[6bone] Request: two 6bone pTLAs
paul at clubi.ie
Fri May 14 16:19:28 PDT 2004
On Thu, 13 May 2004, Iljitsch van Beijnum wrote:
> Paul wrote:
> > > I disagree that it requires two pTLAs. My feeling is that there
> > > should absolutely _NOT_ be any public DNS recursive service offered
> > > at the WKA because of the security implications of a widely used
> > > public recursive DNS service.
> Are you afraid people are going to run malicious DNS resolvers?
> That's an interesting problem. However, note that any ISP already
> gets to do this and much worse.
No, a public recursive DNS service would be very susceptible to DNS
poison attacks, both the easy attack by handing out deliberately
poisoned additional info on unrelated queries (though BIND no longer
accepts unrelated additional info, so not a huge problem, AFAIK), and
the other problem whereby if this public recursive DNS service were
tricked, if only just for an instant, to query an evil DNS server it
would presumably cache the result and hand it out to clients for a
I'm not a DNS expert, I strongly suggest you seek advice on the risks
of public recursive service from someone who is. (esp as you seek to
investigate making such service global infrastructure).
> So what exactly would be the purpose of having them? What I want is
> to be able to open up my laptop, have it autoconfigure an IPv6
> address and just use the IPv6 internet without having to think
> about it. This is only going to work if the WKAs are reachable
They still can be. Each ISP, or other organisation controlling a
network, can route the WKA to an appropriate DNS server. Exact same
as with 6to4, the address is global, but site dependent.
> An alternative to globally reachable WKAs would be site-local WKAs.
Site local's are deprecated arent they?
Paul Jakma paul at clubi.ie paul at jakma.org Key ID: 64A2FF6A
warning: do not ever send email to spam at dishone.st
In Tennessee, it is illegal to shoot any game other than whales from a
More information about the 6bone