assume that each lease ends N seconds after the update was first
transmitted, where N is the lease duration. Servers should assume that each lease
ends N seconds after the update that was successfully processed was received. Because
the server will always receive the update after the client sent it, this avoids the
possibility of misunderstandings.
SRP servers MUST reject updates that do not include an
EDNS(0) Update Lease option. Dual-use servers MAY accept updates that don't include
leases, but SHOULD differentiate between SRP updates and
other updates, and MUST reject updates that would otherwise be SRP updates
updates if they do not include leases.
Lease times have a completely different function than TTLs. On an authoritative
DNS server, the TTL on a resource record is a constant: whenever that RR is served in
a DNS response, the TTL value sent in the answer is the same. The lease time is never
sent as a TTL; its sole purpose is to determine when the authoritative DNS server will
delete stale records. It is not an error to send a DNS response with a TTL of 'n' when
the remaining time on the lease is less than 'n'.
Another use of SRP is for devices
that sleep to reduce power consumption.
In this case, in addition to the
DNS Update Lease option
described above, the device includes an
EDNS(0) OWNER Option.
The EDNS(0) Update Lease option constitutes a promise by the device
that it will wake up before this time elapses, to renew its registration
and thereby demonstrate that it is still attached to the network.
If it fails to renew the registration by this time, that indicates that it is
no longer attached to the network, and its registration (except for the KEY in the
Host Description) should be deleted.
The EDNS(0) OWNER Option indicates that the device will be asleep,
and will not be receptive to normal network traffic.
When a DNS server receives a DNS Update with an EDNS(0) OWNER Option,
that signifies that the SRP server should set up a proxy for any
IPv4 or IPv6 address records in the DNS Update message.
This proxy should send ARP or ND messages claiming
ownership of the IPv4 and/or IPv6 addresses in the records in question.
In addition, proxy should answer future ARP or ND requests
for those IPv4 and/or IPv6 addresses, claiming ownership of them.
When the DNS server receives a TCP SYN or UDP packet addressed to
one of the IPv4 or IPv6 addresses for which it proxying, it should
then wake up the sleeping device using the information in the
EDNS(0) OWNER Option. At present version 0 of the OWNER Option
specifies the “Wake-on-LAN Magic Packet” that needs to be sent;
future versions could be extended to specify other wakeup mechanisms.
Note that although the authoritative DNS server that implements the SRP
function need not be on the same link as the
sleeping host, the Sleep Proxy must be on the same link.
It is not required that sleepy nodes on a Constrained-Node Network support sleep
proxy. Such devices may have different mechanisms for dealing with sleep and wakeup.
An SRP registration for such a device will be useful regardless of the mechanism
whereby messages are delivered to the sleepy end device. For example, the message
might be held in a buffer for an extended period of time by an intermediate device
on a mesh network, and then delivered to the device when it wakes up. The exact
details of such behaviors are out of scope for this document.
SRP updates have no authorization semantics other than
first-come, first-served. This means that if an attacker from outside of the administrative
domain of the server knows the server's IP address, it can in principle send updates to the server
that will be processed successfully. Servers should therefore be configured to reject updates
from source addresses outside of the administrative domain of the server.
For Anycast updates, this validation must be enforced by every router that connects the
Constrained-Device Network
to the unconstrained portion of the network. For TCP updates, the initial SYN-SYN+ACK
handshake prevents updates being forged by an off-network attacker. In order to ensure that this
handshake happens, Service Discovery Protocol servers MUST NOT accept TCP Fast Open payloads.
Note that these rules only apply to the validation of SRP updates.
A server that accepts updates from DNS&nbhy;SD registration protocol
clients may also accept other DNS updates, and those DNS updates may be validated
using different rules. However, in the case of a DNS service that accepts SRP
updates, the intersection of the SRP update rules and
whatever other update rules are present must be considered very carefully.
For example, a normal, authenticated RFC2136 update to any RR that was added using SRP,
but that is authenticated using a different key, could be used to
override a promise made by the registration protocol, by replacing all or part of the
service registration information with information provided by a different client. An
implementation that allows both kinds of updates should not allow updates to records added
by SRP updates using different authentication and authorization credentials.
This specification does not provide a mechanism for validating responses from DNS servers to
SRP clients. In the case of Constrained Network/Constrained Node clients, such validation isn't
practical because there's no way to establish trust. In principle, a KEY RR could be used by
a non-constrained SRP client to validate responses from the server, but this is not required,
nor do we specify a mechanism for determining which key to use.
For validation, SRP Servers MUST implement the ECDSAP256SHA256 signature algorithm.
SRP servers SHOULD implement the algorithms specified in section 3.1, in the validation column of the
table, starting with algorithm number 13. SRP clients MUST NOT assume that any
algorithm numbered lower than 13 is available for use in validating SIG(0) signatures.
Because DNSSD SRP updates can be sent off-link, the privacy implications of SRP are different
than for multicast DNS responses. Host implementations that are using TCP SHOULD also use TLS
if available. Server implementations MUST offer TLS support. The use of TLS with DNS is described
in and .
Hosts that implement TLS support SHOULD NOT fall back to TCP; since servers are required to support
TLS, it is entirely up to the host implementation whether to use it.
In order to be fully functional, there must be a delegation of 'service.arpa.' in the
'.arpa.' zone . This delegation should be set up as was done for
'home.arpa', as a result of the specification in Section 7.
IANA is requested to record the domain name 'service.arpa.' in the Special-Use Domain Names registry
. IANA is requested, with the approval of IAB, to implement the delegation requested in
.
IANA is further requested to add a new entry to the "Transport-Independent Locally-Served Zones" subregistry of the
the "Locally-Served DNS Zones" registry. The entry will be for the domain 'service.arpa.' with the
description "DNS&nbhy;SD Registration Protocol Special-Use Domain", listing this document as the reference.
IANA is also requested to add a new entry to the Service Names and Port Numbers
registry for dnssd-srp with a transport type of tcp. No port number is to be assigned.
The reference should be to this document, and the Assignee and Contact information should
reference the authors of this document. The Description should be as follows:
Availability of DNS Service Discovery Service Registration Protocol Service for a
given domain is advertised using the "_dnssd&nbhy;srp._tcp.<domain>." SRV record gives
the target host and port where DNSSD Service Registration Service is provided for the
named domain.
IANA is also requested to add a new entry to the Service Names and Port Numbers
registry for dnssd-srp with a transport type of tcp. No port number is to be assigned.
The reference should be to this document, and the Assignee and Contact information should
reference the authors of this document. The Description should be as follows:
Availability of DNS Service Discovery Service Registration Protocol Service for a
given domain over TLS is advertised using the "_dnssd&nbhy;srp&nbhy;tls._tcp.<domain>."
SRV record gives the target host and port where DNSSD Service Registration Service is
provided for the named domain.
IANA is requested to allocate an IPv6 Anycast address from the IPv6 Special-Purpose Address
Registry, similar to the Port Control Protocol anycast address, 2001:1::1. This address is referred
to within the document as TBD1, and the document should be updated to reflect the address that was
allocated.
Thanks to Toke Høiland-Jørgensen for a thorough technical review, to Tamara Kemper for
doing a nice developmental edit, Tim Wattenberg for doing a service implementation at the
Montreal Hackathon at IETF 102, Tom Pusateri for reviewing during the hackathon and afterwards,
and [...] more reviewers to come, hopefully.
Special-Use Domain Names Registry
Locally-Served DNS Zones Registry
Zero Configuration Networking: The Definitive Guide