Dear All,
Your reactions should be posted to dnsop mailing list since the
the quoted discussion took place there....
Janos Mohacsi
Head of HBONE+ project
Network Engineer, Deputy Director of Network Planning and Projects
NIIF/HUNGARNET, HUNGARY
Key 70EF9882: DEC2 C685 1ED4 C95A 145F 4300 6F64 7B00 70EF 9882
On Wed, 31 Mar 2010, Rémi Després wrote:
Hi Ed,
Thanks for this info, very useful to those who were at v6ops during the 6man
meeting.
Reactions below to some quoted sentences.
1.
"Yahoo's worry is that some operating systems issue quad-A records by default, even
if the user has broken IPv6 connectivity and needs single A records to access IPv4-based
content."
"Work with OS/app vendors to fix IPv6 issues ? Awful long lead times/upgrade
cycles"
"This is a really ugly hack, but it may be necessary to get widespread IPv6
adoption,"
=> If there are indeed OS bugs that break connectivity, they should justify
quick patches like those that concern security.
2.
"Gashinsky adds that Yahoo is conducting its own analysis of broken IPv6
connectivity, which it will share with the Internet engineering community in June."
=> As a minimum, what the problem really is should be documented before proposing to
adopt any solution to solve it, in particular if it is "ugly".
3.
"Only way of knowing the user has working IPv6 connectivity, is if the AAAA query
came over IPv6!"
=> This DOESN'T WORK :
- Today, dual-stack hosts on Free's network query Free's DNS in IPv4 (at the
only DNS address they know, received in DHCPv4)
- These hosts, because they have valid IPv6 addresses (i.e. have IPv6 enabled),
ask for both As and AAAAs.
- For maps.google.fr, for example, BOTH types of RRs are in the DNS.
- They are included in DNS responses
- Hosts then use IPv6 (preferred in case of choice).
4.
"Return 0 answers for AAAA if, and only if: - Query comes over Ipv4; - ?A? record
exists for same name; - DNSSEC is not used."
=> This hack would NOT ONLY be "ugly" (as acknowledged by their proponents),
BUT ALSO would BREAK some of the IPv6 connectivities that are available today !!!
==> This hack MUST therefore be flatly rejected.
If and when the mentioned OS problems are documented, it will be possible to
fix them with patches in OSes, where they belong.
RD
Le 30 mars 2010 ? 00:21, Ed Jankiewicz a écrit :
Probably no one on either of the IPv6 lists attended the DNSOPS WG meeting in
Anaheim, since it was at the same time as 6man.
Presentation by Yahoo! of a proposal to "do an ugly hack on DNS" to work around an issue
with "broken OSes" that send out AAAA requests when they have no intention/ability to
actually use an IPv6 address. Google experience is that a small percentage of their users would
lose connectivity because of this, if google.com serves both IPv6 and IPv4 addresses. I can't
recall if this particular issue has been discussed here, but either way anyone with an interest
should probably pop comments over to the DSNOPS WG list.
http://www.ietf.org/proceedings/10mar/slides/dnsop-7.pdf
Also FYI - this has gotten press coverage, not necessarily accurately
characterizing the problem or proposed solution
http://www.networkworld.com/podcasts/360/2010/032910-nw360-daily.html
http://www.networkworld.com/news/2010/032610-dns-ipv6-whitelist.html
--
Ed Jankiewicz - SRI International
Fort Monmouth Branch Office - IPv6 Research Supporting DISA Standards
Engineering Branch
732-389-1003 or [email protected]
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[email protected]
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[email protected]
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[email protected]
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
