Thanks, Luc, for your important comments. I'll think over your comments. ----- Original Message ----- From: "BELOEIL Luc FTRD/DMI/CAE" <[EMAIL PROTECTED]> To: "Jaehoon Jeong" <[EMAIL PROTECTED]> Cc: "DNSOP WG" <[EMAIL PROTECTED]> Sent: Tuesday, June 24, 2003 5:12 PM Subject: Comments on draft-jeong-***-dns-***.txt
> > Hi all, > > Those drafts are really interesting, and I have also several comments. > > 1- Concerning > http://www.paul.6ants.net/data/draft-jeong-hmipv6-dns-optimization-01.txt > - RDNSS Failure detection, I do think that is necessary but I do not think that is a > job for a MAP. IMHO, it should be simpler to have several "recursive DNS resolvers". > If one fails the client will try the next resolver in its list. > RDNSS failure detection refered to the detection of MAP failure in HMIPv6. Luc and Scott suggested that the detection in MAP is not helpful. I'll consider how to modify the part of RDNSS failure detection. > > 2- Concerning > http://www.ietf.org/internet-drafts/draft-jeong-ipv6-ra-dns-autoconf-00.txt > > - I would prefer not to send "DNS option message" in all RA so as to minimize > exchanged information. Yes, I agree. > - If a DNS server accepts Dynamic DNS update, I would prefer that it does not > performs recursive resolution at the same time. IMHO those are different functions > that must be separated. I would prefer an option for advertising "Dynamic DNS update > capable DNS server" and another one for "recursive DNS resolvers". In order to allow the DNS updates only to trusted nodes, I think, there is some mechanism to identify the nodes. It is very difficult to apply the identification mechanism to DNS update operation. > - It's a good idea to advertise DNS zone suffix. Should'nt it be better to advertise > that in a seperate option or more likely in a sub-option ? Yes, your suggestion is appropriate. > - Dynamic DNS update seems not to be an autoconfiguration mechanism as someone need > to configure "user identifier". Did I miss sthg ? I intended to include the automatic registration of host DNS name into the DNS autoconfiguration. > - I would not like to run a DNS server that accepts Dynamic DNS update from > untrusted nodes, even if that could help autoconfiguration... We need a secure > mechanism but that is really not simple. Yes, I agree, that is difficult. I am trying to find out some ways. I need DNSOP fellows' help. > - in section 7, I do not understand clearly your point "Like this, DNS server MAY > discard some or all DNS messages when being filled with the messages. " To my mind, > if DNS server acts like this, it may not answers to some requests, thus that is a > DoS attack !? > What do you think about, in order to cope with the DoS attack, it is to apply the discard only to DNS update messages? Thanks. /Jaehoon > I hope that could help, > > Luc > > #---------------------------------------------------------------------- > # To unsubscribe, send a message to <[EMAIL PROTECTED]>. > #---------------------------------------------------------------------- # To unsubscribe, send a message to <[EMAIL PROTECTED]>.
