On Fri, 30 Jun 2006, JINMEI Tatuya / ¿ÀÌÀãºÈ wrote:
This time I'm also copying the ipv6 list. In fact, [EMAIL PROTECTED] would be more suitable place for discussions on this proposal, since it's an extension to ND.
...
Disclaimer: router-side support for this has been added (as it was contributed by others) to radvd which I maintain. However, I do not have a strong opinion on this topic one way or the other.
If this goes forward, as an implementor I'd like to get IANA codepoint assigned quickly so that experiments would interoperate (and implementors wouldn't need to steal the next unused value or wait for draft-fenner-iana-exp-2780-05.txt to get published).
[whether IPv6 ND was designed for applictions above layer-3]
So, + I'd first like to confirm whether my understanding about the 'design principle' is correct. If it's wrong, then I'm fine and this concern will be resolved. + if my understanding is correct, I'd like this document to discuss why this particular option is so special and needs to be defined despite the violation of the principle, and to add an explicit note that configuration information around this layer should not be provided via RA unless there is a very strong reason.
The IETF doesn't do a very good job of documenting (and gaining consensus on) its design principles, so for any opinions you might get on this, you would also have opposite opinions, and hence I'm not sure how useful pursuing this line of argument is.
I guess this underlines that to avoid fuss like this in the future, better documentation of design principles might avoid ratholes.
This flag SHOULD be set only if the routers or firewalls in the network allow DNS Query messages to be routed to the destination RDNSS without being filtered out, and the RDNSS is configured to perform recursive queries for all hosts regardless of their addresses.My understanding is that current operational trend is generally against such "open recursive servers" as documented in draft-ietf-dnsop-reflectors-are-evil-00.txt. So I'm skeptical about the usefulness of this flag. Standardizing such a practice may even be regarded as a conflict with the operational trend.I don't have a strong opinion by pointing it out, but I might consider removing this flag.
This is a good point and at the very least should be pointed out in the security considerations. However, the text as written does not preclude DNS server requiring other form of identification (e.g., TSIG) instead of addresses. In practice, I doubt such authentication would be used very often.
-- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
-------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
