Hi Erik, This is an interesting proposal, however you know my reticence to use DNS, because of its nature, it is hard to control propagation.
I read also the reported comments from the cURL maintainers. Like you, I really think we are way too early, and that people are more focused on deploying IPv6 than retiring IPv4. I think the group of people that have attempted IPv4 depreciation is very, very small. It feels normal to me to see so much push back at the moment, the focus is not there. I know a few depreciation projects, that hit some serious roadblocks because of the discovery of some financial system that is maintained under the desk of two people (not actual events, but dramatization). I won't be at IETF Vienna, I'm not sponsored, but I think it would have been good to elevate the discussion and gather experience from folks that have deprecated IPv4 and to think at what kind of format/systems would have made their life easier. It could even be a good BOF (or just a discussion group within v6ops). I may attend next IETF in San Francisco, so may be we should aim for this? I think I could rewrite the intro of draft-martin-retry-over-ipv6 in to a project statement, that would be summarized like this: it is going to happen, we like it or not, how can we help not totally break the Internet, or quickly recover when we discover a dragon lurks in a corner? Side Note: during the 6th of the month experiment, someone reported to me in private, that they discovered a service did not support IPv6, because it reported the 566 error. That was super easy to diagnose. Side Note: as I see the Happy Eyeballs folks are here: it seems safari iOS does not prefer IPv6. I have 2 sites on the same server, with same IPs, one was accessed over IPv6, the other over IPv4. I found it because of the 566 returned Side Note: Apple privacy proxy (iCloud Private Relay) will reach over IPv6 any site, even if your device is IPv4-only. Franck From: "Erik Nygren" <[email protected]> To: "Erik Nygren" <[email protected]>, "dnsop WG" <[email protected]>, "[email protected] list" <[email protected]>, [email protected] Sent: Tuesday, July 7, 2026 9:14:08 AM Subject: [v6ops] Re: [DNSOP] Indicating ipv6only and deprecation via SVCB: draft-nygren-dnsop-ipv6only-indicator-00.txt Hi Jan, thanks for the feedback. And also thank you Paul for relaying Daniel Stenberg's similar feedback. I agree this is a legitimate criticism. In the current world of Happy Eyeballs and where ideally most content is dual-stacked it is unclear that there's enough value for deploying this. The absence of the DNS "A" record should be good enough for indicating IPv6-only, and outside of the "web" world I'm aware already of cases in closed environments for production services with only AAAA records. One use-case where SVCB may help beyond Happy Eyeballs are for cases where clients are being forced through SVCB/HTTPS RRs (with no fallback A/AAAA records on the hostname) and where a service wants to use different infrastructure with different capabilities for IPv6-only vs legacy dualstack support. The other use-case is for signalling planned deprecation for IPv4 support -- this would likely be most interesting in combination with HAPPY reporting capabilities. This DNS-based approach is a counterpoint to doing it in-band (eg, in HTTP response headers as proposed in [ https://datatracker.ietf.org/doc/html/draft-martin-retry-over-ipv6-02 | https://datatracker.ietf.org/doc/html/draft-martin-retry-over-ipv6-02 ] ) I'm very much willing to accept that we just aren't ready yet for draft-nygren-dnsop-ipv6only-indicator (and perhaps with Happy Eyeballs we never will be and perhaps there are other better and simpler ways to achieve the same goals). If people have compelling arguments for why we will want this soon, that would be valuable. If not, even as a (eventually expired) draft this can potentially serve as a "here's how you might do this in SVCB if you wanted to signal it in the DNS" since I'm sure this idea will resurface every few years. Best, Erik On Mon, Jul 6, 2026 at 11:02 PM Jan Schaumann < [ mailto:[email protected] | [email protected] ] > wrote: Erik Nygren < [ mailto:erik%[email protected] | [email protected] ] > wrote: > As the DNS is the primary mechanism for translating from hostnames to > IP addresses, it is a logical place to signal that endpoints are > IPv6-only. It is thus also a logical place to signal that legacy > endpoints supporting IPv4 are being deprecated. This specification > introduces two SvcParams for SVCB-compatible RR types that signal > IPv6-only endpoints (ipv6only) as well as deprecated endpoints > (deprecated). > > The "ipv6only" SvcParam touches on V6OPS and HAPPY. I see this not as > something we desperately need now/yet but as something we will want in a few > years and thus should standardize sooner so that the implementations are > there > for when we need it. I have to admit that my experience so far with the adoption of SVCB and HTTPS records makes me wonder whether this will be a practically useful approach. Right now, browsers[1] are racing all three lookups (HTTPS, A, and AAAA), and any findings from HTTPS records are, if supported or implemented by browsers at all, advisory at best. >From a browser (or happy eyeballs) perspective, that makes sense: waiting for the HTTPS result before then having to possibly do another two sequential lookups leads to a bad user experience. But that also means that the "ipv6only" param would not be particularly useful in practice so long as browsers still race the A and AAAA lookups. I anticipate browsers will continue to do that for as long as IPv4 and IPv6 records are both widely used[2]. As for the "deprecated" param, I also don't quite know what I am to do with it when I observe it, given that I "SHOULD NOT provide special treatment". I fear that the idea behind the proposal ("make it easier for people to migrate off IPv4 and to IPv6-only") is a solution in search of a problem: I'm not convinced the technical ability to migrate is hampered by the lack of a method to signal to clients your intention; what's missing is the intention to migrate. As an entirely naive alternative, I would expect an IPv6-only service to be one that has only AAAA records (and includes ipv6hint params, but no ipv4hint params in any SVCB records, which browsers may or may not race at the same time). Perhaps it would be useful to include in the draft a brief description why that is insufficient and whether the anticipation is that browsers will (eventually) _not_ race HTTPS and A/AAAA lookups but _only_ use HTTPS lookups (or use those as blocking prior to any A/AAAA lookups). Sorry, this got longer than I initially set out to. -Jan [1] And it really is browsers we have to care about here, since those are effectively setting much of the direction of the Web. [2] Which, in turn, I anticipate to remain the case throughout the rest of my lifetime, at least. _______________________________________________ v6ops mailing list -- [email protected] To unsubscribe send an email to [email protected]
_______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
