Apple Airport Extreme IPv6 problems?
blyon at blyon.com
Tue Sep 18 01:42:20 UTC 2007
> Getting back to my original discussion with Barrett, what should we do
> about naming? I initially though that segregating v6 in a subdomain
> was a good idea, but if this is truly a migration, v4 should be the
> interface segregated.
Personally I find separation of the A/AAAA somewhat of a
dysfunctional way to deal with this issue. Users that opt-in to
dual-stack will be accepting of the downfalls in the v6 deployments
out there. In that case, it should be fine to provide a seamless
experience with overlapping DNS records.
However, users are not getting a choice or even an education on what
is happening on the tunnel and are getting impacted from overlapping
AAAA/A records. This is the breakdown, I think that if we start
segmenting DNS to fix a symptom and not the problem itself, we're
just adding more ducktape.
I would actually think Apple (and any other vendor that default
enable v6 tunnels without notifying the user) should react to this
and provide a fix that allows their current user base to opt-in to
their pre-existing tunnels with education on what that means to the
user. It's great to be progressive, but it's not good to do it when
it can impact users.
Regarding segmented v4/v6 DNS, this may already exist, but it may
also be a good idea for the web masters out there to create a v6 logo
or marking denoting that a user has reached a v6 page vs. a v4 page.
This could also be more helpful and also allow users to choose which
protocol is used to reach the site. It also creates a reason to have
both an overlapping AAAA/A www. and a special www.v6./w6. and www.v4.
alias. If that framework accompanied the overlapping DNS, then HREFs
could shuffle users from one version of the site pending on the user
On a totally unrelated note: Not to make any accusation on the
security of the end-point tunnel network what-so-ever, but an
entirely other issue is the tiny bit of a security conundrum that
default tunnels create -- tunneling traffic to another network
without notifying the user seems dangerous. If I were a tinfoil-hat
security person (or a CSO of a bank for example) this would really
freak me out.
More information about the NANOG