To:
Iljitsch van Beijnum <iljitsch@muada.com>
cc:
Tim Chown <tjc@ecs.soton.ac.uk>, dnsop@cafax.se
From:
Jim Reid <jim@rfc1035.com>
Date:
Wed, 19 Nov 2003 00:16:17 +0000
In-reply-to:
Your message of "Tue, 18 Nov 2003 23:35:19 +0100." <7D10B7B4-1A17-11D8-B94E-000A95CD987A@muada.com>
Sender:
owner-dnsop@cafax.se
Subject:
Re: morishita-dnsop-misbehavior-against-aaaa
>>>>> "Iljitsch" == Iljitsch van Beijnum <iljitsch@muada.com> writes: Iljitsch> If I run an IPv6-only service, why would IPv4-only Iljitsch> systems need to be able to resolve my DNS names? Let's turn that question around. Why should an IPv4-only system be denied access to names of IPv6-only systems? Even though I don't run ChaosNET or Hesiod, my name server supports these DNS classes and will answer queries for names in them. Admittedly not in any meaningful way, but they would give sensible answers for these classes. Now to answer your question -- I hope you'll answer mine! -- there are many reasons why an IPv4 only host would need to resolve your IPv6 only names. An IPv6 host might need to use a local IPv4-only DNS resolver. Or a dual-stack resolver that chooses to send queries to you over IPv4. Please don't confuse the means by which DNS packets get to you with the actual clients that made the initial lookup. Secondly, my IPv4-only resolver will need the capability to lookup your IPv6-only names. Say to find out if you're using AAAA or A6 records. Or just to know what the IPv6 address of one of those names is today. [For instance to find out why we can't get mail to you as your SMTP server is on an IPv6-only host (say).] Or to simply find out what names actually exist. My client might like to have that info even if it's just so it knows some name isn't reachable over IPv4. Yet another reason is getting sane responses from the DNS irrespective of the transport protocol used. Think of this as a variant on the nasties Verisign caused when they put a wildcard A record into the .com zone pointing at their Sightfinder service. Now you might not care that the IPv4 world could break in weird ways whenever it tries to get to your IPv6-only world because your bit of the name space is misconfigured. However the former *will* care. And they've got a much bigger installed base. :-) Having IPv6-only name servers for useful zones will be very unwise for the forseeable future. It would be as bad as putting all the servers for say muada.com on RFC1918 addresses that aren't routed on the internet. There will be other reasons too. The ones above are enough to be going on with. #---------------------------------------------------------------------- # To unsubscribe, send a message to <dnsop-request@cafax.se>.