Re: [v6ops] New draft at dnsop a bis for DNS IPv6 Transport Operational Guidelines

Owen DeLong <> Sun, 12 November 2023 06:48 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 5465EC15C2AF for <>; Sat, 11 Nov 2023 22:48:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 96nfKMv138bL for <>; Sat, 11 Nov 2023 22:48:54 -0800 (PST)
Received: from ( [IPv6:2620:0:930::200:2]) by (Postfix) with ESMTP id 8DE1EC15C296 for <>; Sat, 11 Nov 2023 22:48:54 -0800 (PST)
Received: from ([]) (authenticated bits=0) by (8.17.1/8.15.2) with ESMTPSA id 3AC6mmXw3116297 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 12 Nov 2023 06:48:48 GMT
DKIM-Filter: OpenDKIM Filter v2.11.0 3AC6mmXw3116297
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=mail; t=1699771729; bh=ziaBa24xEn/pV1lJsb6XCm1amsU/xhpV+hE/TyUvVi8=; h=From:Subject:Date:In-Reply-To:Cc:To:References:From; b=nwAQDLWEUVjjDhGmYWoQovF3CqBS/FmM6CYww00Tdk5d0pnYDifqW64pNZ0TYkWFH dFU927xACTaIWnIyZzyG1BA9CArVZYG2qW6nBIvGl2+yAVmJliq+vz7S/TBl3ox0nX kkuGJTSBdvugIsqdlztCMsu3dJXDFG2CrJmEAx8c=
From: Owen DeLong <>
Message-Id: <>
Content-Type: multipart/alternative; boundary="Apple-Mail=_06A9FE51-2D2D-4E02-9A05-5B414B8EEA03"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.\))
Date: Sat, 11 Nov 2023 22:48:38 -0800
In-Reply-To: <>
Cc: Geoff Huston <>, list <>
To: David Farmer <>
References: <> <> <> <ZU6WpbDBJ9lcik_3@Space.Net> <> <> <> <> <> <> <> <>
X-Mailer: Apple Mail (2.3774.
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.4 ( []); Sun, 12 Nov 2023 06:48:49 +0000 (UTC)
Archived-At: <>
Subject: Re: [v6ops] New draft at dnsop a bis for DNS IPv6 Transport Operational Guidelines
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: v6ops discussion list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 12 Nov 2023 06:48:58 -0000

> On Nov 11, 2023, at 22:22, David Farmer <> wrote:
> I think Owen is referring to the behavior of DNS clients communicating with a recursive DNS resolver specified in Section 3.1 of RFC 8305, Happy Eyeballs v2;
> 3.1.  Handling Multiple DNS Server Addresses
>    If multiple DNS server addresses are configured for the current
>    network, the client may have the option of sending its DNS queries
>    over IPv4 or IPv6.  In keeping with the Happy Eyeballs approach,
>    queries SHOULD be sent over IPv6 first (note that this is not
>    referring to the sending of AAAA or A queries, but rather the address
>    of the DNS server itself and IP version used to transport DNS
>    messages).  If DNS queries sent to the IPv6 address do not receive
>    responses, that address may be marked as penalized and queries can be
>    sent to other DNS server addresses.
>    As native IPv6 deployments become more prevalent and IPv4 addresses
>    are exhausted, it is expected that IPv6 connectivity will have
>    preferential treatment within networks.  If a DNS server is
>    configured to be accessible over IPv6, IPv6 should be assumed to be
>    the preferred address family.
> On the other hand, Geoff is referring to the behavior of a recursive DNS resolver communicating with an authoritative DNS server. And I think he is correct that there isn't any Happy Eyeballs type behavior there.

Fair enough, and yes, that’s true (at least for what I’m referring to, I won’t presume to speak for Geoff, but seems likely), but in most cases, the end result of this is that the client gets back a quick answer even if IPv6 fails (at least that’s been my experience).