Weblog entry #67 for dkg

registrars and AAAA glue records
Posted by dkg on Wed 17 Nov 2010 at 23:43
Tags: ,

i've been on an IPv6 kick recently, getting dual-stack systems up and working for a bunch of folks.

I'd like to make some of these services reachable by IPv6-only clients. this suggests that i need a range of details sorted out, but i think the one piece left for me is the glue records for the nameservice. i use in-bailiwick nameservers for DNS where possible, which means i want mandatory glue records. that is, the primary namserver for example.org is probably something like ns0.example.org, which means that the org nameservers themselves need to store not only the NS record, but an A record that corresponds to the name pointed to by the NS.

But for IPv6-only clients that do their own name resolution, i need AAAA glue records, and i haven't yet found a registrar that will push AAAA glue records for the same names as the existing A glue into the org zone.

Do you know of a registrar that will do this?

I've tried:

dotster
Dotster seems to only allow IPv4 glue to be entered on their Register Nameserver config page (needs a dotster login to see it). They haven't yet yet responded to my query through their support web form about submitting AAAA glue
gandi
gandi at least offers the opportunity to enter AAAA glue, but apparently can't let me have both AAAA and A glue for the same name. A note to their support team got me a response that this is planned for Q1 or Q2 of 2011.

Any suggestions for reasonable registrars that offer this today?

Am i being silly in wanting AAAA and A glue for the same names? i note that the root zone and the org zone both offer A and AAAA records for each of their dual-stack nameservers. You can check for yourself:

 dig @a.root-servers.net ns org
 dig @a.root-servers.net ns .

if i don't go for dual records, i could instead use gandi and go with distinct names for the v6 and v4 servers, like this:

;; QUESTION SECTION:
;example.org.				IN	NS

;; AUTHORITY SECTION:
example.org.      172800	IN	NS	a.ns.example.org.
example.org.      172800	IN	NS	b.ns.example.org.
example.org.      172800	IN	NS	c.ns.example.org.
example.org.      172800	IN	NS	d.ns.example.org.

;; ADDITIONAL SECTION:
a.ns.example.org. 172800	IN	A	192.0.2.3
b.ns.example.org. 172800	IN	A	192.0.2.4
c.ns.example.org. 172800	IN	AAAAA	2001:db8::3
d.ns.example.org. 172800	IN	AAAAA	2001:db8::4

But of course what i really want is this:

;; QUESTION SECTION:
;example.org.				IN	NS

;; AUTHORITY SECTION:
example.org.      172800	IN	NS	a.ns.example.org.
example.org.      172800	IN	NS	b.ns.example.org.

;; ADDITIONAL SECTION:
a.ns.example.org. 172800	IN	A	192.0.2.3
a.ns.example.org. 172800	IN	AAAAA	2001:db8::3
b.ns.example.org. 172800	IN	A	192.0.2.4
b.ns.example.org. 172800	IN	AAAAA	2001:db8::4

My concern about this is if some IPv4-only system gets a list like the first one, and decides to use c.ns.example.org or d.ns.example.org, which doesn't have an A record at all. That would be a silly implementation, of course. but uh, we have a lot of silly implementations of things out there.

Feedback welcome!

 

Comments on this Entry

Posted by Anonymous (2001:0xx:0xx:0xxx:0xxx:0xxx:xx) on Thu 18 Nov 2010 at 09:16
I think www.speedpartner.de would. I am going to do the same (when I find the time………) and asked, but haven’t seen/tried it yet. --tg@d.o

[ Parent | Reply to this comment ]

Posted by fuzzel (2001:0xx:0xx:0xxx:0xxx:0xxx:xx) on Thu 18 Nov 2010 at 10:11
[ Send Message ]
Google(ipv6 glue) or directly http://www.sixxs.net/faq/dns/?faq=ipv6glue which contains a large list of registrars which support IPv6 glue.

[ Parent | Reply to this comment ]

Posted by Anonymous (80.169.xx.xx) on Thu 18 Nov 2010 at 13:08
Joker.com. Quad A glue, PGP signed emails, all good stuff!

[ Parent | Reply to this comment ]

Posted by Anonymous (2001:0xx:0xx:0xxx:0xxx:0xxx:xx) on Fri 19 Nov 2010 at 03:29
joker++

[ Parent | Reply to this comment ]

Posted by Anonymous (2001:0xx:0xx:0xxx:0xxx:0xxx:xx) on Fri 19 Nov 2010 at 22:08
+1

[ Parent | Reply to this comment ]

Posted by Anonymous (2001:0xx:0xx:0xxx:0xxx:0xxx:xx) on Sun 21 Nov 2010 at 10:37
OpenSRS will also do it (manually at the moment) if you get your reseller to prod them.

[ Parent | Reply to this comment ]

Posted by dkg (2001:0xx:0xx:0xxx:0xxx:0xxx:xx) on Thu 2 Dec 2010 at 09:09
[ Send Message | View dkg's Scratchpad | View Weblogs ]
Just to follow up here, it now looks like gandi can now handle this properly (as of the 2010-11-23).

[ Parent | Reply to this comment ]