Question about "proper" way to run v6/v4 website
tim-projects at sentinelchicken.org
Thu Apr 19 19:20:20 CEST 2007
I would like to run a website which hosts both IPv6 and IPv4 versions.
Sounds easy, but in this exceedingly long transition period, it is a
little harder than might be expected. (I appologize if this has been
covered on the list in the past. I just subscribed...)
I have noticed quite a few issues with users who run IPv6-compatible
software but don't know it and/or don't configure it. For instance, if
I run Firefox on Linux (which has IPv6 enabled) and come to a website
which advertizes both AAAA and A records, and I'm not set up properly to
route IPv6, Firefox tends to hang quite a while before reaching the
site. This seems to be because it first attempts to connect via IPv6
and waits for that attempt to fully time out before trying the IPv4 A
record. The pause can be unacceptable in some situations. I'm sure
behavior varies under different levels of IPv6 brokenness...
In any case, to get around this problem I thought maybe a good idea
would be to do the following:
- Run two separate authoritative DNS servers, one which serves only IPv4
records, one which serves only IPv6 records. The v4 server would only
serve these records over v4, and likewise, the v6 server would only
serve records over v6.
- Set my primary NS record to point to a name which only points to a
AAAA record. Set secondary NS records to point to names which point
to A records.
- Assuming a client fully supports IPv6 AND is configured to route it,
the only way they could get the AAAA record for my site is if they
were able to query the primary NS server over IPv6, thus proving
they're configured correctly on their end. Then they should have no
problem getting to the site.
So, I guess my questions are: Is this scheme the "right" way to do it?
In practice, do v6-capable resolvers currently even follow AAAA records
when those names are pointed to by NS records? Is there any RFC or
other document which describes how to best set up records for dual-stack
servers? I've set this scheme up on an unimportant domain, but I have
limited resources to test right now...
thanks in advance for any feedback,
More information about the ipv6-ops