Re: [v6ops] 464xlat case study (was reclassify 464XLAT as standard instead of info)
Mark Andrews <marka@isc.org> Thu, 28 September 2017 08:33 UTC
Return-Path: <marka@isc.org>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B448135601 for <v6ops@ietfa.amsl.com>; Thu, 28 Sep 2017 01:33:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LGGDJ5AAvH6v for <v6ops@ietfa.amsl.com>; Thu, 28 Sep 2017 01:33:02 -0700 (PDT)
Received: from mx.ams1.isc.org (mx.ams1.isc.org [199.6.1.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 400271355F5 for <v6ops@ietf.org>; Thu, 28 Sep 2017 01:32:55 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.ams1.isc.org (Postfix) with ESMTPS id 021C924AF7B; Thu, 28 Sep 2017 08:31:27 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 8F261160048; Thu, 28 Sep 2017 08:31:34 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 60C79160082; Thu, 28 Sep 2017 08:31:34 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id s0yePElgIbY0; Thu, 28 Sep 2017 08:31:34 +0000 (UTC)
Received: from rock.dv.isc.org (c27-253-115-14.carlnfd2.nsw.optusnet.com.au [27.253.115.14]) by zmx1.isc.org (Postfix) with ESMTPSA id D721C160048; Thu, 28 Sep 2017 08:31:33 +0000 (UTC)
Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id B6CD1886F0C8; Thu, 28 Sep 2017 18:31:31 +1000 (AEST)
To: jordi.palet@consulintel.es
Cc: v6ops@ietf.org
From: Mark Andrews <marka@isc.org>
References: <LO1P123MB01168388285206BB7C26F029EA7A0@LO1P123MB0116.GBRP123.PROD.OUTLOOK.COM> <46045DAA-9096-43BA-A5FD-571232767726@google.com> <CAKD1Yr3vziaHfkR+hQ7QHXaz7QraKH2HLUVXUW63GpnOAj4JoQ@mail.gmail.com> <E72C3FBE-57A4-4058-B9E5-F7392C9E9101@google.com> <LO1P123MB0116805F9A18932E2D0694FEEA780@LO1P123MB0116.GBRP123.PROD.OUTLOOK.COM> <1496304E-54BE-47FA-A7F1-1AA6E163DAB1@employees.org> <CAD6AjGQdMFgv4727wHm41HmEyo2Z-PCabPHPSRSVwOi_rey7OQ@mail.gmail.com> <CAKD1Yr03zsuSBqPegs6RNbBqnJizUOLZwH+rNDi1Ocg4k+mARQ@mail.gmail.com> <20170928030630.DD2D08867238@rock.dv.isc.org> <alpine.DEB.2.20.1709280753080.18564@uplift.swm.pp.se> <20170928074105.BCB99886E538@rock.dv.isc.org> <911FED7C-63A7-4F55-A3FE-F97B492E4E82@consulintel.es>
In-reply-to: Your message of "Thu, 28 Sep 2017 10:04:03 +0200." <911FED7C-63A7-4F55-A3FE-F97B492E4E82@consulintel.es>
Date: Thu, 28 Sep 2017 18:31:31 +1000
Message-Id: <20170928083131.B6CD1886F0C8@rock.dv.isc.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/BO4h8wAXX3odpKwbU0CMxm0sR2U>
Subject: Re: [v6ops] 464xlat case study (was reclassify 464XLAT as standard instead of info)
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Sep 2017 08:33:03 -0000
In message <911FED7C-63A7-4F55-A3FE-F97B492E4E82@consulintel.es>, JORDI PALET M ARTINEZ writes: > You can have a DNS validator, aware of DNS64. > > In the worst case, if you dont like having a DNS validator aware of > DNS64, a much simpler solution is to NOT use DNS64. > > 464XLAT works also in that scenario, you just force all the IPv4-only > traffic to be translated at both sides the CLAT and the PLAT. This is not > worse than when you do NAT44. > > As this traffic is going to be less and less IPv4, again this is not an > issue. > > Regards, > Jordi Please go and re-read what is below. You cannot discover the prefix using correctly configured DNS software as things currently stand. Now if you tell IANA to add a insecure delegation for ipv4only.arpa one can discover the prefix but as things currently stand it is impossible. Mark > -----Mensaje original----- > De: v6ops <v6ops-bounces@ietf.org> en nombre de Mark Andrews > <marka@isc.org> > Responder a: <marka@isc.org> > Fecha: jueves, 28 de septiembre de 2017, 9:42 > Para: Mikael Abrahamsson <swmike@swm.pp.se> > CC: "Heatley, N, Nick, TQB R" <nick.heatley@bt.com>, IPv6 Ops WG > <v6ops@ietf.org>, james woodyatt <jhw@google.com> > Asunto: Re: v6ops 464xlat case study (was reclassify 464XLAT as standard > instead of info) > > > In message <alpine.DEB.2.20.1709280753080.18564@uplift.swm.pp.se>, > Mikael Abrah > amsson writes: > > So while I sympathize your "breaks DNSSEC" objection, 464XLAT > actually > > doesn't do that. DNS64 does. If all devices had 464XLAT then you > wouldn't > > have to do DNS64 (apart from the well-known "prefix detection" > zones. > > You do know the RFC 7050 doesn't work with DNSSEC validation enabled. > RFC 7050 specifies CD=0. > > ipv4only.arpa/AAAA (CD=0) -> validating recursive server > (or local validating cache) > ipv4only.arpa/AAAA (CD=0) -> DNS64 server > ipv4only.arpa/AAAA ANCOUNT>0 -> validating recursive server > (or local validating cache) > > rejected as ipv4only.arpa is signed. > > SERVFAIL -> client > > Lets try with CD=1 > > ipv4only.arpa/AAAA (CD=1) -> validating recursive server > (or local validating cache) > ipv4only.arpa/AAAA (CD=1) -> DNS64 server (no synthesis as CD=1) > ipv4only.arpa/AAAA ANCOUNT=0 -> validating recursive server > (or local validating cache) > ipv4only.arpa/AAAA ANCOUNT=0 -> client (no prefixea found) > > To get it to work the validating recursive server has to detect > that prefix discover is occuring. Perform its own prefix discovery. > Synthesis a prefix discover response. > > So yes 464XLAT does require DNSSEC to be broken. > > Mark > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: marka@isc.org > > _______________________________________________ > v6ops mailing list > v6ops@ietf.org > https://www.ietf.org/mailman/listinfo/v6ops > > > > > ********************************************** > IPv4 is over > Are you ready for the new Internet ? > http://www.consulintel.es > The IPv6 Company > > This electronic message contains information which may be privileged or > confidential. The information is intended to be for the exclusive use of > the individual(s) named above and further non-explicilty authorized > disclosure, copying, distribution or use of the contents of this > information, even if partially, including attached files, is strictly > prohibited and will be considered a criminal offense. If you are not the > intended recipient be aware that any disclosure, copying, distribution or > use of the contents of this information, even if partially, including > attached files, is strictly prohibited, will be considered a criminal > offense, so you must reply to the original sender to inform about this > communication and delete it. > > > > _______________________________________________ > v6ops mailing list > v6ops@ietf.org > https://www.ietf.org/mailman/listinfo/v6ops -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
- [v6ops] 464xlat case study (was reclassify 464XLA… Heatley,N,Nick,TQB R
- Re: [v6ops] 464xlat case study (was reclassify 46… Alexandre Petrescu
- Re: [v6ops] 464xlat case study (was reclassify 46… Fred Baker
- Re: [v6ops] 464xlat case study (was reclassify 46… Simon Hobson
- Re: [v6ops] 464xlat case study (was reclassify 46… JORDI PALET MARTINEZ
