In message <201202231651.q1NGpxgL017137@xxxxxxxxxxxxxxxxxxx>, Martin Rex writes : > Bob Hinden wrote: > > > > Martin Rex wrote: > > > > > > With a fully backwards compatible transparent addressing scheme, > > > a much larger fraction of the nodes would have switched to actively > > > use IPv6 many years ago. > > > > Right, just like they could have deployed dual stack many years ago too. > > Just two days ago I had an extremeley disappointing experience with IPv6. > Windows XP 64-bit (aka Win2003sp2) on a local network with a private > DNS universe, IPv4 only network, Windows IPv6 protocol stack installed > but IPv6 active only on the two virtual network interfaces of VMware. > > Somehow the DNS servers configured in the network settings had performed > only a partial zone reload and were replying only to some queries, > failing some DNS queries with server failure or timeout, > and one DNS zone had become completely invisible. > > I noticed the problem suddenly during work because every new connection > took ~16 seconds delay to complete. Wondering what was wrong, I started > wireshark. > > I saw Windows2003 send out 23 DNS lookups for AAAA records for the > requested hostname over the course of 16 seconds (some of which returned > server failure, some of which failed with no such name), > until Windows 2003 finally decided to also try a DNS A query--which got > immediately successfully answered and the connection was established. > The delay affected each and every connection attempt, even when contacting > the same host repeatedly (although there is a DNScache service running...). > > Disabling IPv6 on all network adapters did not stop this Windows AAAA frenzy, > I had to actually uninstall the IPv6 protocol stack (an action which > immediately kills *ALL* network connectivity of the machine and requires > a reboot to recover...) for this AAAA nonsense to end. > > During the past few years I had two similar encounters with sudden severe > connectivity problems on a Windows XP and a Linux installation, and > both times, the problem disappeared when I disabled IPv6. > > It is also significantly easier to configure the firewall for IPv4-only... > > -Martin > _______________________________________________ > Ietf mailing list > Ietf@xxxxxxxx > https://www.ietf.org/mailman/listinfo/ietf We (ISC) learned a long time ago (last century) that partial DNS service for a zone is worse than total failure for a zone. By totally failing a zone on error it gets fixed instead of trying to limp by on partial service. I also suspect the search algorithm is not stopping on NOERROR NODATA or SERVFAIL. Searches really should stop on both those conditions. By stopping I mean not going onto the next element in the search list without getting a NXDOMAIN response. You can ask multiple servers on SERVFAIL. I've been arguing this for around 10+ years. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@xxxxxxx _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf