[ipv6-wg@ripe.net] ICANN Board to implement IPv6 in root servers
http://www.ist-ipv6.org/modules.php?op=modload&name=News&file=article&sid=567 ********************************** Madrid 2003 Global IPv6 Summit Presentations and videos on line at: http://www.ipv6-es.com This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited.
On 28-mei-04, at 9:03, JORDI PALET MARTINEZ wrote:
http://www.ist-ipv6.org/modules.php? op=modload&name=News&file=article&sid=567
“proceed with adding AAAA glue [name server] records to the delegations of those TLDs that request it,” And what about the root servers themselves?
Hi Iljitsch, Is comming ... wait a little bit more, only a little bit ;-) Regards, Jordi ----- Original Message ----- From: "Iljitsch van Beijnum" <iljitsch@muada.com> To: "JORDI PALET MARTINEZ" <jordi.palet@consulintel.es> Cc: <ipv6-wg@ripe.net> Sent: Friday, May 28, 2004 9:55 AM Subject: Re: [ipv6-wg@ripe.net] ICANN Board to implement IPv6 in root servers On 28-mei-04, at 9:03, JORDI PALET MARTINEZ wrote:
http://www.ist-ipv6.org/modules.php? op=modload&name=News&file=article&sid=567
“proceed with adding AAAA glue [name server] records to the delegations of those TLDs that request it,” And what about the root servers themselves? ********************************** Madrid 2003 Global IPv6 Summit Presentations and videos on line at: http://www.ipv6-es.com This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited.
Iljitsch van Beijnum <iljitsch@muada.com> writes:
proceed with adding AAAA glue [name server] records to the delegations of those TLDs that request it,
And what about the root servers themselves?
Well, what about them? Not that I'm particularly against v6 transport to the roots, but I'd be curious to know exactly what problem you believe that you would solve that way. Johan Ihrén Autonomica
On 30-mei-04, at 14:30, Johan Ihren wrote:
proceed with adding AAAA glue [name server] records to the delegations of those TLDs that request it,
And what about the root servers themselves?
Well, what about them?
Not that I'm particularly against v6 transport to the roots, but I'd be curious to know exactly what problem you believe that you would solve that way.
Well, what problem does having v6 glue records for tld delegations solve? If the whole chain is IPv6-capable that means you no longer have to depend on v4 connectivity to reach v6 sites. Eventually we'll want to switch off v4 because of the support costs, of course. But in the mean time this means better protection against connectivity problems.
On Sun, May 30, 2004 at 02:50:25PM +0200, Iljitsch van Beijnum wrote:
If the whole chain is IPv6-capable that means you no longer have to depend on v4 connectivity to reach v6 sites. Eventually we'll want to switch off v4 because of the support costs, of course. But in the mean time this means better protection against connectivity problems.
At the moment the first link in the chain is not solved (local resolver...), as the only options today are manual configuration or DHCPv6, for which there are very few implementations. Tim
On 30-mei-04, at 15:09, Tim Chown wrote:
If the whole chain is IPv6-capable that means you no longer have to depend on v4 connectivity to reach v6 sites. Eventually we'll want to switch off v4 because of the support costs, of course. But in the mean time this means better protection against connectivity problems.
At the moment the first link in the chain is not solved (local resolver...), as the only options today are manual configuration or DHCPv6, for which there are very few implementations.
Don't remind me. :-( Unfortunately there is a group within the IETF that wants to force us all to use DHCPv6 for this, and they're blocking everything else. I've recently asked for two 6bone pTLAs to do some expermimenting with well known anycast DNS resolvers but unfortunately the 6bone people don't want to give out any new 6bone prefixes since january first. I don't want to use RIR space for an experiment because it's likely the associated address space won't be usable for something else for a long time after that, so if anyone has a 6bone pTLA lying around that they don't use anymore, I'd be much obliged... Iljitsch
Iljitsch van Beijnum <iljitsch@muada.com> writes: Hi Iljitsch,
proceed with adding AAAA glue [name server] records to the delegations of those TLDs that request it,
And what about the root servers themselves?
Well, what about them?
Not that I'm particularly against v6 transport to the roots, but I'd be curious to know exactly what problem you believe that you would solve that way.
Well, what problem does having v6 glue records for tld delegations solve?
The TLD has an "owner" that presumably has a wish for what transport it sees use for. If v6 is in that set I believe it would be wrong not to give out v6 glue from the parent (given some thought has been given to packet size issues and similar things, all covered in the RSSAC advisory). Wrt to the root zone, though, in reality no one in a sane mind would want to run DNS without the ability to look up data regardless of whether a particular zone is served over v4, v6 or both. And that goes for the root zone just as any other zone. In reality the major point in v6 transport for the root zone would be as a "show of faith" in IPv6 being "ready" (which is good), rather than any sort of short term technical necessity.
