[dns-operations] can ipv6 still break dns ?

Jeroen Massar jeroen at unfix.org
Tue Jul 27 17:38:18 UTC 2010


On 2010-07-27 19:22, christoph wrote:
> Hi all,
> 
> I just want to know if publishing ipv6-addresses for resolvers or
> authoritive nameservers can break anything.
> What about old exchange installations or old OSes ?

The biggest issue with IPv6 is not actually in the publishing of IPv6
records. If you publish (put in DNS) an IPv6 record the only problem
that you will run into is that a host with broken IPv6 connectivity will
have to first time out TCP sessions before it will fail over to IPv4.
These cases are hard to catch and resolve. Nothing you can do about from
the server-side anyway.

The bigger problem though is broken DNS resolvers/caches.

What happens in general is that a user enables IPv6 on their computer,
the host then starts trying to get IPv6 (AAAA) records out of DNS.
As the cache/resolver doesn't understand it and is non-standards
compliant it will sometimes just flatout drop the query, never
responding to it. The DNS-client on the user's computer then first has
to time out before it will retry and IPv4 (A) query, which succeeds
immediately.

Again, in both cases, nothing you can do about on the server side.

That said, I have been publishing AAAA records in DNS since about 1997,
since the 6bone years and never heard somebody complain (then again, if
they where broken, then they probably timed out when trying to contact
my services ;)

> Are there any numbers somewhere ?

Check twitter and other clueless people places for hints about
'disabling ipv6 to make the internet faster' etc.

Depends on what you want to count of course ;)

Google has a couple of presentations out which shows their numbers , see
google("google ipv6 ripe|nanog|etc") . Wikipedia is measuring a similar
thing, see http://ipv6and4.labs.wikimedia.org/stats.html

At the time I now look: "Hits where AAAA breaks the request: 0.36%"
If you earn millions of dollars per second that could hurt, if you are a
smaller shop you probably don't care about that loss so much ;)

Greets,
 Jeroen



More information about the dns-operations mailing list