Thoughts about ipv6 white listing
George Bonser
gbonser at seven.com
Sat Dec 4 11:58:55 CET 2010
>
> I do hope you mean NOERROR otherwise you kill off any other queries
> too.
> Eg for that "A" record which seems to be quite popular...
Yes, I do, sorry.
>
> Do note though that a LOT of people might not have IPv6 transport in
> use
> for their IPv6 DNS server.
That is fine. I am on a first pass willing to continue giving them a v4 address. That is no different than the situation is now and does not break anything.
> Also, it might be that the recursive DNS server they are using over
> IPv4
> transport has IPv6 connectivity. As such the DNS request comes in over
> IPv6 while the end user was using IPv4.
Then the end user would not have requested an AAAA record, it would have requested an A record. If the client had no IPv6 it will not request an AAAA record. If a request comes in on v6 for an A record, they will get the A record.
> Can you see why this would be VERY horrible to troubleshoot?
No.
>
> There are two major problems with IPv6 deployment at the moment:
> - broken CPE/NAT boxes with build-in DNS recursors which drop AAAA
> queries (or anything they don't know for that matter).
> - broken connectivity
Fine, then they will get the A record for the resource. Not a problem.
More information about the ipv6-ops
mailing list