DNS over IPv 6 Geoff Huston George Michaelson

DNS over IPv 6 Geoff Huston & George Michaelson APNICLabs October 2012

What are the questions? 1. What proportion of DNS resolvers are capable of performing DNS queries using IPv 6? 2. What proportion of users are using IPv 6 capable DNS resolvers? 3. Can we see evidence of IPv 6 UDP PTMU issues when we construct large responses with DNSSEC?

Experimental Technique • Use the Ad Network! – It’s quick – it takes a day or less to set up an ad – It’s effective – we can perform millions of tests across the entire Internet within a few days – It’s amazingly cheap – no user click = no payment!

The Experiment • Set up a subdomain that only has IPv 6 NS records – Isolate the IPv 6 -only subdomain server on a dedicated DNS authoritative nameserver • Embed the unique id generation and the URL fetches in the ad control section of a Flash Object • Enroll an online advertisement network to display the ad • The underlying code and the retrieval of the image is executed as part of the ad display function – No user click-through is required (or wanted!)

Experiment Run 21 – 27 September 2012: 2, 299, 647 experiments were executed 432, 642 experiments queried the DNS over IPv 6

IPv 6 DNS Resolvers • How many DNS resolvers queried for experiment domains in dotnxdomain. net? • How many of these DNS resolvers also queried using IPv 6 for *. t 7. dotnxdomain. net?

IPv 6 DNS Resolvers • How many DNS resolvers queried for experiment domains in dotnxdomain. net? 111, 538 • How many of these DNS resolvers also queried using IPv 6 for *. t 7. dotnxdomain. net? 5, 225

Q 1: What proportion of DNS resolvers are IPv 6 capable? 4. 6% of visible DNS resolvers appear to be performing DNS queries using IPv 6

Q 1: What proportion of DNS resolvers are IPv 6 capable? 4. 6% of visible DNS resolvers appear to be performing DNS queries using IPv 6 For comparison, 2. 1% of visible DNS resolvers appear to be DNSSECvalidating resolvers, so this is not that bad a result!

Where are these IPv 6 -capable DNS resolvers? CC %v 6 V 6 Clients BT JE LI HU EE SI LV TH FO CZ PT DE US ZM UG LU SE HR ID JP 124% 95% 79% 66% 56% 54% 49% 47% 45% 42% 40% 39% 36% 33% 31% 30% 28% 27% 158 57 43 16, 717 1, 343 3, 819 1, 687 100, 694 19 4, 429 8, 776 14, 202 465, 169 265 1, 353 909 3, 614 7, 878 16, 219 55, 314 V 4 Clients 127 60 54 24, 969 2, 380 6, 771 3, 120 201, 883 40 9, 740 20, 576 34, 950 1, 145, 319 676 3, 749 2, 705 11, 368 25, 490 56, 762 198, 785 Country Bhutan (*) Jersey Liechtenstein Hungary Estonia Slovenia Latvia Thailand Faroe Islands Czech Republic Portugal Germany United States of America (**) Zambia Uganda Luxembourg Sweden Croatia Indonesia Japan * Some of the V 4 resolvers are announced from an AS registered to a different CC code ** AS 15169 (Google’s global Public DNS service) is included in the US figures

