[AusNOG] Telstra IPv6 Wireless Enablement - IPv6 Single Stack
Pete Mundy
pete at fiberphone.co.nz
Fri Feb 7 06:52:54 EST 2020
Bugger! And what to do then when the user looses control over what they're using... Ie the shift of DNS out of the local-admin's (and even OS') control and directly into the apps, via DoH and QUIC ([1]).
What a dog's breakfast :(
Pete
[1] https://youtu.be/4xGxotBk8AM?t=8727
> On 6/02/2020, at 6:28 PM, Mark Andrews <marka at isc.org> wrote:
>
> Telstra need to be at least intercepting queries for ipv4only.arpa/AAAA to allow CLATs to discover the NAT64 prefix.
>
> Note that doesn’t work if you are using DoH, DoT, TSIG or any other cryptographic mechanism to protect your DNS queries. It also doesn’t work if you are using DNSSEC to verify the answers as IANA decided to sign ipv4only.arpa.
>
>> On 6 Feb 2020, at 16:03, Peter Tonoli <peter+ausnog at metaverse.org> wrote:
>> Is there a higher chance of brokenness when users choose to use other DNS services (i.e. Cloudflare / DoH), apart from Telstra, due to the lack of WKP in the response from those providers?
>>
>> On 6/2/20 3:27 pm, Russell Langton wrote:
>>> - If Alice is connecting to a website with only a A DNS record, our DNS will spoof the website address with a Well Known Prefix (WKP) so it routes to the NAT64 gateway
More information about the AusNOG
mailing list