IETF Logo Mail Archive

Re: [v6ops] NAT64/DNS64 and DNSSEC

Philip Homburg <pch-v6ops-3@u-1.phicoh.com> Wed, 29 July 2015 15:22 UTC

Return-Path: <pch-bBB316E3E@u-1.phicoh.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 985CB1A884F for <v6ops@ietfa.amsl.com>; Wed, 29 Jul 2015 08:22:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4
X-Spam-Level:
X-Spam-Status: No, score=-4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, GB_I_LETTER=-2, J_CHICKENPOX_14=0.6, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A57VF8QWkWTg for <v6ops@ietfa.amsl.com>; Wed, 29 Jul 2015 08:22:24 -0700 (PDT)
Received: from stereo.hq.phicoh.net (stereo.hq.phicoh.net [130.37.15.35]) by ietfa.amsl.com (Postfix) with ESMTP id 30DF01A8AE5 for <v6ops@ietf.org>; Wed, 29 Jul 2015 08:04:17 -0700 (PDT)
Received: from stereo.hq.phicoh.net (localhost [::ffff:127.0.0.1]) by stereo.hq.phicoh.net with esmtp (Smail #91) id m1ZKSu0-0000DBC; Wed, 29 Jul 2015 17:04:16 +0200
Message-Id: <m1ZKSu0-0000DBC@stereo.hq.phicoh.net>
To: "v6ops@ietf.org" <v6ops@ietf.org>
From: Philip Homburg <pch-v6ops-3@u-1.phicoh.com>
Sender: pch-bBB316E3E@u-1.phicoh.com
References: <alpine.DEB.2.02.1507230910190.11810@uplift.swm.pp.se> <4797B33E-9851-427E-8710-84122AFD0FFA@cisco.com> <m1ZKMsw-0000CCC@stereo.hq.phicoh.net> <DAF1C040-9792-4846-B139-56EC94EC2076@nominum.com>
In-reply-to: Your message of "Wed, 29 Jul 2015 10:01:35 -0400 ." <DAF1C040-9792-4846-B139-56EC94EC2076@nominum.com>
Date: Wed, 29 Jul 2015 17:04:16 +0200
Archived-At: <http://mailarchive.ietf.org/arch/msg/v6ops/f-dT-6TyQut6Q1Y_byRnB6rLzo0>
Subject: Re: [v6ops] NAT64/DNS64 and DNSSEC
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jul 2015 15:22:27 -0000

In your letter dated Wed, 29 Jul 2015 10:01:35 -0400 you wrote:
>    I dont really know what all the hate is for NAT64.   It does a
>    great job of letting me run a v6only network whilst still
>    communicating with v4 services on the Internet.  Maybe its not
>    everybodys cup of tea, but its a pretty nice solution, and I
>    agree that making it work with DNSSEC ought to be a priority.

I guess it depends on your expectations. Right now, for me IPv4 is production
traffic. The moment has not yet come to treat IPv4 as something that may or
may not work.

But there are an endless number of gotchas in IPv4. And at the moment those
gotchas are neatly confined to the IPv4 specific processing.

When IPv4 gets incorporated into IPv6 like NAT64 does, then all IPv6 processing
suddenly also has to take those gotchas into account, without even knowing
whther the other end was IPv4 or IPv6.

In that sense 464XLAT is better because it again makes the IPv4/IPv6 split.

In any case, I can see why operators like NAT64 so it is better to make it
work.

v2.23.0 | Report a Bug | By Email