DNS Tech Support Training Courses DNSSEC Consulting DNS Monitoring System Audit Customer Portal
The DNS Institute
Documentation Implementations Research DNS History Free DNS Tools

IPv6 Report 2020-06 for US Government and Military Domains

DNS Institute performs detailed audits of DNS domain names and nameservers for the US government, S&P Global Top 100 Banks, and Fortune 500 (US) companies. This analyzes for requirements for DNS registries, government mandates, and Internet specifications.

This is a report of IPv6-only DNS support for United States government and military domains. Of 1302 domains that worked with DNS (any combination of IPv4, IPv6, UDP, and TCP), 651 (50%) domains had at least one problem with their IPv6 delegation or resolution and up to 247 (19%) domains did not work at all for IPv6-only DNS. Akamai had 42 nameservers in this study with failures for 227 US government domain names. The General Services Administration had 72 domains with failures (from three nameservers). Six US Department of Defense Non-classified Internet Protocol Router Network nameservers didn't have AAAA addresses resulting in complete IPv6 failures for 71 .mil domains in this study. The National Institutes of Health had at least 18 domains with failures.

In August 2005, the United States government White House Office of Management and Budget (OMB) published a memorandum that all federal agencies networks must interface with IPv6 by June 2008. As of recently, that transition is still incomplete. A series of guidance documents highlighted that applications should be able to operate in IPv6-only modes with no less functionality available if were doing IPv4. Specifically for DNS, the client and servers are to be fully functional and required to support IPv6 address records and DNS queries over native IPv6.

RFC 3901 DNS IPv6 Transport Operational Guidelines recommends that all DNS zones should be served by at least one IPv4-reachable authoritative name server and there should be at least one IPv4 address for delegations. While it says "[t]his rules out DNS zones served only by IPv6-only authoritative name servers", later RFCs (like RFC 8305) state that queries should be sent over IPv6 first.

Even though the NIST guidelines recommend not getting cut off from DNS by disallowing IPv4-only, this study highlights the domains that don't have AAAA records for the delegated NS nameservers and those that don't have IPv6 nameservers answering for their domains. This study doesn't check for address records for the domains themselves, but focuses on the nameserver delegations leading to the domain and its SOA record. Below, this first lists several popular domains with IPv6 problems, the many domains with complete IPv6 failures, and then shows the lameness problems for all the domains that had at least one IPv6-related failure: nameservers names with failing AAAA lookups, nameservers returning SERVFAIL or REFUSED, and IPv6 nameservers which could not be reached.

Popular Domains with Partial or Complete IPv6 Failures

Sixty-five domains that partially failed for IPv6 are in the top 10,000 of the Tranco top sites ranking list (2020-06-15). Thirteen domains completely failed for IPv6 in the top 10,000 are marked with an asterisk (*).

  1. #64 nih.gov
  2. #128 cdc.gov   *
  3. #410 state.gov
  4. #433 whitehouse.gov
  5. #715 ftc.gov
  6. #819 census.gov
  7. #846 senate.gov
  8. #904 bls.gov   *
  9. #933 sec.gov
  10. #1025 privacyshield.gov
  11. #1149 usa.gov
  12. #1181 weather.gov
  13. #1212 dhs.gov
  14. #1238 army.mil   *
  15. #1278 navy.mil   *
  16. #1312 cia.gov
  17. #1317 usembassy.gov
  18. #1357 fcc.gov
  19. #1385 dol.gov
  20. #1394 sba.gov   *
  21. #1512 cancer.gov
  22. #1555 gpo.gov   *
  23. #1672 fema.gov
  24. #1768 osha.gov
  25. #1772 uscis.gov
  26. #1826 af.mil   *
  27. #1947 uscourts.gov
  28. #2264 federalreserve.gov
  29. #2419 defense.gov
  30. #2429 eia.gov
  31. #2451 studentaid.gov
  32. #2574 hud.gov
  33. #2832 cms.gov
  34. #2919 federalregister.gov   *
  35. #3171 cbp.gov
  36. #3434 cpsc.gov
  37. #3581 drugabuse.gov
  38. #3599 supremecourt.gov
  39. #3652 healthcare.gov
  40. #3678 usaid.gov   *
  41. #3855 medicare.gov
  42. #4038 export.gov
  43. #4162 ready.gov
  44. #4266 tsa.gov
  45. #4396 gsa.gov
  46. #4646 ornl.gov
  47. #4651 us-cert.gov
  48. #4769 doc.gov
  49. #5533 usajobs.gov
  50. #5727 fdic.gov
  51. #6220 hrsa.gov
  52. #6699 llnl.gov
  53. #6838 ice.gov
  54. #6849 nsa.gov
  55. #7083 dtic.mil   *
  56. #7110 darpa.mil   *
  57. #7525 opm.gov
  58. #7627 uscg.mil   *
  59. #7715 osd.mil   *
  60. #8030 commerce.gov
  61. #8895 recreation.gov
  62. #9048 dea.gov
  63. #9361 sam.gov
  64. #9625 genome.gov
  65. #9658 huduser.gov

