Re: ICANN registrar supporting v6 glue?
Hi, here is my experience 3 weeks ago ; I contacted 20 gTLD host masters and only a few host master replied me with negative answer; they have no plan to involve IPv6 for their name servers and coordination of their registrars. (a lot of registrars provide web form to their customers but have no field for ) ICANN advised me that it would be better to propose IPv6 support at RIRs community meeting(s). It is needed to add v6 support to their policy book. Is there someone in this mailing list to propose at there with me, please contact me directly. Regards, On 2007/06/30, at 8:19, James Cloos wrote: Barrett == Barrett Lyon [EMAIL PROTECTED] writes: Barrett Apparently GoDaddy does not support v6 glue for their customers, Barrett who does? I know that gkg.net does. And entering them is via the same web form as v4 addresses. -JimC -- James Cloos [EMAIL PROTECTED] OpenPGP: 1024D/ED7DAEA6 --- Ruri Hiromi [EMAIL PROTECTED]
Re: ICANN registrar supporting v6 glue?
On Fri, Jun 29, 2007 at 01:57:04PM -0700, Barrett Lyon wrote: Neustar/Ultra's .org gtld registration services apparently do not As a point of clarification, Neustar Ultra Services has exactly nothing to do with registration of .ORG domain names. That's a function of Public Interest Registry, who contracts the technical operations of the registry to Afilias (my employer). Neustar Ultra is one of the providers of DNS services for .org, but they have nothing to do with the registration side. I'm not in a position to state when PIR is planning to accept IPv6 records in the zone, although I am aware that there are plans to do it in the near future (you'd have to take it up with PIR, because they make the registry policies). I will note that .info (which Afilias operates) accepts IPv6 addresses today, but as far as I can tell registrars just don't care. If this is something you want, you need to talk to the registrars. Also, Yet, .org does provide a v6 resolver: b0.org.afilias-nst.org. 86400 IN 2001:500:c::1 that happens not to be a Neustar Ultra Services operated nameserver. There are some servers operated by NUS, authoritative for .org, that _do_ speak IPv6, however. A -- Andrew Sullivan 204-4141 Yonge Street Afilias CanadaToronto, Ontario Canada [EMAIL PROTECTED] M2P 2A8 jabber: [EMAIL PROTECTED] +1 416 646 3304 x4110
Re: ICANN registrar supporting v6 glue?
In article [EMAIL PROTECTED] you write:
I've read your email twice and I dont follow.
Either you are telling me
a) Provide my own hints with included (you specifically say thats not
what you mean tho)
or
b) Serve my own root zone. From a root operator, surely thats not right either
(I hope!)?
You don't want to override the NS records. You want to augment the
address records. You can do it on a per host basis (which is what I
do at home) or you can do it by augmenting the contents of
root-servers.net. You will note that I have choosen not
to leak the addresses to anyone other than myself.
zone b.root-servers.net {
type master;
file master/b.root-servers.net;
notify no;
allow-query { localhost; };
};
zone f.root-servers.net {
type master;
file master/f.root-servers.net;
notify no;
allow-query { localhost; };
};
zone h.root-servers.net {
type master;
file master/h.root-servers.net;
notify no;
allow-query { localhost; };
};
zone k.root-servers.net {
type master;
file master/k.root-servers.net;
notify no;
allow-query { localhost; };
};
zone m.root-servers.net {
type master;
file master/m.root-servers.net;
notify no;
allow-query { localhost; };
};
or
zone root-servers.net {
type master;
file master/root-servers.net;
notify no;
allow-query { localhost; };
}
In the few couple of years I've only seen two outages with the
IPv6 root instances. In both cases they were fixed soon after
reporting the outage.
So there are v6 roots out there?
I'm using the IPv6 addresses published by the root server
operators on http://www.root-servers.org/. They are the
addresses that will be added to root-servers.net zone once
there is agreement to add them.
Where are they hiding and why arent they being provided in
the hints file or NS queries on . ?
They arn't hiding. They were published years ago. It's
just a long process to get them added to the root-servers.net
zone.
I added them to my config on Feb 18 2005 and they had been
published for a long time when I did that.
