Re: [sunset4] future of dnssec?
"Marc Blanchet" <marc.blanchet@viagenie.ca> Wed, 22 February 2017 15:00 UTC
Return-Path: <marc.blanchet@viagenie.ca>
X-Original-To: sunset4@ietfa.amsl.com
Delivered-To: sunset4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 320021299D3 for <sunset4@ietfa.amsl.com>; Wed, 22 Feb 2017 07:00:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fKjYkadM90H6 for <sunset4@ietfa.amsl.com>; Wed, 22 Feb 2017 07:00:34 -0800 (PST)
Received: from jazz.viagenie.ca (jazz.viagenie.ca [IPv6:2620:0:230:8000::2]) by ietfa.amsl.com (Postfix) with ESMTP id 435F31299CE for <sunset4@ietf.org>; Wed, 22 Feb 2017 07:00:34 -0800 (PST)
Received: from [206.123.31.226] (h226.viagenie.ca [206.123.31.226]) by jazz.viagenie.ca (Postfix) with ESMTPSA id E9885475A3; Wed, 22 Feb 2017 10:00:32 -0500 (EST)
From: Marc Blanchet <marc.blanchet@viagenie.ca>
To: Mark Andrews <marka@isc.org>
Date: Wed, 22 Feb 2017 10:00:30 -0500
Message-ID: <8C2DC5DB-88CA-4541-BE50-C23088F77867@viagenie.ca>
In-Reply-To: <20170222143629.9E9C56454B08@rock.dv.isc.org>
References: <6536E263028723489CCD5B6821D4B21334D566F0@UK30S005EXS06.EEAD.EEINT.CO.UK> <B5E8C545-55B9-4ECB-B0C8-C3EEFEECD320@fugue.com> <20170222143629.9E9C56454B08@rock.dv.isc.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Mailer: MailMate (1.9.6r5347)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sunset4/lyqmGJ8QYpXT4DM_UqXH18hZqt4>
Cc: "sunset4@ietf.org" <sunset4@ietf.org>
Subject: Re: [sunset4] future of dnssec?
X-BeenThere: sunset4@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: sunset4 working group discussion list <sunset4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sunset4>, <mailto:sunset4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sunset4/>
List-Post: <mailto:sunset4@ietf.org>
List-Help: <mailto:sunset4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sunset4>, <mailto:sunset4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Feb 2017 15:00:36 -0000
On 22 Feb 2017, at 9:36, Mark Andrews wrote: > In message <B5E8C545-55B9-4ECB-B0C8-C3EEFEECD320@fugue.com>, Ted Lemon > writes: >> >> Nick, the solution to this is to do DNS64 in the validator. If the >> validator is a stub resolver, do the DNS64 hack there. AFAIK the >> technology to support this already exists. > > DNS64 really should just be made historic. It does not work with > DNSSEC. There has NEVER been a NEED for NAT64 or DNS64. They > provides NO BENEFIT over other methods. Every proported benefit > turns out not to exist. > > Go do the comparitive analysis. I respectfully disagree. dual-stack incur many additional costs operationally. deploying v6only infrastructure is more cost effective, specially over the long run. nowadays, statistics show that a large amount of trafic could be carried over IPv6, which means then that you « just » need to care about the tail of the IPv4-only destinations, which is where nat64/dns64 comes. But I guess you know all this. Marc. > >>> On Feb 22, 2017, at 7:23 AM, Heatley, Nick <nick.heatley@ee.co.uk> >> wrote: >>> >>> Post exhaustion, the majority of cellular networks and some public >>> wifi >> networks will use DNS64. >>> DNSSEC and DNS64 do not get along. DNSSEC for “A records only” >>> is >> broken. >>> Is this the reason why all content must go v6? >>> Or is the case for DNSSEC still questionable? >>> Or do end hosts need to perform DNS64 so “DNSSEC for A records >>> only” >> can be intact? >>> >>> NOTICE AND DISCLAIMER >>> This email contains BT information, which may be privileged or >> confidential. It's meant only for the individual(s) or entity named >> above. >>> If you're not the intended recipient, note that disclosing, copying, >> distributing or using this information is prohibited. >>> If you've received this email in error, please let me know >>> immediately >> on the email address above. Thank you. >>> >>> We monitor our email system, and may record your emails. >>> >>> EE Limited >>> Registered office:Trident Place, Mosquito Way, Hatfield, >>> Hertfordshire, >> AL10 9BW >>> Registered in England no: 02382161 >>> >>> EE Limited is a wholly owned subsidiary of: >>> >>> British Telecommunications plc >>> Registered office: 81 Newgate Street London EC1A 7AJ >>> Registered in England no: 1800000 >>> >>> _______________________________________________ >>> sunset4 mailing list >>> sunset4@ietf.org <mailto:sunset4@ietf.org> >>> https://www.ietf.org/mailman/listinfo/sunset4 >> <https://www.ietf.org/mailman/listinfo/sunset4> > > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: marka@isc.org > > _______________________________________________ > sunset4 mailing list > sunset4@ietf.org > https://www.ietf.org/mailman/listinfo/sunset4
- [sunset4] future of dnssec? Heatley, Nick
- Re: [sunset4] future of dnssec? Ca By
- Re: [sunset4] future of dnssec? Ted Lemon
- Re: [sunset4] future of dnssec? Ted Lemon
- Re: [sunset4] future of dnssec? Mark Andrews
- Re: [sunset4] future of dnssec? Mark Andrews
- Re: [sunset4] future of dnssec? Marc Blanchet
- Re: [sunset4] future of dnssec? Ca By
- Re: [sunset4] future of dnssec? Ted Lemon
- Re: [sunset4] future of dnssec? Philip Homburg
- Re: [sunset4] future of dnssec? Ted Lemon
- Re: [sunset4] future of dnssec? Michael Richardson
- Re: [sunset4] future of dnssec? Mark Andrews
- Re: [sunset4] future of dnssec? Mark Andrews
- Re: [sunset4] future of dnssec? Mark Andrews
- Re: [sunset4] future of dnssec? Ted Lemon
- Re: [sunset4] future of dnssec? Heatley, Nick
- Re: [sunset4] future of dnssec? Mark Andrews
- Re: [sunset4] future of dnssec? Heatley, Nick
- Re: [sunset4] future of dnssec? Sander Steffann
- Re: [sunset4] future of dnssec? Mark Andrews
- Re: [sunset4] future of dnssec? Mark Andrews
- Re: [sunset4] future of dnssec? Sander Steffann
- Re: [sunset4] future of dnssec? Mark Andrews