Apple Airport Extreme IPv6 problems?

Barrett Lyon blyon at
Tue Sep 18 01:42:20 UTC 2007

> Getting back to my original discussion with Barrett, what should we do
> about naming? I initially though that segregating v6 in a subdomain
> was a good idea, but if this is truly a migration, v4 should be the
> interface segregated.

Personally I find separation of the A/AAAA somewhat of a  
dysfunctional way to deal with this issue.   Users that opt-in to  
dual-stack will be accepting of the downfalls in the v6 deployments  
out there.  In that case, it should be fine to provide a seamless  
experience with overlapping DNS records.

However, users are not getting a choice or even an education on what  
is happening on the tunnel and are getting impacted from overlapping  
AAAA/A records.  This is the breakdown, I think that if we start  
segmenting DNS to fix a symptom and not the problem itself, we're  
just adding more ducktape.

I would actually think Apple (and any other vendor that default  
enable v6 tunnels without notifying the user) should react to this  
and provide a fix that allows their current user base to opt-in to  
their pre-existing tunnels with education on what that means to the  
user.  It's great to be progressive, but it's not good to do it when  
it can impact users.

Regarding segmented v4/v6 DNS, this may already exist, but it may  
also be a good idea for the web masters out there to create a v6 logo  
or marking denoting that a user has reached a v6 page vs. a v4 page.   
This could also be more helpful and also allow users to choose which  
protocol is used to reach the site.  It also creates a reason to have  
both an overlapping AAAA/A www. and a special www.v6./w6. and www.v4.  
alias.  If that framework accompanied the overlapping DNS, then HREFs  
could shuffle users from one version of the site pending on the user  

On a totally unrelated note:  Not to make any accusation on the  
security of the end-point tunnel network what-so-ever, but an  
entirely other issue is the tiny bit of a security conundrum that  
default tunnels create -- tunneling traffic to another network  
without notifying the user seems dangerous.  If I were a tinfoil-hat  
security person (or a CSO of a bank for example) this would really  
freak me out.


More information about the NANOG mailing list