-----BEGIN PGP SIGNED MESSAGE----- Randy Bush wrote:
if i try to log into my machines back in tokyo by IPv6 SSH, it takes very long time. i guess i found the reason - (possible) lame delegation of blah.ip6.int. ip6.arpa. query returns instantly. how could we fix it? By fixing the software as ip6.int was deprecated 2 years+++ ago as you should already know. for backward compatibility reasons many software do query ip6.arpa; if (not found) query ip6.int; i'm not too sure if we can remove the "query ip6.int" part today.
if, as you say, there was instant response to the ip6.arpa query, then jeroen's response that the software was broken seems even more clear.
The piece of software itojun describes is quite common, simply because it already has taken two years for even getting an RFC for ip6.arpa reverse for the 6bone. Now all we have to do is wait for the nameservers to actually appear and not to forget for them to get populated, 6/6/6 is quite a good estimate I guess ;) The problem only is that many software implementations only check ip6.int even though it is has been deprecated, fortunatly now that the RFC for the 6bone is out some manufacturers have been implementing ip6.arpa support by basically doing the simple g/ip6.int/s/ip6.int/ip6.arpa/g over their code. As the ip6.arpa doesn't exist at all for 6bone space at the moment he got a correct NXDOMAIN back from those and what itojun saw then where recursive looping dns servers which where not authoritive for the reverse thus pointed back to the root, software retries a number of times causing the shown delay. (dig +trace is ones friend)
and i don't believe in 'do-gooder' software that tries to make broken things work anyway. if it succeeds, no one notices and says thanks. if it fails, boy does it look bad.
ip6.int should indeed be gone completely from all software. It should have been 2 years ago, but due to 6bone not having ip6.arpa there was kind of a reason not to, but there is now... If developers start fixing their software it will be enough time for the NS operators to set the reverses up correctly. Greets, Jeroen -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / http://unfix.org/~jeroen iQA/AwUBQCkCdymqKFIzPnwjEQITeACgu4fzV0Q9KAhhbck/nyhyh6tPHGMAoIUR wOMIZoVaOys39hvPR4E18GHj =++66 -----END PGP SIGNATURE-----