Re: [dns-wg] Re: Re: IPv6 glue AAAA RRs in the root zone
"Joao" == Joao Damas <Joao_Damas@isc.org> writes:
BN: cc list has been trimmed as everyone there is already on dns-wg@ripe.net >>> Well, what other choice is there? :-) And anyway, since the >>> overwhelming bulk of the world's name servers are IPv4-only, >>> resolution over IPv6 doesn't seem to be a particularly >>> productive exercise. >> True enough. Joao> True enough for what subset of users? If the a user is Joao> interested in only a few and those provide the service that Joao> user needs and uses, what does he/she care about a million Joao> servers out there? It's not that simple Joao. If only it could be that simple... Have you forgotten the IPv6 migration issues that Johan Ihren and others have mentioned at previous WG meetings? Some IPv6 users will drop DNS over IPv4 as soon as they see AAAAs for TLD name servers. Or, worse, for the root servers. They may not realise or understand that this will cut them off from most of the internet. Which you seem to be saying is fine. If all they're interested in is the IPv6 internet, let them just get access to that. I'd agree with that sentiment if we knew for sure we were talking about informed, knowledgeable users. But I'm not convinced that's the case. Even so this approach brings more problems. Firstly, it highlights the lack of a migration strategy for introducing DNS over IPv6. We still don't know what's going to break, how those failures will manifest themselves and what the consequences of that will be. Both for applications/resolvers and for name servers. For instance, what will my IPv6 web browser do when lookups over IPv6 for www.google.com return only A records? Or SERVFAIL? Second of all, a piecemeal introduction of AAAA glue could be destablising for the DNS and the internet. We just don't know either way, so we should proceed carefully with a good understanding of the consequences of these changes. Thirdly, this could also put pressure on other TLDs to add AAAA glue -- "because others are doing this" -- before they're ready to do so. Finally, by encouraging the IPv6-only people to go off into their own little world, we fragment the internet and its name space. At the very least, it will mean some IPv6-ers are likely to develop a mindset that DNS migration to IPv6 is done and there's nothing more for them to do as far as IPv6 and the DNS is concerned.
On Thu, 2004-07-22 at 11:36, Joao Damas wrote:
On 21 Jul, 2004, at 18:03, Jeroen Massar wrote:
We are trying hard to make F available from our anycast nodes on its IPv6 address. Finding exchange points which (a) will give you v6 addresses and (b) have peers which will peer with you over IPv6 is not trivial, however.
Then I should advise you to come to the AMS-IX, there is no F there and it should not be hard to get IPv6 from the IX nor transit nor peers. Just give them a shout and I am sure people are willing to help out.
F has v6 enabled for peerings at several exchanges, for instance at the SFINX in Paris, the GigaPIX in Lisbon and the Namex in Rome. We will turn it on in any other anycast location where the exchange supports IPv6 traffic directly and there are peers to peer with.
As can be seen under f.root-servers.net at the following url (use "IPv6 well known destinations"): http://www.sixxs.net/misc/latency/latency/ F is at about 100ms in IPv6 for most destinations, ~3ms from ptlis01 though. Then again if I look at f.root-servers.net over IPv4 in that same graph the average is ~150ms... hmmm IPv6 is better as IPv4? :) On Thu, 2004-07-22 at 12:12, Jim Reid wrote:
Have you forgotten the IPv6 migration issues that Johan Ihren and others have mentioned at previous WG meetings? Some IPv6 users will drop DNS over IPv4 as soon as they see AAAAs for TLD name servers.
Then those users doing that are basically stupid. You can't do anything about that and they simply hurt themselves. IPv4 will exist for at least the coming 50 years in one form or another and it will not evaporate. People thinking that they can live without some kind of IPv4 access, well let them live in their small world.
I'd agree with that sentiment if we knew for sure we were talking about informed, knowledgeable users. But I'm not convinced that's the case.
Do 'normal' users know what IPv6 is, or even IPv4 or even IP? They want to type names and generally don't configure their nameservers, DHCP does that. And the few that will break it will hurt themselves and get laughed at. Non issue ;)
Even so this approach brings more problems. Firstly, it highlights the lack of a migration strategy for introducing DNS over IPv6.
DNS over IPv6 gives an extra transport possibility, we cannot currently do without IPv4. If you want a IPv6 only DNS system make sure that you at least have a caching IPv4/IPv6 capable box in front of it. The same goes for proxies, shutdown your IPv4, just keep your proxybox doing both IPv4 and IPv6 and you will be fine.
We still don't know what's going to break, how those failures will manifest themselves and what the consequences of that will be. Both for applications/resolvers and for name servers. For instance, what will my IPv6 web browser do when lookups over IPv6 for www.google.com return only A records? Or SERVFAIL?
The transport (IPv4 or IPv6) doesn't matter, what matter is the answer which you get and the speed of it. DNS fortunatly falls back to another transport or nameserver to retrieve the answer from another when SERVFAIL comes back. When you have an IPv6 only webclient then of course you can't use A records and you will fail there, solution: Transition Mechanism's. eg try: http://www.google.com.sixxs.org Or any other proxy as I described above.