Domains with Complete IPv6 Failure

At the time of this testing, these domains parent delegations (leading to the domains SOA records) worked using IPv4 and/or "A" address records, but didn't work with AAAA and/or IPv6.

Nameservers Names with Failing AAAA Lookups

These are 272 nameservers names used in delegations (for the following also-listed domain names) that didn't have IPv6 address answers.

a10-65.akam.net. — query failed for AAAA

a10-66.akam.net. — query failed for AAAA

a10-67.akam.net. — query failed for AAAA

a11svidzns001.nro.mil. — query failed for AAAA

a12-64.akam.net. — query failed for AAAA

a12-65.akam.net. — query failed for AAAA

a12-66.akam.net. — query failed for AAAA

a12-67.akam.net. — query failed for AAAA

a14-64.akam.net. — query failed for AAAA

a14-66.akam.net. — query failed for AAAA

a18-64.akam.net. — query failed for AAAA

a18-65.akam.net. — query failed for AAAA

a18-67.akam.net. — query failed for AAAA

a22-65.akam.net. — query failed for AAAA

a22-66.akam.net. — query failed for AAAA

a22-67.akam.net. — query failed for AAAA

a24-66.akam.net. — query failed for AAAA

a24-67.akam.net. — query failed for AAAA

a2-64.akam.net. — query failed for AAAA

a26-64.akam.net. — query failed for AAAA

a26-65.akam.net. — query failed for AAAA

a26-66.akam.net. — query failed for AAAA

a26-67.akam.net. — query failed for AAAA

a2-66.akam.net. — query failed for AAAA

a28-64.akam.net. — query failed for AAAA

a28-65.akam.net. — query failed for AAAA

a28-66.akam.net. — query failed for AAAA

a4-64.akam.net. — query failed for AAAA

a7.uberns.com. — query failed for AAAA

a7.uberns.info. — query failed for AAAA

a7.uberns.net. — query failed for AAAA

a7.uberns.org. — query failed for AAAA

altdsos.altusandc.gov. — query failed for AAAA

altdstork.altusandc.gov. — query failed for AAAA

asia2.akam.net. — query failed for AAAA

asia3.akam.net. — query failed for AAAA

auth00.ns.uu.net. — query failed for AAAA

auth100.ns.uu.net. — query failed for AAAA

auth110.ns.uu.net. — query failed for AAAA

auth111.ns.uu.net. — query failed for AAAA

auth120.ns.uu.net. — query failed for AAAA

auth20.ns.wcom.com. — query failed for AAAA

auth40.ns.uu.net. — query failed for AAAA

auth62.ns.uu.net. — query failed for AAAA

beast.dma.mil. — query failed for AAAA

beauty.dma.mil. — query failed for AAAA

bloodaxe.iad.gov. — query failed for AAAA

bloodgem.iad.gov. — query failed for AAAA

brahmaputra.sba.gov. — query failed for AAAA

cgns1.uscg.gov. — query failed for AAAA

cgns4.uscg.gov. — query failed for AAAA

cgns5.uscg.gov. — query failed for AAAA

con1.nipr.mil. — query failed for AAAA

con2.nipr.mil. — query failed for AAAA

ctc-dns2.usa-ctc.com. — query failed for AAAA

ctc-dns.usa-ctc.com. — query failed for AAAA

dca-ans-01.inet.qwest.net. — query failed for AAAA

dmz01ns01.dns.dmz.pitc.gov. — query failed for AAAA

dmz01ns02.dns.dmz.pitc.gov. — query failed for AAAA

