In message <[email protected]> Michael Richardson writes: > > >>>>> "Erik" =3D=3D Erik Nordmark <[email protected]> writes: > Erik> 4. Looking up foo.ispA.net works when asking the DNS server at > Erik> ISP-A, but fails (NXDOMAIN) when asking ISP-B. > > Erik> 5. The lookup of foo.ispA.net works over either DNS and > Erik> returns the same IP address, but fails (due to firewalls) for > Erik> packets that are sent out via ISP-B. > > Erik> 6. The lookup of foo.ispA.net works over either DNS and > Erik> returns the same IP address, but the application-layer content > Erik> is completely different (e.g., a "subscriber" view when > Erik> connecting over the ISP-A connection). > > We have heard requests for a facility to provide hosts information of > the sort: > when looking for an FQDN that has suffix "X", please contact server "Y" > > And my question is: isn't that what an NS record is? > > It seems to me that we can solve all of the walled garden DNS in IPv6 > land, with an arrangement like: > > example.com NS reachable by the world. > garden.example.com NS pointing to AAAA record, where IPv6 > address is only reachable from garden. > television.garden.example.com AAAA returned from > garden.example.com name server (above) > > This solution works perfectly in IPv4 land, but due to lack of IPv4 > global address space, the NS for garden.example.com winds up pointing to > RFC1918 address, and not only does this look bad, but it can in fact > cause failures if there really is a DNS server at that address. > > It seems to me that we just don't need anything else in IPv6, except > easily *available* non-connected PI address space (whether it's ULA-C, > some recognized part of 2000::/3, or an entirely new space). > > NOTE: the existing ingress filtering problem means that one must assume > that walled gardens will have to provide address space to the home > that will be used to talk to them. A challenge to the walled > garden people's thought process is that they might be thinking > that they need 1-IP per customer, when in fact, they need to have > at least a /60 per customer.
If this is a walled garden within the home, would it be simple enough to use a 6to4 address space for one globally unique IPv4 address and just not bring up a 6to4 tunnel? Instant walled garden. With private DNS. Alternately bring up the 6to4 tunnel but don't propogate or forward on the garden side. If garden.example.com is the A record for the 6to4 and also has an AAAA record, and it is also the DNS server within the garden, then the DNS records are availabel both inside and outside but connectivity is inside only. Walled gardens always seem like a bad idea. And probably always are a bad idea. If you have control over both the DHCP (4 or 6) server and the DNS server, you can make DNS look like anything you want within the garden. [Except for those hosts who do their own DNS from root or have configured a DNS forwarder from elsewhere. Only the geeks.] The original question seems to be whether the same dns query (for example, garden.example.com) could be made to resolve differently in ISP-A and ISP-B and the answer is "yes" with no changes but with the exception within [] in the prior paragraph. Curtis _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
