1 Document: draft-cheshire-dnsext-multicastdns-06.txt Stuart Cheshire 2 Internet-Draft Marc Krochmal 3 Category: Standards Track Apple Computer, Inc. 4 Expires 10th February 2007 10th August 2006 5 6 Multicast DNS 7 8 <draft-cheshire-dnsext-multicastdns-06.txt> 9 10 Status of this Memo 11 12 By submitting this Internet-Draft, each author represents that any 13 applicable patent or other IPR claims of which he or she is aware 14 have been or will be disclosed, and any of which he or she becomes 15 aware will be disclosed, in accordance with Section 6 of BCP 79. 16 For the purposes of this document, the term "BCP 79" refers 17 exclusively to RFC 3979, "Intellectual Property Rights in IETF 18 Technology", published March 2005. 19 20 Internet-Drafts are working documents of the Internet Engineering 21 Task Force (IETF), its areas, and its working groups. Note that 22 other groups may also distribute working documents as Internet- 23 Drafts. 24 25 Internet-Drafts are draft documents valid for a maximum of six months 26 and may be updated, replaced, or obsoleted by other documents at any 27 time. It is inappropriate to use Internet-Drafts as reference 28 material or to cite them other than as "work in progress." 29 30 The list of current Internet-Drafts can be accessed at 31 http://www.ietf.org/1id-abstracts.html 32 33 The list of Internet-Draft Shadow Directories can be accessed at 34 http://www.ietf.org/shadow.html 35 36 Abstract 37 38 As networked devices become smaller, more portable, and 39 more ubiquitous, the ability to operate with less configured 40 infrastructure is increasingly important. In particular, 41 the ability to look up DNS resource record data types 42 (including, but not limited to, host names) in the absence 43 of a conventional managed DNS server, is becoming essential. 44 45 Multicast DNS (mDNS) provides the ability to do DNS-like operations 46 on the local link in the absence of any conventional unicast DNS 47 server. In addition, mDNS designates a portion of the DNS namespace 48 to be free for local use, without the need to pay any annual fee, and 49 without the need to set up delegations or otherwise configure a 50 conventional DNS server to answer for those names. 51 52 The primary benefits of mDNS names are that (i) they require little 53 or no administration or configuration to set them up, (ii) they work 54 when no infrastructure is present, and (iii) they work during 55 infrastructure failures. 56 57 58 Expires 10th February 2007 Cheshire & Krochmal [Page 1] 59 61 Internet Draft Multicast DNS 10th August 2006 62 63 64 Table of Contents 65 66 1. Introduction....................................................3 67 2. Conventions and Terminology Used in this Document...............3 68 3. Multicast DNS Names.............................................4 69 4. Source Address Check............................................8 70 5. Reverse Address Mapping.........................................9 71 6. Querying.......................................................10 72 7. Duplicate Suppression..........................................15 73 8. Responding.....................................................17 74 9. Probing and Announcing on Startup..............................20 75 10. Conflict Resolution............................................26 76 11. Resource Record TTL Values and Cache Coherency.................28 77 12. Special Characteristics of Multicast DNS Domains...............33 78 13. Multicast DNS for Service Discovery............................34 79 14. Enabling and Disabling Multicast DNS...........................34 80 15. Considerations for Multiple Interfaces.........................35 81 16. Considerations for Multiple Responders on the Same Machine.....36 82 17. Multicast DNS and Power Management.............................38 83 18. Multicast DNS Character Set....................................39 84 19. Multicast DNS Message Size.....................................41 85 20. Multicast DNS Message Format...................................42 86 21. Choice of UDP Port Number......................................45 87 22. Summary of Differences Between Multicast DNS and Unicast DNS...46 88 23. Benefits of Multicast Responses................................47 89 24. IPv6 Considerations............................................48 90 25. Security Considerations........................................49 91 26. IANA Considerations............................................50 92 27. Acknowledgments................................................50 93 28. Deployment History.............................................50 94 29. Copyright Notice...............................................51 95 30. Normative References...........................................51 96 31. Informative References.........................................52 97 32. Authors' Addresses.............................................53 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 Expires 10th February 2007 Cheshire & Krochmal [Page 2] 118 120 Internet Draft Multicast DNS 10th August 2006 121 122 123 1. Introduction 124 125 When reading this document, familiarity with the concepts of Zero 126 Configuration Networking [ZC] and automatic link-local addressing 127 [RFC 2462] [RFC 3927] is helpful. 128 129 This document proposes no change to the structure of DNS messages, 130 and no new operation codes, response codes, or resource record types. 131 This document simply discusses what needs to happen if DNS clients 132 start sending DNS queries to a multicast address, and how a 133 collection of hosts can cooperate to collectively answer those 134 queries in a useful manner. 135 136 There has been discussion of how much burden Multicast DNS might 137 impose on a network. It should be remembered that whenever IPv4 hosts 138 communicate, they broadcast ARP packets on the network on a regular 139 basis, and this is not disastrous. The approximate amount of 140 multicast traffic generated by hosts making conventional use of 141 Multicast DNS is anticipated to be roughly the same order of 142 magnitude as the amount of broadcast ARP traffic those hosts already 143 generate. 144 145 New applications making new use of Multicast DNS capabilities for 146 unconventional purposes may generate more traffic. If some of those 147 new applications are "chatty", then work will be needed to help them 148 become less chatty. When performing any analysis, it is important 149 to make a distinction between the application behavior and the 150 underlying protocol behavior. If a chatty application uses UDP, 151 that doesn't mean that UDP is chatty, or that IP is chatty, or that 152 Ethernet is chatty. What it means is that the application is chatty. 153 The same applies to any future applications that may decide to layer 154 increasing portions of their functionality over Multicast DNS. 155 156 157 2. Conventions and Terminology Used in this Document 158 159 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 160 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 161 document are to be interpreted as described in "Key words for use in 162 RFCs to Indicate Requirement Levels" [RFC 2119]. 163 164 This document uses the term "host name" in the strict sense to mean 165 a fully qualified domain name that has an address record. It does 166 not use the term "host name" in the commonly used but incorrect 167 sense to mean just the first DNS label of a host's fully qualified 168 domain name. 169 170 A DNS (or mDNS) packet contains an IP TTL in the IP header, which 171 is effectively a hop-count limit for the packet, to guard against 172 routing loops. Each Resource Record also contains a TTL, which is 173 the number of seconds for which the Resource Record may be cached. 174 175 176 Expires 10th February 2007 Cheshire & Krochmal [Page 3] 177 179 Internet Draft Multicast DNS 10th August 2006 180 181 182 In any place where there may be potential confusion between these two 183 types of TTL, the term "IP TTL" is used to refer to the IP header TTL 184 (hop limit), and the term "RR TTL" is used to refer to the Resource 185 Record TTL (cache lifetime). 186 187 When this document uses the term "Multicast DNS", it should be taken 188 to mean: "Clients performing DNS-like queries for DNS-like resource 189 records by sending DNS-like UDP query and response packets over IP 190 Multicast to UDP port 5353." 191 192 This document uses the terms "shared" and "unique" when referring to 193 resource record sets. 194 195 A "shared" resource record set is one where several Multicast DNS 196 responders may have records with that name, rrtype, and rrclass, and 197 several responders may respond to a particular query. 198 199 A "unique" resource record set is one where all the records with 200 that name, rrtype, and rrclass are conceptually under the control 201 or ownership of a single responder, and it is expected that at most 202 one responder should respond to a query for that name, rrtype, and 203 rrclass. Before claiming ownership of a unique resource record set, 204 a responder MUST probe to verify that no other responder already 205 claims ownership of that set, as described in Section 9.1 "Probing". 206 For fault-tolerance and other reasons it is permitted sometimes to 207 have more than one responder answering for a particular "unique" 208 resource record set, but such cooperating responders MUST give 209 answers containing identical rdata for these records or the 210 answers will be perceived to be in conflict with each other. 211 212 Strictly speaking the terms "shared" and "unique" apply to resource 213 record sets, not to individual resource records, but it is sometimes 214 convenient to talk of "shared resource records" and "unique resource 215 records". When used this way, the terms should be understood to mean 216 a record that is a member of a "shared" or "unique" resource record 217 set, respectively. 218 219 220 3. Multicast DNS Names 221 222 This document proposes that the DNS top-level domain ".local." be 223 designated a special domain with special semantics, namely that any 224 fully-qualified name ending in ".local." is link-local, and names 225 within this domain are meaningful only on the link where they 226 originate. This is analogous to IPv4 addresses in the 169.254/16 227 prefix, which are link-local and meaningful only on the link where 228 they originate. 229 230 Any DNS query for a name ending with ".local." MUST be sent 231 to the mDNS multicast address (224.0.0.251 or its IPv6 equivalent 232 FF02::FB). 233 234 235 Expires 10th February 2007 Cheshire & Krochmal [Page 4] 236 238 Internet Draft Multicast DNS 10th August 2006 239 240 241 It is unimportant whether a name ending with ".local." occurred 242 because the user explicitly typed in a fully qualified domain name 243 ending in ".local.", or because the user entered an unqualified 244 domain name and the host software appended the suffix ".local." 245 because that suffix appears in the user's search list. The ".local." 246 suffix could appear in the search list because the user manually 247 configured it, or because it was received in a DHCP option, or via 248 any other valid mechanism for configuring the DNS search list. In 249 this respect the ".local." suffix is treated no differently to any 250 other search domain that might appear in the DNS search list. 251 252 DNS queries for names that do not end with ".local." MAY be sent to 253 the mDNS multicast address, if no other conventional DNS server is 254 available. This can allow hosts on the same link to continue 255 communicating using each other's globally unique DNS names during 256 network outages which disrupt communication with the greater 257 Internet. When resolving global names via local multicast, it is even 258 more important to use DNSSEC or other security mechanisms to ensure 259 that the response is trustworthy. Resolving global names via local 260 multicast is a contentious issue, and this document does not discuss 261 it in detail, instead concentrating on the issue of resolving local 262 names using DNS packets sent to a multicast address. 263 264 A host that belongs to an organization or individual who has control 265 over some portion of the DNS namespace can be assigned a globally 266 unique name within that portion of the DNS namespace, for example, 267 "cheshire.apple.com." For those of us who have this luxury, this 268 works very well. However, the majority of home customers do not have 269 easy access to any portion of the global DNS namespace within which 270 they have the authority to create names as they wish. This leaves the 271 majority of home computers effectively anonymous for practical 272 purposes. 273 274 To remedy this problem, this document allows any computer user to 275 elect to give their computers link-local Multicast DNS host names of 276 the form: "single-dns-label.local." For example, a laptop computer 277 may answer to the name "cheshire.local." Any computer user is granted 278 the authority to name their computer this way, provided that the 279 chosen host name is not already in use on that link. Having named 280 their computer this way, the user has the authority to continue using 281 that name until such time as a name conflict occurs on the link which 282 is not resolved in the user's favour. If this happens, the computer 283 (or its human user) SHOULD cease using the name, and may choose to 284 attempt to allocate a new unique name for use on that link. These 285 conflicts are expected to be relatively rare for people who choose 286 reasonably imaginative names, but it is still important to have a 287 mechanism in place to handle them when they happen. 288 289 The point made in the previous paragraph is very important and bears 290 repeating. It is easy for those of us in the IETF community who run 291 our own name servers at home to forget that the majority of computer 292 293 294 Expires 10th February 2007 Cheshire & Krochmal [Page 5] 295 297 Internet Draft Multicast DNS 10th August 2006 298 299 300 users do not run their own name server and have no easy way to create 301 their own host names. When these users wish to transfer files between 302 two laptop computers, they are frequently reduced to typing in 303 dotted-decimal IP addresses because they simply have no other way for 304 one host to refer to the other by name. This is a sorry state of 305 affairs. What is worse, most users don't even bother trying to use 306 dotted-decimal IP addresses. Most users still move data between 307 machines by burning it onto CD-R, copying it onto a USB "keychain" 308 flash drive, or similar removable media. 309 310 In a world of gigabit Ethernet and ubiquitous wireless networking it 311 is a sad indictment of the networking community that most users still 312 prefer sneakernet. 313 314 Allowing ad-hoc allocation of single-label names in a single flat 315 ".local." namespace may seem to invite chaos. However, operational 316 experience with AppleTalk NBP names [NBP], which on any given link 317 are also effectively single-label names in a flat namespace, shows 318 that in practice name collisions happen extremely rarely and are not 319 a problem. Groups of computer users from disparate organizations 320 bring Macintosh laptop computers to events such as IETF Meetings, the 321 Mac Hack conference, the Apple World Wide Developer Conference, etc., 322 and complaints at these events about users suffering conflicts and 323 being forced to rename their machines have never been an issue. 324 325 This document advocates a single flat namespace for dot-local host 326 names, (i.e. the names of DNS address records), but other DNS record 327 types (such as those used by DNS Service Discovery [DNS-SD]) may 328 contain as many labels as appropriate for the desired usage, subject 329 to the 255-byte name length limit specified below in Section 3.3 330 "Maximum Multicast DNS Name Length". 331 332 Enforcing uniqueness of host names (i.e. the names of DNS address 333 records mapping names to IP addresses) is probably desirable in the 334 common case, but this document does not mandate that. It is 335 permissible for a collection of coordinated hosts to agree to 336 maintain multiple DNS address records with the same name, possibly 337 for load balancing or fault-tolerance reasons. This document does not 338 take a position on whether that is sensible. It is important that 339 both modes of operation are supported. The Multicast DNS protocol 340 allows hosts to verify and maintain unique names for resource records 341 where that behavior is desired, and it also allows hosts to maintain 342 multiple resource records with a single shared name where that 343 behavior is desired. This consideration applies to all resource 344 records, not just address records (host names). In summary: It is 345 required that the protocol have the ability to detect and handle name 346 conflicts, but it is not required that this ability be used for every 347 record. 348 349 350 351 352 353 Expires 10th February 2007 Cheshire & Krochmal [Page 6] 354 356 Internet Draft Multicast DNS 10th August 2006 357 358 359 3.1 Governing Standards Body 360 361 Note that this use of the ".local." suffix falls under IETF/IANA 362 jurisdiction, not ICANN jurisdiction. DNS is an IETF network 363 protocol, governed by protocol rules defined by the IETF. These IETF 364 protocol rules dictate character set, maximum name length, packet 365 format, etc. ICANN determines additional rules that apply when the 366 IETF's DNS protocol is used on the public Internet. In contrast, 367 private uses of the DNS protocol on isolated private networks are not 368 governed by ICANN. Since this proposed change is a change to the core 369 DNS protocol rules, it affects everyone, not just those machines 370 using the ICANN-governed Internet. Hence this change falls into the 371 category of an IETF protocol rule, not an ICANN usage rule. 372 373 This allocation of responsibility is formally established in 374 "Memorandum of Understanding Concerning the Technical Work of the 375 Internet Assigned Numbers Authority" [RFC 2860]. Exception (a) of 376 clause 4.3 states that the IETF has the authority to instruct IANA 377 to reserve pseudo-TLDs as required for protocol design purposes. 