December 16th, 2004

IPv6 migration problems

» ,

Last year, I blog about a problem with Microsoft IPv6 implementation?

So after you installed the v6 stack on XP and unable to connect to 6bone for any reasons, you would also lost your ability to talk to any of the dual stack site, even though you can reach them via v4.

This should not be so if applications follows the Internet Draft on Application Aspects of IPv6 Transition. Section 4.3 reads:

Implementations typically by-default prefer IPv6 if the remote node and application support it. However, if IPv6 connections fail, version-independent applications will automatically try IPv4 ones. The resolver returns a list of valid addresses for the remote node and applications can iterate through all of them until connection succeeds.

So on platforms where this is implemented properly (e.g. FreeBSD), you just notice some delay (~3-5sec) in all your IP communication to the dual-stack hosts.

The delay is irriating but would not adversely affect normal Internet uses. Internet users who encounter this problem will eventually debug this and hopefully fix their IPv6 connectivity and join the v6 world (ya!), or turn off their IPv6 (sigh).

But recently, there are more serious problems. A discussion thread in NANOG few days ago noted that some users are experiencing DNS resolution failures.

Is anyone else experiencing DNS timeout errors. I’ve tried using multiple name resolvers, and tested multiple domain names using different name servers, and I keep getting “name not found” errors.

What happened is when users or ISPs installed the latest BIND1, which comes with dual-stack support and IPv6 records in root zone file, installed it on their Linux/FreeBSD server that shipped with IPv6 enabled by default, but did not have their IPv6 connectivity in place, the DNS resolution will timeout as it tries to connect to the root DNS2 on IPv6 via the not-working IPv6 interface. The IPv6 timeout is longer then the DNS timeout so queries will fail.

Put IPv6 DNS records into root & .com/.net zone and ISC meant and to have support for dual stack BIND are all the little things we (the Internet community) do to try to get towards IPv6. All of us meant well I am sure but this clearly demostrated the danger of unintended consequences.

Karl Auerbach actually warns about this problem in Oct 2004. See also his latest entry.

But unlike Karl, I don’t think this is “end-of-the-world” or suffice to wack ICANN, ISC or whoever is involved. It is just a amusing hiccup that can be easily resolved. The workaround is as above: join IPv6 world or turn off IPv6 support (e.g. named -4).

1 BIND started shipping with IPv4/IPv6 transition support, dual-stack-servers with root zone file with IPv6 records in Sept 2004.

2 ICANN added IPv6 to DNS Root in July 2004. Related news, Verisign announce to IPv6 support for .com/.net zone in Oct 2004.

Comments are closed.