Outsourcing Home Network Authoritative Naming Service
draft-ietf-homenet-front-end-naming-delegation-02

The information below is for an old version of the document
Document Type Active Internet-Draft (homenet WG)
Last updated 2015-05-06 (latest revision 2015-05-04)
Replaces draft-mglt-homenet-front-end-naming-delegation
Stream IETF
Intended RFC status Proposed Standard
Formats plain text pdf html bibtex
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state I-D Exists
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)
HOMENET                                                  D. Migault (Ed)
Internet-Draft                                                  Ericsson
Intended status: Standards Track                             W. Cloetens
Expires: November 5, 2015                                     SoftAtHome
                                                            C. Griffiths
                                                                     Dyn
                                                                R. Weber
                                                                 Nominum
                                                             May 4, 2015

         Outsourcing Home Network Authoritative Naming Service
         draft-ietf-homenet-front-end-naming-delegation-02.txt

Abstract

   CPEs are designed to provide IP connectivity to home networks.  Most
   CPEs assign IP addresses to the nodes of the home network which makes
   it a good candidate for hosting the naming service.  With IPv6, the
   naming service makes nodes reachable from the home network as well as
   from the Internet.

   However, CPEs have not been designed to host such a naming service
   exposed on the Internet.  This may expose the CPEs to resource
   exhaustion which would make the home network unreachable, and most
   probably would also affect the home network inner communications.

   In addition, DNSSEC management and configuration may not be well
   understood or mastered by regular end users.  Misconfiguration may
   also result in naming service disruption, thus these end users may
   prefer to rely on third party naming providers.

   This document describes a homenet naming architecture where the CPEs
   manage the DNS zone associated to its home network, and outsources
   the naming service and eventually the DNSSEC management on the
   Internet to a third party designated as the Public Authoritative
   Servers.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

Migault (Ed), et al.    Expires November 5, 2015                [Page 1]
Internet-Draft  Outsourcing Authoritative Naming Service        May 2015

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on November 5, 2015.

Copyright Notice

   Copyright (c) 2015 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Requirements notation . . . . . . . . . . . . . . . . . . . .   3
   2.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
   3.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . .   4
   4.  Architecture Description  . . . . . . . . . . . . . . . . . .   5
     4.1.  Architecture Overview . . . . . . . . . . . . . . . . . .   6
     4.2.  Example: DNS(SEC) Homenet Zone  . . . . . . . . . . . . .   8
     4.3.  Example: CPE necessary parameters for outsourcing . . . .  10
   5.  Synchronization between CPE and Public Authoritative Name
       Server Sets . . . . . . . . . . . . . . . . . . . . . . . . .  11
     5.1.  Synchronization with a Hidden Primary . . . . . . . . . .  11
     5.2.  Securing Synchronization  . . . . . . . . . . . . . . . .  12
     5.3.  CPE Security Policies . . . . . . . . . . . . . . . . . .  14
   6.  DNSSEC compliant Homenet Architecture . . . . . . . . . . . .  14
     6.1.  Zone Signing  . . . . . . . . . . . . . . . . . . . . . .  14
     6.2.  Secure Delegation . . . . . . . . . . . . . . . . . . . .  16
   7.  Handling Different Views  . . . . . . . . . . . . . . . . . .  16
     7.1.  Misleading Reasons for Local Scope DNS Zone . . . . . . .  17
     7.2.  Consequences  . . . . . . . . . . . . . . . . . . . . . .  17
     7.3.  Guidance and Recommendations  . . . . . . . . . . . . . .  18
   8.  Reverse Zone  . . . . . . . . . . . . . . . . . . . . . . . .  18
   9.  Renumbering . . . . . . . . . . . . . . . . . . . . . . . . .  19
Show full document text