ipv6 recursive resolvers how do we make the transition
play

IPv6 & recursive resolvers: How do we make the transition less - PowerPoint PPT Presentation

Oct 13, 2022 •188 likes •282 views

IPv6 & recursive resolvers: How do we make the transition less painful? March 24th, 2010 IETF 77 Igor Gashinsky (igor@yahoo-inc.com) Infrastructure Architecture IPv6 3/24/2010 Page 1 Overview of the problem IPv6 rollout may

  1. IPv6 & recursive resolvers: How do we make the transition less painful? March 24th, 2010 IETF 77 Igor Gashinsky (igor@yahoo-inc.com) Infrastructure Architecture IPv6 • 3/24/2010 • Page 1

  2. Overview of the problem • IPv6 rollout may not impact production IPv4 • Rolling out dedicated IPv6 hostnames is not a good long- term solution – Good for early adopters, not good for general public • Today, enabling AAAA on the production hostnames would adversely impact IPv4 reachability – 0.078% of users drop off the grid • Assuming a user base of 600M, that's 470K users that you broke! – Additionally, client time-outs for IPv4 fallback when AAAA fails is between 21 and 186 seconds – That's a lot of breakage! – This is a barrier for a lot of content players IPv6 • 3/24/2010 • Page 2

  3. What can we do about it? • Don't roll out IPv6 – Not very practical • Roll out IPv6, accept the breakage – Not very realistic • Prefer A over AAAA – This ship has already sailed, unfortunately • Work with OS/app vendors to fix IPv6 issues – Awful long lead times/upgrade cycles • Don't let users with broken IPv6 connectivity know about AAAA records – Sounds good, how do we do that? IPv6 • 3/24/2010 • Page 3

  4. How do we accomplish this? ISP DNS Destination End-user Recursive Auth DNS PC • Options: – Auth DNS server does not return AAAA for queries via Recursive server if it detects “broken” IPv6 users behind it • Requires a lot of instrumentation to set-up • Collateral damage for working IPv6 users – ISP DNS Recursive servers does not return AAAA for users who have broken IPv6 connectivity • How to accurately measure working users when you are not an endpoint? – ISP DNS recursive server only returns AAAA for users who have known working IPv6 connectivity • OK, sounds too good to be true, how does that work? IPv6 • 3/24/2010 • Page 4

  5. How do we accomplish this (2) • Only way of knowing the user has working IPv6 connectivity, is if the AAAA query came over IPv6! – Proposed solution: • ISP must roll out native IPv6 on their network, and have IPv6- addressable recursive servers deployed • Hand out IPv6 && IPv4 recursive server addresses to the end-users • Return 0 answers for AAAA if, and only if: – Query comes over Ipv4 – “A” record exists for same name – DNSSEC is not used • Auth DNS server now only has to worry about IPv6 reachability to the Recursive server – A lot easier to resolve problems at the ISP level then with individual end-users – A few broken IPv6 users don’t adversely impact everyone else IPv6 • 3/24/2010 • Page 5

  6. What does this do? • Benefits: – Allows for IPv6 reachability issues to be resolved between NOCs – Less support calls for “what is this IPv6 thing that broke my internets?!?!?!” – Fewer “brokenness” with deploying IPv6 = more people may deploy it sooner • Side-effects: – Trust -- now we have recursive servers modifying authoritative records – This effectively turns off IPv6 for OS’s that can only do DNS queries over IPv4 (ie Windows XP) • QUESTION: Is this worth pursuing further? IPv6 • 3/24/2010 • Page 6

  7. Feedback from previous forums • This idea has been presented at NANOG, ISOC IPv6 Roundtable and OARC over the past year, and the feedback that we received so far: – This is a really ugly hack. – People however think this may be necessary to get widespread IPv6 adoption – Needs ability to restrict behavior based on ACL • allow AAAA to get through for selected v4 addresses • stop it from getting through for selected v6 addresses Some of this is to make various 6RD deployments work IPv6 • 3/24/2010 • Page 7

