This Consumer Consultation meeting was held in the evening after the scheduled events of the 2006 IPv6 Summit in Canberra, to take advantage of the presence of substantial numbers of people interested in the Internet.

It took place at The Marque Hotel in Canberra at 5.00pm on Tuesday 5 December 2006, and ISOC-AU would like to thank the organisers of the IPv6 Summit for providing the premises and publicity for the meeting.

The aim of the meeting was to find out from Australian Internet consumers their views on the current state of IPv6 and the Domain Name System; and what 'wish-list' items they thought were required before the Australian DNS would work well with IPv6. Their comments would also be incorporated into a test regime for the auDA IPv6 testbed as part of the Ipv6 for e-Business project.

Participants were advised that this consultation process is supported by funding from the Department of Communications, IT and the Arts.

IPv6 and the Australian DNS

AusRegistry is IPv6 enabled, but not all registry services can be accessed via IPv6. Work has been undertaken on the AusRegistry Network to provide full services (whois, etc), expected completion in December 2006.

The AusRegistry .au root nameservers NS1 - NS3 are currently IPv6 accessible, subject to the restrictions of connectivity between the various IPv6 islands and the knowledge of the IPV6 address. The IPV6 records are currently not advertised as further testing is required before these records are implemented at the TLD root servers.

Registrants are able to add quad A (AAAA) records. Currently only a few entries exist and all appear to be test entries. Access to services can only be obtained via a IPv6 island, end users attempting to connect to the registry must be able to connect to the same island or connectivity will not be possible.

AK discussed test parameters and issues with IPv6 clouds/islands and testing connectivity of the registry, and requested discussion on what priorities Internet consumers saw regarding DNS and IPv6.

The Chair summarised the situation regarding IPv6 and the DNS:

• the DNS is essential to the current Internet and will be even more critical in an IPv6 world
• What works today has been outlined as above
• What priorities did Internet consumers see regarding future testing and implementation?

Comments From the Floor

• Attendee: The Bureau of Meteorology would like to see IPv6 at the DNS root and working well before implementing it themselves, with specific time frames 6 month, 12 months of running successfully before they would feel confident in implementation. They would like to see registrars being able to provide IPv6 zone transfers and have confidence in the nameservers resolving names. Data transfer reliability and trust are major requirements.

• Attendee: RFC 3901, 'DNS IPv6 Transport Operational Guidelines' has three useful recommendations, as discussed in an APNIC briefing during the day.

• Attendee: Why not have an alternative DNS at the root of .au where users can opt to use a known IPv6 DNS. In this manner the user can opt in and use the alternate DNS, however if they are unsatisfied or are not getting the response times expected, they can use the regular DNS for their lookups. This is also in preparation for the release of Microsoft Vista, which is enabled for IPv6 by default.

• Attendee: Disagree - don't see this fixing the problem. If the end user only has IPv4 then the lookup returned will only be an IPv4 A record, it will not know about the IPv6 AAAA as it doesn't know how to request it. If in a dual stack environment the request goes out on IPv6, if no connectivity can be made or no AAAA is returned then the protocol will walk through the list until it gets a usable address - in this instance an IPv4 one.

• Attendee: The connection will be delayed as the nameserver walks through the list. Microsoft XP and freeBSB currently use a timeout so there is quite a lengthy delay, Vista is engineered to recognize that no IPv6 AAAA is available, and search down the list until its gets an A. This is described in RFC 3484, 'Default Address Selection for Internet Protocol version 6 (IPv6)'.

• Attendee: IPv6 is the preferred protocol if you run dual stack... if a machine can get any sort of v6 connection it will take it, no matter how bad it is. It will continue being routed until it reaches its destination, the query will not default to v4 because it's better. This will become an issue with Vista. Logs should be maintained to check the amount and if server v6 queries are received.

• Attendee: An outstanding chicken and egg issue - needs to be some mechanism for the top level root to opt in to an "alternative DNS" for transition period, and compare results with resolution which is reliable.

• Need to check for stacks (operating systems), then browsers, then the top three applications - person to person, web, email.

• General consensus is if you're offering v6 services you should ensure you have those services available. There is no point or function in having AAAA records in the DNS and having no v6 connectivity.

• Question: Are AusRegistry reverse name lookups and reverse delegation functioning?

• Response: AusRegistry nameservers 1 to 3 are IPv6 ready and tested. It is possible to connect to each of these NS in native v6 and have a query returned in native v6, however the AAAA records for these servers have not been advertised and a dig will not reveal any AAAA records.

• Attendee: There is no advantage in publishing the AAAA's at the root without first determining the effects on the resolvers, such as latency etc.

• Attendee: This is an end-application versus stacks issue. After Vista is released this will be a major issue.

• Others countered - no it is an unresolved issue for non IPv6 aware systems, as AAAA vs A records have to be asked for (see RFC 3484).

• Attendee: We need to know how the common stacks operate - eg Microsoft XP - do they time out to IPv4? Do they do IPv6 lookups on separate stacks, do they hang on an inaccurate MX record?

• Attendee: IPv6 service offering should ensure good network connectivity between islands, therefore ISP networking and collaboration is essential.

• General concern was expressed about advertised addresses mapping reliably onto available routes. Fears that 'islands' of IPv6 addresses will be advertised, when paths do not actually exist to services.

• Attendee: cross-connectivity in the islands issue needs defining (which is why he proposed 'alternate DNS' above) - those who can will use v6 and those who can't will use v4.

• Registry and registrars can accept AAAA records at the moment, but in the end their name servers will need to return them, and be able to return them via native IPv6 as well as IPv4.

• Reverse lookups need to be covered also, as the potential size of the database is vast.

Narelle Clark
Vice-President, ISOC-AU
December 2006