Recursive DNS Cache Service

This DNS Cache Service is available only to users of SixXS address space. We are running (PowerDNS) recursor jobs on some of the SixXS PoPs. They allow access to all IPv6 netblocks of SixXS, both tunnel space as well as routed (subnet) delegations.

Why would you use these resolvers? Well, next to providing a standard DNS recursive caching service, we are participating in the Google over IPv6 (Google IPv6 DNS whitelist) and Wikipedia (Wikipedia IPV6 DNS whitelist) projects, which means that if you query SixXS resolvers, you will get AAAA records for various Google and Wikipedia destinations. The way this works, is that while you query the DNS cache with IPv6, it will use a specific IPv4 address to contact the Google or Wikipedia nameservers. Those organisations maintain a trusted tester list of resolvers for which they return the AAAA records as well as the normal A records.

The Recursive DNS Caches can be found at:

• nscache.eu.sixxs.net - Europe
• nscache.us.sixxs.net - United States
• nscache.ap.sixxs.net - Asia Pacific

Configuration

To set up your system to use this service, add one or more IPv6 addresses of the resolvers to /etc/resolv.conf (you can look them up by typing dig AAAA nscache.XX.sixxs.net or host -t AAAA nscache.XX.sixxs.net). And remember: the resolvers only answer queries that originate from IPv6 space allocated to the SixXS PoPs and our users (ie, not the general public). For latency reasons it's important to add the resolver of your continent. European users use eu, North American users use us and Asia Pacific users use ap (sorry, only one resolver there).

Windows XP

Windows XP unfortunately does not support IPv6 DNS servers directly. As a hackish work-around though one could install bind and point your local DNS resolver there.

Using a forwarding DNS server

If you already have a local caching/resursive DNS server you can also configure that to forward the queries to these DNS caches. In BIND one can accomplish this with a 'forwarders' statement in the options section.

AICCU (all platforms)

If you are an AICCU user, please keep in mind that in order for the client to set up your tunnel, it will have to do a DNS lookup for tic.sixxs.net, which will be impossible if you don't have IPv6 connectivity yet and when you have configured the above IPv6-only resolvers. We are working on a new version of AICCU which will be available to avoid this, and also solve some other outstanding issues.

Therefore, we recommend the use of our resolvers only if you have a statically configured tunnel.

Example Query

As a cool example, consider this query:

$ dig @nscache.eu.sixxs.net AAAA www.google.com

; <<>> DiG 9.4.2-P2 <<>> @nscache.eu.sixxs.net AAAA www.google.com
; (6 servers found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51932
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.com.			IN	AAAA

;; ANSWER SECTION:
www.google.com.		438162	IN	CNAME	www.l.google.com.
www.l.google.com.	243	IN	AAAA	2001:4860:a003::68

;; Query time: 58 msec
;; SERVER: 2001:1418:10:2::2#53(2001:1418:10:2::2)
;; WHEN: Wed Apr  1 19:44:36 2009
;; MSG SIZE  rcvd: 80

Questions, Answers and Comments

If you have any questions, feel free to contact the SixXS Staff. Please note that the SixXS Staff should be the first point of contact for any trouble with the resolvers. If you have difficulty accessing the nameservers, please open a ticket with us, or mail <info@sixxs.net>. If possible please include the full output from 'dig'.

If your internet experience is totally awesome, including the Google properties, you may want to drop them a note at <google-ipv6@google.com>, to thank them for the great opportunity that allows SixXS users to test-drive their services using IPv6. If you have questions about the IPv6 process at Google, you could take a look at their FAQ.

A note on DNS query logging / privacy

The SixXS Recursive DNS Cache Service does not log any queries neither do they manipulate queries nor answers. The caches are running standard PowerDNS instances with an allow-from-file option specifying the SixXS prefixes. Note also that these DNS servers are not operated by Google, they are run by SixXS.

The ability to query IPv6 version of Google addresses is because our DNS caches are approved for the trusted tester list of resolvers in the Google DNS configuration. The only thing the caches do is cache and forward queries to the real DNS servers on the Internet. We do not control or know what those DNS servers do with the queries (except for hopefully answering them).

Questions concerning Google over IPv6

Please see the Google IPv6 FAQ.

Can I just use the nscaches for eg google.com?

Although this has a nice hack-factor, this domain-specific forwarding breaks for example www.gmail.com AAAA responses (you'll note that there are quite a few non-obvious domains out there). Moreover, currently www.google.cctld is a CNAME for www.google.com, but this is volatile, and could change without your knowledge, after which www.google.nl will stop handing out AAAA records.

As such, we (SixXS) recommend against such configuration setups. It is your network of course, thus there is not much we can do about you misconfiguring it like that.