Facebook over IPv6

George Bonser gbonser at seven.com
Mon Jun 13 18:51:08 CEST 2011 

> Now, if the client is fully v6 capable, asks our recursor over v6, and
> the recursor decides to send the query via v4 to your authoritative
> server (for whatever reason), our v6-enabled client won't see your
> v6-enabled server.  Strikes me as "not what you want to achieve".

If the DNS server is fully v6 capable and I have all the proper glue
records in place and it still reaches me by v4, then I am going to
assume that for some reason that DNS server cannot reach me via v6.
Yes, that might not be 100% accurate but I know in the context of my
"bread and butter" traffic that a client will be able to reach me via
v4.  So if all of that is true and the server still reached me by v4, I
will assume that for some reason it tried via v6 (which is quite likely
as long as we don't have a fully meshed DFZ for IPv6 - e.g the HE /
Cogent peering issue) but didn't get an answer so it fell back to v4.

It may not be a correct assumption in 100% of cases, but it doesn't have
to be.  I do know that a client that has v6, has a dns server with v6,
and whose dns server can reach me via v6 and makes such a request will
get a v6 resource. Otherwise it will get a v4 response and I also know
that the clients DO have ipv4 access so I know this isn't going to break
the clients. 

A dns server that reaches me by v4 will get a v4 resource.  Not 100%
accurate, I realize, but it doesn't break anything and allows the client
to connect.  I am not going to try to use DNS to troubleshoot other
people's networks and I am not going to attempt to force certain
behaviors on other people's networks, I just want the client to connect
in a reliable fashion.

In the case of a v6-only client behind a v4-only DNS server, well, yeah,
that is going to break.  Thankfully, I don't have any such clients
(clients that cannot reach v4 services) providing my bread and butter so
I am not particularly worried about them.  A know with certainty that
all v6 clients reaching me for business purposes can also reach ipv4
services. 

This might not be the best approach for *everyone* but is a workable
solution for this particular service I happen to be running that will
allow at least some v6 native clients to use IPv6 without breaking.

More information about the ipv6-ops mailing list