@ -75,12 +75,11 @@ In that case, the connection looks like this:</p>
<pclass="caption">And now we can reach the whole internet.</p>
</div>
<p>You might already know that you need some workaround like this to reach GitHub.
What I think you didn't know, you need similar workaround to reach the Wikipedia.</p>
<p>Disclaimer: While I am sad that GitHub lives in the past and it is stupid that
they do not have IPv6, I do not want to shame Wikipedia in particular.
It is just an example I found out recently. I am aware of several other
sites suffering from the same problem, including at least one IPv6 test. <aclass="footnote-reference"href="#test-aaaa"id="footnote-reference-2">[2]</a> (It would
be nice if they added the missing piece in the puzzle, though.)</p>
What I think you might not know, you need similar workaround to reach the Wikipedia.</p>
<p>Disclaimer: I like Wikipedia and this is not meant to shame them, just use as
an example. I am aware of several other sites suffering from the same problem,
including at least one IPv6 test. <aclass="footnote-reference"href="#test-aaaa"id="footnote-reference-2">[2]</a> (It would be nice if they added
the missing piece in the puzzle, though.)</p>
</div>
</div>
<divclass="section"id="enter-dns">
@ -88,18 +87,18 @@ be nice if they added the missing piece in the puzzle, though.)</p>
<p>Our picture has one unexplored magic box: the DNS. As per the definition (which
I just made up and was not bothered to even fully formulate):</p>
<p>> yada yada distributed database of records attached to the strings – domain
names. The records hold various information about the domain, depending on the type.</p>
names. The records hold various information about the domain depending on the type.</p>
<p>There are three interesting types of records: A records give IPv4 addresses,
AAAA give IPv6 addresses, and NS give names of servers who know about the
AAAA give IPv6 addresses and NS give names of servers who know about the
particular subtree of the database. And to actually resolve the final AAAA
record, the (recursive) resolver starts at the <em>root zone</em> and tries to find
record the (recursive) resolver starts at the <em>root zone</em> and tries to find
the answer. <aclass="footnote-reference"href="#dns-simplification"id="footnote-reference-3">[3]</a> The resolution algorithm can be visualised like this:</p>
<p>So, what is the deal. We <em>just</em> need to have a dual-stack DNS resolver
somewhere, and that's it, no? Well, yes but actually no.</p>
somewhere, and that's it, no? Well, yes but actually yes.</p>
<p>There are two problems with this: First, this means that any new ISP needs to
have <em>at least some</em> IPv4 address, even if they intend to just use IPv6
services. IPv4 addresses are scarce, <aclass="reference external"href="https://blog.apnic.net/2021/12/16/opinion-ipv4-address-markets/">expensive</a> and small
@ -271,7 +270,7 @@ which is not great both from the
new ISP's and from overal routing's point of view. It also hinders IPv6
deployment and postpones IPv4 abandonment, needlessly.</p>
<p>The second issue is that this is not very visible. We are building IPv6 world,
but deep inside, it still relies on IPv4, which might lead to great surprise
but deep inside it still relies on IPv4, which might lead to great surprise
when we start cutting off IPv4 internet. And it might lead to false sense of
having IPv6 deployed, which is not true to the whole extent.</p>
<p>Insert "It was DNS" meme here.</p>
@ -280,18 +279,18 @@ having IPv6 deployed, which is not true to the whole extent.</p>
<h2>Solution</h2>
<p>The solution of this state is simple: get IPv6 connectivity to your
authoritative DNS server (or use another) and do not forget to add an AAAA
record for it in DNS. If the DNS server already has IPv6, it is probably just
adding a single line to the zone file (and a second one for the DNSSEC
record for it in DNS. If the DNS server already has IPv6 it is probably just
a matter of adding a single line to the zone file (and a second one for the DNSSEC
signature), which should not be a big deal.</p>
<p>Unfortunately, this needs to be done for the whole DNS chain.
Especially domain names at universities are infamous for very nested domains.
A domain name may looks like
A domain name may look like
<ttclass="docutils literal"><spanclass="pre">machine.department.location.faculty.university.some-common.suffix</span></tt>. That
tree is deep, and so is the resolution of this problem.</p>
tree is deep and so is the resolution of this problem.</p>
<tr><tdclass="label"><aclass="fn-backref"href="#footnote-reference-3">[3]</a></td><td>In my example, there is a recursive DNS resolver external to my machine,
in order not to complicate it too much. Yes, the real deployment is often
trickier.</td></tr>
<tr><tdclass="label"><aclass="fn-backref"href="#footnote-reference-3">[3]</a></td><td>In my example, there is a single recursive DNS
resolver external to my machine in order not to complicate it too much.