Discussion:
IPv6 readiness and tinydns.
Russell Sutherland
2010-11-02 15:34:06 UTC
Permalink
I am attempting to prepare our infrastructure here to be IPv6 ready.
Part of that is DNS. For several years we have used the fefe.de patch to
serve up AAAA records for several sub-domains. In the documentation it
states explicitly that:

.... tinydns-edit won't accept IPv6 addresses for NS or MX records yet

So my short question is, can one use a patched version of tinydns to fulling
support an IPv6 environment?

<snip>
On 2008-01-12 Russ Nelson wrote:

"When Google has an AAAA record, we can talk about adding IPv6 support."

I think we are ready to start talking:

http://www.google.com/intl/en/ipv6/faq.html
</snip>
--
Russell Sutherand I+TS
e: ***@utoronto.ca
t: +1.416.978.0470
f: +1.416.978.6620
m: +1.416.803.0080
Maciej Żenczykowski
2010-11-02 17:54:34 UTC
Permalink
Strictly speaking, you don't ever need IPv6 addresses in MX or NS records.
They don't actually reference any IP, they reference a hostname, with
an optional ip.
This results in a MX/NS record being generated (mapping domain to
hostname), and optionally an A record to map that hostname to an IP.

As such if you're like me and never pass in an IP in the MX or NS
record, then you're already good to go.

Basically split your MX/NS records into MX/NS records and A records,
and then add AAAA records. Or even without splitting just add AAAA
records.

[ie. all you are losing is not particularly useful syntactic sugar]

On Tue, Nov 2, 2010 at 08:34, Russell Sutherland
Post by Russell Sutherland
I am attempting to prepare our infrastructure here to be IPv6 ready.
Part of that is DNS. For several years we have used the fefe.de patch to
serve up AAAA records for several sub-domains. In the documentation it
   .... tinydns-edit won't accept IPv6 addresses for NS or MX records yet
So my short question is, can one use a patched version of tinydns to fulling
support an IPv6 environment?
<snip>
  "When Google has an AAAA record, we can talk about adding IPv6 support."
  http://www.google.com/intl/en/ipv6/faq.html
</snip>
--
Russell Sutherand  I+TS
t: +1.416.978.0470
f: +1.416.978.6620
m: +1.416.803.0080
Colm MacCárthaigh
2010-11-02 19:45:23 UTC
Permalink
Even when you do this, without modification TinyDNS does not append AAAA
records to the additional section (as per RFC3596 section 3) for MX, NS or
SRV targets (although A records suffer from this too for SRV).

Another thing to keep in mind if you plan to use stock TinyDNS to serve AAAA
records is that their order will not be randomised in rrsets containing more
than one AAAA record. This shouldn't matter - but in practice some resolvers
don't randomise their processing.
Post by Maciej Żenczykowski
Strictly speaking, you don't ever need IPv6 addresses in MX or NS records.
They don't actually reference any IP, they reference a hostname, with
an optional ip.
This results in a MX/NS record being generated (mapping domain to
hostname), and optionally an A record to map that hostname to an IP.
As such if you're like me and never pass in an IP in the MX or NS
record, then you're already good to go.
Basically split your MX/NS records into MX/NS records and A records,
and then add AAAA records. Or even without splitting just add AAAA
records.
[ie. all you are losing is not particularly useful syntactic sugar]
On Tue, Nov 2, 2010 at 08:34, Russell Sutherland
Post by Russell Sutherland
I am attempting to prepare our infrastructure here to be IPv6 ready.
Part of that is DNS. For several years we have used the fefe.de patch to
serve up AAAA records for several sub-domains. In the documentation it
.... tinydns-edit won't accept IPv6 addresses for NS or MX records yet
So my short question is, can one use a patched version of tinydns to
fulling
Post by Russell Sutherland
support an IPv6 environment?
<snip>
"When Google has an AAAA record, we can talk about adding IPv6
support."
Post by Russell Sutherland
http://www.google.com/intl/en/ipv6/faq.html
</snip>
--
Russell Sutherand I+TS
t: +1.416.978.0470
f: +1.416.978.6620
m: +1.416.803.0080
--
Colm
Sabahattin Gucukoglu
2010-11-02 22:38:46 UTC
Permalink
Even when you do this, without modification TinyDNS does not append AAAA records to the additional section (as per RFC3596 section 3) for MX, NS or SRV targets (although A records suffer from this too for SRV).
This is fixed by the Fefe.de patch, which honours IPv6 glue just as IPv4 very nicely.

