IETF Logo Mail Archive

Re: 6MAN WG Adoption call : draft-jeong-6man-rdnss-rfc6106-bis

Mark Smith <markzzzsmith@gmail.com> Wed, 22 July 2015 09:52 UTC

Return-Path: <markzzzsmith@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E8A041A8ADE for <ipv6@ietfa.amsl.com>; Wed, 22 Jul 2015 02:52:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.499
X-Spam-Level:
X-Spam-Status: No, score=-0.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=1, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QTSkufm6xxwV for <ipv6@ietfa.amsl.com>; Wed, 22 Jul 2015 02:52:00 -0700 (PDT)
Received: from mail-ig0-x22d.google.com (mail-ig0-x22d.google.com [IPv6:2607:f8b0:4001:c05::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 446551A87A7 for <ipv6@ietf.org>; Wed, 22 Jul 2015 02:52:00 -0700 (PDT)
Received: by iggf3 with SMTP id f3so129220358igg.1 for <ipv6@ietf.org>; Wed, 22 Jul 2015 02:51:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding; bh=nycA03mjFN1kKPOQjF/C8UW32/LPo1I3y7J+uBLoGwY=; b=ja2qNMSt8CSWjoH0hmu0ARUOX3qeUPCrs4500Az5d6/3lILHEhiuJI7zlj9sVUu+kj QeVgli0ccUlRvwTQ7GHZAz8bVYnNZMIF2pdk87Im3mlWNAq5aNwXNUhWnk1Dcpsoly3g aSns94CZbllhapH9f2R9F36i1bbuvttiGX5WhJ9KYbjN8w8znVyW+NwjLrUligib/7wK vqyrhokgHRbkFkKDhbbKGmBwSRBbnzE6GfzRfd0NvNIJuAgJb7IDLoJf9r6vIp/Nt9gy OOWwOGB+pptVxxsjH4dBt09tvJgL9MyZA3Nn4WAcI0oyAA4J19Sc0UkOv/OY56XL8uZa IwDQ==
X-Received: by 10.50.50.229 with SMTP id f5mr32139913igo.35.1437558719725; Wed, 22 Jul 2015 02:51:59 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.107.169.143 with HTTP; Wed, 22 Jul 2015 02:51:30 -0700 (PDT)
In-Reply-To: <CA5CE828-724E-4BE3-B719-065DF529A819@employees.org>
References: <CAAedzxodZ_NBhH5HCVR29Ff_K_th=RBWHvbucQs6sqSpxoA1bw@mail.gmail.com> <73503897.2035558.1434700763863.JavaMail.yahoo@mail.yahoo.com> <1563711943.88070.1437528123676.JavaMail.yahoo@mail.yahoo.com> <CA5CE828-724E-4BE3-B719-065DF529A819@employees.org>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Wed, 22 Jul 2015 19:51:30 +1000
Message-ID: <CAO42Z2y8D8jAWcaLKrGhOexKWcvHJXr9hCBx-AZtmR-Z+gbQpA@mail.gmail.com>
Subject: Re: 6MAN WG Adoption call : draft-jeong-6man-rdnss-rfc6106-bis
To: Ole Troan <otroan@employees.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipv6/DmCVLNIB9ih-u1ERxduEtBzuv3M>
Cc: 6man WG <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Jul 2015 09:52:02 -0000

Hi Ole,

On 22 July 2015 at 17:48, Ole Troan <otroan@employees.org> wrote:
> Mark,
>
>> There is also a problem with only using a subset of DNSSL options because they won't convey the equivalent service/values unless multiple DNSSL options have exactly the same values, unlike (in theory) RDNSS values.
>>
>> For example, 3 x DNSSL of example.com, example.org and example.net, if the host ignores example.net DNSSL, then any relative lookups for hostnames within example.net that don't exist in example.com or example.org will be looked up in root, and perhaps resolve unexpectedly if they're for one of the new vanity GTLDs.
>>
>> In other words, a host should remember completely the set of unique DNSSL values it receives, because they're each expressing something different. The set of unique DNSSL values are not equivalents, so none of them should be ignored.
>
> agree.
> it does indeed seem wrong that a host should have a "sufficient number" of DNSSLs.
> e.g. this text treating RDNSS and DNSSL the same:
>
>    When the IPv6 host has gathered a sufficient number (e.g., three) of
>    RDNSS addresses (or DNS search domain names), it SHOULD maintain
>    RDNSS addresses (or DNS search domain names) by the sufficient number
>    such that the latest received RDNSS or DNSSL is more preferred to the
>    old ones; that is, when the number of RDNSS addresses (or DNS search
>    domain names) is already the sufficient number, the new one replaces
>    the old one that will expire first in terms of Lifetime.
>
> greatly appreciated if you could contribute new text. is this limited to section 5.3.1?
>

So I actually haven't read this draft in detail, and the reason I
haven't is that I have read Fernando's draft in detail and provided
detailed feedback on it, which is the link I provided earlier. I'd
prefer to see the changes described in Fernando's draft and my
comments to show up in this draft first (if they're valid of course).

"Current issues with DNS Configuration Options for SLAAC"
https://tools.ietf.org/html/draft-gont-6man-slaac-dns-config-issues-01

My feedback on -00 of that, which mostly but I don't think completely
was incorporated into -01 e.g. it still says that it is ok to ignore
some of the DNSSL options.

https://www.ietf.org/mail-archive/web/ipv6/current/msg22436.html

I think there needs to be a bit more general thinking and
clarification about the various cases that the current RFC/Draft
doesn't cover or cover well e.g.

- RA lifetime of zero, RDNSS/DNSSL with non-zero lifetimes scenario,
where the RA is effectively being used as a substitute for stateless
DHCPv6 to convey DNS information to hosts that have no "off-link" via
a default router.

- RDNSS addresses are link-local or on-link addresses case, where DNS
resolver address availability would be completely independent of
advertising router RA lifetime, so the RDNSS/DNSSL lifetimes for these
link-local/on-link addresses should probably be set to values that are
not derived at all from the RA lifetime. For link-locals, it would
probably be set to a reasonable static default, where as for on-link
addresses is could be set to or derived from the corresponding
prefix's valid or preferred lifetimes.

- Whether two or more routers advertising the same RDNSS addresses or
same DNSSL values with different lifetimes is an error, and if not,
which lifetime to use i.e., the lowest or highest. (RFC4861 says for
routers to perform consistency checks on each other's RA PIO lifetimes
for the same prefix, and I wonder if this sort of consistency checking
would be useful or necessary for these options.)

There may be other cases I haven't thought of.

I think this needs a bit more than just tweaking, and perhaps these
sorts of RA option issues haven't been encountered before because RA
options haven't been used for upper layer service/application
configuration before - all other options conveyed in RAs are emitted
by the devices operating at the same layer i.e., layer 3 routers are
conveying layer 3 parameters via RA options. DHCPv6 on the other hand
is an end-to-end protocol because it is riding over the top of UDP.


Regards,
Mark.


> cheers,
> Ole
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email