RV: [dns-wg] DNS migration draft

Hello Alvaro

First of all, Thanks a lot for your feedback!. I really appreciate it.

On 17/9/04 09:45, "Alvaro Vives" <alvaro.vives at consulintel.es> wrote:

> 1) In case of having IPv4 and IPv6 addresses for the DNS server of example.org
> domain, changing addresses in different moments could lead to reduce the
> blackout, at least for the dualstack user resolvers. For example:
> 
>  example.org.  NS  A    10.1.2.3
>                NS  AAAA 2001:800:40:2a2f::1

IPv6 is one of the main items of my "to do" list for the meeting (not being
a big expert in IPv6). I will include your proposal in the presentation to
be discused/agreed (it seems fine to me)

>  2) Your solution is based on replicating equipment (having two servers), but,
> could this be avoided using two addresses in the same interface? Or for
> example installing two network cards to the server, one for each address?

I though about it, but it can lead to interesting problems. (thinking
aloud):
- The same equipment with to IP address/interfaces. Everything will follow
the default route regardless of the source IP routing and A) packets wont
follow best route B) could be filtered by anti spoofing filters.
- Using source routing is a possible solution, but not al servers OS have
source routing and using it is tricky at best.
- Other solution is using source NAT in one connection. I.e. All packets
received through the non default connection, to be NATed so the server seems
them as coming from the NAT machine and so the reply goes to the NAT
machine. Its ok if your software works ok with NAT (if you don't use
statistics source IP autentication, etc.) perhaps we could add it as a
option.

>  3) It is a common practice to have servers in different ASs , this way being
> prepared for network looses of conectivity. This could be used as a backup
> solution, previous the address changes. For example, you have your master DNS
> server in you network with your future ex-ISP. You also have one or more
> secondaries in other networks with addresses from other ISP(S). Before
> changing the addreses of you master DNS server, you can change the
> configuration in order to make one of the secondaries being the new master.
> Then, after the changes of addresses, change the whole configuration (NIC,
> etc.) with the new address. This involves a lot of administrative work, but
> seems to me as a possible solution.
>  This idea is based in our experience, as we have control over DNS servers in
> different ASs. Looks like your section 9.1, but with no help of third-party
> DNS server(s).

-PROs: avoid installing a temporary machine
-CONs: Two changes in the NIC in place of one.
I prefer one change in the NIC (I am really, really afraid of some NICs
working methods) and use your solution if no duplicate server is possible.
We can discuss it, of course.

Thanks a lot y Saludos.

Fernando
> 
> Best regards,
> Alvaro Vives
> Consulintel
> 
> 
> **********************************
> Madrid 2003 Global IPv6 Summit
> Presentations and videos on line at:
> http://www.ipv6-es.com
> 
> This electronic message contains information which may be privileged or
> confidential. The information is intended to be for the use of the
> individual(s) named above. If you are not the intended recipient be aware that
> any disclosure, copying, distribution or use of the contents of this
> information, including attached files, is prohibited.
> 
> 
> 
> 

-- 
----------------------------------------------------------------------------
--
Fernando Garcia - fgarcia at eurocomercial.es
Eurocomercial Informática y Comunicaciones
91 435 96 87
----------------------------------------------------------------------------
--