FYI, in the v6ops working group right now in Meeting 1 on the 7th floor, there is a draft that will be discussed (after two other drafts are discussed) that is:
IPv6-Ready DNS/DNSSSEC Infrastructure https://tools.ietf.org/html/draft-bp-v6ops-ipv6-ready-dns-dnssec-00 <https://tools.ietf.org/html/draft-bp-v6ops-ipv6-ready-dns-dnssec-00> Abstract: This document defines the timing for implementing a worldwide IPv6-Ready DNS and DNSSEC infrastructure, in order to facilitate the global IPv6-only deployment. A key issue for this, is the need for a global support of DNSSEC and DNS64, which in some scenarios do not work well together. This document states that any DNSSEC signed resources records should include a native IPv6 resource record as the most complete and expedient path to solve any deployment conflict with DNS64 and DNSSEC. Slides: https://datatracker.ietf.org/meeting/103/materials/slides-103-v6ops-ipv6-ready-dnsdnssec-infrastructure-00 <https://datatracker.ietf.org/meeting/103/materials/slides-103-v6ops-ipv6-ready-dnsdnssec-infrastructure-00> The key point is the conflict between DNS64 and DNSSEC, as described in the draft here: DNS64 ([RFC6147]) is a widely deployed technology allowing hundreds of millions of IPv6-only hosts/networks to reach IPv4-only resources. DNSSEC is a technology used to validate the authenticity of information in the DNS, however, as DNS64 ([RFC6147]) modifies DNS answers and DNSSEC is designed to detect such modifications, DNS64 ([RFC6147]) can break DNSSEC in some circumstances. I'm passing it along in case others were, like me, not paying attention to this draft. Dan -- Dan York Director, Content & Web Strategy, Internet Society y...@isoc.org <mailto:y...@isoc.org> +1-802-735-1624 Jabber: y...@jabber.isoc.org <mailto:y...@jabber.isoc.org> Skype: danyork http://twitter.com/danyork <http://twitter.com/danyork> http://www.internetsociety.org/ <http://www.internetsociety.org/>
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
