IETF Logo Mail Archive

Re: Last Call: <draft-ietf-opsec-ipv6-implications-on-ipv4-nets-03.txt> (Security Implications of IPv6 on IPv4 Networks) to Informational RFC

Fernando Gont <fgont@si6networks.com> Mon, 01 April 2013 21:33 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B76321E80D6 for <ietf@ietfa.amsl.com>; Mon, 1 Apr 2013 14:33:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.042
X-Spam-Level:
X-Spam-Status: No, score=-2.042 tagged_above=-999 required=5 tests=[AWL=0.557, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nxhoPhl6-2Ff for <ietf@ietfa.amsl.com>; Mon, 1 Apr 2013 14:33:51 -0700 (PDT)
Received: from web01.jbserver.net (web01.jbserver.net [IPv6:2a00:d10:2000:e::3]) by ietfa.amsl.com (Postfix) with ESMTP id 5DBD421E80A0 for <ietf@ietf.org>; Mon, 1 Apr 2013 14:33:51 -0700 (PDT)
Received: from [186.134.3.135] (helo=[192.168.123.121]) by web01.jbserver.net with esmtpsa (TLSv1:DHE-RSA-CAMELLIA256-SHA:256) (Exim 4.80.1) (envelope-from <fgont@si6networks.com>) id 1UMmMI-0000Th-JH; Mon, 01 Apr 2013 23:33:42 +0200
Message-ID: <5159FD2A.90305@si6networks.com>
Date: Mon, 01 Apr 2013 18:33:30 -0300
From: Fernando Gont <fgont@si6networks.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130308 Thunderbird/17.0.4
MIME-Version: 1.0
To: SM <sm@resistor.net>
Subject: Re: Last Call: <draft-ietf-opsec-ipv6-implications-on-ipv4-nets-03.txt> (Security Implications of IPv6 on IPv4 Networks) to Informational RFC
References: <20130329130326.13012.1402.idtracker@ietfa.amsl.com> <6.2.5.6.2.20130330230305.0bce91a8@resistor.net> <2671C6CDFBB59E47B64C10B3E0BD5923042CFA4019@PRVPEXVS15.corp.twcable.com> <6.2.5.6.2.20130401134936.0a5a1420@resistor.net>
In-Reply-To: <6.2.5.6.2.20130401134936.0a5a1420@resistor.net>
X-Enigmail-Version: 1.4.6
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Apr 2013 21:33:53 -0000

On 04/01/2013 06:14 PM, SM wrote:
>>  prevent them from attempting to connect to an IPv6 address and
>> failing is not broken DNS.
> 
> If there isn't any IPv6 connectivity it is useless to query for AAAA RRs
> as the host is not going to establish an IPv6 connection.  Instead of
> looking at the problem from that angle the proposal uses a "middlebox"
> (not the correct term) to change things.  Once it becomes best practice
> to tamper with DNS there is one more problem to solve as you can no
> longer rely on DNS working according to specifications.

Welcome to the real world:  That cat has been out of the box for years
(no matter whether you consider that a problem, or a feature).

FWIW, my TP-LINK router does that, even if I don't want it to.

Thanks,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

v2.23.0 | Report a Bug | By Email