Hi, Jari,
See comments inline:
On Jun 26, 2010, at 4:11 AM, Jari Arkko wrote:
Thanks for your review, Ben!
-- 5.3.1, last paragraph: "In the case where the DNS options of RDNSS and
DNSSL can be obtained
from multiple sources, such as RA and DHCP, the IPv6 host can keep
some DNS options from RA and some from DHCP; for example, two RDNSS
addresses (or DNS search domain names) from RA and one RDNSS address
(or DNS search domain name) from DHCP."
This seems underspecified. For example, can it choose the last value from
each? How is the host to guess which to keep? How can an administrator get
predictable behavior? Mixing some from one source and another from the
second seems, on the surface, like the worst possible behavior. Since using
RA for this was described as an alternative for when DHCPv6 was not
available, wouldn't it make more sense for dhcp to win?
Furthermore, this makes me wonder if the concept here needs more thought.
Under what circumstance would you be both doing stateless autoconfig and
getting DHCPv6 for the _same_ interface?
Let me speak with my "I deployed both mechanisms in my network" hat on :-)
Sometimes you have to enable all possible mechanisms on the network side to
make sure that your Windows/Apple/Linux/BSD computers and various appliances
have a maximum chance of operating correctly.
But lets talk about the issue of underspecification. I think some of that is
intentional, because I don't think we should specify a hard limit on the
number of servers specified or the number of sources the information can come
from.
However, I think I agree with you that it would be good to provide some
predictability and make the language also tighter in other ways. And I don't
think we can rule the DHCP side of this out of scope, because the DHCP RFC
did not specify the interaction. How about this:
OLD: (From Paul's new version)
In the case where the DNS options of RDNSS and DNSSL can be obtained
from multiple sources, such as RA and DHCP, the IPv6 host can keep
some DNS options from RA; the sufficient number of RDNSS addresses or
DNS search domain names is determined as a reasonable number (e.g.,
three) by the local policy. On the other hand, for DHCP DNS options,
the DHCP configuration determines the number of DNS options
advertised to IPv6 hosts, so the sufficient number is out of scope in
this document. With these sufficient numbers of RDNSS addresses and
DNS search domain names, the DNS options from RA and DHCP are stored
into DNS Repository and Resolver Repository in the order that the
latest received RDNSS or DNSSL is most preferably used for DNS
queries.
NEW:
In the case where the DNS options of RDNSS and DNSSL can be obtained
from multiple sources, such as RA and DHCP, the IPv6 host SHOULD keep
some DNS options from all sources. Unless explicitly specified for the
discovery mechanism, the exact number of addresses and domain names to
keep is a matter of local policy and implementation choice. However,
it is RECOMMENDED that at least three sets of addresses and domain names
can be stored from at least two different sources. The DNS options from Router
Advertisements and DHCP SHOULD be stored into DNS Repository and Resolver
Repository so that information from DHCP appears there first and therefore
takes precedence.
That last SHOULD helps a lot, as it does seem to give more predicability.
But I'm still having trouble with how this fits together. We are talking about
the configuration for a particular interface on the host, right? I admit to not
being an expert in DHCPv6, but: If the host wants (or is told) to use DHCP to
get the DNS configuration, it made an explicit decision to send a DHCP request,
right? That is, it's not getting this sort of thing from the DHCP server
unsolicited? If it requests the info from DHCP, and gets it, why would it even
pay attention to the DNS info from an RA?
The part I still find under specificed is whether or not there are further
management considerations for mixing and matching between DHCP and RAs. For
example, is there a need to coordinate what is sent in DHCP and in RAs so that
they don't conflict. As an extreme example, is there any expectation that a DNS
server assigned via DCHP and another assigned in an RA would return the same
response for a given DNS query?
I will yield to your expertise if this is just a matter of me not understanding
how DHCPv6 works. Or if such questions are simply out of scope, it might make
sense to mention that. Same if they are discussed in some other draft or RFC.
Thanks!
Ben.
Jari
_______________________________________________
Gen-art mailing list
Gen-art(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/gen-art
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf