Re: [DNSOP] draft-tale-dnsop-edns-clientid
"Peter van Dijk" <peter.van.dijk@powerdns.com> Fri, 31 March 2017 14:14 UTC
Return-Path: <peter.van.dijk@powerdns.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B82981294CF for <dnsop@ietfa.amsl.com>; Fri, 31 Mar 2017 07:14:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2NTRSh7_-ynl for <dnsop@ietfa.amsl.com>; Fri, 31 Mar 2017 07:14:12 -0700 (PDT)
Received: from shannon.7bits.nl (shannon.7bits.nl [IPv6:2a01:1b0:202:40::1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B8A541294C4 for <dnsop@ietf.org>; Fri, 31 Mar 2017 07:14:12 -0700 (PDT)
Received: from [192.168.137.1] (unknown [IPv6:2001:610:666:0:4835:5d5f:ecfb:87d3]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: peter) by shannon.7bits.nl (Postfix) with ESMTPSA id DCB74C1B96; Fri, 31 Mar 2017 16:14:10 +0200 (CEST)
From: Peter van Dijk <peter.van.dijk@powerdns.com>
To: dnsop@ietf.org
Date: Fri, 31 Mar 2017 16:14:10 +0200
Message-ID: <17AD16C0-BF51-474F-A55F-F9E0606E6AA5@powerdns.com>
In-Reply-To: <66A7BAE6-20EA-4E8B-B943-218A6439B40A@senki.org>
References: <22745.38650.113925.208670@gro.dd.org> <DB1F2A9F-1473-49D7-B0A0-FBD077B09CF9@powerdns.com> <66A7BAE6-20EA-4E8B-B943-218A6439B40A@senki.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Mailer: MailMate (1.9.6r5347)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/vVROEb3xkM8K9l2mDxqcPdfElpg>
Subject: Re: [DNSOP] draft-tale-dnsop-edns-clientid
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Mar 2017 14:14:16 -0000
On 28 Mar 2017, at 21:56, Barry Raveendran Greene wrote: >> On Mar 28, 2017, at 12:31 PM, Peter van Dijk >> <peter.van.dijk@powerdns.com> wrote: >> >> Please note that neither draft handles the use case of also passing >> the port number, which in a world of growing CGN deployment, may soon >> prove quite important. > > Can you elaborate? Both drafts (xpf and clientid) allow the resolver to identify the client even if the IP header does not provide enough information for it. xpf does this for the case of a generic proxy, clientid does it for that case plus the case of a CPE that does NAT but can pass on the client’s MAC or another token, allowing the resolver to identify the individual device at the customer. However, if the client to such a proxy is itself behind a CGN gateway, we may need both client IP + port number to identify the specific client. If the proxy only tells us the IP, we just know this might be any of a hundred different clients, because we do not have the port number that can help us distinguish these clients. Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/
- [DNSOP] draft-tale-dnsop-edns-clientid Dave Lawrence
- Re: [DNSOP] draft-tale-dnsop-edns-clientid Olafur Gudmundsson
- Re: [DNSOP] draft-tale-dnsop-edns-clientid Dave Lawrence
- Re: [DNSOP] draft-tale-dnsop-edns-clientid Ray Bellis
- Re: [DNSOP] draft-tale-dnsop-edns-clientid Peter van Dijk
- Re: [DNSOP] draft-tale-dnsop-edns-clientid Peter van Dijk
- Re: [DNSOP] draft-tale-dnsop-edns-clientid Barry Raveendran Greene
- Re: [DNSOP] draft-tale-dnsop-edns-clientid Dave Lawrence
- Re: [DNSOP] draft-tale-dnsop-edns-clientid Dave Lawrence
- Re: [DNSOP] draft-tale-dnsop-edns-clientid Ray Bellis
- Re: [DNSOP] draft-tale-dnsop-edns-clientid Dave Lawrence
- Re: [DNSOP] draft-tale-dnsop-edns-clientid Ray Bellis
- Re: [DNSOP] draft-tale-dnsop-edns-clientid Dave Lawrence
- Re: [DNSOP] draft-tale-dnsop-edns-clientid Bob Harold
- Re: [DNSOP] draft-tale-dnsop-edns-clientid Ray Bellis
- Re: [DNSOP] draft-tale-dnsop-edns-clientid Dave Lawrence
- Re: [DNSOP] draft-tale-dnsop-edns-clientid tjw ietf
- Re: [DNSOP] draft-tale-dnsop-edns-clientid Mark Andrews
- Re: [DNSOP] draft-tale-dnsop-edns-clientid Ray Bellis
- Re: [DNSOP] draft-tale-dnsop-edns-clientid Peter van Dijk
- Re: [DNSOP] draft-tale-dnsop-edns-clientid Peter van Dijk
- Re: [DNSOP] draft-tale-dnsop-edns-clientid Peter van Dijk