Re: [dns-operations] An simple observation
On Sep 24, 2014, at 21:27 , Davey Song songlinj...@gmail.com wrote: Hi everyone, I‘m recently doing a little survey on the penetration of IPv6 in DNS system and it's latent problems. I find that top websites like Google, Wikipedia,Yahoo already support IPv6 access, but its name servers are still IPv4-only. I'm wondering why? is there any operation consideration or risk in their IPv6 deployment? There is additional operational complexity in running a dual-stack network, which implies some risk, but in my opinion it’s not serious enough to be a real blocker for most networks. Some companies may have legacy assumptions in their application that makes adding IPv6 difficult in some way, but from the outside it’s impossible to identify who those networks might be. Some large companies simply have their own inertia to overcome. It can take a while to get large re-engineering projects moving in larger companies, and they may need/want to wait until the infrastructure is in place everywhere before turning it on anywhere. It’s a little weird to me that google’s authoritative DNS servers are not addressable over v6. Their Google Public DNS service does operate over v6, so clearly they have the infrastructure in place. I’m speculating, but perhaps there are bits of their internal CDN-like behaviour that still need to be modified. In short, no there are no generally applicable technical reasons not to be running v6 on your DNS servers. ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] An simple observation
On Thu, Sep 25, 2014 at 9:26 AM, Matthew Pounsett m...@conundrum.com wrote: On Sep 24, 2014, at 21:27 , Davey Song songlinj...@gmail.com wrote: Hi everyone, I‘m recently doing a little survey on the penetration of IPv6 in DNS system and it's latent problems. I find that top websites like Google, Wikipedia,Yahoo already support IPv6 access, but its name servers are still IPv4-only. I'm wondering why? is there any operation consideration or risk in their IPv6 deployment? There is additional operational complexity in running a dual-stack network, which implies some risk, but in my opinion it’s not serious enough to be a real blocker for most networks. Some companies may have legacy assumptions in their application that makes adding IPv6 difficult in some way, but from the outside it’s impossible to identify who those networks might be. Some large companies simply have their own inertia to overcome. It can take a while to get large re-engineering projects moving in larger companies, and they may need/want to wait until the infrastructure is in place everywhere before turning it on anywhere. It’s a little weird to me that google’s authoritative DNS servers are not addressable over v6. Their Google Public DNS service does operate over v6, so clearly they have the infrastructure in place. Google has been focusing on IPv6 for the user first -- for example, the Google Public DNS stuff, the web interface, etc. Obviously enough, this involved a bunch of infrastructure work... For the auth nameservers -- there is work underway, and, AFAIK, there should measurement of the impact of v6 glue soon. This is not a risk free operation -- there are name-servers out there that believe that they have working v6, but don't, and also places where the v6 latency differs from the v4 latency. Measuring and understanding all the implications before flipping the big switch is important I’m speculating, but perhaps there are bits of their internal CDN-like behaviour that still need to be modified. In short, no there are no generally applicable technical reasons not to be running v6 on your DNS servers. W ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] An simple observation
On Fri, Sep 26, 2014 at 12:28 AM, Warren Kumari war...@kumari.net wrote: On Thu, Sep 25, 2014 at 9:26 AM, Matthew Pounsett m...@conundrum.com wrote: On Sep 24, 2014, at 21:27 , Davey Song songlinj...@gmail.com wrote: Hi everyone, I‘m recently doing a little survey on the penetration of IPv6 in DNS system and it's latent problems. I find that top websites like Google, Wikipedia,Yahoo already support IPv6 access, but its name servers are still IPv4-only. I'm wondering why? is there any operation consideration or risk in their IPv6 deployment? There is additional operational complexity in running a dual-stack network, which implies some risk, but in my opinion it’s not serious enough to be a real blocker for most networks. Some companies may have legacy assumptions in their application that makes adding IPv6 difficult in some way, but from the outside it’s impossible to identify who those networks might be. Some large companies simply have their own inertia to overcome. It can take a while to get large re-engineering projects moving in larger companies, and they may need/want to wait until the infrastructure is in place everywhere before turning it on anywhere. It’s a little weird to me that google’s authoritative DNS servers are not addressable over v6. Their Google Public DNS service does operate over v6, so clearly they have the infrastructure in place. Google has been focusing on IPv6 for the user first -- for example, the Google Public DNS stuff, the web interface, etc. Obviously enough, this involved a bunch of infrastructure work... For the auth nameservers -- there is work underway, and, AFAIK, there should measurement of the impact of v6 glue soon. Thanks for your explanation and comments, Warren and Matthew. Glad to hear some work underway to make a fully IPv6 connected Internet. I once take it for granted that the increasing IPv6 traffic WorldWide is based on IPv6 end-to-end (both IP/DNS layer) capability and independent on IPv4 infrastructure. Now I realize it is not so optimistic. This is not a risk free operation -- there are name-servers out there that believe that they have working v6, but don't, and also places where the v6 latency differs from the v4 latency. Measuring and understanding all the implications before flipping the big switch is important I’m speculating, but perhaps there are bits of their internal CDN-like behaviour that still need to be modified. In short, no there are no generally applicable technical reasons not to be running v6 on your DNS servers. W ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] An simple observation
On Thu, Sep 25, 2014 at 4:47 PM, Mark Andrews ma...@isc.org wrote: In message CAAObRXKo5GbesOA-wQ0K= ifcmhmgqraxq9neuybnzjfwe5k...@mail.gmail.com, Davey Song writes: Hi everyone, I‘m recently doing a little survey on the penetration of IPv6 in DNS system and it's latent problems. I find that top websites like Google, Wikipedia,Yahoo already support IPv6 access, but its name servers are still IPv4-only. I'm wondering why? is there any operation consideration or risk in their IPv6 deployment? Registrars making it difficult to add addresses. Inertia. CDN's not supporting IPv6 nameservers. Yes. they need more incentive to update their system. Actually, I firstly pay attention to the dual-stack in DNS is the setting to keep the independence of DNS transport and DNS records(RFC4472). I think this setting in a way provide a reason for Registrar/Registry/CDN not doing so. Best Regards, Davey -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs