> > Now you might want to configure your DNS proxy (resursive > server) to > > not pass through AAAA records with ULA addresses unless > they are from > > known sources with whom you have a prior arrangement. > > But that is a different issue. > > Now the DNS must know about routing?
Why would the DNS need to know anything about routing? ULA addressing is intended for local use. If an organization wants to enforce that policy by putting filters in their routers which talk to the public Internet, they are free to do so. If they want to put filters in the DNS servers which talk to the public Internet, they are free to do so. The DNS filters are about policy, and have nothing to do with routing. You are the one who said that somebody might put ULA addresses in AAAA records that are visible to the Internet instead of running proper split-horizon for their internal DNS. If I want to protect my DNS and my systems from somebody elses misconfigurations, then filtering and proxying is the standard way to do it, regardless of whether we are talking about routing packets, DNS queries, http queries or telephone calls. --Michael Dillon -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
