[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ocean: do not boil
> for instance, DNS-ALG could do the following when asked
> for AAAA of foo.example.com:
> query AAAA for foo.example.com - it's not there
> query A for foo.example.com - it should be there (X)
> if X is within the site, return empty answer section with
> NOERROR (indicate that foo.example.com does not have
> AAAA, and invite client to use IPv4)
> if X is outside the site, return synthesized AAAA record
> for NAT-PT translation.
>
synthesized AAAA records should be forbidden. they make apps think they
have a transparent v6 connection when they don't.
Keith