To:
dnsop@cafax.se
From:
Rob Austein <sra+dnsop@hactrn.net>
Date:
Fri, 08 Aug 2003 15:36:56 -0400
Sender:
owner-dnsop@cafax.se
User-Agent:
Wanderlust/2.10.0 (Venus) Emacs/20.7 Mule/4.0 (HANANOEN)
Subject:
scope
Messieurs Ohta and Vixie got me thinking about scoping and fault isolation in the approaches we've been discussing. No, this is not about IPv6 site-local and I will thank y'all not to bring that up :). Ohta-san is correct that every single one of the approaches we've discussed has some kind of scoping constraint which, ultimately, is decided by some human action or inaction. Router configuration of routes to well-known addresses, router configuration of RA, router configuration of multicast, DHCP relay configuration, doesn't matter. All of these mechanisms have some kind of scoping control with a default that may need to be changed by a human. One place where these approaches differ in interesting ways, however, is in the default behavior. This is particularly interesting when trying to understand the failure modes of each of these approaches if they're implemented or administered badly. - RA/ND-based: if RA/ND isn't configured, discovery doesn't happen. - Multicast-query based (DHCP, DHCP-lite, LLMNR-like, whatever): if router multicast (or DHCP relay) isn't configured, may work anyway on the local link, but otherwise discovery doesn't happen. - Well-known address based: discovery propagates upstream following the default route until it finds something or hits the edge of the default free routing zone. Discovery does not work if neither well-known address nor default route is configured. Assuming that one buys this analysis, this says that the well-known address approach is significantly different, in ways that are both good and bad. Good, because it means that dumb edge networks may just inherit the necessary data from the larger networks to which they're attached (although one might have security issues, eg, trust boundaries for use of the AD bit). Bad, because this has the potential to turn into a bug amplifier. Think, for example, about a hypothetical firewall product that blocks inbound recursive responses: this doesn't hurt the outside world so long as the well-known address points to something inside the firewall, but what happens if the well-known address route gets hosed? Oops. One hopes that no ISP would ever be silly enough to advertise or accept routes for these well-known addresess in the default free zone. Bottom line is that thinking about fault isolation gives me another reason for discomfort with the well-known address approach. YMMV. #---------------------------------------------------------------------- # To unsubscribe, send a message to <dnsop-request@cafax.se>.