The Biggest IPv 6 Resolvers by Origin AS V 6 Clients V 4 Clients 383, 742 63, 344 38, 954 34, 072 21, 453 16, 308 15, 746 15, 415 13, 824 11, 850 9, 736 9, 351 7, 629 7, 443 7, 435 6, 054 5, 826 4, 922 4, 584 4, 549 324, 968 51, 998 91, 186 58, 877 51, 389 14, 337 12, 609 20, 048 13, 062 27, 322 12, 105 36, 386 8, 576 5, 412 8, 527 962 14, 064 6, 273 4, 610 5, 810 AS AS 15169 AS 45758 AS 7922 AS 9737 AS 4713 AS 8708 AS 2518 AS 12322 AS 5483 AS 17974 AS 3320 AS 36692 AS 22773 AS 7018 AS 3243 AS 6939 AS 5391 AS 6327 AS 10030 AS 9824 AS NAME GOOGLE - Google Inc. , USA TRIPLETNET-AS-AP Triple. T Internet, Thailand COMCAST-7922 - Comcast Cable Communications, Inc. , USA TOTNET-TH-AS-AP TOT Public Company Limited, Thailand OCN NTT Communications Corporation, Japan RDSNET RCS & RDS S. A. , Romania BIGLOBE NEC BIGLOBE, Ltd. , Japan PROXAD Free SAS, France HTC-AS Magyar Telekom plc. , Hungary PT Telekomunikasi Indonesia, Indonesia DTAG Deutsche Telekom AG, Germany OPENDNS - Open. DNS, LLC, USA ASN-CXA-ALL-CCI-22773 -RDC - Cox Communications Inc. , USA ATT-INTERNET 4 - AT&T Services, Inc. , USA TELEPAC PT Comunicacoes, S. A. , Portugal HURRICANE - Hurricane Electric, Inc. , USA T-HT Hrvatski Telekom d. d. , Croatia SHAW - Shaw Communications Inc. , Canada CELCOMNET-AP Celcom Internet Service Provider , Malaysia ASN-ATHOMEJP Technology Networks Inc. , Japan

Now lets look at Clients: • How many experiments completed DNS queries? • How many experiments completed IPv 6 DNS queries?

Q 2: What proportion of users are using IPv 6 capable DNS resolvers? • How many experiments completed DNS queries? 2, 300, 384 • How many experiments completed IPv 6 DNS queries? 432, 632 or 19%

Still looking at Clients: • How many unique IP addresses completed web fetches for objects named in the experiment? • How many clients were able to perform web fetches that required IPv 6 DNS resolvers?

Still looking at Clients: • How many unique IP addresses completed web fetches for objects named in the experiment? 890, 920 • How many clients were able to perform web fetches that required IPv 6 DNS resolvers? 161, 125 or 18%

Where can we find clients who have IPv 6 -capable DNS resolvers?

Where can we find clients who have IPv 6 -capable DNS resolvers? Client use of DNS over IPv 6 by country (%) September 2012

The top of the country list % who IPv 6 DNS 100. 00% 90. 00% 87. 10% 84. 62% 84. 00% 80. 00% 68. 42% 63. 64% 62. 76% 54. 55% 52. 08% 50. 44% 49. 54% 48. 90% 48. 88% 48. 27% 47. 29% 44. 72% 44. 44% 42. 72% 40. 98% 40. 00% 39. 36% 39. 14% 38. 24% Clients who V 6 DNS All clients 1 9 27 11 21 4 13 14 246 6 676 1, 710 590 1, 540 1, 048 167 514 89 4 132 50 4 3, 520 2, 591 13 1 10 31 13 25 5 19 22 392 11 1, 298 3, 390 1, 191 3, 149 2, 144 346 1, 087 199 9 309 122 10 8, 943 6, 619 34 Nauru Burundi Saint Vincent and the Grenadines Saint Pierre and Miquelon Jersey Guadeloupe Liechtenstein Faroe Islands Brunei Darussalam Sierra Leone Occupied Palestinian Territory Algeria Latvia Belarus Slovenia Nicaragua Estonia Djibouti Liberia Honduras Haiti Congo Germany Portugal Gambia

The top of the country list % who IPv 6 DNS 52. 08% 50. 44% 49. 54% 48. 90% 48. 88% 47. 29% 39. 36% 39. 14% 36. 15% 36. 12% 35. 70% 35. 05% 34. 52% 34. 38% 32. 89% 31. 34% 31. 08% 31. 07% 30. 06% 27. 58% 27. 46% 26. 90% 26. 87% 25. 02% Clients who V 6 DNS All clients 676 1, 710 590 1, 540 1, 048 514 3, 520 2, 591 1, 486 7, 769 623 184 1, 240 3, 342 11, 232 874 5, 748 933 11, 006 1, 710 299 202 632 285 3, 697 1, 298 3, 390 1, 191 3, 149 2, 144 1, 087 8, 943 6, 619 4, 111 21, 509 1, 745 525 3, 592 9, 721 34, 152 2, 789 18, 497 3, 003 36, 616 6, 201 1, 089 751 2, 352 1, 137 14, 778 Occupied Palestinian Territory Algeria Latvia Belarus Slovenia Estonia Germany Portugal Singapore Indonesia Sweden Luxembourg Czech Republic Hungary Thailand Armenia Romania Kenya USA Vietnam Finland Nigeria Azerbaijan Iraq France Ranking only those CCs with more than 500 sample points in this experiment run (111 CC’s)

