IETF Logo Mail Archive

Re: [sunset4] future of dnssec?

"Marc Blanchet" <marc.blanchet@viagenie.ca> Wed, 22 February 2017 15:00 UTC

Return-Path: <marc.blanchet@viagenie.ca>
X-Original-To: sunset4@ietfa.amsl.com
Delivered-To: sunset4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 320021299D3 for <sunset4@ietfa.amsl.com>; Wed, 22 Feb 2017 07:00:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fKjYkadM90H6 for <sunset4@ietfa.amsl.com>; Wed, 22 Feb 2017 07:00:34 -0800 (PST)
Received: from jazz.viagenie.ca (jazz.viagenie.ca [IPv6:2620:0:230:8000::2]) by ietfa.amsl.com (Postfix) with ESMTP id 435F31299CE for <sunset4@ietf.org>; Wed, 22 Feb 2017 07:00:34 -0800 (PST)
Received: from [206.123.31.226] (h226.viagenie.ca [206.123.31.226]) by jazz.viagenie.ca (Postfix) with ESMTPSA id E9885475A3; Wed, 22 Feb 2017 10:00:32 -0500 (EST)
From: Marc Blanchet <marc.blanchet@viagenie.ca>
To: Mark Andrews <marka@isc.org>
Date: Wed, 22 Feb 2017 10:00:30 -0500
Message-ID: <8C2DC5DB-88CA-4541-BE50-C23088F77867@viagenie.ca>
In-Reply-To: <20170222143629.9E9C56454B08@rock.dv.isc.org>
References: <6536E263028723489CCD5B6821D4B21334D566F0@UK30S005EXS06.EEAD.EEINT.CO.UK> <B5E8C545-55B9-4ECB-B0C8-C3EEFEECD320@fugue.com> <20170222143629.9E9C56454B08@rock.dv.isc.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Mailer: MailMate (1.9.6r5347)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sunset4/lyqmGJ8QYpXT4DM_UqXH18hZqt4>
Cc: "sunset4@ietf.org" <sunset4@ietf.org>
Subject: Re: [sunset4] future of dnssec?
X-BeenThere: sunset4@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: sunset4 working group discussion list <sunset4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sunset4>, <mailto:sunset4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sunset4/>
List-Post: <mailto:sunset4@ietf.org>
List-Help: <mailto:sunset4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sunset4>, <mailto:sunset4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Feb 2017 15:00:36 -0000

On 22 Feb 2017, at 9:36, Mark Andrews wrote:

> In message <B5E8C545-55B9-4ECB-B0C8-C3EEFEECD320@fugue.com>, Ted Lemon 
> writes:
>>
>> Nick, the solution to this is to do DNS64 in the validator.   If the
>> validator is a stub resolver, do the DNS64 hack there.   AFAIK the
>> technology to support this already exists.
>
> DNS64 really should just be made historic.  It does not work with
> DNSSEC.  There has NEVER been a NEED for NAT64 or DNS64.  They
> provides NO BENEFIT over other methods.  Every proported benefit
> turns out not to exist.
>
> Go do the comparitive analysis.

I respectfully disagree. dual-stack incur many additional costs 
operationally. deploying v6only infrastructure is more cost effective, 
specially over the long run. nowadays, statistics show that a large 
amount of trafic could be carried over IPv6, which means then that you 
« just » need to care about the tail of the IPv4-only destinations, 
which is where nat64/dns64 comes. But I guess you know all this.

Marc.

>
>>> On Feb 22, 2017, at 7:23 AM, Heatley, Nick <nick.heatley@ee.co.uk>
>> wrote:
>>>
>>> Post exhaustion, the majority of cellular networks and some public 
>>> wifi
>> networks will use DNS64.
>>> DNSSEC and DNS64 do not get along. DNSSEC for “A records only” 
>>> is
>> broken.
>>> Is this the reason why all content must go v6?
>>> Or is the case for DNSSEC still questionable?
>>> Or do end hosts need to perform DNS64 so “DNSSEC for A records 
>>> only”
>> can be intact?
>>>
>>> NOTICE AND DISCLAIMER
>>> This email contains BT information, which may be privileged or
>> confidential. It's meant only for the individual(s) or entity named
>> above.
>>> If you're not the intended recipient, note that disclosing, copying,
>> distributing or using this information is prohibited.
>>> If you've received this email in error, please let me know 
>>> immediately
>> on the email address above. Thank you.
>>>
>>> We monitor our email system, and may record your emails.
>>>
>>> EE Limited
>>> Registered office:Trident Place, Mosquito Way, Hatfield, 
>>> Hertfordshire,
>> AL10 9BW
>>> Registered in England no: 02382161
>>>
>>> EE Limited is a wholly owned subsidiary of:
>>>
>>> British Telecommunications plc
>>> Registered office: 81 Newgate Street London EC1A 7AJ
>>> Registered in England no: 1800000
>>>
>>> _______________________________________________
>>> sunset4 mailing list
>>> sunset4@ietf.org <mailto:sunset4@ietf.org>
>>> https://www.ietf.org/mailman/listinfo/sunset4
>> <https://www.ietf.org/mailman/listinfo/sunset4>
>
> -- 
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org
>
> _______________________________________________
> sunset4 mailing list
> sunset4@ietf.org
> https://www.ietf.org/mailman/listinfo/sunset4

v2.23.0 | Report a Bug | By Email