Re: The case against A6 and DNAME

David Harmelin Wed, 07 Feb 2001 09:30:26 -0800
(hm.. apparently hit the wrong button in the previous mail)

Dan,

In your "AOL committing A6 suicide" scenario, you describe how the 
protection against poison may break A6 chains.

Now, what would happen if AOL did configure everything like this:

For its aol.net zone:
dns-01.ns.aol.com A6 ... prefix.aol.com
dns-02.ns.aol.com A6 ... prefix.aol.com
prefix.aol.com A6 <prefix1>

For its aol.com zone:
dns-01.ns.aol.net A6 ... prefix.aol.net
dns-02.ns.aol.net A6 ... prefix.aol.net
prefix.aol.net A6 <prefix1>

(same prefix1)

My point is, if poison is susceptible of breaking A6 chains, DNS admins 
(possibly enforced by the DNS server implementation) should make sure that 
locally, A6 chains are defined under the same domain.

In the case above, dns-01.ns.aol.com and dns-01.ns.aol.net could even lead 
to the same IPv6 address, if AOL wants to maintain their .net and .com 
servers on the same machine.

Now it does require more records to define/maintain/..

Best regards,

DH.

At 08:56 AM 2/7/01 +0000, D. J. Bernstein wrote:
>I recommend that the A6 and DNAME proposals be terminated. I've set up a
>web page on this topic:
>
>    http://cr.yp.to/djbdns/killa6.html
>
>---Dan
>--------------------------------------------------------------------
>IETF IPng Working Group Mailing List
>IPng Home Page:                      http://playground.sun.com/ipng
>FTP archive:                      ftp://playground.sun.com/pub/ipng
>Direct all administrative requests to [EMAIL PROTECTED]
>--------------------------------------------------------------------

___________________________________________________________________
             * *         David Harmelin         Network Engineer
           *     *                              DANCERT Representative
          *              Francis House
         *               112 Hills Road       Tel +44 1223 302992
         *               Cambridge CB2 1PQ    Fax +44 1223 303005
      D  A  N  T  E      United Kingdom       WWW http://www.dante.net
____________________________________________________________________

--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page:                      http://playground.sun.com/ipng
FTP archive:                      ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
Re: The case against A6 and DNAME

Reply via email to