-rw-r--r-- 1 root wheel 160 Feb 18 2005 /var/named/master/b.root-servers.net
-rw-r--r-- 1 root wheel 156 Feb 18 2005 /var/named/master/f.root-servers.net
-rw-r--r-- 1 root wheel 162 Feb 18 2005 /var/named/master/h.root-servers.net
-rw-r--r-- 1 root wheel 154 Feb 18 2005 /var/named/master/k.root-servers.net
-rw-r--r-- 1 root wheel 155 Feb 18 2005 /var/named/master/m.root-servers.net
Mark
Steve
B.ROOT-SERVERS.NET. 3600IN A 192.228.79.201
B.ROOT-SERVERS.NET. 3600IN 2001:478:65::53
F.ROOT-SERVERS.NET. 3600IN A 192.5.5.241
F.ROOT-SERVERS.NET. 3600IN 2001:500::1035
H.ROOT-SERVERS.NET. 3600IN A 128.63.2.53
H.ROOT-SERVERS.NET. 3600IN 2001:500:1::803f:235
K.ROOT-SERVERS.NET. 3600IN A 193.0.14.129
K.ROOT-SERVERS.NET. 3600IN 2001:7fd::1
M.ROOT-SERVERS.NET. 3600IN A 202.12.27.33
M.ROOT-SERVERS.NET. 3600IN 2001:dc3::35
Note also that various ccTLD's are able to add glue to your zone on
request (notably .fr/.ch/.nl/.se do so already for quite some time)
Greets,
Jeroen
Re: ICANN registrar supporting v6 glue?
Barrett == Barrett Lyon [EMAIL PROTECTED] writes: Barrett Apparently GoDaddy does not support v6 glue for their customers, Barrett who does? I know that gkg.net does. And entering them is via the same web form as v4 addresses. -JimC -- James Cloos [EMAIL PROTECTED] OpenPGP: 1024D/ED7DAEA6
Re: ICANN registrar supporting v6 glue?
Barrett Lyon wrote: =20 Apparently GoDaddy does not support v6 glue for their customers, who does? I don't think requiring dual-stack v6 users perform v4 queries t= o find records is all that great. At least eNom does. There are a few others but it tends to be that you have to raise a support ticket to actually get the records in, most webinterfaces don't support it yet unfortunately. One note here is that even though you can get glue into com/net/org using this method, there is no IPv6 glue for the root yet, as such even if you manage to get the IPv6 glue in, it won't accomplish much (except sending all IPv6 capable resolvers over IPv6 transport :) as all resolvers will still require IPv4 to reach the root. One can of course create their own root hint zone and force bind, or other dns server, to not fetch the hints from the real root, but that doesn't help for the rest of the planet. (Root alternatives like orsn could fix that up but apparently their main german box that was doing IPv6 is out of the air) You don't change the hints you just provide zones that override B.ROOT-SERVERS.NET, F.ROOT-SERVERS.NET, H.ROOT-SERVERS.NET, K.ROOT-SERVERS.NET and M.ROOT-SERVERS.NET or just use your own ROOT-SERVERS.NET zone with the s added in. In the few couple of years I've only seen two outages with the IPv6 root instances. In both cases they were fixed soon after reporting the outage. Mark B.ROOT-SERVERS.NET. 3600IN A 192.228.79.201 B.ROOT-SERVERS.NET. 3600IN 2001:478:65::53 F.ROOT-SERVERS.NET. 3600IN A 192.5.5.241 F.ROOT-SERVERS.NET. 3600IN 2001:500::1035 H.ROOT-SERVERS.NET. 3600IN A 128.63.2.53 H.ROOT-SERVERS.NET. 3600IN 2001:500:1::803f:235 K.ROOT-SERVERS.NET. 3600IN A 193.0.14.129 K.ROOT-SERVERS.NET. 3600IN 2001:7fd::1 M.ROOT-SERVERS.NET. 3600IN A 202.12.27.33 M.ROOT-SERVERS.NET. 3600IN 2001:dc3::35 Note also that various ccTLD's are able to add glue to your zone on request (notably .fr/.ch/.nl/.se do so already for quite some time) Greets, Jeroen --enig28DE1EA6E1A720C65610D130 Content-Type: application/pgp-signature; name=signature.asc Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename=signature.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Jeroen Massar / http://unfix.org/~jeroen/ iHUEARECADUFAkaFMZMuFIAAFQAQcGthLWFkZHJlc3NAZ251cGcub3JnamVy b2VuQHVuZml4Lm9yZwAKCRApqihSMz58Ixw1AKC8ycHIGT3Nzs296Xf4XeeDvq+m agCeM0cnyTZxnh0QbnuQXVwhw2kil1o= =UGVO -END PGP SIGNATURE- --enig28DE1EA6E1A720C65610D130--
Re: ICANN registrar supporting v6 glue?
On Sat, Jun 30, 2007 at 11:16:40PM +1000, Mark Andrews wrote: Barrett Lyon wrote: =20 Apparently GoDaddy does not support v6 glue for their customers, who does? I don't think requiring dual-stack v6 users perform v4 queries t= o find records is all that great. At least eNom does. There are a few others but it tends to be that you have to raise a support ticket to actually get the records in, most webinterfaces don't support it yet unfortunately. One note here is that even though you can get glue into com/net/org using this method, there is no IPv6 glue for the root yet, as such even if you manage to get the IPv6 glue in, it won't accomplish much (except sending all IPv6 capable resolvers over IPv6 transport :) as all resolvers will still require IPv4 to reach the root. One can of course create their own root hint zone and force bind, or other dns server, to not fetch the hints from the real root, but that doesn't help for the rest of the planet. (Root alternatives like orsn could fix that up but apparently their main german box that was doing IPv6 is out of the air) You don't change the hints you just provide zones that override B.ROOT-SERVERS.NET, F.ROOT-SERVERS.NET, H.ROOT-SERVERS.NET, K.ROOT-SERVERS.NET and M.ROOT-SERVERS.NET or just use your own ROOT-SERVERS.NET zone with the s added in. I've read your email twice and I dont follow. Either you are telling me a) Provide my own hints with included (you specifically say thats not what you mean tho) or b) Serve my own root zone. From a root operator, surely thats not right either (I hope!)? In the few couple of years I've only seen two outages with the IPv6 root instances. In both cases they were fixed soon after reporting the outage. So there are v6 roots out there? Where are they hiding and why arent they being provided in the hints file or NS queries on . ? Steve B.ROOT-SERVERS.NET. 3600IN A 192.228.79.201 B.ROOT-SERVERS.NET. 3600IN 2001:478:65::53 F.ROOT-SERVERS.NET. 3600IN A 192.5.5.241 F.ROOT-SERVERS.NET. 3600IN 2001:500::1035 H.ROOT-SERVERS.NET. 3600IN A 128.63.2.53 H.ROOT-SERVERS.NET. 3600IN 2001:500:1::803f:235 K.ROOT-SERVERS.NET. 3600IN A 193.0.14.129 K.ROOT-SERVERS.NET. 3600IN 2001:7fd::1 M.ROOT-SERVERS.NET. 3600IN A 202.12.27.33 M.ROOT-SERVERS.NET. 3600IN 2001:dc3::35 Note also that various ccTLD's are able to add glue to your zone on request (notably .fr/.ch/.nl/.se do so already for quite some time) Greets, Jeroen --enig28DE1EA6E1A720C65610D130 Content-Type: application/pgp-signature; name=signature.asc Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename=signature.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Jeroen Massar / http://unfix.org/~jeroen/ iHUEARECADUFAkaFMZMuFIAAFQAQcGthLWFkZHJlc3NAZ251cGcub3JnamVy b2VuQHVuZml4Lm9yZwAKCRApqihSMz58Ixw1AKC8ycHIGT3Nzs296Xf4XeeDvq+m agCeM0cnyTZxnh0QbnuQXVwhw2kil1o= =UGVO -END PGP SIGNATURE- --enig28DE1EA6E1A720C65610D130--
Re: ICANN registrar supporting v6 glue?
Stephen Wilcox wrote: On Sat, Jun 30, 2007 at 11:16:40PM +1000, Mark Andrews wrote: [..] You don't change the hints you just provide zones that override B.ROOT-SERVERS.NET, F.ROOT-SERVERS.NET, H.ROOT-SERVERS.NET, K.ROOT-SERVERS.NET and M.ROOT-SERVERS.NET or just use your own ROOT-SERVERS.NET zone with the s added in. I've read your email twice and I dont follow. Either you are telling me You want option c: c) Serve your own version of root-servers.net containing 's This never occurred to me but it indeed is the best way to do it. All the root-servers have names in root-servers.net, as such just make your own master zone containing: B.ROOT-SERVERS.NET. 3600IN A 192.228.79.201 B.ROOT-SERVERS.NET. 3600IN 2001:478:65::53 F.ROOT-SERVERS.NET. 3600IN A 192.5.5.241 F.ROOT-SERVERS.NET. 3600IN 2001:500::1035 H.ROOT-SERVERS.NET. 3600IN A 128.63.2.53 H.ROOT-SERVERS.NET. 3600IN 2001:500:1::803f:235 K.ROOT-SERVERS.NET. 3600IN A 193.0.14.129 K.ROOT-SERVERS.NET. 3600IN 2001:7fd::1 M.ROOT-SERVERS.NET. 3600IN A 202.12.27.33 M.ROOT-SERVERS.NET. 3600IN 2001:dc3::35 + optionally the other roots-servers as found on www.root-servers.org And presto. You don't even have to turn of glue fetch etc, as the above zone will override the glue then anyway. Good one Mark, thanks. Greets, Jeroen signature.asc Description: OpenPGP digital signature
Re: ICANN registrar supporting v6 glue?
One note here is that even though you can get glue into com/net/org using this method, there is no IPv6 glue for the root yet, as such even if you manage to get the IPv6 glue in, it won't accomplish much (except sending all IPv6 capable resolvers over IPv6 transport :) as all Unless I did this query wrong, you are absolutely right: ;. IN NS A.ROOT-SERVERS.NET. 360 IN A 198.41.0.4 B.ROOT-SERVERS.NET. 360 IN A 192.228.79.201 C.ROOT-SERVERS.NET. 360 IN A 192.33.4.12 D.ROOT-SERVERS.NET. 360 IN A 128.8.10.90 E.ROOT-SERVERS.NET. 360 IN A 192.203.230.10 F.ROOT-SERVERS.NET. 360 IN A 192.5.5.241 G.ROOT-SERVERS.NET. 360 IN A 192.112.36.4 H.ROOT-SERVERS.NET. 360 IN A 128.63.2.53 I.ROOT-SERVERS.NET. 360 IN A 192.36.148.17 J.ROOT-SERVERS.NET. 360 IN A 192.58.128.30 K.ROOT-SERVERS.NET. 360 IN A 193.0.14.129 L.ROOT-SERVERS.NET. 360 IN A 198.32.64.12 M.ROOT-SERVERS.NET. 360 IN A 202.12.27.33 I don't see any v6 glue there... Rather than having conversations about transition to IPv6, maybe we should be sure it works natively first? It's rather ironic to think that for v6 DNS to work an incumbent legacy protocol is still required. The GTLD's appear to have somewhat better v6 services than root: A.GTLD-SERVERS.NET. 172800 IN 2001:503:a83e::2:30 B.GTLD-SERVERS.NET. 172800 IN 2001:503:231d::2:30 I'm pretty disappointed now, -Barrett
Re: ICANN registrar supporting v6 glue?
;. IN NS A.ROOT-SERVERS.NET. 360 IN A 198.41.0.4 B.ROOT-SERVERS.NET. 360 IN A 192.228.79.201 C.ROOT-SERVERS.NET. 360 IN A 192.33.4.12 D.ROOT-SERVERS.NET. 360 IN A 128.8.10.90 E.ROOT-SERVERS.NET. 360 IN A 192.203.230.10 F.ROOT-SERVERS.NET. 360 IN A 192.5.5.241 G.ROOT-SERVERS.NET. 360 IN A 192.112.36.4 H.ROOT-SERVERS.NET. 360 IN A 128.63.2.53 I.ROOT-SERVERS.NET. 360 IN A 192.36.148.17 J.ROOT-SERVERS.NET. 360 IN A 192.58.128.30 K.ROOT-SERVERS.NET. 360 IN A 193.0.14.129 L.ROOT-SERVERS.NET. 360 IN A 198.32.64.12 M.ROOT-SERVERS.NET. 360 IN A 202.12.27.33 I don't see any v6 glue there... Rather than having conversations about transition to IPv6, maybe we should be sure it works natively first? It's rather ironic to think that for v6 DNS to work an incumbent legacy protocol is still required. At least something is happening: http://www.icann.org/committees/security/sac016.htm http://www.icann.org/committees/security/sac017.htm Regards, Andras
Re: ICANN registrar supporting v6 glue?
I'm pretty disappointed now, Searching the ICANN web site I found this: http://www.icann.org/committees/security/sac018.pdf Does anyone know what's been happening in the wake of that document? -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis+1-571-434-5468 NeuStar Think glocally. Act confused.
Re: ICANN registrar supporting v6 glue?
On Fri, 29 Jun 2007, Barrett Lyon wrote: If you deploy dual-stack, it is much easier to keep doing the DNS queries using IPv4 transport, and there is not any practical advantage in doing so with IPv6 transport. Thanks Jordi, not to sound too brash but, I'm already doing so. I am trying not to deploy a hacked v6 service which requires an incumbent legacy protocol to work. Of course, is nice to have IPv6 support in as many DNS infrastructure pieces as possible, and a good signal to the market. Many TLDs already do, and the root servers are moving also in that direction. Hopefully then the rest of the folks involved in DNS move on. I would like to support v6 so a native v6 only user can still communicate with my network, dns and all, apparently in practice that is not easy to do, which is somewhat ironic given all of the v6 push lately. It also seems like the roots are not even fully supporting this properly? there are providers that have (in the US even if that matters) ipv6 connected auth servers, that could even help. I can't seem to make one of them want to be a registrar too :( but... maybe Ultra/Neustar could do that for you?
Re: ICANN registrar supporting v6 glue?
At 9:23 -0700 6/29/07, Barrett Lyon wrote: I would like to support v6 so a native v6 only user can still communicate with my network, dns and all, apparently in practice that is not easy to do, which is somewhat ironic given all of the v6 push lately. It also seems like the roots are not even fully supporting this properly? Given that the ARIN BoT has published a call to move to IPv6: http://www.arin.net/media/releases/070521-v6-resolution.pdf and that LACNIC and .MX have made these statements: http://lacnic.net/en/anuncios/2007_agotamiento_ipv4.html http://www.nic.mx/es/Noticias_2?NEWS=220 and ICANN has been studying the issue: http://www.icann.org/committees/security/sac018.pdf What possibly can be done to get the root zone really available on IPv6? http://www.root-servers.org/ lists a few root servers as having IPv6 addresses, so really means having for i in a b c d e f g h i j k l m; do dig $i.root-servers.net +norec; done return at least one in the answer section. What's the hold up? What's getting worked on? Is there a dns-root-on-ipv6-deployment task force anywhere? Is there someone that can give an authoritative update on where we are on the road to being able to accomplish what is requested above? Part of my reaction is to the quip given all of the v6 push lately juxtaposed with NANOG 40 that barely mentioned IPv6 in the agenda. If we can't get one application (DNS) to do IPv6 how can we expect the ISPs to just up and deploy it? I would suspect that getting the roots - or just some of them - to legitimize their IPv6 presence would be easier than getting ISPs rolling. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis+1-571-434-5468 NeuStar Think glocally. Act confused.
Re: ICANN registrar supporting v6 glue?
On 29-jun-2007, at 19:06, Edward Lewis wrote: I'm pretty disappointed now, Searching the ICANN web site I found this: http://www.icann.org/committees/security/sac018.pdf Does anyone know what's been happening in the wake of that document? Well: Additional study and testing is encouraged to continue to assess the impact of including records in the DNS priming response. Apparently, this can't be studied enough. This is what I wrote in my book two years ago: Since mid-2004, TLD registries may have IPv6 addresses included in the root zone as glue records, and some TLDs allow end users to register IPv6 nameserver addresses for their domains. Many of the root name-servers are alreadyreachable over IPv6 (see http://www.root- servers.org/). ICANN and theroot server operators are proceeding very cautiously, but addition of IPv6 glue records to the root zone is expected in the not too distant future. At this rate, we'll be fresh out of IPv4 space before anything happens. More study is a waste of time, we all know that all implementations from this century can handle it but a small percentage of all sites is going to have trouble anyway because they have protocol-breaking equipment installed. ICANN should bite the bullet and announce a date for this so we can start beating the firewall admins into submission.
Re: ICANN registrar supporting v6 glue?
there are providers that have (in the US even if that matters) ipv6 connected auth servers, that could even help. I can't seem to make one of them want to be a registrar too :( but... maybe Ultra/Neustar could do that for you? Neustar/Ultra's .org gtld registration services apparently do not support v6, however, net and com do. Yet, .org does provide a v6 resolver: b0.org.afilias-nst.org. 86400 IN 2001:500:c::1 -B
Re: ICANN registrar supporting v6 glue?
