Re: [IPv6] Second Working Group Last Call for <draft-ietf-6man-rfc6724-update>

[Ted Lemon <mellon@fugue.com>]

On Thu, Apr 11, 2024 at 9:45 AM Kyle Rose <krose@krose.org> wrote:

> On Thu, Apr 11, 2024 at 9:29 AM Ted Lemon <mellon@fugue.com> wrote:
>
>> Kyle, I don't know if you can see this from where you're sitting, but you
>> are making a religious argument here. It is not a misconfiguration to put a
>> ULA in the DNS right now in the sense that it causes a problem.
>>
>
> This is not true. As I've noted several times over the past year, the
> current behavior of glibc's getaddrinfo in Debian stable and maybe other
> Linux distributions is to prefer ULA to IPv4, contra 6724. It does this by
> combining the 6724 labels (so ULA and GUA are not mixed) with the 3484
> precedences (so all IPv6 is preferred to all IPv4). I have no idea who made
> that change or when it was introduced, but that person was a visionary;
> BUT, in doing so, it would break (timeout/rejection, retry, etc.) with
> unreachable ULA.
>

I think arguing about getaddrinfo is sort of beside the point—an API like
that can't work because it doesn't have control over source address
selection, and has to just pick a destination address and hope the kernel
gets source address selection right. And then you wind up doing Happy
Eyeballs to compensate for the short comings of the API, which we both I
think would prefer to avoid.

As long as apps continue to use getaddrinfo, there's really nothing we can
do about this. Fantasizing about outlawing ULAs in the public DNS will not
solve the problem. It's true that glibc probably doesn't currently have a
way to figure out whether a particular ULA is known-local or not, but
there's no actual reason why it couldn't know. It just currently doesn't.

Adding known-local detection to the glibc getaddrinfo implementation would
in fact address the problem that you are describing. Publishing the
document without making this mandatory will not address your problem. glibc
is already doing what you want the document to mandate—prioritizing ULA
over IPv4. I still don't get why we are arguing about this—I know I must be
missing something about your position on this, but I can't figure out what.

It's a misconfiguration because it doesn't match your mental model of How
>> Things Should Be.
>>
>
> I am indeed arguing that putting unreachable addresses in global DNS is a
> misconfiguration. As a site administrator, I wouldn't put either RFC 1918
> addresses or ULA into global DNS if I wanted clients to be able to connect
> without timeouts and retries. There are certainly alternate histories of
> the internet in which such a model would have been okay, but that's not the
> internet we have in this timeline.
>

I don't disagree with you about this. It doesn't match my mental model
either. However, this just isn't relevant to this discussion—neither you
nor I have control of all DNS zones on the Internet, and that's probably a
good thing. So if we want to see better behavior when zone operators
violate our expectations, the only knob we have to turn is to improve host
implementations.