Re: [BEHAVE] [Francis.Dupont@fdupont.fr: [dnsext] DNS64 and lying cache servers]
Brian E Carpenter <brian.e.carpenter@gmail.com> Sun, 02 August 2009 22:25 UTC
Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: behave@core3.amsl.com
Delivered-To: behave@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 398CE3A6988 for <behave@core3.amsl.com>; Sun, 2 Aug 2009 15:25:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.429
X-Spam-Level:
X-Spam-Status: No, score=-2.429 tagged_above=-999 required=5 tests=[AWL=0.170, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z+1E+hOIYkpY for <behave@core3.amsl.com>; Sun, 2 Aug 2009 15:25:38 -0700 (PDT)
Received: from wa-out-1112.google.com (wa-out-1112.google.com [209.85.146.183]) by core3.amsl.com (Postfix) with ESMTP id 1C6463A6AE1 for <behave@ietf.org>; Sun, 2 Aug 2009 15:23:46 -0700 (PDT)
Received: by wa-out-1112.google.com with SMTP id v27so445821wah.5 for <behave@ietf.org>; Sun, 02 Aug 2009 15:23:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :organization:user-agent:mime-version:to:cc:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=H4NCIyAvOOPwxgebrCUORx0x6JXHOI9DGQw7rgK0TGY=; b=gMS5aY8BCBaB0wxmtghzCIJFphDlYJmpRXprDA0itOFX9XLjAB/AJ22lKEhLlTxOkv UZH3PK0ykm8B7fLKlgeD0B2cs4ffFX3Fi44q0ZES8HM18/0lJScqhu0atjV445TC0UKg 3/0AGEyD0eaoLzq5eMyW6SnYeuEgyuGnIkE2k=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; b=IcR7IFvPya+jsqmei+OyhySgpu+AQc7YWjj8hPFpjGhILdwdH2PaUj73/JSCvXMZQm fRGXYqPVN7MRe16BBOp9zY6uyXprt/DaEBoqqvV17gCYZI0Ct3Kf7RlZPFsZke7NAk8G /ae52T1RXBjMoFZ3GukY6zcloRmBBF3+ugehA=
Received: by 10.115.51.19 with SMTP id d19mr5769019wak.208.1249251827768; Sun, 02 Aug 2009 15:23:47 -0700 (PDT)
Received: from ?130.216.38.124? (stf-brian.sfac.auckland.ac.nz [130.216.38.124]) by mx.google.com with ESMTPS id k2sm5474077rvb.2.2009.08.02.15.23.46 (version=SSLv3 cipher=RC4-MD5); Sun, 02 Aug 2009 15:23:47 -0700 (PDT)
Message-ID: <4A7611F0.9030201@gmail.com>
Date: Mon, 03 Aug 2009 10:23:44 +1200
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Andrew Sullivan <ajs@shinkuro.com>
References: <20090731074443.GA14355@shinkuro.com>
In-Reply-To: <20090731074443.GA14355@shinkuro.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: behave@ietf.org
Subject: Re: [BEHAVE] [Francis.Dupont@fdupont.fr: [dnsext] DNS64 and lying cache servers]
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Aug 2009 22:25:39 -0000
It's an interesting point but it misses the point IMHO: we *have* to lie to classical IPv6-only hosts. I've always preferred the stub resolver approach, right back to draft-van-beijnum-v6ops-mnat-pt-00.txt, but that preference is useless if the real world contains classical IPv6 hosts. Brian On 2009-07-31 19:44, Andrew Sullivan wrote: > Dear colleagues, > > Some of the participants in dnsext are reluctant to join another > mailing list the subject of which is mostly not of interest to them. > I have offered to accept comments from those participants and forward > them to behave when appropriate and if asked. Attached is one such > example. > > A > > > > ------------------------------------------------------------------------ > > Subject: > [dnsext] DNS64 and lying cache servers > From: > Francis Dupont <Francis.Dupont@fdupont.fr> > Date: > Wed, 29 Jul 2009 14:28:26 +0200 > To: > namedroppers@ops.ietf.org > > To: > namedroppers@ops.ietf.org > > > [Please forward this to the behave mailing-list] > > [I use the term "cache server" as a synonym of "recursive DNS server"] > > DNS64 (draft-ietf-behave-dns64-00.txt) is usually presented with > a cache server serving a lot of NAT64 IPv6-only clients and performing > AAAA RR synthesis from A RRs to make external IPv4-only servers > reachable through a NAT64 translator. > > So this is essentially a lying cache server: this is *bad* for the > usual reason (it breaks DNSSEC). Worse, its lie is very location > dependent, so it has very bad interaction when the DNS is assumed > to be location independent, for instance with Mobility. > > But as explained in the draft at the end of the section 2 Overview > this is not the only way to deploy DNS64: in the "DNS64 in stub- > resolver mode" the synthesis is done as close as possible to the > client so there is no longer lying issues. > > Note this doesn't extend to some other lying DNS proposals from > NAT based IPv6/IPv4 transition mechanisms because DNS64 uses a > small set of static parameters (mainly the Pref64::/n) which is > the only state of the synthesis process. > > So I recommend the DNSEXT WG to advise to put more work into > the sub-resolver mode (producing DNS64 capable stub-resolvers, > which should be very easy, and solving the DNS64 parameter > distribution issue) than into the DNS server mode which should be > recognized as an example of a false good idea. > > Regards > > Francis.Dupont@fdupont.fr > > PS: Acknowledgments to Mark Andrews who introduced the strong but > correct "lying" term, and to Wassim Haddad who remarked DNS64 and > Mobility together can easily lead to disasters. > > -- > to unsubscribe send a message to namedroppers-request@ops.ietf.org with > the word 'unsubscribe' in a single line as the message text body. > archive: <http://ops.ietf.org/lists/namedroppers/> > > > ------------------------------------------------------------------------ > > _______________________________________________ > Behave mailing list > Behave@ietf.org > https://www.ietf.org/mailman/listinfo/behave
- [BEHAVE] [Francis.Dupont@fdupont.fr: [dnsext] DNS… Andrew Sullivan
- Re: [BEHAVE] [Francis.Dupont@fdupont.fr: [dnsext]… Brian E Carpenter
- Re: [BEHAVE] [Francis.Dupont@fdupont.fr: [dnsext]… Charles E. Perkins
- Re: [BEHAVE] [Francis.Dupont@fdupont.fr: [dnsext]… teemu.savolainen