IETF Logo Mail Archive

Re: [mif] draft-ietf-mif-current-practices-00

Dave Thaler <dthaler@microsoft.com> Mon, 12 April 2010 22:45 UTC

Return-Path: <dthaler@microsoft.com>
X-Original-To: mif@core3.amsl.com
Delivered-To: mif@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D27D63A6868 for <mif@core3.amsl.com>; Mon, 12 Apr 2010 15:45:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -109.871
X-Spam-Level:
X-Spam-Status: No, score=-109.871 tagged_above=-999 required=5 tests=[AWL=0.728, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id snwVqzk14P8V for <mif@core3.amsl.com>; Mon, 12 Apr 2010 15:45:30 -0700 (PDT)
Received: from smtp.microsoft.com (mailb.microsoft.com [131.107.115.215]) by core3.amsl.com (Postfix) with ESMTP id 372EF3A6809 for <mif@ietf.org>; Mon, 12 Apr 2010 15:45:30 -0700 (PDT)
Received: from TK5EX14HUBC102.redmond.corp.microsoft.com (157.54.7.154) by TK5-EXGWY-E802.partners.extranet.microsoft.com (10.251.56.168) with Microsoft SMTP Server (TLS) id 8.2.176.0; Mon, 12 Apr 2010 15:45:10 -0700
Received: from TK5EX14MLTW652.wingroup.windeploy.ntdev.microsoft.com (157.54.71.68) by TK5EX14HUBC102.redmond.corp.microsoft.com (157.54.7.154) with Microsoft SMTP Server (TLS) id 14.0.639.21; Mon, 12 Apr 2010 15:45:10 -0700
Received: from TK5EX14MBXW601.wingroup.windeploy.ntdev.microsoft.com ([169.254.1.63]) by TK5EX14MLTW652.wingroup.windeploy.ntdev.microsoft.com ([157.54.71.68]) with mapi; Mon, 12 Apr 2010 15:45:09 -0700
From: Dave Thaler <dthaler@microsoft.com>
To: Dave Thaler <dthaler@microsoft.com>, "teemu.savolainen@nokia.com" <teemu.savolainen@nokia.com>, "g_e_montenegro@yahoo.com" <g_e_montenegro@yahoo.com>, "dwing@cisco.com" <dwing@cisco.com>, "denghui02@gmail.com" <denghui02@gmail.com>
Thread-Topic: [mif] draft-ietf-mif-current-practices-00
Thread-Index: AQHK1TKMaTaZ5uEk9UKBxenwZvGT9pIVqnJAgAAdoSCAAA5RwIACev8AgADHYICAAGMjgIAGU02A//+oG2CAAAF6sA==
Date: Mon, 12 Apr 2010 22:44:54 +0000
Message-ID: <9B57C850BB53634CACEC56EF4853FF65139303C8@TK5EX14MBXW601.wingroup.windeploy.ntdev.microsoft.com>
References: <044f01cad05d$22cdd090$c6f0200a@cisco.com> <n2h1d38a3351004051939m78d84b11qe9f58c4228886d2e@mail.gmail.com> <9B57C850BB53634CACEC56EF4853FF651392747A@TK5EX14MBXW601.wingroup.windeploy.ntdev.microsoft.com> <07e201cad5ba$4d53eea0$7893150a@cisco.com> <9B57C850BB53634CACEC56EF4853FF6513928B14@TK5EX14MBXW601.wingroup.windeploy.ntdev.microsoft.com> <h2t1d38a3351004071928n8d88b955u5de0dfcd63a9f625@mail.gmail.com> <0f7701cad726$e8e28990$7893150a@cisco.com> <294720.31470.qm@web82601.mail.mud.yahoo.com> <18034D4D7FE9AE48BF19AB1B0EF2729F59D5D5F4FD@NOK-EUMSG-01.mgdnok.nokia.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "mif@ietf.org" <mif@ietf.org>
Subject: Re: [mif] draft-ietf-mif-current-practices-00
X-BeenThere: mif@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Multiple Interface Discussion List <mif.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/mif>, <mailto:mif-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mif>
List-Post: <mailto:mif@ietf.org>
List-Help: <mailto:mif-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mif>, <mailto:mif-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Apr 2010 22:45:33 -0000

And for the "note well", Microsoft may have some IP in this area.

