DNSOP W. Kumari Internet-Draft Google Intended status: Informational July 2, 2017 Expires: January 3, 2018 The .internal TLD. draft-wkumari-dnsop-internal-00 Abstract It has become clear that many users would like to use the DNS resolution system for names which do not have meaning in the global context but do have meaning in a context internal to their network. This document reserves the string ".internal" for this purpose. [ Ed note: Text inside square brackets ([]) is additional background information, answers to frequently asked questions, general musings, etc. They will be removed before publication. RFC Editor: Please remove these before publication. ] [ This document is being collaborated on in Github at: https://github.com/wkumari/draft-wkumari-dnsop-internal. The most recent version of the document, open issues, etc should all be available here. The authors (gratefully) accept pull requests ] [ Ed note: This document is intended to drive discussion. It is clear that there has been a desire for an "RFC 1918-style" TLD for a long time; in its absence, people have just started using whatever seemed convenient. This document requests that the allocation of .internal for this use. There is no existing process for this - some of the purpose of this document is to explore the process implications. ] Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." Kumari Expires January 3, 2018 [Page 1] Internet-Draft .internal July 2017 This Internet-Draft will expire on January 3, 2018. Copyright Notice Copyright (c) 2017 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Requirements notation . . . . . . . . . . . . . . . . . . 3 2. Use cases . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Why not use ? . . . . . . . . . . . . . . . . 4 3.1. Why not use .alt? . . . . . . . . . . . . . . . . . . . . 4 3.2. Why not use something.arpa? . . . . . . . . . . . . . . . 5 3.3. Why not use .local? . . . . . . . . . . . . . . . . . . . 5 3.4. Why not use .example? . . . . . . . . . . . . . . . . . . 5 4. DNSSEC Considerations . . . . . . . . . . . . . . . . . . . . 5 4.1. Scenario 1 - No DNSSEC, .internal not delegated . . . . . 6 4.2. Scenario 2 - DNSSEC, .internal not delegated . . . . . . 6 4.3. Scenario 3 - DNSSEC, .internal delegated . . . . . . . . 6 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 5.1. Domain Name Reservation Considerations . . . . . . . . . 7 6. Security Considerations . . . . . . . . . . . . . . . . . . . 8 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 8 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 8.1. Normative References . . . . . . . . . . . . . . . . . . 8 8.2. Informative References . . . . . . . . . . . . . . . . . 9 Appendix A. Changes / Author Notes. . . . . . . . . . . . . . . 9 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 10 1. Introduction Over the years, a number of strings have been used as pseudo-TLDs for namespaces that are disjoint (or separate) from the "global DNS" namespace. Common examples of these include .home and .corp. See [I-D.chapin-additional-reserved-tlds], [I-D.ietf-dnsop-sutld-ps] for more background information on this issue. The Kumari Expires January 3, 2018 [Page 2] Internet-Draft .internal July 2017 [I-D.ietf-dnsop-sutld-ps] document discusses the issues in depth, and should be considered required reading for understanding this document. The [I-D.ietf-dnsop-alt-tld] document reserves a string to be used as a pseudo-TLD for non-DNS resolution contexts. However, it is clear that there is a significant use case for a similar string to be used for namespaces which are resolved using the DNS protocol, but which do not have a meaning in the global DNS context. There is no way to prevent users from simply picking a string (such as .home) and starting to use it for internal use. Unfortunately, although these strings are supposed to only be used internally, there is ample evidence that they often leak into the global DNS, sometimes causing technical issues for the user of the no-longer internal name. This document requests allocation of a string to be used as a pseudo- TLD for namespaces that are not part of the global DNS, but are meant to be resolved with the DNS protocol. A reasonable analogy is that this is to names as [RFC1918] is to IP addresses. Such a reservation should alleviate pollution, such as junk queries at the root, and potential collisions with other users of the namespace. Note that there was a discussion of the .homenet delegation in the HOMENET WG, and the resulting decision was to *not* request that the name be delegated as a TLD for the IETF's use. This document has significant similarities to the .homenet case, but also significant differences. These include (in no particular order) the fact that the use case is significant broader, and that there is no urgency to the request and does not delay or create uncertainty for any protocol work. 1.1. Requirements notation The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 2. Use cases The ".internal" TLD can be used for any purpose where a non-global DNS name is needed. This includes creating a namespace "behind" a Customer Premises Equipment (CPE). For example, the Belkin company used ".belkin" for this. British Telecom used ".home", and shipped devices named "bthomehub.home" [BT_HOME_HUB]). Additionally, internal resolution systems like Microsoft Active Directory have documentation that Kumari Expires January 3, 2018 [Page 3] Internet-Draft .internal July 2017 suggests (or previously suggested) that administrators use ".corp" for these cases. The .internal TLD is intended to address some of the issues documented in the Special-Use Domain Names Problem Statement [I-D.ietf-dnsop-sutld-ps] specifically (from the list in Section 3): 5.3: Intended use is covered by gTLD process, but the third party doesn't want to pay a fee. 5.4: Intended use is covered by some IETF process, but the third party doesn't want to follow the process. 