dmz02ns01.dns.dmz.pitc.gov. — query failed for AAAA

dmz02ns02.dns.dmz.pitc.gov. — query failed for AAAA

dnieper.sba.gov. — query failed for AAAA

dns01.cns.gov. — query failed for AAAA

dns02.cns.gov. — query failed for AAAA

dns03.uscp.gov. — query failed for AAAA

dns04.uscp.gov. — query failed for AAAA

dns082.usps.com. — query failed for AAAA

dns141.usps.com. — query failed for AAAA

dns1.myowncloud.net. — query failed for AAAA

dns2.gsa.gov. — query failed for AAAA

dns2.myowncloud.net. — query failed for AAAA

dns3.easydns.ca. — query failed for AAAA

dns3.gsa.gov. — query failed for AAAA

dns5.gsa.gov. — query failed for AAAA

dns-pub-f1-u.pentagon.mil. — query failed for AAAA

dns-pub-f2-u.pentagon.mil. — query failed for AAAA

dns-pub-f3-u.pentagon.mil. — query failed for AAAA

dsos.aftac.gov. — query failed for AAAA

dstork.aftac.gov. — query failed for AAAA

eur1.nipr.mil. — query failed for AAAA

eur2.akam.net. — query failed for AAAA

eur2.nipr.mil. — query failed for AAAA

eur4.akam.net. — query failed for AAAA

eur5.akam.net. — query failed for AAAA

eur6.akam.net. — query failed for AAAA

fsdns1.fs.fed.us. — query failed for AAAA

fsdns3.fs.fed.us. — query failed for AAAA

fsdns4.fs.fed.us. — query failed for AAAA

hchbens2.doc.gov. — query failed for AAAA

hudgate.hud.gov. — query failed for AAAA

hudgater.hud.gov. — query failed for AAAA

icdc-us-ns1.cdc.gov. — query failed for AAAA

icdc-us-ns2.cdc.gov. — query failed for AAAA

icdc-us-ns3.cdc.gov. — query failed for AAAA

kaucher.dma.mil. — query failed for AAAA

kci.kcilink.com. — query failed for AAAA

mnsa-dns-001zu.altusandc.gov. — query failed for AAAA

mnsa-dns-002zu.altusandc.gov. — query failed for AAAA

mojavedatagov2.mojavedata.gov. — query failed for AAAA

ns01-cc-gw.health.mil. — query failed for AAAA

ns01-ee-gw.health.mil. — query failed for AAAA

ns01.fhfa.gov. — query failed for AAAA

ns01-ncr-gw.health.mil. — query failed for AAAA

ns01-nwc-gw.health.mil. — query failed for AAAA

ns01-pac-gw.health.mil. — query failed for AAAA

ns01-sea-gw.health.mil. — query failed for AAAA

ns01-sec-gw.health.mil. — query failed for AAAA

ns01-swc-gw.health.mil. — query failed for AAAA

ns01-we-gw.health.mil. — query failed for AAAA

ns02.fhfa.gov. — query failed for AAAA

ns03.fhfa.gov. — query failed for AAAA

ns04.fhfa.gov. — query failed for AAAA

ns07.usaid.gov. — query failed for AAAA

ns08.usaid.gov. — query failed for AAAA

ns0.llnl.gov. — query failed for AAAA

ns0.peacecorps.gov. — query failed for AAAA

ns11.customer.level3.net. — query failed for AAAA

ns1.access-board.gov. — query failed for AAAA

ns1.acsalaska.net. — query failed for AAAA

ns1.aoc.gov. — query failed for AAAA

ns1.archive.org. — query failed for AAAA

ns1.blackmesh.com. — query failed for AAAA

ns1.bluehost.com. — query failed for AAAA

ns1.cdc.gov. — query failed for AAAA