-Dave

> -----Original Message-----
> From: Dave Thaler
> Sent: Monday, April 12, 2010 3:43 PM
> To: 'teemu.savolainen@nokia.com'; g_e_montenegro@yahoo.com; dwing@cisco.com;
> denghui02@gmail.com
> Cc: mif@ietf.org
> Subject: RE: [mif] draft-ietf-mif-current-practices-00
>
> > -----Original Message-----
> > From: teemu.savolainen@nokia.com [mailto:teemu.savolainen@nokia.com]
> > Sent: Monday, April 12, 2010 1:53 PM
> > To: g_e_montenegro@yahoo.com; dwing@cisco.com; denghui02@gmail.com; Dave
> > Thaler
> > Cc: mif@ietf.org
> > Subject: RE: [mif] draft-ietf-mif-current-practices-00
> >
> > Hi,
> >
> > Why do you think #4 is not mif-specific? What possible use NRPT has for
> single
> > interfaced host? Or is the idea such that a host could have single
> interface,
> > but just use different DNS server for queries matching NRPT?
>
> Right.  The NRPT is similar to a configured cache of NS records.
> It's used to solve the problem of have access to multiple disjoint namespaces
> (like corporate DNS and public DNS).  Private names aren't resolvable in
> the public DNS, so you have to know what DNS server to ask.
>
> > ....hmm...
> > Do you consider a host using DirectAccess single or multi-interfaced? From
> my
> > quick reading of the DirectAccess feature, it sounds to be somewhere in
> > between - not obviously multi-interface like the VPN-case is, but not quite
> > single-interfaced either.
>
> Right it could be either one.
>
> >
> > Is there a way to configure NRPT policies remotely via some protocol?
>
> Yes, it's designed to be configured by an enterprise administrator of the
> organization that manages the host.  So there's an authenticated,
> configuration distribution protocol for ActiveDirectory-domain-joined hosts.
>
> -Dave
>
> >
> > Thanks for explanation,
> >
> > Teemu
> >
> > > -----Original Message-----
> > > From: mif-bounces@ietf.org [mailto:mif-bounces@ietf.org] On Behalf Of
> > > ext gabriel montenegro
> > > Sent: 08. huhtikuuta 2010 23:17
> > > To: Dan Wing; Hui Deng; Dave Thaler
> > > Cc: mif@ietf.org
> > > Subject: Re: [mif] draft-ietf-mif-current-practices-00
> > >
> > > In addition to those three usages of "suffix":
> > >
> > > 1. Domain Search list suffix
> > > 2. For interface-specific suffix list
> > > 3. Suffix to control Dynamic DNS Updates
> > >
> > > There is yet another usage in Windows introduced in windows 7 and its
> > > server counterpart, Windows Server 2008 R2:
> > >
> > > 4. Suffix in the NRPT [1] to aid in identifying a Namespace that
> > > requires special handling,
> > > as used for DirectAccess [2]. This is not MIF-specific either.
> > >
> > > Only #2 is MIF-specific (and this should be called out), but it makes
> > > sense to clarify the
> > > other uses of "suffix" otherwise #2 won't be clear.
> > >
> > > [1] NRPT: See http://technet.microsoft.com/en-us/magazine/ff394369.aspx
> > > [2] DirectAcess: http://technet.microsoft.com/en-
> > > us/magazine/2009.05.cableguy.aspx
> > >
> > > Gabriel
> > >
> > > ----- Original Message ----
> > > > From: Dan Wing <dwing@cisco.com>
> > > > To: Hui Deng <denghui02@gmail.com>; Dave Thaler
> > > <dthaler@microsoft.com>
> > > > Cc: mif@ietf.org; Gabriel Montenegro <gmonte@microsoft.com>
> > > > Sent: Thu, April 8, 2010 7:22:23 AM
> > > > Subject: Re: [mif] draft-ietf-mif-current-practices-00
> > > >
> > > >
> > >
> > > > -----Original Message-----
> > > > From: Hui Deng [mailto:> ymailto="mailto:denghui02@gmail.com"
> > > > href="mailto:denghui02@gmail.com">denghui02@gmail.com]
> > > > Sent:
> > > > Wednesday, April 07, 2010 7:29 PM
> > > > To: Dave Thaler
> > > > Cc: Dan Wing;
> > > > Gabriel Montenegro; > href="mailto:mif@ietf.org">mif@ietf.org
> > > > Subject: Re: [mif]
> > > > draft-ietf-mif-current-practices-00
> > > >
> > > > 2nd purpose has been
> > > > documented in the current practice draft,
> > > > whether 1st and 3rd purpose
> > > > need to be documented as well? it may not
> > > > directly related to
> > > > MIF?
