[ipv6hackers] Help with business case for RDNSS
19 views
Skip to first unread message
Jim Small
Aug 23, 2012, 10:17:17 PM8/23/12
to IPv6 Hackers Mailing List
Just to follow up on something Marc mentioned in a new thread:
> OS implementations at various stages what they
> support and what not (any OS beside Ubuntu that can get the DNS server
> from something else than DHCP6?) - and the IPv6 stacks are not well
> tested enough (see the number of issues found of IPv6 security issues
> for example, compared to IPv4 security issues in the top-5 OS used).
I would like to advocate for RDNSS. However, when I have asked for it the response was show us a compelling business case. The question was genuine - if I can show a business case there are proponents of RDNSS. The challenge is that most things support stateless DHCPv6 just fine. Configuring stateless DHCPv6 is pretty easy so why do we need RDNSS?
Everything I've thought of - embedded, SOHO, Labs - stateless DHCPv6 works fine. So I'm somewhat stumped - I like the idea of RDNSS because it seems easier to just add an line/option in a config for DNS via RA. However, justifying additional coding for developers requires a better argument.
Can anyone think of some good business/use cases?
--Jim
_______________________________________________
Ipv6hackers mailing list
Ipv6h...@lists.si6networks.com
http://lists.si6networks.com/listinfo/ipv6hackers
> OS implementations at various stages what they
> support and what not (any OS beside Ubuntu that can get the DNS server
> from something else than DHCP6?) - and the IPv6 stacks are not well
> tested enough (see the number of issues found of IPv6 security issues
> for example, compared to IPv4 security issues in the top-5 OS used).
I would like to advocate for RDNSS. However, when I have asked for it the response was show us a compelling business case. The question was genuine - if I can show a business case there are proponents of RDNSS. The challenge is that most things support stateless DHCPv6 just fine. Configuring stateless DHCPv6 is pretty easy so why do we need RDNSS?
Everything I've thought of - embedded, SOHO, Labs - stateless DHCPv6 works fine. So I'm somewhat stumped - I like the idea of RDNSS because it seems easier to just add an line/option in a config for DNS via RA. However, justifying additional coding for developers requires a better argument.
Can anyone think of some good business/use cases?
--Jim
_______________________________________________
Ipv6hackers mailing list
Ipv6h...@lists.si6networks.com
http://lists.si6networks.com/listinfo/ipv6hackers
Owen DeLong
Aug 23, 2012, 11:42:41 PM8/23/12
to IPv6 Hackers Mailing List
On Aug 23, 2012, at 19:17 , Jim Small <jim....@cdw.com> wrote:
> Just to follow up on something Marc mentioned in a new thread:
>> OS implementations at various stages what they
>> support and what not (any OS beside Ubuntu that can get the DNS server
>> from something else than DHCP6?) - and the IPv6 stacks are not well
>> tested enough (see the number of issues found of IPv6 security issues
>> for example, compared to IPv4 security issues in the top-5 OS used).
>
> I would like to advocate for RDNSS. However, when I have asked for it the response was show us a compelling business case. The question was genuine - if I can show a business case there are proponents of RDNSS. The challenge is that most things support stateless DHCPv6 just fine. Configuring stateless DHCPv6 is pretty easy so why do we need RDNSS?
>
> Everything I've thought of - embedded, SOHO, Labs - stateless DHCPv6 works fine. So I'm somewhat stumped - I like the idea of RDNSS because it seems easier to just add an line/option in a config for DNS via RA. However, justifying additional coding for developers requires a better argument.
>
> Can anyone think of some good business/use cases?
Owen
Jim Small
Aug 23, 2012, 11:49:56 PM8/23/12
to IPv6 Hackers Mailing List
> > Just to follow up on something Marc mentioned in a new thread:
> >> OS implementations at various stages what they
> >> support and what not (any OS beside Ubuntu that can get the DNS server
> >> from something else than DHCP6?) - and the IPv6 stacks are not well
> >> tested enough (see the number of issues found of IPv6 security issues
> >> for example, compared to IPv4 security issues in the top-5 OS used).
> >
> > I would like to advocate for RDNSS. However, when I have asked for it the
> response was show us a compelling business case. The question was
> genuine - if I can show a business case there are proponents of RDNSS. The
> challenge is that most things support stateless DHCPv6 just fine. Configuring
> stateless DHCPv6 is pretty easy so why do we need RDNSS?
> >
> > Everything I've thought of - embedded, SOHO, Labs - stateless DHCPv6
> works fine. So I'm somewhat stumped - I like the idea of RDNSS because it
> seems easier to just add an line/option in a config for DNS via RA. However,
> justifying additional coding for developers requires a better argument.
> >
> > Can anyone think of some good business/use cases?
>
> Some people don't want the overhead of running a DHCP server. Not all
> routers support DHCPv6 servers and even the ones that do, there are
> reasons not to want to tie up your router doing DHCP just for DNS servers to
> be issued.
My understanding is that with things like this:
> >> OS implementations at various stages what they
> >> support and what not (any OS beside Ubuntu that can get the DNS server
> >> from something else than DHCP6?) - and the IPv6 stacks are not well
> >> tested enough (see the number of issues found of IPv6 security issues
> >> for example, compared to IPv4 security issues in the top-5 OS used).
