Charnell Lucich

iPv6 anyone?

Posted on: January 4, 2008

Kevin sent me an article to read this morning, just as he does every morning after I get to work and I must say, I was pretty damn happy to see it. In this post I’ll share snippets from the article and if it strikes your interest, you can read more about it here.

At the end of last year, (2007 for those of you who haven’t really got in the groove of realizing it’s now 2008) ICANN/IANA made the following announcement:

“On 4 February 2008, IANA will add AAAA records for the IPv6 addresses of the four root servers whose operators have requested it.”

ICANN (Internet Corporation for Assigned Names and Numbers) is responsible for the global Domain Name System, IANA ( Internet Assigned Numbers Authority ) is a part of ICANN. So as this article states, “come February 4, 2008, it will be possible for two IPv6 hosts to communicate across the IPv6 Internet without having to rely on any IPv4 infrastructure.” We’ve heard a lot of stories about getting to this point for several years now and I’m happy to see that it’s finally coming together.

Just as the article explains, when a DNS server starts up, it has to find the root servers that sit at the top of the name delegation chain. For this purpose, a DNS server keeps a local hints file, named.root, (or named.cache or, found in /var/named/ on many systems) that has the names and addresses for all the root servers. However, system administrators don’t always keep this file up to date, so the first thing that a DNS server does upon startup is ask for an up-to-date list of root servers. So as long as there is still a single correct root server address in that named.root file, everything will work.

The problem: the original Domain Name System specification only allows for 512-byte packets in the DNS protocol. Now doing the math with 13 root servers, that’s quite a bit over 400 bytes already. Having any useful number of IPv6 addresses for root servers would push this beyond the 512-byte limit. This is part of the reason that the parties involved have constantly re-evaluated the downside effects of when IPv6 addresses for the root DNS servers are added to “the dot.” (A dot signifies the end of a DNS name. A dot without a name is the root of the DNS hierarchy.) The majority of modern DNS software is very well capable of sending and receiving packets larger than 512 bytes. If a DNS server doesn’t indicate this capability in its request, the root server will fit as much as it can within a 512-byte packet and mark the answer as “truncated,” which is the requester’s cue to retry the request over TCP rather than the usual UDP. So older DNS software shouldn’t have any problems, either, so long as firewalls don’t block DNS packets larger than 512 bytes or DNS requests over TCP.

And finally,

“If you run a resolving DNS server (that doesn’t include a DNS server in a home router), this is something you may want to check with your firewall administrator/vendor before February 4. If you run really old DNS software, this might be a good time to upgrade. However, if it’s well-behaved, you shouldn’t have any problems as long as you don’t download the new named.root file with IPv6 addresses in it that will no doubt show up on the IANA web site in the next few weeks. In the binary DNS protocol, the unknown information is of a known size and can be ignored by older software, but IPv6 addresses in a text file can only be parsed by software that is IPv6-aware.”


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Enter your email address to follow this blog and receive notifications of new posts by email.

Follow Charnell Lucich on

Follow me on Twitter

%d bloggers like this: