Re: IPv6 dns .

["Perry E. Metzger" <perry@wasabisystems.com>]

Randy Bush <randy@psg.com> writes:
> could you please expand each of these items in just a bit more detail?
> 
> like make what needs to be tested a bit more explicit e.g. "(proper support
> for reverse lookups, proper support for v6 records in the NS records
> deployed by the roots and various TLDs" is open to interpretation)
> 
> and then just a wee bit of motivation, so folk can say "yup, i see why
> that is important."
> 
> and then expnad a bit on the ordering, i.e. which comes second, ...

(I'll continue to note that very little here actually needs testing --
only, perhaps, Bind v9).

Reverse resolution:

Reverse resolution actually works right now -- the ip6.int zone is out
and functioning. All that was really required for this was the
creation of NS records for IP6.INT in the root to machines that are
properly maintained, resolving the delegation hierarchy for the PTR
records.

There don't seem to be a plethora of servers for it, however. Only two
are listed, and only one of those has a AAAA record associated with it
(z.ip6.int). This is (to say the least!) not enough
redundancy. Therefore, I'd ask that a couple more machines be
deployed. Note that this is *not* a request for testing of any sort --
there is nothing to test. It works now. It is just an operational worry
about losing reverse resolution.

v6 transport capable servers:

In order for a host running v6 only to do DNS queries, it needs to be
able to make queries over the only protocol it speaks -- IPv6. There
are two ways to do this. For the moment, we all make do with proxies
that speak both v4 and v6 and which will make our queries for us into
the v4 world.

However, if we REALLY are going to deploy v6 universally, we
eventually need to be able to make queries without needing
proxies. That means that we need (someday, not now!) for every DNS
server to speak IPv6.

Now, the most obvious lack in the universe of v6 accessible DNS
servers is the root name service. If there are no root servers with v6
addresses, you literally can't even make your first DNS query without
getting stuck (or using a proxy).

It would be very useful, then, if some subset of
?.ROOT-SERVERS.NET. spoke v6 or had "twins" operated by the same folks
that spoke v6. The latter expedient (as I've noted) may be necessary
to provide some safety against the perceived newness of Bind 9.

Eventually, we would like to take this to the next step, and have
servers for all TLDs that speak v6. The roots, however, are a logical
starting point, as they are literally the first query you make.

Once that is done, we'll eventually try to get the servers for .AU and
.GOV and all the rest to speak v6, too, but the root is the start.

v6 records in the DNS:

Currently, if I ask Network Solutions to add a DNS server to its
database so I can use it for my zone (see
http://www.networksolutions.com/cgi-bin/makechanges/itts/host ), or
indeed ask anyone else, they have a single slot that says "IP Address"
for the server. Presumably their database would not be pleased if I
told it the IP address was 3ffe:1ce1:0:fe10::1 -- and there is in any
case no way to tell them that this is a AAAA (or A6), not an A.

We therefore eventually need to get the registrars capable of
accepting these records for inclusion within .COM or .NET or .ORG or
.CO.UK or whatever.

Eventually (many years from now) we would assume nearly ALL records
would be A6 or AAAA and very few would be A records, but for the
moment, just allowing those of us who choose to register our DNS
servers' IPv6 addresses within the database to do so would be a good
start. I'd like to do a "dig -t ns kame.net" and get v6 addresses in
addition to v4 addresses for the servers.

Ordering considerations:

There is no real ordering consideration here so far as I can
tell. These three areas are pretty much independent.


Is this a good start, Randy? I'm sure I've left a bunch of stuff
out. What would you like added?


Perry
--
Perry E. Metzger		perry@wasabisystems.com
--
Quality NetBSD CDs, Support & Service. http://www.wasabisystems.com/