DNS over IPv6 Report 2019-10 for Fortune 500 (US) Companies
DNS Institute performs detailed periodic analysis of domains and nameservers for S&P Global Top 100 Banks, Fortune 500 (US) companies, and the US government. This includes checks for Internet specification requirements, US government mandates, and DNS registry guidelines.
This report provides a snapshot into IPv6 DNS coverage related to Fortune 500 domains.
This research included 3427 domains for Fortune 500 companies, subsidiaries, and brands. (This list includes global domains and some past companies and old brands for current Fortune 500 companies. Note that some of these companies own thousands of brand domains so this is only a partial list of all the Fortune 500 domains.) In addition to our standard checks, additional DNS queries and HTTP port checks were done to help supplement this IPv6 study.
59.4% of these domains were available in DNS using IPv6 (UDP or TCP).
A few TLDs in our study didn't support IPv6: ck, dj, et, mm, mp, sl, st, to, uz, and ws.
TLDs that have AAAA (IPv6 address) nameserver addresses but timed out, refused, or reset connections include: ni (only for TCP), pg, sr (refused for TCP), and tk (reset for TCP).
A few TLDs only had a single AAAA nameserver: aig, everbank, and netflix. (Note this study didn't check all TLD servers but only those for our Fortune 500 list.)
41% of the domains didn't have working nameservers for IPv6. This means that either no AAAA addresses were available for the nameservers or the nameservers weren't available over IPv6. This represented domains from 56% of the Fortune 500 companies. 44% of the companies had all their domains available via IPv6. 20% of the companies had at least one working domain and one non-working domain for IPv6. 36% of the companies had no domains in our list that worked with IPv6. 43 domains had an IPv6 nameserver that timed out for UDP.
Of the domains in this study, 95% had an A record. Only 10% had an AAAA record.
A few of the domains that had an AAAA record didn't even have working IPv6 nameservers: Alphabet's google.com.ge and google.com.ru; AutoZone's alldata.com; Clorox's thecloroxcompany.com; DISH Network's airtv.net, dish.com, and dishwireless.com; Sonic Automotive's echopark.com and sonicautomotive.com; Pioneer Natural Resources's pxd.com; Salesforce's tableau.com; and VF's eaglecreek.com.
And 9% had an AAAA record via the "www" label. These that didn't have working IPv6 nameservices include (excluding any duplicates from above): AT&T's warnerbros.com; Altice USA's alticeusa.com; Baxter International's baxter.com; Coty's robertocavalli.com; DISH Network's dish.design, dishlatino.com, and dishpuertorico.com; Fiserv's trsrecoveryservices.com; Laboratory Corp. of America's labcorp.com; Leidos Holdings' leidos.com; McKesson's cosentyx.com; National Oilwell Varco's nov.com; and Owens & Minor's owens-minor.com.
(There were 171 domains that had a listening HTTP service over IPv6 for the domain and 73 for "www". An example that didn't work for web access over IPv6 is Comcast's comcastcorporation.com.)
A few of the domains had MX records (responsible mail servers) that had AAAA records but DNS over IPv6 didn't work for the domain itself: Arthur J. Gallagher's humaniqa.com; Ford Motor's fordcem.com; iHeartMedia's iheart.com; Interpublic Group's wearearchitect.com; Johnson & Johnson's discovernursing.com; McKesson's verbal.care; R.R. Donnelley & Sons' rrd.com and rrdonnelley.com; Sanmina's 42-q.com, csourcegroup.com, masterpiecemachine.com, primarys.com, sanmina.com, sensorwise.com, vikingenterprisesolutions.com, and vikinginterworks.com; Verizon Communications's transactcdn.com; VF's altrarunning.com; Walt Disney's marvel.com; and Whirlpool's whirlpool.com and whirlpoolcorp.com.
Even many of the domains that worked with IPv6 had other problems. 9% of the Fortune 500 companies had at least one working domain without a second working IPv6 delegation: Activision Blizzard, ADP, Alphabet, American Airlines Group, Aramark, AT&T, Berkshire Hathaway, Blackstone Group, Capital One Financial, CenturyLink, Dollar Tree, Dover, eBay, Emerson Electric, FedEx, Fiserv, Foot Locker, Henry Schein, Ingredion, Jabil Circuit, J.M. Smucker, Kellogg, Marriott International, MGM Resorts International, Molina Healthcare, Office Depot, PayPal Holdings, PNC Financial Services Group Inc., PVH, Qurate Retail, Targa Resources, Target, Twenty-First Century Fox, UGI, United Rentals, United Technologies, Visa, Walmart, Walt Disney, WestRock, Yum China Holdings, and Zimmer Biomet Holdings. 17% of the companies had a domain that didn't have a working IPv6 nameserver in a different topological network. 20% of the companies had a domain that didn't have all of its IPv6 nameservers reachable. (Combined this was 30% of the companies.)
These October 2019 Fortune 500 checks found 22135 issues total with 45 unique failure and warning types (out of over 80). Another example detected DNS issue related to IPv6 is Tech Data's domains using RFC 3056 6to4 addressing. For information about the DNS analysis service, please visit http://www.dnsinstitute.com/dns-monitoring/ or contact the DNS Institute.