Re: [mif] draft-ietf-mif-current-practices-00
Dave Thaler <dthaler@microsoft.com> Mon, 12 April 2010 22:45 UTC
Return-Path: <dthaler@microsoft.com>
X-Original-To: mif@core3.amsl.com
Delivered-To: mif@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D27D63A6868 for <mif@core3.amsl.com>; Mon, 12 Apr 2010 15:45:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -109.871
X-Spam-Level:
X-Spam-Status: No, score=-109.871 tagged_above=-999 required=5 tests=[AWL=0.728, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id snwVqzk14P8V for <mif@core3.amsl.com>; Mon, 12 Apr 2010 15:45:30 -0700 (PDT)
Received: from smtp.microsoft.com (mailb.microsoft.com [131.107.115.215]) by core3.amsl.com (Postfix) with ESMTP id 372EF3A6809 for <mif@ietf.org>; Mon, 12 Apr 2010 15:45:30 -0700 (PDT)
Received: from TK5EX14HUBC102.redmond.corp.microsoft.com (157.54.7.154) by TK5-EXGWY-E802.partners.extranet.microsoft.com (10.251.56.168) with Microsoft SMTP Server (TLS) id 8.2.176.0; Mon, 12 Apr 2010 15:45:10 -0700
Received: from TK5EX14MLTW652.wingroup.windeploy.ntdev.microsoft.com (157.54.71.68) by TK5EX14HUBC102.redmond.corp.microsoft.com (157.54.7.154) with Microsoft SMTP Server (TLS) id 14.0.639.21; Mon, 12 Apr 2010 15:45:10 -0700
Received: from TK5EX14MBXW601.wingroup.windeploy.ntdev.microsoft.com ([169.254.1.63]) by TK5EX14MLTW652.wingroup.windeploy.ntdev.microsoft.com ([157.54.71.68]) with mapi; Mon, 12 Apr 2010 15:45:09 -0700
From: Dave Thaler <dthaler@microsoft.com>
To: Dave Thaler <dthaler@microsoft.com>, "teemu.savolainen@nokia.com" <teemu.savolainen@nokia.com>, "g_e_montenegro@yahoo.com" <g_e_montenegro@yahoo.com>, "dwing@cisco.com" <dwing@cisco.com>, "denghui02@gmail.com" <denghui02@gmail.com>
Thread-Topic: [mif] draft-ietf-mif-current-practices-00
Thread-Index: AQHK1TKMaTaZ5uEk9UKBxenwZvGT9pIVqnJAgAAdoSCAAA5RwIACev8AgADHYICAAGMjgIAGU02A//+oG2CAAAF6sA==
Date: Mon, 12 Apr 2010 22:44:54 +0000
Message-ID: <9B57C850BB53634CACEC56EF4853FF65139303C8@TK5EX14MBXW601.wingroup.windeploy.ntdev.microsoft.com>
References: <044f01cad05d$22cdd090$c6f0200a@cisco.com> <n2h1d38a3351004051939m78d84b11qe9f58c4228886d2e@mail.gmail.com> <9B57C850BB53634CACEC56EF4853FF651392747A@TK5EX14MBXW601.wingroup.windeploy.ntdev.microsoft.com> <07e201cad5ba$4d53eea0$7893150a@cisco.com> <9B57C850BB53634CACEC56EF4853FF6513928B14@TK5EX14MBXW601.wingroup.windeploy.ntdev.microsoft.com> <h2t1d38a3351004071928n8d88b955u5de0dfcd63a9f625@mail.gmail.com> <0f7701cad726$e8e28990$7893150a@cisco.com> <294720.31470.qm@web82601.mail.mud.yahoo.com> <18034D4D7FE9AE48BF19AB1B0EF2729F59D5D5F4FD@NOK-EUMSG-01.mgdnok.nokia.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "mif@ietf.org" <mif@ietf.org>
Subject: Re: [mif] draft-ietf-mif-current-practices-00
X-BeenThere: mif@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Multiple Interface Discussion List <mif.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/mif>, <mailto:mif-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mif>
List-Post: <mailto:mif@ietf.org>
List-Help: <mailto:mif-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mif>, <mailto:mif-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Apr 2010 22:45:33 -0000
And for the "note well", Microsoft may have some IP in this area. -Dave > -----Original Message----- > From: Dave Thaler > Sent: Monday, April 12, 2010 3:43 PM > To: 'teemu.savolainen@nokia.com'; g_e_montenegro@yahoo.com; dwing@cisco.com; > denghui02@gmail.com > Cc: mif@ietf.org > Subject: RE: [mif] draft-ietf-mif-current-practices-00 > > > -----Original Message----- > > From: teemu.savolainen@nokia.com [mailto:teemu.savolainen@nokia.com] > > Sent: Monday, April 12, 2010 1:53 PM > > To: g_e_montenegro@yahoo.com; dwing@cisco.com; denghui02@gmail.com; Dave > > Thaler > > Cc: mif@ietf.org > > Subject: RE: [mif] draft-ietf-mif-current-practices-00 > > > > Hi, > > > > Why do you think #4 is not mif-specific? What possible use NRPT has for > single > > interfaced host? Or is the idea such that a host could have single > interface, > > but just use different DNS server for queries matching NRPT? > > Right. The NRPT is similar to a configured cache of NS records. > It's used to solve the problem of have access to multiple disjoint namespaces > (like corporate DNS and public DNS). Private names aren't resolvable in > the public DNS, so you have to know what DNS server to ask. > > > ....hmm... > > Do you consider a host using DirectAccess single or multi-interfaced? From > my > > quick reading of the DirectAccess feature, it sounds to be somewhere in > > between - not obviously multi-interface like the VPN-case is, but not quite > > single-interfaced either. > > Right it could be either one. > > > > > Is there a way to configure NRPT policies remotely via some protocol? > > Yes, it's designed to be configured by an enterprise administrator of the > organization that manages the host. So there's an authenticated, > configuration distribution protocol for ActiveDirectory-domain-joined hosts. > > -Dave > > > > > Thanks for explanation, > > > > Teemu > > > > > -----Original Message----- > > > From: mif-bounces@ietf.org [mailto:mif-bounces@ietf.org] On Behalf Of > > > ext gabriel montenegro > > > Sent: 08. huhtikuuta 2010 23:17 > > > To: Dan Wing; Hui Deng; Dave Thaler > > > Cc: mif@ietf.org > > > Subject: Re: [mif] draft-ietf-mif-current-practices-00 > > > > > > In addition to those three usages of "suffix": > > > > > > 1. Domain Search list suffix > > > 2. For interface-specific suffix list > > > 3. Suffix to control Dynamic DNS Updates > > > > > > There is yet another usage in Windows introduced in windows 7 and its > > > server counterpart, Windows Server 2008 R2: > > > > > > 4. Suffix in the NRPT [1] to aid in identifying a Namespace that > > > requires special handling, > > > as used for DirectAccess [2]. This is not MIF-specific either. > > > > > > Only #2 is MIF-specific (and this should be called out), but it makes > > > sense to clarify the > > > other uses of "suffix" otherwise #2 won't be clear. > > > > > > [1] NRPT: See http://technet.microsoft.com/en-us/magazine/ff394369.aspx > > > [2] DirectAcess: http://technet.microsoft.com/en- > > > us/magazine/2009.05.cableguy.aspx > > > > > > Gabriel > > > > > > ----- Original Message ---- > > > > From: Dan Wing <dwing@cisco.com> > > > > To: Hui Deng <denghui02@gmail.com>; Dave Thaler > > > <dthaler@microsoft.com> > > > > Cc: mif@ietf.org; Gabriel Montenegro <gmonte@microsoft.com> > > > > Sent: Thu, April 8, 2010 7:22:23 AM > > > > Subject: Re: [mif] draft-ietf-mif-current-practices-00 > > > > > > > > > > > > > > > -----Original Message----- > > > > From: Hui Deng [mailto:> ymailto="mailto:denghui02@gmail.com" > > > > href="mailto:denghui02@gmail.com">denghui02@gmail.com] > > > > Sent: > > > > Wednesday, April 07, 2010 7:29 PM > > > > To: Dave Thaler > > > > Cc: Dan Wing; > > > > Gabriel Montenegro; > href="mailto:mif@ietf.org">mif@ietf.org > > > > Subject: Re: [mif] > > > > draft-ietf-mif-current-practices-00 > > > > > > > > 2nd purpose has been > > > > documented in the current practice draft, > > > > whether 1st and 3rd purpose > > > > need to be documented as well? it may not > > > > directly related to > > > > MIF? > > > > > > Some operating systems -- e.g., most flavors of Unix -- do not > > > > support the > > > ability for sending different DNS queries to different DNS > > > > servers. > > > > > > It would be helpful if the draft more clearly described the > > > > functionality. > > > Someone