[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: I-D Action:draft-endo-v6ops-dnsproxy-00.txt

To: <brian.e.carpenter@gmail.com>, <v6ops@ops.ietf.org>
Subject: RE: I-D Action:draft-endo-v6ops-dnsproxy-00.txt
From: <Masahito.Endou@jp.yokogawa.com>
Date: Thu, 14 Aug 2008 19:40:06 +0900
Accept-language: ja-JP
Acceptlanguage: ja-JP
Cc: <behave@ietf.org>
In-reply-to: <48A3698E.1000209@gmail.com>

Hi, Brian

Thanks for your comments.

> -----Original Message-----
> From: Brian E Carpenter [mailto:brian.e.carpenter@gmail.com]
> Sent: Thursday, August 14, 2008 8:09 AM
> To: IPv6 Operations
> Subject: Re: I-D Action:draft-endo-v6ops-dnsproxy-00.txt
>
> Hi,
>
> I have a couple of comments on this, and a question.
>
> > 3.2.  IPv4 Address Pool
> >
> >    IPv4 Address Pool stores IPv4 addresses that are assigned to each
> >    translator.  DNS Proxy selects an IPv4 address from it,
> and DNS Proxy
> >    maps an IPv6 address to selected IPv4 address.
> >
> >    The entry of this pool MUST have following information.
> >
> >
> >          IPv4 Address:
> >            This IPv4 address is used to map to an IPv6 address.
> >
> >          Address Status:
> >            This information indicates a status of this IPv4 address.
> >            The status has two condition "Un-Mapped" and
> "Mapped".  If
> >            Un-mapped status, DNS Proxy can select this entry to map.
> >            Otherwise DNS Proxy cannot do it.
> >
> >            Un-mapped:
> >              This IPv4 address is not mapped.
> >            Mapped:
> >              This IPv4 address is already mapped.
>
> If I understand this correctly, it means that the proposal
> only allows exactly one IPv6 address to be mapped to one IPv4 address.
> Since any deployment scenario I can imagine will have a
> shortage of IPv4 addresses, it seems to me essential to
> support IPv4 address sharing and port mapping.

This IPv4 address pool is only used by translating from IPv4 to IPv6.
DNS proxy can only know IPv4 destination address that a client will communicate to.
In this case, to support IPv4 address sharing, DNS proxy must know a destination port number.
It requires relationship with DNS proxy and clients. I think that it is not reasonable.

In specific area like company or campus networks, this proposal will be effective,
because DNS proxy use IPv4 private addresses.

> > 7.  Security Considerations
> >
> >    TBD
>
> You don't discuss DNSSEC, which is an essential issue for the
> future. I don't think we can propose a solution without
> DNSSEC support.

I agreed with you.
I should consider about DNSSEC.

> My question is, why not combine this draft with the DNS64
> model in draft-bagnulo-behave-nat64?

Sorry, I didn't read this proposal yet.
I will check soon.

// masaxmasa

>
>     Brian
>

References:
- Re: I-D Action:draft-endo-v6ops-dnsproxy-00.txt
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>

Prev by Date: Re: I-D Action:draft-endo-v6ops-dnsproxy-00.txt
Next by Date: Evolution of the IP model - ICMP and MTUs
Previous by thread: Re: I-D Action:draft-endo-v6ops-dnsproxy-00.txt
Next by thread: Evolution of the IP model - ICMP and MTUs
Index(es):
- Date
- Thread