ns1.csd.disa.mil. — query failed for AAAA

ns1.csosa.gov. — query failed for AAAA

ns1.dc3on.gov. — query failed for AAAA

ns1.ecfc.gov. — query failed for AAAA

ns1.enterprisehostinginc.com. — query failed for AAAA

ns1.erpo.gov. — query failed for AAAA

ns1.fdc.ibm.com. — query failed for AAAA

ns1.glb.ferc.gov. — query failed for AAAA

ns1.gpo.gov. — query failed for AAAA

ns1.hmsns.com. — query failed for AAAA

ns1.jpo.gov. — query failed for AAAA

ns1.lps.gov. — query failed for AAAA

ns1.milesdns.com. — query failed for AAAA

ns1.nationalresourcedirectory.gov. — query failed for AAAA

ns1.nlrb.gov. — query failed for AAAA

ns1.nrd.gov. — query failed for AAAA

ns1.nrpo.gov. — query failed for AAAA

ns1.ntsb.gov. — query failed for AAAA

ns1.owc.gov. — query failed for AAAA

ns1.panola.net. — query failed for AAAA

ns1.patriotbonds.gov. — query failed for AAAA

ns1.pppo.gov. — query failed for AAAA

ns1.psd.gov. — query failed for AAAA

ns1.psup.gov. — query failed for AAAA

ns1.pubservices.gov. — query failed for AAAA

ns1.rpo.gov. — query failed for AAAA

ns1.savvis.net. — query failed for AAAA

ns1.scholarshipamerica.org. — query failed for AAAA

ns1.siteground145.com. — query failed for AAAA

ns1.tsp.gov. — query failed for AAAA

ns1.uspsoig.gov. — query failed for AAAA

ns20912480247.a2dns.com. — query failed for AAAA

ns20.customer.level3.net. — query failed for AAAA

ns26.customer.level3.net. — query failed for AAAA

ns2.access-board.gov. — query failed for AAAA

ns2.acsalaska.net. — query failed for AAAA

ns2.aoc.gov. — query failed for AAAA

ns2.archive.org. — query failed for AAAA

ns2.blackmesh.com. — query failed for AAAA

ns2.bluehost.com. — query failed for AAAA

ns2.cdc.gov. — query failed for AAAA

ns2.dc3on.gov. — query failed for AAAA

ns2.enterprisehostinginc.com. — query failed for AAAA

ns2.gpo.gov. — query failed for AAAA

ns2.hmsns.com. — query failed for AAAA

ns2.milesdns.com. — query failed for AAAA

ns2.nationalresourcedirectory.gov. — query failed for AAAA

ns2.newtargethosting.com. — query failed for AAAA

ns2.nitc.usda.gov. — query failed for AAAA

ns2.nlrb.gov. — query failed for AAAA

ns2.nrd.gov. — query failed for AAAA

ns2.nwtrb.gov. — query failed for AAAA

ns2.p06.dynect.net. — query failed for AAAA

ns2.p12.dynect.net. — query failed for AAAA

ns2.p16.dynect.net. — query failed for AAAA

ns2.p23.dynect.net. — query failed for AAAA

ns2.p26.dynect.net. — query failed for AAAA

ns2.p27.dynect.net. — query failed for AAAA

ns2.p30.dynect.net. — query failed for AAAA

ns2.panola.net. — query failed for AAAA

ns2.patriotbonds.gov. — query failed for AAAA

ns2.pppo.gov. — query failed for AAAA

ns2.savvis.net. — query failed for AAAA

ns2.scholarshipamerica.org. — query failed for AAAA

ns2.siteground145.com. — query failed for AAAA

ns2.tsp.gov. — query failed for AAAA

ns2.tvaoig.gov. — query failed for AAAA

ns2.uspsoig.gov. — query failed for AAAA

