IETF Logo Mail Archive

Re: [DNSOP] DNS IPv6 Transport Operational Guidelines (draft-momoka-dnsop-3901bis-00)

Geoff Huston <gih@apnic.net> Fri, 10 November 2023 12:33 UTC

Return-Path: <gih@apnic.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D4A2C1522A0 for <dnsop@ietfa.amsl.com>; Fri, 10 Nov 2023 04:33:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=apnic.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k8OShB5mR0mO for <dnsop@ietfa.amsl.com>; Fri, 10 Nov 2023 04:33:34 -0800 (PST)
Received: from AUS01-ME3-obe.outbound.protection.outlook.com (mail-me3aus01on2057.outbound.protection.outlook.com [40.107.108.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B5BB0C1519BF for <dnsop@ietf.org>; Fri, 10 Nov 2023 04:33:33 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SZ9uGNn0CEXybqsWKJec13iJxfQpDjgVGg9r+hzjOBUfvxWOY2LDXYMHg2jSLvGCLldWzEQapXKcwm1sl8oWm5Ip5JljetdntKVZcqTP8YSTtNUXYwu+/y9sscm19/keFKGiWp3OETfyogldtTLjZS9yLom2dzvn67bIUgtWhuJCkS69XxijnlDnHva8hW71fnSywx9Tm5isFchZ98SaDZYY0QML8WbS53pKsOr2q6oyvTgooTILfqX23XwQV3qY0yegwh9cpU//dSGayh+JfWNHHXlBKZwKrAArY4zof+7kp0ZHcoa8y5u6T/LL4SP/PrxzavF8rXvMlfXOScKQtQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=xmHE9FLLqSZ5v909rLneN6UzaLeDU4x6MhNGPV50ubE=; b=WclWiW67mMaSeDLWQrqCdqn1h1dYpKjc3RDLxicz6d/XzoZM0J0+dgA+QGxE2g+lybQmlu2weZ9bmInvQVLB1ndjzStFbBO7jhA0kSgZsvI+CYXikzmcJ9Ee4USv072HuYZYz/mDucoFRRzyHVk9LGAHRVKyjWBr5cTgZIRW+BJQc5MSe+tpuC4o+CuQSSnxg6UnYLov9UE0QxFnZkN9d3FlQjrrh4HbpSzkjocYM+3LfJAvXuWMwN2wheJRfzqwaKHOLHSi5uAa1XOkwRf5zXmL8GUxaQKP4tE3JXf+QYF8MQWG3IrHEng1jc+znfLCBsNjv2uZKARVYrlkEdzgug==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=apnic.net; dmarc=pass action=none header.from=apnic.net; dkim=pass header.d=apnic.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apnic.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xmHE9FLLqSZ5v909rLneN6UzaLeDU4x6MhNGPV50ubE=; b=VdaQpZQOCuUg6ck3pL9Maz+NYahHVhaYKgM5VPVlmKV3uCA5RQbhf6bdXyLrFz0bWczF4S1JWXDQZxzkpoJGtFKQv3HV7qnDqWPi+zx2Wrqwvi4GIRyX7ddYT6PIuopLGtst+qYiQ6o6bUJUnVDFvmsgPN/GDj5eYho5wB3gyAI=
Received: from SYZP282MB3169.AUSP282.PROD.OUTLOOK.COM (2603:10c6:10:176::18) by SYBP282MB4232.AUSP282.PROD.OUTLOOK.COM (2603:10c6:10:1ab::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6977.18; Fri, 10 Nov 2023 12:33:30 +0000
Received: from SYZP282MB3169.AUSP282.PROD.OUTLOOK.COM ([fe80::350c:a749:2801:a711]) by SYZP282MB3169.AUSP282.PROD.OUTLOOK.COM ([fe80::350c:a749:2801:a711%3]) with mapi id 15.20.6977.020; Fri, 10 Nov 2023 12:33:30 +0000
From: Geoff Huston <gih@apnic.net>
To: Erik Nygren <erik+ietf@nygren.org>
CC: Momoka Yamamoto <momoka.my6@gmail.com>, dnsop <dnsop@ietf.org>, "tfiebig@mpi-inf.mpg.de" <tfiebig@mpi-inf.mpg.de>
Thread-Topic: [DNSOP] DNS IPv6 Transport Operational Guidelines (draft-momoka-dnsop-3901bis-00)
Thread-Index: AQHaBRNy4EISelINJ0ynbToUeUuFXbBzeQEAgAAhAgA=
Date: Fri, 10 Nov 2023 12:33:29 +0000
Message-ID: <9A9C571F-6F18-454D-B485-E4F4CCA9C507@apnic.net>
References: <169799775073.37189.755531277393574227@ietfa.amsl.com> <CAD9w2qaJYsWzF=fWQTHs+z5=3rmv6B5VGeF6Sd9wV_+aYds-AA@mail.gmail.com> <CAKC-DJgQs3vJvw25gMQDGLsHKxoDg=XSPHkVUoc5MmD8sXRVNQ@mail.gmail.com>
In-Reply-To: <CAKC-DJgQs3vJvw25gMQDGLsHKxoDg=XSPHkVUoc5MmD8sXRVNQ@mail.gmail.com>
Accept-Language: en-AU, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3774.200.91.1.1)
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=apnic.net;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SYZP282MB3169:EE_|SYBP282MB4232:EE_
x-ms-office365-filtering-correlation-id: a6d9d394-8170-4f59-a8f1-08dbe1e93e51
