Re: [v6ops] New Version Notification for draft-bp-v6ops-ipv6-ready-dns-dnssec-00.txt
JORDI PALET MARTINEZ <jordi.palet@consulintel.es> Wed, 17 October 2018 19:13 UTC
Return-Path: <prvs=18284dc964=jordi.palet@consulintel.es>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3DE38130DC7 for <v6ops@ietfa.amsl.com>; Wed, 17 Oct 2018 12:13:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=consulintel.es
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NqGkgj-48Oss for <v6ops@ietfa.amsl.com>; Wed, 17 Oct 2018 12:13:24 -0700 (PDT)
Received: from mail.consulintel.es (mail.consulintel.es [IPv6:2001:470:1f09:495::5]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6104F1286E3 for <v6ops@ietf.org>; Wed, 17 Oct 2018 12:13:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=consulintel.es; s=MDaemon; t=1539803601; x=1540408401; i=jordi.palet@consulintel.es; q=dns/txt; h=User-Agent:Date: Subject:From:To:CC:Message-ID:Thread-Topic:References: In-Reply-To:Mime-version:Content-type:Content-transfer-encoding; bh=7jINHdgWVTtNMKjOxwYPtKfiHmST6olc8ywMlgcs5dM=; b=ble4rkjNoi3Tv km1NF4ocAZhnxSz5ioWqo1qAuZG/W7fYRaH28bcJ1nmUAPK0KnQLY0q9hI5uryTL d4KCR4pUHDphTvD8I7+P4vlcgt2rLCqIwCD58qOdD3xKN+lWtWbHjruE9PsW0++6 gVhwiI2tqzaGbDhkuk2/AFjVr8abc8=
X-MDAV-Result: clean
X-MDAV-Processed: mail.consulintel.es, Wed, 17 Oct 2018 21:13:21 +0200
X-Spam-Processed: mail.consulintel.es, Wed, 17 Oct 2018 21:13:20 +0200
Received: from [10.239.106.110] by mail.consulintel.es (MDaemon PRO v16.5.2) with ESMTPA id md50005913011.msg for <v6ops@ietf.org>; Wed, 17 Oct 2018 21:13:19 +0200
X-MDRemoteIP: 10.8.10.10
X-MDHelo: [10.239.106.110]
X-MDArrival-Date: Wed, 17 Oct 2018 21:13:19 +0200
X-Authenticated-Sender: jordi.palet@consulintel.es
X-Return-Path: prvs=18284dc964=jordi.palet@consulintel.es
X-Envelope-From: jordi.palet@consulintel.es
X-MDaemon-Deliver-To: v6ops@ietf.org
User-Agent: Microsoft-MacOutlook/10.10.2.180910
Date: Wed, 17 Oct 2018 21:13:14 +0200
From: JORDI PALET MARTINEZ <jordi.palet@consulintel.es>
To: Jen Linkova <furry13@gmail.com>
CC: V6 Ops List <v6ops@ietf.org>
Message-ID: <D3A0662A-C2F3-47B7-A28D-28CE64618DE9@consulintel.es>
Thread-Topic: [v6ops] New Version Notification for draft-bp-v6ops-ipv6-ready-dns-dnssec-00.txt
References: <153919621638.5900.18199747860735930931.idtracker@ietfa.amsl.com> <28C84190-026A-418D-B8E0-147B9F852018@consulintel.es> <CAFU7BATrs0nqEtzViT=3-2NV3YW-9ChUO9dunCLKQp8fM+zdDQ@mail.gmail.com>
In-Reply-To: <CAFU7BATrs0nqEtzViT=3-2NV3YW-9ChUO9dunCLKQp8fM+zdDQ@mail.gmail.com>
Mime-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/NzqgWvAXsqlWHEr1y-DKQT0-wTw>
Subject: Re: [v6ops] New Version Notification for draft-bp-v6ops-ipv6-ready-dns-dnssec-00.txt
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Oct 2018 19:13:27 -0000
Hi Jen, Responding below, in-line. Regards, Jordi -----Mensaje original----- De: v6ops <v6ops-bounces@ietf.org> en nombre de Jen Linkova <furry13@gmail.com> Fecha: miércoles, 17 de octubre de 2018, 11:47 Para: <jordi.palet=40consulintel.es@dmarc.ietf.org> CC: V6 Ops List <v6ops@ietf.org> Asunto: Re: [v6ops] New Version Notification for draft-bp-v6ops-ipv6-ready-dns-dnssec-00.txt On Thu, Oct 11, 2018 at 5:33 AM JORDI PALET MARTINEZ <jordi.palet=40consulintel.es@dmarc.ietf.org> wrote: > We have worked in an integrated version of two documents: > > draft-v6ops-byrne-dnssecaaaa > draft-palet-sunset4-ipv6-ready-dns-00 > > The new document is now: > > https://datatracker.ietf.org/doc/draft-bp-v6ops-ipv6-ready-dns-dnssec/?include_text=1 The new document starts with: "This document defines the timing for implementing a worldwide IPv6-Ready DNS and DNSSEC infrastructure, in order to facilitate the global IPv6-only deployment." So you are suggesting that DNS operators have to do some work (in quite short timeframe) to facilitate something they might not even care about...Not sure it would work. They should care about providing a good service, right? A good service today is not just IPv4-only. Then there is a section 7 (Implementation Timeline) which look a bit unrealistic. (I have to confess I wish we had a magic wand to make it happen...). If I let my imagination run wild...let's say a miracle has happened and steps 1-3 are done. Obviously *just* adding AAAA RR for A-only names has nothing to do with enabling IPv6 for a service. Clearly, we need to rephrase it. We meant not just the RR part, but of course, having the IPv6 connectivity. The service needs to have IPv6 connectivity (which might not even be available in the specific location) it needs to be tested etc. Adding IPv6 free tunnels are available, in