- Re: [v6ops] 464xlat case study (was reclassify 46… Mark Andrews
- Re: [v6ops] 464xlat case study (was reclassify 46… Heatley,N,Nick,TQB R
- Re: [v6ops] 464xlat case study (was reclassify 46… james woodyatt
- Re: [v6ops] 464xlat case study (was reclassify 46… JORDI PALET MARTINEZ
- Re: [v6ops] 464xlat case study (was reclassify 46… Mark Andrews
- Re: [v6ops] 464xlat case study (was reclassify 46… Lorenzo Colitti
- Re: [v6ops] 464xlat case study (was reclassify 46… james woodyatt
- Re: [v6ops] 464xlat case study (was reclassify 46… Heatley,N,Nick,TQB R
- Re: [v6ops] 464xlat case study (was reclassify 46… james woodyatt
- Re: [v6ops] 464xlat case study (was reclassify 46… Fred Baker
- Re: [v6ops] 464xlat case study (was reclassify 46… Ole Troan
- Re: [v6ops] 464xlat case study (was reclassify 46… Ca By
- Re: [v6ops] 464xlat case study (was reclassify 46… Mark Andrews
- Re: [v6ops] 464xlat case study (was reclassify 46… Ca By
- Re: [v6ops] 464xlat case study (was reclassify 46… Lorenzo Colitti
- Re: [v6ops] 464xlat case study (was reclassify 46… Lorenzo Colitti
- Re: [v6ops] 464xlat case study (was reclassify 46… Lorenzo Colitti
- Re: [v6ops] 464xlat case study (was reclassify 46… Mark Andrews
- Re: [v6ops] 464xlat case study (was reclassify 46… Lorenzo Colitti
- Re: [v6ops] 464xlat case study (was reclassify 46… Mark Andrews
- Re: [v6ops] 464xlat case study (was reclassify 46… Fred Baker
- Re: [v6ops] 464xlat case study (was reclassify 46… Fred Baker
- Re: [v6ops] 464xlat case study (was reclassify 46… Mikael Abrahamsson
- Re: [v6ops] 464xlat case study (was reclassify 46… Mark Andrews
- Re: [v6ops] 464xlat case study (was reclassify 46… JORDI PALET MARTINEZ
- Re: [v6ops] 464xlat case study (was reclassify 46… Ole Troan
- Re: [v6ops] 464xlat case study (was reclassify 46… Mark Andrews
- Re: [v6ops] 464xlat case study (was reclassify 46… Mikael Abrahamsson
- Re: [v6ops] 464xlat case study (was reclassify 46… JORDI PALET MARTINEZ
- Re: [v6ops] 464xlat case study (was reclassify 46… Ole Troan
- Re: [v6ops] 464xlat case study (was reclassify 46… Mark Andrews
- Re: [v6ops] 464xlat case study (was reclassify 46… Mark Andrews
- Re: [v6ops] 464xlat case study (was reclassify 46… Erik Kline
- Re: [v6ops] 464xlat case study (was reclassify 46… Mikael Abrahamsson
- Re: [v6ops] 464xlat case study (was reclassify 46… Erik Kline
- Re: [v6ops] 464xlat case study (was reclassify 46… Rajiv Asati (rajiva)
- Re: [v6ops] 464xlat case study (was reclassify 46… Alexandre Petrescu
- Re: [v6ops] 464xlat case study (was reclassify 46… Mikael Abrahamsson
- Re: [v6ops] 464xlat case study (was reclassify 46… Alexandre Petrescu
- Re: [v6ops] 464xlat case study (was reclassify 46… Ca By
- Re: [v6ops] 464xlat case study (was reclassify 46… Heatley,N,Nick,TQB R
- Re: [v6ops] 464xlat case study (was reclassify 46… Mikael Abrahamsson
- Re: [v6ops] 464xlat case study (was reclassify 46… Gert Doering
- Re: [v6ops] 464xlat case study (was reclassify 46… Ca By
- Re: [v6ops] 464xlat case study (was reclassify 46… Alexandre Petrescu
- Re: [v6ops] DHCPv6-PD presence on OSs, and GTP qu… Alexandre Petrescu
- Re: [v6ops] 464xlat case study (was reclassify 46… Erik Kline
- Re: [v6ops] DHCPv6-PD presence on OSs, and GTP qu… Mikael Abrahamsson
- Re: [v6ops] GTP questions Alexandre Petrescu
- Re: [v6ops] GTP questions Ca By
- Re: [v6ops] GTP questions Rajiv Asati (rajiva)
- Re: [v6ops] GTP questions Alexandre Petrescu