On 25/03/2024 10:06, Thomas Schäfer wrote:
I can't present, but I would suggest the topic:
Lessons learned/ Lessons not learned - the mess with mapped IPv4 addresses - or just Layer 8 problems:
Lessons learned: https://www.githubstatus.com/incidents/5y8b8lsqbbyq
Lessons not learned: united by Postbank/Deutsche Bank, new relic, ns1, ibm, fastly and others
https://forum.newrelic.com/s/hubtopic/aAX8W0000015BUvWAM/bamnrdatanet-resolv...
Hey Thomas, I think this is a great topic and somebody should definitely cover it. I remember setting up a couple of test sites to prove wrong the claim: "We use IPv4-mapped AAAA records in order to save money on our authoritative DNS provider who charges us per query." https://ipv4-mapped.0skar.cz/ - this has only IPv4-mapped AAAA record - should be unreachable https://ipv4-mapped-pref.0skar.cz/ - this is "Postbank-style" dual stack with A and IPv4-mapped AAAA record - everybody should reach the A record website However, my macOS 14.4 on IPv6-only network happily connect to both test sites from all browsers and even prefers IPv4-mapped AAAA over A records. So the aforementioned claim may not be completely wrong (though it is still stupid). Any volunteer willing to try common OS behaviour while counting the number of DNS queries? :) -- Best regards, Ondřej Caletka RIPE NCC