On Fri, Oct 26, 2012 at 02:12:01PM -0400, RJ Atkinson wrote:
> Earlier, Andrew Sullivan wrote:
> > ...DNSSEC cannot be used for validation with mDNS because
> > the actual mDNS name is [some string].local., ...
>
> mDNS can, and regularly is, also used to transport
> DNS information outside the "
On Oct 26, 2012, at 12:46 PM 10/26/12, RJ Atkinson wrote:
>
> On 26 Oct 2012, at 12:24 , Stephen Farrell wrote:
>> My understanding is that 3118 is fictional,
>> i.e. is never deployed, ever. As an AD, I generally
>> push back on any draft where the security considerations
>> say "use 3118 and
Ran,
I think you're missing the point. What I am suggesting is that the routers,
which learn DNS servers via DHCPv6 or RDNSS, can pass around those DNS
servers inside the routing protocol that runs in the homenet. The hosts
would then get the information from the routers using DHCPv6 or RDNSS, jus
Earlier, Andrew Sullivan wrote:
> ...DNSSEC cannot be used for validation with mDNS because
> the actual mDNS name is [some string].local., ...
mDNS can, and regularly is, also used to transport
DNS information outside the ".local" pseudo-TLD.
The mDNS specification explicitly says that mDNS
also
On 10/26/2012 09:46 AM, RJ Atkinson wrote:
On 26 Oct 2012, at 12:24 , Stephen Farrell wrote:
My understanding is that 3118 is fictional,
i.e. is never deployed, ever. As an AD, I generally
push back on any draft where the security considerations
say "use 3118 and you'll be fine."
If I'm wrong
On 26 Oct 2012, at 12:24 , Stephen Farrell wrote:
> My understanding is that 3118 is fictional,
> i.e. is never deployed, ever. As an AD, I generally
> push back on any draft where the security considerations
> say "use 3118 and you'll be fine."
>
> If I'm wrong, I'd be interested in knowing th
Not trying to get into the argument here, but just one
point:
On 10/26/2012 04:59 PM, RJ Atkinson wrote:
> This is not true if DHCP Authentication has been deployed.
My understanding is that 3118 is fictional, i.e. is never
deployed, ever. As an AD, I generally push back on any
draft where the s
On Fri, Oct 26, 2012 at 11:59:52AM -0400, RJ Atkinson wrote:
>
> 3) It appears that DNSsec still can be used with mDNS.
>So again, this can be deployed/used in environments
>where DNS authentication is deemed sensible.
Let us be perfectly clear on this: mDNS is a completely different
prot
On 25 Oct 2012, at 20:33 , Lorenzo Colitti wrote:
>> I'm also nervous about both DNS authorisation
>> and DNS authentication. Who is allowed to make
>> which DNS advertisements and how do I authenticate
>> the received DNS advertisement as both valid and
>> authorised ?
>>
>
> I don't see a di
Op 26 okt. 2012, om 10:05 heeft Lorenzo Colitti het volgende geschreven:
> On Fri, Oct 26, 2012 at 4:50 PM, Teco Boot wrote:
> The question is, does DHCP support the following: The MIF node has configured
> a bench of addresses with SLAAC. Now it learns that there is a DHCP server
> somewhere
> No more than a DHCPv6 server saying "please use this DNS server for
> everything". Right?
Right.
___
homenet mailing list
homenet@ietf.org
https://www.ietf.org/mailman/listinfo/homenet
On Fri, Oct 26, 2012 at 5:05 PM, Lorenzo Colitti wrote:
> Using a routing protocol and not using DHCPv6 solves this issue, because a
> router is allowed to deprecate a prefix that has gone away even if it was
> originally announced by someone else, and NUD will let hosts work around
> broken rout
Op 26 okt. 2012, om 09:47 heeft Lorenzo Colitti het volgende geschreven:
> On Fri, Oct 26, 2012 at 4:39 PM, Teco Boot wrote:
>> Sure, but you still need to propagate that information to all the homenet
>> routers and DHCPv6 servers. In the general case, your host won't be adjacent
>> to that D
Op 26 okt. 2012, om 09:38 heeft Lorenzo Colitti het volgende geschreven:
> On Fri, Oct 26, 2012 at 4:37 PM, Teco Boot wrote:
> Hosts get addresses (DHCP or SLAAC) and then can get the additional info with
> unicasted DHCP for each address, using the MIF extensions. Maybe we have to
> tweak DHC
On Fri, Oct 26, 2012 at 4:39 PM, Teco Boot wrote:
> Sure, but you still need to propagate that information to all the homenet
> routers and DHCPv6 servers. In the general case, your host won't be
> adjacent to that DHCPv6 server with this information, or it may be using
> another DHCPv6 server in
Op 26 okt. 2012, om 08:45 heeft Lorenzo Colitti het volgende geschreven:
> On Fri, Oct 26, 2012 at 3:37 PM, Arifumi Matsumoto wrote:
> a DHCPv6 option to deliver such kind of information, that is, relation
> between DNS domain names and DNS servers, is almost baked.
> https://tools.ietf.org/html
On Fri, Oct 26, 2012 at 4:37 PM, Teco Boot wrote:
> Hosts get addresses (DHCP or SLAAC) and then can get the additional info
> with unicasted DHCP for each address, using the MIF extensions. Maybe we
> have to tweak DHCP a little to support this.
>
Just "maybe" ? :)
_
Op 26 okt. 2012, om 08:44 heeft Lorenzo Colitti het volgende geschreven:
> On Fri, Oct 26, 2012 at 3:24 PM, Teco Boot wrote:
>> But seriously: why are you not comfortable with this idea? We need a routing
>> protocol for the homenet anyway. A link-state routing protocol can carry
>> multiple T
On Fri, Oct 26, 2012 at 3:37 PM, Arifumi Matsumoto wrote:
> a DHCPv6 option to deliver such kind of information, that is, relation
> between DNS domain names and DNS servers, is almost baked.
> https://tools.ietf.org/html/draft-ietf-mif-dns-server-selection-12
Sure, but you still need to propaga
On Fri, Oct 26, 2012 at 3:24 PM, Teco Boot wrote:
> But seriously: why are you not comfortable with this idea? We need a
> routing protocol for the homenet anyway. A link-state routing protocol can
> carry multiple TLVs, including TLVs for DNS servers. Routing protocols can
> be authenticated. Th
Hi,
a DHCPv6 option to deliver such kind of information, that is, relation
between DNS domain names and DNS servers, is almost baked.
https://tools.ietf.org/html/draft-ietf-mif-dns-server-selection-12
Thanks.
2012/10/26 Teco Boot :
>
> Op 26 okt. 2012, om 02:33 heeft Lorenzo Colitti het volgende
Op 26 okt. 2012, om 02:33 heeft Lorenzo Colitti het volgende geschreven:
> On Fri, Oct 26, 2012 at 1:08 AM, RJ Atkinson wrote:
> I'm not comfortable with overloading a routing
> protocol for use as a DNS transport mechanism.
>
> Sorry, I didn't mean "routing protocol". I meant "Homenet DNS Info
On Fri, Oct 26, 2012 at 2:32 AM, Sander Steffann wrote:
> Yes. The routing protocol saying 'please use this address to resolve
> google.com' might cause some problems... With DNSSEC in place it can
> still cause a denial of service when unsigned or invalidly signed data is
> returned.
>
No more
On Fri, Oct 26, 2012 at 1:08 AM, RJ Atkinson wrote:
> I'm not comfortable with overloading a routing
> protocol for use as a DNS transport mechanism.
>
Sorry, I didn't mean "routing protocol". I meant "Homenet DNS Information
Distribution Protocol" (HIDP). I would expect a useful way to carry HI
Hi,
> I'm also nervous about both DNS authorisation
> and DNS authentication. Who is allowed to make
> which DNS advertisements and how do I authenticate
> the received DNS advertisement as both valid and
> authorised ?
Yes. The routing protocol saying 'please use this address to resolve
go
On Thu, 25 Oct 2012 09:11:18 +0900, Lorenzo Colitti wrote, in part:
> ...from the border router which discovered the DNS entries
> for tvservice.jp, inject those DNS servers into the mesh
> with a tag that they only be used for tvservice.jp,
> and pass that around in the routing protocol. No?
I'm
26 matches
Mail list logo