Just before year's end, ICANN/IANA sent out a short message saying that "on 4 February 2008, IANA will add AAAA records for the IPv6 addresses of the four root servers whose operators have requested it." The Internet Corporation for Assigned Names and Numbers (ICANN) is mostly responsible for the global Domain Name System, the Internet Assigned Numbers Authority (IANA) is the part of ICANN. That means that as of February 4, 2008, it will (theoretically) be possible for two IPv6 hosts to communicate across the IPv6 Internet without having to rely on any IPv4 infrastructure. It's been a long journey to get to this point.

Although there were some false starts (see this book chapter about IPv6 and the DNS), putting IPv6 information in the DNS has been routine for many years. For instance. Dutch ISP BIT at www.bit.nl is reachable over IPv6, and the root servers know the IPv6 addresses of the .nl servers, which in turn know the IPv6 addresses of the BIT DNS servers. So the only thing that prevents IPv6-users from reaching BIT, should anyone be careless enough to unplug the IPv4 Internet, is the fact that the root DNS servers are only listed by their IPv4 address.

When a DNS server starts up, it has to find the root servers that sit at the top of the name delegation chain. For this purpose, a DNS server keeps a local hints file, named.root, (or named.cache or named.ca, found in /var/named/ on many systems) that has the names and addresses for all the root servers. However, system administrators don't always keep this file up to date, so the first thing that a DNS server does upon startup is ask for an up-to-date list of root servers. So as long as there is still a single correct root server address in that named.root file, everything will work.

The trouble is that the original Domain Name System specification only allows for 512-byte packets in the DNS protocol. With 13 root servers, we're already well over 400 bytes. Any useful number of IPv6 addresses for root servers would push this beyond the 512-byte limit. So for a long time, the parties involved have considered the possibilities of ill effects when IPv6 addresses for the root DNS servers are added to "the dot." (A dot signifies the end of a DNS name. A dot without a name is therefore the root of the DNS hierarchy.)

The message from IANA links to a lengthy report, written by ICANN's Security and Stability Advisory and Root Server System Advisory Committees, detailing all the possible issues that could come up. The majority of modern DNS software is capable of sending and receiving packets larger than 512 bytes, so anyone running these should be fine. If a DNS server doesn't indicate this capability in its request, the root server will fit as much as it can within a 512-byte packet and mark the answer as "truncated," which is the requester's cue to retry the request over TCP rather than the usual UDP. So older DNS software shouldn't have any problems, either, so long as firewalls don't block DNS packets larger than 512 bytes or DNS requests over TCP.

If you run a resolving DNS server (that doesn't include a DNS server in a home router), this is something you may want to check with your firewall administrator/vendor before February 4. If you run really old DNS software, this might be a good time to upgrade. However, if it's well-behaved, you shouldn't have any problems as long as you don't download the new named.root file with IPv6 addresses in it that will no doubt show up on the IANA web site in the next few weeks. In the binary DNS protocol, the unknown information is of a known size and can be ignored by older software, but IPv6 addresses in a text file can only be parsed by software that is IPv6-aware.