IPv6 brokenness and DNS whitelisting

{{Update |section |date=October 2024}}

As of May 2011, IPv6 brokenness as measured by instrumenting a set of mainstream Norwegian websites was down to ~0.015%,{{cite web|url=http://www.fud.no/ipv6/|title=IPv6 dual-stack client loss in Norway|author=Tore Anderson|accessdate=2011-06-16}}{{Dead link|date=August 2024 |bot=InternetArchiveBot |fix-attempted=yes }} most of which was caused by older versions of Mac OS X which would often prefer non-working IPv6 connectivity when it was not justified.{{cite web|url=http://ripe61.ripe.net/presentations/162-ripe61.pdf|title=Measuring and combating IPv6 brokenness|author=Tore Anderson|accessdate=2010-12-29}}, presented at RIPE 61, Rome, November 2010

This behavior was fixed in Mac OS X 10.6.5, and is likely to decline further as Mac OS X 10.6.5 and subsequent versions roll out to a wider audience. However, there was no upgrade path for PowerPC-based Macs.{{cite web|url=https://arstechnica.com/apple/news/2010/11/apple-fixes-broken-ipv6-by-breaking-it-some-more.ars|title=Apple fixes broken IPv6 by breaking it some more|publisher=Ars Technica|author=Iljitsch van Beijnum|date=12 November 2010 |accessdate=2010-12-29}}

The main remaining problem for Mac OS X was the presence of rogue routers, such as wrongly configured Windows Internet Connection Sharing devices pretending to have IPv6 connectivity, while 6to4 tunneled IPv6 traffic is blocked at a firewall.{{citation needed|date=June 2012}} Another problem was pre-10.50 versions of Opera.{{citation needed|date=June 2012}}

Following World IPv6 Day in July 2011, there were reports of a substantial reduction in IPv6 brokenness as a result of that experiment.{{cite web|url=http://www.networkworld.com/news/2011/072711-ipv6-brokenness.html|title='IPv6 brokenness' problem appears fixed|author=Carolyn Duffy Marsan|publisher=Network World|date=July 27, 2011|access-date=June 5, 2012|archive-date=April 4, 2012|archive-url=https://web.archive.org/web/20120404000703/http://www.networkworld.com/news/2011/072711-ipv6-brokenness.html|url-status=dead}} In the year following the trial, but prior to the World IPv6 Launch date, brokenness levels were reported to have risen slowly back upwards again towards 0.03%.{{cite web|url=http://news.cnet.com/8301-1001_3-57445316-92/internet-powers-flip-the-ipv6-switch-faq/?tag=postrtcol;posts|title=Internet powers flip the IPv6 switch (FAQ)|author=Stephen Shankland|date=June 4, 2012|publisher=CNET News}}

Google, a major provider of services on the Internet, experimented with using a type of DNS allowlisting on a per-ISP basis to prevent this{{cite web|url=http://www.google.com/intl/en/ipv6/|title=Google over IPv6|accessdate=2010-12-29}}{{cite web|url=https://arstechnica.com/web/news/2010/03/yahoo-wants-two-faced-dns-to-aid-ipv6-deployment.ars|title=Yahoo wants two-faced DNS to aid IPv6 deployment|author=Iljitsch van Beijnum|date=29 March 2010 |publisher=Ars Technica|accessdate=2010-12-29}} until the World IPv6 Launch. In the DNS allowlisting approach, ISPs are determined from DNS lookup source IP addresses by correlating them with network prefixes derived from routing tables. There is an [http://tools.ietf.org/html/draft-livingood-dns-whitelisting-implications IETF draft] entitled "IPv6 AAAA DNS Allowlisting Implications" that describes the issues around allowlisting. AAAA records are only sent to ISPs that can demonstrate that they are providing reliable IPv6 to their customers. Other ISPs are sent only A records, thus preventing users from attempting to connect over IPv6 when hostnames are used instead of ipv6-addresses.

