• Beach Tweets

  • Archives

  • RSS PEER 1 Blog

    • An error has occurred; the feed is probably down. Try again later.

iPv6: Right Around Your Corner?

At the end of last year, (2007 for those of you who haven’t really got in the groove of realizing it’s now 2008) ICANN/IANA made the following announcement:

“On 4 February 2008, IANA will add AAAA records for the IPv6 addresses of the four root servers whose operators have requested it.”

ICANN (Internet Corporation for Assigned Names and Numbers) is responsible for the global Domain Name System, IANA ( Internet Assigned Numbers Authority ) is a part of ICANN. So as this article states, “come February 4, 2008, it will be possible for two IPv6 hosts to communicate across the IPv6 Internet without having to rely on any IPv4 infrastructure.”

We’ve heard a lot of stories about getting to this point for several years now and I’m happy to see that it’s finally coming together.

Just as the article explains, when a DNS server starts up, it has to find the root servers that sit at the top of the name delegation chain. For this purpose, a DNS server keeps a local hints file, named.root, (or named.cache or named.ca, found in /var/named/ on many systems) that has the names and addresses for all the root servers. However, system administrators don’t always keep this file up to date, so the first thing that a DNS server does upon startup is ask for an up-to-date list of root servers. So as long as there is still a single correct root server address in that named.root file, everything will work.

The problem: the original Domain Name System specification only allows for 512-byte packets in the DNS protocol. Now doing the math with 13 root servers, that’s quite a bit over 400 bytes already. Now if you wanted to have any useful number of IPv6 addresses for root servers it would push this beyond the 512-byte limit. This is part of the reason that the parties involved have constantly re-evaluated the downside effects.

The majority of modern DNS software is very well capable of sending and receiving packets larger than 512 bytes. If a DNS server doesn’t indicate this capability in its request, the root server will fit as much as it can within a 512-byte packet and mark the answer as “truncated,” which is the requester’s cue to retry the request over TCP rather than the usual UDP. So older DNS software shouldn’t have any problems, either, so long as firewalls don’t block DNS packets larger than 512 bytes or DNS requests over TCP.

Thoughts?

2 Responses

  1. A couple thoughts, first off, “it’s about time” comes to mind.

    If IPv6 is ever going to go anywhere, it takes some of the big players to start offering IPv6 services.

    Right now, there is precious little “real” IPv6 traffic, no root servers, few DNS servers, almost no web, mail, news or other servers. In short, even if you have IPv6, 99%+ of your traffic will be IPv4, so why bother? — Classic chicken and egg.

    Will running a root server in IPv6 make any technical difference at all? No.

    However, it does still up some news, and potentially motivates people to try it, and once geeks get IPv6 up and running, they’ll start to look for additional ways to use the new toy. That’s a good thing, if you’re at all in favour of IPv6.

    I, for one, think it’s about time.

  2. Personally I’d rather wait just a little longer before they really get this ball rolling. You think spam and hackers are rampid now without enforced laws, what do you think will happen after the criminals get on IPv6? If this was done right, the crime on the net will take langer to infiltrate the IPv6 structure, provided there are safe guards in place first.

    Dave your right…it is about time especially for standards and safe guards to be put in place first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: