Re: [v6ops] Scope of Unique Local IPv6 Unicast Addresses (Fwd: New Version Notification for draft-gont-6man-ipv6-ula-scope-00.txt)

Ted Lemon <mellon@fugue.com> Wed, 06 January 2021 18:09 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 782373A10DA for <ipv6@ietfa.amsl.com>; Wed, 6 Jan 2021 10:09:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Gq8EYBjJkKeb for <ipv6@ietfa.amsl.com>; Wed, 6 Jan 2021 10:09:03 -0800 (PST)
Received: from mail-qt1-x834.google.com (mail-qt1-x834.google.com [IPv6:2607:f8b0:4864:20::834]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5DFB33A0EE5 for <ipv6@ietf.org>; Wed, 6 Jan 2021 10:09:03 -0800 (PST)
Received: by mail-qt1-x834.google.com with SMTP id a6so2618994qtw.6 for <ipv6@ietf.org>; Wed, 06 Jan 2021 10:09:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=lI1K76zbEooCB95VgnJbDrPuqokTja1trr1xk39pa1s=; b=QnivyyyFbBGERu1GRNI3VNflNZXxtGnBZcQhHzEFUwsAu2lV7TJRpquD10JIrRyj5I KDCpSignmzDYEhMmqKK1aniXtngFa2j00zA/cYtikBIIynAgIOFygeGv1nqKbJsB9/sN 2J/4J6WSXPQPo/sFPoqt7V88A9aBhy/tXAzezHVeKyV3BBt+8wN+PrJ46yinEuRxCD9r adconG4kStQF7se7THxvNnuKBOZucTF0VxUsAGtbnuSsa3+zAlRmbhf0aKXpcoyBxK6o Fn2I9Yrj2MpA4lrcQ0spNu4x75m81WjUoKQlo4EJm346cecYCfdpjLpKj16OfwD5TqBt lFyQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=lI1K76zbEooCB95VgnJbDrPuqokTja1trr1xk39pa1s=; b=MJSZAOGOZ9P3CKS3zhHg+O4AdPWq/VlNXxb2MFWqPIPfZshVWawma52T/GpnNKCwj/ mJzqAsE3bXkIEsJuw+SULqH3OxAEa82wihJznKBFg6BAL8Ybtc1dlssMaTCBEvoZMYzz FYMHlYEiiWFH0lTWijYjw+/lD28k6bE7/QpqKBa/voR+0Up8SRYhDwLchf1xtE4nZBt7 j75yfZ6BDXHMy70oIJdTZmTMEV3h6kn4Kpv6HAcV2MQFMdwmr+0x8MSBQ38EMh1ruyKr ZV/x/IYG+F5teVvYMwSDWZkKn0DdiCI719zSJ5nvQw2etU2G5tc0hbJSoMwCoBI0GmHr kDOg==
X-Gm-Message-State: AOAM5334iEJKeFFQcIEJooBmfL2UPKcMkaOz/4Nby6GRcD0vGoZbR11R sin68ggMwNnbhoF7VDzDaI8a1Q==
X-Google-Smtp-Source: ABdhPJwUR9nH81OHF6GjmKiSG7V4owprwzPWlVhI90JlwEgm0OMlTB12U4gy5rrkwArcs2lKJqjavg==
X-Received: by 2002:ac8:5a90:: with SMTP id c16mr5070025qtc.331.1609956542471; Wed, 06 Jan 2021 10:09:02 -0800 (PST)
Received: from mithrandir.lan (c-24-91-177-160.hsd1.nh.comcast.net. [24.91.177.160]) by smtp.gmail.com with ESMTPSA id q32sm1591342qtb.0.2021.01.06.10.09.01 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 06 Jan 2021 10:09:01 -0800 (PST)
From: Ted Lemon <mellon@fugue.com>
Message-Id: <26933B3A-039C-4418-A1FF-5EFD5FC92523@fugue.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_47C06E68-CF31-4E53-A189-1212BBB9B1C3"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.60.0.2.2\))
Subject: Re: [v6ops] Scope of Unique Local IPv6 Unicast Addresses (Fwd: New Version Notification for draft-gont-6man-ipv6-ula-scope-00.txt)
Date: Wed, 6 Jan 2021 13:08:59 -0500
In-Reply-To: <13054.1609955471@localhost>
Cc: Fernando Gont <fgont@si6networks.com>, IPv6 Operations <v6ops@ietf.org>, ipv6@ietf.org, Gert Doering <gert@space.net>
To: Michael Richardson <mcr+ietf@sandelman.ca>
References: <160989494094.6024.7402128068704112703@ietfa.amsl.com> <6fe3a45e-de65-9f88-808d-ea7e2abdcd16@si6networks.com> <m1kx98E-0000EhC@stereo.hq.phicoh.net> <b53b5d62-0334-f791-f56a-f2122767ecdb@si6networks.com> <m1kxAVC-0000KhC@stereo.hq.phicoh.net> <c236e635-518b-fb51-5024-901ec4677c5d@si6networks.com> <20210106162652.GX13005@Space.Net> <1ddf8850-a8cb-53a7-31bc-7433d5a984f2@si6networks.com> <1169.1609953092@localhost> <FA6275FF-E148-46DC-BCFD-987315765873@fugue.com> <13054.1609955471@localhost>
X-Mailer: Apple Mail (2.3654.60.0.2.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/RHKaikb3Q10g5KvrUj16yIGmB5Y>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Jan 2021 18:09:06 -0000

On Jan 6, 2021, at 12:51 PM, Michael Richardson <mcr+ietf@sandelman.ca> wrote:
> But... caching and outsourcing of DNS servers and outsourcing of DNS resolvers.
> I hate all of that: except for simpler (IoT) devices, which should always use
> local DNS server to get local policy,  all this policy should be in the
> client, not the server.

Okay, if that’s possible, sure, but the way to do that sort of policy would be to say what server to contact for what domain. The VPN example is just one example; you could certainly also do this without a VPN. It’s pretty easy to do on the Mac—just add a scoped DNS resolver; not sure how hard it is on Linux.

The thing is, though, that somebody has to provide the intelligence to decide either who to ask or what address to use. I think that by default you should never see a ULA other than from the local resolver, because there’s just no way for someone who _doesn’t_ know that ULA to know whether it would work or not. So if there are some domains that you want treated specially, the easiest way to do that is to have a different resolver for those domains (a scoped resolver).