IETF Logo Mail Archive

Re: [BEHAVE] [3gv6] DNS64 Resolvers and Dual-Stack Hosts, draft-wing-behave-dns64-config-00

"Dan Wing" <dwing@cisco.com> Fri, 08 January 2010 17:14 UTC

Return-Path: <dwing@cisco.com>
X-Original-To: behave@core3.amsl.com
Delivered-To: behave@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 94D2E3A6862; Fri, 8 Jan 2010 09:14:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.093
X-Spam-Level:
X-Spam-Status: No, score=-10.093 tagged_above=-999 required=5 tests=[AWL=0.506, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TeEFICseTYHx; Fri, 8 Jan 2010 09:14:22 -0800 (PST)
Received: from sj-iport-4.cisco.com (sj-iport-4.cisco.com [171.68.10.86]) by core3.amsl.com (Postfix) with ESMTP id DD0693A683C; Fri, 8 Jan 2010 09:14:22 -0800 (PST)
Authentication-Results: sj-iport-4.cisco.com; dkim=neutral (message not signed) header.i=none
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Av0FACr3RkurRN+J/2dsb2JhbACIJoEUtwKUEYIxgX4E
X-IronPort-AV: E=Sophos;i="4.49,243,1262563200"; d="scan'208";a="71916272"
Received: from sj-core-3.cisco.com ([171.68.223.137]) by sj-iport-4.cisco.com with ESMTP; 08 Jan 2010 17:14:21 +0000
Received: from dwingwxp01 ([10.32.240.197]) by sj-core-3.cisco.com (8.13.8/8.14.3) with ESMTP id o08HELOd016750; Fri, 8 Jan 2010 17:14:21 GMT
From: Dan Wing <dwing@cisco.com>
To: 'marcelo bagnulo braun' <marcelo@it.uc3m.es>, 'Behcet Sarikaya' <sarikaya@ieee.org>
References: <0e0f01ca8fe8$7f540d80$c5f0200a@cisco.com> <158080.35952.qm@web111414.mail.gq1.yahoo.com> <4B4713B1.9050200@it.uc3m.es>
Date: Fri, 08 Jan 2010 09:14:21 -0800
Message-ID: <105801ca9086$0508f150$c5f0200a@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Office Outlook 11
In-Reply-To: <4B4713B1.9050200@it.uc3m.es>
Thread-Index: AcqQU+J8of+g7CVaSauy7M4vObTDcgAMCZGQ
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3350
Cc: draft-haddad-mext-nat64-mobility-harmful@tools.ietf.org, 3gv6@ietf.org, 'Behave WG' <behave@ietf.org>
Subject: Re: [BEHAVE] [3gv6] DNS64 Resolvers and Dual-Stack Hosts, draft-wing-behave-dns64-config-00
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jan 2010 17:14:27 -0000

 

> -----Original Message-----
> From: marcelo bagnulo braun [mailto:marcelo@it.uc3m.es] 
> Sent: Friday, January 08, 2010 3:15 AM
> To: Behcet Sarikaya
> Cc: Dan Wing; 3gv6@ietf.org; Behave WG
> Subject: Re: [BEHAVE] [3gv6] DNS64 Resolvers and Dual-Stack 
> Hosts, draft-wing-behave-dns64-config-00
> 
> Behcet Sarikaya escribió:
> > Hi Dan,
> >   I read your draft. 
> > Looking from mobility point of view, I think that on page 
> 4, to the protocols that have trouble with NAT64, MIPv6 
> should be added. 
> >   
> 
> I don't think the problem is specific to MIPv6. the problem 
> is general 
> to any configuration that:
> - Does not use the Well know prefix (i.e. if the WK prefix is used, 
> there is no problem and everything works just fine)
> - The node is using a dns server that is not in the same 
> domain that the 
> NAT64 the node is connected too.

But well-known prefix does not 'just work' if the local network
is not operating a NAT64 at all.  For example, if the local
network is dual-stack, it has no reason to operate a NAT64.
But if the dual-stack host is pointing to an off-site DNS64, 
and that off-site DNS64 is returning synthesized AAAA records
containing the well-known prefix, the dual-stack host will
be unable to connect to anything without timing out and
falling back to IPv4.

> For example you could have the same problem if you are 
> connected to the local network that is providing NAT64 
> services and you decide to use a DNS server that is 
> located in a different domain.

Yes, we should encourage hosts to Not Do That with DNS64.


I just read draft-haddad-mext-nat64-mobility-harmful-00, and I believe the
problems described in its Section 3 could be resolved by the MN following the
recommendation of draft-savolainen-mif-dns-server-selection -- namely, only
use a DNS response on the same interface as the DNS response itself.  This
means that the DNS query should be sent over the same interface as the tunnel
interface (to the foreign network), and the response is only valid for that
same interface.  This can be difficult on many stacks, though (because many
stacks do not concern themselves with which interface received a DNS
response).  That difficulty can be eased if all the networks are using NAT64
with their own network-specific prefix (NSP, as described in
draft-ietf-behave-address-format), as the different NSP allows RFC3484 address
selection rules can choose the correct interface.

-d


> Regards, marcelo
> 
> > However the solutions you proposed would not be good for 
> MIPv6. That's the problem I have with your draft. I have not 
> followed related discussions on Behave list, maybe some 
> solutions have already been proposed there.
> >
> > Regards,
> >
> > Behcet
> >
> >
> >
> > ----- Original Message ----
> >   
> >> From: Dan Wing <dwing@cisco.com>
> >> To: 3gv6@ietf.org; Behave WG <behave@ietf.org>
> >> Sent: Thu, January 7, 2010 4:26:46 PM
> >> Subject: [3gv6] DNS64 Resolvers and Dual-Stack Hosts, 
> draft-wing-behave-dns64-config-00
> >>
> >> draft-wing-behave-dns64-config-00 should be of interest to 
> both 3Gv6 and
> >> BEHAVE.  The draft is related to recent threads on both 
> mailing lists
> >> discussing a DNS64 recursive resolver being used by a 
> dual-stack host.
> >>
> >> Abstract:
> >>   Some networks are expected to support IPv4-only, dual-stack, and
> >>   IPv6-only hosts at the same time.  Such networks also 
> want to IPv6/
> >>   IPv4 translation for the IPv6-only host so it can access 
> servers on
> >>   the IPv4 Internet.  On such a network, the synthesized 
> AAAA responses
> >>   from a DNS64 can cause traffic to be translated.  This document
> >>   describes two solutions to avoid that translation:  
> modifying default
> >>   address selection on the host, and using DHCP to 
> configure different
> >>   DNS recursive resolvers.
> >>
> >> http://tools.ietf.org/html/draft-wing-behave-dns64-config-00
> >>
> >> Comments welcome.
> >>
> >> -d
> >>
> >> _______________________________________________
> >> 3gv6 mailing list
> >> 3gv6@ietf.org
> >> https://www.ietf.org/mailman/listinfo/3gv6
> >>     
> >
> >
> >
> >       
> > _______________________________________________
> > Behave mailing list
> > Behave@ietf.org
> > https://www.ietf.org/mailman/listinfo/behave
> >
> >   
>

v2.23.0 | Report a Bug | By Email