Thoughts about ipv6 white listing

George Bonser gbonser at
Sat Dec 4 11:58:55 CET 2010

> I do hope you mean NOERROR otherwise you kill off any other queries
> too.
> Eg for that "A" record which seems to be quite popular...

Yes, I do, sorry.

> Do note though that a LOT of people might not have IPv6 transport in
> use
> for their IPv6 DNS server.

That is fine.  I am on a first pass willing to continue giving them a v4 address.  That is no different than the situation is now and does not break anything.

> Also, it might be that the recursive DNS server they are using over
> IPv4
> transport has IPv6 connectivity. As such the DNS request comes in over
> IPv6 while the end user was using IPv4.

Then the end user would not have requested an AAAA record, it would have requested an A record.  If the client had no IPv6 it will not request an AAAA record.  If a request comes in on v6 for an A record, they will get the A record.

> Can you see why this would be VERY horrible to troubleshoot?


> There are two major problems with IPv6 deployment at the moment:
>  - broken CPE/NAT boxes with build-in DNS recursors which drop AAAA
>    queries (or anything they don't know for that matter).
>  - broken connectivity

Fine, then they will get the A record for the resource.  Not a problem.

More information about the ipv6-ops mailing list