5.6: Unaware that a name intended to be used only locally may nevertheless leak 5.7: Unaware that a name used locally with informal allocation may subsequently be allocated formally, creating operational problems. 18 There exists no safe, non-process-violating mechanism for ad-hoc assignment of Special-Use Domain Names. Other use cases for .internal include its use in testing, prototyping, and benchmarking. Researchers have often needed to set up a fake root and namespace in order to test something, and have needed an arbitrarily chosen a name for a piece of network equipment which it not connected to the Internet. 3. Why not use ? The IANA "Special Use Names" registry [IANA.SUN] already contains some names which, it could be argued, already meet this need. Unfortunately, many of these names (such as ".example") are either reserved for a specific use case, or are semantically unsuitable (for example, a CPE manufacturer would likely not find "Open a browser and connect to 'router.invalid'" acceptable). This section discusses why existing strings in the Special-Use Domain Names registry ([IANA.SUN]) are not appropriate. 3.1. Why not use .alt? The proposed .alt presudo-TLD is specifically only for use as a pseudo-TLD for non-DNS resolution contexts. At one point .alt was being considered both for DNS and non-DNS resolution contexts, but, after much discussion it was decided that the DNSSEC implications (and desired behavior) meant that .alt should be reserved specifically for non-DNS resolution. Kumari Expires January 3, 2018 [Page 4] Internet-Draft .internal July 2017 3.2. Why not use something.arpa? This is indeed an interesting idea. I suspect that it fails the semantically desirable / understandable case, but is definitely worth further discussion. It may also cause issues when server operators override part of the .arpa domain in order to instantiate something.arpa. 3.3. Why not use .local? .local is already in wide use and has special handling implemented for handing .local names. See [RFC6762] Section 22.1 Subsection 3, 4, 5. 3.4. Why not use .example? .example, .example.[com|net|org] may indeed be appropriate. Unfortunately, the hard part of all of this is not the selection and adding of a name to the "Special Use Names" registry, but rather deciding if this should be done and, if so, the process to interact with ICANN in order to achieve the delegation. 4. DNSSEC Considerations The .internal TLD would be an unsigned TLD, as there is no (clean) way to sign it. This particular topic received much discussion during the "Should .alt be used for DNS, or only non-DNS resolution" discussions, and was the cause of much confusion and misunderstandings. Much of this revolved around why it is important to have an insecure DNSSEC delegation for a name which is added to the Locally-Served DNS Zones ( [IANA.LocallyServed] ) registry, or any other case where a name is instantiated. It is briefly covered here, but interested readers should review the DNSOP mailing list archive for more details. Take the following figure: +-----------+ +----------+ .-------. | | | Stub | ( Root <-----| Resolver <---------| Resolver | `-------' +-----------+ +----------+ A B C The user has just purchased a new CPE, which creates an internal namespace called .internal, and responds to lookups for router.interal with its (internal) management IP address (another example would be a corporate user at an organization which has Kumari Expires January 3, 2018 [Page 5] Internet-Draft .internal July 2017 created a private internal namespace disconnected from the public, global DNS). The CPE hands out addresses using DHCP, and lists itself as the DNS server. The user follows the instructions included in the box, and enters "http://router.internal" into a web browser. This causes a DNS lookup to be sent from the user's stub to the recursive resolver. The recursive resolver correctly identifies that this is query is for itself, and so responds with an answer saying "router.internal is 192.168.0.1". 4.1. Scenario 1 - No DNSSEC, .internal not delegated In this scenario, the .internal name has not been added to the root zone, and the user's stub resolver *does not* perform DNSSEC validation. The stub receives the response, performs no validation, and so trust the answer and connects. The user is happy. This is the current behavior for non-DNSSEC validating stubs. 4.2. Scenario 2 - DNSSEC, .internal not delegated In this scenario, the .internal name has not been added to the root zone, and the user's stub resolver *does* perform DNSSEC validation. (Note that it is believed that validating stubs are currently rare.) The stub receives the response, and begins DNSSEC validation. As the .internal TLD has not been added to the root zone, DNSSEC Authenticated Denial of Existence proves that the .internal TLD does not exist (currently there is an NSEC record proving that nothing exists between .intel and .international). This resulting outcome is a DNSSEC "bogus" answer, the user is unable to connect, and becomes frustrated. This is the current behavior for DNSSEC validating stubs. 