[142141] in North American Network Operators' Group
Re: So... is it time to do IPv6 day monthy yet?
daemon@ATHENA.MIT.EDU (Owen DeLong)
Sat Jun 18 14:41:22 2011
From: Owen DeLong <owen@delong.com>
In-Reply-To: <BANLkTinVdH2C+vx_Uoa-o=Oy4sZwvGGqMQ@mail.gmail.com>
Date: Sat, 18 Jun 2011 11:35:57 -0700
To: Jimmy Hess <mysidia@gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jun 18, 2011, at 8:00 AM, Jimmy Hess wrote:
> On Sat, Jun 18, 2011 at 4:31 AM, Mark Andrews <marka@isc.org> wrote:
>> Not really. A AAAA record adds 28 octets (a A record takes 16). =
Unless
>> you have a lot of name servers most referrals still fall within 512 =
octets
>> additionally most answers also still fall withing 512 octets.
>=20
> I agree.. not that it should be assumed there is no v6 DNS issue.
> With IPv6, the main issue may
> be 'firewalls' and 'boxes in the middle' silently munging, eating,
> or destroying AAAA responses.
>=20
> DNSSEC and not AAAA is really the reason to have need for EDNS0 or =
TRUNC
> on validating resolvers. AAAA records should be fine for sane =
domains.
>=20
> consider a referral for example.com -> subdomain.example.com with
> 8 nameservers.
> mydomainname.example.com; and assume you get both AAAA and A
> additional responses.
>=20
> Total =3D 402 octets -- still safe; your domain name could be ~100
> characters longer and it would still be fine.
>=20
> Header < 2 (id) + 2 (qr,opcode,aa,tc,rd,ra,z,rcode,qdcount) + 2
> (ancount) + 2 (nscount) + 2 (arcount)
> =3D 10 octets
> Authority Section
> ns1.subdomain.example.com. IN NS ns1.subdomain.example.com. <
> 26name + 2 + 2 + 4 + 2 + 2(pointer) =3D 36 octets
> ns2.subdomain.example.com. IN NS ns2.subdomain.example.com. < 4
> name + 2(pointer) + 2 + 2 + 4 + 2 +2(pointer) =3D 18 octets
> ns3.subdomain.example.com. IN NS ns3.subdomain.example.com. < 4
> name + 2 + 2 + 2 + 4 + 2 + 2 =3D 18 octets
> ns4.subdomain.example.com. IN NS ns4.subdomain.example.com. < 18 =
octets
> ns5.subdomain.example.com. IN NS ns5.subdomain.example.com. < 18 =
octets
> ns6.subdomain.example.com. IN NS ns6.subdomain.example.com. < 18 =
octets
> ns7.subdomain.example.com. IN NS ns7.subdomain.example.com. < 18 =
octets
> ns8.subdomain.example.com. IN NS ns8.subdomain.example.com. < 18 =
octets
>=20
> Additional Section
> ns1.subdomain.example.com. IN AAAA 2001:DB8::0 < 2(pointer)
> +4TTL+2RDLENGTH+16RDATA =3D 24 octets
> ns2.subdomain.example.com. IN AAAA 2001:DB8::1 < 24 octets
> ns3.subdomain.example.com. IN AAAA 2001:DB8::2 < 24 octets
> ns4.subdomain.example.com. IN AAAA 2001:DB8::3 < 24 octets
> ns5.subdomain.example.com. IN AAAA 2001:DB8::4 < 24 octets
> ns6.subdomain.example.com. IN AAAA 2001:DB8::5 < 24 octets
> ns7.subdomain.example.com. IN AAAA 2001:DB8::6 < 24 octets
> ns8.subdomain.example.com. IN AAAA 2001:DB8::7 < 24 octets
> ns1.subdomain.example.com. IN A 192.0.0.0.1 < 2(pointer)
> +4TTL+2RDLENGTH+4RDATA =3D 12 octets
> ns2.subdomain.example.com. IN A 192.0.0.0.1 < 12 octets
> ns3subdomain.example.com. IN A 192.0.0.0.1 < 12 octets
> ns4.subdomain.example.com. IN A 192.0.0.0.1 < 12 octets
>=20
>=20
> Total =3D 402 octets -- still safe; your domain name could be ~100
> characters longer and it would still be fine.
>=20
This ignores the extra baggage that tends to come along in a DNS =
payload.
Just the root:
; <<>> DiG 9.6.0-APPLE-P2 <<>> +trace -t any www.delong.com
;; global options: +cmd
. 379756 IN NS e.root-servers.net.
. 379756 IN NS i.root-servers.net.
. 379756 IN NS l.root-servers.net.
. 379756 IN NS f.root-servers.net.
. 379756 IN NS k.root-servers.net.
. 379756 IN NS b.root-servers.net.
. 379756 IN NS j.root-servers.net.
. 379756 IN NS d.root-servers.net.
. 379756 IN NS c.root-servers.net.
. 379756 IN NS g.root-servers.net.
. 379756 IN NS m.root-servers.net.
. 379756 IN NS h.root-servers.net.
. 379756 IN NS a.root-servers.net.
;; Received 512 bytes from 192.159.10.2#53(192.159.10.2) in 7 ms
Or the GTLD servers list:
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
;; Received 495 bytes from 2001:500:3::42#53(l.root-servers.net) in 37 =
ms
(not quite 512, but, close)
Note, none of these came with glue. They ONLY included the name data.
Had they come with glue, we would easily have been over 512 in both
cases just for IPv4, let alone a v4/v6 combination.
I know of at least one prominent MMORPG that has enough A records for =
their login
servers that they triggered TRUNC DNS results which I discovered when =
they
broke at some hotels I have stayed at. I've also encountered other =
sites.
Owen
