Re: [homenet] RFC: dhcpv4 to slaac DNS naming scheme
Lorenzo Colitti <lorenzo@google.com> Sat, 15 February 2014 02:19 UTC
Return-Path: <lorenzo@google.com>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28FC61A02E0 for <homenet@ietfa.amsl.com>; Fri, 14 Feb 2014 18:19:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.926
X-Spam-Level:
X-Spam-Status: No, score=-1.926 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.548, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GUMCbv1ygfnu for <homenet@ietfa.amsl.com>; Fri, 14 Feb 2014 18:19:18 -0800 (PST)
Received: from mail-ob0-x233.google.com (mail-ob0-x233.google.com [IPv6:2607:f8b0:4003:c01::233]) by ietfa.amsl.com (Postfix) with ESMTP id B4FF81A005F for <homenet@ietf.org>; Fri, 14 Feb 2014 18:19:18 -0800 (PST)
Received: by mail-ob0-f179.google.com with SMTP id wo20so14707472obc.24 for <homenet@ietf.org>; Fri, 14 Feb 2014 18:19:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=5FhvoX0s7bu5cgtdjb6YyfcdhjO5ckasIgwP1Nwhq9w=; b=eAAVJWHNT+O0DvbxNFqi9daOD8Lgjc52JbtMN26NtqAn9yOwn19dhi4HQQe6P6ynAK JzGNlCnvQ4vcBdWVTbR5mDdyeQ1X3IDZcb6lpKtOBvN9mRi1z23WVjYxo5PaRBrtijBi p83CstN2za3/nKVFmKCOuHmFbxjyQTdGrCg57selyHUkQd65I2QHcEQwTKrXDZjzjySz re9r7rKGoBya5A4VH+YPDs8Iq1n7ml//Ty91nB1HRA4c0+W0PTNgzX5KWATKLa+kSN2t 0vjg2aj3mlyC60iwKD6dpa70Dp5zsJyJTVub6MgTVxYO5AmTx0+xBbXUKRql2a0b/TXd crXg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=5FhvoX0s7bu5cgtdjb6YyfcdhjO5ckasIgwP1Nwhq9w=; b=RWMOXJK1cl1MNLGZcu6WzASVhhmFQkoiXA0oV1QOKCO2FM3evKWVKqRKsnYq+hBUof 88SaoSoGP1wY698cwBIMO/K2veKUibsWGD8Ahh6aVvlCyasD2+WrFKwv0k+ABUd1ZSRh paLIVVLMKOSGwuNN0ImJHj6roDrGSvoL/z/NJsKAU6VuGleLtSsR9iI/OckE076BUCmZ J7ZdxCErzfowAyJdWnRa6vALNQ0CqmUdqsr7+7RqNoCB3bG90IozlbzOIMAZL0iXeRfV tMnriKhHcubE+tFFKHfVEVNhsC1AaTE/Qeet3NnS3x6i0hDFDbKfAhOE56OQldcI1hZa /zuw==
X-Gm-Message-State: ALoCoQljLMd6j6DHnRa/Qq/kV/60wElui9Rt3v55j24woW/rL/VNUJju8dwd1qDnkC3d8c+nXiSm5yaEpnbI3izLUqBzymrkgEl77Ch5S1qo8W8mm6yI1cTM1Ko0Tn4RCHT7HHpE1MWDl0kE1FX5OdydgYjjtRoMMeF2guDlUCOKx+jS/QQf50t6pzNQxWBHB6fepR1Iosep
X-Received: by 10.182.22.18 with SMTP id z18mr9380076obe.42.1392430756862; Fri, 14 Feb 2014 18:19:16 -0800 (PST)
MIME-Version: 1.0
Received: by 10.182.89.229 with HTTP; Fri, 14 Feb 2014 18:18:55 -0800 (PST)
In-Reply-To: <CAA93jw6G5s1v1PubeJ-gJPhcd7_ngjX_iFngVBw_XWzOiJqj7w@mail.gmail.com>
References: <CAA93jw6G5s1v1PubeJ-gJPhcd7_ngjX_iFngVBw_XWzOiJqj7w@mail.gmail.com>
From: Lorenzo Colitti <lorenzo@google.com>
Date: Sat, 15 Feb 2014 11:18:55 +0900
Message-ID: <CAKD1Yr2a6B62kYkCR0W351LQynFnjf7+AMXPaVxEeb1xqsXaKQ@mail.gmail.com>
To: Dave Taht <dave.taht@gmail.com>
Content-Type: multipart/alternative; boundary="001a11332d16a346b504f2688ccf"
Archived-At: http://mailarchive.ietf.org/arch/msg/homenet/86TI-Pe0DEBeCBY-AMgqinPfC7Q
Cc: Evan Hunt <each@isc.org>, Simon Kelley <simon@thekelleys.org.uk>, HOMENET <homenet@ietf.org>
Subject: Re: [homenet] RFC: dhcpv4 to slaac DNS naming scheme
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 15 Feb 2014 02:19:22 -0000
