Re: [v6ops] New draft at dnsop a bis for DNS IPv6 Transport Operational Guidelines

Gert Doering <> Fri, 10 November 2023 20:46 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C8A19C18FCCF for <>; Fri, 10 Nov 2023 12:46:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.807
X-Spam-Status: No, score=-2.807 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id mupwusQYAKy7 for <>; Fri, 10 Nov 2023 12:46:35 -0800 (PST)
Received: from ( [IPv6:2001:608:3:85::38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 40A00C18FCBC for <>; Fri, 10 Nov 2023 12:46:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;;; q=dns/txt; s=esa; t=1699649195; x=1731185195; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=oWJuWmNwisI6fQ+b31Fwcg/Il+SERCXmmNfF5eObnD4=; b=gD48V7CH2FHB/A+l8nLN14Vc8rFyxYpBOhAqqYA8Akos5G1VQyA9XLzJ DURZyMlz2WHgtxOvvawqEPaNzz3/v0Z0kjmGTLyCXPI3IAAHCLfWUyTwH nOkh8l0zoahOozVdq1I+Grt/+FchLEb+VVaRzuxG3NvwzBCkSPCsdbKX8 lyjQZ/n0d7d8/Dxxp0d5KJUK8HIADJe8z73D1xXL4ecbuduyv6gh7TR7v 1dbx+7uUqqVOLvfECavFQo2y+rqhdZYvTZDPUaG21NrAEmBTyY9+lfMDs o9xNcer3Zuk7e8vZaBgk5/rDAq8JrzHVtmXduyFFIwdCmab+YkySf5Nv1 w==;
X-CSE-ConnectionGUID: NMMeJrjQS4OqiQ66e6cnxQ==
X-SpaceNet-SBRS: None
Received: from ([]) by with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 Nov 2023 21:46:30 +0100
Received: from (localhost [IPv6:::1]) by (Postfix) with ESMTP id E403F405EB for <>; Fri, 10 Nov 2023 21:46:29 +0100 (CET)
X-SpaceNet-Relay: true
Received: from ( [IPv6:2001:608:2:2::251]) by (Postfix) with ESMTP id D23C5405B3; Fri, 10 Nov 2023 21:46:29 +0100 (CET)
Received: by (Postfix, from userid 1007) id C8A32307DF; Fri, 10 Nov 2023 21:46:29 +0100 (CET)
Date: Fri, 10 Nov 2023 21:46:29 +0100
From: Gert Doering <>
To: Geoff Huston <>
Cc: Nick Buraglio <>, list <>
Message-ID: <ZU6WpbDBJ9lcik_3@Space.Net>
References: <> <> <>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <>
Archived-At: <>
Subject: Re: [v6ops] New draft at dnsop a bis for DNS IPv6 Transport Operational Guidelines
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: v6ops discussion list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 10 Nov 2023 20:46:39 -0000


On Thu, Nov 09, 2023 at 04:50:11PM +0000, Geoff Huston wrote:
> The issue of the way that IPv6 handles fragmentation, the use of DNS over UDP and the use of DNSSEC which creates large responses conspire together to make the recommendation in this draft, namely that "Every authoritative DNS zone SHOULD be served by at least one IPv6-reachable authoritative name server??? questionable.
> In fact I would say that such a SHOULD is operationally highly unwise.

So, you are saying that those networks that run dual-stack today 
(including their DNS infrastructure) should turn off IPv6 again?

I'd much rather prefer to fix the problems, as measured, and get rid
of IPv4.

But if you think that IPv6 should be turned off, globally, because it's
beyond repair, maybe this should be stated clearly.  I might concur.

Seriously: having ONE nameserver v6-reachable, as suggested, is not the
same thing as "if this IPv6 thing is not working, DNS resolution will
fail" - there's more than one nameserver, and DNS is good at failing 
over.  Nameservers fail all the time.

OTOH, having sufficient authoritative name servers on v6 (and v4) gives
a much broader plattform measuring where it still fails, and possibly
fixing the paths in between, or the software in use.

Gert Doering
        -- NetMaster
have you enabled IPv6 on something today...?

SpaceNet AG                      Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14        Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen                 HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444         USt-IdNr.: DE813185279