Re: [mif] some questions about dns-server-selection
Michael Richardson <mcr+ietf@sandelman.ca> Mon, 12 November 2012 18:08 UTC
Return-Path: <mcr@sandelman.ca>
X-Original-To: mif@ietfa.amsl.com
Delivered-To: mif@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2C5221F84F3 for <mif@ietfa.amsl.com>; Mon, 12 Nov 2012 10:08:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.651
X-Spam-Level:
X-Spam-Status: No, score=-1.651 tagged_above=-999 required=5 tests=[AWL=-0.316, BAYES_00=-2.599, HOST_MISMATCH_NET=0.311, IP_NOT_FRIENDLY=0.334, RCVD_IN_SORBS_WEB=0.619]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2Eh6-ZGFQFdf for <mif@ietfa.amsl.com>; Mon, 12 Nov 2012 10:08:22 -0800 (PST)
Received: from relay.sandelman.ca (relay.cooperix.net [67.23.6.41]) by ietfa.amsl.com (Postfix) with ESMTP id 50CE121F8472 for <mif@ietf.org>; Mon, 12 Nov 2012 10:08:22 -0800 (PST)
Received: from sandelman.ca (unknown [75.98.19.132]) by relay.sandelman.ca (Postfix) with ESMTPS id 8358381A9; Mon, 12 Nov 2012 13:00:03 -0500 (EST)
Received: from sandelman.ca (quigon.sandelman.ca [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id 1DE0DCA0BC; Mon, 12 Nov 2012 13:08:20 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: teemu.savolainen@nokia.com
In-reply-to: <916CE6CF87173740BC8A2CE443096962044D14EC@008-AM1MPN1-053.mgdnok.nokia.com>
References: <18178.1352487863@sandelman.ca> <916CE6CF87173740BC8A2CE443096962044D14EC@008-AM1MPN1-053.mgdnok.nokia.com>
Comments: In-reply-to <teemu.savolainen@nokia.com> message dated "Mon, 12 Nov 2012 08:49:46 +0000."
X-Mailer: MH-E 8.3; nmh 1.3; XEmacs 21.4 (patch 22)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha1"; protocol="application/pgp-signature"
Date: Mon, 12 Nov 2012 13:08:19 -0500
Message-ID: <9722.1352743699@sandelman.ca>
Sender: mcr@sandelman.ca
Cc: mif-ads@tools.ietf.org, mif@ietf.org
Subject: Re: [mif] some questions about dns-server-selection
X-BeenThere: mif@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multiple Interface Discussion List <mif.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mif>, <mailto:mif-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mif>
List-Post: <mailto:mif@ietf.org>
List-Help: <mailto:mif-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mif>, <mailto:mif-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Nov 2012 18:08:23 -0000
>>>>> "teemu" == teemu savolainen <teemu.savolainen@nokia.com> writes: teemu> On this I have to confess I don't recall a particular reason teemu> (this draft has been in works for four years, and the early teemu> days are getting blurry in my memory). Do you see this as a teemu> serious issue that REALLY should be addressed before teemu> publication? No. >> so, basically, please never use this protocol unless you know >> what you are doing, in which case, you should just vi >> /etc/resolv.conf instead? That DNSSEC is required to even think >> about using this is instructive, because it means that actually, >> recursive DNS lookups are local already. teemu> You should check the zillion emails about security teemu> discussions related to this draft. I figured as much. teemu> But please read carefully the text you quoted:" using secure, teemu> trusted channel, ". This means that if a channel from a host teemu> to the DHCP server is trusted, DNSSEC is not needed. These teemu> kinds of environments exist e.g. in 3GPP domain, where the teemu> cellular connection is considered trusted enough for this teemu> purpose. okay, an existence proof of this kind of enough for me. -- Michael Richardson -on the road-
- [mif] some questions about dns-server-selection Michael Richardson
- Re: [mif] some questions about dns-server-selecti… teemu.savolainen
- Re: [mif] some questions about dns-server-selecti… Michael Richardson