31 May 2011
Contributors: Anand Buddhev
World IPv6 Day is on 8 June 2011. On this day, a lot of organisations, including some of the most popular ones like Google, Yahoo and Facebook, are going to provide IPv6 addresses for AAAA queries for their websites. This will make content available over IPv6 for one full day. Since DNS responses are often cached, some users won't see this change immediately. In this article we look at how DNS caching affects the start of World IPv6 Day, and how World IPv6 Day participants can minimise these effects.
Almost all users access websites by using the name of the webpage. Typically, the user's web application (such as a browser) will send DNS queries to a caching DNS resolver which is provided by the user's ISP. The caching resolver will do recursive queries to find the address of the website, return the answer to the user, and also cache the answer. If another user asks for the same website's address, the resolver doesn't have to go looking for the answer; it already has it in its cache.
A resolver typically caches an answer for as long as is defined in the time-to-live (TTL) field of the answer in a DNS response. However, not all DNS responses contain an answer and so there's no TTL either. However, it is still useful to cache such a
, in case the cache receives queries for it soon after. So how is a resolver to determine how long it may cache the response? RFC 2308 describes the solution: all negative answers must be accompanied by a start of authority (SOA) record in the authority section of the response. The resolver should use whichever is the lower value of:
1. The TTL of the SOA record; or
2. The minTTL field of the SOA record
At the moment, most of the sites participating in World IPv6 Day are not providing IPv6 addresses in response to queries for AAAA records. This results in negative responses, which are cached for some time. At midnight on 8 June, when the participating sites begin to provide IPv6 addresses to queries, some users may not see these addresses, because those users' resolvers may have briefly cached negative responses. For those users, World IPv6 Day will start a little later than midnight. We were curious to see how big the effect might be, so we looked at the SOA records of the participating sites.
Measurements in early 2010 we did showed that roughly 10% of users to www.ripe.net ask for AAAA-records, while at the time only 1% of these users had actual IPv6 connectivity to www.ripe.net. This indicates that the negative caching will occur, especially for heavily used caching resolvers.
Figure 1: DNS negative caching for websites participating in World IPv6 Day
Figure 1 shows the values for negative caching of DNS resource records for websites listed in ISOC's list of World IPv6 Day participants, on 30 May 2011. The negative caching values we found include 60 seconds at the low end. Other frequently recurring values are 5 minutes, 1 hour, 2 hours, 1 day and 2 days even! If in the upcoming week these values don't change, a substantial fraction of websites could still be seen as single-stacked up to an hour after they publish both A and AAAA records. Some websites may not be visible to some users for a full day or more! However, we expect a lot of the participants to lower either the minTTL value in the SOA, or the TTL on the SOA itself in the coming days, so the effect of negative caching remains minimal.
Note that BIND has an option called
, which defaults to 3 hours. This prevents most standard BIND resolver installations from caching negative responses for more than 3 hours. This helps to work-around the large negative caching TTL values that some zones publish.
In this article we look into how DNS negative caching affects the start of World IPv6 Day, which is something World IPv6 Day participants should be aware of. We show that with the current settings, some World IPv6 Day participant can expect caching to happen for multiple hours. We hope that people that currently have long negative caching periods had planned to change DNS settings in the coming days, if not, it's not too late!