  8. Status • BIND: – In mainline after 9.7.0b2 – disable-aaaa-on-v4-transport ( yes | no | break-dnssec ); – Upon receipt of a query for an AAAA record: • If the request has DNSSEC turned on (DO or AD bit set), return the record as requested. • If the request comes in over IPv6 transit, return the record as requested. • If the request is over IPv4 and an A record exists at the same label, respond with NOERROR but with 0 answers, forcing the client to fall back to an A record query. • PowerDNS & Secure64 – Also looking at implementing this IPv6 • 3/24/2010 • Page 8

  9. Questions? • Email: – igor@yahoo-inc.com • or – jfesler@yahoo-inc.com IPv6 • 3/24/2010 • Page 9

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

IPv6 Transition Revisit Davey Song BII Foresee and imply IPv6 is a long way to go? What if

IPv6 Transition Revisit Davey Song BII Foresee and imply IPv6 is a long way to go? What if

IPv6 Transition Revisit Davey Song BII Foresee and imply IPv6 is a long way to go? What if ? Global IPv6 Development and Efforts On Feb, 3, 2011 IANA announced the exhaustion of its IPv4 pool Followed by APNIC at 19-Apr-2011, and

254 views • 24 slides
Hoda Rohani Anastasios Poulidis Supervisor: Jeroen Scheerder System and Network Engineering

Hoda Rohani Anastasios Poulidis Supervisor: Jeroen Scheerder System and Network Engineering

Hoda Rohani Anastasios Poulidis Supervisor: Jeroen Scheerder System and Network Engineering July 2014 DNS Main Components Server Side: Authoritative Servers Resolvers (Recursive Resolvers, cache) Client Side: Stub resolvers

429 views • 30 slides
Enterprise IPv6 Transition Matrix IETF 60 IPv6 Operations Working Group Aug 2-6, 2004 San

Enterprise IPv6 Transition Matrix IETF 60 IPv6 Operations Working Group Aug 2-6, 2004 San

Enterprise IPv6 Transition Matrix IETF 60 IPv6 Operations Working Group Aug 2-6, 2004 San Diego, CA Jim Bound, Yanick Pouffary, Tim Chown, Jordi Palet Special Acknowledgement and Thank You Steve Klynsma and David Green O rigination D

210 views • 3 slides
Benchmarking Methodology for IPv6 Transition Technologies

Benchmarking Methodology for IPv6 Transition Technologies

iplab Benchmarking Methodology for IPv6 Transition Technologies draft-ietf-bmwg-ipv6-tran-tech-benchmarking-01 Marius Georgescu Nara Institute of Science and Technology Internet Engineering Laboratory 7 Apr. 2016 D RAFT M OTIVATION D RAFT

340 views • 13 slides
Probing for Open DNS Resolvers John Kristoff jtk@depaul.edu Midwest Security Workshop jtk

Probing for Open DNS Resolvers John Kristoff jtk@depaul.edu Midwest Security Workshop jtk

Probing for Open DNS Resolvers John Kristoff jtk@depaul.edu Midwest Security Workshop jtk (jtk@depaul.edu) DNS Probing September 30, 2006 1 / 9 Open Resolvers Recursive - open access to a full resolver Forwarder - proxy access to a

371 views • 9 slides
v6ops and security IPv6 Transition/Co-existence Security Considerations

v6ops and security IPv6 Transition/Co-existence Security Considerations

v6ops and security IPv6 Transition/Co-existence Security Considerations draft-savola-v6ops-security-overview-00.txt Pekka Savola, CSC/FUNET Overview Overview Look at different kinds of issues IPv6 protocol Transition mechanisms in general

853 views • 10 slides
IPv6 Transition and Coexistence LACNIC 28 Montevideo, Uruguay September 2017 Jordi Palet

IPv6 Transition and Coexistence LACNIC 28 Montevideo, Uruguay September 2017 Jordi Palet

IPv6 Transition and Coexistence LACNIC 28 Montevideo, Uruguay September 2017 Jordi Palet (jordi.palet@theipv6company.com) - 1 Transition / Co-Existence Techniques IPv6 has been designed for easing the transition and coexistence with

760 views • 60 slides
How to get a trustworthy DNS Privacy enabling recursive resolver an analysis of authentication

How to get a trustworthy DNS Privacy enabling recursive resolver an analysis of authentication

