Re: [BEHAVE] Happy Eyeballs and DNS64 not sending synthetic AAAA RRs
"Stephan Lagerholm" <stephan.lagerholm@secure64.com> Thu, 04 August 2011 21:52 UTC
Return-Path: <stephan.lagerholm@secure64.com>
X-Original-To: behave@ietfa.amsl.com
Delivered-To: behave@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 10CF211E8078 for <behave@ietfa.amsl.com>; Thu, 4 Aug 2011 14:52:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.495
X-Spam-Level:
X-Spam-Status: No, score=-0.495 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AiwQOijlgEfL for <behave@ietfa.amsl.com>; Thu, 4 Aug 2011 14:52:27 -0700 (PDT)
Received: from zimbra.secure64.com (unknown [64.92.221.189]) by ietfa.amsl.com (Postfix) with ESMTP id 6FF6221F8A4F for <behave@ietf.org>; Thu, 4 Aug 2011 14:52:27 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by zimbra.secure64.com (Postfix) with ESMTP id 4C5CCB8402; Thu, 4 Aug 2011 15:52:42 -0600 (MDT)
X-Virus-Scanned: amavisd-new at secure64.com
Received: from zimbra.secure64.com ([127.0.0.1]) by localhost (zimbra.secure64.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q+cI-8HIB06F; Thu, 4 Aug 2011 15:52:31 -0600 (MDT)
Received: from exchange.secure64.com (exchange.secure64.com [192.168.254.250]) by zimbra.secure64.com (Postfix) with ESMTPSA id E7AB6B83F4; Thu, 4 Aug 2011 15:52:30 -0600 (MDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=secure64.com; s=2010; t=1312494750; bh=UfSolrFJhz7AOG/9t5Yx3hr9jWOqGH8a8036L9fcqGQ=; h=MIME-Version:Subject:Date:Content-Type:Message-ID:In-Reply-To: References:From:To; b=xBpwhAykWvQu5uKBtufEQTVheoSposVrKPTUKa8M3EVN DXO0HgwLe99e2E9JLRLkULqPIIG9jmQwvlXHIDJ79gvqXv6mEPPEwM4Fg5KHsgvChSs LKwA+JFduP5N4bNewVQ7so6UZQbCSkiLVj+49rJZwwzgrn8Djj5jzZ8TdB3g=
Content-class: urn:content-classes:message
MIME-Version: 1.0
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Thu, 04 Aug 2011 15:47:14 -0600
Content-Type: multipart/signed; micalg="SHA1"; protocol="application/x-pkcs7-signature"; boundary="----=_NextPart_000_0000_01CC52C6.2A0B7D20"
Message-ID: <DD056A31A84CFC4AB501BD56D1E14BBBA78E66@exchange.secure64.com>
In-Reply-To: <018201cc52e4$901b9690$b052c3b0$@com>
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
Thread-Topic: [BEHAVE] Happy Eyeballs and DNS64 not sending synthetic AAAA RRs
Thread-Index: AcxS2aXNiP2HDGTDTNOEM2zQM2ExQQACnKmwAAK1SiA=
References: <916CE6CF87173740BC8A2CE443096962A6F825@008-AM1MPN1-037.mgdnok.nokia.com> <5667E655-22FD-483B-872C-73F9B8667EEC@viagenie.ca><20110804190632.GJ38760@shinkuro.com> <018201cc52e4$901b9690$b052c3b0$@com>
From: Stephan Lagerholm <stephan.lagerholm@secure64.com>
To: Dan Wing <dwing@cisco.com>, Andrew Sullivan <ajs@anvilwalrusden.com>, behave@ietf.org
Subject: Re: [BEHAVE] Happy Eyeballs and DNS64 not sending synthetic AAAA RRs
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Aug 2011 21:52:28 -0000
Thu 8/4/2011 3:25 PM, Dan Wing: > A nuance to this problem is that some networks will have a mix > of hosts: > > (a) IPv4-only, which use a 'normal' DNS server > (b) dual stack hosts, which use a 'normal' DNS server > (c) IPv6-only hosts, which use a DNS64 server so they > can use a NAT64 to visit IPv4-only servers. > > http://tools.ietf.org/html/draft-wing-behave-dns64-config-03 discusses > the pros/cons of a bunch of mechanisms to provide the correct DNS > server to all three of those host types. The technique outlined in the draft doesn't work. Clients will not strictly stick to the "ordered" list: ::ffff:192.0.2.1 # 'normal' DNS server 2001:db8:dddd::1234 # DNS64 server If for example a client is trying to resolve www.dns-will-timeout-for-this-domain.com then the client will switch to the second DNS server in the list. In practice you will have about 50% traffic to each server after a day or so. There are plenty of examples of domains that bind and other nameservers never return an answer for. The right thing to do is to have different policies for the different networks, potentially using views or other similar DNS mechanism. /Stephan Lagerholm
- [BEHAVE] Happy Eyeballs and DNS64 not sending syn… teemu.savolainen
- Re: [BEHAVE] Happy Eyeballs and DNS64 not sending… Marc Blanchet
- Re: [BEHAVE] Happy Eyeballs and DNS64 not sending… teemu.savolainen
- Re: [BEHAVE] Happy Eyeballs and DNS64 not sending… Cameron Byrne
- Re: [BEHAVE] Happy Eyeballs and DNS64 not sending… Andrew Sullivan
- Re: [BEHAVE] Happy Eyeballs and DNS64 not sending… Dan Wing
- Re: [BEHAVE] Happy Eyeballs and DNS64 not sending… Stephan Lagerholm
- Re: [BEHAVE] Happy Eyeballs and DNS64 not sending… Dan Wing
- Re: [BEHAVE] Happy Eyeballs and DNS64 not sending… Andrew Sullivan
- Re: [BEHAVE] Happy Eyeballs and DNS64 not sending… Stephan Lagerholm
- Re: [BEHAVE] Happy Eyeballs and DNS64 not sending… Andrew Sullivan