IPv6 took another significant step forward yesterday, as the root DNS zone was updated with IPv6 addresses for six of the 13 root servers. Most root servers are "anycasted:" physical machines are placed in different locations, but share an address. Requests are automatically routed to the closest server.
As we noted a month ago, this change means that it's now possible for an IPv6-only system to connect to another IPv6-only system without the need to do DNS lookups over IPv4. In order to see how well that works, I turned off IPv4 on my Mac, started up a local nameserver, and started typing URLs. Of the 16 web sites that I tried, nine were reachable, seven were not. For instance, the Internet Systems Consortium that publishes BIND, the most popular DNS server software, was reachable, as were the RIPE NCC, LACNIC, AfriNIC, and APNIC, four of the five Regional Internet Registries that give out IP addresses around the globe. The missing RIR is ARIN, the American Registry for Internet Numbers, which fulfills this function in North America. Although the ARIN site is reachable over IPv6, ARIN only has IPv4 nameservers so an IPv6-only nameserver can't reach any of those nameservers to resolve the www.arin.net name.
Before the addition of the IPv6 addresses to the root zone, there was worry about the increase in the size of the DNS reply that lists all the root nameservers and their addresses. However, the names of all the root servers easily fit in a 512-byte packet. The addresses are extra information, and as such, may be omitted if the packet is in danger of becoming too large. So when a DNS server that doesn't indicate that it supports larger packets does its initial request for the list of root nameservers after it starts, it will always see the full list of 13 root server names in the reply. Some of the root servers then include all the IPv4 addresses and as many IPv6 addresses as will fit in the response (usually, two of them), others return a more balanced mix of IPv4 and IPv6 addresses, usually ten of the former and four of the latter. However, the reply is not marked as "truncated" so there is no need to repeat the query over TCP with all the firewalling dangers that that entails.
Interestingly, the K root server is already getting more than 100 queries per second over IPv6, while the maximum IPv4 query rate is around 9,000 per second. A bit more than 1 percent of the queries over IPv6 doesn't seem like much, but it does suggest that IPv6 uptake, at least in some circles, can no longer be accounted for by margin of error. It does, however, seem as though these figures aren't consistent from one root server to the next.
What does this step mean in the grand scheme of things? In practical terms, nothing, really: you pretty much have to go out of your way to run an IPv6-only nameserver, which will then be slower and more failure-prone than its easier-to-configure dual stack IPv4+IPv6 counterpart. Even then, you'll have to find a domain seller who can handle the necessary DNS records in the first place. But the move does mark a fundamental change: before yesterday, IPv6 was incapable of doing some things that IPv4 could do since the invention of the DNS in the late 1980s. Now, the two protocols are on an equal footing—in theory, at least.
In practice, it is of course possible to completely ignore IPv6 in favor of IPv4. The next big step for IPv6 is to become so ubiquitous that users will expect to be able to reach services over IPv6 as well as IPv4. For a long time, IPv6 proponents assumed—or at least hoped—this would happen before we ran out of IPv4 addresses, but appears increasingly unlikely. So it looks like in a few years we'll have a situation where most of the Internet is still IPv4-only, but newcomers won't be able to get IPv4 addresses to join the party.
"This is an important step in the direction of adopting IPv6 and with that, the preservation of an open Internet," said Erik Huizer, chair of the Dutch IPv6 Task Force. "But it's a first step, there is still a lot to be done."
So read everything you need to know about IPv6 and go forth and enable it on your systems. And don't forget to download the latest named.root file if you run a DNS server.