378 For example, "Reserved Top Level DNS Names" [RFC 2606] defines 379 the following pseudo-TLDs: 380 381 .test 382 .example 383 .invalid 384 .localhost 385 386 387 3.2 Private DNS Namespaces 388 389 Note also that the special treatment of names ending in ".local." has 390 been implemented in Macintosh computers since the days of Mac OS 9, 391 and continues today in Mac OS X. There are also implementations for 392 Linux and other platforms [dotlocal]. Operators setting up private 393 internal networks ("intranets") are advised that their lives may be 394 easier if they avoid using the suffix ".local." in names in their 395 private internal DNS server. Alternative possibilities include: 396 397 .intranet 398 .internal 399 .private 400 .corp 401 .home 402 .lan 403 404 Another alternative naming scheme, advocated by Professor D. J. 405 Bernstein, is to use a numerical suffix, such as ".6." [djbdl]. 406 407 408 409 410 411 412 Expires 10th February 2007 Cheshire & Krochmal [Page 7] 413 415 Internet Draft Multicast DNS 10th August 2006 416 417 418 3.3 Maximum Multicast DNS Name Length 419 420 RFC 1034 says: 421 422 "the total number of octets that represent a domain name (i.e., 423 the sum of all label octets and label lengths) is limited to 255." 424 425 This text implies that the final root label at the end of every name 426 is included in this count (a name can't be represented without it), 427 but the text does not explicitly state that. Implementations of 428 Multicast DNS MUST include the label length byte of the final root 429 label at the end of every name when enforcing the rule that no name 430 may be longer than 255 bytes. For example, the length of the name 431 "apple.com." is considered to be 11, which is the number of bytes it 432 takes to represent that name in a packet without using name 433 compression: 434 435 ------------------------------------------------------ 436 | 0x05 | a | p | p | l | e | 0x03 | c | o | m | 0x00 | 437 ------------------------------------------------------ 438 439 440 4. Source Address Check 441 442 All Multicast DNS responses (including responses sent via unicast) 443 SHOULD be sent with IP TTL set to 255. This is recommended to provide 444 backwards-compatibility with older Multicast DNS clients that check 445 the IP TTL on reception to determine whether the packet originated 446 on the local link. These older clients discard all packets with TTLs 447 other than 255. 448 449 A host sending Multicast DNS queries to a link-local destination 450 address (including the 224.0.0.251 link-local multicast address) 451 MUST only accept responses to that query that originate from the 452 local link, and silently discard any other response packets. Without 453 this check, it could be possible for remote rogue hosts to send 454 spoof answer packets (perhaps unicast to the victim host) which the 455 receiving machine could misinterpret as having originated on the 456 local link. 457 458 The test for whether a response originated on the local link 459 is done in two ways: 460 461 * All responses sent to the link-local multicast address 224.0.0.251 462 are necessarily deemed to have originated on the local link, 463 regardless of source IP address. This is essential to allow devices 464 to work correctly and reliably in unusual configurations, such as 465 multiple logical IP subnets overlayed on a single link, or in cases 466 of severe misconfiguration, where devices are physically connected 467 to the same link, but are currently misconfigured with completely 468 unrelated IP addresses and subnet masks. 469 470 471 Expires 10th February 2007 Cheshire & Krochmal [Page 8] 472 474 Internet Draft Multicast DNS 10th August 2006 475 476 477 * For responses sent to a unicast destination address, the source IP 478 address in the packet is checked to see if it is an address on a 479 local subnet. An address is determined to be on a local subnet if, 480 for (one of) the address(es) configured on the interface receiving 481 the packet, (I & M) == (P & M), where I and M are the interface 482 address and subnet mask respectively, P is the source IP address 483 from the packet, '&' represents the bitwise logical 'and' 484 operation, and '==' represents a bitwise equality test. 485 486 Since queriers will ignore responses apparently originating outside 487 the local subnet, responders SHOULD avoid generating responses that 488 it can reasonably predict will be ignored. This applies particularly 489 in the case of overlayed subnets. If a responder receives a query 490 addressed to the link-local multicast address 224.0.0.251, from a 491 source address not apparently on the same subnet as the responder, 492 then even if the query indicates that a unicast response is preferred 493 (see Section 6.5, "Questions Requesting Unicast Responses"), the 494 responder SHOULD elect to respond by multicast anyway, since it can 495 reasonably predict that a unicast response with an apparently 496 non-local source address will probably be ignored. 497 498 499 5. Reverse Address Mapping 500 501 Like ".local.", the IPv4 and IPv6 reverse mapping domains are also 502 defined to be link-local. 503 504 Any DNS query for a name ending with "254.169.in-addr.arpa." MUST 505 be sent to the mDNS multicast address 224.0.0.251. Since names under 506 this domain correspond to IPv4 link-local addresses, it is logical 507 that the local link is the best place to find information pertaining 508 to those names. 509 510 Likewise, any DNS query for a name within the reverse mapping domains 511 for IPv6 Link-Local addresses ("8.e.f.ip6.arpa.", "9.e.f.ip6.arpa.", 512 "a.e.f.ip6.arpa.", and "b.e.f.ip6.arpa.") MUST be sent to the IPv6 513 mDNS link-local multicast address FF02::FB. 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 Expires 10th February 2007 Cheshire & Krochmal [Page 9] 531 533 Internet Draft Multicast DNS 10th August 2006 534 535 536 6. Querying 537 538 There are three kinds of Multicast DNS Queries, one-shot queries of 539 the kind made by today's conventional DNS clients, one-shot queries 540 accumulating multiple responses made by multicast-aware DNS clients, 541 and continuous ongoing Multicast DNS Queries used by IP network 542 browser software. 543 544 A Multicast DNS Responder that is offering records that are intended 545 to be unique on the local link MUST also implement a Multicast DNS 546 Querier so that it can first verify the uniqueness of those records 547 before it begins answering queries for them. 548 549 550 6.1 One-Shot Multicast DNS Queries 551 552 An unsophisticated DNS client may simply send its DNS queries blindly 553 to 224.0.0.251:5353, without necessarily even being aware what a 554 multicast address is. This change can typically be implemented with 555 just a few lines of code in an existing DNS resolver library. Any 556 time the name being queried for falls within one of the reserved 557 mDNS domains (see Section 12 "Special Characteristics of Multicast 558 DNS Domains") the query is sent to 224.0.0.251:5353 instead of the 559 configured unicast DNS server address that would otherwise be used. 560 Typically the timeout would also be shortened to two or three 561 seconds, but it's possible to make a minimal mDNS client with no 562 other changes apart from these. 563 564 A simple DNS client like this will typically just take the first 565 response it receives. It will not listen for additional UDP 566 responses, but in many instances this may not be a serious problem. 567 If a user types "http://cheshire.local." into their Web browser and 568 gets to see the page they were hoping for, then the protocol has met 569 the user's needs in this case. 570 571 While an unsophisticated DNS client like this is perfectly adequate 572 for simple hostname lookup, it may not get ideal behavior in 573 other cases. Additional refinements that may be adopted by more 574 sophisticated clients are described below. 575 576 577 6.2 One-Shot Queries, Accumulating Multiple Responses 578 579 A more sophisticated DNS client should understand that Multicast DNS 580 is not exactly the same as unicast DNS, and should modify its 581 behavior in some simple ways. 582 583 As described above, there are some cases, such as looking up the 584 address associated with a unique host name, where a single response 585 is sufficient, and moreover may be all that is expected. However, 586 there are other DNS queries where more than one response is 587 588 589 Expires 10th February 2007 Cheshire & Krochmal [Page 10] 590 592 Internet Draft Multicast DNS 10th August 2006 593 594 595 possible, and for these queries a more sophisticated Multicast DNS 596 client should include the ability to wait for an appropriate period 597 of time to collect multiple responses. 598 599 A naive DNS client retransmits its query only so long as it has 600 received no response. A more sophisticated Multicast DNS client is 601 aware that having received one response is not necessarily an 602 indication that it might not receive others, and has the ability to 603 retransmit its query an appropriate number of times at appropriate 604 intervals until it is satisfied with the collection of responses it 605 has gathered. 606 607 A more sophisticated Multicast DNS client that is retransmitting 608 a query for which it has already received some responses, MUST 609 implement Known Answer Suppression, as described below in Section 7.1 610 "Known Answer Suppression". This indicates to responders who have 611 already replied that their responses have been received, and they 612 don't need to send them again in response to this repeated query. In 613 addition, when retransmitting queries, the interval between the first 614 two queries SHOULD be one second, and the intervals between 615 subsequent queries SHOULD double. 616 617 618 6.3 Continuous Multicast DNS Querying 619 620 In One-Shot Queries, with either a single or multiple responses, 621 the underlying assumption is that the transaction begins when the 622 application issues a query, and ends when all the desired responses 623 have been received. There is another type of operation which is more 624 akin to continuous monitoring. 625 626 iTunes users are accustomed to seeing a list of shared network music 627 libraries in the sidebar of the iTunes window. There is no "refresh" 628 button for the user to click because the list is always accurate, 629 always reflecting the currently available libraries. When a new 630 library becomes available it promptly appears in the list, and when 631 a library becomes unavailable it promptly disappears. It is vitally 632 important that this responsive user interface be achieved without 633 naive polling that would place an unreasonable burden on the network. 634 635 Therefore, when retransmitting mDNS queries to implement this kind 636 of continuous monitoring, the interval between the first two queries 637 SHOULD be one second, the intervals between the subsequent queries 638 SHOULD double, and the querier MUST implement Known Answer 639 Suppression, as described below in Section 7.1. When the interval 640 between queries reaches or exceeds 60 minutes, a querier MAY cap the 641 interval to a maximum of 60 minutes, and perform subsequent queries 642 at a steady-state rate of one query per hour. To avoid accidental 643 synchronization when for some reason multiple clients begin querying 644 at exactly the same moment (e.g. because of some common external 645 trigger event), a Multicast DNS Querier SHOULD also delay the first 646 647 648 Expires 10th February 2007 Cheshire & Krochmal [Page 11] 649 651 Internet Draft Multicast DNS 10th August 2006 652 653 654 query of the series by a randomly-chosen amount in the range 655 20-120ms. 656 657 When a Multicast DNS Querier receives an answer, the answer contains 658 a TTL value that indicates for how many seconds this answer is valid. 659 After this interval has passed, the answer will no longer be valid 660 and SHOULD be deleted from the cache. Before this time is reached, 661 a Multicast DNS Querier which has clients with an active interest in 662 the state of that record (e.g. a network browsing window displaying 663 a list of discovered services to the user) SHOULD re-issue its query 664 to determine whether the record is still valid. 665 666 To perform this cache maintenance, a Multicast DNS Querier should 667 plan to re-query for records after at least 50% of the record 668 lifetime has elapsed. This document recommends the following 669 specific strategy: 670 671 The Querier should plan to issue a query at 80% of the record 672 lifetime, and then if no answer is received, at 85%, 90% and 95%. 673 If an answer is received, then the remaining TTL is reset to the 674 value given in the answer, and this process repeats for as long as 675 the Multicast DNS Querier has an ongoing interest in the record. 676 If after four queries no answer is received, the record is deleted 677 when it reaches 100% of its lifetime. A Multicast DNS Querier MUST 678 NOT perform this cache maintenance for records for which it has no 679 clients with an active interest. If the expiry of a particular record 680 from the cache would result in no net effect to any client software 681 running on the Querier device, and no visible effect to the human 682 user, then there is no reason for the Multicast DNS Querier to 683 waste network bandwidth checking whether the record remains valid. 684 685 To avoid the case where multiple Multicast DNS Queriers on a network 686 all issue their queries simultaneously, a random variation of 2% of 687 the record TTL should be added, so that queries are scheduled to be 688 performed at 80-82%, 85-87%, 90-92% and then 95-97% of the TTL. 689 690 691 6.4 Multiple Questions per Query 692 693 Multicast DNS allows a querier to place multiple questions in the 694 Question Section of a single Multicast DNS query packet. 695 696 The semantics of a Multicast DNS query packet containing multiple 697 questions is identical to a series of individual DNS query packets 698 containing one question each. Combining multiple questions into a 699 single packet is purely an efficiency optimization, and has no other 700 semantic significance. 701 702 703 704 705 706 707 Expires 10th February 2007 Cheshire & Krochmal [Page 12] 708 710 Internet Draft Multicast DNS 10th August 2006 711 712 713 6.5 Questions Requesting Unicast Responses 714 715 Sending Multicast DNS responses via multicast has the benefit that 716 all the other hosts on the network get to see those responses, and 717 can keep their caches up to date, and detect conflicting responses. 718 719 However, there are situations where all the other hosts on the 720 network don't need to see every response. Some examples are a laptop 721 computer waking from sleep, or the Ethernet cable being connected to 722 a running machine, or a previously inactive interface being activated 723 through a configuration change. At the instant of wake-up or link 724 activation, the machine is a brand new participant on a new network. 725 Its Multicast DNS cache for that interface is empty, and it has no 726 knowledge of its peers on that link. It may have a significant number 727 of questions that it wants answered right away to discover 728 information about its new surroundings and present that information 729 to the user. As a new participant on the network, it has no idea 730 whether the exact same questions may have been asked and answered 731 just seconds ago. In this case, triggering a large sudden flood of 732 multicast responses may impose an unreasonable burden on the network. 733 734 To avoid large floods of potentially unnecessary responses in these 735 cases, Multicast DNS defines the top bit in the class field of a DNS 736 question as the "unicast response" bit. When this bit is set in a 737 question, it indicates that the Querier is willing to accept unicast 738 responses instead of the usual multicast responses. These questions 739 requesting unicast responses are referred to as "QU" questions, to 740 distinguish them from the more usual questions requesting multicast 741 responses ("QM" questions). A Multicast DNS Querier sending its 742 initial batch of questions immediately on wake from sleep or 743 interface activation SHOULD set the "QU" bit in those questions. 744 745 When a question is retransmitted (as described in Section 6.3 746 "Continuous Multicast DNS Querying") the "QU" bit SHOULD NOT be set 747 in subsequent retransmissions of that question. Subsequent 748 retransmissions SHOULD be usual "QM" questions. After the first 749 question has received its responses, the querier should have a large 750 known-answer list (see "Known Answer Suppression" below) so that 751 subsequent queries should elicit few, if any, further responses. 752 Reverting to multicast responses as soon as possible is important 753 because of the benefits that multicast responses provide (see 754 "Benefits of Multicast Responses" below). In addition, the "QU" bit 755 SHOULD be set only for questions that are active and ready to be sent 756 the moment of wake from sleep or interface activation. New questions 757 issued by clients afterwards should be treated as normal "QM" 758 questions and SHOULD NOT have the "QU" bit set on the first question 759 of the series. 760 761 When receiving a question with the "unicast response" bit set, a 762 responder SHOULD usually respond with a unicast packet directed back 763 to the querier. If the responder has not multicast that record 764 765 766 Expires 10th February 2007 Cheshire & Krochmal [Page 13] 767 769 Internet Draft Multicast DNS 10th August 2006 770 771 772 recently (within one quarter of its TTL), then the responder SHOULD 773 instead multicast the response so as to keep all the peer caches up 774 to date, and to permit passive conflict detection. In the case of 775 answering a probe question with the "unicast response" bit set, the 776 responder should always generate the requested unicast response, but 777 may also send a multicast announcement too if the time since the last 778 multicast announcement of that record is more than a quarter of its 779 TTL. 780 781 Except when defending a unique name against a probe from another host 782 unicast replies are subject to all the same packet generation rules 783 as multicast replies, including the cache flush bit (see Section 784 11.3, "Announcements to Flush Outdated Cache Entries") and randomized 785 delays to reduce network collisions (see Section 8, "Responding"). 