In message
<201202231651(_dot_)q1NGpxgL017137(_at_)fs4113(_dot_)wdf(_dot_)sap(_dot_)corp>,
Martin Rex writes
:
Bob Hinden wrote:
Martin Rex wrote:
With a fully backwards compatible transparent addressing scheme,
a much larger fraction of the nodes would have switched to actively
use IPv6 many years ago.
Right, just like they could have deployed dual stack many years ago too.
Just two days ago I had an extremeley disappointing experience with IPv6.
Windows XP 64-bit (aka Win2003sp2) on a local network with a private
DNS universe, IPv4 only network, Windows IPv6 protocol stack installed
but IPv6 active only on the two virtual network interfaces of VMware.
Somehow the DNS servers configured in the network settings had performed
only a partial zone reload and were replying only to some queries,
failing some DNS queries with server failure or timeout,
and one DNS zone had become completely invisible.
I noticed the problem suddenly during work because every new connection
took ~16 seconds delay to complete. Wondering what was wrong, I started
wireshark.
I saw Windows2003 send out 23 DNS lookups for AAAA records for the
requested hostname over the course of 16 seconds (some of which returned
server failure, some of which failed with no such name),
until Windows 2003 finally decided to also try a DNS A query--which got
immediately successfully answered and the connection was established.
The delay affected each and every connection attempt, even when contacting
the same host repeatedly (although there is a DNScache service running...).
Disabling IPv6 on all network adapters did not stop this Windows AAAA frenzy,
I had to actually uninstall the IPv6 protocol stack (an action which
immediately kills *ALL* network connectivity of the machine and requires
a reboot to recover...) for this AAAA nonsense to end.
During the past few years I had two similar encounters with sudden severe
connectivity problems on a Windows XP and a Linux installation, and
both times, the problem disappeared when I disabled IPv6.
It is also significantly easier to configure the firewall for IPv4-only...
-Martin
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
We (ISC) learned a long time ago (last century) that partial DNS
service for a zone is worse than total failure for a zone. By
totally failing a zone on error it gets fixed instead of trying to
limp by on partial service.
I also suspect the search algorithm is not stopping on NOERROR
NODATA or SERVFAIL. Searches really should stop on both those
conditions. By stopping I mean not going onto the next element
in the search list without getting a NXDOMAIN response. You
can ask multiple servers on SERVFAIL.
I've been arguing this for around 10+ years.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka(_at_)isc(_dot_)org
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf