Teddy Hogeborn <teddy@recompile.se> writes:
The host security-cdn.debian.org, used by some packages on security.debian.org¹, despite having an IPv6 address in the DNS, can
not actually be reached from an IPv6-only host, due to issues with
DNS hosting by Fastly, the CDN provider. I raised this problem with Fastly, first on IRC and then in their issue tracker, but their
response is, as you can see, "IPv4 is required and we have no plans
to change this.".
security-cdn.debian.org is reachable from an IPv6 only host as long as
that host has access to a dual stacked resolver. All real world hosts
will have access to such a resolver. IPv6 only resolvers are not
useful on the current Internet, and will only exist as lab
experiments.
Sure, it would be nice if all DNS zones where hosted on both IPv6 and
IPv4 name servers. But this is not critical for IPv6 deployment, and
IMHO never will be. Keeping dual stacked DNS caching resolvers around
for as long as the transition will last, is not a problem.
The host security-cdn.debian.org, used by some packages on security.debian.org¹, despite having an IPv6 address in the DNS, can not actually be reached from an IPv6-only host, due to issues with DNS
hosting by Fastly, the CDN provider. I raised this problem with Fastly, first on IRC and then in their issue tracker, but their response is, as
you can see, "IPv4 is required and we have no plans to change this.".
DNSSEC does not have any security between the resolver and client; the
only reasonable response is to run the resolver locally. On an
IPv6-only host, this will result in an IPv6-only resolver.
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 296 |
Nodes: | 16 (3 / 13) |
Uptime: | 49:47:27 |
Calls: | 6,649 |
Calls today: | 1 |
Files: | 12,200 |
Messages: | 5,330,189 |