[dns-operations] Signaling client protocol to authority

Patrick W. Gilmore patrick at ianai.net
Sun Jan 16 17:04:14 UTC 2011

On Jan 16, 2011, at 11:08 AM, Edward Lewis wrote:
> At 8:09 -0500 1/16/11, Patrick W. Gilmore wrote:
>> We already have a suggestion to signal the client IP address, signaling the
>> protocol the client used seems even easier.  So it shouldn't be too
>> difficult. Right?
> In a query, one can divide the bits of information into two categories - the data questions (QNAME, etc.) and control data. Currently the control data is hop-by-hop, as opposed to the data question is end-to-end (with the ends being the application and the zone authority).  I can't think of any control data that currently is specified to go end-to-end.
> I.e., when the RD bit is turned on from the stub to the recursive server, the recursive server will turn the RD bit off while it works. The CD bit will be on from a client that plans to do it's own validation, even if the CD bit was off in the prompting request.
> And I say "currently" because there is a IETF draft on source IP option in the works.  The draft exists but has not achieved any consensus.  As much as I lean in favor of the option being specified, I think it is pretty clear that it is not accepted by all and even if it gets to that point, whether it would be successful (in that it hasn't been put to production).  Note: the latter expression of doubt is not based on the proposal, but its immaturity.

Good point, if you pass the client IP address, then I guess the authority will know whether the client used v4 or v6.

> So - I'd say it (what network protocol was used) would be difficult in the sense that such an option would be precedent setting in protocol.
>> I'll sit back and wait for people to explain how confused I am now. :)  Thanx
>> for your time.
> As for the utility of the access information, I have my doubts.  The reason is that in DNS, if you want the v4 you ask for "A" and if you want v6 you ask for "AAAA".  At my house, for some time now, I have native v6 from my provider.  The DNS serves in /etc/resolv.conf are still all v4 but when I access www.apnic.net I use v6 for http.  (I have a collection of Macs, not all choose v6 over v4, I haven't had the time nor enough interest to see if there is some rhyme or reason.)

Many hosting providers are doing multiple silly tricks to ensure that when a client asks for a AAAA record, they can actually reach a AAAA record.  If they asked their recursive NS using v6, the likelihood of the client being able to reach the web server using v6 is greatly increased.

> I realize that any computer might load up an application that is trying to be enlightened and ask for v6 and v4, and while the computer might have a v6 prefix it has no routing.  It's tempting to think that if I had to do DNS over v4, I can only do HTTP over v4 but my own house is a counter-example.

It is much better to give back an A record when the user can use a quad-A than handing back a quad-A when the user only has v4.

Put another way, the failure mode one way is, frankly, boring.  The failure mode the other way is disastrous.


More information about the dns-operations mailing list