[Hipsec-rg] HIT-to-IP mapping presentation follow-up

oleg.ponomarev at hiit.fi (Oleg Ponomarev) Wed, 01 April 2009 15:51 UTC

From: "oleg.ponomarev at hiit.fi"
Date: Wed, 01 Apr 2009 18:51:11 +0300
Subject: [Hipsec-rg] HIT-to-IP mapping presentation follow-up
In-Reply-To: <018901c9aeac$2c985b00$a80c6f0a@china.huawei.com>
References: <alpine.LFD.2.00.0903262218150.29600@stargazer.pc.infrahip.net> <018901c9aeac$2c985b00$a80c6f0a@china.huawei.com>
Message-ID: <alpine.LFD.2.00.0904011832070.29600@stargazer.pc.infrahip.net>

Hi! On Fri, 27 Mar 2009, Xuewei Wang wrote:

Thank you for your question and for your patience.

> As for a request for EXAMPLE.COM. AAAA ,
> DNS has the following RRs:
> EXAMPLE.COM.?? HIP?? 2001...5678
> EXAMPLE.COM.?? A??????
> 2001...5678????????? A??????

> but the reply is? EXAMPLE.COM.?AAAA 2001....5678 ,?perhaps this is for 
> the leagcy application, however, ?how this RR produced?

The DNS proxy queries HIP RR on behalf of the legacy application, and if 
it is found replies with HIT (2001:...:5678) in AAAA data to the 

>?the current DNS policy should reply A RR in additional section, or you
> need to change DNS policy to make DNS reply HIP RR when requesting AAAA RR?

The HIP DNS proxy gives only HIT's and LSI's in AAAA/A to the application, 
not the usual IP/IPv6 addresses, so the application would send its data 
over HIP.

> And if the DNS have the following RR:
> EXAMPLE.COM.?? HIP?? 2001...5678
> EXAMPLE.COM.?? AAAA???? 2001:DB8::1
> How would the reply?
> Directly reply the EXAMPLE.COM.? AAAA 2001....5678? or? 
> EXAMPLE.COM.??AAAA??2001:DB8::1 ?

The application gets "EXAMPLE.COM.? AAAA 2001....5678", but when it sends 
a packet to 2001....5678, it would be HIP-encapsulated and sent to 

Regards, Oleg.