[dns-operations] An simple observation

Warren Kumari warren at kumari.net
Thu Sep 25 16:28:15 UTC 2014

On Thu, Sep 25, 2014 at 9:26 AM, Matthew Pounsett <matt at conundrum.com> wrote:
> On Sep 24, 2014, at 21:27 , Davey Song <songlinjian at gmail.com> wrote:
>> Hi everyone, I‘m recently doing a little survey on the penetration of IPv6 in DNS system and it's latent problems.
>> I find that top websites like Google, Wikipedia,Yahoo already support IPv6 access, but its name servers are still IPv4-only. I'm wondering why? is there any operation consideration or risk in their IPv6 deployment?
> There is additional operational complexity in running a dual-stack network, which implies some risk, but in my opinion it’s not serious enough to be a real blocker for most networks.  Some companies may have legacy assumptions in their application that makes adding IPv6 difficult in some way, but from the outside it’s impossible to identify who those networks might be.
> Some large companies simply have their own inertia to overcome.  It can take a while to get large re-engineering projects moving in larger companies, and they may need/want to wait until the infrastructure is in place everywhere before turning it on anywhere.
> It’s a little weird to me that google’s authoritative DNS servers are not addressable over v6.  Their Google Public DNS service does operate over v6, so clearly they have the infrastructure in place.

Google has been focusing on IPv6 for the user first -- for example,
the Google Public DNS stuff, the web interface, etc. Obviously enough,
this involved a bunch of infrastructure work...

For the auth nameservers -- there is work underway, and, AFAIK, there
should measurement of the impact of v6 glue soon.

This is not a risk free operation -- there are name-servers out there
that believe that they have working v6, but don't, and also places
where the v6 latency differs from the v4 latency. Measuring and
understanding all the implications before flipping the big switch is

>  I’m speculating, but perhaps there are bits of their internal CDN-like behaviour that still need to be modified.
> In short, no there are no generally applicable technical reasons not to be running v6 on your DNS servers.


> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs

I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.

More information about the dns-operations mailing list