On Fri, 2 Apr 2010, Mark Andrews wrote: :: How many of those clients are actually using ISP's nameservers when :: the breakage occurs?
I'll be able to answer that "somewhat" when we have our data collected. The "somewhat" is because I don't know of a way to identify if the user's request goes through a midleware box to get to the ISP resolver or not, but, I should at least be able to tell if the request went to the ISP resolver vs over VPN somewhere off-net.. The VPN case is pretty easy to work around -- those will mostly be corporate resolvers, and those will simply not be whitelisted... the middleware boxes however, are a whole other problem, and, honestly, I don't know of a way to detect them.. Do you have any ideas? :: How many would be better off taking the breakage hit so that they :: know something is broken and then fixing it? Pretty much none of them. Yes, I'm serious. Why is it that some people think it's acceptable to break perfectly working ipv4 users just because you are going to roll out ipv6 services? I, for one, get pretty damn pissed when my vendors roll out new features (most of which I could care less about) while breaking existing things that I use -- I tend to not deploy those things into production. So, why is it that we think that our users are any different? Remember, to them IPv6 is meaningless, they just want "the web" to work. Given today's stats (with 0.3% ipv6 adoption, and 0.074% ipv6 breakage) I can see the conversation with businesspeople going something like this: "Let me get this straight.. So, if we start to hand out AAAA's, for every 4-5 users who will then get to us over IPv6 (and could reach us just fine over ipv4 today), you are going to break 1 user that works just fine today?!?! Are you out of your mind?!?!" The funny thing is, I'm what some might term an "ipv6 chearleader", and I honestly can't disagree with the above reaction. And people wonder why more content isn't serving AAAA's by default... So, we are absolutely going to need to fix the underlying problems to make sure that things are not going to get worse and to make sure that they can get better over time (some of that is under way now). But, given that those causes of breakage are already deployed today, and, even if everything was magicaly fixed right now, it is going to be *years* before those fixes are deployed, we are still going to need to find some way of mitigating their damage now. This is why we are going to have whitelists, and, on top of whitelists, we are going to need other measures to drop those numbers significantly (like filter-aaaa, or anything better that people come up with) in order to get more ipv6 adoption (by several orders of magnitude).. So, other then saying "fixing broken OS/apps does not belong in DNS", what do you think we can do? Where can we (operators) try to fix it, because counting on users to do it simply isn't going to work in time.. Thanks, -igor _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
