Intention to enable IPv6 by default in 2017


As I mentioned my time on the project mostly goes to basic care and feeding of the system (as an example, other than the big server migration this summer/fall, over the last years all the DNS servers got a bunch of upgrades so they use mTLS for more of the communication with the central systems and they send logs centrally. The various systems to manage logs (system logs, DNS logs and monitoring data) have gotten a bunch of upgrades. A lot of this was a prerequisite to improve the monitoring system (the current project).

The new monitoring system is really close to done. I’m still watching and adjusting things, but it already overwhelmingly seem to work better than the production system. There’s a bit more testing and work to do before I’m comfortable putting it in production (where it needs to operate reliably while unsupervised), but it’s definitely winding down.

The next thing is to add some features for managing the “vendor zones” so vendors can choose if/when they want to upgrade to “full IPv6”. I also want to change it so the zones can be configured to fit the needs (a single zone for SNTP clients; a single zone for NTP clients with “pool” functionality or the traditional ~4 zones). This will help the servers in that if a vendor only needs a single zone we can add all the servers safely to that zone instead of having them rotate every so many minutes.

There are also some related features for expediting how the vendor zones are managed to make sure I’m not a bottleneck in that process, so vendors who need IPv4 only can get that setup.

When this is done my plan is to get back to the original plan of making IPv6 the default in all country zones where it makes sense. There are some choices to be made around backfilling zones from the region versus not providing AAAA records vs giving out (too) few IPs. The same issues exist for IPv4/A records, but in many countries it’s worse for IPv6 if it’s not addressed.