Yahoo and IPv6
dmiller at tiggee.com
Mon May 16 18:23:06 CDT 2011
On 5/16/2011 3:13 PM, Paul Vixie wrote:
>> Date: Mon, 16 May 2011 14:37:46 -0400
>> From: Jim Gettys<jg at freedesktop.org>
>>> perhaps i'm too close to the problem because that solution looks quite
>>> viable to me. dns providers who don't keep up with the market (which
>>> means ipv6+dnssec in this context) will lose business to those who do.
>> I don't believe it is currently viable for any but the hackers out there,
>> given my experience during the Comcast IPv6 trial. Typing V6 addresses
>> (much less remembering them) is a PITA.
>> You are asking people who don't even know DNS exists, to bother to
>> establish another business relationship (or maybe DNS services might
>> someday be provided by their ISP).
> actually, i'm asking the opposite. only hackers run their own dns mostly;
> the vast majority of users who don't know what ipv6 or dnssec are, are
> already outsourcing to ultradns/neustar, or verisign, or dyn.com, etc, or
I think that what you probably meant to say was:
"... outsourcing to Affilias, Amazon Route 53, DNS Made Easy, DNS.com,
Dyn/Dynect, EasyDNS, GoDaddy, Netriplex, UltraDNS, Verisign, Zerigo, etc."
^^ Those are the commercial anycast DNS services that I know of
presented in a simple non-preferential alphabetical order.
I happen to know, because I did parts of the implementation, that DNS
Made Easy provides anycast IPv6 DNS to all customers (available on all
servers if they like).
> for recursive they're using opendns, google dns, etc. these companies can
> either add the new services and do outreach to their customer bases, or
> they can allow their competitors to do so.
> of those who still run their own dns, the vast majority actually do know
> the dnssec and ipv6 issues facing them.
>> If you get past that hurdle they get to type long IPv6 addresses into a web
>> page they won't remember where it was the year before when they did this
>> the last time to add a machine to their DNS.
> i've been using ipv6 dual stack for ten years at ISC and for one year at
> home (i was comcast's first north american dual stack native customer) and
> the only time i type long ipv6 addresses is when editing dns zone files or
> configuring routers and hosts. i think your experiences may have been
> worse than mine and i'll be interested in knowing whether they're common.
>> The way this "ought" to work for clueless home users (or cluefull users
>> too, for that matter) is that, when a new machine appears on a network, it
>> "just works", by which I mean that a globally routeable IPv6 address
>> appears in DNS without fussing around using the name that was given to the
>> machine when it was first booted, and that a home user's names are
>> accessible via secondaries even if they are off line.
> this is why ISC DHCP and ISC BIND can communicate using RFC 2136 DNS
> dynamic updates, secured with RFC 2845 transaction signatures. once you
> get this running then you don't have to type ipv6 addresses anywhere. and
> i know that infoblox and other BIND Inside appliance vendors have the same
> capability, and that Cisco and other DNS/DHCP vendors can also participate
> in these open standards pretty much out of the box. this is what i worked
> on when i first found out about IETF back in 1995 or so. it's all done now
> you just have to learn it and deploy it. (and if you don't think end users
> ought to have to learn how to configure their DHCP to talk to their DNS,
> i will point them at a half dozen appliance and outsourcing vendors who can
> take the ones and zeroes out of this for them.)
>> And NXDOMAIN should work the way it was intended, for all the reasons
>> you know better than I.
> while i agree, i don't think the people who are substituting positive
> responses for NXDOMAIN care at all what you think or what i think, so i'm
> going to focus on what can be done which is advancing robust solutions.
>> This is entirely possible ;-). Just go ask Evan Hunt what he's been up to
>> with Dave Taht recently....
> more appliance vendors including open source are definitely welcome. the
> pool is large enough for everybody to swim in it.
More information about the NANOG