draft-ietf-homenet-dot-13.txt   draft-ietf-homenet-dot-14.txt 
Network Working Group P. Pfister Network Working Group P. Pfister
Internet-Draft Cisco Systems Internet-Draft Cisco Systems
Updates: RFC7788 (if approved) T. Lemon Updates: RFC7788 (if approved) T. Lemon
Intended status: Standards Track Nominum, Inc. Intended status: Standards Track Nominum, Inc.
Expires: March 2, 2018 August 29, 2017 Expires: March 5, 2018 September 1, 2017
Special Use Domain 'home.arpa.' Special Use Domain 'home.arpa.'
draft-ietf-homenet-dot-13 draft-ietf-homenet-dot-14
Abstract Abstract
This document specifies the behavior that is expected from the Domain This document specifies the behavior that is expected from the Domain
Name System with regard to DNS queries for names ending with Name System with regard to DNS queries for names ending with
'.home.arpa.', and designates this domain as a special-use domain '.home.arpa.', and designates this domain as a special-use domain
name. 'home.arpa.' is designated for non-unique use in residential name. 'home.arpa.' is designated for non-unique use in residential
home networks. Home Networking Control Protocol (HNCP) is updated to home networks. Home Networking Control Protocol (HNCP) is updated to
use the 'home.arpa.' domain instead of '.home'. use the 'home.arpa.' domain instead of '.home'.
skipping to change at page 1, line 36 skipping to change at page 1, line 36
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on March 2, 2018. This Internet-Draft will expire on March 5, 2018.
Copyright Notice Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 14 skipping to change at page 2, line 14
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Requirements Language . . . . . . . . . . . . . . . . . . . . 3 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 3
3. General Guidance . . . . . . . . . . . . . . . . . . . . . . 3 3. General Guidance . . . . . . . . . . . . . . . . . . . . . . 3
4. Domain Name Reservation Considerations . . . . . . . . . . . 4 4. Domain Name Reservation Considerations . . . . . . . . . . . 4
5. Updates to Home Networking Control Protocol . . . . . . . . . 6 5. Updates to Home Networking Control Protocol . . . . . . . . . 6
6. Security Considerations . . . . . . . . . . . . . . . . . . . 6 6. Security Considerations . . . . . . . . . . . . . . . . . . . 7
6.1. Local Significance . . . . . . . . . . . . . . . . . . . 6 6.1. Local Significance . . . . . . . . . . . . . . . . . . . 7
6.2. Insecure Delegation . . . . . . . . . . . . . . . . . . . 7 6.2. Insecure Delegation . . . . . . . . . . . . . . . . . . . 8
6.3. Bypassing Manually Configured Resolvers . . . . . . . . . 8 6.3. Bypassing Manually Configured Resolvers . . . . . . . . . 8
7. Delegation of 'home.arpa.' . . . . . . . . . . . . . . . . . 8 7. Delegation of 'home.arpa.' . . . . . . . . . . . . . . . . . 8
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9
9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 8 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 9
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 9
10.1. Normative References . . . . . . . . . . . . . . . . . . 9 10.1. Normative References . . . . . . . . . . . . . . . . . . 9
10.2. Informative References . . . . . . . . . . . . . . . . . 9 10.2. Informative References . . . . . . . . . . . . . . . . . 10
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11
1. Introduction 1. Introduction
Users and devices within a home network (hereafter "homenet") require Users and devices within a home network (hereafter "homenet") require
devices and services to be identified by names that are unique within devices and services to be identified by names that are unique within
the boundaries of the homenet [RFC7368]. The naming mechanism needs the boundaries of the homenet [RFC7368]. The naming mechanism needs
to function without configuration from the user. While it may be to function without configuration from the user. While it may be
possible for a name to be delegated by an ISP, homenets must also possible for a name to be delegated by an ISP, homenets must also
function in the absence of such a delegation. A default name with a function in the absence of such a delegation. This document reserves
scope limited to each individual homenet needs to be used. the name 'home.arpa.' to serve as the default name for this purpose,
with with a scope limited to each individual homenet.
This document corrects an error in [RFC7788], replacing '.home' with This document corrects an error in [RFC7788], replacing '.home' with
'home.arpa.' as the default domain-name for homenets. '.home' had 'home.arpa.' as the default domain-name for homenets. '.home' had
been selected as the most user-friendly option. However, there are been selected as the most user-friendly option. However, there are
existing uses of '.home' that may be in conflict with this use: existing uses of '.home' that may be in conflict with this use:
evidence indicates that '.home' queries frequently leak out and reach evidence indicates that '.home' queries frequently leak out and reach
the root name servers [ICANN1] [ICANN2]. the root name servers [ICANN1] [ICANN2].
In addition, it's necessary, for compatibility with DNSSEC In addition, it's necessary, for compatibility with DNSSEC
(Section 6), that an insecure delegation ([RFC4035] section 4.3) be (Section 6), that an insecure delegation ([RFC4035] section 4.3) be
present for the name. There is an existing process for allocating present for the name. There is an existing process for allocating
names under '.arpa' [RFC3172]. No such process is available for names under '.arpa.' [RFC3172]. No such process is available for
requesting a similar delegation in the root at the request of the requesting a similar delegation in the root at the request of the
IETF, which does not administer that zone. As a result, the use of IETF, which does not administer that zone. As a result, all
'.home' is deprecated. unregistered uses of '.home' (that is, all current uses at the time
of this document's publication), particularly as specified in
RFC7788, are deprecated.
This document registers the domain '.home.arpa.' as a special-use This document registers the domain 'home.arpa.' as a special-use
domain name [RFC6761] and specifies the behavior that is expected domain name [RFC6761] and specifies the behavior that is expected
from the Domain Name System with regard to DNS queries for names from the Domain Name System with regard to DNS queries for names
whose rightmost non-terminal labels are 'home.arpa.'. Queries for whose rightmost non-terminal labels are 'home.arpa.'. Queries for
names ending with '.home.arpa.' are of local significance within the names ending with '.home.arpa.' are of local significance within the
scope of a homenet, meaning that identical queries will result in scope of a homenet, meaning that identical queries will result in
different results from one homenet to another. In other words, a different results from one homenet to another. In other words, a
name ending in 'home.arpa.' is not globally unique. name ending in '.home.arpa.' is not globally unique.
Although this document makes specific reference to RFC7788, it is not Although this document makes specific reference to RFC7788, it is not
intended that the use of 'home.arpa.' be restricted solely to intended that the use of 'home.arpa.' be restricted solely to
networks where HNCP is deployed; it is rather the case that networks where HNCP is deployed; it is rather the case that
'home.arpa.' is the correct domain for uses like the one described 'home.arpa.' is the correct domain for uses like the one described
for '.home' in RFC7788: local name service in residential homenets. for '.home' in RFC7788: local name service in residential homenets.
2. Requirements Language 2. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP "OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
3. General Guidance 3. General Guidance
The domain name '.home.arpa.' is to be used for naming within The domain name 'home.arpa.' is to be used for naming within
residential homenets. Names ending with '.home.arpa.' reference a residential homenets. Names ending with '.home.arpa.' reference a
locally-served zone, the contents of which are unique only to a locally-served zone, the contents of which are unique only to a
particular homenet, and are not globally unique. Such names refer to particular homenet, and are not globally unique. Such names refer to
nodes and/or services that are located within a homenet (e.g., a nodes and/or services that are located within a homenet (e.g., a
printer, or a toaster). printer, or a toaster).
DNS queries for names ending with '.home.arpa.' are resolved using DNS queries for names ending with '.home.arpa.' are resolved using
local resolvers on the homenet. Such queries MUST NOT be recursively local resolvers on the homenet. Such queries MUST NOT be recursively
forwarded to servers outside the logical boundaries of the homenet. forwarded to servers outside the logical boundaries of the homenet.
Some service discovery user interfaces that are expected to be used Some service discovery user interfaces that are expected to be used
on homenets conceal information such as domain names from end users. on homenets conceal information such as domain names from end users.
However, it is still expected that in some cases, users will need to However, it is still expected that in some cases, users will need to
see, remember, and even type, names ending with 'home.arpa.'. The see, remember, and even type, names ending with '.home.arpa.'. The
working group hopes that this name will in some way indicate to as working group hopes that this name will in some way indicate to as
many readers as possible that such domain names are referring to many readers as possible that such domain names are referring to
devices in the home, but we recognize that it is an imperfect devices in the home, but we recognize that it is an imperfect
solution. solution.
4. Domain Name Reservation Considerations 4. Domain Name Reservation Considerations
This section defines the behavior of systems involved in domain name This section specifies considerations for systems involved in domain
resolution when resolving queries for names ending with '.home.arpa.' name resolution when resolving queries for names ending with
(as per [RFC6761]). '.home.arpa.'. Each item in this section addresses some aspect of
the DNS or the process of resolving domain names that would be
affected by this special use allocation. Detailed explanations of
these items can be found in [RFC6761], Section 5.
1. Users can use names ending with '.home.arpa.' just as they would 1. Users can use names ending with '.home.arpa.' just as they would
use any other domain name. The 'home.arpa.' name is chosen to be use any other domain name. The 'home.arpa.' name is chosen to be
readily recognized by users as signifying that the name is readily recognized by users as signifying that the name is
addressing a service on the homenet to which the user's device is addressing a service on the homenet to which the user's device is
connected. connected.
2. Application software SHOULD NOT treat names ending in 2. Application software SHOULD NOT treat names ending in
'home.arpa.' differently than other names. In particular, there '.home.arpa.' differently than other names. In particular, there
is no basis for trusting names that are subdomains of is no basis for trusting names that are subdomains of
'home.arpa.' (see Section 6). 'home.arpa.' (see Section 6).
3. Name resolution APIs and libraries MUST NOT recognize names that 3. Name resolution APIs and libraries MUST NOT recognize names that
end in '.home.arpa.' as special and MUST NOT treat them as having end in '.home.arpa.' as special and MUST NOT treat them as having
special significance, except that it may be necessary that such special significance, except that it may be necessary that such
APIs not bypass the locally configured recursive resolvers. APIs not bypass the locally configured recursive resolvers.
One or more IP addresses for recursive DNS servers will usually One or more IP addresses for recursive DNS servers will usually
be supplied to the client through router advertisements or DHCP. be supplied to the client through router advertisements or DHCP.
For an administrative domain that uses names in 'home.arpa.', For an administrative domain that uses subdomains of
such as a homenet, the recursive resolvers provided by that 'home.arpa.', such as a homenet, the recursive resolvers provided
domain will be able to answer queries for subdomains of by that domain will be able to answer queries for subdomains of
home.arpa; other resolvers will not, or will provide answers that 'home.arpa.'; other resolvers will not, or will provide answers
are not correct within that administrative domain. that are not correct within that administrative domain.
A host that is configured to use a resolver other than one that A host that is configured to use a resolver other than one that
has been provided by the local network may be unable to resolve, has been provided by the local network may be unable to resolve,
or may receive incorrect results for, names in sub domains of or may receive incorrect results for, subdomains of 'home.arpa.'.
'home.arpa.'. In order to avoid this, it is permissible that In order to avoid this, it is permissible that hosts use the
hosts use the locally-provided resolvers for resolving locally-provided resolvers for resolving 'home.arpa.' even when
'home.arpa.' even when they are configured to use other they are configured to use other resolvers.
resolvers.
4. 4.
A. Recursive resolvers at sites using 'home.arpa.' MUST A. Recursive resolvers at sites using 'home.arpa.' MUST
transparently support DNSSEC queries: queries for DNSSEC transparently support DNSSEC queries: queries for DNSSEC
records and queries with the DO bit set ([RFC4035] section records and queries with the DO bit set ([RFC4035] section
3.2.1). While validation is not required, it is strongly 3.2.1). While validation is not required, it is strongly
encouraged: a caching recursive resolver that does not encouraged: a caching recursive resolver that does not
validate answers that can be validated may cache invalid validate answers that can be validated may cache invalid
data. This in turn will prevent validating stub resolvers data. This in turn will prevent validating stub resolvers
from successfully validating answers. from successfully validating answers.
B. Unless configured otherwise, recursive resolvers and DNS B. Unless configured otherwise, recursive resolvers and DNS
proxies MUST behave as described in Locally Served Zones proxies MUST behave as described in Locally Served Zones
([RFC6303] Section 3). That is, queries for domains that are ([RFC6303] Section 3). That is, queries for 'home.arpa.' and
subdomains of 'home.arpa.' MUST NOT be forwarded, with one subdomains of 'home.arpa.' MUST NOT be forwarded, with one
important exception: a query for a DS record when the DO bit important exception: a query for a DS record with the DO bit
set MUST return the correct answer for that question, set MUST return the correct answer for that question,
including correct information in the authority section that including correct information in the authority section that
proves that the record is nonexistent. proves that the record is nonexistent.
