In message <[email protected]>, Michael Richardson writes: > --=-=-= > > > Mark Andrews <[email protected]> wrote: > > In message <[email protected]>, Andrew Sullivan > > writes: > >> On Tue, Mar 04, 2014 at 04:50:33AM -0800, SM wrote: > correctly the > >> answer in the DNS cache would be for a non-global > resource. There > >> is no longer an assumption of uniqueness. As a > local decision I > >> would use low TTLs [1]. > >> > >> But as Michael pointed out upthread, the more realistic and compelling > >> (if harder to understand) examples involve a dual-homed node like a > >> phone flipping from one interface to another. You'd need sub-second > >> TTLs for that not to be a problem, and we don't have those. > > > I don't see current phones flip from WiFi to 3/4G multiple times a > > second. They have longer duty cycles than that. Additionally if you > > are in such a zone you tend to 1) move or 2) force WiFi or 3/4G to get > > stability. > > Current Android phones have to turn one or to turn the other on. (I can't > speak for other brands). They also don't do MIF at all. > That why it takes so long, and it pissed people off, and it's gonna get fixed > . > > At that point, it won't be that they "flip", so much as they always have the > 3G alive, but the wifi could get too weak and it might flip things over.
iPhones flip based on WiFi signal strength and being to associate with the AP but certainly not multiple times a second. > People don't want to be "forcing" things --- they want to just have a device > in their pocket that does stuff for them. Which they do today. If you are sitting on the edge of WiFi range you get a bit of flip flop but most of the time one is just "On WiFi" at home or on 3G (or whatever) when away from home. For me the WiFi border is sitting at the bus stop around the corner. > So I agree that this isn't a problem we see today, but maybe next year; > certainly before homenet w/DNSSEC is seen by early adopters. I really don't see this as being a issue in practice. Just sign the zone (all verisons) in the house with the same keys. Stop with this nonsence idea that you shouldn't sign the internal version when you are signing the external version. The CPE is a recursive server on the inside interfaces that is also authoritative for these zones with acls limiting recursion to internal addresses. The external interface is only authoritative for the external version of the zones. For the record I have split horizon signed zones with the same DNSKEY records for both versions running on my border router which is a 1998 vintage PC and have done for about a decade now. Same sort of compute power and storage as you can get in modern CPE devices. I eat my own dog food. The nameserver accepts dynamic updates from both the DHCP server and internal clients. The home has GUA, ULA IPv6 addresses + RFC 1918 addresses for IPv4. This all just works. Mark > -- > Michael Richardson <[email protected]>, Sandelman Software Works > -= IPv6 IoT consulting for hire =- > > > > > --=-=-= > Content-Type: application/pgp-signature > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.12 (GNU/Linux) > > iQCVAwUBUxbrOYqHRg3pndX9AQKlxgP+LCknfzxYHrCaqI+MrC8Y8BEEsT7U2/2j > VL2iVIw6udK9VKoe+50EPMIFs8R9o5le+Nsy2DVuY4uDj6u5Ys0GDZ6Lbys5WMAC > m0YX/CVxYodH5fqN3DD+tKqPoGIPe1xtAimjs03r/plly8YiLjh/bDs7PRkL9Aqk > 0QbA2WuKKzI= > =U60b > -----END PGP SIGNATURE----- > --=-=-=-- -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