If the whole chain is IPv6-capable that means you no longer have to depend on v4 connectivity to reach v6 sites. Eventually we'll want to switch off v4 because of the support costs, of course. But in the mean time this means better protection against connectivity problems.
I agree that once it's time to turn off v4 (which will probably not happen during either your nor my active career) v6 roots are needed. Until then they are mostly a convenience that will possibly help a little now and then. As to connectivity problems, I believe that to be mostly a red herring. If you lose your v4 lookup capability then you just lost 99.9% of the DNS hierarchy. That will cause you all sorts of problems. The very least of those problems will be the lack of access to the roots, since they serve a very small data set, all the relevant parts of which you have already cached. The only folks that will have problems with a root access during a hypothetical v4 connectivity outage are the folks that either just flushed their cache (small percentage) or are broken somehow so they beat on the roots all the time (large percentage). But, not to give a wrong impression, I want to point out that I'm *for* v6 transport to the roots, just as I'm for v6 glue for the TLDs. And I'm happy that the latter issue after an unbelievably long wait is finally over. Johan
Hi Johan, I agree in general with all your points, but I've seen already a couple of situations where someone was asking me for a IPv6-only network, and the lack of IPv6 in the root server created a problem, that of course has been solved hosting the DNS somewhere else (even if IPv4 was not used !). I can't provide more details, but there are real cases. Regards, Jordi ----- Original Message ----- From: "Johan Ihren" <johani@autonomica.se> To: "Iljitsch van Beijnum" <iljitsch@muada.com> Cc: <ipv6-wg@ripe.net> Sent: Sunday, May 30, 2004 3:32 PM Subject: Re: [ipv6-wg@ripe.net] ICANN Board to implement IPv6 in root servers
Iljitsch van Beijnum <iljitsch@muada.com> writes:
Hi Iljitsch,
proceed with adding AAAA glue [name server] records to the delegations of those TLDs that request it,
And what about the root servers themselves?
Well, what about them?
Not that I'm particularly against v6 transport to the roots, but I'd be curious to know exactly what problem you believe that you would solve that way.
Well, what problem does having v6 glue records for tld delegations solve?
The TLD has an "owner" that presumably has a wish for what transport it sees use for. If v6 is in that set I believe it would be wrong not to give out v6 glue from the parent (given some thought has been given to packet size issues and similar things, all covered in the RSSAC advisory).
Wrt to the root zone, though, in reality no one in a sane mind would want to run DNS without the ability to look up data regardless of whether a particular zone is served over v4, v6 or both. And that goes for the root zone just as any other zone.
In reality the major point in v6 transport for the root zone would be as a "show of faith" in IPv6 being "ready" (which is good), rather than any sort of short term technical necessity.
If the whole chain is IPv6-capable that means you no longer have to depend on v4 connectivity to reach v6 sites. Eventually we'll want to switch off v4 because of the support costs, of course. But in the mean time this means better protection against connectivity problems.
I agree that once it's time to turn off v4 (which will probably not happen during either your nor my active career) v6 roots are needed. Until then they are mostly a convenience that will possibly help a little now and then.
As to connectivity problems, I believe that to be mostly a red herring. If you lose your v4 lookup capability then you just lost 99.9% of the DNS hierarchy. That will cause you all sorts of problems. The very least of those problems will be the lack of access to the roots, since they serve a very small data set, all the relevant parts of which you have already cached.
The only folks that will have problems with a root access during a hypothetical v4 connectivity outage are the folks that either just flushed their cache (small percentage) or are broken somehow so they beat on the roots all the time (large percentage).
But, not to give a wrong impression, I want to point out that I'm *for* v6 transport to the roots, just as I'm for v6 glue for the TLDs. And I'm happy that the latter issue after an unbelievably long wait is finally over.
Johan
********************************** Madrid 2003 Global IPv6 Summit Presentations and videos on line at: http://www.ipv6-es.com This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited.
"JORDI PALET MARTINEZ" <jordi.palet@consulintel.es> writes: Jordi,
I agree in general with all your points, but I've seen already a couple of situations where someone was asking me for a IPv6-only network, and the lack of IPv6 in the root server created a problem, that of course has been solved hosting the DNS somewhere else (even if IPv4 was not used !).
