IETF Logo Mail Archive

Re: [v6ops] Supporting IPv6-only Networks with NAT64 and DNS64 section of draft-ietf-v6ops-rfc6555bis-01

"stephan.lagerholm@yahoo.com" <stephan.lagerholm@yahoo.com> Thu, 29 June 2017 03:01 UTC

Return-Path: <stephan.lagerholm@yahoo.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 77C6F126C22 for <v6ops@ietfa.amsl.com>; Wed, 28 Jun 2017 20:01:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.967
X-Spam-Level:
X-Spam-Status: No, score=0.967 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FORGED_MUA_MOZILLA=2.309, FREEMAIL_FROM=0.001, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, REPTO_QUOTE_YAHOO=0.646, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yahoo.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6bG7w-zRlRv2 for <v6ops@ietfa.amsl.com>; Wed, 28 Jun 2017 20:01:45 -0700 (PDT)
Received: from sonic329-22.consmr.mail.ne1.yahoo.com (sonic329-22.consmr.mail.ne1.yahoo.com [66.163.185.84]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EEFF61201F8 for <v6ops@ietf.org>; Wed, 28 Jun 2017 20:01:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1498705304; bh=3o3/kAnCFwdXwjz3vJ80ZTBQQ84plUTc+R5Q2msQPG8=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:From:Subject; b=gDyfgTN/ARAmRd/U/iMnh5+oZpMudC1WfNJ8qnks8BX6equOSw6uy3moNm8BWTPVGFbL3d+d7WyNnnutIFC1Aap15A9Wc6IjsFdWiM3PI/Yxn7lqP4KRoiPiDwpvr1FTFYbiC71WO0/yVrBecuAbO4Ncr3qaBgTTaaz+O14VMKHbLRHaS6Wa94JzOGHn0jA6IiCPsz8CJTWUY+AFcuWC0Wyy6bklYucJ/Qnc0NGLAcpCDmFtNUiTZIB+6SdroGF64jxuz4gD5nJvRzDEbPxL1n9ay5rRC7pU/ZiGZhOE7ybZT0SgwxjC1rJpkJAqHou+V5/XigtLYae/2SRq1+QkeA==
X-YMail-OSG: M9W1HBkVRDvvlYSmNWx2Q4K0YzqLUIFgyy7.9CftWHhRBHm37328C_gr
Received: from sonic.gate.mail.ne1.yahoo.com by sonic329.consmr.mail.ne1.yahoo.com with HTTP; Thu, 29 Jun 2017 03:01:44 +0000
Date: Thu, 29 Jun 2017 03:01:42 +0000
From: "stephan.lagerholm@yahoo.com" <stephan.lagerholm@yahoo.com>
Reply-To: "stephan.lagerholm@yahoo.com" <stephan.lagerholm@yahoo.com>
To: Mark Andrews <marka@isc.org>
Cc: IPv6 Ops WG <v6ops@ietf.org>, "dschinazi@apple.com" <dschinazi@apple.com>
Message-ID: <280023835.899017.1498705302254@mail.yahoo.com>
In-Reply-To: <20170628220025.4FA447CB2073@rock.dv.isc.org>
References: <149670589074.3841.10812713591494006570@ietfa.amsl.com> <C22244D7-ABF6-430B-8155-8D4C1C1382DF@apple.com> <FA0D06E7-47F9-4029-81D4-2D96BFDD5576@consulintel.es> <65F3C8F4-6533-4C15-83F9-64AFC0EFFA79@apple.com> <4AC6726C-142E-48E5-95CF-2C3AD3331441@consulintel.es> <738488839.469942.1498664001646@mail.yahoo.com> <20170628220025.4FA447CB2073@rock.dv.isc.org>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_899016_135527973.1498705302249"
X-Mailer: WebService/1.1.9978 YahooMailNeo Mozilla/5.0 (Windows NT 10.0; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/gruvmKWxn9F2pKO21Yo_8wg59rs>
Subject: Re: [v6ops] Supporting IPv6-only Networks with NAT64 and DNS64 section of draft-ietf-v6ops-rfc6555bis-01
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Jun 2017 03:01:46 -0000

Hi Mark,
>From: Mark Andrews <marka@isc.org>>> In message <738488839.469942.1498664001646@mail.yahoo.com>, "stephan.lagerholm@yahoo.com" writes:
>> Hi David,
>> Thanks for adding the Supporting IPv6-only Networks with NAT64 and DNS64
>> section, I find it useful. However I don't think the below sentence from
>> this section is accurate. I can't think of any changes that are needed on
>> a client device to run NAT64/DNS64. 
>
>Well you obviously don't have any devices doing DNSSEC validation.
>DNS64 breaks DNSSEC as it changes the DNS responses from NOERROR
>NODATA to NOERROR DATA by synthesizing a AAAA RRset.  This from the
>client's perspective is not different than forging a fake AAAA RRset
>that is trying to hijack the traffic stream.

This case and the remedy is already covered in RFC 6147 section 3. I don't think it makes sense to bring it up in this draft. 

/S


|  | Virus-free. www.avg.com  |

v2.23.0 | Report a Bug | By Email