How to get a trustworthy DNS Privacy enabling recursive resolver an analysis of authentication mechanisms for DNS Privacy enabling recursive resolvers Benno Overeinder Melinda Shore Willem Toorop Fastly NLnet Labs NLnet Labs (presenter)

321 views • 21 slides
Internet Protocol Version 6 (IPv6): North American IPv6 Summit April 10, 2012 Steven Pirzchalski

Internet Protocol Version 6 (IPv6): North American IPv6 Summit April 10, 2012 Steven Pirzchalski

Department of Veterans Affairs Internet Protocol Version 6 (IPv6): North American IPv6 Summit April 10, 2012 Steven Pirzchalski Director, Enterprise Transport Services VA IPv6 Transition Manager Outreach Chair, Federal IPv6 Task Force Major

382 views • 13 slides
IPv6 development in Taiw an Ting-Yun Chi(louk) Computer Center of M.O.E 2009/07/21 APAN

IPv6 development in Taiw an Ting-Yun Chi(louk) Computer Center of M.O.E 2009/07/21 APAN

IPv6 development in Taiw an Ting-Yun Chi(louk) Computer Center of M.O.E 2009/07/21 APAN Interoperability and Certification of Next Generation Internet Project Transition Technologies Sub-project (Transition.ipv6.org.tw.) Transition

546 views • 53 slides
SNMP Transition Tool Management of IPv6 Networks with IPv4/IPv6 SNMP Gateway Wiktor Procyk

SNMP Transition Tool Management of IPv6 Networks with IPv4/IPv6 SNMP Gateway Wiktor Procyk

SNMP Transition Tool Management of IPv6 Networks with IPv4/IPv6 SNMP Gateway Wiktor Procyk wiku@man.poznan.pl Zagreb, TERENA, May 2003 Wiktor Procyk <wiku@man.poznan.pl> 1 Introduction IPv6 is the next generation protocol designed

287 views • 18 slides
DNS Resolvers Considered Harmful Kyle Schomp, Mark Allman, and Michael Rabinovich 2 DNS

DNS Resolvers Considered Harmful Kyle Schomp, Mark Allman, and Michael Rabinovich 2 DNS

DNS Resolvers Considered Harmful Kyle Schomp, Mark Allman, and Michael Rabinovich 2 DNS resolvers abstract complexity and offer the possibility of improved performance and better scalability . Why are they harmful? 3 Resolvers Are Vulnerable

618 views • 34 slides
IPv6 IPv6 Header IPv6 Addressing IPv6 Neighbor Discovery Jyh-Cheng Chen Department of Computer

IPv6 IPv6 Header IPv6 Addressing IPv6 Neighbor Discovery Jyh-Cheng Chen Department of Computer

Outline IPv6 IPv6 Header IPv6 Addressing IPv6 Neighbor Discovery Jyh-Cheng Chen Department of Computer Science and IPv6 Autoconfiguration Institute of Communications Engineering National Tsing Hua University jcchen@cs.nthu.edu.tw

783 views • 11 slides
From IPv4 to eternity The High Energy Physics transition to IPv6 David Kelsey EGI

From IPv4 to eternity The High Energy Physics transition to IPv6 David Kelsey EGI

From IPv4 to eternity The High Energy Physics transition to IPv6 David Kelsey EGI Community Forum, Munich 30 March 2012 On behalf of my co-authors Bob Cowles (SLAC), Phil DeMar (FNAL), Marek Elias (FZU), Thomas Finnern (DESY), David

507 views • 29 slides
ITU-APNIC collaboration on the transition from IPv4 to IPv6 ITU Regional Development Forum

ITU-APNIC collaboration on the transition from IPv4 to IPv6 ITU Regional Development Forum

ITU-APNIC collaboration on the transition from IPv4 to IPv6 ITU Regional Development Forum "ICTs for Smart Sustainable Asia-Pacific" Manila, Philippines 6-7 June 2016 <duncan@apnic.net> Agenda Introduction ICT

437 views • 22 slides
Recursive Methods Noter ch.2 Recursive Methods Recursive problem solution Problems

Recursive Methods Noter ch.2 Recursive Methods Recursive problem solution Problems

Recursive Methods Noter ch.2 Recursive Methods Recursive problem solution Problems that are naturally solved by recursion Examples: Recursive function: Fibonacci numbers Recursive graphics: Fractals Mutual recursion:

