IPv6 status in the .nu zone
Ulrich Wisser, senior DNS expert at the Swedish Internet Foundation has run a software test to look at the level of support for IPv6 within the .nu domain.
Let’s say you want to look at the level of support for IPv6 within the .nu domain. You could grab the zone file, where all registered .nu domains are listed (it’s available online these days) and search for AAAA records – also known as IPv6 addresses – in it.
That would tell you that there are less than 100 name servers in the .nu zone with IPv6 addresses. But of course, that’s far from the whole story. Most .nu domains have their name servers elsewhere, and there are many other parameters besides the name server address to consider.
– Having IPv6 support in your name server is obviously necessary if you want your domain to be reachable over IPv6. But I wanted to find out more about the status of IPv6 in .nu, says Ulrich Wisser, senior DNS expert at the Swedish Internet Foundation.
Common sense says that if you want to find out if a domain is reachable over IPv6, the best way is in fact to try to reach it. Run your test program on a computer with IPv6 enabled, connect to the name servers one by one and record the responses. Which is exactly what Ulrich did, and he ended up with these numbers:
| IPv6 only | IPv6 + v4 | |
| Hosts with IPv6 | 7009 | 7767 |
| Host without IPv6 | 17 160 | 16 402 |
| Domains with all IPv6* | 181 371 | 183 454 |
| Domains with some IPv6** | 14 819 | 15 874 |
| Domains without IPv6 | 58 784 | 55 646 |
In total, there were 254 974 domains and 24 169 hosts in .nu on that day, 2020-09-07.
*) All name servers for the domain had IPv6 addresses.
**) Some name servers for the domain had IPv6 addresses.
First run with only IPv6 enabled
The test program was first run on a computer with only IPv6 enabled, but no IPv4 traffic. For the next run, IPv4 was also enabled which, unsurprisingly, resulted in more IPv6 hosts and domains found.
We’ll come back to this, but let’s first look at some of the issues Ulrich Wisser encountered when trying to set up an IPv6-only host computer.
– The IT infrastructure at the Internet Foundation runs in AWS’ cloud, and it turns out to be difficult to run IPv6 only in AWS. Disabling IPv4 networking on your machine is kind of easy, but AWS does not provide an IPv6-enabled resolver. Therefore, I had to install my own resolver, which I honestly wanted to do anyway, he says.
Over the last ten years, the regional internet registries have gradually run out of IPv4 addresses to hand out which should have made the transition to IPv6 inevitable. However, this transition has not happened and IPv4 traffic is still responsible for about two thirds of all internet traffic according to Google (https://www.google.com/intl/en/ipv6/statistics.html#tab=per-country-ipv6-adoption).
Low share of IPv6 in .nu domains
In Sweden and Denmark, where many .nu domains are registered, the IPv6 share is lower yet, about 5 per cent. But again, these measures show actual traffic and not what would be possible. We can see in the table above that almost 80 per cent of the .nu domains at least have an IPv6-capable name server, so from that perspective a lot more traffic could likely travel over IPv6.
Just for reference: the corresponding percentage for the much larger .se zone is 70 per cent (see https://ipv4.rip – a site built and maintained by Swedish IPv6 evangelist Torbjörn Eklöv and quite purposefully only accessible via IPv6).
But let’s get back to measurements. Much of the internet today runs on “dual stacks” – both IPv4 and IPv6 active – using v4 as an automatic fallback if a v6 connection fails. The mechanism used to decide between IPv4 and IPv6, “Happy Eyeballs”, is documented in IETF’s RFC 8305 (https://tools.ietf.org/html/rfc8305). The basic idea is to ask for both connections simultaneously and use the one that is established first. Some tweaks are added to this basic idea to make it slightly more likely that the algorithm will pick IPv6 when both protocols are available.
The Happy Eyeballs selection is transparent to user software, which is why you need to turn off IPv4 if you want to make sure that you really are probing IPv6 connectivity. This is also why running the test with IPv4 turned on reveals more IPv6 domains in the zone since some name servers can only be reached over IPv4, even though they advertise IPv6 addresses.
– You must keep in mind that reaching a single host, a name server in this case, may require a series of DNS queries. If just one link in the chain of resolvers lacks IPv6, you cannot reach the final destination over IPv6 even though it has an AAAA record, says Ulrich Wisser.
Finally, running only IPv6 can come back to bite you in unexpected places.
– I mentioned that AWS does not provide an IPv6-enabled resolver, but it’s worse than that. Our v6-only server runs Ubuntu and it turns out that Canonical – the company behind Ubuntu – does not fully support IPv6 either. As our server currently runs in the AWS region on Ireland, it is supposed to get its software updates from eu-west-1.ec2.archive.ubuntu.com – a host that does not have a v6 address. Even worse, the name servers for the ubuntu.com domain do not have v6 addresses either. You would not have expected this in 2020.
So: an Ubuntu machine running only IPv6 simply cannot update its installed software packages.
This is the first in a planned series of articles about IPv6 support in .nu. Future articles will look at e.g., mail servers with IPv6.
The test software that was used to traverse the .nu zone is available on GitHub, https://github.com/ulrichwisser/zone6
