IETF Logo Mail Archive

Re: [v6ops] draft-palet-v6ops-nat64-deployment-02 comments

Fred Baker <fredbaker.ietf@gmail.com> Mon, 02 July 2018 20:40 UTC

Return-Path: <fredbaker.ietf@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB3CC1310FB for <v6ops@ietfa.amsl.com>; Mon, 2 Jul 2018 13:40:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yxstNfAka0Hn for <v6ops@ietfa.amsl.com>; Mon, 2 Jul 2018 13:40:50 -0700 (PDT)
Received: from mail-oi0-x235.google.com (mail-oi0-x235.google.com [IPv6:2607:f8b0:4003:c06::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF22C130E21 for <v6ops@ietf.org>; Mon, 2 Jul 2018 13:40:49 -0700 (PDT)
Received: by mail-oi0-x235.google.com with SMTP id c6-v6so18918936oiy.0 for <v6ops@ietf.org>; Mon, 02 Jul 2018 13:40:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=ZbR+y9hys/QMl5rCoSuCtHRUiwtJ/hMt8J4cXEPDRoY=; b=E/v/BEaK0Cuwm02lA1ejSyk+15aAs8uGbFxMRXhsZv+d9kSG11UydW7Ru8fTHoqB8z UXtqOlyBkYLcZLSJphxU1QCwuynKbf4YCbn/tvB4NPW3QWbEFr3BKTL5rAxMn/JLzgUG IouYortdQ5sDXUV39n8x2rZVhDgw9Yv6jXic8dktL65sTs3xTHO/IMnPHhZCDq9aVRfl Ge+kzRIm/9u7KOutqLK+QSgSbyFBamUBIlDQ2lPJ4G2emOaK5V386yfz3eDOefEYt4ER r3nT6tZuXB/MKClc6ZeiH56prx7MuYSWPyGpM351uwa0fVZTzbbEIxeJNTTKR1RheZOE Wz+w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=ZbR+y9hys/QMl5rCoSuCtHRUiwtJ/hMt8J4cXEPDRoY=; b=MQdYHWSOZBz7Y0oa0oPRy+rB02nG454jU4ktF3+tjofjzYOe235zgWchFWKMm18Ui2 99Q6NJ8TqsJHQrX6QUQRPjmP9pqeW8H2zn4D0Yf6A+mVdfqh9M1w9LF480TqZEiJhyLH kxg/2mkbM8LKG00q0Dw1ZQ4QKG4h4HI27yXi0NR3FEWRY/fq0dtwUMj7iD4c9tF4B2lb BOQ1kG5BM4OxHtqgknfFG8/42xt+am35M9BPMvHibXys1B8CjCao02b0eAu20hvF5l/F dk5yKWD74F9LN5aWdyusIwm2Ks41ylf2j54cofHW/kciqefiPXguaE6cTBE3TezYL5Q9 v/eg==
X-Gm-Message-State: APt69E3gULqbj93Ih/myerXnlQ30vxdaC4c1kdEZn87gmeiEbLAQSc+P t2aRbm8OIqLMGc4piljck4KPJSal
X-Google-Smtp-Source: AAOMgpe3/3HgsSIlKOHafkJ5KNZzGul8sy5OeB6Iv+sI91g643WV69UmtyqvreanoyP9Pm5/+V2iYw==
X-Received: by 2002:aca:68a2:: with SMTP id o34-v6mr16786835oik.267.1530564049310; Mon, 02 Jul 2018 13:40:49 -0700 (PDT)
Received: from ?IPv6:2600:8802:5600:1546::101b? ([2600:8802:5600:1546::101b]) by smtp.gmail.com with ESMTPSA id o38-v6sm7053707oto.26.2018.07.02.13.40.48 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 02 Jul 2018 13:40:48 -0700 (PDT)
From: Fred Baker <fredbaker.ietf@gmail.com>
Message-Id: <5E7186D6-20BF-4153-A1AE-D25A256F92DA@gmail.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_0B2CF41A-EE07-4747-B6BC-24CD9B6C9AF3"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Date: Mon, 02 Jul 2018 13:40:46 -0700
In-Reply-To: <6195FD70-2934-46D0-8D39-D7FF15844CF7@consulintel.es>
Cc: "v6ops@ietf.org list" <v6ops@ietf.org>
To: JORDI PALET MARTINEZ <jordi.palet@consulintel.es>
References: <663F489C-7F63-4B0C-A5E6-F7EE4634E62B@gmail.com> <60335039-287e-4fb3-870b-2c4fe9b5445d@otenet.gr> <2D196DD1-FF0F-4365-8F50-5AD98DCBA989@gmail.com> <787AE7BB302AE849A7480A190F8B93302DF4F296@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <1F8254E0-D425-486A-B744-EDA836266D99@consulintel.es> <0DEE4384-5CEE-4F9D-8152-4C10B5AEA365@gmail.com> <6195FD70-2934-46D0-8D39-D7FF15844CF7@consulintel.es>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/IbxZJgvgzMi2aJwOJ1CDmLZk5_g>
Subject: Re: [v6ops] draft-palet-v6ops-nat64-deployment-02 comments
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Jul 2018 20:40:52 -0000


> On Jul 2, 2018, at 1:17 PM, JORDI PALET MARTINEZ <jordi.palet@consulintel.es> wrote:
> 
> DNSSEC is *only* broken if the dual-stack host is doing DNSSEC validation over the synthetized AAAA.

So you're worried about DNSSEC validation working through NAT64 in the case that the host is using the DNS service in the IPv4 network through the NAT64 device.

That doesn't have anything to do with DNS64; an a 464XLAT network, if we believe RFC 6877, the issue you raise happens in the absence of DNS64.

v2.23.0 | Report a Bug | By Email