Re: [dnsext] afasterinternet.com trial and draft-vandergaast-edns-client-subnet-00
Wilmer van der Gaast <wilmer@google.com> Wed, 31 August 2011 14:17 UTC
Return-Path: <wilmer@google.com>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1203721F8B5E for <dnsext@ietfa.amsl.com>; Wed, 31 Aug 2011 07:17:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.977
X-Spam-Level:
X-Spam-Status: No, score=-105.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SS-UNuMXeBQh for <dnsext@ietfa.amsl.com>; Wed, 31 Aug 2011 07:17:19 -0700 (PDT)
Received: from smtp-out.google.com (smtp-out.google.com [216.239.44.51]) by ietfa.amsl.com (Postfix) with ESMTP id 10B4321F8AB9 for <dnsext@ietf.org>; Wed, 31 Aug 2011 07:17:18 -0700 (PDT)
Received: from hpaq14.eem.corp.google.com (hpaq14.eem.corp.google.com [172.25.149.14]) by smtp-out.google.com with ESMTP id p7VEIgKf015219 for <dnsext@ietf.org>; Wed, 31 Aug 2011 07:18:44 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1314800325; bh=SUOCl3/cbLYTiLfmTZYSu5k+Hfw=; h=MIME-Version:In-Reply-To:References:Date:Message-ID:Subject:From: To:Cc:Content-Type:Content-Transfer-Encoding; b=Iy8b5hIEoDJPa3PzS7YMdhSLXyb0MsTjO83scnfrDlCK7gIHnJCCAzC/IybYJTBge VGQwcM+a90pvhLHKwGhEg==
DomainKey-Signature: a=rsa-sha1; s=beta; d=google.com; c=nofws; q=dns; h=dkim-signature:mime-version:in-reply-to:references:date: message-id:subject:from:to:cc:content-type: content-transfer-encoding:x-system-of-record; b=kNog4s2EGnikPDAZmuJH+q6QGm03wcSAtD+ITRuACqmWTT2xelF8EDRbTso3o7FJ6 XVpEJhUtmxGJBo3DPcBUg==
Received: from ywf9 (ywf9.prod.google.com [10.192.6.9]) by hpaq14.eem.corp.google.com with ESMTP id p7VEIT0G005107 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT) for <dnsext@ietf.org>; Wed, 31 Aug 2011 07:18:41 -0700
Received: by ywf9 with SMTP id 9so824300ywf.32 for <dnsext@ietf.org>; Wed, 31 Aug 2011 07:18:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=beta; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=95cxsw1lTEyr/br9e86z4FAAWPri74EYyyNUvO1Herc=; b=VjXLJPtNHvjOqe/ATjwRrS/o2ES/rVp94kcnb9WKne+2X4NrW+GsMwcJYbq4shDBjZ /g8fhN9Ntgi2svaPxbAQ==
Received: by 10.101.164.25 with SMTP id r25mr109840ano.10.1314800320915; Wed, 31 Aug 2011 07:18:40 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.101.164.25 with SMTP id r25mr109830ano.10.1314800320610; Wed, 31 Aug 2011 07:18:40 -0700 (PDT)
Received: by 10.100.124.10 with HTTP; Wed, 31 Aug 2011 07:18:40 -0700 (PDT)
In-Reply-To: <20110831005457.GA459@debian>
References: <20110830162134.GB84494@shinkuro.com> <CAMbvoa+nh5k8eOA-XRwBD5oxm17+=Q4gCagq0OBS5OEQX=g1sw@mail.gmail.com> <7CA8194350F4804F8DF6CAF3@nimrod.local> <CAAF6GDe91Yrd7+RAv8QzcoL2u2eUxff3zJFb+_joOdrOrO5Viw@mail.gmail.com> <20110831005457.GA459@debian>
Date: Wed, 31 Aug 2011 15:18:40 +0100
Message-ID: <CAMbvoaJec9GGiwM_A_0OORM=uz9ujN1D8viChtWWgv40bVR2JA@mail.gmail.com>
From: Wilmer van der Gaast <wilmer@google.com>
To: Jaidev Sridhar <mail@jaidev.info>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
X-System-Of-Record: true
Cc: dnsext@ietf.org, draft-vandergaast-edns-client-subnet@tools.ietf.org
Subject: Re: [dnsext] afasterinternet.com trial and draft-vandergaast-edns-client-subnet-00
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Aug 2011 14:17:20 -0000
Hello Jaidev, 2011/8/31 Jaidev Sridhar <mail@jaidev.info>: > > Reading through the draft, I have a question about the NAT section which > says: > [..] I just realised, after looking through our revision history, that we haven't made any changes to the NAT section since edns-client-ip-00 (i.e. January 2010). Since then we have made some changes to transitive behaviour so there are definitely some contradictions to be found here. The original purpose of the section was to sum up some things that may seem clever but should not be done. > I understand why one wouldn't want NAT devices to change a client subnet > address (testing, anonymizer, etc.) but why does the draft say a NAT > device _MUST_ not add a client subnet option? > I think the original idea here was "the recursive resolver will, if it wants, add an edns-client-subnet option using the source IP it sees" -=> there should be no need for a NAT device to do it, and generally I do still think a NAT device shouldn't try to be smarter than necessary. > Note that Authoritative Nameservers or Recursive Resolvers can still > provide an optimized reply by looking at the source IP of the query. > > When the recursive resolver is behind NAT, the authoritative nameserver > will only know the address of the NAT device, which will not be useful > for geo-location at all with big-bad-NATs. > > Any reason for NAT being excluded this way? > See the explanation above. Thank you for your reminder here, not updating the NAt section at all was definitely an oversight, we'll rewrite it for edns-client-subnet-01. The big-bad-NAT use case is also not a scenario we thought of so far. It's also a pretty hard one to support without putting a lot of additional intelligence into resolvers (i.e. a mapping of internal IP addresses to their external equivalents). I'd like to know if any implementor is actually willing to implement that. Cheers, -- Wilmer van der Gaast, Traffic SRE/Google Public DNS team. Google Ireland.