unfamiliar with the Windows functionality, reading the > > > > draft, assumes > > > it is merely talking about the 'domain search list' -- because > > > > that is what > > > they are familiar with. > > > > > > I don't care how the draft > > > > is fixed to make it clearer. I propose describing > > > the 2 (and, as Dave > > > > pointed out, 3) functions. If you want to adjust the > > > document to > > > > instead talk about the per-interface stuff, that's great -- my > > > point is that > > > > right now it is insufficiently clear in explaining it. > > > > > > -d > > > > > > > > > > > -Hui > > > > > > > > 2010/4/7 Dave Thaler <> ymailto="mailto:dthaler@microsoft.com" > > > > href="mailto:dthaler@microsoft.com">dthaler@microsoft.com>: > > > > > > > > >> -----Original Message----- > > > > >> From: Dan Wing [mailto:> ymailto="mailto:dwing@cisco.com" > > > > href="mailto:dwing@cisco.com">dwing@cisco.com] > > > > >> Sent: > > > > Tuesday, April 06, 2010 11:52 AM > > > > >> To: Dave Thaler; 'Hui Deng'; > > > > Gabriel Montenegro > > > > >> Cc: > href="mailto:mif@ietf.org">mif@ietf.org > > > > >> Subject: RE: [mif] > > > > draft-ietf-mif-current-practices-00 > > > > >> > > > > >> > > > > > > > > >> > > > > >> > -----Original Message----- > > > > >> > > > > > From: Dave Thaler [mailto:> > > > href="mailto:dthaler@microsoft.com">dthaler@microsoft.com] > > > > >> > > > > > Sent: Tuesday, April 06, 2010 10:06 AM > > > > >> > To: Hui Deng; > > > > Dan Wing; Gabriel Montenegro > > > > >> > Cc: > ymailto="mailto:mif@ietf.org" > > > > href="mailto:mif@ietf.org">mif@ietf.org > > > > >> > Subject: RE: > > > > [mif] draft-ietf-mif-current-practices-00 > > > > >> > > > > > >> > > > > > Hui is correct, Windows has per-interface DNS server lists > > > > >> > > > > configured. > > > > >> > > > > > >> > It then uses a host-wide > > > > "effective" server list for an > > > > actual query, > > > > >> > > > > > where the effective server list may be different for > > > > different > > > > names. > > > > >> > > > > > >> > On Windows the per-interface > > > > suffix is actually termed the > > > > >> > "connection-specific DNS > > > > suffix" to distinguish it from the > > > > >> > "primary DNS suffix" of > > > > the machine. I think that's why > > > > >> > "interface-specific" was > > > > repeated in the first bullet. > > > > >> > > > > >> > > > > > > > > >> > > > > >> In draft-montenegro-mif-multihoming, there are two > > > > > > > > purposes and terms > > > > >> that > > > > >> seem to be > > > > intermingled using the term "DNS suffix". > > > > >> > > > > >> One > > > > purpose is the suffix for non-FQDN names, like > > > > "payroll" or > > > > "mail", > > > > >> which will have a suffix added to them (e.g., > target="_blank" > > > href="http://example.com">example.com). > > > > > > > > > > > > > > That's what windows calls the "DNS Suffix Search List" (see the > > > > > > > > > sample output I sent previously below). It's called the > > > > > > > > > "domain search list" in other places (like RFC 3397), or just > > > > > > > > > "search list" (RFC 1123). > > > > > > > > > >> The > > > > >> > > > > other purpose is deciding which DNS server will be be sent > > > > a query > > > > for > > > > >> a certain FQDN (e.g., queries for *.> > > > href="http://example.net">example.net go to one > > > > DNS server > > > > > > > > >> and queries for *.example.com go to a different DNS server). > > > > > > > > > > > > > > Another purpose is deciding which DNS server will receive a > > > > dynamic > > > > > update for a name with a certain suffix (e.g., Windows > > > > > > > > supports dynamic > > > > > updates for the primary DNS name, and > > > > optionally also the > > > > connection- > > > > > specific DNS name of the > > > > machine). > > > > > > > > > >> > > > > >> > > > > >> In > > > > draft-ietf-mif-current-practices-00, which is the WG document > > > > >> > > > > that seems to have boiled down draft-montenegro-mif-multihoming, > > > > > > > > >> but draft-ietf-mif-current-practices-00 also does not clearly > > > > > > > > >> separate the two purposes. > > > > > > > > > > Yep > > > > > > > > > > > > > > -Dave > > > > >> > > > > >> -d > > > > > > > > >> > > > > >> > > > > >> > Example on Windows, extracted > > > > from "ipconfig /all" output: > > > > >> > > > > > >> > Windows > > > > IP Configuration > > > > >> > > > > > >> > Host Name . . . > > > > . . . . . . . . . : dthaler-win7 > > > > >> > Primary Dns Suffix . > > > > . . . . . . : > > > > href="http://ntdev.corp.microsoft.com">ntdev.corp.microsoft.com > > > > > > > > >> > > > > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > > > >> > > > > > Node Type . . . . . . . . . . . . : Hybrid > > > > >> > IP > > > > Routing Enabled. . . . . . . . : No > > > > >> > WINS Proxy Enabled. > > > > . . . . . . . : No > > > > >> > DNS Suffix Search List. . . . . . : > > > > ntdev.corp.microsoft.com > > > > >> > > > > > > > > > href="http://redmond.corp.microsoft.com">redmond.corp.microsoft.com > > > > > > > > >> > > > > > href="http://ntdev.microsoft.com">ntdev.microsoft.com > > > > >> > > > > > > > > > href="http://dns.corp.microsoft.com">dns.corp.microsoft.com > > > > >> > > > > > System Quarantine State . . . . . : Not Restricted > > > > >> > > > > > > > > > >> > Wireless LAN adapter Wireless Network > > > > Connection: > > > > >> > > > > > >> > Connection-specific > > > > DNS Suffix . : > > > > href="http://hsd1.wa.comcast.net">hsd1.wa.comcast.net. > > > > >> > > > > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > > > >> > > > > > Description . . . . . . . . . . . : Intel(R) Wireless WiFi > > > > > > > > >> > Link 4965AGN > > > > >> > Physical Address. . . . . . > > > > . . . : 00-1D-E0-34-4F-6F > > > > >> > DHCP Enabled. . . . . . . . . > > > > . . : Yes > > > > >> > Autoconfiguration Enabled . . . . : > > > > Yes > > > > >> > Link-local IPv6 Address . . . . . : > > > > > > > > >> > fe80::4853:4753:9d8d:3b45%13(Preferred) > > > > >> > > > > > IPv4 Address. . . . . . . . . . . : 192.168.0.195(Preferred) > > > > >> > > > > > Subnet Mask . . . . . . . . . . . : 255.255.255.0 > > > > >> > > > > > Lease Obtained. . . . . . . . . . : Monday, April 05, 2010 > > > > >> > > > > > 10:19:02 PM > > > > >> > Lease Expires . . . . . . . . . . : > > > > Tuesday, April 06, > > > > >> > 2010 10:19:02 PM > > > > >> > > > > > Default Gateway . . . . . . . . . : 192.168.0.1 > > > > >> > DHCP > > > > Server . . . . . . . . . . . : 192.168.0.1 > > > > >> > DHCPv6 IAID > > > > . . . . . . . . . . . : 335551968 > > > > >> > DHCPv6 Client DUID. . > > > > . . . . . . : > > > > >> > > > > > 00-01-00-01-12-0C-E2-7A-00-1E-37-CC-8D-DD > > > > >> > > > > > >> > > > > > DNS Servers . . . . . . . . . . . : 2001:df8:0:1::25 > > > > >> > > > > > 192.168.0.1 > > > > >> > > > > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > > > >> > > > > > NetBIOS over Tcpip. . . . . . . . : Enabled > > > > >> > > > > > > > > > >> > -Dave > > > > >> > > > > > >> > > > > > > -----Original Message----- > > > > >> > > From: Hui Deng [mailto:> ymailto="mailto:denghui02@gmail.com" > > > > href="mailto:denghui02@gmail.com">denghui02@gmail.com] > > > > >> > > > > > > Sent: Monday, April 05, 2010 7:40 PM > > > > >> > > To: Dan > > > > Wing; Gabriel Montenegro; Dave Thaler > > > > >> > > Cc: > ymailto="mailto:mif@ietf.org" > > > > href="mailto:mif@ietf.org">mif@ietf.org > > > > >> > > Subject: > > > > Re: [mif] draft-ietf-mif-current-practices-00 > > > > >> > > > > > > > > > > >> > > DNS server