IPv6 for Gandi (coming soon!)
By Leland Vandervort on Friday 19 June 2009, 16:37 - Gandi - Permalink
As a result of this and requests from our customers coupled with the ominous depletion of IPv4 address space, I am pleased to announce that we will be offering IPv6 connectivity for our customers. Given that IPv6 is the future of the Internet, it is perfectly logical that it is something of particular interest to us.
This is, of course, not an overnight affair, and will take some time to be able to fully offer the service for all customers, and at the moment we expect to pass through several stages of testing before general deployment. In any case, we hope to have IPv6 fully available for our customers before the end of the year.
What is the current deployment status?
We have already deployed IPv6 across the core of our network, and a few hosting servers that our technical teams are using for alpha testing. In general, so far, the tests are working quite well, but there is still a lot of work to do.
The next stage, will be a beta testing stage involving a small number of our hosting customers. We will nevertheless want to keep the number limited, and we will expect those customers participating in the beta test to assist us by providing feedback on the service in terms of performance, security, connectivity, and also any suggestions that you may have. We expect this beta phase to be implemented before the end of September 2009.
Finally, we hope to have full general deployment and availability of IPv6 for all our hosting customers, as well as DNS services by the end of the year. Other Gandi services (blogs, mail, and our own web presence) are likely to follow suit in early 2010.
I would like to participate in the beta test! How do I sign up?
When we are ready to propose the beta test, we will open a link on our website to allow those hosting customers interested in participating in the beta test to apply. Numbers will be limited though, as this is only a beta test stage, and we will be working closely with the customers participating in this trial throughout the testing phase so as to provide the best possible service to all of our customers. Therefore, we obviously cannot accommodate everyone at this stage! We will provide further updates through our blog and our website as we progress.
What about glue records for IPv6?
Our DNS system already supports IPv6 AAAA glue records for DNS servers, and you can create these via the management interface for your domain just as you would for an IPv4 glue record. The only limitation at this time is that it currently must be a unique glue record. In other words, you cannot create a glue record for a DNS server whose name already exists and has an IPv4 glue record associated with it. This also assumes that the IPv6 DNS server is external to Gandi, and that the DNS zone is managed on your own server and not through our system (in other words, the domain is registered with us, but using your own DNS servers). This limitation will be removed in due course, however.
What does this mean for those who don't use IPv6?
There will be no change for existing users at all. The deployment of IPv6 capability is supplemental and transparent to the existing services, so you will not be impacted at all. You will, of course, have the ability to include IPv6 capability at any time you wish after the general deployment later in the year.
What exactly is IPv6 and why is it important?
IPv6, or "Internet Protocol, version 6" is the next-generation internet protocol to replace the current IP version 4. Most of the internet today uses IPv4 which was created over twenty years ago. Unfortunately, with the growth of the internet, the 32-bit addressing handled by IPv4 has inherent limitations to the number of unique IP addresses available, and there is now a shortage of availabiity meaning that it is becoming more and more difficult to obtain new allocations to meet the needs of further expansion.
IPv6, with it's 128-bit addressing, resolves this problem while at the same time adding significant improvements to network infrastructures in terms of routing and network autoconfiguration. It is expected that IPv6 will ultimately replace IPv4 entirely, with a period of coexistance during the transition period which will last several years.
Out of curiosity, what does an IPv6 address look like?
It is a 128-bit hexadecimal address with octet-pairs separated by a colon (":") and often includes a prefix-length identifier to represent the equivalent of a netmask. An example of such an address is: 2001:4b98:1:3e:17:3ca:8:44/120. There can be short-cuts in the address if there are octet-pairs which are all zero. Example: 2001:4b98:1::fa:121/48.
It's an acquired taste, but believe me, it's actually quite logical once you get used to it! 
Comments
"What about glue records for IPv6?"
In reality it doesn't seem to work. I've been able to "create a glue record" on the dedicated page, but I can't add the record to the list of name servers on the "Modification of DNS" page.
Also, the root servers don't know of the ipv6 glue record I created.
Anything I'm doing wrong?
@Colin: Thanks for hilighting this. This is a known problem and our technical team is working to correct it. The glue record is indeed registered at the registry for the gTLD, but you are correct in that it does not appear to be installed on the root name servers correctly. This is because as you point out you are unable to add the server to the list of authorative name servers via the modification of DNS page.
There is, however, a temporary (but crude) work-around, but it assumes that you actually manage the zone itself on your own servers.
If you create an additional NS record with the IPv6 nameserver, any queries to the zone via the root servers will be found by recursion initially over IPv4. Once the authoritative record is found, it will see the ipv6 NS entry which can then be queried by the resolver using this recursion.
It's crude, and not 100% native IPv6 at the moment (as there is an IPv4 recursion in the middle) but it works (provided you're in a dual-stack or proxied environment).
Hope that helps.