- [dnsext] afasterinternet.com trial and draft-vand… Andrew Sullivan
- Re: [dnsext] afasterinternet.com trial and draft-… Wilmer van der Gaast
- Re: [dnsext] afasterinternet.com trial and draft-… Alex Bligh
- Re: [dnsext] afasterinternet.com trial and draft-… Colm MacCárthaigh
- Re: [dnsext] afasterinternet.com trial and draft-… Andrew Sullivan
- Re: [dnsext] afasterinternet.com trial and draft-… Colm MacCárthaigh
- Re: [dnsext] afasterinternet.com trial and draft-… Matthew Dempsky
- Re: [dnsext] afasterinternet.com trial and draft-… Matt McCutchen
- Re: [dnsext] afasterinternet.com trial and draft-… Alex Bligh
- Re: [dnsext] afasterinternet.com trial and draft-… Alex Bligh
- [dnsext] a lightweight process for assigning EDNS… Jim Reid
- Re: [dnsext] afasterinternet.com trial and draft-… SM
- Re: [dnsext] afasterinternet.com trial and draft-… Andrew Sullivan
- Re: [dnsext] a lightweight process for assigning … Livingood, Jason
- Re: [dnsext] afasterinternet.com trial and draft-… Wilmer van der Gaast
- Re: [dnsext] afasterinternet.com trial and draft-… Wilmer van der Gaast
- Re: [dnsext] afasterinternet.com trial and draft-… Andrew Sullivan
- Re: [dnsext] afasterinternet.com trial and draft-… Wilmer van der Gaast
- Re: [dnsext] afasterinternet.com trial and draft-… Ted Hardie
- Re: [dnsext] afasterinternet.com trial and draft-… Ted Hardie
- Re: [dnsext] afasterinternet.com trial and draft-… Andrew Sullivan
- Re: [dnsext] afasterinternet.com trial and draft-… Andrew Sullivan
- Re: [dnsext] afasterinternet.com trial and draft-… Ted Hardie
- Re: [dnsext] afasterinternet.com trial and draft-… Andrew Sullivan
- Re: [dnsext] afasterinternet.com trial and draft-… Masataka Ohta
- Re: [dnsext] afasterinternet.com trial and draft-… Alex Bligh
- Re: [dnsext] afasterinternet.com trial and draft-… Marc Lampo
- Re: [dnsext] afasterinternet.com trial and draft-… Tony Finch
- Re: [dnsext] afasterinternet.com trial and draft-… Jaidev Sridhar
- Re: [dnsext] afasterinternet.com trial and draft-… Phillip Hallam-Baker
- Re: [dnsext] a lightweight process for assigning … Phillip Hallam-Baker
- Re: [dnsext] a lightweight process for assigning … Nicholas Weaver
- Re: [dnsext] a lightweight process for assigning … Phillip Hallam-Baker
- Re: [dnsext] afasterinternet.com trial and draft-… Wilmer van der Gaast
- Re: [dnsext] afasterinternet.com trial and draft-… Wilmer van der Gaast
- Re: [dnsext] afasterinternet.com trial and draft-… SM
- Re: [dnsext] afasterinternet.com trial and draft-… Martin Barry
- [dnsext] Address privacy (was Re: afasterinternet… Masataka Ohta
- Re: [dnsext] afasterinternet.com trial and draft-… Marc Lampo
- Re: [dnsext] afasterinternet.com trial and draft-… Tony Finch
- Re: [dnsext] afasterinternet.com trial and draft-… Florian Weimer
- Re: [dnsext] afasterinternet.com trial and draft-… Edward Lewis
- Re: [dnsext] Address privacy (was Re: afasterinte… SM
- Re: [dnsext] afasterinternet.com trial and draft-… Ted Hardie
- Re: [dnsext] afasterinternet.com trial and draft-… Ted Hardie
- Re: [dnsext] afasterinternet.com trial and draft-… Nicholas Weaver
- Re: [dnsext] afasterinternet.com trial and draft-… Nicholas Weaver
- Re: [dnsext] afasterinternet.com trial and draft-… Ted Hardie
- Re: [dnsext] afasterinternet.com trial and draft-… Nicholas Weaver
- Re: [dnsext] afasterinternet.com trial and draft-… Ted Hardie
- Re: [dnsext] afasterinternet.com trial and draft-… Martin Barry
- Re: [dnsext] afasterinternet.com trial and draft-… bmanning
- Re: [dnsext] afasterinternet.com trial and draft-… Phillip Hallam-Baker
- Re: [dnsext] Address privacy (was Re: afasterinte… Masataka Ohta
- Re: [dnsext] afasterinternet.com trial and draft-… Wilmer van der Gaast
- Re: [dnsext] Address privacy (was Re: afasterinte… SM