[dns-operations] can ipv6 still break dns ?
dougb at dougbarton.us
Tue Jul 27 19:15:38 UTC 2010
On Tue, 27 Jul 2010, christoph wrote:
> Hi all,
> I just want to know if publishing ipv6-addresses for resolvers or
> authoritive nameservers can break anything.
Anything can break anything if one or both ends are misconfigured badly
> What about old exchange installations or old OSes ?
> Are there any numbers somewhere ?
Ah, the real question. There are still clients, and client OS's that are
configured to ask for AAAA records even though they can't use them. In
those cases, the clients will see a slowdown while they flail about with
the AAAA stuff, usually no more than a second or two.
There are estimates that the percentage of end-user clients with this
kind of problem are in the single digits, almost certainly in the low
single digits, and by some estimates less than 1% (but that depends
greatly on the content you're serving). For "infrastructure" stuff like
nameserver <> nameserver communication although there will be a long
tail of "some" stuff being broken for a long time (because there always
is with DNS) you should see less brokenness than people do for end-user
A bit of anecdotal evidence, on the FreeBSD mailing lists we used to see
this exchange fairly often:
OP: My DNS has suddenly become slow, help help!
ME: Have you configured IPv6 on the system without actually having
IPv6 transport available?
ME: Put -4 in the command line flags for named and see if it helps
OP: Yay, that worked, thanks!
I haven't seen that complaint for a long time on our lists anyway.
Doug (short answer, just do it!)
Improve the effectiveness of your Internet presence with
a domain name makeover! http://SupersetSolutions.com/
Computers are useless. They can only give you answers.
-- Pablo Picasso
More information about the dns-operations