On Apr 1, 2010, at 2:49 AM, Jim Reid wrote: > > This is a valid concern. It does not and should not need to be > addressed (excuse the pun) by making authoritatiev servers do stupid/ > wrong/bad things.
Actually, that dns hack is for resolvers. That's the only place the end client talks to a DNS server; that's the only place it makes sense to modify the result. It also only makes sense in a limited type of deployments; particularly those where clients are directly expected to ask the ISP resolver (or, where the router at the house forwards the request on the same protocol, without caching). Very limited use case. > Why don't yahoo approach the problem the same way google has done for > IPv6 to www.google.com? They only hand out AAAA records for this name > to ISPs who can demonstrate they have solid IPv6 connectivity. For our authoritative name servers, we will indeed be using a whitelisting approach. There is more than just the ISP offering solid AAAA service; even once an ISP offers it, there is still a significant time until the users have moved to it. The filter-aaaa option permits us to still whitelist a set of DNS resolvers, when our numbers indicate the user base has a higher than acceptable number of broken systems that would effectively consider us "site down". An alternative is have the access provider run two DNS pools - one for the v4-only provisioned user base, and one for the v6-provisioned user base (they'd whitelist just the latter). This alternative is certainly less controversial; but it is a larger footprint (for some, this is significant, where space/power is limited). Additionally, it doesn't do anything to mitigate the users with broken v6 routes. The bottom line is, that if a given provider's users send in too many complaints about connectivity problems, the business folks will push for dewhitelisting. That's bad for both the content and access provider sides for a variety of reasons. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