ns3.acsalaska.net. — query failed for AAAA

ns3.archive.org. — query failed for AAAA

ns3.cdc.gov. — query failed for AAAA

ns3.enterprisehostinginc.com. — query failed for AAAA

ns3.exploretsp.gov. — query failed for AAAA

ns3.fdc.ibm.com. — query failed for AAAA

ns3.frtib.gov. — query failed for AAAA

ns3.frtibtest.gov. — query failed for AAAA

ns3.glb.ferc.gov. — query failed for AAAA

ns3.han.nitc.usda.gov. — query failed for AAAA

ns3.hmsns.com. — query failed for AAAA

ns3.hudoig.gov. — query failed for AAAA

ns3.nationalresourcedirectory.gov. — query failed for AAAA

ns3.nrc.gov. — query failed for AAAA

ns3.nrd.gov. — query failed for AAAA

ns3.nwtrb.gov. — query failed for AAAA

ns3.savvis.net. — query failed for AAAA

ns3.scholarshipamerica.org. — query failed for AAAA

ns3.tsp.gov. — query failed for AAAA

ns3.tsptest.gov. — query failed for AAAA

ns3.tvaoig.gov. — query failed for AAAA

ns3.uspsoig.gov. — query failed for AAAA

ns4.acsalaska.net. — query failed for AAAA

ns4.enterprisehostinginc.com. — query failed for AAAA

ns4.exploretsp.gov. — query failed for AAAA

ns4.fdc.ibm.com. — query failed for AAAA

ns4.frtib.gov. — query failed for AAAA

ns4.frtibtest.gov. — query failed for AAAA

ns4.glb.ferc.gov. — query failed for AAAA

ns4.han.nitc.usda.gov. — query failed for AAAA

ns4.hudoig.gov. — query failed for AAAA

ns4.p06.dynect.net. — query failed for AAAA

ns4.p12.dynect.net. — query failed for AAAA

ns4.p16.dynect.net. — query failed for AAAA

ns4.p23.dynect.net. — query failed for AAAA

ns4.p26.dynect.net. — query failed for AAAA

ns4.p27.dynect.net. — query failed for AAAA

ns4.p30.dynect.net. — query failed for AAAA

ns4.scholarshipamerica.org. — query failed for AAAA

ns4.tsp.gov. — query failed for AAAA

ns4.tsptest.gov. — query failed for AAAA

ns5.scholarshipamerica.org. — query failed for AAAA

ns5.tva.gov. — query failed for AAAA

ns6866192113.a2dns.com. — query failed for AAAA

ns6.tva.gov. — query failed for AAAA

ns9.newtargethosting.com. — query failed for AAAA

ns.cybercom.mil. — query failed for AAAA

ns.jtfgno.mil. — query failed for AAAA

ns.lps.gov. — query failed for AAAA

nsn2.intelink.gov. — query failed for AAAA

nsn.intelink.gov. — query failed for AAAA

ns.ntsb.gov. — query failed for AAAA

ozzy.infostructures.com. — query failed for AAAA

pac1.nipr.mil. — query failed for AAAA

pac2.nipr.mil. — query failed for AAAA

redball.eia.gov. — query failed for AAAA

relay1.ucia.gov. — query failed for AAAA

russell.dma.mil. — query failed for AAAA

si-names1.si.edu. — query failed for AAAA

si-names2.si.edu. — query failed for AAAA

stark.brass.us-cert.gov. — query failed for AAAA

styx.esc.gov. — query failed for AAAA

svl-ans-01.inet.qwest.net. — query failed for AAAA

use1.akam.net. — query failed for AAAA

use2.akam.net. — query failed for AAAA

use4.akam.net. — query failed for AAAA

use6.akam.net. — query failed for AAAA

