Hosting Provided By

[Hipsec] Re: Comment: draft-moskowitz-hip-06.txt

From: Pekka Nikander <pekka.nikander(at)nomadiclab.com>
Date: Thu Mar 20 2003 - 09:56:08 EST

Jan Mikael Melen wrote:
> 3.1.2 Storing HIT in DNS
>
> [ snip... ]
>
> During a transition period, the HIT MAY be stored in an AAAA RR. If a
> HIT is stored in an AAAA RR, it MUST be returned as the last item in
> the set of AAAA RRs returned.
> ----
>
> This may cause some problems in legacy systems that are not HIP enabled. E.g.
> isc bind implementation returns the resolved AAAA RR data in cyclic order in
> order to make primitive load balancing. Now if we have a HIT configured in
> AAAA record the HIT will be placed randomly in the set of returned RRs.

Right. The HIT must be returned as the last element just because that allows legacy systems to work better. They will first try the real IP addresses, and the HIT only as a last resort. This may cause problems, and therefore this is specified only as a MAY and as a transition mechanism.

The fact that it is hard to configure ISC bind to support this is no reason to specify this otherwise. Patching bind to support this is probably not that hard...

--Pekka Nikander

Hipsec mailing list
Hipsec@lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/hipsec Received on Thu Mar 20 10:18:43 2003

This message: [ Message body ]
Next message: Tim Shepard: "[Hipsec] Friday morning unofficial HIP BOF?"
Previous message: 06-12-02(at)emailfactory.net: "[Hipsec] Unsubscribed from mailing lists"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 12:59:58 EDT