Re: [dns-wg] Re: Re: IPv6 glue AAAA RRs in the root zone
"Joao" == Joao Damas <Joao_Damas@isc.org> writes:
>> Have you forgotten the IPv6 migration issues that Johan Ihren >> and others have mentioned at previous WG meetings? Joao> No, I have discussed them with Johan on occasion. Does that Joao> mean we are to seat down and do nothing? No, of course not. Doing nothing is not an option. >> For instance, what will my IPv6 web browser do when lookups >> over IPv6 for www.google.com return only A records? Joao> What do you mean "your IPv6 web browser"? I would have thought this was obvious from the context: a browser running on some IPv6-only device or only had DNS transport over IPv6. Joao> Of course changes need to be done in a responsible way and I Joao> am taking personal offence if you would suggest that I would Joao> not follow that path. I made no such suggestion. [I said some TLDs might be pressured into doing IPv6 things before they were ready to do that. They may well be acting responsibly based on the limited resources and info they have available to them.] And anyway, how can you take personal offence? AFAIK, you're not personally responsible for any TLD AAAA glue or the contents of the root zone. Please note too that I'm not impugning those who do have that responsibility either. What I am saying is that making well-intentioned changes to critical DNS infrastructure may have unexpected consequences if the impact of those changes isn't fully understood. This applies to other horrors like DNSSEC deployment, not just these IPv6 issues. BTW, the IANA document which sparked this discussion talks about changing TLD delegations when there are "serious operational problems". Presumably these arise after the TLD and IANA have acted responsibly by applying some carefully considered (but not fully thought out?) change to the delegation. >> Finally, by encouraging the IPv6-only people to go off into >> their own little world, we fragment the internet and its name >> space. Joao> No, you just are not getting it. I am talking about Joao> enabling, you are talking about limiting. I'm doing no such thing. Though I may well not be "getting it". What we seem to be disagreeing about is tactics and strategy, not policy. ie We agree IPv6 has to be deployed in the DNS. Where we differ is in how to achieve that. You seem to be saying "just do it". I'm saying "let's first try to understand what we're getting ourselves into". IMO the internet today is too big and too important for the "just do it" approach that was possible 10 or more years ago. >> At the very least, it will mean some IPv6-ers are likely to >> develop a mindset that DNS migration to IPv6 is done and >> there's nothing more for them to do as far as IPv6 and the DNS >> is concerned. Joao> Since when has that been possible for any protocol that is Joao> used on the Internet? DNS, the protocol, keeps changing and Joao> adding new possibilities, just like most other Internet Joao> protocols. DNS protocol development has been stalled for years. But that's beside the point. Whenever something new comes along, care needs to be taken that it doesn't introduce interoperability problems or operational issues. [eg Sending resolvers into an infinite tight loop beating up root or TLD servers for the same non-existent names.] I'm sure we agree on this. What we're disagreeing about appears to be the extent that these potential problems have been analysed and documented. Perhaps an IPv6-only island on the internet would bring DNS problems for the rest of the net that the people in this island never see? Or care to fix? In a sense, this can be compared to the DSL users who have Windows boxes that get hijacked by spammers. The end user might not be aware of that, so can't/won't plug the holes that give rise to the operational problems. It's a bad analogy because someone will eventually blackhole the spammer and give an incentive for the end user to fix the problem. That sort of corrective mechanism might not be possible in an IPv6 only island that's pounding the life out of the world's name servers.
On 22 Jul, 2004, at 14:41, Jim Reid wrote:
BTW, the IANA document which sparked this discussion talks about changing TLD delegations when there are "serious operational problems". Presumably these arise after the TLD and IANA have acted responsibly by applying some carefully considered (but not fully thought out?) change to the delegation.
It is extremely difficult to prove you have addressed all possible situations when dealing with a system such as the Internet. That is why there is the hook there enabling the IANA to take action if there are operational problems. No one anticipates operational problems arising from this change if the proper checks outlined in the document are done, but it is nice to have a safety mechanism. Imagine there was indeed an operational problem and that the IANA had to initiate a formal discussion, that had to come to a consensus, on what to do about it. A bloody nightmare if you ask me. So I think the document and procedure has been as thought out as it could have been and as dfk says, it then becomes a matter of confidence on the organisation currently tasked with providing the service.
Finally, by encouraging the IPv6-only people to go off into their own little world, we fragment the internet and its name space.
Joao> No, you just are not getting it. I am talking about Joao> enabling, you are talking about limiting.
I'm doing no such thing. Though I may well not be "getting it". What we seem to be disagreeing about is tactics and strategy, not policy. ie We agree IPv6 has to be deployed in the DNS. Where we differ is in how to achieve that. You seem to be saying "just do it".
No just do it, just get on with doing it.
I'm saying "let's first try to understand what we're getting ourselves into". IMO the internet today is too big and too important for the "just do it" approach that was possible 10 or more years ago.
10 years ago people also acted mostly in a responsible way. When you contemplate all cases, there will be some under which some people will be able to cut themselves off the Internet, intentionally or not (remember the MS name server debacle a couple of years ago?) That sort of situation can't stop progress. Joao
Joao Damas wrote:
operational problems. No one anticipates operational problems arising from this change if the proper checks outlined in the document are done, but it is nice to have a safety mechanism.
Agreed, fully.
Imagine there was indeed an operational problem and that the IANA had to initiate a formal discussion, that had to come to a consensus, on what to do about it. A bloody nightmare if you ask me.
Sure, but the 'safety belt' in the policy document is stated much broader than necessary for the risk posed by AAAA glue RRs. It can be applied to problems totally unrelated to IPv6. While that may even be technically useful certain certain circumstances, this en passant introduction would not have been necessary. -Peter
Gents, it boils down to the question whether we trust IANA or not. In the not-too-recent past this was no question at all. I hope that in the not-too-distant future it will again be no question. Daniel
participants (4)
-
Daniel Karrenberg -
Jim Reid -
Joao Damas -
Peter Koch