[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Unique local & DNS (was: AD Evaluation of draft-ietf-ipv6-unique-local-addr-03.txt+




> Thus spake "Christian Huitema" <huitema@windows.microsoft.com>
> > In her review of "draft-ietf-ipv6-unique-local-addr-03.txt", Margaret
> > raises an excellent point:
> >
> > > (1) This draft doesn't mention the reverse DNS tree.  Is it expected
> > >       that whatever registry assigns these values will also populate the
> > >       reverse DNS tree?  Or not?
> >
> > The registration process could conceivably populate the reverse DNS
> > tree, but that would only be a partial solution: the draft also defines
> > random prefixes that don't need to be registered. Also, there is no
> > requirement that the networks numbered with these unique local addresses
> > be accessible to DNS resolvers on the Internet.
> 
> At a minimum, being present in the global DNS should be at the option of the
> allocatee.  Until a viable solution is found for non-registered prefixes,
> this might be given as an advantage of using a registered prefix.

	Well non-registered addresses are not guarenteed to be
	unique.  We should be recommending that *every* recursive
	nameserver, not just where locals addresses are in use, be
	configured with a empty zone (SOA and NS only) for the /8.
	This will prevent the root and ip6.arpa servers having to
	deal with all the requests that would otherwise come to them.

	If a non-unique local addresses are in use it can have delegations
	in this zone.
 
> While I don't think it's particularly elegant, it might work to designate a
> "well known" anycast DNS server address within each local prefix.  This
> wouldn't require any registration in the global DNS for any type of local
> prefix.
> 
> > We may however want some kind of "theory of operation". When a network
> > is numbered using unique local addresses, hosts in that network will
> > want to resolve addresses to names. There are 2 possible solutions:
> >
> > 1) Add specific knowledge of this reverse tree to the DNS servers in the
> > unique-local-addressed site,
> 
> While this should be sufficient for isolated sites, this doesn't scale when
> multiple sites interconnect (privately) using local addresses.  Presence in
> the global DNS (if desired) or a well-known anycast removes the need for
> special local configuration.
> 
> > 2) Perform reverse name resolution by asking the host itself, sending
> > either a host information query or an LLMNR PTR request to the IPv6
> > address being resolved.
> 
> I don't know anything about LLMNR and so can't comment if this is workable.
> 
> S
> 
> Stephen Sprunk        "Stupid people surround themselves with smart
> CCIE #3723           people.  Smart people surround themselves with
> K5SSS         smart people who disagree with them."  --Aaron Sorkin
> 
> 
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews@isc.org

--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------