Connectivity to an IPv6-only site

Kevin Buhr buhr+nanog at asaurus.net
Sun Apr 25 01:02:47 UTC 2010


Valdis.Kletnieks at vt.edu writes:
>
> Ours are currently intentionally configured to not issue queries over IPv6,
> because at one time, there were *so many* sites that listed unreachable quad-A
> NS records. Our DNS guy is more than willing to revisit that config switch.
>
> Anybody have some statistics on what the current situation is?

I just dredged a list of 570 one, two, and three-dot domains from a
mailing list (a bunch of recent messages on debian-user).  Digging
them gave 919 unique nameserver domain names, and digging those gave
119 AAAA addresses. Of these, 106 responded to a DNS query (for the
nameserver's own AAAA address) in some fashion, and 13 didn't.

Of the 13, 5 were cogentco.com DNS servers and unreachable over my HE
tunnel thanks to ongoing peering disputes. 

In all cases, the nameservers with AAAA addresses had A addresses as
well.

(I got similar results with a list of domains taken from recent NANOG
postings, but then decided to look at the debian-user results in case
NANOG was unrepresentative.)

Anyway, it looks like bad IPv6 nameserver addresses are the exception
rather than the rule. Whether to flip on IPv6 queries will sort of
depend on how your resolvers behave when they receive a typical "bad"
response with 2 broken IPv6 addresses and 2 working IPv4 addresses.

-- 
Kevin <buhr+nanog at asaurus.net>




More information about the NANOG mailing list