On Sat, Feb 15, 2014 at 8:12 AM, Dave Taht <dave.taht@gmail.com> wrote: > This memo presents a technique for using the hostname acquired from a > DHCPv4 client request to publish AAAA records on that domain name for > public IPv6 addresses acquired by the same dual-stack host using > SLAAC. > Dave, Good to see some work being done on this problem. A few comments: 1. Assuming that hosts generate IPv6 interface IDs per RFC 4291 will soon be mostly obsolete. As you point out, Windows already doesn't do it, and I believe Mac OS and iOS have recently stopped doing it too. So that's a large chunk of the client population already. For the rest, see http://tools.ietf.org/html/draft-gont-6man-deprecate-eui64-based-addresses-00, which is likely going to be adopted by 6man. It likely won't deprecate EUI-64-based IPv6 addresses, but it will almost certainly discourage them. As you also point out, the proposed mechanism also doesn't work for privacy addresses, which is what virtually all hosts are going to be using for outgoing connections anyway. So I don't think that the proposed scheme is a solution to the problem. 2. Since you propose getting this information using MAC addresses, you're doing layering violations and protocol violations already. So why not go a step further and look into the neighbour cache? In principle, you could have the reverse DNS lookup cause a lookup into the IPv6 neighbour cache to find the address that you would then look up in the DHCP lease database. That's expensive, but you could cache the result, and you could also snoop DAD probes to populate the cache when hosts join the network. That would work in a lot more cases than the proposed scheme. 3. If we're going to do work on this, it would be useful to have a mechanism that works even without IPv4. The draft says that relying on dynamic DNS updates "creates a very difficult key management problem", but I don't understand that statement. Can we not simply use unauthenticated DNS updates, and agree to accept them only if they come from the local link? After all, in the proposed scheme the DHCPv4 request that provides the hostname is also unauthenticated, but the router is perfectly happy to accept it. What is the additional security difficulty here? Is is something that could be worked out in a different way? Assuming client support, could the hostname be provided by other types of packets such as ICMPv6 node information replies? Regards, Lorenzo
- Re: [homenet] RFC: dhcpv4 to slaac DNS naming sch… Simon Kelley
- Re: [homenet] RFC: dhcpv4 to slaac DNS naming sch… Lorenzo Colitti
- Re: [homenet] RFC: dhcpv4 to slaac DNS naming sch… Simon Kelley
- Re: [homenet] RFC: dhcpv4 to slaac DNS naming sch… Sander Steffann
- Re: [homenet] RFC: dhcpv4 to slaac DNS naming sch… Sander Steffann
- Re: [homenet] RFC: dhcpv4 to slaac DNS naming sch… Evan Hunt
- [homenet] RFC: dhcpv4 to slaac DNS naming scheme Dave Taht
- Re: [homenet] RFC: dhcpv4 to slaac DNS naming sch… Lorenzo Colitti
- Re: [homenet] RFC: dhcpv4 to slaac DNS naming sch… Brian E Carpenter
- Re: [homenet] RFC: dhcpv4 to slaac DNS naming sch… Evan Hunt
- Re: [homenet] RFC: dhcpv4 to slaac DNS naming sch… Ted Lemon
- Re: [homenet] RFC: dhcpv4 to slaac DNS naming sch… Townsley.net
- Re: [homenet] RFC: dhcpv4 to slaac DNS naming sch… Ted Lemon
- Re: [homenet] RFC: dhcpv4 to slaac DNS naming sch… Townsley.net