>>>>> "Erik" == Erik Nordmark <[email protected]> writes: Erik> 4. Looking up foo.ispA.net works when asking the DNS server at Erik> ISP-A, but fails (NXDOMAIN) when asking ISP-B.
Erik> 5. The lookup of foo.ispA.net works over either DNS and
Erik> returns the same IP address, but fails (due to firewalls) for
Erik> packets that are sent out via ISP-B.
Erik> 6. The lookup of foo.ispA.net works over either DNS and
Erik> returns the same IP address, but the application-layer content
Erik> is completely different (e.g., a "subscriber" view when
Erik> connecting over the ISP-A connection).
We have heard requests for a facility to provide hosts information of
the sort:
when looking for an FQDN that has suffix "X", please contact server "Y"
And my question is: isn't that what an NS record is?
It seems to me that we can solve all of the walled garden DNS in IPv6
land, with an arrangement like:
example.com NS reachable by the world.
garden.example.com NS pointing to AAAA record, where IPv6
address is only reachable from garden.
television.garden.example.com AAAA returned from
garden.example.com name server (above)
This solution works perfectly in IPv4 land, but due to lack of IPv4
global address space, the NS for garden.example.com winds up pointing to
RFC1918 address, and not only does this look bad, but it can in fact
cause failures if there really is a DNS server at that address.
It seems to me that we just don't need anything else in IPv6, except
easily *available* non-connected PI address space (whether it's ULA-C,
some recognized part of 2000::/3, or an entirely new space).
NOTE: the existing ingress filtering problem means that one must assume
that walled gardens will have to provide address space to the home
that will be used to talk to them. A challenge to the walled
garden people's thought process is that they might be thinking
that they need 1-IP per customer, when in fact, they need to have
at least a /60 per customer.
--
] He who is tired of Weird Al is tired of life! | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] [email protected] http://www.sandelman.ottawa.on.ca/ |device driver[
Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
then sign the petition.
pgp2hhmly84ZD.pgp
Description: PGP signature
_______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
