About RIPE NCC | Contact | Search | Sitemap

News & Announcements

	2007 News Archive
	2006 News Archive
	2005 News Archive
	2004 News Archive
	2003 News Archive
	2002 News Archive
	2001 News Archive
	2000 News Archive

IPv6 Service at k.root-servers.net and IPv6 Glue for Root Name Servers

Daniel Karrenberg, 19 February 2008

Introduction

On 4 February 2008 the IANA added IPv6 glue to the DNS root zone.

This is a first quick look at measurement data for K-root, k.root-servers.net. It is based on data taken with the DNS Statistics Collector (DSC) tool, which we highly recommend.

K-root Service Provision

K-root serves on IPv6 from two of its global instances:

AMS-IX (Amsterdam)
NAP of the Americas (Miami)

IPv6 Carried Queries

The bulk of the IPv6 queries are served by the AMS-IX instance. We expect though, that as the number of IPv6 peerings at the NAP of the Americas grows, that ratio will change.

The graph below shows the absolute number of queries received by both instances over time:

Absolute number of queries via IPv6 transport for all instances of K-root

Graph: Absolute number of queries via IPv6

The publication of the IPv6 glue in the root zone is reflected by the steep increase in the number of queries. Queries received before that time most likely resulted from monitoring efforts such as DNSMON, since they exhibit no diurnal pattern. Please note that this graphs starts at 1 February because prior to that our DSC set-up was not collecting this data.

The following graph shows the relative number of IPv6 carried queries across all instances of K-root:

Percentage of queries via IPv6 transport for all instances of K-root

Graph: Percentage of queries via IPv6

For comparison here is the absolute number of Internet Control Message Protocol (ICMP) messages across all instances:

Absolute number ICMP packets received for all instances of K-root

Graph: Absolute number ICMP packets received

This is similar to the number of queries arriving over IPv6. So currently we receive as many queries over IPv6 as we receive pings and ICMP errors.

Service Quality

This DNS Monitoring (DNSMON) graph shows round-trip times from some 30 probes to the IPv6 service address of K:

Average round trip delays to K for IPv6 transported queries from 30 DNSMON probe locations

The increase in load over IPv6 has caused no change in service quality.

When you interpret the IPv6 DNSMON data, please note that DNSMON does not measure the servers themselves, but the quality of the IPv6 service at the probe locations. This includes the networks between our probes and the target servers.Please also note that there are currently fewer IPv6 probes than IPv4 probes.

Other Consequences of the Introduction of IPv6 Glue

Potential Additional Queries for Missing Glue

Clients that are not speaking EDNS will not receive a full set of glue resource records (RRs) in response to the DNS priming query. This may cause them to query for the missing glue, and there were concerns that deficient DNS implementations would cause excessive load on root servers. For more details, see: http://www.icann.org/committees/security/sac018.pdf

This graph indicates that roughly 40% of all queries currently arriving at k.root-servers.net do not have EDNS extensions:

Percentage of EDNS versions for all instances of K-root

Graph: Percentage of EDNS versions for all instances of K-root

k.root-servers.net is configured to include all A (IPv4) glue RRs and two AAAA (IPv6) glue RRs in responses to non-EDNS speakers at this time. So one would expect an increase of queries for AAAA glue. However, the number of AAAA queries to k.root-servers.net shows no significant change after 4 February, meaning that this potential problem has not materialised:

Absolute number of AAAA queries to all instances of K-root

Graph: Absolute number of AAAA queries to all instances of K-root

Changes in Load Distribution Among Service Addresses due to Omitted Glue

Some root name servers are now configured in a way that does not include glue for k.root-servers.net in responses to non-EDNS speakers. Some DNS implementations might not use root name servers for which they have not received glue in the original response to the priming query. When looking at the total number of queries received at K-root we can see a slight drop in both peak and average load after 4 February:

Absolute number of queries to all instances of K-root per query type

Graph: number of queries to all instances of K-root

The change is certainly not big enough to have any operational impact. Indeed, it is not clear whether it is a significant change at all, in the sense that other factors may contribute to it. The only certain way to find out would be to change the configuration of those servers omitting glue for K-root and observe the subsequent load on K-root.

Changes in the Number of Queries Using TCP

A few experts were also concerned that the omission of some glue from responses to priming queries would cause defective DNS software to retry the query using TCP. The following graph shows clearly that this has not been the case, and that the number of TCP connections to all instances of k.root-servers.net did not increase.

Absolute number of TCP connections to all instances of K

Graph: Absolute number of TCP connections to all instances of K

Please note that this graphs starts at 1 February because prior to that our DSC set-up was not collecting this data.

Summary

k.root-servers.net receives significantly more queries over IPv6 now that its IPv6 address has been published in the DNS root zone. Currently about 0.8% of all queries arrive over IPv6. The inclusion of IPv6 addresses for six root name servers into the DNS root zone went smoothly and as expected, and there are no operational problems or concerns.


	About RIPE NCC \| Service Announcements \| Site Map \| LIR Portal \| About RIPE \| Contact \| © RIPE NCC. All rights reserved.