Re: [DNSOP] AD sponsoring draft-cheshire-sudn-ipv4only-dot-arpa

Ted Lemon <mellon@fugue.com> Fri, 06 July 2018 00:28 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE5BA130E11 for <dnsop@ietfa.amsl.com>; Thu, 5 Jul 2018 17:28:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1Db5rQtXkf-o for <dnsop@ietfa.amsl.com>; Thu, 5 Jul 2018 17:28:46 -0700 (PDT)
Received: from mail-it0-x22f.google.com (mail-it0-x22f.google.com [IPv6:2607:f8b0:4001:c0b::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A1C7A130DE0 for <dnsop@ietf.org>; Thu, 5 Jul 2018 17:28:46 -0700 (PDT)
Received: by mail-it0-x22f.google.com with SMTP id u4-v6so14395570itg.0 for <dnsop@ietf.org>; Thu, 05 Jul 2018 17:28:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=A0a22+EybH+wVa+EWkzBykRZCTUpCKxTiTFJbnKoaYw=; b=TVtRd06KDxHkO3BXSIzVLMv8JmDwAdzosx8I9ak6y1dnEfP35QI8jjAB/8nMmqD+8n bjc/0M/stiyyIERU7LiVMtNT2vEUIX8GsXkmkbYCQ4zAWw82XQdlckgUJq9S5hkcTj6w PqIjZrm02qZcZvJ7SiuUGuVEpP9eSAtzcrr93AETliw2w66O8ooFkPwWFbTGkJSBmD7H 6eK4C38zbnrxI09McHtVmft/fj0aH85+pD23lht2Tfpmwd9B+Q8hmWPJkqci3qiW1snw fcTjFZ2Q5WI9JLuhr+2lV6WdBjiN4pOsyiy/fQ3ADgXp3xvM9nMqHTmJJfI9nNC1YEv/ +xOw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=A0a22+EybH+wVa+EWkzBykRZCTUpCKxTiTFJbnKoaYw=; b=XDcKmEFhd6KGIjJPNyfMFfaxU0H5aB6yiRmDd/N2KCVT1DUVRjbCr8bqD7SCITEOsu J3dGnGsc5MEMplyYyevw3ZipgdUoOAv2L85UIbVHZI4BznqDmJ79e3XDkfPwIH9DvxlY iD+aHeDdiNL0YI696TokYR/szqb6BljwaP+UnUnCxKkbP/g60EF0eXVSNn598+fa/opG X8rMuZSbZ26AdaHx6t+ml1hDXinN9xwyl1MgdmwsrhuKkQF7+ivDTIeCNJkQ3EANQfrf FthHsjllZn+1H4IDVcEq0FS0fgGkdYScGeUuNwg15IscaIKBeBs7JHdB5I3MCx4r4cEL uz3Q==
X-Gm-Message-State: APt69E3nKSqpR6liNu6RNw/521hYGEbpCyUWASgB+vtVoSWQ4OvoCdd3 6BmCiKJsR0lRfgJDy465ZXkxwEEfKOlCxll734EzkQ==
X-Google-Smtp-Source: AAOMgpefLQthQN0Qk+W11heTOPNF9sBU+uw2EDBLWIUSiM2YxQvgPRWQkgz+SGboyAe1pCNRvTVhonqvIv2m542tU38=
X-Received: by 2002:a02:4c9b:: with SMTP id q27-v6mr6484173jad.38.1530836925750; Thu, 05 Jul 2018 17:28:45 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a4f:5f86:0:0:0:0:0 with HTTP; Thu, 5 Jul 2018 17:28:05 -0700 (PDT)
In-Reply-To: <A61E2913-891E-4F14-82AF-A8A40F39F47F@isc.org>
References: <m1fb194-0000FpC@stereo.hq.phicoh.net> <A61E2913-891E-4F14-82AF-A8A40F39F47F@isc.org>
From: Ted Lemon <mellon@fugue.com>
Date: Thu, 5 Jul 2018 20:28:05 -0400
Message-ID: <CAPt1N1mavff_n9vA=TWCcXyf7FeBwcaeWHtnD4mKgiYoe9cmzg@mail.gmail.com>
To: Mark Andrews <marka@isc.org>
Cc: Philip Homburg <pch-dnsop-3@u-1.phicoh.com>, dnsop WG <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000002b353c057049bfec"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/8heq45v7Prl_M3u4XXX9pCG-zEI>
Subject: Re: [DNSOP] AD sponsoring draft-cheshire-sudn-ipv4only-dot-arpa
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Jul 2018 00:28:49 -0000

If special handling is required for ipv4only.arpa, isn't it also required
for home.arpa?   I tested this a bit and it doesn't appear to be necessary.
  I suppose a stub resolver could in principle walk down from the root and
notice the discrepancy in the NS records in the delegation, but in practice
they don't do this, because it's not necessary: if it were intended that
the zone be secure, it would be signed and have a signed delegation.

On Thu, Jul 5, 2018 at 6:37 PM, Mark Andrews <marka@isc.org> wrote:

> Most of the special handling could be avoided if IANA was instructed to
> run the servers for ipv4only.arpa on dedicated addresses. Hosts routes
> could then be installed for those address that redirect traffic for
> ipv4only.arpa to the ISP’s DNS64/ipv4only.arpa server.
>
> Perhaps 2 address blocks could be allocated for this purpose. One for ipv4
> and one for ipv6.
>
> --
> Mark Andrews
>
> On 5 Jul 2018, at 20:05, Philip Homburg <pch-dnsop-3@u-1.phicoh.com>
> wrote:
>
> >> draft-cheshire-sudn-ipv4only-dot-arpa document
> >
> > Section 7.1:
> > "Name resolution APIs and libraries MUST recognize 'ipv4only.arpa' as
> > "special and MUST give it special treatment.
> >
> > It seems to me that it is going way to far to require all DNS software to
> > implement support for a hack that abuses DNS for configuration
> management of
> > a rather poor IPv4 transition technology.
> >
> > I think the more obvious approach is to formally deprecate RFC 7050 and
> > require nodes that need to do NAT64 address synthesis use one of the
> other
> > methods for obtaining the NAT64 prefix.
> >
> > The only part of the draft that makes sense to me is to make
> ipv4only.arpa
> > an insecure delegation.
> >
> > Any other problems are better solved by deprecating RFC 7050.
> >
> > _______________________________________________
> > DNSOP mailing list
> > DNSOP@ietf.org
> > https://www.ietf.org/mailman/listinfo/dnsop
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
>