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: luW7PeCgOaNgeYPbVt8ROCpr3Wts92IjgB3ysbBbnMIqPMFXvKA543x1MLb2izCFBb/G9Lzw4NlrEn1vex37tYxvLyI788dw/EGRFbaTW3hI3FGSGcPdPRGl25Mb67CWn5X/sSJJRXqRcrJjIA6meCtrr/63RjwWZOwFDmr1SBmHan1ZBN4oNlILIxBPwXvZDJJ8wFGHtlKgVPmb3dELvM8ocQTHv3rIpHMWduaNpApmSU0tBP8l3nw1ltfC0nkm2KQ6IFhDIouybo3hzliYTiHQ25oAwwUOHuN1zFBefWZAJV9DHQ4BBLsvtO2od8RZCQD69nbSj+VOOVvQ7vZClvsEXo2RxIMCYKcKmYwJYz+PkJZCQ/jjcA1KXQgf8Nmi+c+F/coEXzWjITIiWGBNTC1vXoU3Dq7Ee0bhOsVIshQ15TammV+vuMAFnI7U0Qmv4yERxRn3v2Y+C/RHV0uoQ1FEM1FBMO0TWHLRvseKz/EdT3EdjXeUD+Ln9t8EC8jDKg4hkoCImbBNAb+C5mpCIlW0R2WAPQmGrMN+qV9DypKJofqEuYB2ovFjkJFvT1/01b6PM6FhcCvrU5BFSEOLHViySQfdqund5Q+4W5PTsVZwJmxcRfFcvj1fBW7vnSYM4hi+0Q+6T92FTxiIRe/Ltg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SYZP282MB3169.AUSP282.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(366004)(376002)(346002)(136003)(396003)(39840400004)(230922051799003)(186009)(451199024)(64100799003)(1800799009)(6512007)(41300700001)(6506007)(83380400001)(53546011)(91956017)(2906002)(64756008)(2616005)(54906003)(66946007)(66476007)(66446008)(66556008)(4326008)(316002)(76116006)(478600001)(8936002)(966005)(6486002)(8676002)(71200400001)(33656002)(36756003)(38070700009)(5660300002)(122000001)(166002)(38100700002)(86362001)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Ins1y+b30Io4dg9TAPciwXb2sXZGwWAh8TKRpmvdHxMlouoXhbsoZQhnMw/sizShzpHbAmLgMRjvIWE7cp8qFDynGp+fXMHuz8KesSsM0ue2IGgcn8GnZmSTdTD8wnl0i2k6BI3W481ysmfp0tPOrcJy9WHnKuVuwqC3SR7wATLHxpXdo45GERAplGVjbga8p+Jh9v7ID+Co33vsiebavcf8kVEWAUlYD+cV2QwjDxJIVy4AlBnxD/1C3xHA3ANr/omzeWmZM+HqbZEzBAlbYpW65Cv7osWe0NreY2riZ5AOTKXX7U2H9ZfZHtOCBU6l8JtNMoOg43je4AkNoxGv0UzPJHwAPljFkHiqPOXnEF4gXnROsMeXphRLe0+CeEdTFES/NV2XG2cMwg9VblXtjI0NIL4pMmeZNM1fElXNxFbyD6iBLmzMCmwRB/Lj4B4lQQn1yxCZtT/nWbsHgunwhedIoEobp1+ULbC8PL1rVxKfJ+s1tt7CjMd9FB4/T62A82g7vSreYIDiCO6iUWIVpE8nyk3tubUdne6SQvxPQyiEGi26xo49EH/sSU7O4og1dHjBP+Q/Ak9Wb0kGoleI2dQgvVAaMUCGM0IfPKvPUB4485ftFJ3k22R0a5YvL305DXmd9VdPNAxc7lQSqlJ77d6dc4c/LGhz9ZgKHnFfp+n0PwCI6kOIzb3XjzGEyjckoDq3wfXb6cWXVkGWkjvZnmhWMMM2bekS/fXrDHma6oj6TNB74iIumuq1WM4sOnvpP/xBDQeeX7t2SqY441k4Ynnii9iGCmvQ3qrNbz1hZS8ZKViva9VJY2rRS2he49/FNLyHI/Zl93PmmqRDSm8aDLK0/gTNf8Ia+QCJMaXKKt2Y1GK8bk9HdQ6bzLInXt6sIZzoSljHZXrIOarGOz7pytsk0EmxL60p2V2pLrjjbU8ttQ6G8jBu5px8VLoQeT0xc1rdzdaNH83WP9/7WwjDNvuIS7D+CTpj+l4v2pLV92QHcJ5RolYq5mf8DiV+zBuM4N/YBprem7/5RJ32L4KB3M9Kw4WGoz8k0Vc49Ss4hetgjefm82vyyZxySzyoqYc8EI/sIgbmpJChkGXE9CKk+UXgfHqQnhPGylD+0v1/TWf55d9eLL/z5+C3r6/hjsRpfemZdI7KZPX54X67Ftm37oceEH6o3sqNQJG8LMRwy+qqSYiKNF30BLEXbllgskmTGzkqT8X6nZJef210JPbQn5ZXSAW40IGKieD02x8CEIgLwiBGJGxV8uHGJBXupp95gntqFjkJVyo2v0yqUc77i3Y5zlkKYj8r+G5ytsB6+M41akgNwNPMVuqIZODsdQaDM2D3kXngR107SLYACXCetZZEPUoXw3Ogh1c+4PLS4cDxezRufFF7/s0hWMVWXFZCk63/I1qtOYjgWhH48dEUJZ0CWdR6kwz2UQ6geXdwE5DKd+9qn63Olih04qiL1zIFN7H0EcupsBHexWZgRBeRHVe3PsvBMatXosUAhoolBcDaB/SvJpCLYGF9q8zM9JgyjD5BGRFj+ymxb8Jrnl2BGTyt6mpTuG/ISEixOwqxGPur6ULEmeX+sqZn1B6FnWq8ibytzn1M+k01PjHzi8szP81o4ZgVzJ/NuxOp2+d3THNCfxb2lCiJgWR6+LjDY2Qu
Content-Type: multipart/alternative; boundary="_000_9A9C571F6F18454DB485E4F4CCA9C507apnicnet_"
MIME-Version: 1.0
X-OriginatorOrg: apnic.net
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SYZP282MB3169.AUSP282.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: a6d9d394-8170-4f59-a8f1-08dbe1e93e51
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Nov 2023 12:33:29.1828 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 127d8d0d-7ccf-473d-ab09-6e44ad752ded
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: wNxBZMlIrss2WZJUx4M4XEhRc/SUtZKfKM/+fqdRSbDy4AZCCO6HKzP2c4c429rN
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SYBP282MB4232
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/Sqvk8jfSExaqcJ__sivr3OpHtSE>
Subject: Re: [DNSOP] DNS IPv6 Transport Operational Guidelines (draft-momoka-dnsop-3901bis-00)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Nov 2023 12:33:38 -0000

