What would be the best way to configure your dns once you've set up IPv6 6to4? Separate the IPv4 and IPV6 domains or let them be the same? That is, use something like example.com for your existing IPv4 address and something like 6.example.com for IPv6 (and www.6.example.com etc.)? Or is it safe to have both A and AAAA records for the same domain name? Thanks, Jeroen -- http://goldmark.org/jeff/stupid-disclaimers/ http://linuxmafia.com/~rick/faq/plural-of-virus.html
In message <4CE5C820.5030205@mompl.net>, Jeroen van Aart writes:
What would be the best way to configure your dns once you've set up IPv6 6to4? Separate the IPv4 and IPV6 domains or let them be the same?
That is, use something like example.com for your existing IPv4 address and something like 6.example.com for IPv6 (and www.6.example.com etc.)?
Or is it safe to have both A and AAAA records for the same domain name?
Thanks, Jeroen
-- http://goldmark.org/jeff/stupid-disclaimers/ http://linuxmafia.com/~rick/faq/plural-of-virus.html
Firstly I would use a tunnel broker instead of 6to4. Easier to debug failures. To answer your question you need to do a risk analysis. Adding a IPv6 address next to a IPv4 address can make connections to the site appear to be slow when the client side tries IPv6 but doesn't have a working IPv6 path (this is a very small percentage). There are some applications that will not fallback to IPv4 if the IPv6 connection fails (this is also a small percentage again). ISC publishes both AAAA and A record at the same name. This is somewhat of a forcing function for broken sites to address their IPv6 issues. We have been publishing both address for many years now. Google on the other had decided to white-list sites that it knows have IPv6 connectivity and a responsive noc. 6to4 sites don't meet these requirments. Tunneled sites can. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
Mark Andrews wrote:
Firstly I would use a tunnel broker instead of 6to4. Easier to debug failures.
Thanks all for the helpful response. Using the same names for IPv6 and IPv4 doesn't appear to be much of a problem, especially considering this is a trial which concerns office/home ISP connectivity, for now. Which IPv6 tunnel broker is preferable, or does it really matter? Thanks, Jeroen -- http://goldmark.org/jeff/stupid-disclaimers/ http://linuxmafia.com/~rick/faq/plural-of-virus.html
I use HE.NET in a few installations (with BGP) and they have good support (which is quite awesome for a free service). As people pointed out avoid 6to4, Apple just rendered it nearly useless in its latest OS-X. ----- Original Message ----- From: "Jeroen van Aart" <jeroen@mompl.net> To: "NANOG list" <nanog@nanog.org> Sent: Saturday, 20 November, 2010 9:07:53 AM Subject: Re: IPv6 6to4 and dns Mark Andrews wrote:
Firstly I would use a tunnel broker instead of 6to4. Easier to debug failures.
Thanks all for the helpful response. Using the same names for IPv6 and IPv4 doesn't appear to be much of a problem, especially considering this is a trial which concerns office/home ISP connectivity, for now. Which IPv6 tunnel broker is preferable, or does it really matter? Thanks, Jeroen
Date: Sat, 20 Nov 2010 09:36:28 +1300 (FJST) From: Franck Martin <franck@genius.com>
I use HE.NET in a few installations (with BGP) and they have good support (which is quite awesome for a free service).
As people pointed out avoid 6to4, Apple just rendered it nearly useless in its latest OS-X.
----- Original Message ----- From: "Jeroen van Aart" <jeroen@mompl.net> To: "NANOG list" <nanog@nanog.org> Sent: Saturday, 20 November, 2010 9:07:53 AM Subject: Re: IPv6 6to4 and dns
Mark Andrews wrote:
Firstly I would use a tunnel broker instead of 6to4. Easier to debug failures.
Thanks all for the helpful response. Using the same names for IPv6 and IPv4 doesn't appear to be much of a problem, especially considering this is a trial which concerns office/home ISP connectivity, for now.
Which IPv6 tunnel broker is preferable, or does it really matter?
I'm afraid that announcements of 2002::/16 by places with non-functional or poorly connected 6to4 had already rendered it close enough to useless that I quit caring. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: oberman@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
----- Original Message -----
From: "Kevin Oberman" <oberman@es.net> To: "Franck Martin" <franck@genius.com> Cc: "Jeroen van Aart" <jeroen@mompl.net>, "NANOG list" <nanog@nanog.org> Sent: Tuesday, 23 November, 2010 12:31:47 PM Subject: Re: IPv6 6to4 and dns
Date: Sat, 20 Nov 2010 09:36:28 +1300 (FJST) From: Franck Martin <franck@genius.com>
I use HE.NET in a few installations (with BGP) and they have good support (which is quite awesome for a free service).
As people pointed out avoid 6to4, Apple just rendered it nearly useless in its latest OS-X.
----- Original Message ----- From: "Jeroen van Aart" <jeroen@mompl.net> To: "NANOG list" <nanog@nanog.org> Sent: Saturday, 20 November, 2010 9:07:53 AM Subject: Re: IPv6 6to4 and dns
Mark Andrews wrote:
Firstly I would use a tunnel broker instead of 6to4. Easier to debug failures.
Thanks all for the helpful response. Using the same names for IPv6 and IPv4 doesn't appear to be much of a problem, especially considering this is a trial which concerns office/home ISP connectivity, for now.
Which IPv6 tunnel broker is preferable, or does it really matter?
I'm afraid that announcements of 2002::/16 by places with non-functional or poorly connected 6to4 had already rendered it close enough to useless that I quit caring.
And the main issues, it is a hell to debug to find out which one needs to be fixed or taken out.
In message <4CE6D919.2000604@mompl.net>, Jeroen van Aart writes:
Mark Andrews wrote:
Firstly I would use a tunnel broker instead of 6to4. Easier to debug failures.
Thanks all for the helpful response. Using the same names for IPv6 and IPv4 doesn't appear to be much of a problem, especially considering this is a trial which concerns office/home ISP connectivity, for now.
Which IPv6 tunnel broker is preferable, or does it really matter?
I've been using HE for 7 years now and have always got a fast response when I've had problems with the link.
Thanks, Jeroen
-- http://goldmark.org/jeff/stupid-disclaimers/ http://linuxmafia.com/~rick/faq/plural-of-virus.html
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
Subject: IPv6 6to4 and dns Date: Thu, Nov 18, 2010 at 04:43:12PM -0800 Quoting Jeroen van Aart (jeroen@mompl.net):
What would be the best way to configure your dns once you've set up IPv6 6to4? Separate the IPv4 and IPV6 domains or let them be the same?
The same. Separation would be unnecessary influence from a lower layer.
That is, use something like example.com for your existing IPv4 address and something like 6.example.com for IPv6 (and www.6.example.com etc.)?
Useful for debugging. And no more.
Or is it safe to have both A and AAAA records for the same domain name?
Once a node is enough reachable (according to SLAen etc) to warrant inclusion in DNS, the Internet Protocol number is just an indication of which way to reach it. It is perfectly safe, and I do it all the time. When my Internets break, I suffer. Of course. But that has nothing to do with ipv4 vs ipv6. -- Måns Nilsson primary/secondary/besserwisser/machina MN-1334-RIPE +46 705 989668 I appoint you ambassador to Fantasy Island!!!
On Nov 18, 2010, at 4:43 PM, Jeroen van Aart wrote:
What would be the best way to configure your dns once you've set up IPv6 6to4? Separate the IPv4 and IPV6 domains or let them be the same?
That is, use something like example.com for your existing IPv4 address and something like 6.example.com for IPv6 (and www.6.example.com etc.)?
If you're going to use separate names for your AAAA, then the most common (least likely to confuse users) is ipv6.example.com vs. www.example.com.
Or is it safe to have both A and AAAA records for the same domain name?
Depends on your value of safe. According to Google this will provide a poor user experience for 0.05% of the internet. This 0.05% of the internet is the people who have broken IPv6 connectivity, but, hosts think they are IPv6 connected. For HE, this has not been a significant problem and www.he.net has offered both A and AAAA records for years. For Google, 0.05% represents significant revenue and customer lossage and they use separate names unless your resolvers are whitelisted. For more information on the exact problems, see Lorenzo's presentation at RIPE 61. He did an excellent job of explaining the situation from Google's perspective. Owen
participants (6)
-
Franck Martin -
Jeroen van Aart -
Kevin Oberman -
Mans Nilsson -
Mark Andrews -
Owen DeLong