> > >
> > > Some operating systems -- e.g., most flavors of Unix -- do not
> > > > support the
> > > ability for sending different DNS queries to different DNS
> > > > servers.
> > >
> > > It would be helpful if the draft more clearly described the
> > > > functionality.
> > > Someone unfamiliar with the Windows functionality, reading the
> > > > draft, assumes
> > > it is merely talking about the 'domain search list' -- because
> > > > that is what
> > > they are familiar with.
> > >
> > > I don't care how the draft
> > > > is fixed to make it clearer.  I propose describing
> > > the 2 (and, as Dave
> > > > pointed out, 3) functions.  If you want to adjust the
> > > document to
> > > > instead talk about the per-interface stuff, that's great -- my
> > > point is that
> > > > right now it is insufficiently clear in explaining it.
> > >
> > > -d
> > >
> > > >
> > > > -Hui
> > > >
> > > > 2010/4/7 Dave Thaler <> ymailto="mailto:dthaler@microsoft.com"
> > > > href="mailto:dthaler@microsoft.com">dthaler@microsoft.com>:
> > > >
> > > > >> -----Original Message-----
> > > > >> From: Dan Wing [mailto:> ymailto="mailto:dwing@cisco.com"
> > > > href="mailto:dwing@cisco.com">dwing@cisco.com]
> > > > >> Sent:
> > > > Tuesday, April 06, 2010 11:52 AM
> > > > >> To: Dave Thaler; 'Hui Deng';
> > > > Gabriel Montenegro
> > > > >> Cc: > href="mailto:mif@ietf.org">mif@ietf.org
> > > > >> Subject: RE: [mif]
> > > > draft-ietf-mif-current-practices-00
> > > > >>
> > > > >>
> > > >
> > > > >>
> > > > >> > -----Original Message-----
> > > > >> >
> > > > From: Dave Thaler [mailto:>
> > > href="mailto:dthaler@microsoft.com">dthaler@microsoft.com]
> > > > >>
> > > > > Sent: Tuesday, April 06, 2010 10:06 AM
> > > > >> > To: Hui Deng;
> > > > Dan Wing; Gabriel Montenegro
> > > > >> > Cc: > ymailto="mailto:mif@ietf.org"
> > > > href="mailto:mif@ietf.org">mif@ietf.org
> > > > >> > Subject: RE:
> > > > [mif] draft-ietf-mif-current-practices-00
> > > > >> >
> > > > >>
> > > > > Hui is correct, Windows has per-interface DNS server lists
> > > > >>
> > > > configured.
> > > > >> >
> > > > >> > It then uses a host-wide
> > > > "effective" server list for an
> > > > actual query,
> > > > >> >
> > > > where the effective server list may be different for
> > > > different
> > > > names.
> > > > >> >
> > > > >> > On Windows the per-interface
> > > > suffix is actually termed the
> > > > >> > "connection-specific DNS
> > > > suffix" to distinguish it from the
> > > > >> > "primary DNS suffix" of
> > > > the machine.  I think that's why
> > > > >> > "interface-specific" was
> > > > repeated in the first bullet.
> > > > >>
> > > > >>
> > > >
> > > > >>
> > > > >> In draft-montenegro-mif-multihoming, there are two
> > > >
> > > > purposes and terms
> > > > >> that
> > > > >> seem to be
> > > > intermingled using the term "DNS suffix".
> > > > >>
> > > > >> One
> > > > purpose is the suffix for non-FQDN names, like
> > > > "payroll" or
> > > > "mail",
> > > > >> which will have a suffix added to them (e.g., > target="_blank"
> > > href="http://example.com">example.com).
> > > > >
> > > >
> > > > > That's what windows calls the "DNS Suffix Search List" (see the
> > > >
> > > > > sample output I sent previously below).  It's called the
> > > > >
> > > > "domain search list" in other places (like RFC 3397), or just
> > > > >
> > > > "search list" (RFC 1123).
> > > > >
> > > > >> The
> > > > >>
> > > > other purpose is deciding which DNS server will be be sent
> > > > a query
> > > > for
> > > > >> a certain FQDN (e.g., queries for *.>
> > > href="http://example.net">example.net go to one
> > > > DNS server
> > > >
> > > > >> and queries for *.example.com go to a different DNS server).