case, I doubt, you can't setup a tunnel to your upstream provider or alternatively to any of their upstreams. I've been there, several times, in the most strange and remote locations. AAAA w/o doing all of that would just negatively impact user experience. What would happen if a imaginary website cutekittens.example.net which hosts popular videos of kittens (and koals) suddenly gets AAAA RR in DNS w/o IPv6 being properly enabled for it? Or even worse, the webservice would respond to TCP handshake but would not be able to server users over IPv6? Well, I'm sure 99.9% of level1 techsupport engineers would tell the unhappy customers "disable IPv6 on your device and it would solve your issue". I'm not sure it's want we want. Also, how exactly are you suggesting to enforce the step 4? Last but not least: "If there is a failure at the deadline in complying with those requirements, the relevant NS, MUST be temporarily suspended until there is a subsequent successful verification." So an NS for cutekittens.example.net got suspended (whatever it means). So the server would become unreachable? How could it be fixed/get IPv6 enabled? We are calling ICANN to take actions and enforce them to the registrars. ICANN has something already in TLD contracts. Is time to enforce it. "MUST" in RFCs are (usually) for a reason. If you do not follow MUST smth bad would happen. This draft has a lot of MUST which (IMHO) could not be enforced. I think trying is much better than just complaining and not doing something. Clearly IETF liaison with ICANN need to take actions here. Believe it or not, there are still many DNS "operators" that have no idea about IPv6, and a call for action should enforce them to do something. To sum up, I found draft-v6ops-byrne-dnssecaaaa be more useful and realistic. It explains why if you want to use DNSSEC for your zone, you should consider enable IPv6. > -----Mensaje original----- > De: <internet-drafts@ietf.org> > Fecha: miércoles, 10 de octubre de 2018, 20:30 > Para: Jordi Palet <jordi.palet@theipv6company.com>, Jordi Palet Martinez <jordi.palet@theipv6company.com>, Cameron Byrne <cameron.byrne@t-mobile.com>, Cameron Byrne <Cameron.Byrne@T-Mobile.com> > Asunto: New Version Notification for draft-bp-v6ops-ipv6-ready-dns-dnssec-00.txt > > > A new version of I-D, draft-bp-v6ops-ipv6-ready-dns-dnssec-00.txt > has been successfully submitted by Jordi Palet Martinez and posted to the > IETF repository. > > Name: draft-bp-v6ops-ipv6-ready-dns-dnssec > Revision: 00 > Title: IPv6-Ready DNS/DNSSSEC Infrastructure > Document date: 2018-10-10 > Group: Individual Submission > Pages: 6 > URL: https://www.ietf.org/internet-drafts/draft-bp-v6ops-ipv6-ready-dns-dnssec-00.txt > Status: https://datatracker.ietf.org/doc/draft-bp-v6ops-ipv6-ready-dns-dnssec/ > Htmlized: https://tools.ietf.org/html/draft-bp-v6ops-ipv6-ready-dns-dnssec-00 > Htmlized: https://datatracker.ietf.org/doc/html/draft-bp-v6ops-ipv6-ready-dns-dnssec > > > Abstract: > This document defines the timing for implementing a worldwide > IPv6-Ready DNS and DNSSEC infrastructure, in order to facilitate the > global IPv6-only deployment. > > A key issue for this, is the need for a global support of DNSSEC and > DNS64, which in some scenarios do not work well together. This > document states that any DNSSEC signed resources records should > include a native IPv6 resource record as the most complete and > expedient path to solve any deployment conflict with DNS64 and DNSSEC > > > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > > > > > > ********************************************** > IPv4 is over > Are you ready for the new Internet ? > http://www.consulintel.es > The IPv6 Company > > This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it. > > > > _______________________________________________ > v6ops mailing list > v6ops@ietf.org > https://www.ietf.org/mailman/listinfo/v6ops -- SY, Jen Linkova aka Furry _______________________________________________ v6ops mailing list v6ops@ietf.org https://www.ietf.org/mailman/listinfo/v6ops ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.consulintel.es The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
- Re: [v6ops] New Version Notification for draft-bp… JORDI PALET MARTINEZ
- Re: [v6ops] New Version Notification for draft-bp… Lencse Gábor
- Re: [v6ops] New Version Notification for draft-bp… JORDI PALET MARTINEZ
- Re: [v6ops] New Version Notification for draft-bp… Jen Linkova
- Re: [v6ops] New Version Notification for draft-bp… JORDI PALET MARTINEZ
- Re: [v6ops] New Version Notification for draft-bp… Jen Linkova