786 787 788 6.6 Delaying Initial Query 789 790 If a query is issued for which there already exist one or more 791 records in the local cache, and those record(s) were received with 792 the cache flush bit set (see Section 11.3, "Announcements to Flush 793 Outdated Cache Entries"), indicating that they form a unique RRSet, 794 then the host SHOULD delay its initial query by imposing a random 795 delay from 500-1000ms. This is to avoid the situation where a group 796 of hosts are synchronized by some external event and all perform 797 the same query simultaneously. This means that when the first host 798 (selected randomly by this algorithm) transmits its query, all the 799 other hosts that were about to transmit the same query can suppress 800 their superfluous queries, as described in "Duplicate Question 801 Suppression" below. 802 803 804 6.7 Direct Unicast Queries to port 5353 805 806 In specialized applications there may be rare situations where it 807 makes sense for a Multicast DNS Querier to send its query via unicast 808 to a specific machine. When a Multicast DNS Responder receives a 809 query via direct unicast, it SHOULD respond as it would for a 810 "QU" query, as described above in Section 6.5 "Questions Requesting 811 Unicast Responses". Since it is possible for a unicast query to be 812 received from a machine outside the local link, Responders SHOULD 813 check that the source address in the query packet matches the local 814 subnet for that link, and silently ignore the packet if not. 815 816 There may be specialized situations, outside the scope of this 817 document, where it is intended and desirable to create a Responder 818 that does answer queries originating outside the local link. Such 819 a Responder would need to ensure that these non-local queries are 820 always answered via unicast back to the Querier, since an answer sent 821 via link-local multicast would not reach a Querier outside the local 822 link. 823 824 825 Expires 10th February 2007 Cheshire & Krochmal [Page 14] 826 828 Internet Draft Multicast DNS 10th August 2006 829 830 831 7. Duplicate Suppression 832 833 A variety of techniques are used to reduce the amount of redundant 834 traffic on the network. 835 836 7.1 Known Answer Suppression 837 838 When a Multicast DNS Querier sends a query to which it already knows 839 some answers, it populates the Answer Section of the DNS message with 840 those answers. 841 842 A Multicast DNS Responder SHOULD NOT answer a Multicast DNS Query if 843 the answer it would give is already included in the Answer Section 844 with an RR TTL at least half the correct value. If the RR TTL of the 845 answer as given in the Answer Section is less than half of the true 846 RR TTL as known by the Multicast DNS Responder, the responder MUST 847 send an answer so as to update the Querier's cache before the record 848 becomes in danger of expiration. 849 850 Because a Multicast DNS Responder will respond if the remaining TTL 851 given in the known answer list is less than half the true TTL, it is 852 superfluous for the Querier to include such records in the known 853 answer list. Therefore a Multicast DNS Querier SHOULD NOT include 854 records in the known answer list whose remaining TTL is less than 855 half their original TTL. Doing so would simply consume space in the 856 packet without achieving the goal of suppressing responses, and would 857 therefore be a pointless waste of network bandwidth. 858 859 A Multicast DNS Querier MUST NOT cache resource records observed in 860 the Known Answer Section of other Multicast DNS Queries. The Answer 861 Section of Multicast DNS Queries is not authoritative. By placing 862 information in the Answer Section of a Multicast DNS Query the 863 querier is stating that it *believes* the information to be true. 864 It is not asserting that the information *is* true. Some of those 865 records may have come from other hosts that are no longer on the 866 network. Propagating that stale information to other Multicast DNS 867 Queriers on the network would not be helpful. 868 869 870 7.2 Multi-Packet Known Answer Suppression 871 872 Sometimes a Multicast DNS Querier will already have too many answers 873 to fit in the Known Answer Section of its query packets. In this 874 case, it should issue a Multicast DNS Query containing a question and 875 as many Known Answer records as will fit. It MUST then set the TC 876 (Truncated) bit in the header before sending the Query. It MUST then 877 immediately follow the packet with another query packet containing no 878 questions, and as many more Known Answer records as will fit. If 879 there are still too many records remaining to fit in the packet, it 880 again sets the TC bit and continues until all the Known Answer 881 records have been sent. 882 883 884 Expires 10th February 2007 Cheshire & Krochmal [Page 15] 885 887 Internet Draft Multicast DNS 10th August 2006 888 889 890 A Multicast DNS Responder seeing a Multicast DNS Query with the TC 891 bit set defers its response for a time period randomly selected in 892 the interval 400-500ms. This gives the Multicast DNS Querier time to 893 send additional Known Answer packets before the Responder responds. 894 If the Responder sees any of its answers listed in the Known Answer 895 lists of subsequent packets from the querying host, it SHOULD delete 896 that answer from the list of answers it is planning to give, provided 897 that no other host on the network is also waiting to receive the same 898 answer record. 899 900 If the Responder receives additional Known Answer packets with the TC 901 bit set, it SHOULD extend the delay as necessary to ensure a pause of 902 400-500ms after the last such packet before it sends its answer. This 903 opens the potential risk that a continuous stream of Known Answer 904 packets could, theoretically, prevent a Responder from answering 905 indefinitely. In practice answers are never actually delayed 906 significantly, and should a situation arise where significant delays 907 did happen, that would be a scenario where the network is so 908 overloaded that it would be desirable to err on the side of caution. 909 The consequence of delaying an answer may be that it takes a user 910 longer than usual to discover all the services on the local network; 911 in contrast the consequence of incorrectly answering before all the 912 Known Answer packets have been received would be wasting bandwidth 913 sending unnecessary answers on an already overloaded network. In this 914 (rare) situation, sacrificing speed to preserve reliable network 915 operation is the right trade-off. 916 917 918 7.3 Duplicate Question Suppression 919 920 If a host is planning to send a query, and it sees another host on 921 the network send a query containing the same question, and the Known 922 Answer Section of that query does not contain any records which this 923 host would not also put in its own Known Answer Section, then this 924 host should treat its own query as having been sent. When multiple 925 clients on the network are querying for the same resource records, 926 there is no need for them to all be repeatedly asking the same 927 question. 928 929 930 7.4 Duplicate Answer Suppression 931 932 If a host is planning to send an answer, and it sees another host on 933 the network send a response packet containing the same answer record, 934 and the TTL in that record is not less than the TTL this host would 935 have given, then this host should treat its own answer as having been 936 sent. When multiple responders on the network have the same data, 937 there is no need for all of them to respond. 938 939 This feature is particularly useful when multiple Sleep Proxy Servers 940 are deployed (see Section 17, "Multicast DNS and Power Management"). 941 942 943 Expires 10th February 2007 Cheshire & Krochmal [Page 16] 944 946 Internet Draft Multicast DNS 10th August 2006 947 948 949 In the future it is possible that every general-purpose OS (Mac, 950 Windows, Linux, etc.) will implement Sleep Proxy Service as a matter 951 of course. In this case there could be a large number of Sleep Proxy 952 Servers on any given network, which is good for reliability and 953 fault-tolerance, but would be bad for the network if every Sleep 954 Proxy Server were to answer every query. 955 956 8. Responding 957 958 When a Multicast DNS Responder constructs and sends a Multicast DNS 959 response packet, the Answer Section of that packet must contain only 960 records for which that Responder is explicitly authoritative. These 961 answers may be generated because the record answers a question 962 received in a Multicast DNS query packet, or at certain other times 963 that the responder determines than an unsolicited announcement is 964 warranted. A Multicast DNS Responder MUST NOT place records from its 965 cache, which have been learned from other responders on the network, 966 in the Answer Section of outgoing response packets. Only an 967 authoritative source for a given record is allowed to issue responses 968 containing that record. 969 970 The determination of whether a given record answers a given question 971 is done using the standard DNS rules: The record name must match the 972 question name, the record rrtype must match the question qtype 973 (unless the qtype is "ANY"), and the record rrclass must match the 974 question qclass (unless the qclass is "ANY"). 975 976 A Multicast DNS Responder MUST only respond when it has a positive 977 non-null response to send. Error responses must never be sent. The 978 non-existence of any name in a Multicast DNS Domain is ascertained by 979 the failure of any machine to respond to the Multicast DNS query, not 980 by NXDOMAIN errors. 981 982 Multicast DNS Responses MUST NOT contain any questions in the 983 Question Section. Any questions in the Question Section of a received 984 Multicast DNS Response MUST be silently ignored. Multicast DNS 985 Queriers receiving Multicast DNS Responses do not care what question 986 elicited the response; they care only that the information in the 987 response is true and accurate. 988 989 A Multicast DNS Responder on Ethernet [IEEE802] and similar shared 990 multiple access networks SHOULD have the capability of delaying its 991 responses by up to 500ms, as determined by the rules described below. 992 If a large number of Multicast DNS Responders were all to respond 993 immediately to a particular query, a collision would be virtually 994 guaranteed. By imposing a small random delay, the number of 995 collisions is dramatically reduced. On a full-sized Ethernet using 996 the maximum cable lengths allowed and the maximum number of repeaters 997 allowed, an Ethernet frame is vulnerable to collisions during the 998 transmission of its first 256 bits. On 10Mb/s Ethernet, this equates 999 to a vulnerable time window of 25.6us. On higher-speed variants of 1000 Ethernet, the vulnerable time window is shorter. 1001 1002 Expires 10th February 2007 Cheshire & Krochmal [Page 17] 1003 1005 Internet Draft Multicast DNS 10th August 2006 1006 1007 1008 In the case where a Multicast DNS Responder has good reason to 1009 believe that it will be the only responder on the link with a 1010 positive non-null response (i.e. because it is able to answer every 1011 question in the query packet, and for all of those answer records it 1012 has previously verified that the name, rrtype and rrclass are unique 1013 on the link) it SHOULD NOT impose any random delay before responding, 1014 and SHOULD normally generate its response within at most 10ms. 1015 In particular, this applies to responding to probe queries with the 1016 "unicast response" bit set. Since receiving a probe query gives a 1017 clear indication that some other Responder is planning to start using 1018 this name in the very near future, answering such probe queries 1019 to defend a unique record is a high priority and needs to be done 1020 immediately, without delay. A probe query can be distinguished from 1021 a normal query by the fact that a probe query contains a proposed 1022 record in the Authority Section which answers the question in the 1023 Question Section (for more details, see Section 9.1, "Probing"). 1024 1025 Responding immediately without delay is appropriate for records like 1026 the address record for a particular host name, when the host name has 1027 been previously verified unique. Responding immediately without delay 1028 is *not* appropriate for things like looking up PTR records used for 1029 DNS Service Discovery [DNS-SD], where a large number of responses may 1030 be anticipated. 1031 1032 In any case where there may be multiple responses, such as queries 1033 where the answer is a member of a shared resource record set, each 1034 responder SHOULD delay its response by a random amount of time 1035 selected with uniform random distribution in the range 20-120ms. 1036 The reason for requiring that the delay be at least 20ms is to 1037 accommodate the situation where two or more query packets are sent 1038 back-to-back, because in that case we want a Responder with answers 1039 to more than one of those queries to have the opportunity to 1040 aggregate all of its answers into a single response packet. 1041 1042 In the case where the query has the TC (truncated) bit set, 1043 indicating that subsequent known answer packets will follow, 1044 responders SHOULD delay their responses by a random amount of time 1045 selected with uniform random distribution in the range 400-500ms, 1046 to allow enough time for all the known answer packets to arrive, 1047 as described in Section 7.2 "Multi-Packet Known Answer Suppression". 1048 1049 Except when a unicast response has been explicitly requested via the 1050 "unicast response" bit, Multicast DNS Responses MUST be sent to UDP 1051 port 5353 (the well-known port assigned to mDNS) on the 224.0.0.251 1052 multicast address (or its IPv6 equivalent FF02::FB). Operating in a 1053 Zeroconf environment requires constant vigilance. Just because a name 1054 has been previously verified unique does not mean it will continue 1055 to be so indefinitely. By allowing all Multicast DNS Responders to 1056 constantly monitor their peers' responses, conflicts arising out 1057 of network topology changes can be promptly detected and resolved. 1058 1059 1060 1061 Expires 10th February 2007 Cheshire & Krochmal [Page 18] 1062 1064 Internet Draft Multicast DNS 10th August 2006 1065 1066 1067 Sending all responses by multicast also facilitates opportunistic 1068 caching by other hosts on the network. 1069 1070 To protect the network against excessive packet flooding due to 1071 software bugs or malicious attack, a Multicast DNS Responder MUST NOT 1072 (except in the one special case of answering probe queries) multicast 1073 a record on a given interface until at least one second has elapsed 1074 since the last time that record was multicast on that particular 1075 interface. A legitimate client on the network should have seen the 1076 previous transmission and cached it. A client that did not receive 1077 and cache the previous transmission will retry its request and 1078 receive a subsequent response. In the special case of answering probe 1079 queries, because of the limited time before the probing host will 1080 make its decision about whether or not to use the name, a Multicast 1081 DNS Responder MUST respond quickly. In this special case only, when 1082 responding via multicast to a probe, a Multicast DNS Responder is 1083 only required to delay its transmission as necessary to ensure an 1084 interval of at least 250ms since the last time the record was 1085 multicast on that interface. 1086 1087 1088 8.2 Multi-Question Queries 1089 1090 Multicast DNS Responders MUST correctly handle DNS query packets 1091 containing more than one question, by answering any or all of the 1092 questions to which they have answers. Any (non-defensive) answers 1093 generated in response to query packets containing more than one 1094 question SHOULD be randomly delayed in the range 20-120ms, or 1095 400-500ms if the TC (truncated) bit is set, as described above. 1096 (Answers defending a name, in response to a probe for that name, 1097 are not subject to this delay rule and are still sent immediately.) 1098 1099 1100 8.2 Response Aggregation 1101 1102 When possible, a responder SHOULD, for the sake of network 1103 efficiency, aggregate as many responses as possible into a single 1104 Multicast DNS response packet. For example, when a responder has 1105 several responses it plans to send, each delayed by a different 1106 interval, then earlier responses SHOULD be delayed by up to an 1107 additional 500ms if that will permit them to be aggregated with 1108 other responses scheduled to go out a little later. 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 Expires 10th February 2007 Cheshire & Krochmal [Page 19] 1121 1123 Internet Draft Multicast DNS 10th August 2006 1124 1125 1126 8.3 Legacy Unicast Responses 1127 1128 If the source UDP port in a received Multicast DNS Query is not port 1129 5353, this indicates that the client originating the query is a 1130 simple client that does not fully implement all of Multicast DNS. 1131 In this case, the Multicast DNS Responder MUST send a UDP response 1132 directly back to the client, via unicast, to the query packet's 1133 source IP address and port. This unicast response MUST be a 1134 conventional unicast response as would be generated by a conventional 1135 unicast DNS server; for example, it MUST repeat the query ID and the 1136 question given in the query packet. 