headers
Russell Sutherland | 2 Nov 2010 16:34
Picon
Picon
Favicon

IPv6 readiness and tinydns.

I am attempting to prepare our infrastructure here to be IPv6 ready.
Part of that is DNS. For several years we have used the fefe.de patch to
serve up AAAA records for several sub-domains. In the documentation it
states explicitly that:

    .... tinydns-edit won't accept IPv6 addresses for NS or MX records yet

So my short question is, can one use a patched version of tinydns to fulling
support an IPv6 environment?

<snip>
On 2008-01-12 Russ Nelson wrote:

   "When Google has an AAAA record, we can talk about adding IPv6 support."

I think we are ready to start talking:

   http://www.google.com/intl/en/ipv6/faq.html
</snip>

--

-- 
Russell Sutherand  I+TS
e: russell.sutherland <at> utoronto.ca
t: +1.416.978.0470
f: +1.416.978.6620
m: +1.416.803.0080
Permalink | Reply |
headers
Maciej Żenczykowski | 2 Nov 2010 18:54
Picon
Gravatar

Re: IPv6 readiness and tinydns.

Strictly speaking, you don't ever need IPv6 addresses in MX or NS records.
They don't actually reference any IP, they reference a hostname, with
an optional ip.
This results in a MX/NS record being generated (mapping domain to
hostname), and optionally an A record to map that hostname to an IP.

As such if you're like me and never pass in an IP in the MX or NS
record, then you're already good to go.

Basically split your MX/NS records into MX/NS records and A records,
and then add AAAA records.  Or even without splitting just add AAAA
records.

[ie. all you are losing is not particularly useful syntactic sugar]

On Tue, Nov 2, 2010 at 08:34, Russell Sutherland
<russell.sutherland <at> utoronto.ca> wrote:
> I am attempting to prepare our infrastructure here to be IPv6 ready.
> Part of that is DNS. For several years we have used the fefe.de patch to
> serve up AAAA records for several sub-domains. In the documentation it
> states explicitly that:
>
>    .... tinydns-edit won't accept IPv6 addresses for NS or MX records yet
>
> So my short question is, can one use a patched version of tinydns to fulling
> support an IPv6 environment?
>
> <snip>
> On 2008-01-12 Russ Nelson wrote:
>
(Continue reading)

Permalink | Reply |
headers
Colm MacCárthaigh | 2 Nov 2010 20:45

Re: IPv6 readiness and tinydns.



Even when you do this, without modification TinyDNS does not append AAAA records to the additional section (as per RFC3596 section 3) for MX, NS or SRV targets (although A records suffer from this too for SRV). 

Another thing to keep in mind if you plan to use stock TinyDNS to serve AAAA records is that their order will not be randomised in rrsets containing more than one AAAA record. This shouldn't matter - but in practice some resolvers don't randomise their processing. 

2010/11/2 Maciej Żenczykowski <zenczykowski <at> gmail.com>
Strictly speaking, you don't ever need IPv6 addresses in MX or NS records.
They don't actually reference any IP, they reference a hostname, with
an optional ip.
This results in a MX/NS record being generated (mapping domain to
hostname), and optionally an A record to map that hostname to an IP.

As such if you're like me and never pass in an IP in the MX or NS
record, then you're already good to go.

Basically split your MX/NS records into MX/NS records and A records,
and then add AAAA records.  Or even without splitting just add AAAA
records.

[ie. all you are losing is not particularly useful syntactic sugar]

On Tue, Nov 2, 2010 at 08:34, Russell Sutherland
<russell.sutherland <at> utoronto.ca> wrote:
> I am attempting to prepare our infrastructure here to be IPv6 ready.
> Part of that is DNS. For several years we have used the fefe.de patch to
> serve up AAAA records for several sub-domains. In the documentation it
> states explicitly that:
>
>    .... tinydns-edit won't accept IPv6 addresses for NS or MX records yet
>
> So my short question is, can one use a patched version of tinydns to fulling
> support an IPv6 environment?
>
> <snip>
> On 2008-01-12 Russ Nelson wrote:
>
>   "When Google has an AAAA record, we can talk about adding IPv6 support."
>
> I think we are ready to start talking:
>
>   http://www.google.com/intl/en/ipv6/faq.html
> </snip>
>
> --
> Russell Sutherand  I+TS
> e: russell.sutherland <at> utoronto.ca
> t: +1.416.978.0470
> f: +1.416.978.6620
> m: +1.416.803.0080
>
>



--
Colm
Permalink | Reply |
headers
Sabahattin Gucukoglu | 2 Nov 2010 23:38

Re: IPv6 readiness and tinydns.

On 2 Nov 2010, at 19:45, Colm MacCárthaigh wrote:
> Even when you do this, without modification TinyDNS does not append AAAA records to the additional
section (as per RFC3596 section 3) for MX, NS or SRV targets (although A records suffer from this too for
SRV). 

This is fixed by the Fefe.de patch, which honours IPv6 glue just as IPv4 very nicely.

The only thing that patch doesn't seem to do is recurse over IPv6 in dnscache.

Cheers,
Sabahattin
Permalink | Reply |
headers
Richard J. Sexton | 2 Nov 2010 20:36

Re: IPv6 readiness and tinydns.

>On 2008-01-12 Russ Nelson wrote:
>
>   "When Google has an AAAA record, we can talk about adding IPv6 support."

:s/Google/Paypal/g
--
Richard J. Sexton  rich4 <at> rd.vrx.net  +1 (206) 333-1798 skype: rsx11s
http://rs79.vrx.net http://mbz.org http://killi.net http://aquaria.net
Permalink | Reply |
headers
Dean Anderson | 2 Nov 2010 22:12

Re: IPv6 readiness and tinydns.


> <snip>
> On 2008-01-12 Russ Nelson wrote:
> 
>    "When Google has an AAAA record, we can talk about adding IPv6 support."
> 
> I think we are ready to start talking:
> 
>    http://www.google.com/intl/en/ipv6/faq.html
> </snip>

Hmm:

[dean <at> citation2 dean]$ dig +noall +answer any ns1.google.com
ns1.google.com.         345600  IN      A       216.239.32.10
[dean <at> citation2 dean]$ dig +noall +answer any ns2.google.com
ns2.google.com.         345437  IN      A       216.239.34.10
[dean <at> citation2 dean]$ dig +noall +answer any ns3.google.com
ns3.google.com.         345600  IN      A       216.239.36.10
[dean <at> citation2 dean]$ dig +noall +answer any ns4.google.com
ns4.google.com.         345600  IN      A       216.239.38.10
[dean <at> citation2 dean]$ dig +noall +answer any www.google.com
www.google.com.         496777  IN      CNAME   www.l.google.com.
[dean <at> citation2 dean]$ dig +noall +answer any www.l.google.com
www.l.google.com.       300     IN      A       72.14.204.99
www.l.google.com.       300     IN      A       72.14.204.103
www.l.google.com.       300     IN      A       72.14.204.104
www.l.google.com.       300     IN      A       72.14.204.147

It's not time yet. But from the FAQ: 

  We enable Google over IPv6 on request for networks where IPv6 access 
  will provide the same or better quality of experience of Google 
  services as IPv4. 

  Our measurements show that enabling Google over IPv6 can result in a 
  small percentage of users experiencing problems or delays accessing 
  Google services. In many cases, we have found this to be due to user 
  network issues such as misconfiguration or equipment that does not 
  properly support IPv6. 

That percentage isn't really that small. Its large enough that they only
turn it on, on request. You might want to consider this before spending
a lot of time on IPV6:

http://www.ietf.org/mail-archive/web/tls/current/msg07143.html

And this message was sent to list, hasn't shown up in archives yet:

====================================================
Date: Mon, 01 Nov 2010 17:57:26 +1300
From: Peter Gutmann <pgut001 <at> cs.auckland.ac.nz>
To: dean <at> av8.com, Jeff.Hodges <at> KingsMountain.com
Cc: tls <at> ietf.org
Subject: Re: [TLS] Server Name Indication (SNI) in an IPv6 world?

Dean Anderson <dean <at> av8.com> writes:

>That's why now when you google IPV6, you bring up more and more pages on how
>to disable it.

This sounded sufficiently controversial that I had to try it:

Google "ipv6" -> 11m hits.
Google "ipv6"+"disable" -> 0.9m hits.
Google "ipv6"+"turn off" -> 1.8m hits.

So roughly 10-20% of references to IPv6 are on how to disable it.  Wow.

Peter.
====================================================

On Tue, 2 Nov 2010, Russell Sutherland wrote:

> I am attempting to prepare our infrastructure here to be IPv6 ready.
> Part of that is DNS. For several years we have used the fefe.de patch to
> serve up AAAA records for several sub-domains. In the documentation it
> states explicitly that:
> 
>     .... tinydns-edit won't accept IPv6 addresses for NS or MX records yet
> 
> So my short question is, can one use a patched version of tinydns to fulling
> support an IPv6 environment?
> 

--

-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net         faster, more reliable, better service
617 256 5494
Permalink | Reply |

Gmane