796 views • 61 slides
Relativistic model of electromagnetic one-nucleon knockout reactions F. D. Pacati, C. Giusti, and

Relativistic model of electromagnetic one-nucleon knockout reactions F. D. Pacati, C. Giusti, and

Nuclear Theory22 ed. V. Nikolaev, Heron Press, Sofia, 2003 Relativistic model of electromagnetic one-nucleon knockout reactions F. D. Pacati, C. Giusti, and A. Meucci Dipartimento di Fisica Nucleare e Teorica dellUniversit` a degli Studi

359 views • 15 slides
Current Issues in Electromagnetic Knockout Reactions C. Giusti Dipartimento di Fisica Nucleare e

Current Issues in Electromagnetic Knockout Reactions C. Giusti Dipartimento di Fisica Nucleare e

Nuclear Theory21 ed. V. Nikolaev, Heron Press, Sofia, 2002 Current Issues in Electromagnetic Knockout Reactions C. Giusti Dipartimento di Fisica Nucleare e Teorica, Universit` a di Pavia, Istituto Nazionale di Fisica Nucleare, Sezione di

312 views • 20 slides
Events (Alice In Action, Ch 6) 25 September 2012 Slides Credit: Joel Adams, Alice in Action

Events (Alice In Action, Ch 6) 25 September 2012 Slides Credit: Joel Adams, Alice in Action

CS 120 Lecture 09 Events (Alice In Action, Ch 6) 25 September 2012 Slides Credit: Joel Adams, Alice in Action Objectives Create new events in Alice Create handler methods for Alice events Use events to build interactive stories

398 views • 8 slides
Singletons and You Justin Le https://blog.jle.im (justin@jle.im) Lambdaconf 2017, May 27, 2017

Singletons and You Justin Le https://blog.jle.im (justin@jle.im) Lambdaconf 2017, May 27, 2017

Singletons and You Justin Le https://blog.jle.im (justin@jle.im) Lambdaconf 2017, May 27, 2017 Preface Slide available at https://talks.jle.im/lambdaconf- 2017/singletons/singleton-slides.html. Preface Slide available at

833 views • 58 slides
18 Universal Feasts Mary, Mother of God The Presentation of Our Lord Our Lady of Lourdes The

18 Universal Feasts Mary, Mother of God The Presentation of Our Lord Our Lady of Lourdes The

18 Universal Feasts Mary, Mother of God The Presentation of Our Lord Our Lady of Lourdes The Annunciation Our Lady of Fatima Mary, Help of Christians The Visitation The Immaculate Heart of Mary Our Lady of Mount Carmel Mary, Mother of the

363 views • 11 slides
Using Proc Logistic to Improve Customer Retention Luke Furlong Assurant Health Reference SAS

Using Proc Logistic to Improve Customer Retention Luke Furlong Assurant Health Reference SAS

10/28/2013 Using Proc Logistic to Improve Customer Retention Luke Furlong Assurant Health Reference SAS Course: Survival Data Mining: Predictive Hazard Modeling for Customer History Data. Will Potts. 1 10/28/2013 The Problem Assurant

112 views • 10 slides
Ge Gender ered ed J Justice: ce: D Drivers o of Nevadas Femal ale P Prison P

Ge Gender ered ed J Justice: ce: D Drivers o of Nevadas Femal ale P Prison P

Ge Gender ered ed J Justice: ce: D Drivers o of Nevadas Femal ale P Prison P Population G Growth March 9th, 2019 Outline Introduction Nevada in the National Context Trends in Nevadas Data Projected Growth and

579 views • 31 slides
R: a nearly-Lisp Christophe Rhodes Teclo Networks AG April 6, 2011 1 / 29 Outline

R: a nearly-Lisp Christophe Rhodes Teclo Networks AG April 6, 2011 1 / 29 Outline

R: a nearly-Lisp Christophe Rhodes Teclo Networks AG April 6, 2011 1 / 29 Outline Introduction Examples Repeated Measurement Trellis Graphics R and Lisp 2 / 29 Outline Introduction Examples Repeated Measurement Trellis Graphics R

907 views • 52 slides

More recommend