[arin-ppml] IPv6 in the Economist

Leo Bicknell bicknell at ufp.org
Fri Jun 6 15:18:43 EDT 2008

In a message written on Fri, Jun 06, 2008 at 02:38:05PM -0400, Dean Anderson wrote:
> > Fortunately DNS has also moved on.  RFC 2671 specifies EDNS0, an
> > extension to DNS to allow for larger packets.  This was later
> > required in RFC 3226 for all DNSSEC and A6 aware servers and
> > resolvers.  RFC 2874 may also be of interest.
> Most resolvers aren't DNSSEC or EDNSO aware.

While technically correct I believe this statement is misleading.

Virtually none of the end-user resolver libraries (e.g. the stuff
you get with your Windows, Linux, OSX or other distro) are DNSSEC
or EDNS0 aware out of the box.  However, those end user resolvers
are often crippled in much more significant ways, such as the
complete and total inability to walk up and down the DNS tree.  In
short, most are incapable of even knowing they need to ask the DNS
root anything, much less being able to construct the query.

Rather the architecture (as deployed, I don't have the time to
research all the standards on the subject to know if they match
reality) has created a situation where end user resolvers must point
to some form of caching recursive server which has all of that logic
in it.  A very large percentage of those caching recursive name
servers have DNSSEC and EDNS0 capability.

In short, yes, 99% of end user resolvers can't make a EDNS0 query,
however those same resolvers always ask a caching server to make
the query for them, and 99% of the time the caching server is capable
and performing those queries on behalf of the user.

And I believe this is likely to be my last reply on the topic, as
we are now quite far from anything that is ARIN related.

For those who want to continue the discussion elsewhere, any or all
of these may be appropriate:


       Leo Bicknell - bicknell at ufp.org - CCIE 3440
        PGP keys at http://www.ufp.org/~bicknell/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20080606/660ae48d/attachment.sig>

More information about the ARIN-PPML mailing list