> > > >
> > > > >
> > > > > Another purpose is deciding which DNS server will receive a
> > > > dynamic
> > > > > update for a name with a certain suffix (e.g., Windows
> > > >
> > > > supports dynamic
> > > > > updates for the primary DNS name, and
> > > > optionally also the
> > > > connection-
> > > > > specific DNS name of the
> > > > machine).
> > > > >
> > > > >>
> > > > >>
> > > > >> In
> > > > draft-ietf-mif-current-practices-00, which is the WG document
> > > > >>
> > > > that seems to have boiled down draft-montenegro-mif-multihoming,
> > > >
> > > > >> but draft-ietf-mif-current-practices-00 also does not clearly
> > > >
> > > > >> separate the two purposes.
> > > > >
> > > > > Yep
> > > >
> > > > >
> > > > > -Dave
> > > > >>
> > > > >> -d
> > > >
> > > > >>
> > > > >>
> > > > >> > Example on Windows, extracted
> > > > from "ipconfig /all" output:
> > > > >> >
> > > > >> > Windows
> > > > IP Configuration
> > > > >> >
> > > > >> >    Host Name . . .
> > > > . . . . . . . . . : dthaler-win7
> > > > >> >    Primary Dns Suffix  .
> > > > . . . . . . : >
> > > href="http://ntdev.corp.microsoft.com">ntdev.corp.microsoft.com
> > > >
> > > > >> >
> > > >  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > > > >>
> > > > >    Node Type . . . . . . . . . . . . : Hybrid
> > > > >> >    IP
> > > > Routing Enabled. . . . . . . . : No
> > > > >> >    WINS Proxy Enabled.
> > > > . . . . . . . : No
> > > > >> >    DNS Suffix Search List. . . . . . :
> > > > ntdev.corp.microsoft.com
> > > > >> >
> > > >      >
> > > href="http://redmond.corp.microsoft.com">redmond.corp.microsoft.com
> > > >
> > > > >> >                                        >
> > > href="http://ntdev.microsoft.com">ntdev.microsoft.com
> > > > >> >
> > > >                                        >
> > > href="http://dns.corp.microsoft.com">dns.corp.microsoft.com
> > > > >>
> > > > >    System Quarantine State . . . . . : Not Restricted
> > > > >>
> > > > >
> > > > >> > Wireless LAN adapter Wireless Network
> > > > Connection:
> > > > >> >
> > > > >> >    Connection-specific
> > > > DNS Suffix  . : >
> > > href="http://hsd1.wa.comcast.net">hsd1.wa.comcast.net.
> > > > >> >
> > > >    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > > > >>
> > > > >    Description . . . . . . . . . . . : Intel(R) Wireless WiFi
> > > >
> > > > >> > Link 4965AGN
> > > > >> >    Physical Address. . . . . .
> > > > . . . : 00-1D-E0-34-4F-6F
> > > > >> >    DHCP Enabled. . . . . . . . .
> > > > . . : Yes
> > > > >> >    Autoconfiguration Enabled . . . . :
> > > > Yes
> > > > >> >    Link-local IPv6 Address . . . . . :
> > > >
> > > > >> > fe80::4853:4753:9d8d:3b45%13(Preferred)
> > > > >> >
> > > >  IPv4 Address. . . . . . . . . . . : 192.168.0.195(Preferred)
> > > > >>
> > > > >    Subnet Mask . . . . . . . . . . . : 255.255.255.0
> > > > >> >
> > > >    Lease Obtained. . . . . . . . . . : Monday, April 05, 2010
> > > > >>
> > > > > 10:19:02 PM
> > > > >> >    Lease Expires . . . . . . . . . . :
> > > > Tuesday, April 06,
> > > > >> > 2010 10:19:02 PM
> > > > >> >
> > > >    Default Gateway . . . . . . . . . : 192.168.0.1
> > > > >> >    DHCP
> > > > Server . . . . . . . . . . . : 192.168.0.1
> > > > >> >    DHCPv6 IAID
> > > > . . . . . . . . . . . : 335551968
> > > > >> >    DHCPv6 Client DUID. .
