[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ocean: do not boil



>  for instance, DNS-ALG could do the following when asked
>           for AAAA of foo.example.com:
>                 query AAAA for foo.example.com - it's not there
>                 query A for foo.example.com - it should be there (X)
>                 if X is within the site, return empty answer section with
>                         NOERROR (indicate that foo.example.com does not have
>                         AAAA, and invite client to use IPv4)
>                 if X is outside the site, return synthesized AAAA record
>                         for NAT-PT translation.
> 

synthesized AAAA records should be forbidden.  they make apps think they
have a transparent v6 connection when they don't.

Keith