Facebook over IPv6
gbonser at seven.com
Mon Jun 13 04:53:45 CEST 2011
> What technical reason is there that you would run separate IPv4 and
> IPv6 DNS servers? The server software can do it so the only reason
> they would stick that requirement in there is redundancy.
One reason I might want to run separate dns servers (or two service
programs listening on different IP addresses of the same physical box
that appear to be different DNS servers to someone outside) is to serve
different zones depending on who is doing the asking.
For example, if I get a request from foo.com for an AAAA record for
www.some-domain.com that arrives over IPv4 when I have a v6 server in
whois, I might treat that request differently than a request that
arrives via v6 for the same resource. The reason is that if the request
arrives over IPv6, then I have a higher degree of confidence that
foo.com might actually have working IPv6 because their DNS forwarder
managed to find my v6 server from the root servers and actually route a
request to it over IPv6. That means I have more confidence (no absolute
guarantee, but more confidence) that if I hand them a v6 RR, the client
stands a chance of actually reaching it.
If the request arrives via v4, I am going to hand them a NOERROR and an
A record. This is because I don't have any confidence at all that the
client actually has working IPv6 to the Internet. Maybe the client has
an IP stack that supports v6 and maybe its local subnet even has v6, but
I don't have any indication that the client's network can actually reach
"the internet" or even the part of the Internet on which I reside.
Maybe they have Cogent and can't see me by v6 so the request reached me
by v4. In that case I do have confidence they can reach me by v4 so
that is what I am going to give them.
This isn't about transforming the Internet into something I want it to
be, this is about making sure business can be done. At least initially
while IPv6 connectivity is still "spotty", I am likely to keep separate
servers and give v6+v4 information for requests arriving via v6 and v4
only information for requests arriving via v4. I am assuming that if a
remote network is v6 capable, it would have queried my v6 server. Maybe
they have a v6 net with a v4-only DNS server. Well, sort, I can't
actually sort that out from the information given to me in a DNS
request. But if the request arrives by v6 asking for a v6 resource, I
am more inclined to give them the v6 information. Heck, I am still a
couple of weeks out from getting even that much done.
More information about the ipv6-ops