So for example a query for the NS record for 'home.arpa.' So for example a query for the NS record for 'home.arpa.'
MUST NOT result in that query being forwarded to an upstream MUST NOT result in that query being forwarded to an upstream
cache nor to the authoritative DNS server for '.arpa.'. cache nor to the authoritative DNS server for '.arpa.'.
However, as necessary to provide accurate authority However, as necessary to provide accurate authority
information, a query for the DS record MUST result in information, a query for the DS record MUST result in
whatever queries are necessary being forwarded; typically, whatever queries are necessary being forwarded; typically,
this will just be a query for the DS record, since the this will just be a query for the DS record, since the
necessary authority information will be included in the necessary authority information will be included in the
authority section of the response if the DO bit is set. authority section of the response if the DO bit is set.
C. In addition to the behavior specified above, recursive C. In addition to the behavior specified above, recursive
resolvers that can be used in a homenet MUST be configurable resolvers that can be used in a homenet MUST be configurable
with a delegation to an authoritative server for that to forward queries for 'home.arpa.' and subdomains of
particular homenet's instance of the domain 'home.arpa.'. 'home.arpa.' to an authoritative server for 'home.arpa.'.
This server will provide authoritative data for 'home.arpa.'
within a particular homenet. The special handling for DS
records for the 'home.arpa.' delegation is still required.
It is permissible to combine the recursive resolver function It is permissible to combine the recursive resolver function
for general DNS lookups with an authoritative resolver for for general DNS lookups with an authoritative resolver for
'home.arpa.'; in this case, rather than forwarding queries 'home.arpa.'; in this case, rather than forwarding queries
for subdomains of 'home.arpa.' to an authoritative server, for subdomains of 'home.arpa.' to an authoritative server,
the caching resolver answers them authoritatively. The the resolver answers them authoritatively. The behavior with
behavior with respect to forwarding queries specifically for respect to forwarding queries specifically for 'home.arpa.'
'home.arpa.' remains the same. remains the same.
5. No special processing of 'home.arpa.' is required for 5. No special processing of 'home.arpa.' is required for
authoritative DNS server implementations. It is possible that an authoritative DNS server implementations. It is possible that an
authoritative DNS server might attempt to check the authoritative authoritative DNS server might attempt to check the authoritative
servers for 'home.arpa.' for a delegation beneath that name servers for 'home.arpa.' for a delegation beneath that name
before answering authoritatively for such a delegated name. In before answering authoritatively for such a delegated name. In
such a case, because the name always has only local significance such a case, because the name always has only local significance
there will be no such delegation in the 'home.arpa.' zone, and so there will be no such delegation in the 'home.arpa.' zone, and so
the server would refuse to answer authoritatively for such a the server would refuse to answer authoritatively for such a
zone. A server that implements this sort of check MUST be zone. A server that implements this sort of check MUST be
skipping to change at page 6, line 47 skipping to change at page 7, line 9
node identifier takes precedence. node identifier takes precedence.
The 'home.arpa.' special-use name does not require a special The 'home.arpa.' special-use name does not require a special
resolution protocol. Names for which the rightmost two labels are resolution protocol. Names for which the rightmost two labels are
'home.arpa.' are resolved using the DNS protocol [RFC1035]. 'home.arpa.' are resolved using the DNS protocol [RFC1035].
6. Security Considerations 6. Security Considerations
6.1. Local Significance 6.1. Local Significance
A DNS record that is returned as a response to a query for an FQDN in A DNS record that is returned as a response to a query for an FQDN
the domain '.home.arpa.' is expected to have local significance. It that is a subdomain of 'home.arpa.' is expected to have local
is expected to be returned by a server involved in name resolution significance. It is expected to be returned by a server involved in
for the homenet the device is connected in. However, such response name resolution for the homenet the device is connected in. However,
MUST NOT be considered more trustworthy than would be a similar such response MUST NOT be considered more trustworthy than would be a
response for any other DNS query. similar response for any other DNS query.
Because 'home.arpa.' is not globally scoped and cannot be secured Because 'home.arpa.' is not globally scoped and cannot be secured
using DNSSEC based on the root domain's trust anchor, there is no way using DNSSEC based on the root domain's trust anchor, there is no way
to tell, using a standard DNS query, in which homenet scope an answer to tell, using a standard DNS query, in which homenet scope an answer
belongs. Consequently, users may experience surprising results with belongs. Consequently, users may experience surprising results with
such names when roaming to different homenets. To prevent this from such names when roaming to different homenets.
happening, it may be useful for the resolver to identify different
homenets on which it has resolved names, but this is out of scope for To prevent this from happening, it could be useful for the resolver
this document. on the host to securely differentiate between different homenets, and
between identical names on different homenets. However, a mechanism
for doing this has not yet been standardized, and doing so is out of
scope for this document. It is expected that this will be explored
in future work.
Locally Served Zones ([RFC6303] section 7) recommends installing Locally Served Zones ([RFC6303] section 7) recommends installing
trust anchors for locally served zones. However, in order for this trust anchors for locally served zones. However, in order for this
to be effective, there must be some way of configuring the trust to be effective, there must be some way of configuring the trust
anchor in the host. Homenet currently specifies no mechanism for anchor in the host. Homenet currently specifies no mechanism for
configuring such trust anchors. As a result, while this advice configuring such trust anchors. As a result, while this advice
sounds good, it is not practicable. sounds good, it is not practicable.
Also, although in principle it might be useful to install a trust Also, although in principle it might be useful to install a trust
anchor for a particular instance of 'home.arpa.', it's reasonable to anchor for a particular instance of 'home.arpa.', it's reasonable to
skipping to change at page 8, line 47 skipping to change at page 9, line 14
which prevents a validating stub resolver from rejecting names which prevents a validating stub resolver from rejecting names
published under 'home.arpa.' on a homenet name server. published under 'home.arpa.' on a homenet name server.
8. IANA Considerations 8. IANA Considerations
IANA is requested to record the domain name 'home.arpa.' in the IANA is requested to record the domain name 'home.arpa.' in the
Special-Use Domain Names registry [SUDN]. IANA is requested, with Special-Use Domain Names registry [SUDN]. IANA is requested, with
the approval of IAB, to implement the delegation requested in the approval of IAB, to implement the delegation requested in
Section 7. Section 7.
IANA is further requested to create a new subregistry within the
"Locally-Served DNS Zones" registry [LSDZ], titled "Transport-
Independent Locally-Served DNS Zones", with the same format as the
other subregistries. IANA is requested to add an entry in this new
registry for 'home.arpa.' with the description "Homenet Special-Use
Domain", listing this document as the reference. The registration
procedure for this subregistry should be the same as for the others,
currently "IETF Review" ([RFC8126] Section 4.8).
9. Acknowledgments 9. Acknowledgments
The authors would like to thank Stuart Cheshire for his prior work on The authors would like to thank Stuart Cheshire for his prior work on
'.home', as well as the homenet chairs: Mark Townsley and Ray Bellis. '.home', as well as the homenet chairs: Mark Townsley and Ray Bellis.
We would also like to thank Paul Hoffman for providing review and We would also like to thank Paul Hoffman for providing review and
comments on the IANA considerations section, Andrew Sullivan for his comments on the IANA considerations section, Andrew Sullivan for his
review and proposed text, and Suzanne Woolf and Ray Bellis for their review and proposed text, and Suzanne Woolf and Ray Bellis for their
very detailed review comments and process insights. Thanks to Mark very detailed review comments and process insights. Thanks to Mark
Andrews for providing an exhaustive reference list on the topic of Andrews for providing an exhaustive reference list on the topic of
insecure delegations. Thanks to Dale Worley for catching a rather insecure delegations. Thanks to Dale Worley for catching a rather
egregious mistake and for the Gen-Art review, and to Daniel Migault egregious mistake and for the Gen-Art review, and to Daniel Migault
for a thorough SecDir review. for a thorough SecDir review. Thanks to Warren Kumari for catching
some additional issues, and to Adam Roach for some helpful
clarifications.
10. References 10. References
10.1. Normative References 10.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, <https://www.rfc- DOI 10.17487/RFC2119, March 1997, <https://www.rfc-
editor.org/info/rfc2119>. editor.org/info/rfc2119>.
skipping to change at page 10, line 5 skipping to change at page 10, line 32
10.2. Informative References 10.2. Informative References
[ICANN1] "New gTLD Collision Risk Mitigation", October 2013, [ICANN1] "New gTLD Collision Risk Mitigation", October 2013,
<https://www.icann.org/en/system/files/files/new-gtld- <https://www.icann.org/en/system/files/files/new-gtld-
collision-mitigation-05aug13-en.pdf>. collision-mitigation-05aug13-en.pdf>.
[ICANN2] "New gTLD Collision Occurence Management", October 2013, [ICANN2] "New gTLD Collision Occurence Management", October 2013,
<https://www.icann.org/en/system/files/files/resolutions- <https://www.icann.org/en/system/files/files/resolutions-
new-gtld-annex-1-07oct13-en.pdf>. new-gtld-annex-1-07oct13-en.pdf>.
[LSDZ] "Locally-Served DNS Zones Registry", July 2011,
<https://www.iana.org/assignments/locally-served-dns-
zones/locally-served-dns-zones.xhtml>.
[RFC1035] Mockapetris, P., "Domain names - implementation and [RFC1035] Mockapetris, P., "Domain names - implementation and
specification", STD 13, RFC 1035, DOI 10.17487/RFC1035, specification", STD 13, RFC 1035, DOI 10.17487/RFC1035,
November 1987, <https://www.rfc-editor.org/info/rfc1035>. November 1987, <https://www.rfc-editor.org/info/rfc1035>.
[RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S. [RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S.
Rose, "DNS Security Introduction and Requirements", Rose, "DNS Security Introduction and Requirements",
RFC 4033, DOI 10.17487/RFC4033, March 2005, RFC 4033, DOI 10.17487/RFC4033, March 2005,
<https://www.rfc-editor.org/info/rfc4033>. <https://www.rfc-editor.org/info/rfc4033>.
[RFC4034] Arends, R., Austein, R., Larson, M., Massey, D., and S. [RFC4034] Arends, R., Austein, R., Larson, M., Massey, D., and S.
skipping to change at page 10, line 28 skipping to change at page 11, line 14
[RFC7368] Chown, T., Ed., Arkko, J., Brandt, A., Troan, O., and J. [RFC7368] Chown, T., Ed., Arkko, J., Brandt, A., Troan, O., and J.
Weil, "IPv6 Home Networking Architecture Principles", Weil, "IPv6 Home Networking Architecture Principles",
RFC 7368, DOI 10.17487/RFC7368, October 2014, RFC 7368, DOI 10.17487/RFC7368, October 2014,
<https://www.rfc-editor.org/info/rfc7368>. <https://www.rfc-editor.org/info/rfc7368>.
[RFC7788] Stenberg, M., Barth, S., and P. Pfister, "Home Networking [RFC7788] Stenberg, M., Barth, S., and P. Pfister, "Home Networking
Control Protocol", RFC 7788, DOI 10.17487/RFC7788, April Control Protocol", RFC 7788, DOI 10.17487/RFC7788, April
2016, <https://www.rfc-editor.org/info/rfc7788>. 2016, <https://www.rfc-editor.org/info/rfc7788>.
[RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for
Writing an IANA Considerations Section in RFCs", BCP 26,
RFC 8126, DOI 10.17487/RFC8126, June 2017,
<https://www.rfc-editor.org/info/rfc8126>.
[SUDN] "Special-Use Domain Names Registry", July 2012, [SUDN] "Special-Use Domain Names Registry", July 2012,
<http://www.iana.org/assignments/special-use-domain-names/ <https://www.iana.org/assignments/special-use-domain-
special-use-domain-names.xhtml>. names/special-use-domain-names.xhtml>.
Authors' Addresses Authors' Addresses
Pierre Pfister Pierre Pfister
Cisco Systems Cisco Systems
Paris Paris
France France
Email: pierre.pfister@darou.fr Email: pierre.pfister@darou.fr
 End of changes. 28 change blocks. 
53 lines changed or deleted 85 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/