On Thu, Nov 20, 2008 at 12:14:45PM +0100, Florian Weimer wrote:
> I came across the following in some IPv6-related draft and thought I'd
> share it.
>
> |3.1. Using DNS to Learn IPv6 Prefix and Length
> |
> | In order for an IPv6 host to determine if a NAT64 is present on its
> | network, it sends a DNS query. Because a host doesn't always know
> | its network's default domain name, the procedure described below
> | provides a way for the host to learn it in order to authorize that
> | network's address family translator:
> |
> | 1. Send a DNS AAAA query for "_aft_prefix", without a domain name.
> | If this does not return an IPv6 address it means a address family
> | translator is not present and processing MUST stop.
>
> [...]
>
> | 3. If validation of this information is not necessary, then:
> |
> | a. Send a DNS TXT query for "_aft_prefix", without the domain
> | name, to learn the number of bits of the prefix.
> |
>
> [...]
>
> | Discussion: without a domain name, it is unavoidable that root
> | nameservers will see this query. Need to think about ways to
> | reduce the effect of those queries (e.g., make them authoritative
> | and return all 0's which will get cached).
>
> So they are aware that this is broken. Let's hope that this type of
> service discovery through a fraction DNS root doesn't make its way
> into the final standard.
would they complain if the roots actually provided an authoritative
answer (other than NXDOMAIN) at some point in the future?
--bill
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
