IETF Logo Mail Archive

Re: 6MAN WG Adoption call : draft-jeong-6man-rdnss-rfc6106-bis

Mark Smith <markzzzsmith@gmail.com> Thu, 23 July 2015 05:16 UTC

Return-Path: <markzzzsmith@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C537F1A00E8 for <ipv6@ietfa.amsl.com>; Wed, 22 Jul 2015 22:16:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.499
X-Spam-Level:
X-Spam-Status: No, score=-0.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=1, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V6VS49jNI80o for <ipv6@ietfa.amsl.com>; Wed, 22 Jul 2015 22:16:46 -0700 (PDT)
Received: from mail-ig0-x22b.google.com (mail-ig0-x22b.google.com [IPv6:2607:f8b0:4001:c05::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CF6CF1A00C0 for <ipv6@ietf.org>; Wed, 22 Jul 2015 22:16:45 -0700 (PDT)
Received: by igbpg9 with SMTP id pg9so5256311igb.0 for <ipv6@ietf.org>; Wed, 22 Jul 2015 22:16:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding; bh=KTTtheAlpm4+LrSCBkA/dwDpHs9JErh+hiGv2nwtGt4=; b=xeuxvsnyoJCDMlNsla0CopCpAN2QD4up855hgj/rzcRCohm2sQR1ehccatTWC4f7S6 Uqp6uXk4yBDBvSbZvgZ5SxOvLxvg2Xa281JhiY8o3R/OQnDXGC2G2zAaV1dEGc2jeP8D iS7XA/hqD1k6NNJVZb7DgHflLHxij9cK15A0Gvyg3waWATlrOstPTld/dk/DXkl9lrKN aELsWksYmN0AnAayspD3earW1DSVkAcyMKKOZpkQCiW0snPTwtZc+Mdm7JwbhFuGjn/F kEzbOb5LUHtipYHPOIpfOIbprwRFOAS+nAE3stiJRbJcE/0Hu6L4ZXZcaaWc5TKcKTMN 2xZA==
X-Received: by 10.50.117.66 with SMTP id kc2mr11254530igb.31.1437628605284; Wed, 22 Jul 2015 22:16:45 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.107.169.143 with HTTP; Wed, 22 Jul 2015 22:16:15 -0700 (PDT)
In-Reply-To: <0FA3D584-982A-4DA1-9DCE-CF3D4543B9D5@employees.org>
References: <CAAedzxodZ_NBhH5HCVR29Ff_K_th=RBWHvbucQs6sqSpxoA1bw@mail.gmail.com> <73503897.2035558.1434700763863.JavaMail.yahoo@mail.yahoo.com> <1563711943.88070.1437528123676.JavaMail.yahoo@mail.yahoo.com> <CA5CE828-724E-4BE3-B719-065DF529A819@employees.org> <CAO42Z2y8D8jAWcaLKrGhOexKWcvHJXr9hCBx-AZtmR-Z+gbQpA@mail.gmail.com> <0FA3D584-982A-4DA1-9DCE-CF3D4543B9D5@employees.org>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Thu, 23 Jul 2015 15:16:15 +1000
Message-ID: <CAO42Z2xM3pB585wfUcoSQCkY2muytGCNo+SGW8ohY8Ay13PqZw@mail.gmail.com>
Subject: Re: 6MAN WG Adoption call : draft-jeong-6man-rdnss-rfc6106-bis
To: Ole Troan <otroan@employees.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipv6/3Pjd4RrbOc05Dy6AOVxNvnFImq8>
Cc: 6man WG <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jul 2015 05:16:47 -0000

Hi Ole,

On 22 July 2015 at 21:24, Ole Troan <otroan@employees.org> wrote:
> Mark,
>
> […]
>
>>> greatly appreciated if you could contribute new text. is this limited to section 5.3.1?
>>>
>>
>> So I actually haven't read this draft in detail, and the reason I
>> haven't is that I have read Fernando's draft in detail and provided
>> detailed feedback on it, which is the link I provided earlier. I'd
>> prefer to see the changes described in Fernando's draft and my
>> comments to show up in this draft first (if they're valid of course).
>>
>> "Current issues with DNS Configuration Options for SLAAC"
>> https://tools.ietf.org/html/draft-gont-6man-slaac-dns-config-issues-01
>>
>> My feedback on -00 of that, which mostly but I don't think completely
>> was incorporated into -01 e.g. it still says that it is ok to ignore
>> some of the DNSSL options.
>>
>> https://www.ietf.org/mail-archive/web/ipv6/current/msg22436.html
>
> with regards to DNSSL options. my personal view of these is that I’m uncomfortable with search lists in general, I expect that there is no scenario where their use will lead to unintended consequences.

