[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DNS and renumbering

To: Yakov Rekhter <yakov@cisco.com>
Subject: Re: DNS and renumbering
From: Warner Losh <imp@village.org>
Date: Thu, 17 Aug 1995 16:54:23 -0600
Cc: perry@piermont.com, namedroppers@internic.net

: DNS clients typically determine their name servers from hand generated
: files -- on unix machines, these files are typically found in
: /etc/resolv.conf
: 
: In order for a client machine to survive a renumbering, it will need
: to get this information without the need for a static file. Anyone
: have an envisioned protocol for doing this? An implementation I can
: play with? If the information is coming from a network server, please
: ask yourself how the network server is going to get the information --
: hand configuration isn't practical in many if not most instances.

I seem to recall that PC DNS implementations use a trick to find a
DNS machine.  They just issue a broadcast request, and the first one
to reply is the name server they use.  Maybe some variation on this
theme might be in order.

Or maybe bootp should be expanded to include a request for things like
gateway (although I think RIP can do this), name server, etc.  That
might be a profitable path to follow, but would require defining a new
protocol, and would have security problems if your net was compromised
(an intruder could tell any machine that boots to use his, extra
special machine as the name server, rather than the normal one, if
he's quick enough with his bootp reply).

It seems to me that additional bootp request types could easily be
defined so that these sorts of questions could be asked.  Maybe there
is a need for strong authentication as well, but an initial proof of
concept shouldn't be too hard.  A simple bootp daemon should be fairly
easy to hack together.  A simple program that would send a bootp
request off could them be used to generate the resolv.conf on the fly.

: 4) Statically configured routes
: 
: In IPv6 routers will typically be found with neighbor discovery
: protocols. In IPv4, however, routers are often statically
: configured. Since routes are often configured before a machine has DNS
: available (because DNS servers might not be on the same network) we
: need to do something to eliminate this problem if we want rapid
: renumbering to be functioning in IPv4. By the way -- has anyone
: considered the security implications of spoofed neighbor discovery
: messages, if only from a denial of service perspective?

All of these IP address issues sound like they are all requests for IP
addresses at startup time.  Would it not make sense to have some
mechanism that a machine could querry, using broadcasts to avoid
needing to know specific IP address seems like a profitable theme.

To add security, you could do some sort of public key/private key
transaction to authenticate that the person who is answering you is
authorized to answer for you.

Another sick option:
	Create a special IP address, let's say 80.0.0.1 (could be
anything) that is on a net that is reserved for this purpose.  You
could them assume that you just send packets to that address, and lot
of magic routing will happen, and you'll get your answer.  Other
servers could be provided like this as well.  I'm not sure how hard
the routing magic would be, but it might be worth thinking about.
This is kinda sort like a multi-cast, so maybe that sort of thing
might be useful to think about as well.

Just my two cents.

Warner

P.S. This is my first post, so please let me know if I'm out of line,
or if I should have sent it elsewhere.

Prev by Date: DNS and renumbering
Next by Date: Re: DNS and renumbering
Prev by thread: DNS and renumbering
Next by thread: Re: DNS and renumbering
Index(es):
- Date
- Thread