Navigatie overslaan.
Casper Gielen

Tags for Vista supposed to threaten DNS

Casper
Start » Blogs » CAPSLOCK2000's blog

Vista supposed to threaten DNS

Submitted by CAPSLOCK2000 on 18 August, 2006 - 17:20

Paul Mockapetris has written a paper in which he claims that IPV6 presents a danger to DNS. In my opinion most of this is nonsense.
He describes two problems. The first problem is that a DNS server might return an IPV6 address for a server that does not support IPV6. This is clearly a configuration error on part of the administrator, not a fundamental problem in DNS. IPV6 addresses do not magically appear in DNS, they are purposefully put their by DNS administrators. If such an administrator puts in wrong information, that his mistake. Not a problem with DNS. The same thing is true for IPV4. If the server answers an address where nobody is listening, it won't work. So unless administrators are intentionally going publish wrong information no problems should occur.
Compare this to car-navigation software that directs you to drive onto a non-existant road. This will not happen unless somebody put that non-existant road into the database. That's a human mistake, not a fundamental error.

The second problem is that your browser/OS will try to guess the proper name for non-existing names. So if you look for "hotmail", the system will try hotmail.com, www.hotmail.com, hotmail.net, www.hotmail.net, etc....
This has worked for IPV4 for twenty years. It's not a very good solution, but it's not a real problem either. Things will be exactly the same for IPV6, except that it will make more guesses before giving up.

The main problem described is the increased load on DNS servers. This is probably true for some big DNS servers, but not for the vast majority. Most DNS servers don't do much. Most of the time they are awaiting new requests, and they can instantaneously answer.
Even a tenfold increase in DNS queries will go unnoticed on most DNS servers.
It might be a problem for some big ISP's, however these guys are constantly upgrading their systems anyway. Each domain, (and therefore, each ISP) should have 2 DNS servers anyway, and even the biggest ISP's seldom have more then a handfull. Expanding that service is very straight forward, and completly built into the DNS protocol. Just add a new machine, change a few settings and your done. Nothing fancy, nothing that any admin worth his salt should have a problem with.
Even though it might not seem so at first sight, IPV6 simplifies networking a lot. ISP's can save money on routers to compensate for an increase DNS load. (Ok, I'll admit that's wishfully thinking at this moment).
A mitigating factor could be that more and more people are getting cable/adsl-modems with a built-in DNS cache. That can significantly reduce the load on the providers DNS servers.

All in all this feels like an attempt to draw attention to himself.

»