When Does World IPv6 Day Start?

Emile Aben — May 31, 2011 02:45 PM
Contributors: Anand Buddhev
Filed under: , , ,
World IPv6 Day is on 8 June 2011. On this day, a lot of organisations, including some of the most popular ones like Google, Yahoo and Facebook, are going to provide IPv6 addresses for AAAA queries for their websites. This will make content available over IPv6 for one full day. Since DNS responses are often cached, some users won't see this change immediately. In this article we look at how DNS caching affects the start of World IPv6 Day, and how World IPv6 Day participants can minimise these effects.

Almost all users access websites by using the name of the webpage. Typically, the user's web application (such as a browser) will send DNS queries to a caching DNS resolver which is provided by the user's ISP. The caching resolver will do recursive queries to find the address of the website, return the answer to the user, and also cache the answer. If another user asks for the same website's address, the resolver doesn't have to go looking for the answer; it already has it in its cache.

A resolver typically caches an answer for as long as is defined in the time-to-live (TTL) field of the answer in a DNS response. However, not all DNS responses contain an answer and so there's no TTL either. However, it is still useful to cache such a negative response, in case the cache receives queries for it soon after. So how is a resolver to determine how long it may cache the response? RFC 2308 describes the solution: all negative answers must be accompanied by a start of authority (SOA) record in the authority section of the response. The resolver should use whichever is the lower value of:
 
1. The TTL of the SOA record; or
 
2. The minTTL field of the SOA record
 
At the moment, most of the sites participating in World IPv6 Day are not providing IPv6 addresses in response to queries for AAAA records. This results in negative responses, which are cached for some time. At midnight on 8 June, when the participating sites begin to provide IPv6 addresses to queries, some users may not see these addresses, because those users' resolvers may have briefly cached negative responses. For those users, World IPv6 Day will start a little later than midnight. We were curious to see how big the effect might be, so we looked at the SOA records of the participating sites.
 
Measurements in early 2010 we did showed that roughly 10% of users to www.ripe.net ask for AAAA-records, while at the time only 1% of these users had actual IPv6 connectivity to www.ripe.net. This indicates that the negative caching will occur, especially for heavily used caching resolvers.

DNS negative caching for World IPv6 Day participantsFigure 1: DNS negative caching for websites participating in World IPv6 Day

Figure 1 shows the values for negative caching of DNS resource records for websites listed in ISOC's list of World IPv6 Day participants, on 30 May 2011. The negative caching values we found include 60 seconds at the low end. Other frequently recurring values are 5 minutes, 1 hour, 2 hours, 1 day and 2 days even! If in the upcoming week these values don't change, a substantial fraction of websites could still be seen as single-stacked up to an hour after they publish both A and AAAA records. Some websites may not be visible to some users for a full day or more! However, we expect a lot of the participants to lower either the minTTL value in the SOA, or the TTL on the SOA itself in the coming days, so the effect of negative caching remains minimal.

Note that BIND has an option called max-ncache-ttl, which defaults to 3 hours. This prevents most standard BIND resolver installations from caching negative responses for more than 3 hours. This helps to work-around the large negative caching TTL values that some zones publish.

Conclusion

In this article we look into how DNS negative caching affects the start of World IPv6 Day, which is something World IPv6 Day participants should be aware of. We show that with the current settings, some World IPv6 Day participant can expect caching to happen for multiple hours. We hope that people that currently have long negative caching periods had planned to change DNS settings in the coming days, if not, it's not too late!

 

4 Comments

Frank
Frank says:
May 31, 2011 03:58 PM
To a certain extent, negative caches will control the "ramp up" and TTL will control the ramp down for that day. This may be desirable by the content operators.
emileaben
emileaben says:
May 31, 2011 04:37 PM
Absolutely, but 1 day or more may push that limit a bit. :)
Also for people measuring and/or debugging things on World IPv6 Day this ambiguity-period doesn't help, so for these people (including me) making it as short as possible would be desirable.
Chris Thompson
Chris Thompson says:
May 31, 2011 06:28 PM
BIND imposes a configurable upper limit on the negative TTL
(max-ncache-ttl in options), with a default of 3 hours.
Probably most people won;t have changed that.
emileaben
emileaben says:
Jun 01, 2011 07:28 AM
Yes, we tried to make that clear in the article, hope the yellow box wasn't confusing. ;)
The BIND cache default still makes for up to 3 hours of ambiguity of whether a host received or didn't receive a AAAA, for hosts that have SOA TTL or minTTL in SOA of > 3h.
Add comment

You can add a comment by filling out the form below. Only plain text is possible. Web and email addresses will be transformed into clickable links. Comments are moderated so they won't appear immediately.

Navigation
Related Items
Increased Reach of RIPE Atlas Anchors

Increasing the reach of RIPE Atlas anchors is one of the highest priority goals of RIPE Atlas Team. ...

Proposing Making RIPE Atlas Data More Public

RIPE Atlas is now three years old, and is moving from a prototype to production service. Based on ...

Modifications to the IP Analyser to Reflect New Policy

We are in the process of implementing the policy regarding Post Depletion Adjustment of Procedures ...

Report on IPv6 Security Test Methodology

The Dutch Institute for Applied Scientific Research (TNO) and a number of Dutch security companies ...

RIPE Atlas: Improved Probe Pages

We've made it much easier to get an overview of the history and measurements for all the public ...

more ...