Yes, I hear from those folks too. And my guess is that if they *did* (or rather when they do) get v6 transport to the roots they would in some cases shut off v4 and thereby shoot themselves in the foot. This has been used as an argument *against* v6 transport to the roots since as long as they need v4 lookup capability to reach the roots they will get the other 40M+ zones that are only availably over v4 transport too. I.e. since they are forced to do v4 to reach the roots they do see the entire tree rather than just the lame stump with five broken twigs on it. However, my personal view (since about the Atlanta IETF I think) is that it is probably better with a spectacular failure in the face of people who turn off v4 lookup capability entirely when the roots get v6 transport than to wait a long time (until larger parts of the tree are dual stack). The reason is that the failure modes will then be much more subtle. And therefore I believe that v6 glue for the roots would be a good thing.
I can't provide more details, but there are real cases.
I know they are. Johan Ihrén Autonomica
Hi Johan, The examples I've in mind didn't required connectivity to the rest of the IPv4 world at all ..., so actually not having IPv6 connectivity in the root servers creates a "two (or even many) Internets" problem, because some of this people opted also for using their own "root" DNS servers. I know, in the future may be they may need to connect to the rest of the world, but IPv6 is a stand-alone solution for them right now ... So, I will really strongly encourage the root servers, the ccTLDs, etc., to have IPv6 connectivity ASAP, to avoid this situation being replicated. Regards, Jordi ----- Original Message ----- From: "Johan Ihren" <johani@autonomica.se> To: "JORDI PALET MARTINEZ" <jordi.palet@consulintel.es> Cc: <ipv6-wg@ripe.net> Sent: Sunday, May 30, 2004 4:14 PM Subject: Re: [ipv6-wg@ripe.net] ICANN Board to implement IPv6 in root servers
"JORDI PALET MARTINEZ" <jordi.palet@consulintel.es> writes:
Jordi,
I agree in general with all your points, but I've seen already a couple of situations where someone was asking me for a IPv6-only network, and the lack of IPv6 in the root server created a problem, that of course has been solved hosting the DNS somewhere else (even if IPv4 was not used !).
Yes, I hear from those folks too. And my guess is that if they *did* (or rather when they do) get v6 transport to the roots they would in some cases shut off v4 and thereby shoot themselves in the foot.
This has been used as an argument *against* v6 transport to the roots since as long as they need v4 lookup capability to reach the roots they will get the other 40M+ zones that are only availably over v4 transport too. I.e. since they are forced to do v4 to reach the roots they do see the entire tree rather than just the lame stump with five broken twigs on it.
However, my personal view (since about the Atlanta IETF I think) is that it is probably better with a spectacular failure in the face of people who turn off v4 lookup capability entirely when the roots get v6 transport than to wait a long time (until larger parts of the tree are dual stack). The reason is that the failure modes will then be much more subtle.
And therefore I believe that v6 glue for the roots would be a good thing.
I can't provide more details, but there are real cases.
I know they are.
Johan Ihrén Autonomica
********************************** Madrid 2003 Global IPv6 Summit Presentations and videos on line at: http://www.ipv6-es.com This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited.
Hi, On Sun, May 30, 2004 at 03:48:10PM +0200, JORDI PALET MARTINEZ wrote:
I agree in general with all your points, but I've seen already a couple of situations where someone was asking me for a IPv6-only network, and the lack of IPv6 in the root server created a problem, that of course has been solved hosting the DNS somewhere
Offering your client a v4+v6 dual-stacked recursive resolver should solve most of their DNS needs for now. As Johan pointed out: what good is v6 transport to the root *today*, while 99.9% of all name servers that actually server SLD zones don't have v6 transport? Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 60210 (58081) SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299
Hi, | As Johan pointed out: what good is v6 transport to the root *today*, while | 99.9% of all name servers that actually server SLD zones don't have | v6 transport? Gaining administrative and operational expertise on IPv6 in the DNS foodchain, and enabling explicit support for those TLDs which chose to serve using that type of transport too. groet, Pim -- ---------- - - - - -+- - - - - ---------- Pim van Pelt Email: pim@ipng.nl http://www.ipng.nl/ IPv6 Deployment -----------------------------------------------
Hi, On Sun, May 30, 2004 at 11:48:39PM +0200, Pim van Pelt wrote:
| As Johan pointed out: what good is v6 transport to the root *today*, while | 99.9% of all name servers that actually server SLD zones don't have | v6 transport? Gaining administrative and operational expertise on IPv6 in the DNS foodchain, and enabling explicit support for those TLDs which chose to serve using that type of transport too.
Of course. I was referring to Jordi's "v6 only" scenario, of course, not to a more general scenario. I'm for "v6 everywhere" myself, btw :-) Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 60210 (58081) SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299
participants (6)
-
Gert Doering -
Iljitsch van Beijnum -
Johan Ihren -
JORDI PALET MARTINEZ -
Pim van Pelt -
Tim Chown