Re: [v6ops] comment on draft-liu-v6ops-ula-usage-analysis
Arturo Servin <arturo.servin@gmail.com> Tue, 05 November 2013 18:48 UTC
Return-Path: <arturo.servin@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C9C6D21F9FA7 for <v6ops@ietfa.amsl.com>; Tue, 5 Nov 2013 10:48:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.179
X-Spam-Level:
X-Spam-Status: No, score=-2.179 tagged_above=-999 required=5 tests=[AWL=-0.180, BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_13=0.6, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cO1Wyt7HM8PG for <v6ops@ietfa.amsl.com>; Tue, 5 Nov 2013 10:47:59 -0800 (PST)
Received: from mail-we0-x235.google.com (mail-we0-x235.google.com [IPv6:2a00:1450:400c:c03::235]) by ietfa.amsl.com (Postfix) with ESMTP id 4E8C511E81D2 for <v6ops@ietf.org>; Tue, 5 Nov 2013 10:47:16 -0800 (PST)
Received: by mail-we0-f181.google.com with SMTP id t60so3938406wes.12 for <v6ops@ietf.org>; Tue, 05 Nov 2013 10:47:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=4cv0xY6BlXugT4DQxSocLfH87BIeNcGjmVKAdv4GMVs=; b=xpc0qc9gVu4w78r8H/k1UNp+eU2/lJcZug2bPhuDudG8ue7Flr59lrPQ5TfSJzIBZc ywEhl1KPlvo5tCdu70GzBFP+074nHp73VIsSpEhB07FxgAqePA699yufMnCe5p3YdKMZ 3s2b9nEidDbY+qfy9EaQsC6xNozbV1K3wnu+8YwJkWCWsn6OOkcmDEW9ElN6I40G4xPg 9g+fwKGTAKteJkTzFxX7cldW6MreUEFZ0nbjTCAzkf/lyz1BaP6DJi+JzHjYDAH3XnxQ wDD0qJQSNQkSniySLsld98NqAXUQILbjJPCOBnS7UtTlidj3xquIm1vuczlvhiqQsdM1 +5Xw==
X-Received: by 10.194.8.137 with SMTP id r9mr188120wja.78.1383677233701; Tue, 05 Nov 2013 10:47:13 -0800 (PST)
MIME-Version: 1.0
Received: by 10.194.42.4 with HTTP; Tue, 5 Nov 2013 10:46:52 -0800 (PST)
In-Reply-To: <52793827.2040708@gmail.com>
References: <CAFU7BAR3C8FwU49CsWua20Tmz24Jzd6UVuN=Aoea8Z03drvELQ@mail.gmail.com> <CALo9H1b1EFtjExsy89gLtPmWPoYc1DqmigfLrybPdxm0OsKKdw@mail.gmail.com> <52793827.2040708@gmail.com>
From: Arturo Servin <arturo.servin@gmail.com>
Date: Tue, 05 Nov 2013 16:46:52 -0200
Message-ID: <CALo9H1ZkZV0WdkEgaqm71vAerBUXg_UYHUXJbz+HR99c8zZ5VQ@mail.gmail.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Content-Type: multipart/alternative; boundary="047d7b5d2532ffa90d04ea72756c"
Cc: "v6ops@ietf.org" <v6ops@ietf.org>
Subject: Re: [v6ops] comment on draft-liu-v6ops-ula-usage-analysis
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Nov 2013 18:48:02 -0000
Then we need more text because that is not clear enough. Also, talking about DNS, another advise would be to to have reverse delegations on internal DNS to avoid leaking queries. .as On Tue, Nov 5, 2013 at 4:25 PM, Brian E Carpenter < brian.e.carpenter@gmail.com> wrote: > On 06/11/2013 07:16, Arturo Servin wrote: > > Blocking according to DNS content would be something like Deep Packet > > Inspection, isn't it? > > > > Do we want to go there? > > No, but that's not what he means. He means split DNS, where > the internal DNS server includes records that are not present > in the external DNS server. That, like it or not, is standard > practice today in many enterprise networks. > > Brian > > > > > /as > > > > > > On Tue, Nov 5, 2013 at 3:50 PM, Jen Linkova <furry13@gmail.com> wrote: > > > >> Section 4.2. says that > >> " > >> > >> So when using ULAs in a network, the administrators should clearly > >> set the scope of the ULAs and configure ACLs on relevant border > >> routers to block them out of the scope. And if internal DNS are > >> enabled, the administrators might also need to use internal-only DNS > >> names for ULAs. > >> " > >> I believe it should that that the administrator MUST configure egress > >> ACLs on borders routers and MUST ensure that their DNS servers do not > >> include ULAs in any responses to external clients. > >> > >> > >> > >> > >> -- > >> SY, Jen Linkova aka Furry > >> _______________________________________________ > >> v6ops mailing list > >> v6ops@ietf.org > >> https://www.ietf.org/mailman/listinfo/v6ops > >> > > > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > v6ops mailing list > > v6ops@ietf.org > > https://www.ietf.org/mailman/listinfo/v6ops >
- [v6ops] comment on draft-liu-v6ops-ula-usage-anal… Jen Linkova
- Re: [v6ops] comment on draft-liu-v6ops-ula-usage-… Arturo Servin
- Re: [v6ops] comment on draft-liu-v6ops-ula-usage-… Brian E Carpenter
- Re: [v6ops] comment on draft-liu-v6ops-ula-usage-… Liubing (Leo)
- Re: [v6ops] comment on draft-liu-v6ops-ula-usage-… Arturo Servin
- Re: [v6ops] comment on draft-liu-v6ops-ula-usage-… Jen Linkova
- Re: [v6ops] comment on draft-liu-v6ops-ula-usage-… Liubing (Leo)
- Re: [v6ops] comment on draft-liu-v6ops-ula-usage-… George Michaelson
- Re: [v6ops] comment on draft-liu-v6ops-ula-usage-… Mark Andrews
- Re: [v6ops] comment on draft-liu-v6ops-ula-usage-… Jen Linkova
- Re: [v6ops] comment on draft-liu-v6ops-ula-usage-… Jen Linkova
- Re: [v6ops] comment on draft-liu-v6ops-ula-usage-… joel jaeggli
- Re: [v6ops] comment on draft-liu-v6ops-ula-usage-… Fred Baker (fred)
- Re: [v6ops] comment on draft-liu-v6ops-ula-usage-… Liubing (Leo)
- Re: [v6ops] comment on draft-liu-v6ops-ula-usage-… Fred Baker (fred)
- Re: [v6ops] comment on draft-liu-v6ops-ula-usage-… Liubing (Leo)