Deprecation of ip6.int reverse DNS service FAQs
Contents
What exactly does "deprecation of ip6.int reverse DNS service" mean, and why was it done?
At 00:00 UTC, Thursday 1 June, 2006, all sub-domains under 1.0.0.2.ip6.int were withdrawn. This reflects a decision taken by the IAB in August 2005 to cease use of ip6.int for reverse DNS registration, and an agreement between the IETF and the RIR community to remove these entries on 1 June, 2006.
The decision to withdraw ip6.int is documented in RFC3152, which specifies that reverse DNS domains in IPv6 should be registered under ip6.arpa.
Top
How does this affect me?
If your computer performs reverse address look-up, then it is vital that it is configured to use ip6.arpa, and not ip6.int. All modern operating systems which support IPv6 now use ip6.arpa, so you should have no difficulty upgrading to a version which supports this domain for reverse DNS resolution.
If any of your systems perform reverse address look-up using ip6.int, then when you receive IPv6 traffic, or need to do reverse DNS look-up on IPv6 for any other reason, your look-up will fail.
There was a brief disruption of some ip6.arpa services in Japan, due to a error which occurred at the time of the ip6.int withdrawal. This error has been rectified.
Top
How will a failed reverse DNS look-up affect me?
When reverse DNS look-ups fail, there are typically two consequences:
Everything runs slower at connect time: it usually takes up to 30 seconds for the failing request to be logged as having 'timed out' - during this time, your connections are not being processed.
For example, if you run a web server that attempts to perform a reverse address look-up on every IPv6 request, there will be a 30 second delay for any IPv6 request before the server can continue. This may be a problem for you, or it may be a problem for clients accessing your web server. Because reverse DNS fails, your services may refuse to continue.
Some higher security services regard reverse DNS failure as an indication of a security or other problem, and will not continue. This may apply to any services, including web, mail, or remote access.
It is possible that because the ip6.int listings have been withdrawn 'high' in the DNS tree, you will not see these problems. You may, in some circumstances, see faster connection, because there will be no apparent ip6.int delegation to check. Or, you may see rapid refusal to connect (for the same reason). You should therefore not assume that a 30 second delay is the only possible consequence.
Top
I am delegated under ip6.arpa - how can this change affect to me?
Unfortunately, even if you are correctly delegated under ip6.arpa you can still be affected by this problem if servers you connect to continue to look up addresses under ip6.int.
Top
What can I do about problems with services I use?
You should contact the operators of these services and advise them to investigate the problem and, if necessary, upgrade their service to use ip6.arpa for reverse DNS resolution.
Top
Can APNIC re-delegate under ip6.int?
Unfortunately this is not possible. The decision to make this change was taken globally, and APNIC is bound by that decision.
Top
I run services which use ip6.int and I don't see a problem. Why?
If you host your own ip6.int server, it is possible that you will not see any problems after the global ip6.int services are withdrawn by APNIC and the other RIRs. In such cases, it would be possible for you to continue listing ip6.int delegations and for all internal services to find the DNS server, and satisfy these look-ups. However, it is likely that you will begin to have other problems, including difficulty with external access, offsite access, and with progressive upgrades to your services which change to ip6.arpa. If you depend on reverse DNS resolution, you need to maintain your ip6.arpa delegation.
Top | APNIC FAQs
|