1137 1138 The resource record TTL given in a legacy unicast response SHOULD NOT 1139 be greater than ten seconds, even if the true TTL of the Multicast 1140 DNS resource record is higher. This is because Multicast DNS 1141 Responders that fully participate in the protocol use the cache 1142 coherency mechanisms described in Section 11 "Resource Record TTL 1143 Values and Cache Coherency" to update and invalidate stale data. Were 1144 unicast responses sent to legacy clients to use the same high TTLs, 1145 these legacy clients, which do not implement these cache coherency 1146 mechanisms, could retain stale cached resource record data long after 1147 it is no longer valid. 1148 1149 Having sent this unicast response, if the Responder has not sent this 1150 record in any multicast response recently, it SHOULD schedule the 1151 record to be sent via multicast as well, to facilitate passive 1152 conflict detection. "Recently" in this context means "if the time 1153 since the record was last sent via multicast is less than one quarter 1154 of the record's TTL". 1155 1156 Note that while legacy queries usually contain exactly one question, 1157 they are permitted to contain multiple questions, and responders 1158 listening for multicast queries on 224.0.0.251:5353 MUST be prepared 1159 to handle this correctly, responding by generating a unicast response 1160 containing the list of question(s) they are answering in the Question 1161 Section, and the records answering those question(s) in the Answer 1162 Section. 1163 1164 1165 9. Probing and Announcing on Startup 1166 1167 Typically a Multicast DNS Responder should have, at the very least, 1168 address records for all of its active interfaces. Creating and 1169 advertising an HINFO record on each interface as well can be useful 1170 to network administrators. 1171 1172 Whenever a Multicast DNS Responder starts up, wakes up from sleep, 1173 receives an indication of an Ethernet "Link Change" event, or has any 1174 other reason to believe that its network connectivity may have 1175 changed in some relevant way, it MUST perform the two startup steps 1176 below. 1177 1178 1179 Expires 10th February 2007 Cheshire & Krochmal [Page 20] 1180 1182 Internet Draft Multicast DNS 10th August 2006 1183 1184 1185 9.1 Probing 1186 1187 The first startup step is that for all those resource records that a 1188 Multicast DNS Responder desires to be unique on the local link, it 1189 MUST send a Multicast DNS Query asking for those resource records, to 1190 see if any of them are already in use. The primary example of this is 1191 its address record which maps its unique host name to its unique IP 1192 address. All Probe Queries SHOULD be done using the desired resource 1193 record name and query type T_ANY (255), to elicit answers for all 1194 types of records with that name. This allows a single question to be 1195 used in place of several questions, which is more efficient on the 1196 network. It also allows a host to verify exclusive ownership of a 1197 name, which is desirable in most cases. It would be confusing, for 1198 example, if one host owned the "A" record for "myhost.local.", but 1199 a different host owned the HINFO record for that name. 1200 1201 The ability to place more than one question in a Multicast DNS Query 1202 is useful here, because it can allow a host to use a single packet 1203 for all of its resource records instead of needing a separate packet 1204 for each. For example, a host can simultaneously probe for uniqueness 1205 of its "A" record and all its SRV records [DNS-SD] in the same query 1206 packet. 1207 1208 When ready to send its mDNS probe packet(s) the host should first 1209 wait for a short random delay time, uniformly distributed in the 1210 range 0-250ms. This random delay is to guard against the case where a 1211 group of devices are powered on simultaneously, or a group of devices 1212 are connected to an Ethernet hub which is then powered on, or some 1213 other external event happens that might cause a group of hosts to all 1214 send synchronized probes. 1215 1216 250ms after the first query the host should send a second, then 1217 250ms after that a third. If, by 250ms after the third probe, no 1218 conflicting Multicast DNS responses have been received, the host may 1219 move to the next step, announcing. (Note that this is the one 1220 exception from the normal rule that there should be at least one 1221 second between repetitions of the same question, and the interval 1222 between subsequent repetitions should double.) 1223 1224 When sending probe queries, a host MUST NOT consult its cache for 1225 potential answers. Only conflicting Multicast DNS responses received 1226 "live" from the network are considered valid for the purposes of 1227 determining whether probing has succeeded or failed. 1228 1229 In order to allow services to announce their presence without 1230 unreasonable delay, the time window for probing is intentionally set 1231 quite short. As a result of this, from the time the first probe 1232 packet is sent, another device on the network using that name has 1233 just 750ms to respond to defend its name. On networks that are slow, 1234 or busy, or both, it is possible for round-trip latency to account 1235 for a few hundred milliseconds, and software delays in slow devices 1236 1237 1238 Expires 10th February 2007 Cheshire & Krochmal [Page 21] 1239 1241 Internet Draft Multicast DNS 10th August 2006 1242 1243 1244 can add additional delay. For this reason, it is important that when 1245 a device receives a probe query for a name that it is currently using 1246 for unique records, it SHOULD generate its response to defend that 1247 name immediately and send it as quickly as possible. The usual rules 1248 about random delays before responding, to avoid sudden bursts of 1249 simultaneous answers from different hosts, do not apply here since 1250 at most one host should ever respond to a given probe question. Even 1251 when a single DNS query packet contains multiple probe questions, 1252 it would be unusual for that packet to elicit a defensive response 1253 from more than one other host. Because of the mDNS multicast rate 1254 limiting rules, the first two probes SHOULD be sent as "QU" questions 1255 with the "unicast response" bit set, to allow a defending host to 1256 respond immediately via unicast, instead of potentially having to 1257 wait before replying via multicast. At the present time, this 1258 document recommends that the third probe SHOULD be sent as a standard 1259 "QM" question, for backwards compatibility with the small number of 1260 old devices still in use that don't implement unicast responses. 1261 1262 If, at any time during probing, from the beginning of the initial 1263 random 0-250ms delay onward, any conflicting Multicast DNS responses 1264 are received, then the probing host MUST defer to the existing host, 1265 and MUST choose new names for some or all of its resource records 1266 as appropriate, to avoid conflict with pre-existing hosts on the 1267 network. In the case of a host probing using query type T_ANY as 1268 recommended above, any answer containing a record with that name, 1269 of any type, MUST be considered a conflicting response and handled 1270 accordingly. 1271 1272 If fifteen failures occur within any ten-second period, then the host 1273 MUST wait at least five seconds before each successive additional 1274 probe attempt. This is to help ensure that in the event of software 1275 bugs or other unanticipated problems, errant hosts do not flood the 1276 network with a continuous stream of multicast traffic. For very 1277 simple devices, a valid way to comply with this requirement is 1278 to always wait five seconds after any failed probe attempt before 1279 trying again. 1280 1281 If a responder knows by other means, with absolute certainty, that 1282 its unique resource record set name, rrtype and rrclass cannot 1283 already be in use by any other responder on the network, then it 1284 MAY skip the probing step for that resource record set. For example, 1285 when creating the reverse address mapping PTR records, the host can 1286 reasonably assume that no other host will be trying to create those 1287 same PTR records, since that would imply that the two hosts were 1288 trying to use the same IP address, and if that were the case, the 1289 two hosts would be suffering communication problems beyond the scope 1290 of what Multicast DNS is designed to solve. 1291 1292 1293 1294 1295 1296 1297 Expires 10th February 2007 Cheshire & Krochmal [Page 22] 1298 1300 Internet Draft Multicast DNS 10th August 2006 1301 1302 1303 9.2 Simultaneous Probe Tie-Breaking 1304 1305 The astute reader will observe that there is a race condition 1306 inherent in the previous description. If two hosts are probing for 1307 the same name simultaneously, neither will receive any response to 1308 the probe, and the hosts could incorrectly conclude that they may 1309 both proceed to use the name. To break this symmetry, each host 1310 populates the Query packets's Authority Section with the record or 1311 records with the rdata that it would be proposing to use, should its 1312 probing be successful. The Authority Section is being used here in a 1313 way analogous to the way it is used as the "Update Section" in a DNS 1314 Update packet [RFC 2136]. 1315 1316 When a host is probing for a group of related records with the same 1317 name (e.g. the SRV and TXT record describing a DNS-SD service), only 1318 a single question need be placed in the Question Section, since query 1319 type T_ANY (255) is used, which will elicit answers for all records 1320 with that name. However, for tie-breaking to work correctly in all 1321 cases, the Authority Section must contain *all* the records and 1322 proposed rdata being probed for uniqueness. 1323 1324 When a host that is probing for a record sees another host issue a 1325 query for the same record, it consults the Authority Section of that 1326 query. If it finds any resource record(s) there which answers the 1327 query, then it compares the data of that (those) resource record(s) 1328 with its own tentative data. We consider first the simple case of a 1329 host probing for a single record, receiving a simultaneous probe from 1330 another host also probing for a single record. The two records are 1331 compared and the lexicographically later data wins. This means that 1332 if the host finds that its own data is lexicographically later, it 1333 simply ignores the other host's probe. If the host finds that its own 1334 data is lexicographically earlier, then it treats this exactly as if 1335 it had received a positive answer to its query, and concludes that it 1336 may not use the desired name. 1337 1338 The determination of "lexicographically later" is performed by first 1339 comparing the record class, then the record type, then raw comparison 1340 of the binary content of the rdata without regard for meaning or 1341 structure. If the record classes differ, then the numerically greater 1342 class is considered "lexicographically later". Otherwise, if the 1343 record types differ, then the numerically greater type is considered 1344 "lexicographically later". If the rrtype and rrclass both match then 1345 the rdata is compared. 1346 1347 In the case of resource records containing rdata that is subject to 1348 name compression, the names MUST be uncompressed before comparison. 1349 (The details of how a particular name is compressed is an artifact of 1350 how and where the record is written into the DNS message; it is not 1351 an intrinsic property of the resource record itself.) 1352 1353 1354 1355 1356 Expires 10th February 2007 Cheshire & Krochmal [Page 23] 1357 1359 Internet Draft Multicast DNS 10th August 2006 1360 1361 1362 The bytes of the raw uncompressed rdata are compared in turn, 1363 interpreting the bytes as eight-bit UNSIGNED values, until a byte 1364 is found whose value is greater than that of its counterpart (in 1365 which case the rdata whose byte has the greater value is deemed 1366 lexicographically later) or one of the resource records runs out 1367 of rdata (in which case the resource record which still has 1368 remaining data first is deemed lexicographically later). 1369 1370 The following is an example of a conflict: 1371 1372 cheshire.local. A 169.254.99.200 1373 cheshire.local. A 169.254.200.50 1374 1375 In this case 169.254.200.50 is lexicographically later (the third 1376 byte, with value 200, is greater than its counterpart with value 99), 1377 so it is deemed the winner. 1378 1379 Note that it is vital that the bytes are interpreted as UNSIGNED 1380 values in the range 0-255, or the wrong outcome may result. In 1381 the example above, if the byte with value 200 had been incorrectly 1382 interpreted as a signed eight-bit value then it would be interpreted 1383 as value -56, and the wrong address record would be deemed the 1384 winner. 1385 1386 1387 9.2.1 Simultaneous Probe Tie-Breaking for Multiple Records 1388 1389 When a host is probing for a set of records with the same name, or a 1390 packet is received containing multiple tie-breaker records answering 1391 a given probe question in the Question Section, the host's records 1392 and the tie-breaker records from the packet are each sorted into 1393 order, and then compared pairwise, using the same comparison 1394 technique described above, until a difference is found. 1395 1396 The records are sorted using the same lexicographical order as 1397 described above, that is: if the record classes differ, the record 1398 with the lower class number comes first. If the classes are the same 1399 but the rrtypes differ, the record with the lower rrtype number comes 1400 first. If the class and rrtype match, then the rdata is compared 1401 bytewise until a difference is found. For example, in the common case 1402 of advertising DNS-SD services with a TXT record and an SRV record, 1403 the TXT record comes first (the rrtype for TXT is 16) and the SRV 1404 record comes second (the rrtype for SRV is 33). 1405 1406 When comparing the records, if the first records match perfectly, 1407 then the second records are compared, and so on. If either list of 1408 records runs out of records before any difference is found, then the 1409 list with records remaining is deemed to have won the tie-break. If 1410 both lists run out of records at the same time without any difference 1411 being found, then this indicates that two devices are advertising 1412 identical sets of records, as is sometimes done for fault tolerance, 1413 and there is in fact no conflict. 1414 1415 Expires 10th February 2007 Cheshire & Krochmal [Page 24] 1416 1418 Internet Draft Multicast DNS 10th August 2006 1419 1420 1421 9.3 Announcing 1422 1423 The second startup step is that the Multicast DNS Responder MUST send 1424 a gratuitous Multicast DNS Response containing, in the Answer 1425 Section, all of its resource records (both shared records, and unique 1426 records that have completed the probing step). If there are too many 1427 resource records to fit in a single packet, multiple packets should 1428 be used. 1429 1430 In the case of shared records (e.g. the PTR records used by DNS 1431 Service Discovery [DNS-SD]), the records are simply placed as-is 1432 into the Answer Section of the DNS Response. 1433 1434 In the case of records that have been verified to be unique in the 1435 previous step, they are placed into the Answer Section of the DNS 1436 Response with the most significant bit of the rrclass set to one. 1437 The most significant bit of the rrclass for a record in the Answer 1438 Section of a response packet is the mDNS "cache flush" bit and is 1439 discussed in more detail below in Section 11.3 "Announcements to 1440 Flush Outdated Cache Entries". 1441 1442 The Multicast DNS Responder MUST send at least two gratuitous 1443 responses, one second apart. A Responder MAY send up to eight 1444 gratuitous Responses, provided that the interval between gratuitous 1445 responses doubles with every response sent. 1446 1447 A Multicast DNS Responder MUST NOT send announcements in the absence 1448 of information that its network connectivity may have changed in 1449 some relevant way. In particular, a Multicast DNS Responder MUST NOT 1450 send regular periodic announcements as a matter of course. It is not 1451 uncommon for protocol designers to encounter some problem which they 1452 decide to solve using regular periodic announcements, but this is 1453 generally not a wise protocol design choice. In the small scale 1454 periodic announcements may seem to remedy the short-term problem, 1455 but they do not scale well if the protocol becomes successful. 1456 If every host on the network implements the protocol -- if multiple 1457 applications on every host on the network are implementing the 1458 protocol -- then even a low periodic rate of just one announcement 1459 per minute per application per host can add up to multiple packets 1460 per second in total. While gigabit Ethernet may be able to carry 1461 a million packets per second, other network technologies cannot. 1462 For example, while IEEE 802.11g wireless has a nominal data rate of 1463 up to 54Mb/sec, multicasting just 100 packets per second can consume 1464 the entire available bandwidth, leaving nothing for anything else. 1465 1466 With the increasing popularity of hand-held devices, unnecessary 1467 continuous packet transmission can have bad implications for battery 1468 life. It's worth pointing out the precedent that TCP was also 1469 designed with this "no regular periodic idle packets" philosophy. 1470 Standard TCP sends packets only when it has data to send or 1471 acknowledge. If neither client nor server sends any bytes, then the 1472 1473 1474 Expires 10th February 2007 Cheshire & Krochmal [Page 25] 1475 1477 Internet Draft Multicast DNS 10th August 2006 1478 1479 1480 TCP code will send no packets, and a TCP connection can remain active 1481 in this state indefinitely, with no packets being exchanged for 1482 hours, days, weeks or months. 1483 1484 Whenever a Multicast DNS Responder receives any Multicast DNS 1485 response (gratuitous or otherwise) containing a conflicting resource 1486 record, the conflict MUST be resolved as described below in "Conflict 1487 Resolution". 