Network engineers from Yahoo are pitching what they admit is a "really ugly hack" to the Internet's Domain Name System, but they say it is necessary for the popular Web content provider to support IPv6, the long-anticipated upgrade to the Internet's main communications protocol.Major 'Net players mulling IPv6 "whitelist"
Yahoo outlined its proposal for changes to DNS recursive name resolvers at a meeting of the Internet Engineering Task Force (IETF) held here this week.
Yahoo says it needs a major change to the DNS -- which matches IP addresses with corresponding domain names -- in order to provide IPv6 service without inadvertently cutting off access to hundreds of thousands of visitors. Under Yahoo's proposal, these visitors would continue accessing content via IPv4, the current version of the Internet Protocol.
"If you roll out IPv6, you will break 0.078% of users. That sounds negligible, but for Yahoo that's taking 470,000 users offline," says Igor Gashinsky, a senior network architect at Yahoo. Gashinsky presented Yahoo's DNS recursive name resolver proposal to the IETF's DNS Operations Working group.
For clarification, IPv4 is our current IP address numbering scheme with IP addresses of the form xx.yy.zz.aa. There are not much left of them and the numbering scheme of IPv6 has been proposed to create a huge amount of new IP addresses. The 0.078% of Internet users Yahoo talks about are those internet users with systems which claim to understand IPv6, but in fact don't and in reality are only able to speak to other computers over the IPv4 level.
The hack Yahoo proposes is to let the caching DNS server of the ISP between that broken system and the internet translate all DNS queries for IPv6 addresses to IPv4 address queries. This is not only a technical issue, but also an issue of trust and security. If an ISP gets the rights and technical facilities to modify DNS queries and responses to and from upstream authorative DNS servers on the fly, there is also the fear of modification in other situations. Untouched translation of domain names to IP addresses and vice versa is one of the important trust issues of the Internet.