Facebook over IPv6
gbonser at seven.com
Mon Jun 13 18:51:08 CEST 2011
> Now, if the client is fully v6 capable, asks our recursor over v6, and
> the recursor decides to send the query via v4 to your authoritative
> server (for whatever reason), our v6-enabled client won't see your
> v6-enabled server. Strikes me as "not what you want to achieve".
If the DNS server is fully v6 capable and I have all the proper glue
records in place and it still reaches me by v4, then I am going to
assume that for some reason that DNS server cannot reach me via v6.
Yes, that might not be 100% accurate but I know in the context of my
"bread and butter" traffic that a client will be able to reach me via
v4. So if all of that is true and the server still reached me by v4, I
will assume that for some reason it tried via v6 (which is quite likely
as long as we don't have a fully meshed DFZ for IPv6 - e.g the HE /
Cogent peering issue) but didn't get an answer so it fell back to v4.
It may not be a correct assumption in 100% of cases, but it doesn't have
to be. I do know that a client that has v6, has a dns server with v6,
and whose dns server can reach me via v6 and makes such a request will
get a v6 resource. Otherwise it will get a v4 response and I also know
that the clients DO have ipv4 access so I know this isn't going to break
A dns server that reaches me by v4 will get a v4 resource. Not 100%
accurate, I realize, but it doesn't break anything and allows the client
to connect. I am not going to try to use DNS to troubleshoot other
people's networks and I am not going to attempt to force certain
behaviors on other people's networks, I just want the client to connect
in a reliable fashion.
In the case of a v6-only client behind a v4-only DNS server, well, yeah,
that is going to break. Thankfully, I don't have any such clients
(clients that cannot reach v4 services) providing my bread and butter so
I am not particularly worried about them. A know with certainty that
all v6 clients reaching me for business purposes can also reach ipv4
This might not be the best approach for *everyone* but is a workable
solution for this particular service I happen to be running that will
allow at least some v6 native clients to use IPv6 without breaking.
More information about the ipv6-ops