1488 1489 1490 9.4 Updating 1491 1492 At any time, if the rdata of any of a host's Multicast DNS records 1493 changes, the host MUST repeat the Announcing step described above to 1494 update neighboring caches. For example, if any of a host's IP 1495 addresses change, it MUST re-announce those address records. 1496 1497 In the case of shared records, a host MUST send a "goodbye" 1498 announcement with TTL zero (see Section 11.2 "Goodbye Packets") 1499 for the old rdata, to cause it to be deleted from peer caches, 1500 before announcing the new rdata. In the case of unique records, 1501 a host SHOULD omit the "goodbye" announcement, since the cache 1502 flush bit on the newly announced records will cause old rdata 1503 to be flushed from peer caches anyway. 1504 1505 A host may update the contents of any of its records at any time, 1506 though a host SHOULD NOT update records more frequently than ten 1507 times per minute. Frequent rapid updates impose a burden on the 1508 network. If a host has information to disseminate which changes more 1509 frequently than ten times per minute, then it may be more appropriate 1510 to design a protocol for that specific purpose. 1511 1512 1513 10. Conflict Resolution 1514 1515 A conflict occurs when a Multicast DNS Responder has a unique record 1516 for which it is authoritative, and it receives a Multicast DNS 1517 response packet containing a record with the same name, rrtype and 1518 rrclass, but inconsistent rdata. What may be considered inconsistent 1519 is context sensitive, except that resource records with identical 1520 rdata are never considered inconsistent, even if they originate from 1521 different hosts. This is to permit use of proxies and other 1522 fault-tolerance mechanisms that may cause more than one responder 1523 to be capable of issuing identical answers on the network. 1524 1525 A common example of a resource record type that is intended to be 1526 unique, not shared between hosts, is the address record that maps a 1527 host's name to its IP address. Should a host witness another host 1528 announce an address record with the same name but a different IP 1529 address, then that is considered inconsistent, and that address 1530 record is considered to be in conflict. 1531 1532 1533 Expires 10th February 2007 Cheshire & Krochmal [Page 26] 1534 1536 Internet Draft Multicast DNS 10th August 2006 1537 1538 1539 Whenever a Multicast DNS Responder receives any Multicast DNS 1540 response (gratuitous or otherwise) containing a conflicting resource 1541 record in the Answer Section, the Multicast DNS Responder MUST 1542 immediately reset its conflicted unique record to probing state, and 1543 go through the startup steps described above in Section 9. "Probing 1544 and Announcing on Startup". The protocol used in the Probing phase 1545 will determine a winner and a loser, and the loser MUST cease using 1546 the name, and reconfigure. 1547 1548 It is very important that any host receiving a resource record that 1549 conflicts with one of its own MUST take action as described above. 1550 In the case of two hosts using the same host name, where one has been 1551 configured to require a unique host name and the other has not, the 1552 one that has not been configured to require a unique host name will 1553 not perceive any conflict, and will not take any action. By reverting 1554 to Probing state, the host that desires a unique host name will go 1555 through the necessary steps to ensure that a unique host is obtained. 1556 1557 The recommended course of action after probing and failing is as 1558 follows: 1559 1560 o Programmatically change the resource record name in an attempt to 1561 find a new name that is unique. This could be done by adding some 1562 further identifying information (e.g. the model name of the 1563 hardware) if it is not already present in the name, appending the 1564 digit "2" to the name, or incrementing a number at the end of the 1565 name if one is already present. 1566 1567 o Probe again, and repeat until a unique name is found. 1568 1569 o Record this newly chosen name in persistent storage so that the 1570 device will use the same name the next time it is power-cycled. 1571 1572 o Display a message to the user or operator informing them of the 1573 name change. For example: 1574 1575 The name "Bob's Music" is in use by another iTunes music 1576 server on the network. Your music has been renamed to 1577 "Bob's Music (G4 Cube)". If you want to change this name, 1578 use [describe appropriate menu item or preference dialog]. 1579 1580 o If after one minute of probing the Multicast DNS Responder has been 1581 unable to find any unused name, it should display a message to the 1582 user or operator informing them of this fact. This situation should 1583 never occur in normal operation. The only situations that would 1584 cause this to happen would be either a deliberate denial-of-service 1585 attack, or some kind of very obscure hardware or software bug that 1586 acts like a deliberate denial-of-service attack. 1587 1588 How the user or operator is informed depends on context. A desktop 1589 computer with a screen might put up a dialog box. A headless server 1590 1591 1592 Expires 10th February 2007 Cheshire & Krochmal [Page 27] 1593 1595 Internet Draft Multicast DNS 10th August 2006 1596 1597 1598 in the closet may write a message to a log file, or use whatever 1599 mechanism (email, SNMP trap, etc.) it uses to inform the 1600 administrator of other error conditions. On the other hand a headless 1601 server in the closet may not inform the user at all -- if the user 1602 cares, they will notice the name has changed, and connect to the 1603 server in the usual way (e.g. via Web Browser) to configure a new 1604 name. 1605 1606 The examples in this section focus on address records (i.e. host 1607 names), but the same considerations apply to all resource records 1608 where uniqueness (or maintenance of some other defined constraint) 1609 is desired. 1610 1611 1612 11. Resource Record TTL Values and Cache Coherency 1613 1614 As a general rule, the recommended TTL value for Multicast DNS 1615 resource records with a host name as the resource record's name 1616 (e.g. A, AAAA, HINFO, etc.) or contained within the resource record's 1617 rdata (e.g. SRV, reverse mapping PTR record, etc.) is 120 seconds. 1618 1619 The recommended TTL value for other Multicast DNS resource records 1620 is 75 minutes. 1621 1622 A client with an active outstanding query will issue a query packet 1623 when one or more of the resource record(s) in its cache is (are) 80% 1624 of the way to expiry. If the TTL on those records is 75 minutes, 1625 this ongoing cache maintenance process yields a steady-state query 1626 rate of one query every 60 minutes. 1627 1628 Any distributed cache needs a cache coherency protocol. If Multicast 1629 DNS resource records follow the recommendation and have a TTL of 75 1630 minutes, that means that stale data could persist in the system for 1631 a little over an hour. Making the default TTL significantly lower 1632 would reduce the lifetime of stale data, but would produce too much 1633 extra traffic on the network. Various techniques are available to 1634 minimize the impact of such stale data. 1635 1636 1637 11.1 Cooperating Multicast DNS Responders 1638 1639 If a Multicast DNS Responder ("A") observes some other Multicast DNS 1640 Responder ("B") send a Multicast DNS Response packet containing a 1641 resource record with the same name, rrtype and rrclass as one of A's 1642 resource records, but different rdata, then: 1643 1644 o If A's resource record is intended to be a shared resource record, 1645 then this is no conflict, and no action is required. 1646 1647 o If A's resource record is intended to be a member of a unique 1648 resource record set owned solely by that responder, then this 1649 1650 1651 Expires 10th February 2007 Cheshire & Krochmal [Page 28] 1652 1654 Internet Draft Multicast DNS 10th August 2006 1655 1656 1657 is a conflict and MUST be handled as described in Section 10 1658 "Conflict Resolution". 1659 1660 If a Multicast DNS Responder ("A") observes some other Multicast DNS 1661 Responder ("B") send a Multicast DNS Response packet containing a 1662 resource record with the same name, rrtype and rrclass as one of A's 1663 resource records, and identical rdata, then: 1664 1665 o If the TTL of B's resource record given in the packet is at least 1666 half the true TTL from A's point of view, then no action is 1667 required. 1668 1669 o If the TTL of B's resource record given in the packet is less than 1670 half the true TTL from A's point of view, then A MUST mark its 1671 record to be announced via multicast. Clients receiving the record 1672 from B would use the TTL given by B, and hence may delete the 1673 record sooner than A expects. By sending its own multicast response 1674 correcting the TTL, A ensures that the record will be retained for 1675 the desired time. 1676 1677 These rules allow multiple Multicast DNS Responders to offer the same 1678 data on the network (perhaps for fault tolerance reasons) without 1679 conflicting with each other. 1680 1681 1682 11.2 Goodbye Packets 1683 1684 In the case where a host knows that certain resource record data is 1685 about to become invalid (for example when the host is undergoing a 1686 clean shutdown) the host SHOULD send a gratuitous announcement mDNS 1687 response packet, giving the same resource record name, rrtype, 1688 rrclass and rdata, but an RR TTL of zero. This has the effect of 1689 updating the TTL stored in neighboring hosts' cache entries to zero, 1690 causing that cache entry to be promptly deleted. 1691 1692 Clients receiving a Multicast DNS Response with a TTL of zero SHOULD 1693 NOT immediately delete the record from the cache, but instead record 1694 a TTL of 1 and then delete the record one second later. In the case 1695 of multiple Multicast DNS Responders on the network described in 1696 Section 11.1 above, if one of the Responders shuts down and 1697 incorrectly sends goodbye packets for its records, it gives the other 1698 cooperating Responders one second to send out their own response to 1699 "rescue" the records before they expire and are deleted. 1700 1701 1702 11.3 Announcements to Flush Outdated Cache Entries 1703 1704 Whenever a host has a resource record with potentially new data (e.g. 1705 after rebooting, waking from sleep, connecting to a new network link, 1706 changing IP address, etc.), the host MUST send a series of gratuitous 1707 announcements to update cache entries in its neighbor hosts. In 1708 1709 1710 Expires 10th February 2007 Cheshire & Krochmal [Page 29] 1711 1713 Internet Draft Multicast DNS 10th August 2006 1714 1715 1716 these gratuitous announcements, if the record is one that is intended 1717 to be unique, the host sets the most significant bit of the rrclass 1718 field of the resource record. This bit, the "cache flush" bit, tells 1719 neighboring hosts that this is not a shared record type. Instead of 1720 merging this new record additively into the cache in addition to any 1721 previous records with the same name, rrtype and rrclass, all old 1722 records with that name, type and class that were received more than 1723 one second ago are declared invalid, and marked to expire from the 1724 cache in one second. 1725 1726 The semantics of the cache flush bit are as follows: Normally when a 1727 resource record appears in the Answer Section of the DNS Response, it 1728 means, "This is an assertion that this information is true." When a 1729 resource record appears in the Answer Section of the DNS Response 1730 with the "cache flush" bit set, it means, "This is an assertion that 1731 this information is the truth and the whole truth, and anything you 1732 may have heard more than a second ago regarding records of this 1733 name/rrtype/rrclass is no longer valid". 1734 1735 To accommodate the case where the set of records from one host 1736 constituting a single unique RRSet is too large to fit in a single 1737 packet, only cache records that are more than one second old are 1738 flushed. This allows the announcing host to generate a quick burst of 1739 packets back-to-back on the wire containing all the members 1740 of the RRSet. When receiving records with the "cache flush" bit set, 1741 all records older than one second are marked to be deleted one second 1742 in the future. One second after the end of the little packet burst, 1743 any records not represented within that packet burst will then be 1744 expired from all peer caches. 1745 1746 Any time a host sends a response packet containing some members of a 1747 unique RRSet, it SHOULD send the entire RRSet, preferably in a single 1748 packet, or if the entire RRSet will not fit in a single packet, in a 1749 quick burst of packets sent as close together as possible. The host 1750 SHOULD set the cache flush bit on all members of the unique RRSet. 1751 In the event that for some reason the host chooses not to send the 1752 entire unique RRSet in a single packet or a rapid packet burst, 1753 it MUST NOT set the cache flush bit on any of those records. 1754 1755 The reason for waiting one second before deleting stale records from 1756 the cache is to accommodate bridged networks. For example, a host's 1757 address record announcement on a wireless interface may be bridged 1758 onto a wired Ethernet, and cause that same host's Ethernet address 1759 records to be flushed from peer caches. The one-second delay gives 1760 the host the chance to see its own announcement arrive on the wired 1761 Ethernet, and immediately re-announce its Ethernet interface's 1762 address records so that both sets remain valid and live in peer 1763 caches. 1764 1765 These rules apply regardless of *why* the response packet is being 1766 generated. They apply to startup announcements as described in 1767 1768 1769 Expires 10th February 2007 Cheshire & Krochmal [Page 30] 1770 1772 Internet Draft Multicast DNS 10th August 2006 1773 1774 1775 Section 9.3 "Announcing", and to responses generated as a result 1776 of receiving query packets. 1777 1778 The "cache flush" bit is only set in records in the Answer Section of 1779 Multicast DNS responses sent to UDP port 5353. The "cache flush" bit 1780 MUST NOT be set in any resource records in a response packet sent in 1781 legacy unicast responses to UDP ports other than 5353. 1782 1783 The "cache flush" bit MUST NOT be set in any resource records in the 1784 known-answer list of any query packet. 1785 1786 The "cache flush" bit MUST NOT ever be set in any shared resource 1787 record. To do so would cause all the other shared versions of this 1788 resource record with different rdata from different Responders to be 1789 immediately deleted from all the caches on the network. 1790 1791 The "cache flush" bit does apply to questions listed in the Question 1792 Section of a Multicast DNS packet. The top bit of the rrclass field 1793 in questions is used for an entirely different purpose (see Section 1794 6.5, "Questions Requesting Unicast Responses"). 1795 1796 Note that the "cache flush" bit is NOT part of the resource record 1797 class. The "cache flush" bit is the most significant bit of the 1798 second 16-bit word of a resource record in the Answer Section of 1799 an mDNS packet (the field conventionally referred to as the rrclass 1800 field), and the actual resource record class is the least-significant 1801 fifteen bits of this field. There is no mDNS resource record class 1802 0x8001. The value 0x8001 in the rrclass field of a resource record in 1803 an mDNS response packet indicates a resource record with class 1, 1804 with the "cache flush" bit set. When receiving a resource record with 1805 the "cache flush" bit set, implementations should take care to mask 1806 off that bit before storing the resource record in memory. 1807 1808 1809 11.4 Cache Flush on Topology change 1810 1811 If the hardware on a given host is able to indicate physical changes 1812 of connectivity, then when the hardware indicates such a change, the 1813 host should take this information into account in its mDNS cache 1814 management strategy. For example, a host may choose to immediately 1815 flush all cache records received on a particular interface when that 1816 cable is disconnected. Alternatively, a host may choose to adjust the 1817 remaining TTL on all those records to a few seconds so that if the 1818 cable is not reconnected quickly, those records will expire from the 1819 cache. 1820 1821 Likewise, when a host reboots, or wakes from sleep, or undergoes some 1822 other similar discontinuous state change, the cache management 1823 strategy should take that information into account. 1824 1825 1826 1827 1828 Expires 10th February 2007 Cheshire & Krochmal [Page 31] 1829 1831 Internet Draft Multicast DNS 10th August 2006 1832 1833 1834 11.5 Cache Flush on Failure Indication 1835 1836 Sometimes a cache record can be determined to be stale when a client 1837 attempts to use the rdata it contains, and finds that rdata to be 1838 incorrect. 1839 1840 For example, the rdata in an address record can be determined to be 1841 incorrect if attempts to contact that host fail, either because 1842 ARP/ND requests for that address go unanswered (for an address on a 1843 local subnet) or because a router returns an ICMP "Host Unreachable" 1844 error (for an address on a remote subnet). 1845 1846 The rdata in an SRV record can be determined to be incorrect if 1847 attempts to communicate with the indicated service at the host and 1848 port number indicated are not successful. 1849 1850 The rdata in a DNS-SD PTR record can be determined to be incorrect if 1851 attempts to look up the SRV record it references are not successful. 1852 1853 In any such case, the software implementing the mDNS resource record 1854 cache should provide a mechanism so that clients detecting stale 1855 rdata can inform the cache. 1856 1857 When the cache receives this hint that it should reconfirm some 1858 record, it MUST issue two or more queries for the resource record in 1859 question. If no response is received in a reasonable amount of time, 1860 then, even though its TTL may indicate that it is not yet due to 1861 expire, that record SHOULD be promptly flushed from the cache. 