[DNSOP] FWD: Document Action: '6to4 Reverse DNS Delegation Specification' to Informational RFC
Peter Koch <pk@DENIC.DE> Mon, 04 February 2008 21:29 UTC
Return-Path: <dnsop-bounces@ietf.org>
X-Original-To: ietfarch-dnsop-archive@core3.amsl.com
Delivered-To: ietfarch-dnsop-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 682473A70A8; Mon, 4 Feb 2008 13:29:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.248
X-Spam-Level:
X-Spam-Status: No, score=-6.248 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35, NORMAL_HTTP_TO_IP=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from core3.amsl.com ([127.0.0.1]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 31XQPDt2Xy1z; Mon, 4 Feb 2008 13:29:55 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3F2B33A6C4F; Mon, 4 Feb 2008 13:29:55 -0800 (PST)
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 982BE3A6C4F for <dnsop@core3.amsl.com>; Mon, 4 Feb 2008 13:29:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from core3.amsl.com ([127.0.0.1]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QDRGP5BM6C11 for <dnsop@core3.amsl.com>; Mon, 4 Feb 2008 13:29:53 -0800 (PST)
Received: from smtp.denic.de (smtp.denic.de [81.91.161.3]) by core3.amsl.com (Postfix) with ESMTP id 8FFCA3A6A78 for <dnsop@ietf.org>; Mon, 4 Feb 2008 13:29:53 -0800 (PST)
Received: from mail-int1.denic.de (mail-int1.denic.de [192.168.0.45]) by smtp.denic.de with esmtp id 1JM8uT-0002oN-0B; Mon, 04 Feb 2008 22:31:25 +0100
Received: from localhost by mail-int1.denic.de with local id 1JM8uS-0006AG-00; Mon, 04 Feb 2008 22:31:24 +0100
Date: Mon, 04 Feb 2008 22:31:24 +0100
From: Peter Koch <pk@DENIC.DE>
To: IETF DNSOP WG <dnsop@ietf.org>
Message-ID: <20080204213124.GG6119@denics7.denic.de>
Mime-Version: 1.0
Content-Disposition: inline
User-Agent: Mutt/1.4i
Subject: [DNSOP] FWD: Document Action: '6to4 Reverse DNS Delegation Specification' to Informational RFC
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <http://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <http://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dnsop-bounces@ietf.org
Errors-To: dnsop-bounces@ietf.org
Dear WG, FYI, draft-huston-6to4-reverse-dns-07.txt, reviewed here upon request of the IAB, was approved by the IESG. Thanks a lot to all involved! -Peter ----- Forwarded message from The IESG <iesg-secretary@ietf.org> ----- From: The IESG <iesg-secretary@ietf.org> To: IETF-Announce <ietf-announce@ietf.org> Cc: Internet Architecture Board <iab@iab.org>, RFC Editor <rfc-editor@rfc-editor.org> Subject: Document Action: '6to4 Reverse DNS Delegation Specification' to Informational RFC Date: Tue, 22 Jan 2008 17:35:54 -0500 The IESG has approved the following document: - '6to4 Reverse DNS Delegation Specification ' <draft-huston-6to4-reverse-dns-07.txt> as an Informational RFC This document has been reviewed in the IETF but is not the product of an IETF Working Group. The IESG contact person is Ron Bonica. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-huston-6to4-reverse-dns-07.txt Technical Summary This document describes the service mechanism for requesting and maintaining a delegation for the DNS reverse mapping of 6to4 IPv6 address space within the 2.0.0.2.ip6.arpa domain via an automated interface. Publication Requested was in Oct 24. However, it fell through the cracks as it was not added to the tracker when the publication request was sent to the secretariat. ---- Working Group Summary The dnsop WG reviewed this document on request of the IAB. Document Quality The service is operational as described and is provided by the NRO. The 2.0.0.2.ip6.arpa zone contains several hundred delegations. --------- RFC Editor Note: Please add the following text to the Security Considerations section: For a general threat analysis of 6to4, especially the additional risk of address spoofing in 2002::/16, see [RFC3964]. Section 4 notes that the local site administrator could take appropriate access control measures to prevent clients inside a 6to4 site performing unauthorized changes to the delegation details. This may be in the form of a firewall configuration regarding control of access to the service from the interior of 6to4 site, or a similar mechanism that enforces local access policies. ----------------- Another RFC Editor Note: Current text The potential issues with this structure include: ... o IPv4 DHCP-based 6to4 sites, or any 6to4 site that uses dynamically-assigned external IPv4 interface addresses, could inherit nonsense reverse entries created by previous users of the dynamically assigned address. In this case the client site could request delegation of the reverse zone as required. Proposed text The potential issues with this structure include: ... o IPv4 DHCP-based 6to4 sites, or any 6to4 site that uses dynamically-assigned external IPv4 interface addresses, could inherit nonsense reverse entries created by previous users of the dynamically assigned address. In this case the client site could request delegation of the reverse zone as required. More generally, given the potential for inheritance of 'stale' reverse DNS information in this context, in those cases where the issues of potential inheritance of 'stale' reverse DNS information is a concern, it is recommended that a 6to4 site either use a static IPv4 address in preference to a dynamically-assigned address, or ensure that the reverse delegation information is updated using the service mechanism described here upon each dyanamic address assignment event. _______________________________________________ DNSOP mailing list DNSOP@ietf.org http://www.ietf.org/mailman/listinfo/dnsop