BEHAVE WG M. Bagnulo
Internet-Draft UC3M
Intended status: Standards Track A. Sullivan
-Expires: September 6, 2010 Shinkuro
+Expires: September 23, 2010 Shinkuro
P. Matthews
Alcatel-Lucent
I. van Beijnum
IMDEA Networks
- March 5, 2010
+ March 22, 2010
DNS64: DNS extensions for Network Address Translation from IPv6 Clients
to IPv4 Servers
- draft-ietf-behave-dns64-07
+ draft-ietf-behave-dns64-08
Abstract
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
- This Internet-Draft will expire on September 6, 2010.
+ This Internet-Draft will expire on September 23, 2010.
-Bagnulo, et al. Expires September 6, 2010 [Page 1]
+Bagnulo, et al. Expires September 23, 2010 [Page 1]
\f
Internet-Draft DNS64 March 2010
-Bagnulo, et al. Expires September 6, 2010 [Page 2]
+Bagnulo, et al. Expires September 23, 2010 [Page 2]
\f
Internet-Draft DNS64 March 2010
8. Security Considerations . . . . . . . . . . . . . . . . . . . 27
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 27
10. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 27
- 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 27
+ 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 28
12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 28
12.1. Normative References . . . . . . . . . . . . . . . . . . . 28
- 12.2. Informative References . . . . . . . . . . . . . . . . . . 28
+ 12.2. Informative References . . . . . . . . . . . . . . . . . . 29
Appendix A. Motivations and Implications of synthesizing AAAA
Resource Records when real AAAA Resource Records
-Bagnulo, et al. Expires September 6, 2010 [Page 3]
+Bagnulo, et al. Expires September 23, 2010 [Page 3]
\f
Internet-Draft DNS64 March 2010
- exist . . . . . . . . . . . . . . . . . . . . . . . . 29
+ exist . . . . . . . . . . . . . . . . . . . . . . . . 30
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 31
-Bagnulo, et al. Expires September 6, 2010 [Page 4]
+Bagnulo, et al. Expires September 23, 2010 [Page 4]
\f
Internet-Draft DNS64 March 2010
-Bagnulo, et al. Expires September 6, 2010 [Page 5]
+Bagnulo, et al. Expires September 23, 2010 [Page 5]
\f
Internet-Draft DNS64 March 2010
so that both can algorithmically generate the same IPv6
representation for a given IPv4 address. In addition, it is required
that IPv6 packets addressed to an IPv6 destination address that
- contains the Pref64::/n be delivered to an IPv6/IPv4 translator, so
- they can be translated into IPv4 packets.
+ contains the Pref64::/n be delivered to an IPv6/IPv4 translator that
+ has that particular Pref64::/n configured, so they can be translated
+ into IPv4 packets.
Once the DNS64 has synthesized the AAAA RRs, the synthetic AAAA RRs
are passed back to the IPv6 initiator, which will initiate an IPv6
In general, the only shared state between the DNS64 and the IPv6/IPv4
translator is the Pref64::/n and an optional set of static
- parameters. The Pref64::/n and the set of static parameters must be
-Bagnulo, et al. Expires September 6, 2010 [Page 6]
+Bagnulo, et al. Expires September 23, 2010 [Page 6]
\f
Internet-Draft DNS64 March 2010
+ parameters. The Pref64::/n and the set of static parameters must be
configured to be the same on both; there is no communication between
the DNS64 device and IPv6/IPv4 translator functions. The mechanism
to be used for configuring the parameters of the DNS64 is beyond the
resolver will try to obtain (real) AAAA RRs and in case they are not
available, the DNS64 function will synthesize AAAA RRs for internal
usage. This mode is compatible with some advanced functions like
- DNSSEC validation in the end host. The main drawback of this mode is
-Bagnulo, et al. Expires September 6, 2010 [Page 7]
+Bagnulo, et al. Expires September 23, 2010 [Page 7]
\f
Internet-Draft DNS64 March 2010
+ DNSSEC validation in the end host. The main drawback of this mode is
its deployability, since it requires changes in the end hosts. This
mode is called "DNS64 in stub-resolver mode". This is the second
type of DNS64 resolver.
