Re: [BEHAVE] Happy Eyeballs and DNS64 not sending synthetic AAAA RRs
Andrew Sullivan <ajs@anvilwalrusden.com> Fri, 05 August 2011 13:53 UTC
Return-Path: <ajs@anvilwalrusden.com>
X-Original-To: behave@ietfa.amsl.com
Delivered-To: behave@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B23C21F8661 for <behave@ietfa.amsl.com>; Fri, 5 Aug 2011 06:53:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.566
X-Spam-Level:
X-Spam-Status: No, score=-2.566 tagged_above=-999 required=5 tests=[AWL=0.033, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2WfehcoMPTe7 for <behave@ietfa.amsl.com>; Fri, 5 Aug 2011 06:53:00 -0700 (PDT)
Received: from mail.yitter.info (mail.yitter.info [208.86.224.201]) by ietfa.amsl.com (Postfix) with ESMTP id AF30E21F865B for <behave@ietf.org>; Fri, 5 Aug 2011 06:53:00 -0700 (PDT)
Received: from shinkuro.com (69-196-144-227.dsl.teksavvy.com [69.196.144.227]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.yitter.info (Postfix) with ESMTPSA id 581F81ECB41C for <behave@ietf.org>; Fri, 5 Aug 2011 13:53:18 +0000 (UTC)
Date: Fri, 05 Aug 2011 09:53:15 -0400
From: Andrew Sullivan <ajs@anvilwalrusden.com>
To: behave@ietf.org
Message-ID: <20110805135315.GG49271@shinkuro.com>
References: <916CE6CF87173740BC8A2CE443096962A6F825@008-AM1MPN1-037.mgdnok.nokia.com> <5667E655-22FD-483B-872C-73F9B8667EEC@viagenie.ca> <20110804190632.GJ38760@shinkuro.com> <018201cc52e4$901b9690$b052c3b0$@com> <DD056A31A84CFC4AB501BD56D1E14BBBA78E66@exchange.secure64.com> <025801cc5302$16353ed0$429fbc70$@com> <20110805131009.GD49271@shinkuro.com> <DD056A31A84CFC4AB501BD56D1E14BBBA78E75@exchange.secure64.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <DD056A31A84CFC4AB501BD56D1E14BBBA78E75@exchange.secure64.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: Re: [BEHAVE] Happy Eyeballs and DNS64 not sending synthetic AAAA RRs
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Aug 2011 13:53:01 -0000
On Fri, Aug 05, 2011 at 07:30:12AM -0600, Stephan Lagerholm wrote: > > Something like wing-behave-dns64-config is needed until all hosts supports > mif-dns-server-selection. Well, yes, except as you point out it's still at best going to be heuristic, because the technique in draft-wing-behave-dns64-config is quite likely to end up hitting the dns64 anyway. On a slightly different note, Dan, I wonder whether you want to include discussion of a DNSSEC wrinkle. Suppose someone uses the techniques in draft-wing-behave-dns64-config. If they want the upstream resolver to do DNSSEC for them, then there will be yet another problem. When a resolver sets DO=1 and CD=0 and the upstream resolver is validating, then a vaidation failure returns SERVFAIL. A host might reasonably query the next DNS server it has under those circumstances (there's a nasty attack here, of course, if your host has both validating and non-validating upstreams. Don't Do That). In this case, the upstream validation failure will cause the client to start asking the DNS64. Of course, as long as the DNS64 is also validating, it'll return SERVFAIL too, so it might not matter, but it might be worth noting. A -- Andrew Sullivan ajs@anvilwalrusden.com
- [BEHAVE] Happy Eyeballs and DNS64 not sending syn… teemu.savolainen
- Re: [BEHAVE] Happy Eyeballs and DNS64 not sending… Marc Blanchet
- Re: [BEHAVE] Happy Eyeballs and DNS64 not sending… teemu.savolainen
- Re: [BEHAVE] Happy Eyeballs and DNS64 not sending… Cameron Byrne
- Re: [BEHAVE] Happy Eyeballs and DNS64 not sending… Andrew Sullivan
- Re: [BEHAVE] Happy Eyeballs and DNS64 not sending… Dan Wing
- Re: [BEHAVE] Happy Eyeballs and DNS64 not sending… Stephan Lagerholm
- Re: [BEHAVE] Happy Eyeballs and DNS64 not sending… Dan Wing
- Re: [BEHAVE] Happy Eyeballs and DNS64 not sending… Andrew Sullivan
- Re: [BEHAVE] Happy Eyeballs and DNS64 not sending… Stephan Lagerholm
- Re: [BEHAVE] Happy Eyeballs and DNS64 not sending… Andrew Sullivan