Numerous concerns were raised about the practicality of DNS allowlisting as a long-term large-scale solution, such as scalability and maintenance issues relating to the maintenance of large numbers of bilateral agreements.{{cite web|url=http://www.ietf.org/proceedings/79/slides/dnsop-1.pdf|title=IPv6 DNS Allowlisting — Overview and Implications|author=Jason Livingood|date=October 2010|publisher=Comcast|accessdate=2010-12-29}}, presented at IETF79, Beijing In 2010, several of the major web service providers met to discuss pooling their DNS allowlisting information in an attempt to avoid these scaling problems.{{cite web|url=http://news.techworld.com/networking/3218712/google-microsoft-and-yahoo-talk-about-ipv6-whitelist/|title=Google, Microsoft and Yahoo talk about IPv6 allowlist|publisher=Techworld|date=29 March 2010|author=Carolyn Duffy Marsan|accessdate=2010-12-29|archive-date=2011-01-26|archive-url=https://web.archive.org/web/20110126181000/http://news.techworld.com/networking/3218712/google-microsoft-and-yahoo-talk-about-ipv6-whitelist|url-status=dead}}

It appears that no major content providers eventually ended up using the allowlisting approach, given that all that had previously declared an interest began serving AAAA records to generic DNS queries following World IPv6 Launch Day. Google now provides AAAA records to all DNS servers except for those on a limited list of subnets which Google excludes from AAAA record service.{{Cite news|url=https://googleblog.blogspot.co.uk/2012/06/world-ipv6-launch-keeping-internet.html|title=World IPv6 Launch: Keeping the Internet growing|newspaper=Official Google Blog|language=en-US|access-date=2017-01-06}}{{Cite web|url=https://www.google.com/intl/en_ALL/ipv6/statistics/data/no_aaaa.txt|title=Google IPv6 AAAA record network exclusion list|last=|first=|date=|website=|access-date=2017-01-06}}

As of 2017, IPv6 brokenness is now generally regarded as a non-problem. This is due to two factors: firstly, IPv6 transport is much improved, so that the underlying error rate is much reduced, and secondly, that common applications such as web browsers now use fast fallback methods such as the "Happy Eyeballs" algorithm to select whichever protocol works best.{{Cite news|url=http://www.networkworld.com/article/2179639/lan-wan/-ipv6-brokenness--problem-appears-fixed.html|archive-url=https://web.archive.org/web/20150705061013/http://www.networkworld.com/article/2179639/lan-wan/-ipv6-brokenness--problem-appears-fixed.html|url-status=dead|archive-date=July 5, 2015|title='IPv6 brokenness' problem appears fixed|last=Marsan|first=Carolyn Duffy|newspaper=Network World|access-date=2017-01-06}} Some operating system vendors have rolled fast fallback algorithms into their higher-level network stack APIs, thus making the solution available for all programs that use those APIs to make connections.{{Cite news|url=https://arstechnica.com/tech-policy/2011/08/world-ipv6-day-leads-to-browsers-resistant-to-ipv6-brokenness/|title=In wake of World IPv6 Day, browsers resist IPv6 brokenness—but should they?|newspaper=Ars Technica|access-date=2017-01-06}}

• World IPv6 Day and World IPv6 Launch Day
• IPv6 deployment

{{reflist}}

• {{cite web|url=http://vyncke.org/testv6/|title=Estimation of IPv6 Brokenness|author=Eric Vyncke|date=October 2010|accessdate=2010-12-29}} — continuously updated
• {{cite web|url=http://tools.ietf.org/html/draft-ietf-v6ops-v6-aaaa-whitelisting-implications|title=IPv6 AAAA DNS Allowlisting Implications|author=J. Livingood|accessdate=2011-01-20}}
• {{cite web|url=http://www.h-online.com/features/The-big-IPv6-experiment-1165042.html|archiveurl=https://web.archive.org/web/20131207044634/http://www.h-online.com/features/The-big-IPv6-experiment-1165042.html|archivedate=7 December 2013|title=The big IPv6 experiment|publisher=h-online.com|date=10 January 2011}}

Category:IPv6

Category:Domain Name System

Category:Technological failures