AAAA glue to the root zone

The other day it was announced that AAAA glue (IPv6 addresses for the root DNS servers) will be added to the root zone. Although I was not a formal member of SSAC at the time of writing this report (I am a member now), I was involved in the discussions around the report that is quoted in the report, and I completely agree with the conclusions that include:

On the basis of the above findings, the committees conclude that changing the DNS priming response to include IPv6 address records will have minimal impact on name server implementations and intermediate systems used in production networks.

What can be worth reading is the part of the report that is a test of home gateways and routers whether they can handle various features that are related to IPv6 deployment. A test that btw has been continued by .SE regarding DNSSEC features.

The message from IANA reads:


On 4 February 2008, IANA will add AAAA records for the IPv6 addresses
of the four root servers whose operators have requested it. A
technical analysis of inserting IPv6 records into the root has been
done by a joint working group of ICANN's Root Server System Advisory
Committee and Security and Stability Advisory Committee, a report of
which can be found at http://www.icann.org/committees/security/
sac018.pdf. Network operators should take whatever steps they feel
appropriate to prepare for the inclusion of AAAA records in response
to root queries.

More information will be posted to the IANA web site during January.

Regards,

Barbara Roseman
IANA General OperationsManager
ICANN

Updated: Some people have asked me what is really happening operationally. We will get AAAA records for the hostnames of the servers that are authoritative for the root zone. This implies DNS clients that want to issue DNS queries to those servers will start use IPv6 transport. Of course those DNS servers at that time will also respond to those queries. This implies two things. First of all, one can for the first time for real use IPv6 transport only for resolution of DNS queries. Secondly, resolvers that think they have IPv6 connectivity (to the now published IPv6 addresses) that in reality do not have it might get delays in resolution of DNS queries. They have to wait for a timeout and then fall back to IPv4 transport.