Thoughts about ipv6 white listing

George Bonser gbonser at
Sat Dec 4 23:40:41 CET 2010

> You don't know if the client has IPv6-connectivity, you just know the
> client initiates AAAA-queries. Their really is a big difference here.

Additionally, in a sort of way, it will be rolled out gradually.  ONE resource will be rolled out with AAAA records initially.  That resource will correspond to all clients on one specific remote network (generally in this operation, clients on each remote network connect to a resource on our side dedicated to those clients on that network).  The one chosen first is the one who has already been making the most AAAA requests to our DNS anyway.

So let's say provides services for clients on,, and  There is a resource at z called, and, each resource corresponds to the clients on those respective networks.  Z notices that clients always make an AAAA request before making an A request.  Z rolls out an ipv6 only name server and notices that the request from begin arriving to the v6 name server (at that point there are still no AAAA records, z is simply handing out the same zone they are handing out over v6).

That is a pretty good (though not 100% conclusive) indication that is v6 ready.  Z then places an AAAA resource in the v6 zone for and notices that the client traffic moves from v4 to the v6 resource.  The other possible case is that all traffic from b suddenly disappears. So it pretty much is either going to work or it is going to break.  Doing it this way has not changed service at all for clients on or  And no resources are moved to AAAA records the v6 dns zone until they start to see requests to the v6 name server for AAAA records.

More information about the ipv6-ops mailing list