[dns-operations] Link-local IP addresses for a resolver?

Warren Kumari warren at kumari.net
Wed Sep 25 22:18:01 UTC 2019

On Tue, Sep 24, 2019 at 8:03 PM John R Levine <johnl at taugh.com> wrote:
> On Wed, 25 Sep 2019, Mark Andrews wrote:
> > ISP’s advertings ULA’s to customers have similar problems with
> > advertising LLL to customers. The CPE should be the site boundary making
> > the ISP’s DNS servers unreachable from inside the customer’s network.
> > DNS servers that are expected to be reached across sites need to be
> > globally unique addresses which ULA and LL are not.
> If a ULA isn't globally unique, something is pretty broken.  Each ULA
> contains a 40 bit random global ID in the prefix that's there so ULAs on
> different networks won't collide if they happen to be connected.  That's
> why the U stands for, you know, Unique.

ULAs are very from unique -- there is a huge bias towards things which
humans can remember / cute names, etc (this is very similar to the
"IPv6 space is namp / scannable because people name hosts in
deterministic ways" - see some presentations from Fernando Gont).
There is a large ULA bias towards fd00::, fd10::, fdfd::,
fd00:dead:beef:, fd00:bad:coff:ee::.

Yes, the best practice and advice is to choose something random, but
network engineers are humans too, and if you had to remember and try
tell someone over the phone to use fd5a:8109:a679:180a:45d3:d653:22:1
or fd00:1::1 as the default gateway, which would you rather do?


> Regards,
> John Levine, johnl at taugh.com, Taughannock Networks, Trumansburg NY
> Please consider the environment before reading this e-mail. https://jl.ly_______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations

I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.

More information about the dns-operations mailing list