1862 1863 The end result of this is that if a printer suffers a sudden power 1864 failure or other abrupt disconnection from the network, its name 1865 may continue to appear in DNS-SD browser lists displayed on users' 1866 screens. Eventually that entry will expire from the cache naturally, 1867 but if a user tries to access the printer before that happens, the 1868 failure to successfully contact the printer will trigger the more 1869 hasty demise of its cache entries. This is a sensible trade-off 1870 between good user-experience and good network efficiency. If we were 1871 to insist that printers should disappear from the printer list within 1872 30 seconds of becoming unavailable, for all failure modes, the only 1873 way to achieve this would be for the client to poll the printer at 1874 least every 30 seconds, or for the printer to announce its presence 1875 at least every 30 seconds, both of which would be an unreasonable 1876 burden on most networks. 1877 1878 1879 11.6 Passive Observation of Failures 1880 1881 A host observes the multicast queries issued by the other hosts on 1882 the network. One of the major benefits of also sending responses 1883 using multicast is that it allows all hosts to see the responses (or 1884 lack thereof) to those queries. 1885 1886 1887 Expires 10th February 2007 Cheshire & Krochmal [Page 32] 1888 1890 Internet Draft Multicast DNS 10th August 2006 1891 1892 1893 If a host sees queries, for which a record in its cache would be 1894 expected to be given as an answer in a multicast response, but no 1895 such answer is seen, then the host may take this as an indication 1896 that the record may no longer be valid. 1897 1898 After seeing two or more of these queries, and seeing no multicast 1899 response containing the expected answer within a reasonable amount of 1900 time, then even though its TTL may indicate that it is not yet due to 1901 expire, that record MAY be flushed from the cache. The host SHOULD 1902 NOT perform its own queries to re-confirm that the record is truly 1903 gone. If every host on a large network were to do this, it would 1904 cause a lot of unnecessary multicast traffic. If host A sends 1905 multicast queries that remain unanswered, then there is no reason 1906 to suppose that host B or any other host is likely to be any more 1907 successful. 1908 1909 The previous section, "Cache Flush on Failure Indication", describes 1910 a situation where a user trying to print discovers that the printer 1911 is no longer available. By implementing the passive observation 1912 described here, when one user fails to contact the printer, all 1913 hosts on the network observe that failure and update their caches 1914 accordingly. 1915 1916 1917 12. Special Characteristics of Multicast DNS Domains 1918 1919 Unlike conventional DNS names, names that end in ".local." or 1920 "254.169.in-addr.arpa." have only local significance. The same is 1921 true of names within the IPv6 Link-Local reverse mapping domains. 1922 1923 Conventional Unicast DNS seeks to provide a single unified namespace, 1924 where a given DNS query yields the same answer no matter where on the 1925 planet it is performed or to which recursive DNS server the query is 1926 sent. In contrast, each IP link has its own private ".local.", 1927 "254.169.in-addr.arpa." and IPv6 Link-Local reverse mapping 1928 namespaces, and the answer to any query for a name within those 1929 domains depends on where that query is asked. (This characteristic is 1930 not unique to Multicast DNS. Although the original concept of DNS was 1931 a single global namespace, in recent years split views, firewalls, 1932 intranets, and the like have increasingly meant that the answer to a 1933 given DNS query has become dependent on the location of the querier.) 1934 1935 Multicast DNS Domains are not delegated from their parent domain via 1936 use of NS records. There are no NS records anywhere in Multicast DNS 1937 Domains. Instead, all Multicast DNS Domains are delegated to the IP 1938 addresses 224.0.0.251 and FF02::FB by virtue of the individual 1939 organizations producing DNS client software deciding how to handle 1940 those names. It would be extremely valuable for the industry if this 1941 special handling were ratified and recorded by IANA, since otherwise 1942 the special handling provided by each vendor is likely to be 1943 inconsistent. 1944 1945 1946 Expires 10th February 2007 Cheshire & Krochmal [Page 33] 1947 1949 Internet Draft Multicast DNS 10th August 2006 1950 1951 1952 The IPv4 name server for a Multicast DNS Domain is 224.0.0.251. The 1953 IPv6 name server for a Multicast DNS Domain is FF02::FB. These are 1954 multicast addresses; therefore they identify not a single host but a 1955 collection of hosts, working in cooperation to maintain some 1956 reasonable facsimile of a competently managed DNS zone. Conceptually 1957 a Multicast DNS Domain is a single DNS zone, however its server is 1958 implemented as a distributed process running on a cluster of loosely 1959 cooperating CPUs rather than as a single process running on a single 1960 CPU. 1961 1962 No delegation is performed within Multicast DNS Domains. Because the 1963 cluster of loosely coordinated CPUs is cooperating to administer a 1964 single zone, delegation is neither necessary nor desirable. Just 1965 because a particular host on the network may answer queries for a 1966 particular record type with the name "example.local." does not imply 1967 anything about whether that host will answer for the name 1968 "child.example.local.", or indeed for other record types with the 1969 name "example.local." 1970 1971 Multicast DNS Zones have no SOA record. A conventional DNS zone's 1972 SOA record contains information such as the email address of the zone 1973 administrator and the monotonically increasing serial number of the 1974 last zone modification. There is no single human administrator for 1975 any given Multicast DNS Zone, so there is no email address. Because 1976 the hosts managing any given Multicast DNS Zone are only loosely 1977 coordinated, there is no readily available monotonically increasing 1978 serial number to determine whether or not the zone contents have 1979 changed. A host holding part of the shared zone could crash or be 1980 disconnected from the network at any time without informing the other 1981 hosts. There is no reliable way to provide a zone serial number that 1982 would, whenever such a crash or disconnection occurred, immediately 1983 change to indicate that the contents of the shared zone had changed. 1984 1985 Zone transfers are not possible for any Multicast DNS Zone. 1986 1987 1988 13. Multicast DNS for Service Discovery 1989 1990 This document does not describe using Multicast DNS for network 1991 browsing or service discovery. However, the mechanisms this document 1992 describes are compatible with (and support) the browsing and service 1993 discovery mechanisms proposed in "DNS-Based Service Discovery" 1994 [DNS-SD]. 1995 1996 1997 14. Enabling and Disabling Multicast DNS 1998 1999 The option to fail-over to Multicast DNS for names not ending 2000 in ".local." SHOULD be a user-configured option, and SHOULD 2001 be disabled by default because of the possible security issues 2002 related to unintended local resolution of apparently global names. 2003 2004 2005 Expires 10th February 2007 Cheshire & Krochmal [Page 34] 2006 2008 Internet Draft Multicast DNS 10th August 2006 2009 2010 2011 The option to lookup unqualified (relative) names by appending 2012 ".local." (or not) is controlled by whether ".local." appears 2013 (or not) in the client's DNS search list. 2014 2015 No special control is needed for enabling and disabling Multicast DNS 2016 for names explicitly ending with ".local." as entered by the user. 2017 The user doesn't need a way to disable Multicast DNS for names ending 2018 with ".local.", because if the user doesn't want to use Multicast 2019 DNS, they can achieve this by simply not using those names. If a user 2020 *does* enter a name ending in ".local.", then we can safely assume 2021 the user's intention was probably that it should work. Having user 2022 configuration options that can be (intentionally or unintentionally) 2023 set so that local names don't work is just one more way of 2024 frustrating the user's ability to perform the tasks they want, 2025 perpetuating the view that, "IP networking is too complicated to 2026 configure and too hard to use." This in turn perpetuates the 2027 continued use of protocols like AppleTalk. If we want to retire 2028 AppleTalk, NetBIOS, etc., we need to offer users equivalent IP 2029 functionality that they can rely on to, "always work, like 2030 AppleTalk." A little Multicast DNS traffic may be a burden on the 2031 network, but it is an insignificant burden compared to continued 2032 widespread use of AppleTalk. 2033 2034 2035 15. Considerations for Multiple Interfaces 2036 2037 A host SHOULD defend its host name (FQDN) on all active interfaces on 2038 which it is answering Multicast DNS queries. 2039 2040 In the event of a name conflict on *any* interface, a host should 2041 configure a new host name, if it wishes to maintain uniqueness of its 2042 host name. 2043 2044 A host may choose to use the same name for all of its address records 2045 on all interfaces, or it may choose to manage its Multicast DNS host 2046 name(s) independently on each interface, potentially answering to 2047 different names on different interfaces. 2048 2049 When answering a Multicast DNS query, a multi-homed host with a 2050 link-local address (or addresses) SHOULD take care to ensure that 2051 any address going out in a Multicast DNS response is valid for use 2052 on the interface on which the response is going out. 2053 2054 Just as the same link-local IP address may validly be in use 2055 simultaneously on different links by different hosts, the same 2056 link-local host name may validly be in use simultaneously on 2057 different links, and this is not an error. A multi-homed host with 2058 connections to two different links may be able to communicate with 2059 two different hosts that are validly using the same name. While this 2060 kind of name duplication should be rare, it means that a host that 2061 wants to fully support this case needs network programming APIs that 2062 allow applications to specify on what interface to perform a 2063 2064 Expires 10th February 2007 Cheshire & Krochmal [Page 35] 2065 2067 Internet Draft Multicast DNS 10th August 2006 2068 2069 2070 link-local Multicast DNS query, and to discover on what interface a 2071 Multicast DNS response was received. 2072 2073 There is one other special precaution that multi-homed hosts need to 2074 take. It's common with today's laptop computers to have an Ethernet 2075 connection and an 802.11 wireless connection active at the same time. 2076 What the software on the laptop computer can't easily tell is whether 2077 the wireless connection is in fact bridged onto the same network 2078 segment as its Ethernet connection. If the two networks are bridged 2079 together, then packets the host sends on one interface will arrive on 2080 the other interface a few milliseconds later, and care must be taken 2081 to ensure that this bridging does not cause problems: 2082 2083 When the host announces its host name (i.e. its address records) on 2084 its wireless interface, those announcement records are sent with the 2085 cache-flush bit set, so when they arrive on the Ethernet segment, 2086 they will cause all the peers on the Ethernet to flush the host's 2087 Ethernet address records from their caches. The mDNS protocol has a 2088 safeguard to protect against this situation: when records are 2089 received with the cache-flush bit set, other records are not deleted 2090 from peer caches immediately, but are marked for deletion in one 2091 second. When the host sees its own wireless address records arrive on 2092 its Ethernet interface, with the cache-flush bit set, this one-second 2093 grace period gives the host time to respond and re-announce its 2094 Ethernet address records, to reinstate those records in peer caches 2095 before they are deleted. 2096 2097 As described, this solves one problem, but creates another, because 2098 when those Ethernet announcement records arrive back on the wireless 2099 interface, the host would again respond defensively to reinstate its 2100 wireless records, and this process would continue forever, 2101 continuously flooding the network with traffic. The mDNS protocol has 2102 a second safeguard, to solve this problem: the cache-flush bit does 2103 not apply to records received very recently, within the last second. 2104 This means that when the host sees its own Ethernet address records 2105 arrive on its wireless interface, with the cache-flush bit set, it 2106 knows there's no need to re-announce its wireless address records 2107 again because it already sent them less than a second ago, and this 2108 makes them immune from deletion from peer caches. 2109 2110 16. Considerations for Multiple Responders on the Same Machine 2111 2112 It is possible to have more than one Multicast DNS Responder and/or 2113 Querier implementation coexist on the same machine, but there are 2114 some known issues. 2115 2116 16.1 Receiving Unicast Responses 2117 2118 In most operating systems, incoming multicast packets can be 2119 delivered to *all* open sockets bound to the right port number, 2120 provided that the clients take the appropriate steps to allow this. 2121 For this reason, all Multicast DNS implementations SHOULD use the 2122 2123 Expires 10th February 2007 Cheshire & Krochmal [Page 36] 2124 2126 Internet Draft Multicast DNS 10th August 2006 2127 2128 2129 SO_REUSEPORT and/or SO_REUSEADDR options (or equivalent as 2130 appropriate for the operating system in question) so they will all be 2131 able to bind to UDP port 5353 and receive incoming multicast packets 2132 addressed to that port. However, incoming unicast UDP packets are 2133 typically delivered only to the first socket to bind to that port. 2134 This means that "QU" responses and other packets sent via unicast 2135 will be received only by the first Multicast DNS Responder and/or 2136 Querier on a system. This limitation can be partially mitigated if 2137 Multicast DNS implementations detect when they are not the first 2138 to bind to port 5353, and in that case they do not request "QU" 2139 responses. One way to detect if there is another Multicast DNS 2140 implementation already running is to attempt binding to port 5353 2141 without using SO_REUSEPORT and/or SO_REUSEADDR, and if that fails 2142 it indicates that some other socket is already bound to this port. 2143 2144 2145 16.2 Multi-Packet Known-Answer lists 2146 2147 When a Multicast DNS Querier issues a query with too many known 2148 answers to fit into a single packet, it divides the known answer list 2149 into two or more packets. Multicast DNS Responders associate the 2150 initial truncated query with its continuation packets by examining 2151 the source IP address in each packet. Since two independent Multicast 2152 DNS Queriers running on the same machine will be sending packets with 2153 the same source IP address, from an outside perspective they appear 2154 to be a single entity. If both Queriers happened to send the same 2155 multi-packet query at the same time, with different known answer 2156 lists, then they could each end up suppressing answers that the other 2157 needs. 2158 2159 2160 16.3 Efficiency 2161 2162 If different clients on a machine were to each have their own 2163 separate independent Multicast DNS implementation, they would lose 2164 certain efficiency benefits. Apart from the unnecessary code 2165 duplication, memory usage, and CPU load, the clients wouldn't get the 2166 benefit of a shared system-wide cache, and they would not be able to 2167 aggregate separate queries into single packets to reduce network 2168 traffic. 2169 2170 2171 16.4 Recommendation 2172 2173 Because of these issues, this document encourages implementers 2174 to design systems with a single Multicast DNS implementation that 2175 provides Multicast DNS services shared by all clients on that 2176 machine. Due to engineering constraints, there may be situations 2177 where embedding a Multicast DNS implementation in the client is the 2178 most expedient solution, and while this will work in practice, 2179 implementers should be aware of the issues outlined in this section. 2180 2181 2182 Expires 10th February 2007 Cheshire & Krochmal [Page 37] 2183 2185 Internet Draft Multicast DNS 10th August 2006 2186 2187 17. Multicast DNS and Power Management 2188 2189 Many modern network devices have the ability to go into a low-power 2190 mode where only a small part of the Ethernet hardware remains 2191 powered, and the device can be woken up by sending a specially 2192 formatted Ethernet frame which the device's power-management hardware 2193 recognizes. 2194 2195 To make use of this in conjunction with Multicast DNS, we propose a 2196 network power management service called Sleep Proxy Service. A device 2197 that wishes to enter low-power mode first uses DNS-SD to determine if 2198 Sleep Proxy Service is available on the local network. In some 2199 networks there may be more than one piece of hardware implementing 2200 Sleep Proxy Service, for fault-tolerance reasons. 2201 2202 If the device finds the network has Sleep Proxy Service, the device 2203 transmits two or more gratuitous mDNS announcements setting the TTL 2204 of its relevant resource records to zero, to delete them from 2205 neighboring caches. The relevant resource records include address 2206 records and SRV records, and other resource records as may apply to a 2207 particular device. The device then communicates all of its remaining 2208 active records, plus the names, rrtypes and rrclasses of the deleted 2209 records, to the Sleep Proxy Service(s), along with a copy of the 2210 specific "magic packet" required to wake the device up. 2211 2212 When a Sleep Proxy Service sees an mDNS query for one of the 2213 device's active records (e.g. a DNS-SD PTR record), it answers on 2214 behalf of the device without waking it up. When a Sleep Proxy Service 2215 sees an mDNS query for one of the device's deleted resource 2216 records, it deduces that some client on the network needs to make an 2217 active connection to the device, and sends the specified "magic 2218 packet" to wake the device up. The device then wakes up, reactivates 2219 its deleted resource records, and re-announces them to the network. 