[Doh] DNS64 and DOH
Erik Nygren <erik+ietf@nygren.org> Sun, 18 March 2018 19:20 UTC
Return-Path: <nygren@gmail.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48FBB129C6D for <doh@ietfa.amsl.com>; Sun, 18 Mar 2018 12:20:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IRRxWzHyXbxG for <doh@ietfa.amsl.com>; Sun, 18 Mar 2018 12:20:37 -0700 (PDT)
Received: from mail-io0-x22b.google.com (mail-io0-x22b.google.com [IPv6:2607:f8b0:4001:c06::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4695B1270A0 for <doh@ietf.org>; Sun, 18 Mar 2018 12:20:37 -0700 (PDT)
Received: by mail-io0-x22b.google.com with SMTP id y128so811106iod.4 for <doh@ietf.org>; Sun, 18 Mar 2018 12:20:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:from:date:message-id:subject:to; bh=WGYduFJj91AGsoSftkmy3Wac1q+UlUCm2J26A50Aox8=; b=t3C3TAHFZm791r7JtJnfTZ21JPPdTpdZ9jSEH4Jw81EkyY5xU0ZhaOc7e7r6EEy/AY /Lrq12kSuvi4Oi5M4YVVBOyLrfsbYG4R3+uy3gPquXgpuArQb6kKSZnppjb/15+vrKYx 25ElA7IUfoy9KLwKBeueF2xybFOMUOa/6D9MAlOdghIlAd2qZGfuCxB1zAwsvb2b2GRU 1i1i6y5fir7m6CulSHM8VU+GeK5/T4ZgPXmw7Io4zUcZX0A3b+PZ8ZAF9E5cRWMNPM8+ dAnQYJyWBLU37j+Pmgws4Bc3fzaz9/vQsQ+3A6fKWXQHjfnsIKhPWgs6grFfUW7zo+ij Vy/A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:from:date:message-id:subject :to; bh=WGYduFJj91AGsoSftkmy3Wac1q+UlUCm2J26A50Aox8=; b=oezhBOkKnZ17YbJ17nnc6HtsXoMrYTDXYv0XNSNpxaA0RlI9Zt05hhbM8Lojt9Uc4e GKa72pqjx87zrRTbjIU8lluk54bN2pkMrFuIcVqL0kB0KNzpPVHRqN2xAMvKbmUXDQcV l8Bgb6jDJansz4YtcPUPj9bnGDVXK3VrNhLMyplV3+uuezyCROGr54TA4yLLAa8gN6wd PZML1gK8h/bk3zwIn/x08EHEBfBIqPGQyRly7hB5agO5Bzy+1QIXfquuxBH3buicvf5b XtVw3RJDtDuNMj0URA6VDfzLTYDyrOnkV/VWSiZaj4bWqB8PCoKySuEkfl7JwW3DJ7Ta U2Sw==
X-Gm-Message-State: AElRT7HdHrvnisphjQmvKFt3lwQsbXQzRgqGDVSBvQIszYm4LxYMuizh Q7BsFiIMn6OaOB3zomrDXKZqrhyX3ZqkYJKyhI08JbwR
X-Google-Smtp-Source: AG47ELtH7MFvNLtdqBYLKjLHbDrNGW4Igsie/LGx0xZ1r+IYjkIfSDUUrGs74utIJb/9VW7wFnREB0UaAwhFJvW4+to=
X-Received: by 10.107.166.209 with SMTP id p200mr5201182ioe.214.1521400836252; Sun, 18 Mar 2018 12:20:36 -0700 (PDT)
MIME-Version: 1.0
Sender: nygren@gmail.com
Received: by 10.79.161.219 with HTTP; Sun, 18 Mar 2018 12:20:35 -0700 (PDT)
From: Erik Nygren <erik+ietf@nygren.org>
Date: Sun, 18 Mar 2018 19:20:35 +0000
X-Google-Sender-Auth: uZnID0eqXC0hg_1r69RED7a0c1E
Message-ID: <CAKC-DJjtHE89A=vG5iS_0M_jqnWusDUDnwyernd+FC1VxxmU5Q@mail.gmail.com>
To: doh@ietf.org, Jordi Palet Martinez <jordi.palet@consulintel.es>, Lee Howard <lee@asgard.org>
Content-Type: multipart/alternative; boundary="001a1141457a67e74a0567b4bc6d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/x8UWXP7HifZO7x5GVLu4bijY82M>
Subject: [Doh] DNS64 and DOH
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Mar 2018 19:20:39 -0000
In reading through the dns-over-https draft I'm wondering if we should have some better coverage of DNS64 which is becoming widely deployed in some mobile environments. (See https://tools.ietf.org/html/draft-palet-v6ops-nat64-deployment-00 for some discussions which is on the v6ops agenda for this week.) Thinking some about this (and general IPv6-only deployments): * The section mentioning using IP literals as DOH service end-points may wish to point out the risk that this may have challenges due to mixtures of IPv6-only, dual-stacked, and IPv4-only environments. * It would be good to add a section on how applications using DOH may wish to handle "A" lookups in DNS64 environments. In particular, to do the DNS64-synthesis and construction in the client when no AAAA record is available and when a NAT64 prefix is available through a mechanism such as: RFC 7050 - Discovery of the IPv6 Prefix Used for IPv6 Address Synthesis, RFC 7225 - Discovering NAT64 IPv6 Prefixes Using the Port Control Protocol (PCP) Doing the synthesis in the client seems preferable over trying to get the server to do synthesis with the proper prefix in most scenarios, plus in cases where the client is using the results directly this will get around some of the DNSSEC issues. At least for mobile, not using DNS64 synthesis in the client will likely result in this either breaking the client in NAT64 environments or causing something lower in the stack to do the equivalent (a 464xlat CLAT on Android or bump-in-the-API on iOS). Erik
- [Doh] DNS64 and DOH Erik Nygren
- Re: [Doh] DNS64 and DOH Stephane Bortzmeyer
- Re: [Doh] DNS64 and DOH Jim Reid
- Re: [Doh] DNS64 and DOH Patrick McManus
- Re: [Doh] [Ext] DNS64 and DOH Paul Hoffman
- Re: [Doh] [Ext] DNS64 and DOH Andrew Sullivan
- Re: [Doh] [Ext] DNS64 and DOH Ben Schwartz
- Re: [Doh] DNS64 and DOH Lee Howard
- Re: [Doh] [Ext] DNS64 and DOH Andrew Sullivan
- Re: [Doh] [Ext] DNS64 and DOH Jim Reid
- Re: [Doh] DNS64 and DOH Lee Howard
- Re: [Doh] DNS64 and DOH JORDI PALET MARTINEZ