Thoughts about ipv6 white listing
Jeroen Massar
jeroen at unfix.org
Sat Dec 4 12:21:04 CET 2010
On 2010-12-04 11:51, Gert Doering wrote:
> Hi,
>
> On Sat, Dec 04, 2010 at 11:47:47AM +0100, Jeroen Massar wrote:
>> There are two major problems with IPv6 deployment at the moment:
>> - broken CPE/NAT boxes with build-in DNS recursors which drop AAAA
>> queries (or anything they don't know for that matter).
>
> Which is a problem completely independent from the server side - these
> boxes will drop the queries no matter whether the server is publishing
> any, so it's not overly useful to worry about them when deciding whether
> to publish an AAAA record or not.
Indeed that is what I mean. This problem will hit before, as such one
can ignore the fact that one even has IPv6 or is publishing AAAA records
at all.
Especially the dropping of queries, which causes a time-out before the A
record gets resolved is very annoying. Users though will notice this
most very likely when they get IPv6 enabled on their OS. The problem
though is that they tend to get the advise to disable IPv6 instead of
fixing their broken DNS.
Greets,
Jeroen
More information about the ipv6-ops
mailing list