I assume an end-host trust the administrator of the site which itself is connceted to. In other words, it believes that the route(s) to the well-known addresses are properly configured so that queries are lead to proper DNS servers.
Yes, there are security issues, but no worse than non-well-known address methods. > why is there a need for yet another suite of reserved > "well-known" addresses for DNS servers? > Am I the only one who feels that this is a significant > breach of the integrity of the DNS system? > Or is this simply the path of least resistance and > folks are willing to abandon the integrity of the data > that the DNS is publishing? Or will this only be deployed > once there are other means to verify the integrity of the > data (can you say DNSSEC? sure you can.) > > There are other ways to discover DNS servers in a > (roaming/ad-hoc/untethered) environment. > > > % Hi John, > % > % > It should be possible to 'discover' DNS servers? > % > when roaming in new networks with minimal interaction from the user. > % > % Yes, that's the point. > % > % Wherever the end-host is, at the office, at home, at a hotspot, or at mobile > % enviroment, it simply queries to a well-known-sitelocal/global-address, and > % the query is lead to an appropriate DNS server which is prepared by the site > % administrator of each situation with manual configuration or > % auto-configuration. > % > % ----- Original Message ----- > % From: <[EMAIL PROTECTED]> > % To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; > % <[EMAIL PROTECTED]> > % Sent: Wednesday, April 17, 2002 5:37 PM > % Subject: RE: Stateless DNS discovery draft > % > % > % Hi Toshi, > % > % > I absolutely agree. > % > > % > In other word, there are typically three players, > % > > % > 1) end-host > % > 2) site network > % > 3) ISP network > % > > % > and "Stateless DNS discoery" is a zero-configuration method > % > mainly for 1). > % > > % > When the administrator of 2) wants to prepare DNS servers in his/her site > % > with assigning the well-know-site-local-uni-cast-addresses to them, 1) > % > simply queries to them. > % > > % > When the ISP prepares DNS servers in its backbone, the CPE router of 2) > % acts > % > as a dual-sited DNS proxy to relay queries to the the > % > well-know-site-local-uni-cast-addresses of the ISP's site, or to the > % global > % > addresses which are informed via ISP-to-Customer (or PE-to-CPE) > % > configuration mechanism such as DHCPv6, SLP or papers. > % > % I agree with you, this is a very good and to-the-point summary. > % > % I'd just like to point out that the need is especially crucial in > % roaming situations. It should be possible to 'discover' DNS servers > % when roaming in new networks with minimal interaction from the user. > % > % John > % > % -------------------------------------------------------------------- > % IETF IPng Working Group Mailing List > % IPng Home Page: http://playground.sun.com/ipng > % FTP archive: ftp://playground.sun.com/pub/ipng > % Direct all administrative requests to [EMAIL PROTECTED] > % -------------------------------------------------------------------- > % > > > -- > --bill > > -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
