800px-ams-ixkroot-serversnetI found this bug a while ago when i noticed when i resolved using my IPv6 only recursor i didnt always get a result.

A few days ago i was tipped by Lannerd who showed me the following document explaining it:


Read the document and you will understand why there are problems if you have an IPv6 only recursor.

Okay, the following document is mainly meant for providers that have to deal with authoritive nameservers. It pretends recursors (caching nameservers) never existed. Don’t be alarmed too much; if you have a recursor that serves your customers using IPv6 but in turn can resolve records over IPv4, you should be fine. If your recursor machine has no IPv4, you _are_ screwed.

As you might know, only 7 out of 13 root-servers have an IPv6 address. So when you can only reach those 7 theres a chance you get the wrong one by the nature of DNS.

[email protected]:/$ dig +trace -6 -t ns fix6.net @internal.resolver

; < <>> DiG 9.5.1-P2 < <>> +trace -6 -t ns fix6.net @internal.resolver
;; global options: printcmd
. 93047 IN NS e.root-servers.net.
. 93047 IN NS h.root-servers.net.
. 93047 IN NS b.root-servers.net.
. 93047 IN NS m.root-servers.net.
. 93047 IN NS k.root-servers.net.
. 93047 IN NS l.root-servers.net.
. 93047 IN NS f.root-servers.net.
. 93047 IN NS j.root-servers.net.
. 93047 IN NS c.root-servers.net.
. 93047 IN NS g.root-servers.net.
. 93047 IN NS i.root-servers.net.
. 93047 IN NS d.root-servers.net.
. 93047 IN NS a.root-servers.net.
;; Received 500 bytes from #53(internal.resolver) in 3 ms

net. 172800 IN NS a.gtld-servers.net.
net. 172800 IN NS b.gtld-servers.net.
net. 172800 IN NS c.gtld-servers.net.
net. 172800 IN NS d.gtld-servers.net.
net. 172800 IN NS e.gtld-servers.net.
net. 172800 IN NS f.gtld-servers.net.
net. 172800 IN NS g.gtld-servers.net.
net. 172800 IN NS h.gtld-servers.net.
net. 172800 IN NS i.gtld-servers.net.
net. 172800 IN NS j.gtld-servers.net.
net. 172800 IN NS k.gtld-servers.net.
net. 172800 IN NS l.gtld-servers.net.
net. 172800 IN NS m.gtld-servers.net.
;; Received 511 bytes from 2001:7fd::1#53(k.root-servers.net) in 20 ms

fix6.net. 172800 IN NS ns1.tiscomhosting.nl.
fix6.net. 172800 IN NS ns2.tiscomhosting.nl.
fix6.net. 172800 IN NS ns3.tiscomhosting.nl.
;; Received 96 bytes from 2001:503:a83e::2:30#53(a.gtld-servers.net) in 283 ms

This result took me 21 tries.

There are 2 solutions for this problem:
1) Have all DNS root-servers listen on IPv6 and IPv4
2) Make sure the resolvers for your customers listen on IPv6, and have IPv4 connectivity themselves.

For an overview of current root-servers check http://www.root-servers.org/