[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipng
Subject:    (IPng 3118) Re: 2 faced DNS is here to stay
From:       Robert Elz <kre () munnari ! OZ ! AU>
Date:       1997-02-28 23:28:07
[Download RAW message or body]

And to give another example I hadn't thought of the other day.
If I have my laptop configured to use my standard (home) DNS
server, and I want to continue using that (either so I can continue
to find addresses for some "hidden to the rest of the world"
hosts, or because I trust it, and not others, or whatever), and
I come and visit you, and plug my laptop into the same ethernet
as you are connected to - then I want to make a connection to
your host.

I go to my DNS, which (however this new two faced DNS is going to
do this) sees my request comes from a global address (since I'm
not at the DNS's local site), does the lookup for me - either from
its secondary of your zone, or from its cache, or by going and
asking your server, gets back your host's address, which will be
the global address, according to the current draft, as the request
certainly didn't come from inside the site.

Then I have to establish a connection, to this global address,
which is on the same cable.  But I don't know that, as I have no
idea (according to the draft) what RG belongs to the local site,
or cable, so I have to send my packet off via the default route
(or whatever) to the site border router, which does know that
the RG belongs internally, translates the dest RG into site local,
and sends the packets back again.

Now, at the very least we have packets between two hosts on the
same ethernet transitting the whole campus to the site border
router and back again.   That's silly.   There can't even be a
redirect, as the site border router isn't on the same cable (I
assert).

There could be other problems if we investigate this kind of
oddity in detail.

Note that all this is solved by simply allowing the RG to flow
throughout the site, so all nodes know all there is to know.
Then rational decisions can be made, two faced DNS's aren't
required (but nor are they prohibited), and lots of things become
much easier - at the cost of the host having to keep track of
perhaps a dozen or two RG's that might be applying at any one
time (even if it stretched to hundreds, it would still be
manageable, and by the time IPv6 is deployed, we'll probably not
be phased by tens of thousands, not that I can see any possible
need for so many to co-exist).

Then the DNS can return to me all the addresses your host owns,
even link-local.   I can determine from the global addresses
returned that I must be on the same cable as you are, and so pick
the link local address if I prefer.   Further, my resolver could
do all that - applications need not necessarily be bothered.

kre
------------------------------------------------------------------------------
IETF IPng Mailing List		      FTP archive: ftp.parc.xerox.com/pub/ipng
IPng Home Page:          	      http://playground.sun.com/ipng
Direct all administrative requests to majordomo@sunroof.eng.sun.com

[prev in list] [next in list] [prev in thread] [next in thread]