The only thing that patch doesn't seem to do is recurse over IPv6 in dnscache.

Cheers,
Sabahattin
Richard J. Sexton
2010-11-02 19:36:32 UTC
Permalink
Post by Russell Sutherland
"When Google has an AAAA record, we can talk about adding IPv6 support."
:s/Google/Paypal/g
--
Richard J. Sexton ***@rd.vrx.net +1 (206) 333-1798 skype: rsx11s
http://rs79.vrx.net http://mbz.org http://killi.net http://aquaria.net
Dean Anderson
2010-11-02 21:12:40 UTC
Permalink
Post by Russell Sutherland
<snip>
"When Google has an AAAA record, we can talk about adding IPv6 support."
http://www.google.com/intl/en/ipv6/faq.html
</snip>
Hmm:

[***@citation2 dean]$ dig +noall +answer any ns1.google.com
ns1.google.com. 345600 IN A 216.239.32.10
[***@citation2 dean]$ dig +noall +answer any ns2.google.com
ns2.google.com. 345437 IN A 216.239.34.10
[***@citation2 dean]$ dig +noall +answer any ns3.google.com
ns3.google.com. 345600 IN A 216.239.36.10
[***@citation2 dean]$ dig +noall +answer any ns4.google.com
ns4.google.com. 345600 IN A 216.239.38.10
[***@citation2 dean]$ dig +noall +answer any www.google.com
www.google.com. 496777 IN CNAME www.l.google.com.
[***@citation2 dean]$ dig +noall +answer any www.l.google.com
www.l.google.com. 300 IN A 72.14.204.99
www.l.google.com. 300 IN A 72.14.204.103
www.l.google.com. 300 IN A 72.14.204.104
www.l.google.com. 300 IN A 72.14.204.147

It's not time yet. But from the FAQ:

We enable Google over IPv6 on request for networks where IPv6 access
will provide the same or better quality of experience of Google
services as IPv4.

Our measurements show that enabling Google over IPv6 can result in a
small percentage of users experiencing problems or delays accessing
Google services. In many cases, we have found this to be due to user
network issues such as misconfiguration or equipment that does not
properly support IPv6.

That percentage isn't really that small. Its large enough that they only
turn it on, on request. You might want to consider this before spending
a lot of time on IPV6:

http://www.ietf.org/mail-archive/web/tls/current/msg07143.html

And this message was sent to list, hasn't shown up in archives yet:

====================================================
Date: Mon, 01 Nov 2010 17:57:26 +1300
From: Peter Gutmann <***@cs.auckland.ac.nz>
To: ***@av8.com, ***@KingsMountain.com
Cc: ***@ietf.org
Subject: Re: [TLS] Server Name Indication (SNI) in an IPv6 world?
Post by Russell Sutherland
That's why now when you google IPV6, you bring up more and more pages on how
to disable it.
This sounded sufficiently controversial that I had to try it:

Google "ipv6" -> 11m hits.
Google "ipv6"+"disable" -> 0.9m hits.
Google "ipv6"+"turn off" -> 1.8m hits.

So roughly 10-20% of references to IPv6 are on how to disable it. Wow.

Peter.
====================================================
Post by Russell Sutherland
I am attempting to prepare our infrastructure here to be IPv6 ready.
Part of that is DNS. For several years we have used the fefe.de patch to
serve up AAAA records for several sub-domains. In the documentation it
.... tinydns-edit won't accept IPv6 addresses for NS or MX records yet
So my short question is, can one use a patched version of tinydns to fulling
support an IPv6 environment?
--
Av8 Internet Prepared to pay a premium for better service?
www.av8.net faster, more reliable, better service
617 256 5494
Loading...