DNAME issues (was Re: ip6.int deprecation)

Iljitsch van Beijnum iljitsch at muada.com
Tue May 9 16:06:13 CEST 2006 

On 9-mei-2006, at 15:27, Nick Hilliard wrote:

>> Testing is what you do to find problems. If you know the problems are
>> there, it's no longer testing.

> So, you want to put in a DNAME for ip6.int in order to uncover DNAME
> brokenness, and are trying to pretend that this isn't a way of finding
> problems with DNAME implementations (i.e. testing)?

No, what I'm saying is that it makes sense to do this since there are  
still some boxes out there that use ip6.int.

If we can use this to uncover DNAME brokenness so much the better but  
since there isn't much that looks at ip6.int out there anymore that  
part isn't going to matter much one way or the other.

> I don't mean to be a smart-ass here, but apart from being  
> inconsistent,
> this is also profoundly incompatible with what you said in another
> email:

> 1. Do the right thing. ALWAYS.
> 2. Don't expect anyone else to.

I also wrote earlier today that it's sometimes necessary to do "the  
right thing" (= in the abstract) and sometimes what works (which can  
be considered the right thing under some circumstances).

> Look, ip6.int is deprecated;  there is no point in artificially
> breathing more life to the domain by using DNAME when really, it just
> needs to die quietly.

You can keep saying that until you're blue in the face but at the  
same time when I type "host ::1" on my Mac I get:

Host \[x00000000000000000000000000000001/128].ip6.arpa not found: 1 
(FORMERR)

Slightly different example but mostly the same thing. The point:  
there are implementations out there that are unaware of these  
deprecations. That's not going to change over night.

> And breathing life into it by implementing a DNS
> RR which is know to have problems on some system, is the Wrong Thing.
> Quite categorically the Wrong Thing.

Well, go tell the people who decided to s/ip6.int/ip6.arpa/g anyway,  
because this whole mess is their fault (who was this, anyway?), the  
only choice now is where we want to see the fallout land. Personally,  
I think a broken DNS implementation is as good a landing place as any.

Too bad I'm running BIND 9.3.1 these days. A while ago I had:

*.\[x2/3].ip6.arpa.     IN      PTR     bit.label.ip6.arpa.

\[x20011AF800060000020A95FFFEF5246E/128].ip6.arpa. IN CNAME e. 
6.4.2.5.f.e.f.f.f.
5.9.a.0.2.0.0.0.0.0.6.0.0.0.8.f.a.1.1.0.0.2.ip6.arpa.

More information about the ipv6-ops mailing list