Special-Use Domain 'home.arpa.'

Internet Engineering Task Force (IETF) P. Pfister Request for Comments: 8375 Cisco Systems Updates: 7788 T. Lemon Category: Standards Track Nibbhaya Consulting ISSN: 2070-1721 May 2018 Special-Use Domain 'home.arpa.' Abstract This document specifies the behavior that is expected from the Domain Name System with regard to DNS queries for names ending with '.home.arpa.' and designates this domain as a special-use domain name. 'home.arpa.' is designated for non-unique use in residential home networks. The Home Networking Control Protocol (HNCP) is updated to use the 'home.arpa.' domain instead of '.home'. Status of This Memo This is an Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc8375. Copyright Notice Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Pfister & Lemon Standards Track [Page 1]

RFC 8375 home.arpa. May 2018 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 4 3. General Guidance . . . . . . . . . . . . . . . . . . . . . . 4 4. Domain Name Reservation Considerations . . . . . . . . . . . 4 5. Updates to Home Networking Control Protocol . . . . . . . . . 7 6. Security Considerations . . . . . . . . . . . . . . . . . . . 7 6.1. Local Significance . . . . . . . . . . . . . . . . . . . 7 6.2. Insecure Delegation . . . . . . . . . . . . . . . . . . . 8 6.3. Bypassing Manually Configured Resolvers . . . . . . . . . 9 7. Delegation of 'home.arpa.' . . . . . . . . . . . . . . . . . 9 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 10 9.1. Normative References . . . . . . . . . . . . . . . . . . 10 9.2. Informative References . . . . . . . . . . . . . . . . . 10 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 12 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12 Pfister & Lemon Standards Track [Page 2]

RFC 8375 home.arpa. May 2018 1 . Introduction RFC7368]. The naming mechanism needs to function without configuration from the user. While it may be possible for a name to be delegated by an ISP, homenets must also function in the absence of such a delegation. This document reserves the name 'home.arpa.' to serve as the default name for this purpose, with a scope limited to each individual homenet. This document corrects an error in [RFC7788] by replacing '.home' with 'home.arpa.' as the default domain name for homenets. '.home' was selected as the most user-friendly option; however, there are existing uses of '.home' that may be in conflict with this use. Evidence indicates that '.home' queries frequently leak out and reach the root name servers [ICANN1] [ICANN2]. In addition, for compatibility with DNSSEC (see Section 6), it's necessary that an insecure delegation (see Section 4.3 of [RFC4035]) be present for the name. There is an existing process for allocating names under '.arpa.' [RFC3172]. No such process is available for requesting a similar delegation in the root at the request of the IETF, which does not administer that zone. As a result, all unregistered uses of '.home' (that is, all current uses at the time of this document's publication), particularly as specified in [RFC7788], are deprecated. This document registers the domain 'home.arpa.' as a special-use domain name [RFC6761] and specifies the behavior that is expected from the Domain Name System with regard to DNS queries for names whose rightmost non-terminal labels are 'home.arpa.'. Queries for names ending with '.home.arpa.' are of local significance within the scope of a homenet, meaning that identical queries will result in different results from one homenet to another. In other words, a name ending in '.home.arpa.' is not globally unique. Although this document makes specific reference to [RFC7788], it is not intended that the use of 'home.arpa.' be restricted solely to networks where HNCP is deployed. Rather, 'home.arpa.' is intended to be the correct domain for uses like the one described for '.home' in [RFC7788]: local name service in residential homenets. Pfister & Lemon Standards Track [Page 3]

RFC 8375 home.arpa. May 2018 2 . Requirements Language BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 3 . General Guidance 4 . Domain Name Reservation Considerations Section 5 of [RFC6761]. Although the term 'homenet' in [RFC7788] refers to home networks that implement a particular set of features, in this document the term is used to mean any home network, regardless of the set of features it implements. 1. Users can use names ending with '.home.arpa.' just as they would use any other domain name. The 'home.arpa.' name is chosen to be readily recognized by users as signifying that the name is addressing a service on the homenet to which the user's device is connected. Pfister & Lemon Standards Track [Page 4]

