IPv6 Confusion

Mark Andrews Mark_Andrews at isc.org
Tue Feb 17 17:55:30 CST 2009


In message <D34D7BAE-4781-4AE2-ABB2-6D211C9B7B85 at virtualized.org>, David Conrad
 writes:
> On Feb 17, 2009, at 11:28 AM, Tony Hain wrote:
> > Approach IPv6 as a new and different protocol.
> 
> Unfortunately, I gather this isn't what end users or network operators  
> want or expect.  I suspect if we want to make real inroads towards  
> IPv6 deployment, we'll need to spend a bit more time making IPv6 look,  
> taste, and feel like IPv4 and less time berating folks for "IPv4- 
> think" (not that you do this, but others here do).  For example,  
> getting over the stateless autoconfig religion (which was never fully  
> thought out -- how does a autoconfig'd device get a DNS name  
> associated with their address in a DNSSEC-signed world again?) and  
> letting network operators use DHCP with IPv6 the way they do with IPv4.

	David you know as well as I do that DNSSEC is a orthognal
	issue here.

	The first issue is how do you assign a name to a object?
	The second issue is how do you add that name to the DNS?
	The third issue is how do you sign that change?

	I solve it by give the machine a name.  Adding a KEY record
	at that name to the DNS, the private part the machine knows.
	I then use SIG(0) to update the address records of the
	machine whenever the addresses change.  The DNS server that
	accepts that update generated new RRSIGs for the records
	affected by that change and the zone propogates out to the
	servers using NOTIFY.

	I update the reverse PTR records using tcp-self as the
	authentication mechanism.  tcp-self is weak but is strong
	enough for the level of trust assigned to PTR records.
	Again the DNS server generates appropriate signatures.

	The machine's name is not tied to the network on which it
	lives.

	Mark
	
 
> Or, we simply continue down the path of more NATv4.
> 
> Regards,
> -drc
> 
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org




More information about the NANOG mailing list