On 29 mrt 2008, at 11:01, marcelo bagnulo wrote:
Do you think it would be possible to impose any form of requirement
for using DNSSec in the v4 host?
Well, for v6->v4 we currently have the synthetic AAAA records. A
translator that doesn't use these is possible in this direction, and
even likely in the v4->v6 direction because we don't have an
existing spec that uses synthetic records for that direction.
I don't understand this
Are you saying that we don't have synthetic A records. What about
section 4.1. of RFC 2766?
I don't think this is a useful scenario. What happens here is that
IPv6 addresses are mapped to IPv4 addresses on a temporary basis,
which makes referral issues (and DNSSEC issues) much harder. It also
requires a large amount of address space if done in a service provider
box that serves many customers. I would rather map individual ports on
a more permanent basis.