% I assume an end-host trust the administrator of the site which itself is
% connceted to. In other words, it believes that the route(s) to the
% well-known addresses are properly configured so that queries are lead to
% proper DNS servers.
this is naive, particularly in a tetherless environment.
%
% Yes, there are security issues, but no worse than non-well-known address
% methods.
hogwash. if one expects DNS servers to always be available
at, for example, fe80:dead:beef::53, then -anyone- can make
a server available at that address, not just the site admin.
%
% > why is there a need for yet another suite of reserved
% > "well-known" addresses for DNS servers?
% > Am I the only one who feels that this is a significant
% > breach of the integrity of the DNS system?
% > Or is this simply the path of least resistance and
% > folks are willing to abandon the integrity of the data
% > that the DNS is publishing? Or will this only be deployed
% > once there are other means to verify the integrity of the
% > data (can you say DNSSEC? sure you can.)
% >
% > There are other ways to discover DNS servers in a
% > (roaming/ad-hoc/untethered) environment.
% >
% >
% > % Hi John,
% > %
% > % > It should be possible to 'discover' DNS servers?
% > % > when roaming in new networks with minimal interaction from the user.
% > %
% > % Yes, that's the point.
% > %
% > % Wherever the end-host is, at the office, at home, at a hotspot, or at
% mobile
% > % enviroment, it simply queries to a well-known-sitelocal/global-address,
% and
% > % the query is lead to an appropriate DNS server which is prepared by the
% site
% > % administrator of each situation with manual configuration or
% > % auto-configuration.
% > %
% > % ----- Original Message -----
% > % From: <[EMAIL PROTECTED]>
% > % To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>;
% > % <[EMAIL PROTECTED]>
% > % Sent: Wednesday, April 17, 2002 5:37 PM
% > % Subject: RE: Stateless DNS discovery draft
% > %
% > %
% > % Hi Toshi,
% > %
% > % > I absolutely agree.
% > % >
% > % > In other word, there are typically three players,
% > % >
% > % > 1) end-host
% > % > 2) site network
% > % > 3) ISP network
% > % >
% > % > and "Stateless DNS discoery" is a zero-configuration method
% > % > mainly for 1).
% > % >
% > % > When the administrator of 2) wants to prepare DNS servers in his/her
% site
% > % > with assigning the well-know-site-local-uni-cast-addresses to them, 1)
% > % > simply queries to them.
% > % >
% > % > When the ISP prepares DNS servers in its backbone, the CPE router of
% 2)
% > % acts
% > % > as a dual-sited DNS proxy to relay queries to the the
% > % > well-know-site-local-uni-cast-addresses of the ISP's site, or to the
% > % global
% > % > addresses which are informed via ISP-to-Customer (or PE-to-CPE)
% > % > configuration mechanism such as DHCPv6, SLP or papers.
% > %
% > % I agree with you, this is a very good and to-the-point summary.
% > %
% > % I'd just like to point out that the need is especially crucial in
% > % roaming situations. It should be possible to 'discover' DNS servers
% > % when roaming in new networks with minimal interaction from the user.
% > %
% > % John
% > %
% > % --------------------------------------------------------------------
% > % IETF IPng Working Group Mailing List
% > % IPng Home Page: http://playground.sun.com/ipng
% > % FTP archive: ftp://playground.sun.com/pub/ipng
% > % Direct all administrative requests to [EMAIL PROTECTED]
% > % --------------------------------------------------------------------
% > %
% >
% >
% > --
% > --bill
% >
% >
%
--
--bill
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
