[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[DNSOP] Potential root impact of draft-wing-behave-learn-prefix-00
I came across the following in some IPv6-related draft and thought I'd
share it.
|3.1. Using DNS to Learn IPv6 Prefix and Length
|
| In order for an IPv6 host to determine if a NAT64 is present on its
| network, it sends a DNS query. Because a host doesn't always know
| its network's default domain name, the procedure described below
| provides a way for the host to learn it in order to authorize that
| network's address family translator:
|
| 1. Send a DNS AAAA query for "_aft_prefix", without a domain name.
| If this does not return an IPv6 address it means a address family
| translator is not present and processing MUST stop.
[...]
| 3. If validation of this information is not necessary, then:
|
| a. Send a DNS TXT query for "_aft_prefix", without the domain
| name, to learn the number of bits of the prefix.
|
[...]
| Discussion: without a domain name, it is unavoidable that root
| nameservers will see this query. Need to think about ways to
| reduce the effect of those queries (e.g., make them authoritative
| and return all 0's which will get cached).
So they are aware that this is broken. Let's hope that this type of
service discovery through a fraction DNS root doesn't make its way
into the final standard.
_______________________________________________
DNSOP mailing list
DNSOP at ietf.org
https://www.ietf.org/mailman/listinfo/dnsop