> > > > . . . . . . :
> > > > >> >
> > > > 00-01-00-01-12-0C-E2-7A-00-1E-37-CC-8D-DD
> > > > >> >
> > > > >>
> > > > >    DNS Servers . . . . . . . . . . . : 2001:df8:0:1::25
> > > > >>
> > > > >                                        192.168.0.1
> > > > >> >
> > > >  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > > > >> >
> > > >  NetBIOS over Tcpip. . . . . . . . : Enabled
> > > > >> >
> > > >
> > > > >> > -Dave
> > > > >> >
> > > > >> > >
> > > > -----Original Message-----
> > > > >> > > From: Hui Deng [mailto:> ymailto="mailto:denghui02@gmail.com"
> > > > href="mailto:denghui02@gmail.com">denghui02@gmail.com]
> > > > >> >
> > > > > Sent: Monday, April 05, 2010 7:40 PM
> > > > >> > > To: Dan
> > > > Wing; Gabriel Montenegro; Dave Thaler
> > > > >> > > Cc: > ymailto="mailto:mif@ietf.org"
> > > > href="mailto:mif@ietf.org">mif@ietf.org
> > > > >> > > Subject:
> > > > Re: [mif] draft-ietf-mif-current-practices-00
> > > > >> > >
> > > >
> > > > >> > > DNS server always has specific interface related
> > > > information,
> > > > >> > > but the final DNS server will still be
> > > > host based, I
> > > > wouldn't say
> > > > >> it
> > > > >> >
> > > > > is not correct.
> > > > >> > >
> > > > >> > > one
> > > > example would be you have internet connection and vpn
> > > > >>
> > > > connection
> > > > >> > > at the same time,
> > > > >> >
> > > > > good VPN implementation will always rely on VPN DNS server
> > > > >>
> > > > > information
> > > > >> > > for Internet connection.
> > > >
> > > > >> > >
> > > > >> > > -Hui
> > > > >> >
> > > > >
> > > > >> > > 2010/3/31 Dan Wing <> ymailto="mailto:dwing@cisco.com"
> > > > href="mailto:dwing@cisco.com">dwing@cisco.com>:
> > > > >> >
> > > > > > Section 3.2.1.3 of describes the DNS configuration
> > > > of
> > > > Windows,
> > > > >> and
> > > > >> > > says:
> > > > >>
> > > > > > >
> > > > >> > > >  "Interface specific DNS
> > > > configuration can be input
> > > > via static
> > > > >> > > >
> > > > configuration or via DHCP.  It includes:
> > > > >> > > >
> > > >
> > > > >> > > >   o  An interface-specific suffix list.
> > > > >>
> > > > > > >
> > > > >> > > >   o  A list of DNS server IP
> > > > addresses."
> > > > >> > > >
> > > > >> > > > It
> > > > is curious that the first bullet repeats "interface
> > > > >> >
> > > > specific", but
> > > > >> > > the
> > > > >> > > >
> > > > second bullet does not repeat it.  A reasonable
> > > > interpretation
> > > > is
> > > > >> > > that the
> > > > >> > > > second
> > > > bullet is not interface-specific, but the
> > > > lead-in sentence
> > > >
> > > > >> > > says this is
> > > > >> > > >
> > > > interface-specific.  I was hoping
> > > > >> >
> > > > draft-montenegro-mif-multihoming-00
> > > > >> > > would
> > > >
> > > > >> > > > clarify, but it doesn't.
> > > > >> > >
> > > > >
> > > > >> > > > -d
> > > > >> > > >
> > > >
> > > > >> > > > _______________________________________________
> > > >
> > > > >> > > > mif mailing list
> > > > >> > > > > ymailto="mailto:mif@ietf.org"
> > > > href="mailto:mif@ietf.org">mif@ietf.org
> > > > >> > > > > href="https://www.ietf.org/mailman/listinfo/mif"
> > > target=_blank
> > > > >https://www.ietf.org/mailman/listinfo/mif
> > > > >> > >
> > > > >
> > > > >> >
> > > > >>
> > > > >
> > > >
> > > > >
> > >
> > > _______________________________________________
> > > mif mailing
> > > > list
> > > > href="mailto:mif@ietf.org">mif@ietf.org
> > > > href="https://www.ietf.org/mailman/listinfo/mif" target=_blank
> > > > >https://www.ietf.org/mailman/listinfo/mif
> > > _______________________________________________
> > > mif mailing list
> > > mif@ietf.org
> > > https://www.ietf.org/mailman/listinfo/mif

v2.23.0 | Report a Bug | By Email