> Hi all, The goal to > improve DNSSEC adoption is good. The goal to improve IPv6 adoptions > is good too. It looks like here goals contradict (for technical > reasons). But if you would pay attention that DNS64 is already > massively adopted by *ALL* carriers, Then the harm for DNSSEC is > already done and non-reversible (this battle was lost many years > ago). Hence, please do not harm additionally for IPv6 adoption. > Please, adopt Momoka's draft at least somewhere (I am not sure > v6ops or dnsop).
The draft is a bit confusing to me because it discusses DNS64, though it seems that DNS64 is mostly irrelevant to this draft. The draft discusses how a recursive resolver could operate on a link that has IPv6 as native transport and where IPv4 access is provided using NAT64. DNS64 can be provided downstream to users of the recursive resolver, but that seems not relevant. DNS64 can also be left out. With no change to the upstream requirements. I think the draft would improve if references to DNS64 are removed as much as possible. The thing I find missing in this draft is that the desired functionality comes for free if the the host implements 464xlat. Using 464xlat everywhere has the advantage that it is compatible with DNSSEC and that DNS64 is not needed. In the context of this draft another advantage of using 464xlat is that the recursive resolver can remain completely unaware of the NAT64 translation prefix. The draft describes that the translation prefix is typically configured statically because of DNS64. However, in new installations it would be best to avoid DNS64, so this would require recursive resolvers to dynamically find the current translation prefix. In short, in my opinion a recursive resolver behind NAT64 should use 464xlat and should not try to implement address translation directly. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop