[Infowarrior] - 4 root servers going to Ipv6

Richard Forno rforno at infowarrior.org
Fri Jan 4 04:05:19 UTC 2008


IPv6: coming to a root server near you

By Iljitsch van Beijnum | Published: January 02, 2008 - 11:43PM CT

http://arstechnica.com/news.ars/post/20080102-icann-to-add-ipv6-addresses-fo
r-root-dns-servers.html

Just before year's end, ICANN/IANA sent out a short message saying that "on
4 February 2008, IANA will add AAAA records for the IPv6 addresses of the
four root servers whose operators have requested it." The Internet
Corporation for Assigned Names and Numbers (ICANN) is mostly responsible for
the global Domain Name System, the Internet Assigned Numbers Authority
(IANA) is the part of ICANN. That means that as of February 4, 2008, it will
(theoretically) be possible for two IPv6 hosts to communicate across the
IPv6 Internet without having to rely on any IPv4 infrastructure. It's been a
long journey to get to this point.

Although there were some false starts (see this book chapter about IPv6 and
the DNS), putting IPv6 information in the DNS has been routine for many
years. For instance. Dutch ISP BIT at www.bit.nl is reachable over IPv6, and
the root servers know the IPv6 addresses of the .nl servers, which in turn
know the IPv6 addresses of the BIT DNS servers. So the only thing that
prevents IPv6-users from reaching BIT, should anyone be careless enough to
unplug the IPv4 Internet, is the fact that the root DNS servers are only
listed by their IPv4 address.

When a DNS server starts up, it has to find the root servers that sit at the
top of the name delegation chain. For this purpose, a DNS server keeps a
local hints file, named.root, (or named.cache or named.ca, found in
/var/named/ on many systems) that has the names and addresses for all the
root servers. However, system administrators don't always keep this file up
to date, so the first thing that a DNS server does upon startup is ask for
an up-to-date list of root servers. So as long as there is still a single
correct root server address in that named.root file, everything will work.

The trouble is that the original Domain Name System specification only
allows for 512-byte packets in the DNS protocol. With 13 root servers, we're
already well over 400 bytes. Any useful number of IPv6 addresses for root
servers would push this beyond the 512-byte limit. So for a long time, the
parties involved have considered the possibilities of ill effects when IPv6
addresses for the root DNS servers are added to "the dot." (A dot signifies
the end of a DNS name. A dot without a name is therefore the root of the DNS
hierarchy.)

The message from IANA links to a lengthy report, written by ICANN's Security
and Stability Advisory and Root Server System Advisory Committees, detailing
all the possible issues that could come up. The majority of modern DNS
software is capable of sending and receiving packets larger than 512 bytes,
so anyone running these should be fine. If a DNS server doesn't indicate
this capability in its request, the root server will fit as much as it can
within a 512-byte packet and mark the answer as "truncated," which is the
requester's cue to retry the request over TCP rather than the usual UDP. So
older DNS software shouldn't have any problems, either, so long as firewalls
don't block DNS packets larger than 512 bytes or DNS requests over TCP.

If you run a resolving DNS server (that doesn't include a DNS server in a
home router), this is something you may want to check with your firewall
administrator/vendor before February 4. If you run really old DNS software,
this might be a good time to upgrade. However, if it's well-behaved, you
shouldn't have any problems as long as you don't download the new named.root
file with IPv6 addresses in it that will no doubt show up on the IANA web
site in the next few weeks. In the binary DNS protocol, the unknown
information is of a known size and can be ignored by older software, but
IPv6 addresses in a text file can only be parsed by software that is
IPv6-aware.




More information about the Infowarrior mailing list