To:
Nathan Jones <njones@connect.com.au>
Cc:
Jun-ichiro itojun Hagino <itojun@iijlab.net>, Robert Elz <kre@munnari.OZ.AU>, ngtrans@sunroof.eng.sun.com, namedroppers@ops.ietf.org, ipng@sunroof.eng.sun.com, dnsop@cafax.se
From:
Johan Ihren <johani@autonomica.se>
Date:
16 Aug 2001 15:34:22 +0200
In-Reply-To:
Nathan Jones's message of "Wed, 15 Aug 2001 22:54:28 +1000"
Sender:
owner-dnsop@cafax.se
User-Agent:
Gnus/5.070095 (Pterodactyl Gnus v0.95) Emacs/20.3
Subject:
Re: (ngtrans) Joint DNSEXT & NGTRANS summary
Nathan Jones <njones@connect.com.au> writes:
> itojun wrote:
> > you should care about this. there's no guarantee that AAAA synthesis
> > happen between end client and master/slave nameservers. AAAA will
> > leak from leaf to the core.
>
> David Terrell's suggestion that AAAA synth be performed by
> nameservers which are authoritative for zones with A6 data seems
> worth considering here.
I think that is a very dangerous idea that we shouldn't use anywhere
in an argument to ease a possible transistion to A6 + AAAA synthesis.
Many authoritative servers run in non-recursive mode for security
reasons, which is sound practice.
Doing synthesis in the authoritative end would
a) expose the servers doing it to possible cache pollution
b) remove incentive from leaf sites to enable synthesis in the local
full-service resolver thereby prolonging and increasing the leakage
of AAAA queries into the core ("hey, it already works, why should
we upgrade").
Both are bad.
If AAAA synthesis turns out to be the correct answer then it should be
done in the right place.
Johan