What would be the best way to configure your dns once you've set up IPv6 6to4? Separate the IPv4 and IPV6 domains or let them be the same?
That is, use something like example.com for your existing IPv4 address and something like 6.example.com for IPv6 (and www.6.example.com etc.)?
Or is it safe to have both A and AAAA records for the same domain name?
Thanks,
Jeroen
Firstly I would use a tunnel broker instead of 6to4. Easier to
debug failures.
To answer your question you need to do a risk analysis.
Adding a IPv6 address next to a IPv4 address can make connections
to the site appear to be slow when the client side tries IPv6 but
doesn't have a working IPv6 path (this is a very small percentage).
There are some applications that will not fallback to IPv4 if the
IPv6 connection fails (this is also a small percentage again).
ISC publishes both AAAA and A record at the same name. This is
somewhat of a forcing function for broken sites to address their
IPv6 issues. We have been publishing both address for many years
now.
Google on the other had decided to white-list sites that it knows
have IPv6 connectivity and a responsive noc. 6to4 sites don't meet
these requirments. Tunneled sites can.
Mark
What would be the best way to configure your dns once you've set up IPv6
6to4? Separate the IPv4 and IPV6 domains or let them be the same?
The same. Separation would be unnecessary influence from a lower layer.
That is, use something like example.com for your existing IPv4 address
and something like 6.example.com for IPv6 (and www.6.example.com etc.)?
Useful for debugging. And no more.
Or is it safe to have both A and AAAA records for the same domain name?
Once a node is enough reachable (according to SLAen etc) to warrant
inclusion in DNS, the Internet Protocol number is just an indication
of which way to reach it. It is perfectly safe, and I do it all the
time. When my Internets break, I suffer. Of course. But that has
nothing to do with ipv4 vs ipv6.
What would be the best way to configure your dns once you've set up IPv6 6to4? Separate the IPv4 and IPV6 domains or let them be the same?
That is, use something like example.com for your existing IPv4 address and something like 6.example.com for IPv6 (and www.6.example.com etc.)?
If you're going to use separate names for your AAAA, then the most common (least likely to confuse users) is ipv6.example.com vs. www.example.com.
Or is it safe to have both A and AAAA records for the same domain name?
Depends on your value of safe. According to Google this will provide a poor user experience for 0.05% of the internet.
This 0.05% of the internet is the people who have broken IPv6 connectivity, but, hosts think they are IPv6 connected.
For HE, this has not been a significant problem and www.he.net has offered both A and AAAA records for years.
For Google, 0.05% represents significant revenue and customer lossage and they use separate names unless
your resolvers are whitelisted.
For more information on the exact problems, see Lorenzo's presentation at RIPE 61. He did an excellent job
of explaining the situation from Google's perspective.
Owen
Mark Andrews wrote:
Firstly I would use a tunnel broker instead of 6to4. Easier to
debug failures.
Thanks all for the helpful response. Using the same names for IPv6 and IPv4 doesn't appear to be much of a problem, especially considering this is a trial which concerns office/home ISP connectivity, for now.
Which IPv6 tunnel broker is preferable, or does it really matter?
Thanks,
Jeroen
I use HE.NET in a few installations (with BGP) and they have good support (which is quite awesome for a free service).
As people pointed out avoid 6to4, Apple just rendered it nearly useless in its latest OS-X.
Mark Andrews wrote:
> Firstly I would use a tunnel broker instead of 6to4. Easier to
> debug failures.Thanks all for the helpful response. Using the same names for IPv6 and
IPv4 doesn't appear to be much of a problem, especially considering this
is a trial which concerns office/home ISP connectivity, for now.Which IPv6 tunnel broker is preferable, or does it really matter?
I've been using HE for 7 years now and have always got a fast response
when I've had problems with the link.