RFC 8375 home.arpa. May 2018 Section 6). 3. Name resolution APIs and libraries MUST NOT recognize names that end in '.home.arpa.' as special and MUST NOT treat them as having special significance, except that it may be necessary that such APIs not bypass the locally configured recursive resolvers. One or more IP addresses for recursive DNS servers will usually be supplied to the client through router advertisements or DHCP. For an administrative domain that uses subdomains of 'home.arpa.', such as a homenet, the recursive resolvers provided by that domain will be able to answer queries for subdomains of 'home.arpa.'; other resolvers will not, or they will provide answers that are not correct within that administrative domain. A host that is configured to use a resolver other than one that has been provided by the local network may be unable to resolve, or may receive incorrect results for, subdomains of 'home.arpa.'. In order to avoid this, it is permissible that hosts use the resolvers that are locally provided for resolving 'home.arpa.', even when they are configured to use other resolvers. 4. There are three considerations for recursive resolvers that follow this specification: A. Recursive resolvers at sites using 'home.arpa.' MUST transparently support DNSSEC queries: queries for DNSSEC records and queries with the DNSSEC OK (DO) bit set (see Section 3.2.1 of [RFC4035]). While validation is not required, it is strongly encouraged: a caching recursive resolver that does not validate answers that can be validated may cache invalid data. This, in turn, will prevent validating stub resolvers from successfully validating answers. B. Unless configured otherwise, recursive resolvers and DNS proxies MUST behave as described in Section 3 of the Locally Served Zones document [RFC6303]. That is, queries for 'home.arpa.' and subdomains of 'home.arpa.' MUST NOT be forwarded, with one important exception: a query for a DS record with the DO bit set MUST return the correct answer for that question, including correct information in the authority section that proves that the record is nonexistent. Pfister & Lemon Standards Track [Page 5]

RFC 8375 home.arpa. May 2018 Section 7. 7. 'home.arpa.' is a subdomain of the 'arpa' top-level domain, which is operated by IANA under the authority of the Internet Architecture Board according to the rules established in [RFC3172]. There are no other registrars for '.arpa'. Pfister & Lemon Standards Track [Page 6]

RFC 8375 home.arpa. May 2018 5 . Updates to Home Networking Control Protocol Section 8 of [RFC7788], the Home Networking Control Protocol, is updated as follows: OLD: Names and unqualified zones are used in an HNCP network to provide naming and service discovery with local significance. A network- wide zone is appended to all single labels or unqualified zones in order to qualify them. ".home" is the default; however, an administrator MAY configure the announcement of a Domain-Name TLV (Section 10.6) for the network to use a different one. In case multiple are announced, the domain of the node with the greatest node identifier takes precedence. NEW: Names and unqualified zones are used in an HNCP network to provide naming and service discovery with local significance. A network- wide zone is appended to all single labels or unqualified zones in order to qualify them. 'home.arpa.' is the default; however, an administrator MAY configure the announcement of a Domain-Name TLV (Section 10.6) for the network to use a different one. In case multiple TLVs are announced, the domain of the node with the greatest node identifier takes precedence. The 'home.arpa.' special-use name does not require a special resolution protocol. Names for which the rightmost two labels are 'home.arpa.' are resolved using the DNS protocol [RFC1035]. 6 . Security Considerations 6.1 . Local Significance Pfister & Lemon Standards Track [Page 7]

RFC 8375 home.arpa. May 2018 [RFC6303], Section 7, to install local trust anchors for locally served zones can only work if there is some way of configuring the trust anchor in the host. Homenet currently specifies no mechanism for configuring such trust anchors. As a result, while this advice sounds good, it is not practicable. Also, although it might be useful to install a trust anchor for a particular instance of 'home.arpa.', it's reasonable to expect that a host with such a trust anchor might, from time to time, connect to more than one network with its own instance of 'home.arpa.'. Such a host would be unable to access services on any instance of 'home.arpa.' other than the one for which a trust anchor was configured. It is, in principle, possible to attach an identifier to an instance of 'home.arpa.' that could be used to identify which trust anchor to rely on for validating names in that particular instance. However, the security implications of this are complicated, and such a mechanism, as well as a discussion of those implications, is out of scope for this document. 6.2 . Insecure Delegation Section 5 of [RFC4034]). Since the zone is not globally unique, no one key would work. An alternative would be to provide an authenticated denial of existence (see Section 3.2 of [RFC4033]). This would be done simply by not having a delegation from the 'arpa.' zone. However, this requires the validating resolver to treat 'home.arpa.' specially. If a validating resolver that doesn't treat 'home.arpa.' specially attempts to validate a name in 'home.arpa.', an authenticated denial of existence of 'home' as a subdomain of 'arpa.' would cause the validation to fail. Therefore, the only delegation that will allow names under 'home.arpa.' to be resolved by all validating resolvers is an insecure delegation, as in Section 7 of [RFC6303]. Pfister & Lemon Standards Track [Page 8]