[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IESG review comments on ULA draft




> Mark Andrews wrote:
> >>Dan Lanciani wrote:
> >>
> >>>Brian E Carpenter <brc@zurich.ibm.com> wrote:
> >>>
> >>>|But I agree with the conclusion, since I don't think
> >>>|either kind of ULA has any business in the global DNS.
> >>>
> >>>Are you including the forward DNS in that statement?  I would be opposed
> >>>to dicouraging such use since it would imply the need for split DNS.  As
> >>>I've mentioned in the past, I have nothing against split DNS per se, but
> >>>I certainly would not want to _require_ it and I do not wish to use it
> >>>myself.
> >>
> >>Well, people who want to use ULAs as obscurity addresses will not put them
> >>in public DNS, either forward or reverse. And if they do appear as AAAA
> >>records in public DNS, they will be unrouteable. It seems like a bad idea
> >>to have unrouteable addresses published, since they will complicate
> >>address selection for no benefit. So while not wanting to require split
> >>DNS, I think we have to expect a lot of it (as there is a great deal
> >>of it today).
> >>
> >>     Brian
> > 
> > 
> > 	No. The addresses are not routable *everywhere*.  Being unique
> > 	they are no worse than any other address that is partially
> > 	filtered.  Connections will either succeed or fail.
> 
> Academically, that's true. Pragmatically, they are unrouteable
> outside the corporate firewall in almost all cases. So including
> them in address selection is a Bad Thing operationally, because it
> will lead to failed connection attempts and retries on an alternative
> address. Which is why I expect most enterprises will not export
> them into global DNS.

	Which in general will be solved by sorting non local ULA
	to the end, filtering out non-local ULA etc.  The thing is
	the addresses have to be there to do these things.

	I can even imagine systems that have return a specific
	error code when there is no specific route for a ULA.

	Mark
 
>     Brian
> 
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews@isc.org

--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------