[dns-operations] An simple observation
dns at fl1ger.de
Thu Sep 25 02:39:23 UTC 2014
> On 24 Sep 2014, at 18:27, Davey Song <songlinjian at gmail.com> wrote:
> Hi everyone, I‘m recently doing a little survey on the penetration of IPv6 in DNS system and it's latent problems.
Can you tell me what the problem is? Even if you are on an IPv6 only network your resolver (that you reach over v6) probably has an IPv4 address for recursing also, so you are able to get AAAA records in order to reach to your IPv6 targets.
> I find that top websites like Google, Wikipedia,Yahoo already support IPv6 access, but its name servers are still IPv4-only. I'm wondering why? is there any operation consideration or risk in their IPv6 deployment?
Well any change to network introduces a risk, and there currently is no advantage for the authoritative side of DNS to introduce IPv6. All resolvers make sure that they can get to IPv4 name servers so why bother with IPv6.
If your domain to disappear from large portions of the internet let it only have IPv6 name servers. That if far more effective than incorrectly DNSSEC signing a domain.
In case you haven't noticed there is a lot of sarcasm in the text above. I think one should have their name servers reachable over IPv6 and DNSSEC signed, and my private domains (now - just noticed an error I made when I switched my secondaries) as well as well as my companies domains adhere to that. But people are lazy.
More information about the dns-operations