From owen@delong.com Sat Nov 11 22:48:58 2023 Return-Path: X-Original-To: v6ops@ietfa.amsl.com Delivered-To: v6ops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5465EC15C2AF for ; Sat, 11 Nov 2023 22:48:58 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.105 X-Spam-Level: X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=delong.com Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 96nfKMv138bL for ; Sat, 11 Nov 2023 22:48:54 -0800 (PST) Received: from owen.delong.com (owen.delong.com [IPv6:2620:0:930::200:2]) by ietfa.amsl.com (Postfix) with ESMTP id 8DE1EC15C296 for ; Sat, 11 Nov 2023 22:48:54 -0800 (PST) Received: from smtpclient.apple ([192.168.100.138]) (authenticated bits=0) by owen.delong.com (8.17.1/8.15.2) with ESMTPSA id 3AC6mmXw3116297 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 12 Nov 2023 06:48:48 GMT DKIM-Filter: OpenDKIM Filter v2.11.0 owen.delong.com 3AC6mmXw3116297 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=delong.com; s=mail; t=1699771729; bh=ziaBa24xEn/pV1lJsb6XCm1amsU/xhpV+hE/TyUvVi8=; h=From:Subject:Date:In-Reply-To:Cc:To:References:From; b=nwAQDLWEUVjjDhGmYWoQovF3CqBS/FmM6CYww00Tdk5d0pnYDifqW64pNZ0TYkWFH dFU927xACTaIWnIyZzyG1BA9CArVZYG2qW6nBIvGl2+yAVmJliq+vz7S/TBl3ox0nX kkuGJTSBdvugIsqdlztCMsu3dJXDFG2CrJmEAx8c= From: Owen DeLong Message-Id: Content-Type: multipart/alternative; boundary="Apple-Mail=_06A9FE51-2D2D-4E02-9A05-5B414B8EEA03" Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.100.2.1.4\)) Date: Sat, 11 Nov 2023 22:48:38 -0800 In-Reply-To: Cc: Geoff Huston , list To: David Farmer References: <927959F5-71C8-4488-A52D-2A5A0969A951@apnic.net> <5A47C4EB-7DFD-472D-87DE-F2AEF9971844@delong.com> <4F493716-44FA-473A-8EFC-C6811B1E1C7A@apnic.net> <00356A59-2B04-4A46-B2B4-EA595A4F02A1@delong.com> <4B765D39-5201-4814-BFAE-8F3D71D24469@apnic.net> X-Mailer: Apple Mail (2.3774.100.2.1.4) X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.4 (owen.delong.com [192.159.10.2]); Sun, 12 Nov 2023 06:48:49 +0000 (UTC) Archived-At: Subject: Re: [v6ops] New draft at dnsop a bis for DNS IPv6 Transport Operational Guidelines X-BeenThere: v6ops@ietf.org X-Mailman-Version: 2.1.39 Precedence: list List-Id: v6ops discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Nov 2023 06:48:58 -0000 --Apple-Mail=_06A9FE51-2D2D-4E02-9A05-5B414B8EEA03 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 > On Nov 11, 2023, at 22:22, David Farmer wrote: >=20 > I think Owen is referring to the behavior of DNS clients communicating = with a recursive DNS resolver specified in Section 3.1 of RFC 8305, = Happy Eyeballs v2; >=20 > 3.1. Handling Multiple DNS Server Addresses >=20 > If multiple DNS server addresses are configured for the current > network, the client may have the option of sending its DNS queries > over IPv4 or IPv6. In keeping with the Happy Eyeballs approach, > queries SHOULD be sent over IPv6 first (note that this is not > referring to the sending of AAAA or A queries, but rather the = address > of the DNS server itself and IP version used to transport DNS > messages). If DNS queries sent to the IPv6 address do not receive > responses, that address may be marked as penalized and queries can = be > sent to other DNS server addresses. >=20 > As native IPv6 deployments become more prevalent and IPv4 addresses > are exhausted, it is expected that IPv6 connectivity will have > preferential treatment within networks. If a DNS server is > configured to be accessible over IPv6, IPv6 should be assumed to be > the preferred address family. >=20 > On the other hand, Geoff is referring to the behavior of a recursive = DNS resolver communicating with an authoritative DNS server. And I think = he is correct that there isn't any Happy Eyeballs type behavior there. Fair enough, and yes, that=E2=80=99s true (at least for what I=E2=80=99m = referring to, I won=E2=80=99t presume to speak for Geoff, but seems = likely), but in most cases, the end result of this is that the client = gets back a quick answer even if IPv6 fails (at least that=E2=80=99s = been my experience). Owen --Apple-Mail=_06A9FE51-2D2D-4E02-9A05-5B414B8EEA03 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8

On Nov 11, 2023, at 22:22, David Farmer = <farmer@umn.edu> wrote:

I think Owen is referring to the behavior of DNS = clients communicating with a recursive DNS resolver specified in Section = 3.1 of RFC 8305, Happy Eyeballs v2;

3.1.  Handling Multiple DNS = Server Addresses

   If multiple DNS server addresses = are configured for the current
   network, the client may = have the option of sending its DNS queries
   over IPv4 or = IPv6.  In keeping with the Happy Eyeballs approach,
  =  queries SHOULD be sent over IPv6 first (note that this is = not
   referring to the sending of AAAA or A queries, but = rather the address
   of the DNS server itself and IP = version used to transport DNS
   messages).  If DNS = queries sent to the IPv6 address do not receive
  =  responses, that address may be marked as penalized and queries can = be
   sent to other DNS server addresses.

  =  As native IPv6 deployments become more prevalent and IPv4 = addresses
   are exhausted, it is expected that IPv6 = connectivity will have
   preferential treatment within = networks.  If a DNS server is
   configured to be = accessible over IPv6, IPv6 should be assumed to be
   the = preferred address family.

On = the other hand, Geoff is referring to the behavior of a recursive DNS = resolver communicating with an authoritative DNS server. And I think he = is correct that there isn't any Happy Eyeballs type behavior = there.

Fair = enough, and yes, that=E2=80=99s true (at least for what I=E2=80=99m = referring to, I won=E2=80=99t presume to speak for Geoff, but seems = likely), but in most cases, the end result of this is that the client = gets back a quick answer even if IPv6 fails (at least that=E2=80=99s = been my = experience).

Owen

= --Apple-Mail=_06A9FE51-2D2D-4E02-9A05-5B414B8EEA03--