Re: [DNSOP] AD sponsoring draft-cheshire-sudn-ipv4only-dot-arpa

Mark Andrews <marka@isc.org> Thu, 05 July 2018 22:38 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F873130DC0 for <dnsop@ietfa.amsl.com>; Thu, 5 Jul 2018 15:38:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level:
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 77yt_IOtCUNI for <dnsop@ietfa.amsl.com>; Thu, 5 Jul 2018 15:37:58 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.64.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 74CD712777C for <dnsop@ietf.org>; Thu, 5 Jul 2018 15:37:58 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 620AB3AB05E; Thu, 5 Jul 2018 22:37:58 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id F09D8160044; Thu, 5 Jul 2018 22:37:57 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id D5638160045; Thu, 5 Jul 2018 22:37:57 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 9oPrZoXxUtFh; Thu, 5 Jul 2018 22:37:57 +0000 (UTC)
Received: from [10.2.26.232] (unknown [120.17.2.3]) by zmx1.isc.org (Postfix) with ESMTPSA id 89E44160044; Thu, 5 Jul 2018 22:37:57 +0000 (UTC)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (1.0)
From: Mark Andrews <marka@isc.org>
X-Mailer: iPhone Mail (15F79)
In-Reply-To: <m1fb194-0000FpC@stereo.hq.phicoh.net>
Date: Fri, 6 Jul 2018 08:37:51 +1000
Cc: dnsop@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <A61E2913-891E-4F14-82AF-A8A40F39F47F@isc.org>
References: <m1fb194-0000FpC@stereo.hq.phicoh.net>
To: Philip Homburg <pch-dnsop-3@u-1.phicoh.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/W8NR-e1buJ8n1kVqH4cXoZVWI4g>
Subject: Re: [DNSOP] AD sponsoring draft-cheshire-sudn-ipv4only-dot-arpa
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Jul 2018 22:38:01 -0000

Most of the special handling could be avoided if IANA was instructed to run the servers for ipv4only.arpa on dedicated addresses. Hosts routes could then be installed for those address that redirect traffic for ipv4only.arpa to the ISP’s DNS64/ipv4only.arpa server. 

Perhaps 2 address blocks could be allocated for this purpose. One for ipv4 and one for ipv6. 

-- 
Mark Andrews

On 5 Jul 2018, at 20:05, Philip Homburg <pch-dnsop-3@u-1.phicoh.com> wrote:

>> draft-cheshire-sudn-ipv4only-dot-arpa document
> 
> Section 7.1:
> "Name resolution APIs and libraries MUST recognize 'ipv4only.arpa' as
> "special and MUST give it special treatment. 
> 
> It seems to me that it is going way to far to require all DNS software to
> implement support for a hack that abuses DNS for configuration management of
> a rather poor IPv4 transition technology.
> 
> I think the more obvious approach is to formally deprecate RFC 7050 and
> require nodes that need to do NAT64 address synthesis use one of the other
> methods for obtaining the NAT64 prefix.
> 
> The only part of the draft that makes sense to me is to make ipv4only.arpa
> an insecure delegation. 
> 
> Any other problems are better solved by deprecating RFC 7050.
> 
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop