6to4 in Internet aaaa records

Ca By cb.list6 at gmail.com
Fri Oct 3 04:37:19 CEST 2014


On Thu, Oct 2, 2014 at 7:31 PM, Jeroen Massar <jeroen at massar.ch> wrote:

> On 2014-10-02 22:24, Ca By wrote:
> > Folks,
> >
> > What is the general impression of 6to4 addresses in AAAA records?
> >
> > I recently had a customer complain about this situation, and i am not
> > sure, as a service provider, how to deal with it.
> >
> > From my home comcast connection with real full dual-stack, i get this
> >
> >
> >
> > cbyrne at xxxx ~ $ wget -6 www.azdes.gov <http://www.azdes.gov>
> > --2014-10-02 19:19:48--  http://www.azdes.gov/
> > Resolving www.azdes.gov <http://www.azdes.gov> (www.azdes.gov
> > <http://www.azdes.gov>)... 2002::cf6c:8846
>
> That is an invalid 6to4 address as it would have a 6to4 gateway of 0.0.0.0.
>
> One would think with all the "IPv6 consultants" in the US, that .gov
> agencies would be able to get that part right...
>
> Though, better point them out that 6to4 is a bad idea in general anyway.
>
> I would not be surprised if the "DNS solution" generated that broken
> address though as cf6c:8846 does map to 207.108.136.70 which matches the
> A record.
>
> Greets,
>  Jeroen
>
>
Yes, i think .gov requires AAAA records.  So it looks like DNS admins are
generating AAAA records that ultimately break connectivity.

Back to my question, should there be an RFC generated that advises network
admins to only put native natural addresses in DNS for anything that is
supposed to be production grade and routed across the Internet?

Meaning:

1.  Only make AAAA records from 2000::/3
2.  Do not make AAAA records with 6to4 addresses
3.  Do no make AAAA records with NAT64 WKP 64:ff9b::/96 ( saw this last
week )

ps. handy list of broken things http://www.employees.org/~dwing/aaaa-stats/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cluenet.de/pipermail/ipv6-ops/attachments/20141002/44bf7020/attachment.htm>


More information about the ipv6-ops mailing list