That’s why you ban IPv6 subnets rather than individual addresses. IPv6 has a standardised subnet size, so banning that whole range would be equivalent to banning an individual IPv4 address that uses NAT.
3 Likes
Painful in data centers that assign each server 1 IP in a shared /64 (at least by default), though.
That is horrifying…
Though imo, I think vendors deviating from the /64 standard will have to find their own way around getting their subnets blacklisted.
I know DigitalOcean assigns very small IPv6 subnets, and they block email over IPv6 for this reason.
1 Like
It’s easy to understand why that would be the default, but if they charge for a /64 of your own I’d find another host.
From the start that has been widely considered a terrible idea, but this did not stop some providers from doing it.
However, every DNSBL I know of that supports IPv6 listings does list on /64 or larger, and lots of other IP reputation services go by at least the /64 as well, so again it is already pretty well established that if you share a /64 you share IP reputation.
Of the providers that don’t by default give at least a /64, the only one I have personally experienced is Linode. You basically cannot reliably send IPv6 email from Linode without asking for your own /64, because some other customer will have polluted the shared /64. Linode do assign you a /64 of your own for free if you ask though.
1 Like
This seems to no longer be the case. I just checked on Ubuntu 25.04 and it now uses {1,2,3,4}.ntp.ubuntu.com, all of which return 1 A and 1 AAAA record.
Seems that Canonical has seen the light and realized that (at least for Ubuntu+Chrony) there is no significant disadvantage with enabling IPv6 (and for that matter, NTS too) across the board.
I myself have used ntppool1.time.nl & ntppool2.time.nl for a while now, which also supports IPv6. I’ve not noticed any issues, even with roaming between iPv4-only and IPv4+IPv6 networks on my laptop.
3 Likes
Oh that’s cool; IPv6 and NTS - sweet.
Thanks.
I found the (or an) official announcement about it here:
1 Like
That’s great. I couldn’t stop myself in making a quick inventory of some other Linux distro’s:
- Debian: systemd-timesyncd with {0,1,2,3}.debian.pool.ntp.org (so technically some IPv6, but no NTS)
- Fedora: Chrony with 2.fedora.pool.ntp.org (so IPv6, no NTS)
- Arch Linux: Chrony with {2,0,1,3}.arch.pool.ntp.org (so IPv6, no NTS)
And I was too lazy to find look at more distro’s. Looks like NTS is definitely not common yet, though IPv6 will work on most, if not all distro’s.
1 Like
I also could not help myself and had another look at the screenshot @alica made, back in 2017 and compared it with the current situation.
I put them both here for comparison. 
Then:
Now:
1 Like
Cloudflare also have nice data on the topic.
The way I understand it, a main difference between Google’s and Cloudflare’s respective data sets is that the former assesses adoption in the sense of availability of IPv6, while the latter assesses actual usage, i.e., respective percentage of (HTTP/HTTPS) data volume transferred.
As previously mentioned in this thread already, IPv6 traffic in India surpassed IPv4 traffic some time ago already, while several other countries are now approaching the 50% mark, or have surpassed it as well when not counting “bot traffic”.
1 Like