AAAA, A6, or both?

Michael Kjorling michael@kjorling.com
Sun, 20 Jan 2002 00:09:56 +0100 (CET)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Well, there certainly is a valid point in that all too few upgrade
their software, even when major security holes become known (I still
see a DNS server every once in a while that is running versions of
BIND that are vulnerable to exploits that have been fixed long ago -
see http://www.isc.org/products/BIND/bind-security.html). But as long
as you can ensure that your slave DNS servers won't barf at the zone
(and hopefully you have some kind of relation with the people running
it, if you're not running it yourself), you will be OK. It's a major
difference between a name server not *asking* for a specific record
type, and the same server rejecting zones that contain records of said
type - A6, in this case.  It could just as well have been some other
type, perhaps completely unrelated to IPv6. (Remember MH, MD? LOC?)

It seems that my seemingly fairly simple question has sparked a major
debate - and I believe some of it good. I asked if I should use AAAA,
A6, or both for IPv6 forward mapping. A lot of people suggested both.
As long as one's secondaries can handle that, I see no problem with
such an approach and it does allow you to support the greatest number
of clients. As one person pointed out, it's possible to use A6 records
in a kind of "AAAA emulation mode" by setting the prefix length to 0
(e.g. 'foo.bar.com. A6 0 dead:beef::c0:ffee')

Here's another question that might spark an even bigger controversy:
reverse lookups. Obviously one will use PTR records, but where in the
DNS tree? Say, for example, that I have the IPv6 address space
3ffe:dead:beef::/48. What reverse zone(s) do I need to set up and get
delegated from my upstream/tunnel provider in order to make it work
properly?


Michael Kjörling


On Jan 19 2002 10:21 -1000, Antonio Querubin wrote:

> > BIND 8.3 will not barf on A6 records. Not sure that it knows
> > what to do with them, but it's supposed to now accept "unknown RRs".
> >
> > This is handy when I have zones that are secondaried by BIND 8 people.
>
> That's good to know but the idea is that there are still many DNS running
> pre-8.3 and pre-9.x BIND versions which will reject the entire zone if
> they detect unknown RRs.  Until we see more DNS upgraded to recent
> software versions there'll continue to exist a natural tendency to avoid
> the use of A6 RRs in zone files.  That competes with the "if it aint broke
> don't fix it" reluctance to upgrade software.  And then there are those
> operators that never bother applying upgrades or patches and we all know
> those are few in number ... NOT!

- -- 
Michael Kjörling  --  Programmer/Network administrator  ^..^
Internet: michael@kjorling.com -- FidoNet: 2:204/254.4   \/
PGP: 95f1 074d 336d f8f0From 6bone-owner  Sun Jan 20 05:26:58 2002
Return-Path: <owner-6bone>
Received: (from majordom@localhost)
	by zephyr.isi.edu (8.9.3/8.9.3) id FAA08115
	for 6bone-outgoing; Sun, 20 Jan 2002 05:26:58 -0800 (PST)
Received: from tnt.isi.edu (tnt.isi.edu [128.9.128.128])
	by zephyr.isi.edu (8.9.3/8.9.3) with ESMTP id FAA08110
	for <6bone@zephyr.isi.edu>; Sun, 20 Jan 2002 05:26:55 -0800 (PST)
Received: from varg.mcpoolen.se (varg.mcpoolen.se [213.88.238.204])
	by tnt.isi.edu (8.11.6/8.11.2) with ESMTP id g0KDRug28587
	for <6bone@ISI.EDU>; Sun, 20 Jan 2002 05:27:56 -0800 (PST)
Received: from varg.wolfpack (IDENT:michael@varg.wolfpack [192.168.1.1])
	by varg.mcpoolen.se (8.11.6/8.11.6) with ESMTP id g0KDSwN18515;
	Sun, 20 Jan 2002 13:28:58 GMT
Date: Sun, 20 Jan 2002 14:28:52 +0100 (CET)
From: Michael Kjorling <michael@kjorling.com>
X-X-Sender: michael@varg.wolfpack
To: 6bone <6bone@ISI.EDU>
cc: Pekka Savola <pekkas@netcore.fi>
Subject: Re: AAAA, A6, or both?
In-Reply-To: <Pine.LNX.4.44.0201200030100.24543-100000@netcore.fi>
Message-ID: <Pine.LNX.4.44.0201201427520.17764-100000@varg.wolfpack>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=ISO-8859-1
Content-Transfer-Encoding: 8BIT
Sender: owner-6bone@zephyr.isi.edu
Precedence: bulk

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Interesting. Thank you for the pointer, Pekka.


Michael Kjörling


On Jan 20 2002 00:37 +0200, Pekka Savola wrote:

> Hi,
>
> I'll just point out the best advice so far, by Pim:
>
> "You should use AAAA and disregard anything you ever read about A6."
>
>
> For more information, see:
>
> http://www.ietf.org/internet-drafts/draft-ietf-dnsext-ipv6-addresses-00.txt
>
> or minutes from Dnsext/ngtrans joing meeting in IETF51 in London.

- -- 
Michael Kjörling  --  Programmer/Network administrator  ^..^
Internet: michael@kjorling.com -- FidoNet: 2:204/254.4   \/
PGP: 95f1 074d 336d f8f0 f297 6a5b 2aa3 7bfd 8a70 e33e

"There is something to be said about not trying to be glamorous
and popular and cool. Just be real -- and life will be real."
(Joyce Sequichie Hifler, September 13 2001, www.hifler.com)

*** Thinking about sending me spam? Take a close look at
*** http://michael.kjorling.com/spam/ before doing so.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Public key is at http://michael.kjorling.com/contact/pgp.html

iD8DBQE8SsYZKqN7/Ypw4z4RAofuAKD6UPilvpqlVGZwLKe/TdAdFOMtAACaAxsD
dRivW2AF1svOSDb+1T7oD6g=
=yeE0
-----END PGP SIGNATURE-----