On 25/03/2024 10:06, Thomas Schäfer wrote:

I can't present, but I would suggest the topic:

Lessons learned/ Lessons not learned - the mess with mapped IPv4 addresses - 
or just Layer 8 problems:

Lessons learned:
https://www.githubstatus.com/incidents/5y8b8lsqbbyq

Lessons not learned:
united by Postbank/Deutsche Bank, new relic, ns1, ibm, fastly and others

https://forum.newrelic.com/s/hubtopic/aAX8W0000015BUvWAM/bamnrdatanet-resolves-with-wrong-aaaarecords

Hey Thomas,

I think this is a great topic and somebody should definitely cover it. I remember setting up a couple of test sites to prove wrong the claim: "We use IPv4-mapped AAAA records in order to save money on our authoritative DNS provider who charges us per query."

https://ipv4-mapped.0skar.cz/ - this has only IPv4-mapped AAAA record - should be unreachable
https://ipv4-mapped-pref.0skar.cz/ - this is "Postbank-style" dual stack with A and IPv4-mapped AAAA record - everybody should reach the A record website

However, my macOS 14.4 on IPv6-only network happily connect to both test sites from all browsers and even prefers IPv4-mapped AAAA over A records. So the aforementioned claim may not be completely wrong (though it is still stupid).

Any volunteer willing to try common OS behaviour while counting the number of DNS queries? :)

--
Best regards,

Ondřej Caletka
RIPE NCC