always has specific interface related > > > > information, > > > > >> > > but the final DNS server will still be > > > > host based, I > > > > wouldn't say > > > > >> it > > > > >> > > > > > > is not correct. > > > > >> > > > > > > >> > > one > > > > example would be you have internet connection and vpn > > > > >> > > > > connection > > > > >> > > at the same time, > > > > >> > > > > > > good VPN implementation will always rely on VPN DNS server > > > > >> > > > > > information > > > > >> > > for Internet connection. > > > > > > > > >> > > > > > > >> > > -Hui > > > > >> > > > > > > > > > > >> > > 2010/3/31 Dan Wing <> ymailto="mailto:dwing@cisco.com" > > > > href="mailto:dwing@cisco.com">dwing@cisco.com>: > > > > >> > > > > > > > Section 3.2.1.3 of describes the DNS configuration > > > > of > > > > Windows, > > > > >> and > > > > >> > > says: > > > > >> > > > > > > > > > > > >> > > > "Interface specific DNS > > > > configuration can be input > > > > via static > > > > >> > > > > > > > configuration or via DHCP. It includes: > > > > >> > > > > > > > > > > > >> > > > o An interface-specific suffix list. > > > > >> > > > > > > > > > > > >> > > > o A list of DNS server IP > > > > addresses." > > > > >> > > > > > > > >> > > > It > > > > is curious that the first bullet repeats "interface > > > > >> > > > > > specific", but > > > > >> > > the > > > > >> > > > > > > > second bullet does not repeat it. A reasonable > > > > interpretation > > > > is > > > > >> > > that the > > > > >> > > > second > > > > bullet is not interface-specific, but the > > > > lead-in sentence > > > > > > > > >> > > says this is > > > > >> > > > > > > > interface-specific. I was hoping > > > > >> > > > > > draft-montenegro-mif-multihoming-00 > > > > >> > > would > > > > > > > > >> > > > clarify, but it doesn't. > > > > >> > > > > > > > > > > > >> > > > -d > > > > >> > > > > > > > > > > > >> > > > _______________________________________________ > > > > > > > > >> > > > mif mailing list > > > > >> > > > > ymailto="mailto:mif@ietf.org" > > > > href="mailto:mif@ietf.org">mif@ietf.org > > > > >> > > > > href="https://www.ietf.org/mailman/listinfo/mif" > > > target=_blank > > > > >https://www.ietf.org/mailman/listinfo/mif > > > > >> > > > > > > > > > > > >> > > > > > >> > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > mif mailing > > > > list > > > > href="mailto:mif@ietf.org">mif@ietf.org > > > > href="https://www.ietf.org/mailman/listinfo/mif" target=_blank > > > > >https://www.ietf.org/mailman/listinfo/mif > > > _______________________________________________ > > > mif mailing list > > > mif@ietf.org > > > https://www.ietf.org/mailman/listinfo/mif
- [mif] draft-ietf-mif-current-practices-00 Dan Wing
- Re: [mif] draft-ietf-mif-current-practices-00 Hui Deng
- Re: [mif] draft-ietf-mif-current-practices-00 gabriel montenegro
- Re: [mif] draft-ietf-mif-current-practices-00 Dan Wing
- Re: [mif] draft-ietf-mif-current-practices-00 Dan Wing
- Re: [mif] draft-ietf-mif-current-practices-00 Dave Thaler
- Re: [mif] draft-ietf-mif-current-practices-00 Dave Thaler
- Re: [mif] draft-ietf-mif-current-practices-00 Hui Deng
- Re: [mif] draft-ietf-mif-current-practices-00 Dan Wing
- Re: [mif] draft-ietf-mif-current-practices-00 gabriel montenegro
- Re: [mif] draft-ietf-mif-current-practices-00 Hui Deng
- Re: [mif] draft-ietf-mif-current-practices-00 gabriel montenegro
- Re: [mif] draft-ietf-mif-current-practices-00 Dan Wing
- Re: [mif] draft-ietf-mif-current-practices-00 teemu.savolainen
- Re: [mif] draft-ietf-mif-current-practices-00 Dave Thaler
- Re: [mif] draft-ietf-mif-current-practices-00 Dave Thaler
- Re: [mif] draft-ietf-mif-current-practices-00 gabriel montenegro
- Re: [mif] draft-ietf-mif-current-practices-00 teemu.savolainen