-
-Bagnulo, et al. Expires September 6, 2010 [Page 8]
+Bagnulo, et al. Expires September 23, 2010 [Page 8]
\f
Internet-Draft DNS64 March 2010
-Bagnulo, et al. Expires September 6, 2010 [Page 9]
+Bagnulo, et al. Expires September 23, 2010 [Page 9]
\f
Internet-Draft DNS64 March 2010
-Bagnulo, et al. Expires September 6, 2010 [Page 10]
+Bagnulo, et al. Expires September 23, 2010 [Page 10]
\f
Internet-Draft DNS64 March 2010
-Bagnulo, et al. Expires September 6, 2010 [Page 11]
+Bagnulo, et al. Expires September 23, 2010 [Page 11]
\f
Internet-Draft DNS64 March 2010
-Bagnulo, et al. Expires September 6, 2010 [Page 12]
+Bagnulo, et al. Expires September 23, 2010 [Page 12]
\f
Internet-Draft DNS64 March 2010
-Bagnulo, et al. Expires September 6, 2010 [Page 13]
+Bagnulo, et al. Expires September 23, 2010 [Page 13]
\f
Internet-Draft DNS64 March 2010
-Bagnulo, et al. Expires September 6, 2010 [Page 14]
+Bagnulo, et al. Expires September 23, 2010 [Page 14]
\f
Internet-Draft DNS64 March 2010
-Bagnulo, et al. Expires September 6, 2010 [Page 15]
+Bagnulo, et al. Expires September 23, 2010 [Page 15]
\f
Internet-Draft DNS64 March 2010
-Bagnulo, et al. Expires September 6, 2010 [Page 16]
+Bagnulo, et al. Expires September 23, 2010 [Page 16]
\f
Internet-Draft DNS64 March 2010
-Bagnulo, et al. Expires September 6, 2010 [Page 17]
+Bagnulo, et al. Expires September 23, 2010 [Page 17]
\f
Internet-Draft DNS64 March 2010
-Bagnulo, et al. Expires September 6, 2010 [Page 18]
+Bagnulo, et al. Expires September 23, 2010 [Page 18]
\f
Internet-Draft DNS64 March 2010
-Bagnulo, et al. Expires September 6, 2010 [Page 19]
+Bagnulo, et al. Expires September 23, 2010 [Page 19]
\f
Internet-Draft DNS64 March 2010
-Bagnulo, et al. Expires September 6, 2010 [Page 20]
+Bagnulo, et al. Expires September 23, 2010 [Page 20]
\f
Internet-Draft DNS64 March 2010
-Bagnulo, et al. Expires September 6, 2010 [Page 21]
+Bagnulo, et al. Expires September 23, 2010 [Page 21]
\f
Internet-Draft DNS64 March 2010
-Bagnulo, et al. Expires September 6, 2010 [Page 22]
+Bagnulo, et al. Expires September 23, 2010 [Page 22]
\f
Internet-Draft DNS64 March 2010
-Bagnulo, et al. Expires September 6, 2010 [Page 23]
+Bagnulo, et al. Expires September 23, 2010 [Page 23]
\f
Internet-Draft DNS64 March 2010
-Bagnulo, et al. Expires September 6, 2010 [Page 24]
+Bagnulo, et al. Expires September 23, 2010 [Page 24]
\f
Internet-Draft DNS64 March 2010
-Bagnulo, et al. Expires September 6, 2010 [Page 25]
+Bagnulo, et al. Expires September 23, 2010 [Page 25]
\f
Internet-Draft DNS64 March 2010
-Bagnulo, et al. Expires September 6, 2010 [Page 26]
+Bagnulo, et al. Expires September 23, 2010 [Page 26]
\f
Internet-Draft DNS64 March 2010
8. Security Considerations
- See the discussion on the usage of DNSSEC and DNS64 described in
- Section 3, Section 5.5, and Section 6.2.
+ DNS64 functions in combination with the DNS, and is therefore subject
+ to whatever security considerations are appropriate to the DNS mode
+ in which the DNS64 is operating (i.e. authoritative, recursive, or
+ stub resolver mode).
+
+ DNS64 has the potential to interfere with the functioning of DNSSEC,
+ because DNS64 by its very functioning modifies DNS answers, and
+ DNSSEC is designed to detect such modification and to treat modified
+ answers as bogus. See the discussion above in Section 3,
+ Section 5.5, and Section 6.2.
