On 25/03/2024 10:06, Thomas Schäfer wrote:
I can't present, but I would suggest the topic:
Lessons learned/ Lessons not learned - the mess with mapped IPv4 addresses -
or just Layer 8 problems:
Lessons learned:
https://www.githubstatus.com/incidents/5y8b8lsqbbyq
Lessons not learned:
united by Postbank/Deutsche Bank, new relic, ns1, ibm, fastly and others
https://forum.newrelic.com/s/hubtopic/aAX8W0000015BUvWAM/bamnrdatanet-resolves-with-wrong-aaaarecords
Hey Thomas,
I think this is a great topic and somebody should definitely cover it. I
remember setting up a couple of test sites to prove wrong the claim: "We
use IPv4-mapped AAAA records in order to save money on our authoritative
DNS provider who charges us per query."
https://ipv4-mapped.0skar.cz/ - this has only IPv4-mapped AAAA record -
should be unreachable
https://ipv4-mapped-pref.0skar.cz/ - this is "Postbank-style" dual stack
with A and IPv4-mapped AAAA record - everybody should reach the A record
website
However, my macOS 14.4 on IPv6-only network happily connect to both test
sites from all browsers and even prefers IPv4-mapped AAAA over A
records. So the aforementioned claim may not be completely wrong (though
it is still stupid).
Any volunteer willing to try common OS behaviour while counting the
number of DNS queries? :)
--
Best regards,
Ondřej Caletka
RIPE NCC
--
To unsubscribe from this mailing list, get a password reminder, or change your
subscription options, please visit:
https://lists.ripe.net/mailman/listinfo/ipv6-wg
