Date: Thu, 15 Feb 2001 22:56:45 -0800
From: "Richard Draves" <[EMAIL PROTECTED]>
Message-ID:
<[EMAIL PROTECTED]>
| The Microsoft IPv6 implementation supports Erik's draft.
I'm not sure that implementing a draft which had (until last week)
expired is a wonderful idea (other than for a limited test of the
mechanisms anyway).
| It also puts site-local addresses in the DNS.
Grunge.
| And in normal home gateway scenarios
| (requires some administrative action to stop this) it will send RAs with
| a site-local prefix as well as a global prefix.
That one I don't mind - the "normal home gateway" is exactly where
site locals are most needed.
| If it uses the
| site-local address it will probably have a lengthy timeout before
| falling back to the global address, but in the worst case the
| application/user might give up, or it might even end up communicating
| with the wrong host.
Yes, it is because this can happen to nodes that haven't implemented
Erik's draft that I don't think that the mechanisms proposed there
can work (and ideally never be let loose on an unsuspecting world).
| Another possibility is that a DNS server can look at the source address
| of the DNS request.
That's just two faced DNS, which doesn't work in general, and in
particular doesn't work here...
| If the source adress is an IPv6 site-local address,
| then the DNS server can include site-local addresses in its reply.
Typically the resolver in a node sends a query to a local cache.
Chances are it will always use site local for that if it can. The
cache then tries to find the authoritative server, that means (in
general, even to find your own local servers) starting at the root
and climbing down the chain. The root gives A records for the COM
servers (those won't be site local one hopes). The COM servers
give A records for the microsoft.com servers (they won't be site
local either), your cache then sends to one of those servers, using
the address you have just been handed, so your cache sends to a global
addr, and hence uses a global source addr, and thus gets back only
global addresses.
To make two faced DNS work requires a lot of local configuration
and careful planning and management - which is exactly what your
typical home network is not going to have (nor is it typically
going to have a DNS server at all).
kre
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
