July 20, 2004

IPv6 and root servers

There's an article on Reuters today - New Technology Heralds Unlimited Web Sites - ICANN that quotes ICANN as saying " IPv6, had been added to its root server systems"

Well, I just dug around a bit and could find is no substance to that claim.  The root zone defines no IPv6 addresses for the legacy root servers and none of the major top level domains I examined had any IPv6 delegation information.  And to top it off it appears that the name registration system may not allow domain name owners to enter IPv6 information.

You can check for yourself by using a tool such as "dig" to examine the NS and glue information for the root zone (which is named ".") and for the TLD delegations.

To see what an IPv6 delegation looks like try the command
dig www.ipv6forum.org any
Notice the result line that looks like
jazz.viagenie.qc.ca. 258570 IN AAAA 3ffe:b00:c18:3::a

Now take a look at the root zone:
dig @a.root-servers.net . any
Do you see any AAAA records?  I don't.

Take a look at the zone information for .com:
dig @a.gtld-servers.net com. any
I don't see any AAAA records here either

I went further and did queries on the server names just to see if some of the glue records might have been missing.  The result - I didn't see any IPv6 records.

In addition, I checked whether my registrar can even accept IPv6 addresses for my name servers.  Nope.

So, to paraphrase Mark Twain - The claims that the DNS root layer supports IPv6 are greatly exagerated.

Does any of this stuff surprise me?  No.  When I was on the Board of Directors of ICANN I tried several times to get ICANN to recognize that IPv6 was out there and that name servers had to be reachable via IPv6, had to contain IPv6 records, and the registration system had to allow users to enter IPv6 information.  Even if the ICANN's claims about IPv6 been true one can only wonder why it took so long.

And there is one more small issue - the main protocol that carries DNS packets is UDP.  The RFC's for DNS put a limit of 512 bytes on those packets.  That limit, in turn, caused the limit of 13 IPv4 root servers.  With the addition of IPv6 information into the response packets there is a chance (a chance that I compute as being on the order of 100%) that we might find that we can no longer fit 13 servers into the responses.  I wonder which root servers will be eliminated?  Or will the 512 byte limit be removed?  Will ICANN even realize that these are issues to be answered?

Update (July 20, 11pm PST): Apparently .jp and .kr each have IPv6 (AAAA) records.  It is interesting to see how much larger the response packets have become due to the IPv6 information.  It would be interesting to crank the numbers to see how many fewer name servers a zone may have.  Such a calculation is necessarily imprecise because of variations in the length of name server names and the effects of DNS name compression.)

Posted by karl at July 20, 2004 2:32 PM