Hi Jan, thanks for the feedback.  And also thank you Paul for relaying
Daniel Stenberg's similar feedback.

I agree this is a legitimate criticism.  In the current world of Happy
Eyeballs and where ideally most content is dual-stacked it is unclear that
there's enough value for deploying this.  The absence of the DNS "A" record
should be good enough for indicating IPv6-only, and outside of the "web"
world I'm aware already of cases in closed environments for production
services with only AAAA records.

One use-case where SVCB may help beyond Happy Eyeballs are for cases where
clients are being forced through SVCB/HTTPS RRs (with no fallback A/AAAA
records on the hostname) and where a service wants to use different
infrastructure with different capabilities for IPv6-only vs legacy
dualstack support.  The other use-case is for signalling planned
deprecation for IPv4 support -- this would likely be most interesting in
combination with HAPPY reporting capabilities.

This DNS-based approach is a counterpoint to doing it in-band (eg, in HTTP
response headers as proposed in
https://datatracker.ietf.org/doc/html/draft-martin-retry-over-ipv6-02)

I'm very much willing to accept that we just aren't ready yet
for draft-nygren-dnsop-ipv6only-indicator (and perhaps with Happy Eyeballs
we never will be and perhaps there are other better and simpler ways to
achieve the same goals). If people have compelling arguments for why we
will want this soon, that would be valuable. If not, even as a (eventually
expired) draft this can potentially serve as a "here's how you might do
this in SVCB if you wanted to signal it in the DNS" since I'm sure this
idea will resurface every few years.

Best, Erik




On Mon, Jul 6, 2026 at 11:02 PM Jan Schaumann <[email protected]>
wrote:

> Erik Nygren <[email protected]> wrote:
>
> >    As the DNS is the primary mechanism for translating from hostnames to
> >    IP addresses, it is a logical place to signal that endpoints are
> >    IPv6-only.  It is thus also a logical place to signal that legacy
> >    endpoints supporting IPv4 are being deprecated.  This specification
> >    introduces two SvcParams for SVCB-compatible RR types that signal
> >    IPv6-only endpoints (ipv6only) as well as deprecated endpoints
> >    (deprecated).
> >
> > The "ipv6only" SvcParam touches on V6OPS and HAPPY.  I see this not as
> > something we desperately need now/yet but as something we will want in a
> few
> > years and thus should standardize sooner so that the implementations are
> there
> > for when we need it.
>
> I have to admit that my experience so far with the
> adoption of SVCB and HTTPS records makes me wonder
> whether this will be a practically useful approach.
>
> Right now, browsers[1] are racing all three lookups
> (HTTPS, A, and AAAA), and any findings from HTTPS
> records are, if supported or implemented by browsers
> at all, advisory at best.
>
> From a browser (or happy eyeballs) perspective, that
> makes sense: waiting for the HTTPS result before then
> having to possibly do another two sequential lookups
> leads to a bad user experience.
>
> But that also means that the "ipv6only" param would
> not be particularly useful in practice so long as
> browsers still race the A and AAAA lookups.  I
> anticipate browsers will continue to do that for as
> long as IPv4 and IPv6 records are both widely
> used[2].
>
>
> As for the "deprecated" param, I also don't quite know
> what I am to do with it when I observe it, given that
> I "SHOULD NOT provide special treatment".
>
> I fear that the idea behind the proposal ("make it
> easier for people to migrate off IPv4 and to
> IPv6-only") is a solution in search of a problem: I'm
> not convinced the technical ability to migrate is
> hampered by the lack of a method to signal to clients
> your intention; what's missing is the intention to
> migrate.
>
>
> As an entirely naive alternative, I would expect an
> IPv6-only service to be one that has only AAAA records
> (and includes ipv6hint params, but no ipv4hint params
> in any SVCB records, which browsers may or may not
> race at the same time).
>
> Perhaps it would be useful to include in the draft a
> brief description why that is insufficient and whether
> the anticipation is that browsers will (eventually)
> _not_ race HTTPS and A/AAAA lookups but _only_ use
> HTTPS lookups (or use those as blocking prior to any
> A/AAAA lookups).
>
> Sorry, this got longer than I initially set out to.
>
> -Jan
>
> [1] And it really is browsers we have to care about
> here, since those are effectively setting much of the
> direction of the Web.
>
> [2] Which, in turn, I anticipate to remain the case
> throughout the rest of my lifetime, at least.
>
_______________________________________________
DNSOP mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to