DNS over IPv6 Research 2020-11 for Fortune 500 Companies
This DNS Institute research provides an updated snapshot into IPv6 coverage for DNS for Fortune 500 domains. (Click here for a 2019 report and here for a 2020 US government domains study.) DNS Institute performs comprehensive DNS analysis, security testing, and commercial monitoring of nameservers and domains for S&P Global Top 100 Banks, Fortune 500 companies, US government, and various TLDs based on IETF RFC specifications and best practices, government requirements, and registry guidelines.
This IPv6 research was for 4256 domains for Fortune 500 companies, including their many subsidiaries, acquisitions, and brands. This represented 3024 IPv6 nameserver addresses (and 2865 IPv4 nameserver addresses).
63% of these domains were available in DNS using only IPv6 (UDP or TCP). The other 37% didn't have AAAA addresses for their nameservers or their nameservers failed to respond over IPv6.
Some ccTLDs in this study did not support IPv6 for their nameservers: bf, ck, dj, et, mm, mp, sl, to, uz, and ws. Also sr nameservers had TCP failures or TCP timeouts over IPv6.
Near 57% of the domains didn't have all nameservers available for IPv6.
19 nameservers (using IPv6 addresses) used for eleven domains returned DNS REFUSED. Two nameservers for a single domain returned SERVFAIL.
1335 delegated nameservers (from 2395 domains) didn't have IPv6 addresses.
21 nameservers (from 26 domains) timed out over UDP (IPv6). Thirteen nameservers (from 14 domains) timed out over TCP (IPv6). Three nameservers (from three domains) had some TCP (IPv6) failure.
270 Fortune 500 companies had at least one domain that failed completely over IPv6. Of these, 129 companies didn't have working DNS over IPv6 for all their domains in our study: Aflac, AK Steel Holding, Alliance Data Systems, Ally Financial, American Electric Power, American Financial Group, Ameriprise Financial, Anthem, Arthur J. Gallagher, Ascena Retail Group , Assurant, Booz Allen Hamilton , Bristol-Myers Squibb, Cardinal Health, CarMax, CDW, Centene, Cerner, Cheniere Energy , Chesapeake Energy, C.H. Robinson Worldwide, Cigna, Cincinnati Financial, Cintas, Commercial Metals, Community Health Systems, Consolidated Edison, Corning, Crown Castle International, Cummins, Dana, DaVita HealthCare Partners, DCP Midstream, Dean Foods, Delek US Holdings, Dell Technologies, Devon Energy, DISH Network, DTE Energy, Duke Energy, Edward Jones (Jones Financial Companies), EnLink Midstream, Entergy, Enterprise Products Partners, Equitable Holdings, Estee Lauder, Exxon Mobil, First American Financial, FirstEnergy, Fortive, Freddie Mac, General Dynamics, General Mills, Genworth Financial, Graybar Electric, Hartford Financial Services, HCA Healthcare, Hertz Global Holdings, Hess, Hewlett Packard Enterprise, Hilton Worldwide Holdings, HP, Huntington Ingalls Industries, Ingredion, Insight Enterprises, Intel, International Paper, IQVIA Holdings, Johnson Johnson, Kimberly-Clark, Kroger, L3Harris Technologies, Laboratory Corp. of America, L Brands, Lear, Levi Strauss, Lincoln National, Lockheed Martin, Micron Technology, Mohawk Industries, Morgan Stanley, Motorola Solutions, Mutual of Omaha Insurance, National Oilwell Varco, Nationwide Mutual Insurance Company, Navistar International, NextEra Energy, NGL Energy Partners, Nike, Norfolk Southern, Northrop Grumman, Northwestern Mutual, Old Republic International, Ovintiv, Owens Corning, Pacific Life, PepsiCo, Performance Food Group, Pioneer Natural Resources, Plains GP Holdings, Principal Financial, Progressive, Prudential Financial, Quest Diagnostics, Raymond James Financial, Regeneron Pharmaceuticals, Rite Aid, Ross Stores, R.R. Donnelley Sons, Science Applications International, Sherwin-Williams, Sonic Automotive, Southern, State Farm Insurance, Texas Instruments, Thrivent Financial for Lutherans, Travelers, Union Pacific, United States Steel, U.S. Bancorp, Valero Energy, Vistra Energy, Voya Financial, Waste Management, WEC Energy Group, Whirlpool, Williams, W.R. Berkley, and XPO Logistics.
94% of the domains in this study had an IPv4 address (A record). Only 10.5% of the domains had at least one IPv6 address (AAAA record).
24 of these domains which had an IPv6 address didn't have working nameservice using IPv6 though. This included one or more domains from AECOM, Albertsons, Alphabet, Baxter International, Coty, DISH Network, Pioneer Natural Resources, and Sonic Automotive.
One company, Tech Data, had domains using RFC3056 6to4 addresses for their nameservers.
26% of the working IPv6 domains didn't have working nameservers in at least two different topological IPv6 networks.
We supplemented this study beyond just DNS. 97% of those with IPv6 addresses had a listening HTTP (port 80) web service.
7.8% of the domains had an MX (mail exchange) record with a mail server hostname with a IPv6 AAAA address. Many of these were the same mail servers for a total of 51 of which 39 accepted an SMTP port 25 connection over IPv6. mail servers. (As a comparison, there were 1630 listening IPv4 mail servers.)
Our test suite detected 142171 anomalies for its IPv6 DNS checks in this research. This represented 46 unique warnings or failures out of over 90 tests. For example, 18 of the domain names repeated IPv6 addresses for their delegated nameserver names; Fox had a domain with only a two-day DNSSEC signature lifetime; and Tractor Supply had a domain where the zone file configuration indicates it may have been missing a trailing period. For information about the DNS analysis service, please visit http://www.dnsinstitute.com/dns-monitoring/ or contact the DNS Institute. You may contact DNS Institute for a free DNS over IPv6 analysis.