Re: [sunset4] future of dnssec?
Mark Andrews <marka@isc.org> Wed, 22 February 2017 21:21 UTC
Return-Path: <marka@isc.org>
X-Original-To: sunset4@ietfa.amsl.com
Delivered-To: sunset4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E7EB5129B5A for <sunset4@ietfa.amsl.com>; Wed, 22 Feb 2017 13:21:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.902
X-Spam-Level:
X-Spam-Status: No, score=-6.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id owI5cazBUppR for <sunset4@ietfa.amsl.com>; Wed, 22 Feb 2017 13:21:29 -0800 (PST)
Received: from mx.ams1.isc.org (mx.ams1.isc.org [199.6.1.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ED924129B55 for <sunset4@ietf.org>; Wed, 22 Feb 2017 13:21:28 -0800 (PST)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.ams1.isc.org (Postfix) with ESMTPS id 911E324AE08; Wed, 22 Feb 2017 21:20:09 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 6ECA816006E; Wed, 22 Feb 2017 21:20:08 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 5812916006D; Wed, 22 Feb 2017 21:20:08 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id rlwkKPEREtz8; Wed, 22 Feb 2017 21:20:08 +0000 (UTC)
Received: from rock.dv.isc.org (c27-253-115-14.carlnfd2.nsw.optusnet.com.au [27.253.115.14]) by zmx1.isc.org (Postfix) with ESMTPSA id D4D6F160048; Wed, 22 Feb 2017 21:20:07 +0000 (UTC)
Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id 9F5E46455E2A; Thu, 23 Feb 2017 08:20:04 +1100 (EST)
To: Ted Lemon <mellon@fugue.com>
From: Mark Andrews <marka@isc.org>
References: <6536E263028723489CCD5B6821D4B21334D566F0@UK30S005EXS06.EEAD.EEINT.CO.UK> <B5E8C545-55B9-4ECB-B0C8-C3EEFEECD320@fugue.com> <20170222143629.9E9C56454B08@rock.dv.isc.org> <AC554B0E-709B-474D-97BD-C2518CED2266@fugue.com>
In-reply-to: Your message of "Wed, 22 Feb 2017 11:35:26 -0500." <AC554B0E-709B-474D-97BD-C2518CED2266@fugue.com>
Date: Thu, 23 Feb 2017 08:20:04 +1100
Message-Id: <20170222212004.9F5E46455E2A@rock.dv.isc.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/sunset4/xPHv106WuDmG0rdkYzuM6PNda_c>
Cc: "Heatley, Nick" <nick.heatley@ee.co.uk>, "sunset4@ietf.org" <sunset4@ietf.org>
Subject: Re: [sunset4] future of dnssec?
X-BeenThere: sunset4@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: sunset4 working group discussion list <sunset4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sunset4>, <mailto:sunset4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sunset4/>
List-Post: <mailto:sunset4@ietf.org>
List-Help: <mailto:sunset4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sunset4>, <mailto:sunset4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Feb 2017 21:21:30 -0000
In message <AC554B0E-709B-474D-97BD-C2518CED2266@fugue.com>, Ted Lemon writes: > > On Feb 22, 2017, at 9:36 AM, Mark Andrews <marka@isc.org> wrote: > > DNS64 really should just be made historic. It does not work with > > DNSSEC. There has NEVER been a NEED for NAT64 or DNS64. They > > provides NO BENEFIT over other methods. Every proported benefit > > turns out not to exist. > > (A) I find NAT64 to be a very convenient solution, and best of all it = > tests IPv6 functionality in apps, so I know which apps will not work on = > a v6-only network. > (B) DNS64 works _fine_ with DNSSEC as long as you do the DNS64 = > translation _after you validate_. And have managed to update EVERY DNSSEC validator in the DNS path from the DNS64 server to the final DNSSEC validator to do DNS64 prefix discovery and that you are willing to forego any other use of AAAA records other than to lookup host addresses. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
- [sunset4] future of dnssec? Heatley, Nick
- Re: [sunset4] future of dnssec? Ca By
- Re: [sunset4] future of dnssec? Ted Lemon
- Re: [sunset4] future of dnssec? Ted Lemon
- Re: [sunset4] future of dnssec? Mark Andrews
- Re: [sunset4] future of dnssec? Mark Andrews
- Re: [sunset4] future of dnssec? Marc Blanchet
- Re: [sunset4] future of dnssec? Ca By
- Re: [sunset4] future of dnssec? Ted Lemon
- Re: [sunset4] future of dnssec? Philip Homburg
- Re: [sunset4] future of dnssec? Ted Lemon
- Re: [sunset4] future of dnssec? Michael Richardson
- Re: [sunset4] future of dnssec? Mark Andrews
- Re: [sunset4] future of dnssec? Mark Andrews
- Re: [sunset4] future of dnssec? Mark Andrews
- Re: [sunset4] future of dnssec? Ted Lemon
- Re: [sunset4] future of dnssec? Heatley, Nick
- Re: [sunset4] future of dnssec? Mark Andrews
- Re: [sunset4] future of dnssec? Heatley, Nick
- Re: [sunset4] future of dnssec? Sander Steffann
- Re: [sunset4] future of dnssec? Mark Andrews
- Re: [sunset4] future of dnssec? Mark Andrews
- Re: [sunset4] future of dnssec? Sander Steffann
- Re: [sunset4] future of dnssec? Mark Andrews