-
Notifications
You must be signed in to change notification settings - Fork 33
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IPv6 only domains should emit warning and not error #520
Comments
Could you ellaborate on the issue. The 2 nameservers are IPv6 only. What did you expect ? |
Yes, we must make a distinction between testing over IPv4 and testing for IPv4 resources. I agree with @vlevigneron. |
I do not expect the RED Colour in this case. If I consider this as a GUI issue, the RED colour is because there is an ERROR message emitted by the engine |
@sandoche2k, in Delegation01 you can see that NO_IPV4_NS_CHILD is classified as an ERROR, i.e. red in gui. |
@matsduf then we should update the test case specification saying that if there are less than least two distinct IP addresses (either two IPv4 or two IPv6 or one IPv4 and one IPv6, then), it is ERROR, otherwise just a NOTICE |
@matsduf @sandoche2k What are your conclusions on this issue fix ? |
Best practice says that there should be two name servers per protocol, so the test should not accept one IPv4 and one IPv6. Such a configuration has not redundancy for those parts of Internet with only one protocol stack. That should still be seen as an ERROR, one per protocol. IPv4 is still more important than IPv6. The test case sees no IPv4 as an ERROR. I could accept to downgrade that to a WARNING, but it would be to go too far to downgrade that to a NOTICE. The test cases sees no IPv6 as a NOTICE. I do not think we should upgrade that to a WARNING. From RFC 3901:
From RFC 4472:
|
Thank you for this good discussion. In my mind it is as follows: My somewhat more principle, philosophical rationale for a more relaxed result, is that perhaps the real problem lies in the fact that there are still resolvers out there without IPv6 connectivity. Returning a red result, is not an incentive for them to fix their issue. It gives them the tools to dismiss the result as 'not being their problem to fix', even though they are a major part of the problem. That is why I propose changing red to orange, with the following reasoning and justification: An RFC8174 'MUST'-violation is what I associate with an ERROR (= red message). Orange seems as being the best of both worlds. But those are just my two cents. Maybe I should write an RFC, stating explicitly that 'nowadays resolvers SHOULD have IPv6 connectivity'? 😉 PS: |
I think that, in the default profile, it makes sense to lower the level on missing IPv4 nameservers from ERROR to WARNING. I hope I will see the day when this discussion is irrelevant, i.e. when we have IPv6 everywhere. |
PR zonemaster/zonemaster#758 addresses this issue. |
Specification has been updated (onemaster/zonemaster#758) and a new issue to implement that has been created (#569). |
https://www.zonemaster.net/result/698f292054b0dd1e
Also it should be discussed what messages to emit when the IPv4 option is turned off
The text was updated successfully, but these errors were encountered: