To:
Iljitsch van Beijnum <iljitsch@muada.com>
cc:
dnsop@cafax.se
From:
Jim Reid <jim@rfc1035.com>
Date:
Thu, 20 Nov 2003 00:40:03 +0000
In-reply-to:
Your message of "Thu, 20 Nov 2003 00:38:22 +0100." <766FF31C-1AE9-11D8-A047-000A95CD987A@muada.com>
Sender:
owner-dnsop@cafax.se
Subject:
Re: morishita-dnsop-misbehavior-against-aaaa
>>>>> "Iljitsch" == Iljitsch van Beijnum <iljitsch@muada.com> writes:
Iljitsch> IPv6-only service, why would IPv4-only systems need to
Iljitsch> be able to resolve my DNS names?
>> Let's turn that question around. Why should an IPv4-only system
>> be denied access to names of IPv6-only systems?
Iljitsch> Simple: because they can't use them as intended anyway.
Sorry, wrong answer. From time to time my IPv4 network will presumably
need to lookup the names of your IPv6 hosts. The answer from the DNS
will presumably be AAAA records which indiccate to my clients your
hosts are unreachable to them. That's fine: we're both using our hosts
and name servers as the DNS as intended. If my IPv4 hosts can't lookup
your names because they're on IPv6-only name servers, this means
you're not using the DNS as intended. My hosts can't get answers. This
is very different from getting a DNS answer which says some name is
unreachable.
Iljitsch> I agree this could be useful, but not to the degree that
Iljitsch> we should _require_ otherwise IPv6-only networks to run
Iljitsch> IPv4 nameservers.
I think you've confused networks with the provision of DNS service.
What kinds of name servers you might or might not have on your network
isn't important to anyone but you. However the names of your IPv6
hosts should be capable of being looked up from the IPv4 internet. So
your IPv6 hosts should be served on an IPv4 name server somewhere.
Unless of course your net is completely invisible to the internet.
>> Now you might not care that the IPv4 world could break in weird
>> ways whenever it tries to get to your IPv6-only world because
>> your bit of the name space is misconfigured. However the former
>> *will* care. And they've got a much bigger installed base. :-)
Iljitsch> I don't believe running an IPv6-only network is
Iljitsch> misconfiguration.
That's not what I said. Please re-read the text above. A *name space*
which is only visible though IPv6-only name servers is misconfigured.
[Except for isolated networks, obviously.] Judging by what you say
below you seem to be agreeing with this.
Iljitsch> If v4-only users care, so much the better, then they can
Iljitsch> upgrade and visit my stuff over IPv6. :-)
That's easier said than done. There's an awful lot of IPv4 only stuff
deployed that can't/won't be upgraded any time soon.
>> Having IPv6-only name servers for useful zones will be very
>> unwise for the forseeable future.
Iljitsch> Agree with this (but who are we to deny people the right
Iljitsch> to be uwise?), ...
It's not a question of denying rights. After all this is the internet
and people do unwise things all the time. What we're trying to figure
out here is how to make the DNS work sensibly for both IPv4 and IPv6
networks without breaking anything or fragmenting the name space and
preserving backwards compatibility with the installed base too. This
may well mean you have to put up with more IPv4 stuff than you'd like
for quite some time. Tough. :-)
>> It would be as bad as putting all the servers for say muada.com
>> on RFC1918 addresses that aren't routed on the internet.
Iljitsch> ... but not with this one. IPv6 and RFC 1918 are very
Iljitsch> different beasts.
On the contrary. In this context, they're identical. An IPv6 address
is essentially unreachable from an IPv4 host. RFC1918 addresses are
essentially unreachable on the internet. So if a name server is on an
IPv6 or an RFC1918 address, it can't be reached from the IPv4 internet.
Like a resolving name server, I see no difference: the end result is
the same in either case.
#----------------------------------------------------------------------
# To unsubscribe, send a message to <dnsop-request@cafax.se>.