use9.akam.net. — query failed for AAAA

usw1.akam.net. — query failed for AAAA

usw2.akam.net. — query failed for AAAA

usw5.akam.net. — query failed for AAAA

usw6.akam.net. — query failed for AAAA

va141-a.usps.com. — query failed for AAAA

va82-a.usps.com. — query failed for AAAA

volturno.sba.gov. — query failed for AAAA

w31svidzns001.nro.mil. — query failed for AAAA

xdns1.uscourts.cavc.gov. — query failed for AAAA

xdns2.uscourts.cavc.gov. — query failed for AAAA

xdns.pppl.gov. — query failed for AAAA

yamuna.sba.gov. — query failed for AAAA

IPv6 Nameserver failures

These two nameservers were accessible, but returned a failure instead of an answer for the listed domain getting looked up.

2607:4000:200:42::5 (hanna.cac.washington.edu.) — SERVFAIL

2607:f330:2003:403::201 (ns2.cjis.gov.) — REFUSED

IPv6 Nameservers which could not be reached

The following 25 IPv6 nameservers couldn't be reached due to a UDP or TCP timeout of at least 11 seconds or other unknown networking failure.

2001:19e8:d4::100 (edns3.dot.gov.) — UDP timeout

2001:470:1:7a::147 (dnssec11.datamtn.com.) — UDP timeout

2001:500:90:1::6 (ns1.p06.dynect.net.) — UDP timeout

2001:500:94:1::6 (ns3.p06.dynect.net.) — UDP timeout

2600:803:228:fefe::14 (ns2.csosa.gov.) — TCP fail, UDP timeout

2607:f220:402:1801::a570:4e6 (ns3.nih.gov.) — TCP timeout

2607:f220:418:4101::80e7:401 (ns2.nih.gov.) — TCP fail, UDP timeout

2607:f250:d008:2022:65:106:133:212 (ns2.dol.gov.) — TCP timeout

2607:f250:d020:3001:152:180:11:238 (ns06.dol.gov.) — TCP timeout

2607:f250:d020:3001:152:180:11:239 (ns05.dol.gov.) — TCP timeout

2607:f250:d024:3001:152:180:20:20 (stlns08.dol.gov.) — TCP fail, UDP timeout

2610:130:102:112::2 (dns-2.iastate.edu.) — TCP timeout, UDP timeout

2610:20:6005:13::4 (gea2.nist.gov.) — UDP timeout

2620:0:22f0:552::52:16 (ns.jlab.org.) — TCP fail, UDP timeout

2620:0:2b30:304::32 (ns0-alt.ornl.gov.) — TCP timeout, UDP timeout

2620:0:2b30:304::96 (ns0.ornl.gov.) — TCP timeout, UDP timeout

2620:0:2b88:9700::40 (ns2.inel.gov.) — UDP timeout

2620:0:c91::67:250 (ns1.hud.gov.) — TCP timeout

2620:0:c91::67:251 (ns2.hud.gov.) — TCP timeout

2620:0:c92::167:45 (ns3.hud.gov.) — TCP timeout

2620:0:c92::167:91 (ns4.hud.gov.) — TCP timeout

2620:117:506f:c::f00c (rtpns2.epa.gov.) — UDP timeout

2620:9b:c000:9200:12::30 (dns1.fpki.gov., dns1.fpki-lab.gov., dns1.pki.gov., dns1.pki-lab.gov.) — TCP timeout

The data was collected on June 15, 2020. (Previous checks were done on June 5 and June 14 from a different network to spot check and confirm issues.) DNS Institute researches domain name and nameserver correctness for thousands of domains owned by Fortune 500, S&P 100 Banks, and the US government. For information about the DNS analysis service, please visit http://www.dnsinstitute.com/dns-monitoring/ or contact the DNS Institute.

Contact Us | About | Site Map |  Gab |  Twitter