X-Git-Url: http://git.rohieb.name/skm-ma-ws1314.git/blobdiff_plain/747e9d2a6f3468676b5e60d20e488e9a7891b06d..a1c81dce7c7d4e3a0e6e1f446eaeb893845fd680:/sec-dns-extensions.tex diff --git a/sec-dns-extensions.tex b/sec-dns-extensions.tex new file mode 100644 index 0000000..7ef413c --- /dev/null +++ b/sec-dns-extensions.tex @@ -0,0 +1,82 @@ +\subsection{Extensions to the Domain Name System}\label{sec:dns} + +In a distributed context, it is often not feasible to rely on a central, +authoritative DNS server, and there is usually no easy way to discover services. +The first problem is addressed with \term{Multicast DNS}, and since DNS is +basically a key-value store, it can also be used for service discovery, which is +achieved using \term{DNS-Based Service Discovery}. Both techniques were first +developed by Apple as part of the \term{Bonjour} project, and are now maintained +by the IETF Zeroconf working group. + +\subsubsection{Multicast DNS} + +\term{Multicast DNS}~\cite{rfc6762} (mDNS) describes an extension to the Domain +Name System that allows DNS resource records to be distributed on multiple hosts +in a network, therefore avoiding central authorities and enabling every host to +publish its own entries. For that purpose, a special domain, usually +named \code{.local}, is used. + +Software that supports mDNS listens on the reserved +link-local multicast address \code{224.0.0.251} (for IPv4 queries) or +\code{FF02::FB} (for IPv6 queries) on UDP port 5353 for incoming queries. +Queries sent to those multicast address and port are standard DNS queries. +If a host receives a query and knows about the queried resource, it responds to the +querying host with a standard DNS response. The querying host can then simply +finish and use the result, or wait until other hosts respond to its query. The +latter is typically the case when a record can have multiple values, as it is +the case with \code{SRV} and \code{PTR} records. + +Another feature of Multicast DNS is the reduction of traffic through +\term{Known-Answer Suppression}. It allows a querying host to specify already +known resources in its query when querying resources that could exist on more +than one host (e.~g., SRV records). The hosts matching those resources then do +not generate a response. + +Finally, hosts may also send unsolicited responses. This can be used to notify +the network of new services available on a host. + +\pages{1} + +\subsubsection{DNS-Based Service Discovery}\label{sec:dnssd} + +As another recent extension for the Domain Name System, \term{DNS-Based Service +Discovery (DNS-SD)}~\cite{rfc6763} uses DNS records of types +\code{SRV}~\cite{rfc2782} and \code{PTR} in a way that allows hosts to browse +for services in a domain. As an example, Figure~\ref{fig:dnssd} shows the +process of browsing for all XMPP clients in the domain \code{example.org}. +This is a two-step process, consisting of \term{Service Instance Enumeration} +and \term{Service Instance Resolution}. + +\begin{figure}[top] + \centering + \includegraphics[width=0.9\textwidth]{fig-dnssd-mock.jpg} + \caption{DNS-SD: Service Instance Enumeration and Resolution + \todo[XMPP is a bad example here, use IPP]} + \label{fig:dnssd} +\end{figure} + +\paragraph{Service Instance Enumeration} At first, to enumerate the available +services in a domain for a given protocol, a DNS-SD-enabled client queries +resources of type \code{PTR} of the form \code{\_service.\_proto.domain}. The +result of this query is then a list of \term{instance names} of the form +\code{name.\_service.\_proto.domain} which provide the specified service. For +example, in Figure~\ref{fig:dnssd}, by querying for +\code{\_ipp.\_tcp.\_example.org}, all printers supporting the IPP protocol in the +domain \code{example.org} are enumerated, and as a result, the instance names of +three hosts are returned. + +\paragraph{Service Instance Resolution} As a second step, the returned instance +names are resolved as \code{SRV} records to retrieve the actual host names and +port numbers of a service. In the example, resolution of one instance name shows +that an IPP server is running at host \code{gutenberg.example.org} on port 5222. +Additionally, an optional \code{TXT} record with the same instance name can +contain further information about the service (e.~g., information about the +supported paper sizes). + +Through the usage of \code{SRV} records, it is easily possible for a service to +inform clients about non-standard port numbers, and especially in connection +with Multicast DNS makes it easy to deploy decentralized systems for the +Internet of Things~\cite{Klauck:2012:BCC:2352852.2352881}. + +\pages{1} +% vim: set ft=tex et ts=2 sw=2 :