Thoughts about ipv6 white listing

[George Bonser]

> >
> > No, a person who has v4 will see *exactly* the same behavior they see
> today.  They will ask for an A record and they will receive an A
> record.
> 
> 	how are you SURE that a request for a AAAA record over v4
> transport will never occur?
> 	(since this has been common behaviour for at least a decade or
> more)

Oh, they are happening today.  I am just going to continue to handle those just as we are today ... *for now*.

The *initial* rollout of v6 will be to clients who are requesting AAAA records over v6.  We will then get all of those sorted out and working, then we will experiment with handing out AAAA records for certain resources when requested over v4.

> 	why do you suppose that the v6 instance can or should assume v4
> reachability?
> 	why is it handing out A records?

It will hand out an A record if an A record is specifically asked for.  If it is asking for an A record and has no v4 connectivity then it will probably break universally, not just when talking to us. 

 
> 
> 	as the DNS server, you have no idea what the routing looks like
> (v4/v6) from
> 	the client side.  you are conflating transport and data...
> assuming that
> 	transport has anything to do with the data being asked for. 

I have some idea.  If I am seeing an AAAA request, then the client must at least have an IPv6 address.  If I am seeing the AAAA request arriving to me via v6 from the client's dns server (which in this case is in the same network with the client), then if the dns server can reach me, the client can reach me.

Again, this isn't the typical web surfer sort of network.  This is a set of thousands of hardware devices in a network with a dns server.  If that hardware device makes an AAAA request, then it has v6.  

Also, this gets rolled out for one client network at a time, not globally.