Re: Review of: draft-ietf-v6ops-v6-aaaa-whitelisting-implications-03

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Livingood, Jason <Jason_Livingood@xxxxxxxxxxxxxxxxx> wrote:
> To: John Leslie <john@xxxxxxx>...
> 
> As I read it, this says that certain DNS servers will be configured
> to _not_ return AAAA records to AAAA queries by default.
> 
> This strikes me as a really-strange transition mechanism.
> 
> Depends on a number of factors for a content provider.

   Actually, no -- none of these factors make me feel it's any less than
_REALLY_ strange.

> The more traffic a domain receives the more likely they are to consider
> this practice as a transition mechanism from what I have observed.

   "Transition mechanism" is really-close to an oxymoron.

> This practice can give a large domain some level of control in turning
> on IPv6 access to their content, whereas they would lack this since
> they would turn it on for everyone when publishing the AAAA RR in the
> DNS.

   It doesn't give nearly as much control as they seem to think it does.
This blocks AAAA records, not based on the host interested in using them,
but based on some feature (IP address?) of the intermediate DNS resolver.
It's traditional to configure hosts to use two (or more) DNS resolvers
to mimimize the delays and disruptions.

   It will be very common for an end-host to alternate AAAA-requests
between one resolver which happens to be AAAA-blocked and another which
happens to be "whitelisted". I cringe in fear of taking the support
calls from such customers.

> Once a comfort level and operational stability is achieved I would
> expect most domains to move away from the practice, but that is TBD.

   I would expect a painful number of domains to forget it's there. :^(

> Certainly what happens on World IPv6 Day will bear on this question
> in important ways (when AAAA RRs are published without the use of
> DNS whitelisting).

   I predict a majority will turn off AAAA records for their regular
www.example.com on WorldIPv6Day+1.

   But that's OK: there are other ways to make progress.

   And the pressure should probably be applied to browser-software writers,
so that when an end-user finds himself IPv6-impaired, he can simply shift
to a different browser,

>    Color me thoroghly confused.
> 
> Hopefully that's more over the practice than the document;

   Indeed, I _am_ more confused by the practice than the document.

   But the document is confusing enough! What does it encourage me to
_do_?

> if you wish to see improvements in the I-D just say so.

   Personally, I wish you'd do a nearly-global

s/DNS whitelisting/AAAA-blocking/

   It's a much more descriptive term.

   Also, I'd appreciate less of "this solve a transition problem" and
more of "this doesn't even do what the folks seem to think it does".

   It's arguably reasonable to AAAA-block to DNS resolvers whose
managers ask for it; but it's not at all reasonable to AAAA-block by
default. IMHO, it would be better to tell folks that ask you to
AAAA-block to switch to resolver software that can AAAA-block to
certain end-users. After all, the problem _isn't_ localized on the
DNS resolver.

   And the document does nothing to help me figure out what to do to
enable a venturesome customer to _use_ IPv6 to a site that turns on
this AAAA-blocking!

   :^( :^(

--
John Leslie <john@xxxxxxx>
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]