Bjørn Mork <[email protected]> writes: > Teddy Hogeborn <[email protected]> writes: > > > The host security-cdn.debian.org, used by some packages on > > security.debian.org¹, despite having an IPv6 address in the DNS, can > > not actually be reached from an IPv6-only host, due to issues with > > DNS hosting by Fastly, the CDN provider. I raised this problem with > > Fastly, first on IRC and then in their issue tracker, but their > > response is, as you can see, "IPv4 is required and we have no plans > > to change this.". > > security-cdn.debian.org is reachable from an IPv6 only host as long as > that host has access to a dual stacked resolver. All real world hosts > will have access to such a resolver. IPv6 only resolvers are not > useful on the current Internet, and will only exist as lab > experiments. > > Sure, it would be nice if all DNS zones where hosted on both IPv6 and > IPv4 name servers. But this is not critical for IPv6 deployment, and > IMHO never will be. Keeping dual stacked DNS caching resolvers around > for as long as the transition will last, is not a problem.
DNSSEC does not have any security between the resolver and client; the only reasonable response is to run the resolver locally. On an IPv6-only host, this will result in an IPv6-only resolver. /Teddy Hogeborn
signature.asc
Description: PGP signature
