Thoughts about ipv6 white listing

Richard Hartmann richih.mailinglist at gmail.com
Sat Dec 4 18:51:43 CET 2010


On Sat, Dec 4, 2010 at 11:55, George Bonser <gbonser at seven.com> wrote:

> Yes, it does by design because I cannot be sure of the state of the
> client behind that recursive server.  Just because it asked the server
> for an AAAA record doesn't mean it can reach me by v6 even if it has v6.
> Note the difference in v6 routing tables between he and cogentco

You are basically trying to guess how the end user's system is working
& connected. You are free to disagree, but this is, imo, broken by
design.

The massive birthing pain of a truly IPv6-enabled world will not be
lessened by adding more magic outside of the end user's control.


> Yes.  And I suspect those cases will be *extremely* few and need to
> break.

I think all of the cases of non-working IPv6 need to break. That is
what gets things fixed. Sure, it would be nice if things just kept on
working, but breaking properly in all cases is preferable to kinda
somewhat breaking in some circumstances.


Just think of how awesome it will be to spend a few hours of your time
debugging stuff until you find out that someone running DNS is trying
to be clever... I expect you to be amused and very happy once you
realize what you wasted that effort for.


Richard


More information about the ipv6-ops mailing list