2220 The client waiting to connect sees the announcements, learns the 2221 current IP address and port number of the desired service on the 2222 device, and proceeds to connect to it. 2223 2224 The connecting client does not need to be aware of how Sleep Proxy 2225 Service works. Only devices that implement low power mode and wish to 2226 make use of Sleep Proxy Service need to be aware of how that protocol 2227 works. 2228 2229 The reason that a device using a Sleep Proxy Service should send more 2230 than one goodbye packet is to ensure deletion of the resource records 2231 from all peer caches. If resource records were to inadvertently 2232 remain in some peer caches, then those peers may not issue any query 2233 packets for those records when attempting to access the sleeping 2234 device, so the Sleep Proxy Service would not receive any queries for 2235 the device's SRV and/or address records, and the necessary wake-up 2236 message would not be triggered. 2237 2238 The full specification of mDNS / DNS-SD Sleep Proxy Service 2239 is described in another document [not yet published]. 2240 2241 Expires 10th February 2007 Cheshire & Krochmal [Page 38] 2242 2244 Internet Draft Multicast DNS 10th August 2006 2245 2246 2247 18. Multicast DNS Character Set 2248 2249 Unicast DNS has been plagued by the lack of any support for non-US 2250 characters. Indeed, conventional DNS is usually limited to just 2251 letters, digits and hyphens, with no spaces or other punctuation. 2252 Attempts to remedy this for unicast DNS have been badly constrained 2253 by the need to accommodate old buggy legacy DNS implementations. 2254 In reality, the DNS specification actually imposes no limits on what 2255 characters may be used in names, and good DNS implementations handle 2256 any arbitrary eight-bit data without trouble. However, the old rules 2257 for ARPANET host names back in the 1980s required names to be just 2258 letters, digits, and hyphens [RFC 1034], and since the predominant 2259 use of DNS is to store host address records, many have assumed that 2260 the DNS protocol itself suffers from the same limitation. It would be 2261 more accurate to say that certain bad implementations may not handle 2262 eight-bit data correctly, not that the protocol doesn't support it. 2263 2264 Multicast DNS is a new protocol and doesn't (yet) have old buggy 2265 legacy implementations to constrain the design choices. Accordingly, 2266 it adopts the simple obvious elegant solution: all names in Multicast 2267 DNS are encoded using precomposed UTF-8 [RFC 3629]. The characters 2268 SHOULD conform to Unicode Normalization Form C (NFC) [UAX15]: Use 2269 precomposed characters instead of combining sequences where possible, 2270 e.g. use U+00C4 ("Latin capital letter A with diaeresis") instead of 2271 U+0041 U+0308 ("Latin capital letter A", "combining diaeresis"). 2272 2273 Some users of 16-bit Unicode have taken to stuffing a "zero-width 2274 non-breaking space" character (U+FEFF) at the start of each UTF-16 2275 file, as a hint to identify whether the data is big-endian or 2276 little-endian, and calling it a "Byte Order Mark" (BOM). Since there 2277 is only one possible byte order for UTF-8 data, a BOM is neither 2278 necessary nor permitted. Multicast DNS names MUST NOT contain a "Byte 2279 Order Mark". Any occurrence of the Unicode character U+FEFF at the 2280 start or anywhere else in a Multicast DNS name MUST be interpreted as 2281 being an actual intended part of the name, representing (just as for 2282 any other legal unicode value) an actual literal instance of that 2283 character (in this case a zero-width non-breaking space character). 2284 2285 For names that are restricted to letters, digits and hyphens, the 2286 UTF-8 encoding is identical to the US-ASCII encoding, so this is 2287 entirely compatible with existing host names. For characters outside 2288 the US-ASCII range, UTF-8 encoding is used. 2289 2290 Multicast DNS implementations MUST NOT use any other encodings apart 2291 from precomposed UTF-8 (US-ASCII being considered a compatible subset 2292 of UTF-8). 2293 2294 This point bears repeating: After many years of debate, as a 2295 result of the need to accommodate certain DNS implementations that 2296 apparently couldn't handle any character that's not a letter, digit 2297 or hyphen (and apparently never will be updated to remedy this 2298 2299 2300 Expires 10th February 2007 Cheshire & Krochmal [Page 39] 2301 2303 Internet Draft Multicast DNS 10th August 2006 2304 2305 2306 limitation) the unicast DNS community settled on an extremely baroque 2307 encoding called "Punycode" [RFC 3492]. Punycode is a remarkably 2308 ingenious encoding solution, but it is complicated, hard to 2309 understand, and hard to implement, using sophisticated techniques 2310 including insertion unsort coding, generalized variable-length 2311 integers, and bias adaptation. The resulting encoding is remarkably 2312 compact given the constraints, but it's still not as good as simple 2313 straightforward UTF-8, and it's hard even to predict whether a given 2314 input string will encode to a Punycode string that fits within DNS's 2315 63-byte limit, except by simply trying the encoding and seeing 2316 whether it fits. Indeed, the encoded size depends not only on the 2317 input characters, but on the order they appear, so the same set of 2318 characters may or may not encode to a legal Punycode string that fits 2319 within DNS's 63-byte limit, depending on the order the characters 2320 appear. This is extremely hard to present in a user interface that 2321 explains to users why one name is allowed, but another name 2322 containing the exact same characters is not. Neither Punycode nor any 2323 other of the "Ascii Compatible Encodings" proposed for Unicast DNS 2324 may be used in Multicast DNS packets. Any text being represented 2325 internally in some other representation MUST be converted to 2326 canonical precomposed UTF-8 before being placed in any Multicast DNS 2327 packet. 2328 2329 The simple rules for case-insensitivity in Unicast DNS also apply in 2330 Multicast DNS; that is to say, in name comparisons, the lower-case 2331 letters "a" to "z" (0x61 to 0x7A) match their upper-case equivalents 2332 "A" to "Z" (0x41 to 0x5A). Hence, if a client issues a query for an 2333 address record with the name "cheshire.local", then a responder 2334 having an address record with the name "Cheshire.local" should 2335 issue a response. No other automatic equivalences should be assumed. 2336 In particular all UTF-8 multi-byte characters (codes 0x80 and higher) 2337 are compared by simple binary comparison of the raw byte values. 2338 Accented characters are *not* defined to be automatically equivalent 2339 to their unaccented counterparts. Where automatic equivalences are 2340 desired, this may be achieved through the use of programmatically- 2341 generated CNAME records. For example, if a responder has an address 2342 record for an accented name Y, and a client issues a query for a name 2343 X, where X is the same as Y with all the accents removed, then the 2344 responder may issue a response containing two resource records: 2345 A CNAME record "X CNAME Y", asserting that the requested name X 2346 (unaccented) is an alias for the true (accented) name Y, followed 2347 by the address record for Y. 2348 2349 2350 2351 2352 2353 2354 2355 2356 2357 2358 2359 Expires 10th February 2007 Cheshire & Krochmal [Page 40] 2360 2362 Internet Draft Multicast DNS 10th August 2006 2363 2364 2365 19. Multicast DNS Message Size 2366 2367 RFC 1035 restricts DNS Messages carried by UDP to no more than 512 2368 bytes (not counting the IP or UDP headers) [RFC 1035]. For UDP 2369 packets carried over the wide-area Internet in 1987, this was 2370 appropriate. For link-local multicast packets on today's networks, 2371 there is no reason to retain this restriction. Given that the packets 2372 are by definition link-local, there are no Path MTU issues to 2373 consider. 2374 2375 Multicast DNS Messages carried by UDP may be up to the IP MTU of the 2376 physical interface, less the space required for the IP header (20 2377 bytes for IPv4; 40 bytes for IPv6) and the UDP header (8 bytes). 2378 2379 In the case of a single mDNS Resource Record which is too large to 2380 fit in a single MTU-sized multicast response packet, a Multicast DNS 2381 Responder SHOULD send the Resource Record alone, in a single IP 2382 datagram, sent using multiple IP fragments. Resource Records this 2383 large SHOULD be avoided, except in the very rare cases where they 2384 really are the appropriate solution to the problem at hand. 2385 Implementers should be aware that many simple devices do not 2386 re-assemble fragmented IP datagrams, so large Resource Records 2387 SHOULD NOT be used except in specialized cases where the implementer 2388 knows that all receivers implement reassembly. 2389 2390 A Multicast DNS packet larger than the interface MTU, which is sent 2391 using fragments, MUST NOT contain more than one Resource Record. 2392 2393 Even when fragmentation is used, a Multicast DNS packet, including IP 2394 and UDP headers, MUST NOT exceed 9000 bytes. 2395 2396 2397 2398 2399 2400 2401 2402 2403 2404 2405 2406 2407 2408 2409 2410 2411 2412 2413 2414 2415 2416 2417 2418 Expires 10th February 2007 Cheshire & Krochmal [Page 41] 2419 2421 Internet Draft Multicast DNS 10th August 2006 2422 2423 2424 20. Multicast DNS Message Format 2425 2426 This section describes specific restrictions on the allowable 2427 values for the header fields of a Multicast DNS message. 2428 2429 2430 20.1 ID (Query Identifier) 2431 2432 Multicast DNS clients SHOULD listen for gratuitous responses 2433 issued by hosts booting up (or waking up from sleep or otherwise 2434 joining the network). Since these gratuitous responses may contain a 2435 useful answer to a question for which the client is currently 2436 awaiting an answer, Multicast DNS clients SHOULD examine all received 2437 Multicast DNS response messages for useful answers, without regard to 2438 the contents of the ID field or the Question Section. In Multicast 2439 DNS, knowing which particular query message (if any) is responsible 2440 for eliciting a particular response message is less interesting than 2441 knowing whether the response message contains useful information. 2442 2443 Multicast DNS clients MAY cache any or all Multicast DNS response 2444 messages they receive, for possible future use, provided of course 2445 that normal TTL aging is performed on these cached resource records. 2446 2447 In multicast query messages, the Query ID SHOULD be set to zero on 2448 transmission. 2449 2450 In multicast responses, including gratuitous multicast responses, the 2451 Query ID MUST be set to zero on transmission, and MUST be ignored on 2452 reception. 2453 2454 In unicast response messages generated specifically in response to a 2455 particular (unicast or multicast) query, the Query ID MUST match the 2456 ID from the query message. 2457 2458 2459 20.2 QR (Query/Response) Bit 2460 2461 In query messages, MUST be zero. 2462 In response messages, MUST be one. 2463 2464 2465 20.3 OPCODE 2466 2467 In both multicast query and multicast response messages, MUST be zero 2468 (only standard queries are currently supported over multicast, unless 2469 other queries are allowed by future IETF Standards Action). 2470 2471 2472 2473 2474 2475 2476 2477 Expires 10th February 2007 Cheshire & Krochmal [Page 42] 2478 2480 Internet Draft Multicast DNS 10th August 2006 2481 2482 2483 20.4 AA (Authoritative Answer) Bit 2484 2485 In query messages, the Authoritative Answer bit MUST be zero on 2486 transmission, and MUST be ignored on reception. 2487 2488 In response messages for Multicast Domains, the Authoritative Answer 2489 bit MUST be set to one (not setting this bit implies there's some 2490 other place where "better" information may be found) and MUST be 2491 ignored on reception. 2492 2493 2494 20.5 TC (Truncated) Bit 2495 2496 In query messages, if the TC bit is set, it means that additional 2497 Known Answer records may be following shortly. A responder MAY choose 2498 to record this fact, and wait for those additional Known Answer 2499 records, before deciding whether to respond. If the TC bit is clear, 2500 it means that the querying host has no additional Known Answers. 2501 2502 In multicast response messages, the TC bit MUST be zero on 2503 transmission, and MUST be ignored on reception. 2504 2505 In legacy unicast response messages, the TC bit has the same meaning 2506 as in conventional unicast DNS: it means that the response was too 2507 large to fit in a single packet, so the client SHOULD re-issue its 2508 query using TCP in order to receive the larger response. 2509 2510 2511 20.6 RD (Recursion Desired) Bit 2512 2513 In both multicast query and multicast response messages, the 2514 Recursion Desired bit SHOULD be zero on transmission, and MUST be 2515 ignored on reception. 2516 2517 2518 20.7 RA (Recursion Available) Bit 2519 2520 In both multicast query and multicast response messages, the 2521 Recursion Available bit MUST be zero on transmission, and MUST be 2522 ignored on reception. 2523 2524 2525 20.8 Z (Zero) Bit 2526 2527 In both query and response messages, the Zero bit MUST be zero on 2528 transmission, and MUST be ignored on reception. 2529 2530 2531 2532 2533 2534 2535 2536 Expires 10th February 2007 Cheshire & Krochmal [Page 43] 2537 2539 Internet Draft Multicast DNS 10th August 2006 2540 2541 2542 20.9 AD (Authentic Data) Bit [RFC 2535] 2543 2544 In query messages the Authentic Data bit MUST be zero on 2545 transmission, and MUST be ignored on reception. 2546 2547 In response messages, the Authentic Data bit MAY be set. Resolvers 2548 receiving response messages with the AD bit set MUST NOT trust the AD 2549 bit unless they trust the source of the message and either have a 2550 secure path to it or use DNS transaction security. 2551 2552 2553 20.10 CD (Checking Disabled) Bit [RFC 2535] 2554 2555 In query messages, a resolver willing to do cryptography SHOULD set 2556 the Checking Disabled bit to permit it to impose its own policies. 2557 2558 In response messages, the Checking Disabled bit MUST be zero on 2559 transmission, and MUST be ignored on reception. 2560 2561 2562 20.11 RCODE (Response Code) 2563 2564 In both multicast query and multicast response messages, the Response 2565 Code MUST be zero on transmission. Multicast DNS messages received 2566 with non-zero Response Codes MUST be silently ignored. 2567 2568 2569 20.12 Repurposing of top bit of qclass in Question Section 2570 2571 In the Question Section of a Multicast DNS Query, the top bit of the 2572 qclass field is used to indicate that unicast responses are preferred 2573 for this particular question. 2574 2575 2576 20.13 Repurposing of top bit of rrclass in Answer Section 2577 2578 In the Answer Section of a Multicast DNS Response, the top bit of the 2579 rrclass field is used to indicate that the record is a member of a 2580 unique RRSet, and the entire RRSet has been sent together (in the 2581 same packet, or in consecutive packets if there are too many records 2582 to fit in a single packet). 2583 2584 2585 2586 2587 2588 2589 2590 2591 2592 2593 2594 2595 Expires 10th February 2007 Cheshire & Krochmal [Page 44] 2596 2598 Internet Draft Multicast DNS 10th August 2006 2599 2600 2601 21. Choice of UDP Port Number 2602 2603 Arguments were made for and against using Multicast on UDP port 53. 2604 The final decision was to use UDP port 5353. Some of the arguments 2605 for and against are given below. 2606 2607 2608 21.1 Arguments for using UDP port 53: 2609 2610 * This is "just DNS", so it should be the same port. 2611 2612 * There is less work to be done updating old clients to do simple 2613 mDNS queries. Only the destination address need be changed. 2614 In some cases, this can be achieved without any code changes, 2615 just by adding the address 224.0.0.251 to a configuration file. 2616 2617 2618 21.2 Arguments for using a different port (UDP port 5353): 2619 2620 * This is not "just DNS". This is a DNS-like protocol, but different. 2621 2622 * Changing client code to use a different port number is not hard. 2623 2624 * Using the same port number makes it hard to run an mDNS Responder 2625 and a conventional unicast DNS server on the same machine. If a 2626 conventional unicast DNS server wishes to implement mDNS as well, 2627 it can still do that, by opening two sockets. Having two different 2628 port numbers is important to allow this flexibility. 2629 2630 * Some VPN software hijacks all outgoing traffic to port 53 and 2631 redirects it to a special DNS server set up to serve those VPN 2632 clients while they are connected to the corporate network. It is 2633 questionable whether this is the right thing to do, but it is 2634 common, and redirecting link-local multicast DNS packets to a 2635 remote server rarely produces any useful results. It does mean, 2636 for example, that the user becomes unable to access their local 2637 network printer sitting on their desk right next to their computer. 2638 Using a different UDP port eliminates this particular problem. 2639 2640 * On many operating systems, unprivileged clients may not send or 2641 receive packets on low-numbered ports. This means that any client 2642 sending or receiving mDNS packets on port 53 would have to run 2643 as "root", which is an undesirable security risk. Using a higher- 2644 numbered UDP port eliminates this particular problem. 