The bottom of the country list % who IPv 6 DNS 52. 08% 50. 44% 49. 54% 48. 90% 48. 88% 47. 29% 39. 36% 39. 14% 36. 15% 36. 12% 35. 70% 35. 05% 34. 52% 34. 38% 32. 89% 31. 34% 31. 08% 31. 07% 30. 06% 27. 58% 27. 46% 26. 90% 26. 87% 25. 02% Clients who V 6 DNS All clients 676 1, 710 590 1, 540 1, 048 514 3, 520 2, 591 1, 486 7, 769 623 184 1, 240 3, 342 11, 232 874 5, 748 933 11, 006 1, 710 299 202 632 285 3, 697 1, 298 3, 390 1, 191 3, 149 2, 144 1, 087 8, 943 6, 619 4, 111 21, 509 1, 745 525 3, 592 9, 721 34, 152 2, 789 18, 497 3, 003 36, 616 6, 201 1, 089 751 2, 352 1, 137 14, 778 Occupied Palestinian Algeria Latvia Belarus Slovenia Estonia Germany Portugal Singapore Indonesia Sweden Luxembourg Czech Republic Hungary Thailand Armenia Romania Kenya USA Vietnam Finland Nigeria Azerbaijan Iraq France % who Clients who V 6 DNS IPv 6 All clients DNS 0. 87% 624 72, 039 Republic of Korea 1. 00% 103 10, 306 Qatar 1. 27% 205 16, 203 United Arab Emirates 1. 28% 18 1, 404 Uruguay 1. 40% 28 2, 003 Malta 1. 43% 9 630 Mali 2. 09% 33 1, 580 Puerto Rico 2. 21% 48 2, 171 Bahrain 2. 38% 30 1, 259 Mauritius 2. 55% 70 2, 745 Oman 2. 62% 558 21, 334 Saudi Arabia 2. 70% 842 31, 199 Greece 2. 71% 44 1, 624 Macao 2. 72% 66 2, 429 Jordan 2. 84% 20 703 Sudan 2. 84% 137 4, 817 Belgium 3. 05% 108 3, 542 Israel 3. 45% 218 6, 311 Lithuania 3. 91% 3, 222 82, 391 China 3. 94% 150 3, 804 Venezuela 3. 99% 30 752 El Salvador 4. 25% 27 635 Trinidad and Tobago 4. 37% 38 870 Paraguay 4. 56% 985 21, 618 United Kingdom 4. 59% 300 6, 534 Peru Ranking only those CCs with more than 500 sample points in this experiment run (111 CC’s)