Here’s an analysis of measurement of issues with IPv6 and DNS resolvers from a few years ago...https://www.potaroo.net/presentations/2017-09-29-xtn-hdrs-dns.pdf

I have not returned to this measurement for some years as there appeared to be little interest in the results right up until now!

If there is interest in this measurement work about the DNS, large responses and IPv6 failure rates from the working group I’m sure it can be revived!

Geoff

On 10 Nov 2023, at 11:35 am, Erik Nygren <erik+ietf@nygren.org> wrote:

Thank you for writing this up!  I think this is long-overdue
and I'd be supportive of the dnsop working group adopting this.
(It seems to make more sense for me to do this in dnsop while keeping v6ops informed.)

We likely will want to cover the concerns that Geoff raises around fragmentation,
but it would be better to give guidance around addressing those issues.
There is already very substantial deployment of IPv6 among DNS authorities and it is widely
used by DNS recursive.  I don't have numbers handy at the moment, but it would not surprise
me if a significant portion of recursive-to-authoritative traffic is already IPv6.
Given that, we need to fix issues there.

Enabling IPv6-only networks to work is important and is starting to be practical in some scenarios.
DNS is one of the bigger blocking points, and excellent progress has already been made.

NIST has an IPv6 and DNSSEC deployment tracker: https://fedv6-deployment.antd.nist.gov/cgi-bin/generate-com


For the tracked "industry" domains (still US-centric), IPv6 has gone from 10% IPv6 for DNS authorities
to over 70% and is still growing. (DNSSEC-signed is still well below 10%).
At least some governments are also requiring IPv6 DNS authorities for everything in the resolution chain,
at least for some industries.

We're far enough into this transition already on the authoritative DNS side that this is long overdue and
in some ways may be defining existing best practices.

     Erik

v2.46.0 | Report a Bug | By Email | System Status