[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

effect of v4 runout [Re: v6ops-nat64-pb-statement-req: DNSSEC requirement]

To: Iljitsch van Beijnum <iljitsch@muada.com>
Subject: effect of v4 runout [Re: v6ops-nat64-pb-statement-req: DNSSEC requirement]
From: Pekka Savola <pekkas@netcore.fi>
Date: Mon, 28 Jul 2008 09:48:01 +0300 (EEST)
Cc: Thomas Narten <narten@us.ibm.com>, marcelo bagnulo braun <marcelo@it.uc3m.es>, v6ops@ops.ietf.org
In-reply-to: <783EB7C1-1261-49BA-9E48-AC0742840603@muada.com>
References: <200807222120.m6MLKAnL010018@cichlid.raleigh.ibm.com> <48873AC0.5090401@it.uc3m.es> <200807232029.m6NKTPx2004828@cichlid.raleigh.ibm.com> <488833F7.7030606@it.uc3m.es> <200807251222.m6PCMEjV017212@cichlid.raleigh.ibm.com> <783EB7C1-1261-49BA-9E48-AC0742840603@muada.com>
User-agent: Alpine 1.10 (LRH 962 2008-03-14)

On Sun, 27 Jul 2008, Iljitsch van Beijnum wrote:

If you want to use DNSSEC and NAT64 together, either DNSSEC or DNS64 must bechanged to be aware of the other.

(This is a side note wrt the subject change..) Well, you could makethe v6-hosts query A records, and synthethize themselves based onNAT64 prefix information they have. Not sure if you count this ineither of your categories above.

Yes, this is inconvenient but then again,not being able to connect to the 99% of the internet that's still on IPv4when your ISP can't give you an IPv4 address anymore is also quiteinconvenient.

This is a belief that needs debunking. Many drafts, this included,make the assumption that there is major incentive to deploy v6 beforeIANA's v4 space runs out. Some longer sighted ISPs may see it soespecially if the IETF and vendors can provide tools to assist them;others won't. The ISP will just provide the users private addressspace and do NAT. This has been commonplace in many 2G/3Gdeployments, and it will become the norm in residential connectivityas well. So the scenario we must compare NAT64 etc. against isISP-provided v4 private space, not no v4 at all.


--
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

Follow-Ups:
- Re: effect of v4 runout [Re: v6ops-nat64-pb-statement-req: DNSSEC requirement]
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>

References:
- v6ops-nat64-pb-statement-req: DNSSEC requirement
  - From: Thomas Narten <narten@us.ibm.com>
- Re: v6ops-nat64-pb-statement-req: DNSSEC requirement
  - From: marcelo bagnulo braun <marcelo@it.uc3m.es>
- Re: v6ops-nat64-pb-statement-req: DNSSEC requirement
  - From: Thomas Narten <narten@us.ibm.com>
- Re: v6ops-nat64-pb-statement-req: DNSSEC requirement
  - From: marcelo bagnulo braun <marcelo@it.uc3m.es>
- Re: v6ops-nat64-pb-statement-req: DNSSEC requirement
  - From: Thomas Narten <narten@us.ibm.com>
- Re: v6ops-nat64-pb-statement-req: DNSSEC requirement
  - From: Iljitsch van Beijnum <iljitsch@muada.com>

Prev by Date: Re: v6ops-nat64-pb-statement-req: DNSSEC requirement
Next by Date: RE: about the coexistance scenarios in draft-ietf-v6ops-nat64-pb-statement-req-01
Previous by thread: Re: v6ops-nat64-pb-statement-req: DNSSEC requirement
Next by thread: Re: effect of v4 runout [Re: v6ops-nat64-pb-statement-req: DNSSEC requirement]
Index(es):
- Date
- Thread