Clients who have IPv 6 -capable DNS resolvers by AS – the top AS’s Clients who V 6 DNS All clients % who IPv 6 DNS 89% 88% 87% 86% 85% 85% 85% 84% 83% 83% 82% 82% 81% 81% 80% AS 52242 AS 15169 AS 28545 AS 28220 AS 28509 AS 38844 AS 28516 AS 36991 AS 42248 AS 28512 AS 53006 AS 262227 AS 21804 AS 39309 AS 11814 AS 7922 AS 3243 AS 52075 AS 15975 AS 198471 AS 35063 AS 5645 AS 25441 AS 29084 AS 49363 AS 42689 50 56 147 165 52 59 78 89 95 109 51 59 72 84 53 62 52 61 46 54 252 296 106 125 54 64 278 333 5, 743 6, 902 2, 385 2, 872 62 75 497 609 71 87 62 76 365 448 82 101 182 225 275 343 56 70 Yota De Nicaragua, Nicaragua GOOGLE - Google Inc. , United States of America Cablemas Telecomunicaciones SA de CV, Mexico , Brazil Cablemas Telecomunicaciones SA de CV, Mexico NTNU-TW National Taiwan Normal University, Taiwan Cablemas Telecomunicaciones SA de CV, Mexico ORANGE-UG, Uganda VIDA-OPTICS Vida Optics TVV, Bulgaria Cablemas Telecomunicaciones SA de CV, Mexico , Brazil Claro Panam· S. A. , Panama ACCESS-SK - Access Communications Co-operative Limited, Canada EDUTEL-AS Edutel B. V. , Netherlands DISTRIBUTEL-AS 11814 - DISTRIBUTEL COMMUNICATIONS LTD. , Canada COMCAST-7922 - Comcast Cable Communications, Inc. , United States of America TELEPAC PT Comunicacoes, S. A. , Portugal WIFIRST Wifirst S. A. S. , France HADARA-AS Hadara Technologies, Occupied Palestinian Territory LINKEM-AS Linkem spa, Italy TKCHOPIN-AS TKChopin Computer Centre, Poland TEKSAVVY-TOR Tek. Savvy Solutions Inc. Toronto, Canada IBIS-AS Imagine Group Ltd. , Ireland COMNET-AS Comnet Bulgaria Holding Ltd. , Bulgaria OAR-DC "Orange Armenia" CJSC, Armenia CABLECOM-AS Cablecom Networking Limited, United Kingdom Ranking only those ASs with more than 50 sample points in this experiment run (1, 194 AS’s)

Q 3: Can we see evidence of IPv 6 UDP PTMU issues when we construct large responses with DNSSEC?

Q 3: Can we see evidence of IPv 6 UDP PTMU issues when we construct large responses with DNSSEC? No! We run Bind 9. 9. 1 on Free. BSD which sets the V 6 UDP socket to the min MTU so we don’t see any UDP response fragmentation (draft-andrews-dnsext-udp-fragmentation-01. txt)

Can we see evidence of other IPv 6 PTMU issues? Yes, in DNS over TCP over IPv 6 We used a local MTU of 1500 And we received 4, 670 ICMP packet too big ICMP messages: 4 messages proposed 1280 octet MTU 19 messages proposed 1476 265 messages proposed 1480 4, 382 messages proposed 1500 ?

Broken IPv 6 MTU routers Who is sending these broken 1500 octet ICMP 6 PTB messages? #msgs 62 12 4 8 2 73 102 3649 69 26 10 10 55 294 6 router 2001: 620: 610: 20: : 20 2001: 630: 0: 9003: : 2 2001: 630: 53: 89 c 4: : 26 2001: 660: 3305: a 205: : 111 2001: 6 a 8: 2500: 1000: : 2 2001: c 18: 0: 3001: : 4 2001: c 38: 9004: 6: : 2 2001: c 68: bfff: 5: : d 2001: ff 8: 1: 254: : 24 2001: 1284: ff 00: ffff: : 4 2001: 14 f 0: 0: 5: : e 2001: 49 b 8: : a 2401: b 000: 2: : a 2605: f 000: : 3 2 a 00: dc 8: 0: f: : 4 CC CH GB GB FR BE MY BE CN MO BR DE US MY US NL AS AS Name AS 559, Swiss Education and Research Network AS 786, JANET The JNT Association AS 2200, Reseau National de telecommunications pour la Technologie AS 2611, BELNET AS 10204, ARCNET-NTT AS 2611, Communication Authority of Thailand AS 4134, CHINANET-BACKBONE AS 7582, University of Macau AS 14868, Companhia Paranaense de Energia - COPEL AS 12355, HHe. Li NET Telekommunikation Gmb. H & Co. KG AS 21737, SPRINGNET 2 -NET - Spring. Net AS 17971, TMVADS-AP TM-VADS DC Hosting AS 22442, PHONOSCOPE AS 39637, Netlogics BV

The Good, and the not-so-Good 18% of today’s clients appear use DNS resolvers that are capable of undertaking DNS queries for domains whose authoritative nameservers are IPv 6 -only But only some 0. 18% of today’s clients will use IPv 6 to actually fetch a dual stack object

Thank you!