RE: (ngtrans) Last call on draft-ietf-ngtrans-dns-ops-req-02.txt

[Pekka Savola <pekkas@netcore.fi>]

On Sun, 21 Oct 2001, Randy Bush wrote:
> >> the task of this wg is to develop strategies and techniques for
> >> transitioning from a pure v4 internet to a mostly v6 internet over
> >> a period of a long time, i.e. a decade or N.  in the solution
> >> space, it is not reasonable for there to be one or more partitions
> >> where internet hostsand running v4 can not locate and reach
> >> internet hosts running v6 or vice versa.
> > But the questions (that haven't been answered properly, or asked for that
> > matter) are, "does this have to be done now?" and "do we know _yet_ that
> > this approach is the best one in the long run?").
> 
> this is not an 'approach', i.e. solution, tool, ...  it is a requirement.

There seem to be some hints for a certain approach in itself, for example:

--8<--
   The IPv6 resolver MUST have a way to discover the bridging systems.
   This discovery mechanism MUST also have good scaling properties.
--8<--

This seems to require that every IPv6 resolving node must be able to do
the discovery; the discovery cannot be "delegated" to certain (type-of, 
possibly) servers.

Using the word "discover" hints at non-manual configuration (e.g.  
anycast).

--8<--
7. Security considerations


   Any bridging system, acting as open relay, could be misused to create
   denial of service attacks on external DNS servers.  Some provision
   should be made in the design of those relay to deal with this issue.
--8<--

This is nothing new and can be done today with about any DNS server (e.g. 
request recursion).

-- 
Pekka Savola                 "Tell me of difficulties surmounted,
Netcore Oy                   not those you stumble over and fall"
Systems. Networks. Security.  -- Robert Jordan: A Crown of Swords