[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: on NAT-PT

To: Alain Durand <Alain.Durand@Sun.COM>
Subject: Re: on NAT-PT
From: itojun@iijlab.net
Date: Sat, 04 Jan 2003 10:18:08 +0900
Cc: v6ops@ops.ietf.org
In-reply-to: Alain.Durand's message of Fri, 03 Jan 2003 13:32:52 PST. <3E160184.2060808@sun.com>

>>you have been ignoring my comment (i made this comment months ago)
>>to use "AD is secure" for the response from DNS-ALG.
>>
>Let met get back to this now.
>
>The fundamental issue is that nodes do not know
>about the potential presence of a DNS ALG,
>so they can not decide if it is OK to do recursive
>queries themselves or if they have to use "AD is secure"
>and send DNS queries to a trusted recursive resolver.

	i guess you are talking about something different.

	if the site administration policy is to use a recursive resolver
	and "AD is secure", this does not matter whether the recursive
	resolver is DNS-ALG or not.  the whole point of "AD is secure" is to
	offload the implementation complexity of DNSSEC from the end clients
	and put it into recursive resolver.

itojun

Follow-Ups:
- Re: on NAT-PT
  - From: Alain Durand <Alain.Durand@sun.com>

Prev by Date: Re: Request to Publish ISATAP
Next by Date: Re: on NAT-PT
Previous by thread: RE: on NAT-PT
Next by thread: Re: on NAT-PT
Index(es):
- Date
- Thread