Hello Alvaro First of all, Thanks a lot for your feedback!. I really appreciate it. On 17/9/04 09:45, "Alvaro Vives" <alvaro.vives@consulintel.es> wrote:
1) In case of having IPv4 and IPv6 addresses for the DNS server of example.org domain, changing addresses in different moments could lead to reduce the blackout, at least for the dualstack user resolvers. For example:
example.org. NS A 10.1.2.3 NS AAAA 2001:800:40:2a2f::1
IPv6 is one of the main items of my "to do" list for the meeting (not being a big expert in IPv6). I will include your proposal in the presentation to be discused/agreed (it seems fine to me)
2) Your solution is based on replicating equipment (having two servers), but, could this be avoided using two addresses in the same interface? Or for example installing two network cards to the server, one for each address?
I though about it, but it can lead to interesting problems. (thinking aloud): - The same equipment with to IP address/interfaces. Everything will follow the default route regardless of the source IP routing and A) packets wont follow best route B) could be filtered by anti spoofing filters. - Using source routing is a possible solution, but not al servers OS have source routing and using it is tricky at best. - Other solution is using source NAT in one connection. I.e. All packets received through the non default connection, to be NATed so the server seems them as coming from the NAT machine and so the reply goes to the NAT machine. Its ok if your software works ok with NAT (if you don't use statistics source IP autentication, etc.) perhaps we could add it as a option.
3) It is a common practice to have servers in different ASs , this way being prepared for network looses of conectivity. This could be used as a backup solution, previous the address changes. For example, you have your master DNS server in you network with your future ex-ISP. You also have one or more secondaries in other networks with addresses from other ISP(S). Before changing the addreses of you master DNS server, you can change the configuration in order to make one of the secondaries being the new master. Then, after the changes of addresses, change the whole configuration (NIC, etc.) with the new address. This involves a lot of administrative work, but seems to me as a possible solution. This idea is based in our experience, as we have control over DNS servers in different ASs. Looks like your section 9.1, but with no help of third-party DNS server(s).
-PROs: avoid installing a temporary machine -CONs: Two changes in the NIC in place of one. I prefer one change in the NIC (I am really, really afraid of some NICs working methods) and use your solution if no duplicate server is possible. We can discuss it, of course. Thanks a lot y Saludos. Fernando
Best regards, Alvaro Vives Consulintel
********************************** Madrid 2003 Global IPv6 Summit Presentations and videos on line at: http://www.ipv6-es.com
This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited.
-- ---------------------------------------------------------------------------- -- Fernando Garcia - fgarcia@eurocomercial.es Eurocomercial Informática y Comunicaciones 91 435 96 87 ---------------------------------------------------------------------------- --