Re: (ngtrans) draft-ietf-ngtrans-dns-ops-req-03.txt
Alain Durand <Alain.Durand@sun.com> Tue, 11 December 2001 17:16 UTC
Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA20943 for <ngtrans-archive@odin.ietf.org>; Tue, 11 Dec 2001 12:16:39 -0500 (EST)
Received: from engmail2.Eng.Sun.COM ([129.146.1.25]) by mercury.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id JAA29603; Tue, 11 Dec 2001 09:14:33 -0800 (PST)
Received: from sunroof.eng.sun.com (sunroof.Eng.Sun.COM [129.146.168.88]) by engmail2.Eng.Sun.COM (8.9.3+Sun/8.9.3/ENSMAIL,v2.1p1) with ESMTP id JAA19838; Tue, 11 Dec 2001 09:14:18 -0800 (PST)
Received: from sunroof.eng.sun.com (localhost [127.0.0.1]) by sunroof.eng.sun.com (8.12.2.Beta1+Sun/8.12.2.Beta1) with ESMTP id fBBHDtvU021756 for <ngtrans-dist@sunroof.eng.sun.com>; Tue, 11 Dec 2001 09:13:55 -0800 (PST)
Received: (from majordomo@localhost) by sunroof.eng.sun.com (8.12.2.Beta1+Sun/8.12.2.Beta1/Submit) id fBBHDtiw021755 for ngtrans-dist; Tue, 11 Dec 2001 09:13:55 -0800 (PST)
X-Authentication-Warning: sunroof.eng.sun.com: majordomo set sender to owner-ngtrans@sunroof.eng.sun.com using -f
Received: from jurassic.eng.sun.com (jurassic [129.146.82.166] (may be forged)) by sunroof.eng.sun.com (8.12.2.Beta1+Sun/8.12.2.Beta1) with ESMTP id fBBHDqvU021748 for <ngtrans@sunroof.eng.sun.com>; Tue, 11 Dec 2001 09:13:52 -0800 (PST)
Received: from rouget.sun.com (vpn-129-150-5-140.EBay.Sun.COM [129.150.5.140]) by jurassic.eng.sun.com (8.12.2.Beta1+Sun/8.12.2.Beta1) with ESMTP id fBBHDqbG284408; Tue, 11 Dec 2001 09:13:52 -0800 (PST)
Message-Id: <5.1.0.14.0.20011211084929.00b194c0@jurassic.eng.sun.com>
X-Sender: durand@jurassic.eng.sun.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Tue, 11 Dec 2001 09:02:13 -0800
To: itojun@iijlab.net
From: Alain Durand <Alain.Durand@sun.com>
Subject: Re: (ngtrans) draft-ietf-ngtrans-dns-ops-req-03.txt
Cc: ngtrans@sunroof.eng.sun.com
In-Reply-To: <10591.1008086704@itojun.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Sender: owner-ngtrans@sunroof.eng.sun.com
Precedence: bulk
Reply-To: Alain Durand <Alain.Durand@sun.com>
At 01:05 AM 12/12/2001 +0900, itojun@iijlab.net wrote: > I do not understand why DNS is so special for you. It is special because it is a key component of the Internet infrastructure. Break DNS and everything else break. See also RFC2826. I always said that interoperabilty between IPv4 and IPv6 nodes had a price and that 100% interoperability was not always necessary nad may not be worth the trouble to get it. The point argued here is that DNS is a case where this 100% interoperability is necessary. > when you are on an IPv6-only node and needs to access IPv4-only > resources, you either: > - make your node dual stack by configuring IPv4 connectivity, > by routing IPv4, DSTM, whatever > - use translators at the site exit point, like NAT-PT > > IMHO this is no different for DNS servers/resolvers. > if you are an IPv6-only recursive DNS resolver, and you need to > look up > resources on IPv4-only DNS servers, you need an IPv4 connectivity, or > you use DNS-ALG at the site exit point. another point in this is > that > we don't need public open relay bridging system - transition > mechanisms > can be installed per site (so it is the matter of site > configuration). Doing this at site boundary requires at one IPv4 address per site. There will be IPv6 only sites/networks/ISPs in the future with no IPv4 at all, so while this approach works now it does not work in the long run. Due to the extraordinary amount of time it takes to change the resolvers, we have to address the long term problem now. > if I mimic the logic in the draft, we'll need public open relay > bridging system for HTTP, as HTTP has redirect: header and can invite > you from IPv6 server to IPv4 server (chain of referrals). > > the thing that worries me very much is the recent trend in the > ngtrans wg - the use of public datagram open relay for transition > technologies. they behave very badly if abused. > it includes 6to4, shipworm, and this draft. I agree that whatever solution is designed, it will have to address security concerns. - Alain.
- Re: (ngtrans) draft-ietf-ngtrans-dns-ops-req-03.t… Alain Durand
- (ngtrans) draft-ietf-ngtrans-dns-ops-req-03.txt Alain Durand
- Re: (ngtrans) draft-ietf-ngtrans-dns-ops-req-03.t… Alain Durand
- Re: (ngtrans) draft-ietf-ngtrans-dns-ops-req-03.t… Jim Fleming
- Re: (ngtrans) draft-ietf-ngtrans-dns-ops-req-03.t… itojun