Yahoo and IPv6
owen at delong.com
Tue May 10 20:18:12 CDT 2011
On May 10, 2011, at 6:03 PM, Matthew Palmer wrote:
> On Tue, May 10, 2011 at 11:22:54AM -0700, Owen DeLong wrote:
>> On May 10, 2011, at 9:32 AM, Igor Gashinsky wrote:
>>> On Tue, 10 May 2011, Valdis.Kletnieks at vt.edu wrote:
>>> :: On Tue, 10 May 2011 02:17:46 EDT, Igor Gashinsky said:
>>> :: > The time for finger-pointing is over, period, all we are all trying to do
>>> :: > now is figure out how to deal with the present (sucky) situation. The
>>> :: > current reality is that for a non-insignificant percentage of users when
>>> :: > you enable dual-stack, they are gong to drop off the face of the planet.
>>> :: > Now, for *you*, 0.026% may be insignificant (and, standalone, that number
>>> :: > is insignificant), but for a global content provider that has ~700M users,
>>> :: > that's 182 *thousand* users that *you*, *through your actions* just took
>>> :: > out.. 182,000 - that is *not* insignificant
>>> :: At any given instant, there's a *lot* more than 182,000 users who are cut off
>>> :: due to various *IPv4* misconfigurations and issues.
>>> Yes, but *these* 182,000 users have perfectly working ipv4 connectivity,
>>> and you are asking *me* to break them through *my* actions. Sorry, that's
>>> simply too many to break for me, without a damn good reason to do so.
>> In other words, Igor can't turn on AAAA records generally until there are
>> 182,001 IPv6-only users that are broken from his lack of AAAA records.
> There may be something stupid I haven't considered about this, but wouldn't
> a v6-only end user be making their DNS requests over v6 (at least to their
> ISP's resolver), and if their provider was nice enough to continue that
> v6ness up the chain, wouldn't it be fairly simple (to the point of "I'd be
> stunned if everyone wasn't already doing this") to say to
> Yahoo/Google/whatever's ultra-smart whitelisting DNS servers, "v6-whitelist
> all v6 DNS requests"?
Not necessarily and almost entirely irrelevant. Yahoo may or may not get
the query from the ISP's resolver directly. An IPv6-only client might
have a private IPv4 address that reaches an IPv4 resolver within their
local network that may or may not have public IPv4 connectivity.
There is no clean or reliable way to infer anything about the protocol
stack on the client from an authoritative DNS server.
> That way, v6-only people are guaranteed to get the AAAA records they so
> badly crave, without making an excessive mess for anyone else.
Another beautiful theory murdered by a brutal gang of facts.
> I know this falls down if your v6-only-providing ISP takes your recursive
> DNS requests on IPv6 and sends them out via IPv4 even if AAAA records were
> available, but why would anyone be that dumb? Since the initial request
> would come in via v6, anything whitelisting in this fashion would be sending
> the AAAA records out, so you should never have to fall back to v4 unless
> someone isn't providing DNS via v6 at all, and who would willingly have
> their site v6 enabled without v6 enabling the DNS? (Yes, I'm aware of
> registrars who don't accept v6 glue, but get your whacking sticks out and
> keep whackin' 'til they fix it -- and kudos to gkg.net for having that
> sorted *before* I put my first v6 site up).
It's not a matter of dumb. There are all kinds of reasons this might occur.
For example, an IPv6-only host behind an HE Tunnel on a network that
gets IPv4 only service from another ISP, but, is out of IPv4 addresses.
More information about the NANOG