Second of all, a piecemeal introduction of AAAA glue could be destablising for the DNS and the internet. We just don't know either way, so we should proceed carefully with a good understanding of the consequences of these changes.
How can it destabilize 'the internet'? The only problem that could occur is when there is too many glue in so that you require EDNS0, in that case you need to update your machine anyway as you are a hot target for virii, DNS is then the least of your concerns ;) (Oh and yes I like legacy machines, don't worry)
Thirdly, this could also put pressure on other TLDs to add AAAA glue -- "because others are doing this" -- before they're ready to do so.
If they are not ready now then they are simply late. That is the same with deploying your IPv6 network now or in 10 years when there is customer demand. Either you do it now and slowly and with a possible small customer base who don't mind that you are breaking it or you do it rapidly in a couple of years and break a lot of things.
Finally, by encouraging the IPv6-only people to go off into their own little world, we fragment the internet and its name space. At the very least, it will mean some IPv6-ers are likely to develop a mindset that DNS migration to IPv6 is done and there's nothing more for them to do as far as IPv6 and the DNS is concerned.
People using IPv6 (next to IPv4) can already reach a number of sites and especially content which the IPv4 people can't. Probably the best example since long: www.kame.net When using IPv4 you can't see the Dancing Kame(tm). Too bad for them.... computers is progress, if you don't progress then stay behind. The 'normal public' you are talking about will follow, it will take some time but it will happen, not now, not tomorrow, not directly, not with a flag day, but very slowly and gradually. Greets, Jeroen
On 22 Jul, 2004, at 12:12, Jim Reid wrote:
"Joao" == Joao Damas <Joao_Damas@isc.org> writes:
BN: cc list has been trimmed as everyone there is already on dns-wg@ripe.net
Well, what other choice is there? :-) And anyway, since the overwhelming bulk of the world's name servers are IPv4-only, resolution over IPv6 doesn't seem to be a particularly productive exercise. True enough.
Joao> True enough for what subset of users? If the a user is Joao> interested in only a few and those provide the service that Joao> user needs and uses, what does he/she care about a million Joao> servers out there?
It's not that simple Joao. If only it could be that simple...
Have you forgotten the IPv6 migration issues that Johan Ihren and others have mentioned at previous WG meetings?
No, I have discussed them with Johan on occasion. Does that mean we are to seat down and do nothing? The problems are known and there are proposed solutions. At the same time the RSSAC was working on producing the recommendation for the IANA to accept AAAA in the root zone, it also discussed how to start this transition for the root-servers.net zone and the respective glue.
Some IPv6 users will drop DNS over IPv4 as soon as they see AAAAs for TLD name servers. Or, worse, for the root servers. They may not realise or understand that this will cut them off from most of the internet. Which you seem to be saying is fine. If all they're interested in is the IPv6 internet, let them just get access to that. I'd agree with that sentiment if we knew for sure we were talking about informed, knowledgeable users. But I'm not convinced that's the case.
Did not know about your baby-sitting activities. You can't protect users from every possible mistake. You should analyse problems and recommend sensible defaults, while avoiding troublesome choices but this should not prevent progress. You can;t just sit around saying "oh, but there are all these unknowns and a choice is so hard..."
Even so this approach brings more problems. Firstly, it highlights the lack of a migration strategy for introducing DNS over IPv6. We still don't know what's going to break, how those failures will manifest themselves and what the consequences of that will be. Both for applications/resolvers and for name servers.
A lot of this has been done or is being done.
For instance, what will my IPv6 web browser do when lookups over IPv6 for www.google.com return only A records?
What do you mean "your IPv6 web browser"?
Or SERVFAIL? Second of all, a piecemeal introduction of AAAA glue could be destablising for the DNS and the internet. We just don't know either way, so we should proceed carefully with a good understanding of the consequences of these changes. Thirdly, this could also put pressure on other TLDs to add AAAA glue -- "because others are doing this" -- before they're ready to do so.
Some people put non-conformant javascript and HTML in their web pages, they count on error handling, or lack thereof, of particular web browsers to put out web pages that can only be seen by those web browsers... Of course changes need to be done in a responsible way and I am taking personal offence if you would suggest that I would not follow that path.
Finally, by encouraging the IPv6-only people to go off into their own little world, we fragment the internet and its name space.
No, you just are not getting it. I am talking about enabling, you are talking about limiting.
At the very least, it will mean some IPv6-ers are likely to develop a mindset that DNS migration to IPv6 is done and there's nothing more for them to do as far as IPv6 and the DNS is concerned.
Since when has that been possible for any protocol that is used on the Internet? DNS, the protocol, keeps changing and adding new possibilities, just like most other Internet protocols. The bottom line: it is time to get going. Joao
participants (3)
-
Jeroen Massar -
Jim Reid -
Joao Damas