X-Git-Url: https://git.rohieb.name/skm-ma-ws1314.git/blobdiff_plain/fa6284da96446dd4a438bfb72d0e51c367dd3647..68e1003b79478493d68d1dc8a2a697e31d306b2d:/sec-dns-extensions.tex diff --git a/sec-dns-extensions.tex b/sec-dns-extensions.tex index d3ec16e..93921fd 100644 --- a/sec-dns-extensions.tex +++ b/sec-dns-extensions.tex @@ -5,79 +5,71 @@ authoritative DNS server, and there is usually no easy way to discover services. The first problem is addressed with \term{Multicast DNS}, and since DNS is basically a key-value store, it can also be used for service discovery, which is achieved using \term{DNS-Based Service Discovery}. Both techniques were first -developed by Apple as part of the \term{Bonjour} project, and are now maintained -by the IETF Zeroconf working group. +developed by Apple as part of the \term{Bonjour} +project\footnote{\url{https://developer.apple.com/bonjour/}}, and are now +maintained by the IETF Zeroconf working +group\footnote{\url{http://zeroconf.org}}. \subsubsection{Multicast DNS} -\term{Multicast DNS}~\cite{rfc6762} (mDNS) describes an extension to the Domain +\term{Multicast DNS} (mDNS)~\cite{rfc6762} describes an extension to the Domain Name System that allows DNS resource records to be distributed on multiple hosts in a network, therefore avoiding central authorities and enabling every host to -publish its own entries. For that purpose, a special domain, usually -named \code{.local}, is used. +publish its own entries. For that purpose, a special top-level domain, is used, +usually named \code{.local}, which contains those entries. Software that supports mDNS listens on the reserved link-local multicast address \code{224.0.0.251} (for IPv4 queries) or -\code{FF02::FB} (for IPv6 queries) on UDP port 5353 for incoming queries. +\code{ff02::fb} (for IPv6 queries) on UDP port 5353 for incoming queries. Queries sent to those multicast address and port are standard DNS queries. If a host receives a query and knows about the queried resource, it responds to the querying host with a standard DNS response. The querying host can then simply finish and use the result, or wait until other hosts respond to its query. The latter is typically the case when a record can have multiple values, as it is -the case with \code{SRV} and \code{PTR} records. +the case with \code{SRV} and \code{PTR} records (which will be discussed in the +next section). Another feature of Multicast DNS is the reduction of traffic through \term{Known-Answer Suppression}. It allows a querying host to specify already known resources in its query when querying resources that could exist on more -than one host (e.~g., SRV records). The hosts matching those resources then do +than one host (e.\,g., SRV records). The hosts matching those resources then do not generate a response, thus reducing the messages in the network and saving bandwidth, which is usually a scarce resource in wireless networks. +\enlargethispage{2\baselineskip} Finally, hosts may also send unsolicited responses. This can be used to notify the network of new services available on a host. -\pages{1} - \subsubsection{DNS-Based Service Discovery}\label{sec:dnssd} As another recent extension for the Domain Name System, \term{DNS-Based Service Discovery (DNS-SD)}~\cite{rfc6763} uses DNS records of types -\code{SRV}~\cite{rfc2782} and \code{PTR} in a way that allows hosts to browse -for services in a domain. As an example, Figure~\ref{fig:dnssd} shows the -process of browsing for all XMPP clients in the domain \code{example.org}. -This is a two-step process, consisting of \term{Service Instance Enumeration} -and \term{Service Instance Resolution}. - -\todo{XMPP is a probably not the best example here, use IPP instead} -\begin{figure}[top] - \centering - \includegraphics[width=0.9\textwidth]{fig-dnssd-mock.jpg} - \caption{DNS-SD: Service Instance Enumeration and Resolution} - \label{fig:dnssd} -\end{figure} +SRV~\cite{rfc2782} and PTR~\cite{rfc1035} in a way that allows hosts to browse +for services in a domain. While SRV records specify the location of services on +a host, PTR records hold a reverse mapping from IP address to host name. +DNS-SD now relies on a two-step process, consisting of +\term{Service Instance Enumeration} and \term{Service Instance Resolution}. -\paragraph{Service Instance Enumeration} At first, to enumerate the available +\paragraph{1. Service Instance Enumeration} At first, to enumerate the available services in a domain for a given protocol, a DNS-SD-enabled client queries -resources of type \code{PTR} of the form \code{\_service.\_proto.domain}. The -result of this query is then a list of \term{instance names} of the form -\code{name.\_service.\_proto.domain} which provide the specified service. For -example, in Figure~\ref{fig:dnssd}, by querying for -\code{\_ipp.\_tcp.\_example.org}, all printers supporting the IPP protocol in the -domain \code{example.org} are enumerated, and as a result, the instance names of -three hosts are returned. +PTR resources of the form \code{\_service.\_proto.domain}. The result of +this query is then a list of \term{instance names} of the form +\code{name.\_service.\_proto.domain} which point to the hosts providing the +service. For example, by querying for \code{\_ipp.\_tcp.\_example.org}, the +instance names for all printers supporting the IPP protocol in the domain +\code{example.org} are returned. -\paragraph{Service Instance Resolution} As a second step, the returned instance -names are resolved as \code{SRV} records to retrieve the actual host names and -port numbers of a service. In the example, resolution of one instance name shows +\paragraph{2. Service Instance Resolution} As a second step, the returned instance +names are resolved as SRV records to retrieve the actual host names and +port numbers of a service. For example, resolution of one instance name shows that an IPP server is running at host \code{gutenberg.example.org} on port 5222. -Additionally, an optional \code{TXT} record with the same instance name can -contain further information about the service (e.~g., information about the +Additionally, an optional TXT record with the same instance name can +contain further information about the service (e.~g. information about the supported paper sizes). -Through the usage of \code{SRV} records, it is easily possible for a service to +Through the usage of SRV records, it is easily possible for a service to inform clients about non-standard port numbers, and especially in connection -with Multicast DNS makes it easy to deploy decentralized systems for the -Internet of Things~\cite{Klauck:2012:BCC:2352852.2352881}. +with Multicast DNS, this makes it easy to deploy decentralized systems for the +Internet of Things. \cite{Klauck:2012:BCC:2352852.2352881} -\pages{1} % vim: set ft=tex et ts=2 sw=2 :