4.3. Scenario 3 - DNSSEC, .internal delegated In this scenario, the .internal name has been added to the DNS root zone, with an insecure delegation to AS112 (by "insecure delegation" we mean that that there is no DS record for .internal in the root zone; the .internal domain is unsigned). The stub receives the response, and performs DNSSEC validation. As .internal has been delegated, there is an (insecure) entry in the root zone, proving that the .internal TLD exists. As it is an insecure delegation, the validating stub is perfectly happy to accept the "router.internal is 192.168.0.1" response, the user connects to their router, and everyone is happy. Kumari Expires January 3, 2018 [Page 6] Internet-Draft .internal July 2017 5. IANA Considerations This document requests that the .internal TLD be assigned to the IANA (similar to the way that .example is) and a DNSSEC insecure delegation (that is, a delegation with no DS records) be inserted into the root-zone, delegated to blackhole-[12].iana.org. [Editor's note: This is not something which the IANA currently has the authority to do. This fact was extensively discussed during the .homenet discussions. This text in the IANA considerations should be considered a placeholder for "what someone needs to do if this gets IETF consensus". If there is consensus that the reservation of .internal makes sense, there will need to be some process design before implementation. Such a process might be similar to "the IESG asks the IAB to request ICANN to consider the reservation / delegation of this string". ICANN does not currently have a process for handling requests like these, and so will also likely need to design a process for this. It is possible that either process might not be designed and this will fail. It is also possible that the IETF makes a request and ICANN does not make the delegation. ] 5.1. Domain Name Reservation Considerations [ Ed: This section is to satisfy the requirement in Section 5 of RFC6761. This document is intended to spark a discussion, there is currently no process for the IETF / IAB to request that ICANN delegate a TLD for special use, and simply adding .internal to the "Special-Use Domain Name" registry ([IANA.SUN]) does not accomplish this. I have decided to fill in the RFC6761 "questions" simply to clarify the expected behavior. This entire section needs to be removed before publication. ] The string ".internal." is special in the following ways: 1. Users may know that strings that end in .internal behave differently to normal DNS names. They may expect that names of the form .internal refer to resources internal to their network / enterprise / similar. 2. Writers of application software not required to perform any special handing for .internal names. They are resolved normally, using the DNS. 3. Writers of name resolution APIs and libraries are not expected to perform special handling. 4. Caching DNS servers MAY recognize these names as special. By default they should answer them locally (using "Locally Served Kumari Expires January 3, 2018 [Page 7] Internet-Draft .internal July 2017 Zones"), but may be configured to forward them to authoritative servers. 5. Authoritative DNS servers SHOULD NOT recognize these names as special and should not perform any special handling with them, unless they wish to instantiate an internal namespace, in which case they can choose to simply create any names within .internal that they want. Names are "local" to the network, and only have meaning within that network. 6. DNS server operators SHOULD be aware that queries for names ending in .internal are not part of the global, IANA DNS, and were leaked into the global DNS. This information may be useful for support or debugging purposes. 7. DNS Registries/Registrars MUST NOT grant requests to register ".internal" names in the normal way to any person or entity. These ".internal" names are defined by protocol specification to be nonexistent, and they fall outside the set of names available for allocation by registries/registrars. 6. Security Considerations This section will certainly be filled in later as the discussion progresses. 7. Acknowledgements The authors wish to thank Steve Crocker, Wes Hardaker, David Lawrence, Suzanne Woolf, and many others on the DNSOP mailing list. The author would like to especially think Paul Hoffman for creating a Pull Request. 8. References 8.1. Normative References [I-D.ietf-dnsop-sutld-ps] Lemon, T., Droms, R., and W. Kumari, "Special-Use Domain Names Problem Statement", draft-ietf-dnsop-sutld-ps-06 (work in progress), June 2017. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/ RFC2119, March 1997, . Kumari Expires January 3, 2018 [Page 8] Internet-Draft .internal July 2017 8.2. Informative References [BT_HOME_HUB] IANA, "I have problems connecting 5GHz and dual band devices wirelessly to the BT Hub", . [I-D.chapin-additional-reserved-tlds] Chapin, L. and M. McFadden, "Additional Reserved Top Level Domains", draft-chapin-additional-reserved-tlds-02 (work in progress), March 2015. [I-D.ietf-dnsop-alt-tld] Kumari, W. and A. Sullivan, "The ALT Special Use Top Level Domain", draft-ietf-dnsop-alt-tld-08 (work in progress), March 2017. [IANA.LocallyServed] IANA, "Locally Served DNS Zones", . [IANA.SUN] IANA, "Special-Use Domain Names", . [RFC1918] Rekhter, Y., Moskowitz, B., Karrenberg, D., de Groot, G., and E. Lear, "Address Allocation for Private Internets", BCP 5, RFC 1918, DOI 10.17487/RFC1918, February 1996, . [RFC6762] Cheshire, S. and M. Krochmal, "Multicast DNS", RFC 6762, DOI 10.17487/RFC6762, February 2013, . Appendix A. Changes / Author Notes. [RFC Editor: Please remove this section before publication ] -00 o This document was originally started in late 2014 / early 2015, but languished until being revived in June 2017. Kumari Expires January 3, 2018 [Page 9] Internet-Draft .internal July 2017 Author's Address Warren Kumari Google 1600 Amphitheatre Parkway Mountain View, CA 94043 US Email: warren@kumari.net Kumari Expires January 3, 2018 [Page 10]