IETF Logo Mail Archive

Re: [v6ops] NAT64/DNS64 and DNSSEC

Philip Homburg <v6ops@ietf.org> Wed, 29 July 2015 14:35 UTC

Return-Path: <pch-bBB316E3E@u-1.phicoh.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 125411A87A1 for <v6ops@ietfa.amsl.com>; Wed, 29 Jul 2015 07:35:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4
X-Spam-Level:
X-Spam-Status: No, score=-4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, GB_I_LETTER=-2, J_CHICKENPOX_14=0.6, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t4iiHXnu_Cwc for <v6ops@ietfa.amsl.com>; Wed, 29 Jul 2015 07:35:54 -0700 (PDT)
Received: from stereo.hq.phicoh.net (stereo.hq.phicoh.net [130.37.15.35]) by ietfa.amsl.com (Postfix) with ESMTP id C9DE61A87A7 for <v6ops@ietf.org>; Wed, 29 Jul 2015 07:35:45 -0700 (PDT)
Received: from stereo.hq.phicoh.net (localhost [::ffff:127.0.0.1]) by stereo.hq.phicoh.net with esmtp (Smail #91) id m1ZKSSO-0000DCC; Wed, 29 Jul 2015 16:35:44 +0200
Message-Id: <m1ZKSSO-0000DCC@stereo.hq.phicoh.net>
To: "v6ops@ietf.org" <v6ops@ietf.org>
From: Philip Homburg <v6ops@ietf.org>
Sender: pch-bBB316E3E@u-1.phicoh.com
References: <alpine.DEB.2.02.1507230910190.11810@uplift.swm.pp.se> <4797B33E-9851-427E-8710-84122AFD0FFA@cisco.com> <m1ZKMsw-0000CCC@stereo.hq.phicoh.net> <DAF1C040-9792-4846-B139-56EC94EC2076@nominum.com>
In-reply-to: Your message of "Wed, 29 Jul 2015 10:01:35 -0400 ." <DAF1C040-9792-4846-B139-56EC94EC2076@nominum.com>
Date: Wed, 29 Jul 2015 16:35:44 +0200
Archived-At: <http://mailarchive.ietf.org/arch/msg/v6ops/V_clvtFse7y-Dd6HUCUbWmBdTzU>
X-Mailman-Approved-At: Thu, 30 Jul 2015 08:05:42 -0700
Subject: Re: [v6ops] NAT64/DNS64 and DNSSEC
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jul 2015 14:35:56 -0000

In your letter dated Wed, 29 Jul 2015 10:01:35 -0400 you wrote:
>    I dont really know what all the hate is for NAT64.   It does a
>    great job of letting me run a v6only network whilst still
>    communicating with v4 services on the Internet.  Maybe its not
>    everybodys cup of tea, but its a pretty nice solution, and I
>    agree that making it work with DNSSEC ought to be a priority.

I guess it depends on your expectations. Right now, for me IPv4 is production
traffic. The moment has not yet come to treat IPv4 as something that may or
may not work.

But there are an endless number of gotchas in IPv4. And at the moment those
gotchas are neatly confined to the IPv4 specific processing.

When IPv4 gets incorporated into IPv6 like NAT64 does, then all IPv6 processing
suddenly also has to take tose gotchas into account, without even knowing
whther the other end was IPv4 or IPv6.

In that sense 464XLAT is better because it again makes the IPv4/IPv6 split.

In any case, I can see why operators like NAT64 so it is better to make it
work.

v2.23.0 | Report a Bug | By Email