My view is that deploying only IPv6 in the LANs is the wrong approach in the short term, unless you're sure that all your applications are ready, or you have translation tools (that often are ugly), and you're disconnected from the rest of the IPv4 Internet. I'm deploying large (5000 sites) IPv6 networks for customers, and we also decided that at a given point, if your traffic is IPv6 dominant, it made be sensible to consider deploying IPv6-only in the access and core network. I just explained it yesterday in another mailing list: The trick is to keep dual stack in the LANs (even if the LANs use net10 and NAT), so the old applications that are still only available with IPv4, keep running. In order to do that, you need an automatic tunneling protocol. For example, softwires, and in fact this is the reason we needed it. Softwires is basically L2TP, so you can guess we are talking simply about VPNs on demand. In order to keep most of the traffic as IPv6 within the network, the access to the rest of the Internet, for example for http, is proxied by boxes (that also do caching functions, as in many networks is done to proxy IPv4-to-IPv4), but in our case to IPv4-to-IPv6. What I will never do at this stage and probably for many years, is to drop IPv4 from the LANs, unless I have a closed network and don't want to talk with other parties across Internet, and I'm sure all my applications already support IPv6. This has been presented several times in different foras such RIR meetings. And yes ... I'm already working on an ID to explain a bit more all the details. Regards, Jordi De: Barrett Lyon [EMAIL PROTECTED] Responder a: [EMAIL PROTECTED] Fecha: Fri, 29 Jun 2007 09:23:59 -0700 Para: [EMAIL PROTECTED] CC: nanog@merit.edu Asunto: Re: ICANN registrar supporting v6 glue? If you deploy dual-stack, it is much easier to keep doing the DNS queries using IPv4 transport, and there is not any practical advantage in doing so with IPv6 transport. Thanks Jordi, not to sound too brash but, I'm already doing so. I am trying not to deploy a hacked v6 service which requires an incumbent legacy protocol to work. Of course, is nice to have IPv6 support in as many DNS infrastructure pieces as possible, and a good signal to the market. Many TLDs already do, and the root servers are moving also in that direction. Hopefully then the rest of the folks involved in DNS move on. I would like to support v6 so a native v6 only user can still communicate with my network, dns and all, apparently in practice that is not easy to do, which is somewhat ironic given all of the v6 push lately. It also seems like the roots are not even fully supporting this properly? -Barrett ** The IPv6 Portal: http://www.ipv6tf.org Bye 6Bone. Hi, IPv6 ! http://www.ipv6day.org This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited.
Re: ICANN registrar supporting v6 glue?
One note here is that even though you can get glue into com/net/org using this method, there is no IPv6 glue for the root yet, as such even if you manage to get the IPv6 glue in, it won't accomplish much (except sending all IPv6 capable resolvers over IPv6 transport :) as all resolvers will still require IPv4 to reach the root. One can of course create their own root hint zone and force bind, or other dns server, to not fetch the hints from the real root, but that doesn't help for the rest of the planet. (Root alternatives like orsn could fix that up but apparently their main german box that was doing IPv6 is out of the air) Having glue in GTLD/ccTLD's will help resolvers that first query for glue before A glue for nameservers. If you don't have glue then it's going to be an extra RTT to look up the A record for your nameservers, which makes your webpages slower to load. And everyone wants their webpages to load faster. The fact that the root name serers don't supply glue for GTLDs/ccTLDs is a minor annoyance, people should in general only go to the root name servers once a day per GTLD/ccTLD. There are 267 TLD's and you're unlikely to talk to them all in a given day, but almost every request your name server makes is going to start with a query to a GTLD or ccTLD server.
Re: ICANN registrar supporting v6 glue?
On Fri, 29 Jun 2007, Barrett Lyon wrote: there are providers that have (in the US even if that matters) ipv6 connected auth servers, that could even help. I can't seem to make one of them want to be a registrar too :( but... maybe Ultra/Neustar could do that for you? Neustar/Ultra's .org gtld registration services apparently do not support v6, however, net and com do. Yet, .org does provide a v6 resolver: b0.org.afilias-nst.org. 86400 IN 2001:500:c::1 bummer :(
