On 9/3/02, Christian Huitema wrote: >> The relationship is that DNS is acting as an index >> service for IPv6 addresses. In doing so it treats them >> as simple hierarchical addresses, i.e. like fat IPv4 >> addresses. >> >> The question as to whether that is the correct handling >> of IPv6 addresses is a valid one. This thread started >> with exactly such a question being raised, but the >> rationale on how DNS *could* be optimized for IPV6 was >> not spelled out. > >There is no IPv6 service that guarantees that the >identifiers are actually world-wide unique. In fact, there >is ample evidence that they often will not be. Poorly >configured interface cards are known to have phony >IEEE-802 addresses; privacy addresses are random numbers >that are only statistically unique; configured addresses >may use user assigned values. In all these cases, local >collisions can be detected, global collisions cannot be. > By "no IPv6 service" do you mean there is no active protocol and/or entity that will detect a spoofed EUI-64 address? If so, I agree with you. The fact that the interface ID must be EUI-64 compliant is abundantly clear in the RFC, however. Link-local interface IDs MUST be unique for the local network, although the mechanism for ensuring this is not specified. RFC2464 is specific on the handling of emulation MAC addresses: "A different MAC address set manually or by software should not be used to derive the Interface Identifier. If such a MAC address mustbe used, its global uniqueness property should be reflected in the value of the U/L bit." As for local Interface IDs. RFC2373 specifies in Appendix A: "If there is no global interface identifier available for use on the link the implementation needs to create a local scope interface identifier. The only requirement is that it be unique on the link." >There is also no requirement that a given multi-homed >hosts combines the same identifier with different >prefixes. Privacy advocates will no doubt argue that a >multi-homed host should associate different identifiers >with different provider prefixes, so it cannot be tracked >by big-brother. It can also be argued that a given link should have exactly one Interface ID. It is specified as an attribute of the Interface. Although obviously there would be little to prevent someone from spoofing that. The question would be whether it was permissiable to declare the same port on the same NIC to be two different "NICs". In full privacy paranoia mode, "how many ports I really have is none of your business" is a predictable and perhaps defendable response. However, in such a mode, the hostmaster would not have declared these two 'totally seperate' intrfaces to have the same name. Lastly, I am NOT advocating any change. I merely responded to an implication that there was no justification for handling DNS for IPV6 differently than for IPv4. There are differences. It was not a nonsensical question, as it was being treated. However, there is far from enough justification for handling IPv6 differently.