> I don't think he would mind AAAA records that fall back to A record either, as long as the semantics are similar.

He literally writes "people introduced new ``AAAA records'' into the DNS protocol, creating several unnecessary complications in DNS software." He says, right there, that AAAA records are an "unnecessary complication". To say that he wouldn't mind them is in direct contradiction to what he wrote.

Further down after that he writes that the "client software, intermediate computers, and server software have all been upgraded to handle the client's extended address."

But what happens where there's software that is not upgraded? IMHO, if it's sane, it would reject the packet as malformed as security precaution. Congratulations, you've now broken DNS on the ('legacy') client. So you have to make sure every possible client is upgraded before you can even consider adding records with "IPv4+" addresses.

Or you could simply have two record types (e.g., A and AAAA) and legacy clients use one and updated clients the other, and you don't have to worry about breaking what already is working (plain-IPv4).

The main problem there is that what wished for was utterly impossible. RFC 1035 (https://www.ietf.org/rfc/rfc1035.txt) section 3.4.1. "A RDATA format" defines an A record's data field as "A 32 bit Internet address." His change would require redefining that in a backward-compatible way, then incrementally upgrading every DNS server and client on the Internet to support both types of data in the same RDATA.

That sounds a whole awful lot like the exact problem he hoped it would solve.

And having written a nameserver and knowing what that ecosystem looks like, he knew that. And being famously security conscious (and competent), he knew what it would look like to get all the OS vendors to parse a 32 bit A record RDATA field as IPv4, and a 128 bit one as IPv6, and any other value as invalid, 100% of the time so that you didn't accidentally create a vulnerability by truncating addresses or such. It would've been chaos.

Falling back to IPv4 if IPv6 does not succeed is literally the day 1 behavior of IPv6 transition. Except for TCP it may take a few minutes which is clearly unacceptable. So we wrote RFC6555. It still doesn’t help in the case of PMTUD black holes, but fixes the most obvious blunders. It’s still that you need to have a common protocol between the two endpoints, there is no way around it - so he just rephrases what is essentially “transition via dual stack” strategy but with his own words.

Once again - djb is a brilliant cryptographer, an application designer and coder, and I respect him very much for his genius there.

But I maintain that his thoughts on the topic of IPv6 transition unfortunately do not share this property, and reveal that he is completely ignorant of a lot of practical factors that are at play in that context.