In message <CAH1iCirFZtCWVkMqFp8Fb=wjlzmbnb2k5pfxkbrnutgvr7c...@mail.gmail.com> , Brian Dickson writes: > > On Wed, Dec 14, 2016 at 6:37 PM, Ted Lemon <mel...@fugue.com> wrote: > > > Brian, there's no need for the complexity you are describing. The > > unsecured delegation of .homenet would just point to AS112. Any trust > > anchor bootstrapping would not involve the root at all. > > > > Is the intent just to have a global NXDOMAIN, provided with no DNSSEC? > > That works at preventing homenet from working unless every resolver inside > the home network is homenet-aware. > (And yes, I realize as currently specified in RFC 7778, that is a > requirement.) > > However, I don't believe that is only (or optimal) path for the homenet. > > Their stated goal is that they want everything to work, plug-and-play. > > What I'm proposing will (I believe) actually produce a working network as > long as a single resolver is homenet-aware. > It automatically gets non-homenet-aware resolvers to point at homenet-aware > resolvers (ie homenet routers), as long as the default address for homenet > routers' DNS service, is the same as the value assigned in the AS112-like > delegation. > > I.e. it turns a broken hybrid of "today" networks plus a "homenet", into a > fully functional homenet with a minimum of > deployments/upgrades/replacements. It also minimizes the "broken Christmas > light" aka "missing terminator" class of problem, if any host is running > its own recursive resolver (which would then fail to properly integrate > into the homenet.) > > (Also, I think having things with built-in firmware-based crappy resolvers > actually work without any patching, would be nice.) > > I agree that an unsigned delegation is sufficient for non-hybrid > homenet-aware gear to provide hosts a correct homenet experience. > > Brian
So you want the nameservers configured to serve HOMENET to advertise a well known prefixes (IPv4 and IPv6) into the IGP and as a result packet routing will direct HOMENET queries to those servers. That the publically delegated to servers also use those addresses. I suppose this helps the case of a host using interative resolution to find the on net homenet servers. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
