Leading web content providers, including Google, Yahoo, Netflix and Microsoft, are conducting early stage conversations about creating a shared list of customers who can access their websites via IPv6, the long anticipated upgrade to the Internet's main communications protocol.
The DNS Whitelist for IPv6 would be a list of IP addresses that have functioning IPv6 connectivity. Content providers would use this shared DNS Whitelist to serve up content to these IP addresses via IPv6 rather than through IPv4, which is the current version of the Internet Protocol. Website visitors not listed on the DNS Whitelist for IPv6 would receive IPv4-based content.
The shared DNS Whitelist for IPv6 is a controversial proposal, with content providers saying it is the only viable option for offering IPv6 services today, and ISPs worrying that maintaining the whitelist will be an administrative burden in the future. The idea of creating a shared DNS Whitelist for IPv6 was discussed at the Internet Engineering Task Force (IETF) meeting held here this week. The IETF is the standards body responsible for IPv6 and IPv4.
The Internet infrastructure is migrating to IPv6 because it is running out of IPv4 addresses. IPv4 uses 32-bit addresses and can support 4.3 billion devices connected directly to the Internet. IPv6, on the other hand, uses 128-bit addresses and supports a virtually unlimited number of devices.
Experts predict that the remaining IPv4 addresses will be distributed by 2012. In January, the Regional Internet Registries announced that fewer than 10% of IPv4 addresses remain unallocated. When IPv4 addresses run out, carriers and enterprises must support IPv6 in order to add new customers and devices to their networks. Otherwise, network operators will need complex and expensive layers of network address translation (NAT) to share scarce IPv4 addresses among multiple users and devices.
IPv6 requires changes to the Internet's Domain Name System, which matches IP addresses and their corresponding domain names. The DNS uses single A records for IPv4-based queries, but it uses quad-A records for IPv6 queries. The DNS Whitelist for IPv6 would be used by content providers to pass quad-A records upstream to ISPs only if the user's DNS resolver is in the whitelist.
Content providers say they need a DNS Whitelist for IPv6 because the Internet has so many broken IPv6 links due to problematic default behaviour and incompatibilities in operating systems, home gateways and customer premises equipment. Without a whitelist to help sort out which customers can and cannot receive IPv6 content, web developers say they will inadvertently block too many customers from accessing their content. For example, Google has its own DNS Whitelist for its IPv6 services, which include YouTube, Search, Docs, Gmail, News and Maps. Google has said that the DNS Whitelist for IPV6 was the easiest way it could provide IPv6 services without blocking customers with broken IPv6 links.
David Temkin, network engineering manager with Netflix, says he is interested in using a similar approach to Google's DNS Whitelist for IPv6. "We're looking into the same service that Google has, where we will try to track what connectivity the user has," Temkin says. "We're in discussions with Google, Yahoo, Netflix and Microsoft to see whether it makes sense to have a shared, open source DNS whitelist service." Temkin says a shared DNS Whitelist for IPv6 would help customers have a better experience with both its IPv6 and IPv4 services.
"There's a pretty key reason for whitelisting," Temkin explains. "It's really, really easy for anyone using, for example, Hurricane Electric's tunneling to find that the IPv6 network becomes an island and that it is broken because they didn't update a tunnel... You end up with the customer having a bad experience. They never see the content or they only see the content after a 30-second wait."
Temkin says the lack of a common DNS Whitelist for IPv6 is one reason that Netflix is providing IPv6 service via a separate website, www.ipv6.netflix.com, rather than directly through www.netflix.com. "Whitelists are a temporary measure," Temkin acknowledges. "There are scalability issues. There are management issues. That's why we've been having discussions of how we could standardise on a whitelist"
Temkin says it's conceivable for content providers to create a shared DNS Whitelist for IPv6 in the next few months. Both content providers and carriers say the shared DNS Whitelisting Service for IPv6 would not create privacy issues because the information contained in it would not be the names or machine identifiers of individual Internet users.
"A DNS whitelist would help us in the transition over to IPv6 because we have to know the customer has IPv6," Temkin adds. ISPs, however, say having a DNS Whitelist for IPv6 will be time consuming for them to maintain. They say such a list would be hard to scale because it would require them to contact every content provider to exchange information about whether they can forward quad-A DNS records.
Jason Livingood, executive director of Internet systems engineering at Comcast, says dealing with DNS whitelists is an administrative burden. "We've noticed that there's a bit of whitelisting going on for DNS servers, and that poses some scale difficulties," Livingood says. "A number of large content providers do whitelisting... It's not entirely clear what the criteria are. Hopefully, at some point that goes away as a practice."
Livingood says the burden is on ISPs to maintain a DNS Whitelist for IPv6. "I prefer not to have a DNS whitelisting service," Livingood says. "It will be a difficult process for the ISPs to manage. When we get the quad-A records back, we would have to choose to pass the quad-A records on to the content providers. Then we have to go to all the content sites and request to be on their whitelists."
Livingood says he was comfortable with the idea of a shared DNS Whitelist for IPv6 as long as it is a temporary measure in the transition from IPv4 to IPv6. "The DNS whitelist could work for a little while as an interim step," Livingood concedes, but he doesn't want to see it remain in the Internet infrastructure forever.
IPv6 experts view the DNS Whitelist for IPv6 as a temporary measure that will be required during the transition from IPv4 to IPv6. "The DNS Whitelist is a workaround. It's an operational issue that's no different than we've run into with IPv4," says Yanick Pouffary, an IPv6 forum Fellow, technology director for the North American IPv6 Task Force and an HP distinguished technologist. "I don't see this as a major issue, just a natural transition issue."