[AusNOG] Azure now supporting Ipv6

Anand Kumria wildfire at progsoc.org
Thu Sep 29 11:24:09 EST 2016 

Hi Mark,

I generally ignore your emails since they always seem to hijack other
threads.

Worse they focus on details not pertinent to the original thread.

In this case, I thought I'd check out the link and give you some feedback
about it:

 - Why is the design stuck in the '90s? It is the 21st century already.
 - Where is the explanation of *WHY* this is a useful thing to check.
Everyone knows you like to write emails but do you really want to be
repeating yourself every time?
 - Why can't the web page explain LDH (I know what it means, but who else
here does? HTML has had <abbr> since forever )
 - Colour. It is a thing. Why can't you use it to output red/orange/green.
 - Speed. 10 seconds to check isc.org?! Again, 21st century and all that.
 - Why isn't there an example of a *good* domain? (e.g. isc.org, <other
prominent organisations>)
 - Why not use the HTML5 placeholder attribute? It has been standardised
for longer than the EDNS rfc.

I am sure I could nitpick a bunch of other, unrelated things as well.

Thanks,
Anand



On 29 September 2016 at 09:26, Mark Andrews <marka at isc.org> wrote:

>
> Now for them to use EDNS compliant nameservers.  How hard is it to
> check that your nameservers actually follow the EDNS protocol.
>
> harveynorman.com.au @40.90.4.5 (ns1-05.azure-dns.com.): dns=ok edns=ok
> edns1=status edns at 512=ok ednsopt=echoed edns1opt=status do=ok
> ednsflags=ok edns at 512tcp=ok optlist=subnet
> harveynorman.com.au @64.4.48.5 (ns2-05.azure-dns.net.): dns=ok edns=ok
> edns1=status edns at 512=ok ednsopt=echoed edns1opt=status do=ok
> ednsflags=ok edns at 512tcp=ok optlist=subnet
> harveynorman.com.au @13.107.24.5 (ns3-05.azure-dns.org.): dns=ok edns=ok
> edns1=status edns at 512=ok ednsopt=echoed edns1opt=status do=ok
> ednsflags=ok edns at 512tcp=ok optlist=subnet
> harveynorman.com.au @13.107.160.5 (ns4-05.azure-dns.info.): dns=ok
> edns=ok edns1=status edns at 512=ok ednsopt=echoed edns1opt=status do=ok
> ednsflags=ok edns at 512tcp=ok optlist=subnet
>
> There are only 3 possible extension mechanisms and all 3 have
> instuctions on how to handle requests using those extension mechanisms
> that you don't know about.  See RFC 6891.
>
> EDNS version increase -> return BADVERS with the highest version you
> support
> EDNS option -> ignore options you do not understand (don't copy them into
> the response)
> EDNS flags -> ignore flags you do not understand (don't copy them into the
> response)
>
> This misbehaviour already means that it has become impossible to
> count how many servers support the ECS option.
>
> Please check your servers to ensure that they are EDNS compliant
> and if they are not FIX them.  Only 60% of Australian DNS servers
> that nominally support EDNS are actually EDNS compliant.
>
> https://ednscomp.isc.org/ednscomp/
>
> Two of the extension mechanisms are in use today.  Queries from
> recursive servers do have EDNS options present and they do have
> EDNS flag bits set.  There is zero reason not to expect all three
> extension mechanism will be used in the future.
>
> Only idiots drop DNS queries with EDNS extension present.  Even the
> firewall vendors are removing code that does so.  EDNS was designed
> to allow clients to start using now options, flags and versions
> without having to upgrade the servers and if you DNS server is EDNS
> compliant they will cause you no harm.
>
> Just because a EDNS option, flag or version is defined, it doesn't
> mean you have to support it.  You do however need to correctly
> respond to it.
>
> Mark
>
> In message <CAGq70SK5PmEXTnMqa0Ukt6NDjJ4qBk9p6XBRzZH=2TwGn3-JRA at mail.
> gmail.com>, Russell Langton writes:
> >
> > Hi All,
> >
> > Saw this the other day;
> >
> > https://azure.microsoft.com/en-us/blog/azure-networking-
> announcements-for-ignite-2016/
> >
> > "Azure now supports Native IPv6 network connectivity for applications and
> > services hosted on Azure Virtual Machines. The demand for IPv6 has never
> > been greater with the explosive growth in mobile devices, billions of
> > Internet of Things (IOT) devices entering the market, along with new
> > compliance regulations. IPv6 has been used by internal Microsoft services
> > such as Office 365 for over three years. We are now offering this feature
> > to all Azure customers. Native IPv6 connectivity to the virtual machine
> is
> > available for both Windows and Linux VMs."
> >
> > There is a linked page about further details about the load-balancing.
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20160929/eaf49248/attachment.html>

More information about the AusNOG mailing list