On 30 Sep 2015, at 8:26, Brian Haberman wrote:
----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------
I can't decide if I should ballot Yes because this document does a
good
job of describing how to deploy this approach or Abstain because
the
fragility introduced in this approach appears to be untenable.
In the meantime, can someone explain why this document is stating
a
requirement to deploy this approach with IPv4 only?
Yes. Given that this is running on loopback, it doesn't matter if
the
service is running on either the v4 or v6 loopback address. Unless
a
system running this service has absolutely no v4 at all (it doesn't
even
need to be offering v4 service to customers), the v4 loopback
address is
sufficient.
There seems to be wide disagreement about what is the v6 loopback
address: some of these addresses exist on some v6 systems but not
others, or so we were told. If there is a v6 loopback address that
is
universally deployed (as 127/8 is for v4), we can add it, although
it
won't actually make this more deployable.
--Paul Hoffman
I am not sure how much clearer the definition of IPv6 loopback could
be
(https://tools.ietf.org/html/rfc4291#section-2.5.3). Of course, if
it
is an implementation issue, there is not much the IETF can do.
Thanks for the quick response.
If the WG agrees that 0:0:0:0:0:0:0:1 is always present, we can
certainly add that to the document. I now cannot find any on-list
mention of why this isn't useful in all v6-capable systems, so it
might
have been a hallway conversation.
It seems like the WG can cover both address families by simply making
these changes:
OLD:
o The system MUST be able to run an authoritative server on one of
the IPv4 loopback addresses (that is, an address in the range
127/8).
NEW:
o The system MUST be able to run an authoritative server on one of
the loopback addresses (that is, an address in the range
127/8 for IPv4 or ::1 in IPv6).
OLD:
2. Start the authoritative server with the root zone on a loopback
address that is not in use. This would typically be 127.0.0.1,
but if that address is in use, any address in 127/8 is
acceptable.
NEW:
2. Start the authoritative server with the root zone on a loopback
address. This would typically be 127.0.0.1 in IPv4 or ::1 in
IPv6.
Why does the document say that the address should not be in use?
I'll add the v4/v6 wording to the post-IESG-review draft unless there is
objection in the WG.
John Levine just answered your question about why the address might
already be in use, which was something that was brought up in the early
discussion of this draft in the WG. It means that you can't run both
this and some other DNS-listening task on ::1, whereas you can run both
on different addresses in 127/8. We'll cover that in the new wording.
--Paul Hoffman
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
