Re: [DNSOP] New Version Notification for draft-bellis-dnsop-xpf-00.txt

"Peter van Dijk" <peter.van.dijk@powerdns.com> Fri, 10 February 2017 13:26 UTC

Return-Path: <peter.van.dijk@powerdns.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B6071298BC for <dnsop@ietfa.amsl.com>; Fri, 10 Feb 2017 05:26:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ra0rXy7YLYqn for <dnsop@ietfa.amsl.com>; Fri, 10 Feb 2017 05:26:03 -0800 (PST)
Received: from shannon.7bits.nl (shannon.7bits.nl [IPv6:2a01:1b0:202:40::1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C7A81296F8 for <dnsop@ietf.org>; Fri, 10 Feb 2017 05:26:03 -0800 (PST)
Received: from [192.168.137.1] (095-096-086-198.static.chello.nl [95.96.86.198]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: peter) by shannon.7bits.nl (Postfix) with ESMTPSA id BBAF2C1B96; Fri, 10 Feb 2017 14:26:01 +0100 (CET)
From: "Peter van Dijk" <peter.van.dijk@powerdns.com>
To: dnsop@ietf.org
Date: Fri, 10 Feb 2017 14:26:00 +0100
Message-ID: <D6DCB1E5-026A-47BE-A3DA-033209D07C83@powerdns.com>
In-Reply-To: <3a687531-932a-c88b-8f9c-2d8ca4df0433@bellis.me.uk>
References: <148371232017.17418.17291340320637379369.idtracker@ietfa.amsl.com> <dab36e0b-81a5-e9cc-0a07-416061ce9b74@isc.org> <54C32FCA-8248-441A-9D44-9EEFEB1F00E5@verisign.com> <af8e10d1-1b39-dd86-a131-198bfde80076@bellis.me.uk> <A719BB79-A018-4C15-B9DD-F0E032D11123@powerdns.com> <3a687531-932a-c88b-8f9c-2d8ca4df0433@bellis.me.uk>
MIME-Version: 1.0
Content-Type: text/plain; format=flowed
X-Mailer: MailMate (1.9.6r5344)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/VndD-DuKGkb-F6pvrYCQXDQHzlY>
Subject: Re: [DNSOP] New Version Notification for draft-bellis-dnsop-xpf-00.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Feb 2017 13:26:04 -0000

Hello Ray,

On 10 Feb 2017, at 14:12, Ray Bellis wrote:

> On 10/02/2017 12:52, Peter van Dijk wrote:
>
>> Can you please consider adding a port number field?
>
> I see where you're coming from, but I'm not inclined to add it (yet) 
> for
> a couple of reasons:
>
> 1.  CGNAT is evil ;-)

You have my full agreement on that! However, it is also a reality that 
we have to deal with today.

> 2.  If I add this, then folks will want other transport related fields
>    (indeed I already had at least one other person suggest this).

I suggest weighing every such request individually - saying yes to ports 
is no reason to say yes to something else :)

> Are the server side ACLs etc that need to be able to identify the 
> client
> so fine grained that they'd really give different treatment to 
> different
> clients arriving from the same CGN IP address?

Sadly, yes. In ISP networks, there may be policy differences per 
subscriber, and given CGNAT the DNS server can only identify the 
subscribers by their IP+port.

> This is probably something that the WG should consider if (or 
> hopefully
> when) this becomes a WG item.

I encourage WG adoption in any case!

Kind regards,
-- 
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/