I'm not going to try, at least in this email, to address each of your points. Here are a few comments, however.
On Mar 4, 2011, at 1:00 PM, Keith Moore wrote: >> I know you don't like DNS. I don't either; I think we need a directory-based >> solution. Until you or someone else proposes a DNS replacement, DNS is what >> we have. So for name translation to addresses, I think in terms of DNS. > > Saying "you don't like DNS" makes it sound like my personal preference. That wasn't my intention. My intention was to say that it's what we have on the table. Another solution would be equally acceptable to me. >> Now, not all systems need names. This is a digression, but an important one >> given the opening sentence of the next paragraph. On Cisco's network, my >> laptop has a name right now that is associated with its address - >> stealth-10-32-244-219.cisco.com. The derivation is obvious - they gave me a >> /29 for my office and statically built a name for the purposes of reverse >> DNS. Reverse DNS in an IPv6 world that contains laptops is an "interesting" >> proposition; I would suggest that the DNS server ping the host in question >> and respond in one of two ways depending on the reply; it can reply "no such >> address" if there is no reply, or respond with a name if there is. If it has >> a name in its database (www.example.com), it should reply with that; if not, >> it should generate some temporary name and respond with it. Not that anyone >> would ever use that name to access my laptop (if they're going to, they need >> a more permanent name), but it serves reverse DNS's purposes. > > It's true that not all systems need to be reachable by other hosts, but the > vast majority do under at least some circumstances. let me try again to tease apart the bits I was trying to tease apart. Consider my laptop or my telephone. Unless I happen to have Skype running, it is purely a client; I could offer services (a peer-to-peer service is a service; it's just that client and server are interchangeable and may be doing both jobs simultaneously on different sessions), but I don't. From that perspective, the only reason my laptop needs a name is because other applications use reverse DNS to determine what that name is. That doesn't mean that it doesn't need reachability. If I send a SYN from my laptop, I jolly well expect a SYN-ACK. Said message isn't coming if there is no reachability. > If you want to insist that "reaching" a system should always start with a DNS > lookup, this implies that (nearly) all systems do need DNS names. Actually, no. But any system I want to send a SYN to does, because otherwise I need some other way of determining its address. When we go that route - well, please read RFC 4192. That's what makes renumbering hard. > (DNS results should NEVER depend on whether a host is reachable by ping from > the DNS server, and a DNS server should NEVER respond with NXDOMAIN when the > domain normally exists but there don't happen to be any valid records > matching QTYPE. The proper response in the latter case is to return no > error, with zero records.) I'm not a DNS guru :-) > Still, I won't pretend that we can eradicate Split DNS. I just don't think > that the network architecture should depend on it. The fact that I gave you three options, one or maybe two of which were split DNS but one was DNS as it stands along with draft-wing-v6ops-happy-eyeballs-ipv6 (which we need anyway) should tell you that the solution is not dependent on split DNS. _______________________________________________ nat66 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nat66
