Forgot your password?
typodupeerror

Comment: Re:Impact due to misconfiguration? (Score 2) 290

by Gompers (#34935524) Attached to: Yahoo IPv6 Upgrade Could Shut Out 1M Users

It's slightly more complicated than that. Almost every modern OS supports IPv6 out of the box, and has link local IPv6 address configured (prefixed with FE80::). Windows Vista/7 generally also configures a Teredo interface (prefixed by 2001:0::). When communicating on the link local network, it will likely use IPv6 if it's available between two hosts (and they both know each other's IPv6 addresses through some mechanism like mDNS/bonjour etc). Without a global address, this is as far as it goes. Once a global IPv6 address is configured, things get interesting. Host software now assumes that it has off-site IPv6 connectivity and will act accordingly.

The DNS servers don't originate the queries for the AAAA records, the client software does. IPv6 compliant web browsers will query for the AAAA record for a given host first, followed by the A record. If it gets no AAAA reply, it will go ahead and use the A reply. The DNS servers (unless they are VERY old) will just pass on through the response. If there is no AAAA record, you'll just get a SERVFAIL, it won't return the A record instead. The absence of an AAAA record for a given hostname implies to the client that the hostname is not IPv6 compliant. If there is an AAAA record, though, modern browsers will favor it over the A reply.

This is perfect behavior as long as the IPv6 address the host has actually has real, global, IPv6 connectivity. It really becomes an issue on networks with broken IPv6 implementations. Hosts have a global IPv6 prefix assigned, but not real connectivity will still try to use IPv6 instead of IPv4 and that's the issue that Yahoo (well the whole internet, at some point, really) is going to have to deal with.

It's perfectly reasonable for an IPv4 native or IPv4/6 dual stack DNS server to return AAAA queries received via IPv4. There's no reason that every DNS server that replies to queries needs to have IPv6 enabled to serve up AAAA records, just as there's no reason that IPv6-enabled DNS servers should only return AAAA records. DNS isn't the issue here, it's client behavior (and more importantly, network behavior) to the availability of IPv6 connected hosts. Most modern hosts behave in a perfectly reasonable manner to having native IPv6 connectivity. It's the things that connect them together that are still broken in places.

Everyone has a purpose in life. Perhaps yours is watching television. - David Letterman

Working...