9. IANA Considerations
Microsoft
+
+
+
+
+Bagnulo, et al. Expires September 23, 2010 [Page 27]
+\f
+Internet-Draft DNS64 March 2010
+
+
dthaler@windows.microsoft.com
including the participants of the IETF BEHAVE Working Group. The
following IETF participants made specific contributions to parts of
the text, and their help is gratefully acknowledged: Jaap Akkerhuis,
-
-
-
-Bagnulo, et al. Expires September 6, 2010 [Page 27]
-\f
-Internet-Draft DNS64 March 2010
-
-
Mark Andrews, Jari Arkko, Rob Austein, Timothy Baldwin, Fred Baker,
Doug Barton, Marc Blanchet, Cameron Byrne, Brian Carpenter, Zhen Cao,
Hui Deng, Francis Dupont, Patrik Faltstrom, Ed Jankiewicz, Peter
draft-ietf-behave-address-format-04 (work in progress),
January 2010.
+
+
+
+
+
+
+Bagnulo, et al. Expires September 23, 2010 [Page 28]
+\f
+Internet-Draft DNS64 March 2010
+
+
12.2. Informative References
[I-D.ietf-behave-v6v4-xlate-stateful]
"Dynamic Updates in the Domain Name System (DNS UPDATE)",
RFC 2136, April 1997.
-
-
-Bagnulo, et al. Expires September 6, 2010 [Page 28]
-\f
-Internet-Draft DNS64 March 2010
-
-
[RFC3484] Draves, R., "Default Address Selection for Internet
Protocol version 6 (IPv6)", RFC 3484, February 2003.
Rose, "Protocol Modifications for the DNS Security
Extensions", RFC 4035, March 2005.
- [RFC5735] Cotton, M. and L. Vegoda, "iSpecial Use IPv4 Addresses",
+ [RFC5735] Cotton, M. and L. Vegoda, "Special Use IPv4 Addresses",
BCP 153, RFC 5735, January 2010.
[I-D.ietf-behave-v6v4-framework]
July 2009.
[I-D.ietf-dnsop-default-local-zones]
+
+
+
+Bagnulo, et al. Expires September 23, 2010 [Page 29]
+\f
+Internet-Draft DNS64 March 2010
+
+
Andrews, M., "Locally-served DNS Zones",
draft-ietf-dnsop-default-local-zones-09 (work in
progress), November 2009.
Appendix A. Motivations and Implications of synthesizing AAAA Resource
Records when real AAAA Resource Records exist
-
-
-
-Bagnulo, et al. Expires September 6, 2010 [Page 29]
-\f
-Internet-Draft DNS64 March 2010
-
-
The motivation for synthesizing AAAA RRs when real AAAA RRs exist is
to support the following scenario:
[I-D.ietf-behave-address-format]) is used, then a synthetic AAAA RR
is likely to be preferred.
+
+
+
+Bagnulo, et al. Expires September 23, 2010 [Page 30]
+\f
+Internet-Draft DNS64 March 2010
+
+
This means that without further configuration:
In the "An IPv6 network to the IPv4 Internet" scenario, the host
is used (the Well-Known Prefix usage is not supported in this
case)
-
-
-
-Bagnulo, et al. Expires September 6, 2010 [Page 30]
-\f
-Internet-Draft DNS64 March 2010
-
-
In the "An IPv6 network to IPv4 network" scenario, for local
destinations (i.e., target hosts inside the local site), it is
likely that the NSP and the destination prefix are the same, so we
URI: http://www.it.uc3m.es/marcelo
- Andrew Sullivan
- Shinkuro
- 4922 Fairmont Avenue, Suite 250
- Bethesda, MD 20814
- USA
-
- Phone: +1 301 961 3131
- Email: ajs@shinkuro.com
-
-
+Bagnulo, et al. Expires September 23, 2010 [Page 31]
+\f
+Internet-Draft DNS64 March 2010
+ Andrew Sullivan
+ Shinkuro
+ 4922 Fairmont Avenue, Suite 250
+ Bethesda, MD 20814
+ USA
-Bagnulo, et al. Expires September 6, 2010 [Page 31]
-\f
-Internet-Draft DNS64 March 2010
+ Phone: +1 301 961 3131
+ Email: ajs@shinkuro.com
Philip Matthews
-
-
-
-
-
-
-
-
-
-
-Bagnulo, et al. Expires September 6, 2010 [Page 32]
+Bagnulo, et al. Expires September 23, 2010 [Page 32]
\f
projects / thirdparty / bind9.git / commitdiff