> >
> > I would like to advocate for RDNSS. However, when I have asked for it the
> response was show us a compelling business case. The question was
> genuine - if I can show a business case there are proponents of RDNSS. The
> challenge is that most things support stateless DHCPv6 just fine. Configuring
> stateless DHCPv6 is pretty easy so why do we need RDNSS?
> >
> > Everything I've thought of - embedded, SOHO, Labs - stateless DHCPv6
> works fine. So I'm somewhat stumped - I like the idea of RDNSS because it
> seems easier to just add an line/option in a config for DNS via RA. However,
> justifying additional coding for developers requires a better argument.
> >
> > Can anyone think of some good business/use cases?
>
> Some people don't want the overhead of running a DHCP server. Not all
> routers support DHCPv6 servers and even the ones that do, there are
> reasons not to want to tie up your router doing DHCP just for DNS servers to
> be issued.
http://en.wikipedia.org/wiki/Raspberry_Pi
And the fact that DHCPv6 is ported to Linux, that DHCPv6 support is pretty much cheap and trivial. While I agree with you in spirit - I would very much like RDNSS for SOHO and Lab like environments, I don't see how to make a compelling business case given the above. What am I missing?
--Jim
Owen DeLong
Aug 23, 2012, 11:54:00 PM8/23/12
to IPv6 Hackers Mailing List
I don't want to have to run a DHCPv6 server on my network. Not on my router. Not on my Raspberry, Not on my apple, Not on my Linux box, nowhere.
I don't want to deal with DHCPv6 on this particular network.
It's not intimidation.
It's not fear.
It's not that I don't know how to configure DHCPv6, I've done it a few times.
However, I don't need it and I don't see why I should have to deploy all that extra overhead just to get DNS servers handed out to some clients. The router can do that in RA perfectly well.
What I haven't experimented with is whether RDNSS will work if I put it out from a lower-priority router. If that works, I can work around lack of support in the router by having the linux box to the RDNSS RAs at priority LOW. The real routers are all priority HIGH and if they all croak, blackholing traffic to the linux box isn't the worst outcome.
Owen
Julius Kriukas
Aug 24, 2012, 2:10:31 AM8/24/12
to IPv6 Hackers Mailing List
On Fri, Aug 24, 2012 at 6:54 AM, Owen DeLong <ow...@he.net> wrote:
> What I haven't experimented with is whether RDNSS will work if I put it out from a lower-priority router. If that works, I can work around lack of support in the router by having the linux box to the RDNSS RAs at priority LOW. The real routers are all priority HIGH and if they all croak, blackholing traffic to the linux box isn't the worst outcome.
If you want to provide some RA options without being default gateway
> What I haven't experimented with is whether RDNSS will work if I put it out from a lower-priority router. If that works, I can work around lack of support in the router by having the linux box to the RDNSS RAs at priority LOW. The real routers are all priority HIGH and if they all croak, blackholing traffic to the linux box isn't the worst outcome.
you can set Router Lifetime field to 0.
http://tools.ietf.org/html/rfc4861#section-6.2.3
"A router might want to send Router Advertisements without advertising
itself as a default router. For instance, a router might advertise
prefixes for stateless address autoconfiguration while not wishing to
forward packets. Such a router sets the Router Lifetime field in
outgoing advertisements to zero."
It works with rdnssd tool http://rdnssd.linkfanel.net/
Gert Doering
Aug 24, 2012, 2:39:35 AM8/24/12
to IPv6 Hackers Mailing List
Hi,
On Thu, Aug 23, 2012 at 08:42:41PM -0700, Owen DeLong wrote:
> Some people don't want the overhead of running a DHCP server. Not
> all routers support DHCPv6 servers and even the ones that do, there
> are reasons not to want to tie up your router doing DHCP just for
> DNS servers to be issued.
While I'm actually a fan of RDNSS, the argument "tie up your router doing
DHCP" is not the strongest I've seen - stateless(!) DHCPv6 is pretty
lightweight, needs no storage on the router, and fairly little CPU.
The overhead is a bit higher than for RDNSS, as you actually need to
send one extra packet per machine every few hours - but unless you have
a *really* huge number of hosts in your LAN, that's not really such
a high number of packets, compared to a 50 Mbit/s VDSL LAN link, no?
My main argument for RDNSS is "RAs are there anyway, so you do not need
dual protocol implementations, and debug two different things if it's
not working" (operational simplicity). The counter argument is, of course,
that not all networks and not all clients have RDNSS, so you need to have
both anyway :-/
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
On Thu, Aug 23, 2012 at 08:42:41PM -0700, Owen DeLong wrote:
> Some people don't want the overhead of running a DHCP server. Not
> all routers support DHCPv6 servers and even the ones that do, there
> are reasons not to want to tie up your router doing DHCP just for
> DNS servers to be issued.
DHCP" is not the strongest I've seen - stateless(!) DHCPv6 is pretty
lightweight, needs no storage on the router, and fairly little CPU.
The overhead is a bit higher than for RDNSS, as you actually need to
send one extra packet per machine every few hours - but unless you have
a *really* huge number of hosts in your LAN, that's not really such
a high number of packets, compared to a 50 Mbit/s VDSL LAN link, no?
My main argument for RDNSS is "RAs are there anyway, so you do not need
dual protocol implementations, and debug two different things if it's
not working" (operational simplicity). The counter argument is, of course,
that not all networks and not all clients have RDNSS, so you need to have
both anyway :-/
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
Reply all
Reply to author
Forward
0 new messages