Leland
Hi Leland,
Thanks for your explanations. The workaround you describe is what I use for the moment. Not perfect, but there's only the last step missing
Glad it helped. In the meantime, if you (or anyone else, for that matter) come up with observations or issues along these lines, then please don't hesitate to post them! I keep a deployment issues register anyway which serves as a checklist of things to resolve in order to arrive a general deployment.
@Leland: Thanks for having me redirected here.
I have the same issue as the one Colin describes in the first post but I can't get further even after having added the two IPv6 NSes in my dual stack master zone about two hours ago (TTL of my zone = 1h).
Did I miss something?
@apn: if it's the domain I think it is, I can see all of you NS records, including the IPv6 records through recursion. It's showing in a zone check as a "stealth ns record" and flags a warning that because it's not listed in the root servers directly that you need to ensure that the servers are actually working or "you may have problems". This is "normal" at this stage because of the technical limitation for inserting the v6 nameservers into the roots (as mentioned above).
Having said that, I can browse your site in ipv6 with no problems, so it is resolving fine using recursion.
Leland
Yay! I look forward to trying IPv6 with my Gandi server.
Hey Leland,
If you can't insert IPv6 glue records at the root servers what's the point for us ?
My server (+webserver) is dual-stack since years. Even my primary zone (ns0.pnzone.net) has an AAAA entry since years. Now I added ns0v6 and ns1v6 (AAAA only) after your announce but it's useless...
What I expect from Gandi is that it can insert IPv6 glue at the TLD (.net) so that the TLD NS entries match my master zone NS entries:
http://www.intodns.com/pnzone.net
Do you already have a date when you think IPv6 glue at the TLD will be possible?
Many people, following Leland's post, talk incorrectly about the root name servers when they actually mean the TLD name servers (.NET, .COM, etc). That's an important difference. Gandi does not manage any TLD and cannot put anything in the root name servers.
Stephane B is correct.. we don't insert directly into any root nameservers. Our systems insert the glue records into the TLD name servers using the registry's APIs. The problem is that for IPv6, our systems don't do this [yet].
Thanks Stephane for the clarification.
Inserting (glue) records directly into the root servers or through an API by Gandi is _exactly_ the same for me as an user. I won't see the difference.
Does the API(s) provided by TLD(s) do already support IPv6? If yes, then when do you expect your systems to be ready?
Hi,
An news on IPv6 deployment ? Of course with the summer holidays it's understandable it might get delayed a bit.
@Christophe Devine: It's progressing, and we should be in a position to propose the beta test (limited numbers, as already mentioned) sometime in mid September.
Very cool, thanks for the update
By the way, in addition to IPv6 on the routers could you also update the kernel ? It seems the filter modules are missing:
# ip6tables -v -L -n
FATAL: Module ip6_tables not found.
ip6tables v1.4.2: can't initialize ip6tables table `filter': iptables who? (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.
@Christophe: You won't be able to use ipv6 just yet as we've not opened the beta. Although the kernel currently has IPv6 support, the ip6_tables will not work with the current kernel version (contrack not implemented in the current kernel version). We will be making an updated kernel available to those participating in the beta.
@ALL:
For information, the part of our system to register IPv6 glue records with the ccTLD/gTLD registry's primary servers has been corrected. You can now create an IPv6 glue record, associate it with the domain, and it will be properly installed.
HOWEVER, for the time being, the IPv6 glue record still must be a unique hostname. Therefore you cannot [yet] have an IPv4 AND and IPv6 address associated with the same hostname in the glue record. This functionality will be corrected in due course.
@Leland
Really? I still get this when I try to add an IPv6 nameserver for my .be domain:-
Errors:
* The field 'DNS 4' seems invalid
* The field 'IP address of DNS4' seems invalid
Adding an IPv6 Nameserver worked for me (.net), but there were some troubles getting there.
In the pre-payment configuration one cannot use an IPv6 nameserver (so I almost didn't get the domain!), however, once purchased it works, unless you click the "Indicate the IP addresses manually" link in Step 2, then it breaks again.
I was able to add ipv6 glue for my domain chaz6.com, but I still cannot add glue for my .be domain. I have raised this with support and they are currently looking into it.
@Chris Hills
Thanks for pointing this out. This was due to some differences in some of the registry APIs. This has now been corrected and it should be available on the next update to our front-end website system (within the next 7 days).
Leland
@ALL: As an update to this, for the most part this issue should be resolved. There are, however, some TLDs where the registry itself does not yet support IPv6 glue records, and as such you will receive an error message coming from the registry if you attempt to create one. (.NAME springs to mind, for example).
Sounds good Gandi!
When will a.dns.gandi.net, b.dns.gandi.net, c.dns.gandi.net get their own AAAA records, and will they be reachable over IPv6?
@Martijn : That bit is programmed for the general IPv6 deployment which (for the moment) is scheduled for Q1 2010. Yes, they will be reachable over IPv6 when that happens. Need to finish rolling out the public beta for the hosting first
Any updates? Where can one sign up for the public beta?