Hi Erik, 

This is an interesting proposal, however you know my reticence to use DNS, 
because of its nature, it is hard to control propagation. 

I read also the reported comments from the cURL maintainers. 

Like you, I really think we are way too early, and that people are more focused 
on deploying IPv6 than retiring IPv4. I think the group of people that have 
attempted IPv4 depreciation is very, very small. It feels normal to me to see 
so much push back at the moment, the focus is not there. 

I know a few depreciation projects, that hit some serious roadblocks because of 
the discovery of some financial system that is maintained under the desk of two 
people (not actual events, but dramatization). 

I won't be at IETF Vienna, I'm not sponsored, but I think it would have been 
good to elevate the discussion and gather experience from folks that have 
deprecated IPv4 and to think at what kind of format/systems would have made 
their life easier. It could even be a good BOF (or just a discussion group 
within v6ops). I may attend next IETF in San Francisco, so may be we should aim 
for this? I think I could rewrite the intro of draft-martin-retry-over-ipv6 in 
to a project statement, that would be summarized like this: it is going to 
happen, we like it or not, how can we help not totally break the Internet, or 
quickly recover when we discover a dragon lurks in a corner? 

Side Note: during the 6th of the month experiment, someone reported to me in 
private, that they discovered a service did not support IPv6, because it 
reported the 566 error. That was super easy to diagnose. 
Side Note: as I see the Happy Eyeballs folks are here: it seems safari iOS does 
not prefer IPv6. I have 2 sites on the same server, with same IPs, one was 
accessed over IPv6, the other over IPv4. I found it because of the 566 returned 
Side Note: Apple privacy proxy (iCloud Private Relay) will reach over IPv6 any 
site, even if your device is IPv4-only. 

Franck 


From: "Erik Nygren" <[email protected]> 
To: "Erik Nygren" <[email protected]>, "dnsop WG" <[email protected]>, 
"[email protected] list" <[email protected]>, [email protected] 
Sent: Tuesday, July 7, 2026 9:14:08 AM 
Subject: [v6ops] Re: [DNSOP] Indicating ipv6only and deprecation via SVCB: 
draft-nygren-dnsop-ipv6only-indicator-00.txt 

Hi Jan, thanks for the feedback. And also thank you Paul for relaying Daniel 
Stenberg's similar feedback. 

I agree this is a legitimate criticism. In the current world of Happy Eyeballs 
and where ideally most content is dual-stacked it is unclear that there's 
enough value for deploying this. The absence of the DNS "A" record should be 
good enough for indicating IPv6-only, and outside of the "web" world I'm aware 
already of cases in closed environments for production services with only AAAA 
records. 

One use-case where SVCB may help beyond Happy Eyeballs are for cases where 
clients are being forced through SVCB/HTTPS RRs (with no fallback A/AAAA 
records on the hostname) and where a service wants to use different 
infrastructure with different capabilities for IPv6-only vs legacy dualstack 
support. The other use-case is for signalling planned deprecation for IPv4 
support -- this would likely be most interesting in combination with HAPPY 
reporting capabilities. 

This DNS-based approach is a counterpoint to doing it in-band (eg, in HTTP 
response headers as proposed in [ 
https://datatracker.ietf.org/doc/html/draft-martin-retry-over-ipv6-02 | 
https://datatracker.ietf.org/doc/html/draft-martin-retry-over-ipv6-02 ] ) 

I'm very much willing to accept that we just aren't ready yet for 
draft-nygren-dnsop-ipv6only-indicator (and perhaps with Happy Eyeballs we never 
will be and perhaps there are other better and simpler ways to achieve the same 
goals). If people have compelling arguments for why we will want this soon, 
that would be valuable. If not, even as a (eventually expired) draft this can 
potentially serve as a "here's how you might do this in SVCB if you wanted to 
signal it in the DNS" since I'm sure this idea will resurface every few years. 

Best, Erik 




On Mon, Jul 6, 2026 at 11:02 PM Jan Schaumann < [ 
mailto:[email protected] | [email protected] ] > wrote: 


Erik Nygren < [ mailto:erik%[email protected] | [email protected] ] > wrote: 

> As the DNS is the primary mechanism for translating from hostnames to 
> IP addresses, it is a logical place to signal that endpoints are 
> IPv6-only. It is thus also a logical place to signal that legacy 
> endpoints supporting IPv4 are being deprecated. This specification 
> introduces two SvcParams for SVCB-compatible RR types that signal 
> IPv6-only endpoints (ipv6only) as well as deprecated endpoints 
> (deprecated). 
> 
> The "ipv6only" SvcParam touches on V6OPS and HAPPY. I see this not as 
> something we desperately need now/yet but as something we will want in a few 
> years and thus should standardize sooner so that the implementations are 
> there 
> for when we need it. 

I have to admit that my experience so far with the 
adoption of SVCB and HTTPS records makes me wonder 
whether this will be a practically useful approach. 

Right now, browsers[1] are racing all three lookups 
(HTTPS, A, and AAAA), and any findings from HTTPS 
records are, if supported or implemented by browsers 
at all, advisory at best. 

>From a browser (or happy eyeballs) perspective, that 
makes sense: waiting for the HTTPS result before then 
having to possibly do another two sequential lookups 
leads to a bad user experience. 

But that also means that the "ipv6only" param would 
not be particularly useful in practice so long as 
browsers still race the A and AAAA lookups. I 
anticipate browsers will continue to do that for as 
long as IPv4 and IPv6 records are both widely 
used[2]. 


As for the "deprecated" param, I also don't quite know 
what I am to do with it when I observe it, given that 
I "SHOULD NOT provide special treatment". 

I fear that the idea behind the proposal ("make it 
easier for people to migrate off IPv4 and to 
IPv6-only") is a solution in search of a problem: I'm 
not convinced the technical ability to migrate is 
hampered by the lack of a method to signal to clients 
your intention; what's missing is the intention to 
migrate. 


As an entirely naive alternative, I would expect an 
IPv6-only service to be one that has only AAAA records 
(and includes ipv6hint params, but no ipv4hint params 
in any SVCB records, which browsers may or may not 
race at the same time). 

Perhaps it would be useful to include in the draft a 
brief description why that is insufficient and whether 
the anticipation is that browsers will (eventually) 
_not_ race HTTPS and A/AAAA lookups but _only_ use 
HTTPS lookups (or use those as blocking prior to any 
A/AAAA lookups). 

Sorry, this got longer than I initially set out to. 

-Jan 

[1] And it really is browsers we have to care about 
here, since those are effectively setting much of the 
direction of the Web. 

[2] Which, in turn, I anticipate to remain the case 
throughout the rest of my lifetime, at least. 




_______________________________________________ 
v6ops mailing list -- [email protected] 
To unsubscribe send an email to [email protected] 
_______________________________________________
DNSOP mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to