IETF Logo Mail Archive

Re: [BEHAVE] RFC6147 and RFC7208 interoperability issues

marcelo bagnulo braun <marcelo@it.uc3m.es> Thu, 10 February 2022 07:07 UTC

Return-Path: <marcelo@it.uc3m.es>
X-Original-To: behave@ietfa.amsl.com
Delivered-To: behave@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A8603A0DEA for <behave@ietfa.amsl.com>; Wed, 9 Feb 2022 23:07:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.713
X-Spam-Level:
X-Spam-Status: No, score=-2.713 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, NICE_REPLY_A=-0.714, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=it.uc3m.es
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NCrw5eegxWFp for <behave@ietfa.amsl.com>; Wed, 9 Feb 2022 23:07:46 -0800 (PST)
Received: from mail-ed1-x52d.google.com (mail-ed1-x52d.google.com [IPv6:2a00:1450:4864:20::52d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EC7253A0E14 for <behave@ietf.org>; Wed, 9 Feb 2022 23:07:45 -0800 (PST)
Received: by mail-ed1-x52d.google.com with SMTP id ch26so9184748edb.12 for <behave@ietf.org>; Wed, 09 Feb 2022 23:07:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=it.uc3m.es; s=google; h=message-id:date:mime-version:user-agent:subject:content-language:to :references:from:in-reply-to:content-transfer-encoding; bh=CFy4AOdDeBSx5YKOscyd3gwavR+rqD7nwr4RPP2/SV4=; b=WsK2OtdZx0MXPcKSDbhUoUamjCJxC2/D7JjbQ1kvYHmRODRVghxJ71h+8TMuMFNWK3 c9vu+CHIdKxYlMn90xS83bd7PkPVKBEqmMCy3vxjsf6KC+C5tM3KtSlzdci4E6d21Qok jTRrUi28l/bZByKIYJW4gEQ+NTdbeJH0RXFTWq87wdd9d8iALB+r3rIWxE6Njkp0o+TG cEZZ8fa7Knmyyp2RmaJ4JpTVs87uQ5b0OMsPrurERXQa45Nnjdn8aII1a1qUjJu3qbUy XZxTC4UTnTjRYNLNAYpeldFxLHmkKVXftv+C/PiV4nsuO/XSwW1s+VhKlbRPHtkUJm3F PXhQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:references:from:in-reply-to :content-transfer-encoding; bh=CFy4AOdDeBSx5YKOscyd3gwavR+rqD7nwr4RPP2/SV4=; b=V1fPVU+lBFz9d/5qZDaaIwsjGxY6yK7h97gFDpXQyREPJLu2h7pBGD06C8tMOzRdfF HkeYibPYNFFIDlIprZcndVoDw8VRADx4Zwb8PTQWWVzZ5jWLSj/rN15nFTruV9oL1GxC dZ163+qIwuVWMwHOAXV4lau+sSF1ENMRHns05ZZXZOZF5zsEpSDIdWRnzZqpg4mKjc2u LbFJw8ke1IOd7arR3Fip7Rj5ci2MhDGJ6YKTUITc8rkcmbdnMq5aqwNJE3ANs+SWFbJe 2CzUKwBXPm7krMlaMnprZT6f7f9uEzFI9rsf6dh658tugcDkpSaEquUll6NKtDP/eGF1 mhWQ==
X-Gm-Message-State: AOAM530ya4d4a1euoatpYZhaMbT0JzrYjw/yy2Kx6GukPCyLA+PiviI+ YfM4cUbcgtCFX3RbTlkgpSM1DIgP4QnK3BxS
X-Google-Smtp-Source: ABdhPJymaCZT3dPGfvzeDAQoETjLnWTO3sywZqCSRH4sB1onJ8Fd2+wnrLiNIfjGnaqoz7jt/hMrfw==
X-Received: by 2002:a05:6402:90b:: with SMTP id g11mr3597135edz.73.1644476862709; Wed, 09 Feb 2022 23:07:42 -0800 (PST)
Received: from [10.118.28.105] ([163.117.64.17]) by smtp.gmail.com with ESMTPSA id m5sm556658ejl.198.2022.02.09.23.07.42 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 09 Feb 2022 23:07:42 -0800 (PST)
Message-ID: <0f31d5ce-fae5-1673-3b9b-15341c8b052e@it.uc3m.es>
Date: Thu, 10 Feb 2022 08:07:41 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.5.0
Content-Language: en-GB
To: Christian Huitema <huitema@huitema.net>, behave@ietf.org
References: <45e423cc-4095-cca2-bf8c-aa15e977b19c@posteo.de> <ff858dee-a21a-a50d-72a5-da7915ac2de4@network-heretics.com> <71b5cdb0-78af-0f77-debc-84e178fe5e3a@posteo.de> <7a008cc2-e8a3-f91d-c782-96866c36a9db@network-heretics.com> <ee760818-a3c4-3755-6bdf-afcec6fcaaad@posteo.de> <B7DFC369-E7B7-4171-9C85-F75986B5AEF6@gmail.com> <6123a322-e9a7-7f90-391f-9b4c4461ce45@network-heretics.com> <e95993e4-4166-4b3d-1637-8ca451b093b6@huitema.net> <7b7cf541-3387-6d0b-0fbe-273a08fd37ed@posteo.de> <0d18c171-f713-4590-d9a6-3c5729a3384c@huitema.net> <a4dbfa8c-abb4-e4e7-e53c-d7f54a2e5bf9@posteo.de> <50b919ba-22e5-cfd0-5e44-b905d42c50b7@it.uc3m.es> <8c10d7d6-ad60-2373-c809-1b75b8d1448c@huitema.net>
From: marcelo bagnulo braun <marcelo@it.uc3m.es>
In-Reply-To: <8c10d7d6-ad60-2373-c809-1b75b8d1448c@huitema.net>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/behave/O8e4aGqMRAFebP5ggRCDjhj5XTg>
Subject: Re: [BEHAVE] RFC6147 and RFC7208 interoperability issues
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/behave/>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Feb 2022 07:07:52 -0000

El 7/2/22 a las 19:03, Christian Huitema escribió:
>
>
> On 2/6/2022 10:34 PM, marcelo bagnulo braun wrote:
>> El 7/2/22 a las 3:48, Klaus Frank escribió:
>>> The DNS64 server could be this secure DNS.
>>
>> This would consistent with the deployment scenario presented in 
>> section 7.1 of RFC6147. 
>
>
> Maybe. But the situation has changed since April 2011. ISPs cannot any 
> more assume that all hosts will be using the resolver embedded in the 
> NAT64 gateway -- some hosts, or some applications, may very well use 
> some alternate encrypted DNS service, e.g., using DoH and connect to 
> Quad9, Cloudflare or Google. The cases describe in section 6 of 
> RFC6147 are going to be more and more frequent. We should make them 
> work, and we should tell application developers about that.
>
DNS64 doesnt have to be collocated withthe NAT64 box.

The scenario 7.1 still holds in case the user is using an external 
reoslver, such as cloudflare. The thing is that the external resolver 
must then implement the DNS64.

This works fine as long as the WKP is used.


Regards, marcelo




> -- Christian Huitema
>

v2.23.0 | Report a Bug | By Email