2645 2646 2647 2648 2649 2650 2651 2652 2653 2654 Expires 10th February 2007 Cheshire & Krochmal [Page 45] 2655 2657 Internet Draft Multicast DNS 10th August 2006 2658 2659 2660 22. Summary of Differences Between Multicast DNS and Unicast DNS 2661 2662 The value of Multicast DNS is that it shares, as much as possible, 2663 the familiar APIs, naming syntax, resource record types, etc., of 2664 Unicast DNS. There are of course necessary differences by virtue of 2665 it using Multicast, and by virtue of it operating in a community of 2666 cooperating peers, rather than a precisely defined authoritarian 2667 hierarchy controlled by a strict chain of formal delegations from the 2668 top. These differences are listed below: 2669 2670 Multicast DNS... 2671 * uses multicast 2672 * uses UDP port 5353 instead of port 53 2673 * operates in well-defined parts of the DNS namespace 2674 * uses UTF-8, and only UTF-8, to encode resource record names 2675 * defines a clear limit on the maximum legal domain name (255 bytes) 2676 * allows larger UDP packets 2677 * allows more than one question in a query packet 2678 * uses the Answer Section of a query to list Known Answers 2679 * uses the TC bit in a query to indicate additional Known Answers 2680 * uses the Authority Section of a query for probe tie-breaking 2681 * ignores the Query ID field (except for generating legacy responses) 2682 * doesn't require the question to be repeated in the response packet 2683 * uses gratuitous responses to announce new records to the peer group 2684 * defines a "unicast response" bit in the rrclass of query questions 2685 * defines a "cache flush" bit in the rrclass of response answers 2686 * uses DNS TTL 0 to indicate that a record has been deleted 2687 * monitors queries to perform Duplicate Question Suppression 2688 * monitors responses to perform Duplicate Answer Suppression... 2689 * ... and Ongoing Conflict Detection 2690 * ... and Opportunistic Caching 2691 2692 2693 2694 2695 2696 2697 2698 2699 2700 2701 2702 2703 2704 2705 2706 2707 2708 2709 2710 2711 2712 2713 Expires 10th February 2007 Cheshire & Krochmal [Page 46] 2714 2716 Internet Draft Multicast DNS 10th August 2006 2717 2718 23. Benefits of Multicast Responses 2719 2720 Some people have argued that sending responses via multicast is 2721 inefficient on the network. In fact using multicast responses results 2722 in a net lowering of overall multicast traffic, for a variety of 2723 reasons, in addition to other benefits. 2724 2725 * One multicast response can update the cache on all machines on the 2726 network. If another machine later wants to issue the same query, it 2727 already has the answer in its cache, so it may not need to even 2728 transmit that multicast query on the network at all. 2729 2730 * When more than one machine has the same ongoing long-lived query 2731 running, every machine does not have to transmit its own 2732 independent query. When one machine transmits a query, all the 2733 other hosts see the answers, so they can suppress their own 2734 queries. 2735 2736 * When a host sees a multicast query, but does not see the corres- 2737 ponding multicast response, it can use this information to promptly 2738 delete stale data from its cache. To achieve the same level of 2739 user-interface quality and responsiveness without multicast 2740 responses would require lower cache lifetimes and more frequent 2741 network polling, resulting in a significantly higher packet rate. 2742 2743 * Multicast responses allow passive conflict detection. Without this 2744 ability, some other conflict detection mechanism would be needed, 2745 imposing its own additional burden on the network. 2746 2747 * When using delayed responses to reduce network collisions, clients 2748 need to maintain a list recording to whom each answer should be 2749 sent. The option of multicast responses allows clients with limited 2750 storage, which cannot store an arbitrarily long list of response 2751 addresses, to choose to fail-over to a single multicast response in 2752 place of multiple unicast responses, when appropriate. 2753 2754 * In the case of overlayed subnets, multicast responses allow a 2755 receiver to know with certainty that a response originated on the 2756 local link, even when its source address may apparently suggest 2757 otherwise. 2758 2759 * Link-local multicast transcends virtually every conceivable network 2760 misconfiguration. Even if you have a collection of devices where 2761 every device's IP address, subnet mask, default gateway, and DNS 2762 server address are all wrong, packets sent by any of those devices 2763 addressed to a link-local multicast destination address will still 2764 be delivered to all peers on the local link. This can be extremely 2765 helpful when diagnosing and rectifying network problems, since 2766 it facilitates a direct communication channel between client and 2767 server that works without reliance on ARP, IP routing tables, etc. 2768 Being able to discover what IP address a device has (or thinks it 2769 has) is frequently a very valuable first step in diagnosing why it 2770 is unable to communicate on the local network. 2771 2772 Expires 10th February 2007 Cheshire & Krochmal [Page 47] 2773 2775 Internet Draft Multicast DNS 10th August 2006 2776 2777 2778 24. IPv6 Considerations 2779 2780 An IPv4-only host and an IPv6-only host behave as "ships that pass in 2781 the night". Even if they are on the same Ethernet, neither is aware 2782 of the other's traffic. For this reason, each physical link may have 2783 *two* unrelated ".local." zones, one for IPv4 and one for IPv6. 2784 Since for practical purposes, a group of IPv4-only hosts and a group 2785 of IPv6-only hosts on the same Ethernet act as if they were on two 2786 entirely separate Ethernet segments, it is unsurprising that their 2787 use of the ".local." zone should occur exactly as it would if 2788 they really were on two entirely separate Ethernet segments. 2789 2790 A dual-stack (v4/v6) host can participate in both ".local." 2791 zones, and should register its name(s) and perform its lookups both 2792 using IPv4 and IPv6. This enables it to reach, and be reached by, 2793 both IPv4-only and IPv6-only hosts. In effect this acts like a 2794 multi-homed host, with one connection to the logical "IPv4 Ethernet 2795 segment", and a connection to the logical "IPv6 Ethernet segment". 2796 2797 2798 24.1 IPv6 Multicast Addresses by Hashing 2799 2800 Some discovery protocols use a range of multicast addresses, and 2801 determine the address to be used by a hash function of the name being 2802 sought. Queries are sent via multicast to the address as indicated by 2803 the hash function, and responses are returned to the querier via 2804 unicast. Particularly in IPv6, where multicast addresses are 2805 extremely plentiful, this approach is frequently advocated. 2806 2807 There are some problems with this: 2808 2809 * When a host has a large number of records with different names, the 2810 host may have to join a large number of multicast groups. This can 2811 place undue burden on the Ethernet hardware, which typically 2812 supports a limited number of multicast addresses efficiently. When 2813 this number is exceeded, the Ethernet hardware may have to resort 2814 to receiving all multicasts and passing them up to the host 2815 software for filtering, thereby defeating the point of using a 2816 multicast address range in the first place. 2817 2818 * Multiple questions cannot be placed in one packet if they don't all 2819 hash to the same multicast address. 2820 2821 * Duplicate Question Suppression doesn't work if queriers are not 2822 seeing each other's queries. 2823 2824 * Duplicate Answer Suppression doesn't work if responders are not 2825 seeing each other's responses. 2826 2827 * Opportunistic Caching doesn't work. 2828 2829 * Ongoing Conflict Detection doesn't work. 2830 2831 Expires 10th February 2007 Cheshire & Krochmal [Page 48] 2832 2834 Internet Draft Multicast DNS 10th August 2006 2835 2836 2837 25. Security Considerations 2838 2839 The algorithm for detecting and resolving name conflicts is, by its 2840 very nature, an algorithm that assumes cooperating participants. Its 2841 purpose is to allow a group of hosts to arrive at a mutually disjoint 2842 set of host names and other DNS resource record names, in the absence 2843 of any central authority to coordinate this or mediate disputes. In 2844 the absence of any higher authority to resolve disputes, the only 2845 alternative is that the participants must work together cooperatively 2846 to arrive at a resolution. 2847 2848 In an environment where the participants are mutually antagonistic 2849 and unwilling to cooperate, other mechanisms are appropriate, like 2850 manually administered DNS. 2851 2852 In an environment where there is a group of cooperating participants, 2853 but there may be other antagonistic participants on the same physical 2854 link, the cooperating participants need to use IPSEC signatures 2855 and/or DNSSEC [RFC 2535] signatures so that they can distinguish mDNS 2856 messages from trusted participants (which they process as usual) from 2857 mDNS messages from untrusted participants (which they silently 2858 discard). 2859 2860 When DNS queries for *global* DNS names are sent to the mDNS 2861 multicast address (during network outages which disrupt communication 2862 with the greater Internet) it is *especially* important to use 2863 DNSSEC, because the user may have the impression that he or she is 2864 communicating with some authentic host, when in fact he or she is 2865 really communicating with some local host that is merely masquerading 2866 as that name. This is less critical for names ending with ".local.", 2867 because the user should be aware that those names have only local 2868 significance and no global authority is implied. 2869 2870 Most computer users neglect to type the trailing dot at the end of a 2871 fully qualified domain name, making it a relative domain name (e.g. 2872 "www.example.com"). In the event of network outage, attempts to 2873 positively resolve the name as entered will fail, resulting in 2874 application of the search list, including ".local.", if present. 2875 A malicious host could masquerade as "www.example.com" by answering 2876 the resulting Multicast DNS query for "www.example.com.local." 2877 To avoid this, a host MUST NOT append the search suffix 2878 ".local.", if present, to any relative (partially qualified) 2879 host name containing two or more labels. Appending ".local." to 2880 single-label relative host names is acceptable, since the user 2881 should have no expectation that a single-label host name will 2882 resolve as-is. 2883 2884 2885 2886 2887 2888 2889 2890 Expires 10th February 2007 Cheshire & Krochmal [Page 49] 2891 2893 Internet Draft Multicast DNS 10th August 2006 2894 2895 2896 26. IANA Considerations 2897 2898 IANA has allocated the IPv4 link-local multicast address 224.0.0.251 2899 for the use described in this document. 2900 2901 IANA has allocated the IPv6 multicast address set FF0X::FB for the 2902 use described in this document. Only address FF02::FB (Link-Local 2903 Scope) is currently in use by deployed software, but it is possible 2904 that in future implementers may experiment with Multicast DNS using 2905 larger-scoped addresses, such as FF05::FB (Site-Local Scope). 2906 2907 When this document is published, IANA should designate a list of 2908 domains which are deemed to have only link-local significance, as 2909 described in Section 12 of this document ("Special Characteristics of 2910 Multicast DNS Domains"). 2911 2912 The re-use of the top bit of the rrclass field in the Question and 2913 Answer Sections means that Multicast DNS can only carry DNS records 2914 with classes in the range 0-32767. Classes in the range 32768 to 2915 65535 are incompatible with Multicast DNS. However, since to-date 2916 only three DNS classes have been assigned by IANA (1, 3 and 4), 2917 and only one (1, "Internet") is actually in widespread use, this 2918 limitation is likely to remain a purely theoretical one. 2919 2920 No other IANA services are required by this document. 2921 2922 2923 27. Acknowledgments 2924 2925 The concepts described in this document have been explored, developed 2926 and implemented with help from Freek Dijkstra, Erik Guttman, Paul 2927 Vixie, Bill Woodcock, and others. 2928 2929 Special thanks go to Bob Bradley, Josh Graessley, Scott Herscher, 2930 Roger Pantos and Kiren Sekar for their significant contributions. 2931 2932 2933 28. Deployment History 2934 2935 Multicast DNS client software first became available to the public 2936 in Mac OS 9 in 2001. Multicast DNS Responder software first began 2937 shipping to end users in large volumes (i.e. millions) with the 2938 launch of Mac OS X 10.2 Jaguar in August 2002, and became available 2939 for Microsoft Windows users with the launch of Apple's "Rendezvous 2940 for Windows" (now "Bonjour for Windows") in June 2004. 2941 2942 Apple released the source code for the mDNSResponder daemon as Open 2943 Source in September 2002, first under Apple's standard Apple Public 2944 Source License, and then later, in August 2006, under the Apache 2945 License, Version 2.0. 2946 2947 2948 2949 Expires 10th February 2007 Cheshire & Krochmal [Page 50] 2950 2952 Internet Draft Multicast DNS 10th August 2006 2953 2954 2955 In addition to desktop and laptop computers running Mac OS X and 2956 Microsoft Windows, Multicast DNS is implemented in a wide range of 2957 hardware devices, such as Apple's "AirPort Extreme" and "AirPort 2958 Express" wireless base stations, home gateways from other vendors, 2959 network printers, network cameras, TiVo DVRs, etc. 2960 2961 The Open Source community has produced many independent 2962 implementations of Multicast DNS, some in C like Apple's 2963 mDNSResponder daemon, and others in a variety of different languages 2964 including Java, Python, Perl, and C#/Mono. 2965 2966 2967 29. Copyright Notice 2968 2969 Copyright (C) The Internet Society (2006). 2970 2971 This document is subject to the rights, licenses and restrictions 2972 contained in BCP 78, and except as set forth therein, the authors 2973 retain all their rights. For the purposes of this document, 2974 the term "BCP 78" refers exclusively to RFC 3978, "IETF Rights 2975 in Contributions", published March 2005. 2976 2977 This document and the information contained herein are provided on an 2978 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 2979 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET 2980 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, 2981 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE 2982 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 2983 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 2984 2985 2986 30. Normative References 2987 2988 [RFC 1034] Mockapetris, P., "Domain Names - Concepts and 2989 Facilities", STD 13, RFC 1034, November 1987. 2990 2991 [RFC 1035] Mockapetris, P., "Domain Names - Implementation and 2992 Specifications", STD 13, RFC 1035, November 1987. 2993 2994 [RFC 2119] Bradner, S., "Key words for use in RFCs to Indicate 2995 Requirement Levels", RFC 2119, March 1997. 2996 2997 [RFC 3629] Yergeau, F., "UTF-8, a transformation format of ISO 2998 10646", RFC 3629, November 2003. 2999 3000 [UAX15] "Unicode Normalization Forms" 3001 http://www.unicode.org/reports/tr15/ 3002 3003 3004 3005 3006 3007 3008 Expires 10th February 2007 Cheshire & Krochmal [Page 51] 3009 3011 Internet Draft Multicast DNS 10th August 2006 3012 3013 3014 31. Informative References 3015 3016 [dotlocal] <http://www.dotlocal.org/> 3017 3018 [djbdl] <http://cr.yp.to/djbdns/dot-local.html> 3019 3020 [DNS-SD] Cheshire, S., and M. Krochmal, "DNS-Based Service 3021 Discovery", Internet-Draft (work in progress), 3022 draft-cheshire-dnsext-dns-sd-04.txt, August 2006. 3023 3024 [IEEE802] IEEE Standards for Local and Metropolitan Area Networks: 3025 Overview and Architecture. 3026 Institute of Electrical and Electronic Engineers, 3027 IEEE Standard 802, 1990. 3028 3029 [NBP] Cheshire, S., and M. Krochmal, 3030 "Requirements for a Protocol to Replace AppleTalk NBP", 3031 Internet-Draft (work in progress), 3032 draft-cheshire-dnsext-nbp-05.txt, August 2006. 3033 3034 [RFC 2136] Vixie, P., et al., "Dynamic Updates in the Domain Name 3035 System (DNS UPDATE)", RFC 2136, April 1997. 3036 3037 [RFC 2462] S. Thomson and T. Narten, "IPv6 Stateless Address 3038 Autoconfiguration", RFC 2462, December 1998. 3039 3040 [RFC 2535] Eastlake, D., "Domain Name System Security Extensions", 3041 RFC 2535, March 1999. 3042 3043 [RFC 2606] Eastlake, D., and A. Panitz, "Reserved Top Level DNS 3044 Names", RFC 2606, June 1999. 3045 3046 [RFC 2860] Carpenter, B., Baker, F. and M. Roberts, "Memorandum 3047 of Understanding Concerning the Technical Work of the 3048 Internet Assigned Numbers Authority", RFC 2860, June 3049 2000. 3050 3051 [RFC 3492] Costello, A., "Punycode: A Bootstring encoding of 3052 Unicode for use with Internationalized Domain Names 3053 in Applications (IDNA)", RFC 3492, March 2003. 3054 3055 [RFC 3927] Cheshire, S., B. Aboba, and E. Guttman, 3056 "Dynamic Configuration of IPv4 Link-Local Addresses", 3057 RFC 3927, May 2005. 3058 3059 [ZC] Williams, A., "Requirements for Automatic Configuration 3060 of IP Hosts", Internet-Draft (work in progress), 3061 draft-ietf-zeroconf-reqts-12.txt, September 2002. 3062 3063 3064 3065 3066 3067 Expires 10th February 2007 Cheshire & Krochmal [Page 52] 3068 3070 Internet Draft Multicast DNS 10th August 2006 3071 3072 3073 32. Authors' Addresses 3074 3075 Stuart Cheshire 3076 Apple Computer, Inc. 3077 1 Infinite Loop 3078 Cupertino 3079 California 95014 3080 USA 3081 3082 Phone: +1 408 974 3207 3083 EMail: rfc [at] stuartcheshire [dot] org 3084 3085 3086 Marc Krochmal 3087 Apple Computer, Inc. 3088 1 Infinite Loop 3089 Cupertino 3090 California 95014 3091 USA 3092 3093 Phone: +1 408 974 4368 3094 EMail: marc [at] apple [dot] com 3095 3096 3097 3098 3099 3100 3101 3102 3103 3104 3105 3106 3107 3108 3109 3110 3111 3112 3113 3114 3115 3116 3117 3118 3119 3120 3121 3122 3123 3124 3125 3126 Expires 10th February 2007 Cheshire & Krochmal [Page 53] 3127