I can see some value in search lists, because they allow people to
just type the local host name within the local network rather than
always having to provide the fully qualified domain name. That is
convenient.


> and that I expect them both to be filtered on the borders of a network and on hosts.
>

In my experience it has been fairly common for ISPs to advise their
customers to use the ISP's domain name as their domain name. I suspect
it is partly because it sounds right, rather than making it convenient
for customers to just be able to type "www" to get to their ISP's
website.

In the past, that meant that every FQDN request was first searched for
in the ISPs domain e.g., a lookup for www.ietf.org.ispdomain.com
before www.ietf.org was looked up in the root, adding an additional
DNS lookup and commonly . Going by the manual page for resolve.conf on
this Linux host, resolvers are smarter now, and do an absolute query
if there is a specified number of dots in the query, with the default
here being 1.

> with that would a fix to 5.3.1 suffice?
>

I think so. For people who want to use them (and know how they work),
all of the search domains supplied via the DNSSL options should be
added to the DNS search list.

> the working group has chosen to make the minimal changes required to fix the issues identified by draft-gont-6man-slaac-dns-config-issues.
>
>> I think there needs to be a bit more general thinking and
>> clarification about the various cases that the current RFC/Draft
>> doesn't cover or cover well e.g.
>>
>> - RA lifetime of zero, RDNSS/DNSSL with non-zero lifetimes scenario,
>> where the RA is effectively being used as a substitute for stateless
>> DHCPv6 to convey DNS information to hosts that have no "off-link" via
>> a default router.
>
> my suggestion is to remove any text tying these lifetimes to the router lifetime.
> are you OK with that?
>

Yes.

I think these options' lifetime values also need to always be greater
than the unsolicited multicast RA interval, to ensure they don't age
out before they're refreshed.

The draft suggests a host could send an (multicast) RS to initiate a
refresh, however that would increase multicast traffic on the link,
and I think that would be better to be avoided.

I think these RA options would be simpler than using DHCPv6 for DNS
and search domain information if all it took was piggybacking them on
the existing RAs and RSes that routers and hosts are already going to
send. However, if extra messages are necessary, then I think the
simplicity has gone, as mechanisms that are already in DHCPv6 are now
being duplicated, and therefore DHCPv6 would be better to use.


>> - RDNSS addresses are link-local or on-link addresses case, where DNS
>> resolver address availability would be completely independent of
>> advertising router RA lifetime, so the RDNSS/DNSSL lifetimes for these
>> link-local/on-link addresses should probably be set to values that are
>> not derived at all from the RA lifetime. For link-locals, it would
>> probably be set to a reasonable static default, where as for on-link
>> addresses is could be set to or derived from the corresponding
>> prefix's valid or preferred lifetimes.
>
> with the removal of the coupling above, would that suffice?
>

Yes.

>> - Whether two or more routers advertising the same RDNSS addresses or
>> same DNSSL values with different lifetimes is an error, and if not,
>> which lifetime to use i.e., the lowest or highest. (RFC4861 says for
>> routers to perform consistency checks on each other's RA PIO lifetimes
>> for the same prefix, and I wonder if this sort of consistency checking
>> would be useful or necessary for these options.)
>
> I hope the current text in 4861 is sufficient.

RFC4861 makes a general statement that routers should be checking each
other's RA contents consistency, and should be logging messages about
inconsistency. It then specifies a minimum of things to check. In
other words, it is saying that consistency should be checked, but not
that literally everything in the RAs must be exactly the same (e.g.,
it specifically says that not all RAs need to contain the same set of
PIOs).

As errors with these specific options are more likely to cause faults
that will be visible to the receiving devices' end-users, I think it
would be useful to clarify whether or not any consistency checking or
validation is to be performed.

> this would probably lead the clients to update their lifetimes / RDNSS lists with the last received RA. just like what happens with other inconsistencies.
>

Yes.

Regards,
Mark.


>> There may be other cases I haven't thought of.
>>
>> I think this needs a bit more than just tweaking, and perhaps these
>> sorts of RA option issues haven't been encountered before because RA
>> options haven't been used for upper layer service/application
>> configuration before - all other options conveyed in RAs are emitted
>> by the devices operating at the same layer i.e., layer 3 routers are
>> conveying layer 3 parameters via RA options. DHCPv6 on the other hand
>> is an end-to-end protocol because it is riding over the top of UDP.
>
> cheers,
> Ole

v2.23.0 | Report a Bug | By Email