Thoughts about ipv6 white listing

Jeroen Massar jeroen at
Sat Dec 4 11:47:47 CET 2010

On 2010-12-04 11:21, George Bonser wrote:
> Requests that arrive via v4 that request an AAAA resource are returned

I do hope you mean NOERROR otherwise you kill off any other queries too.
Eg for that "A" record which seems to be quite popular...

Do note though that a LOT of people might not have IPv6 transport in use
for their IPv6 DNS server.

Also, it might be that the recursive DNS server they are using over IPv4
transport has IPv6 connectivity. As such the DNS request comes in over
IPv6 while the end user was using IPv4.

Can you see why this would be VERY horrible to troubleshoot?

In short: either publish A + AAAA on the same set of servers or just
forget about it.

There are two major problems with IPv6 deployment at the moment:
 - broken CPE/NAT boxes with build-in DNS recursors which drop AAAA
   queries (or anything they don't know for that matter).
 - broken connectivity

Both cases, nothing you can work around, only thing one can do is get
the end user to fix them and as long as they don't notice, they won't know.

A proper test like is the only way to
figure them out, but users who are not technical enough will never go
there of course. This is where ISP helpdesks come in and it would be
nice if the various search engines would have a proper answer to these
questions instead of pointing to clueless answers like "disable IPv6"
which seem pre-dominant. Unfortunately nothing much anybody can do about.


More information about the ipv6-ops mailing list