To:
Iljitsch van Beijnum <iljitsch@muada.com>
cc:
Tim Chown <tjc@ecs.soton.ac.uk>, dnsop@cafax.se
From:
Jim Reid <jim@rfc1035.com>
Date:
Wed, 19 Nov 2003 00:16:17 +0000
In-reply-to:
Your message of "Tue, 18 Nov 2003 23:35:19 +0100." <7D10B7B4-1A17-11D8-B94E-000A95CD987A@muada.com>
Sender:
owner-dnsop@cafax.se
Subject:
Re: morishita-dnsop-misbehavior-against-aaaa
>>>>> "Iljitsch" == Iljitsch van Beijnum <iljitsch@muada.com> writes:
Iljitsch> If I run an IPv6-only service, why would IPv4-only
Iljitsch> systems need to be able to resolve my DNS names?
Let's turn that question around. Why should an IPv4-only system be
denied access to names of IPv6-only systems? Even though I don't run
ChaosNET or Hesiod, my name server supports these DNS classes and will
answer queries for names in them. Admittedly not in any meaningful
way, but they would give sensible answers for these classes.
Now to answer your question -- I hope you'll answer mine! -- there are
many reasons why an IPv4 only host would need to resolve your IPv6
only names. An IPv6 host might need to use a local IPv4-only DNS
resolver. Or a dual-stack resolver that chooses to send queries to you
over IPv4. Please don't confuse the means by which DNS packets get to
you with the actual clients that made the initial lookup. Secondly, my
IPv4-only resolver will need the capability to lookup your IPv6-only
names. Say to find out if you're using AAAA or A6 records. Or just to
know what the IPv6 address of one of those names is today. [For
instance to find out why we can't get mail to you as your SMTP server
is on an IPv6-only host (say).] Or to simply find out what names
actually exist. My client might like to have that info even if it's
just so it knows some name isn't reachable over IPv4. Yet another
reason is getting sane responses from the DNS irrespective of the
transport protocol used. Think of this as a variant on the nasties
Verisign caused when they put a wildcard A record into the .com zone
pointing at their Sightfinder service.
Now you might not care that the IPv4 world could break in weird ways
whenever it tries to get to your IPv6-only world because your bit of
the name space is misconfigured. However the former *will* care. And
they've got a much bigger installed base. :-)
Having IPv6-only name servers for useful zones will be very unwise for
the forseeable future. It would be as bad as putting all the servers
for say muada.com on RFC1918 addresses that aren't routed on the
internet.
There will be other reasons too. The ones above are enough to be going
on with.
#----------------------------------------------------------------------
# To unsubscribe, send a message to <dnsop-request@cafax.se>.