The Broadband Internet Technical Advisory Group (BITAG) is a recently constituted organization whose mission is to bring together technical experts to develop consensus on broadband network management practices. As network management practices have been discussed and debated in policy circles over the last several years, a number of stakeholders in the Internet community saw the need for BITAG as a forum where engineers could discuss the associated technical issues. CDT has been participating in BITAG’s technical working group, and the group’s first Technical Report has just been released on the subject of DNS whitelisting, a technique being deployed by large websites to help smooth the global Internet addressing transition.
As we’ve written about previously, the Internet’s addressing system is undergoing its largest ever transformation. Internet Protocol version 6 (IPv6) is being deployed as a result of the exhaustion of the supply of the older form of addressing, IPv4. Because the transition will take time, most websites and networks will use both address families for many years.
DNS Whitelisting allows websites to respond to different Domain Name System (DNS) requests differently depending on which network is doing the asking. Generally speaking, a website using DNS whitelisting will maintain a list of networks that have met certain criteria for IPv6 readiness (Google, for example, has some publicly available criteria for its whitelist). Based on this criteria, a website’s whitelist might contain ISPs that have demonstrated that when the vast majority of their users try to reach websites over IPv6, they succeed just as well as when they connect via IPv4. If a user connected via a whitelisted ISP surfs over to the website, he’ll be able to connect via IPv6, whereas users on other networks would be directed to the website’s IPv4 address instead.
DNS Whitelisting helps websites maintain a high quality user experience by ensuring that users whose devices or connections are not fully IPv6-ready do not encounter delays or page loading errors when they try to access sites via IPv6. DNS Whitelisting also helps large sites gradually migrate from IPv4 to IPv6, rather than suddenly switching massive amounts of site traffic from one system to the other. Maintaining this finer grained control is prudent from an operational perspective, especially for large websites.
At the same time, it is possible that without careful and monitored deployment, some DNS whitelisting implementations could in the future be viewed as anti-competitive or discriminatory. For example, whitelisting could adversely affect new network operators attempting to deploy networks that support only IPv6 and not IPv4, or whitelisting could be used as a means to create disadvantage in commercial disputes between operators and websites.
The BITAG Technical Report therefore suggests a series of tactics that websites and operators can use to reduce the likelihood of conflicts or complaints related to DNS whitelisting and ensure that whitelisting works to the benefit of the Internet community as a whole. First, the BITAG suggests limiting the duration and use of DNS whitelisting such that whitelisting is used as briefly as possible for those critical websites that will encounter IPv6-related impairments. Second, the BITAG suggests a number of steps that websites and operators can take to smooth the process of getting whitelisted: publishing whitelisting policies and processes, describing decisionmaking criteria, using quantitative criteria (for example, the number of IPv6-related impairments on a network), publishing goals for how long the whitelisting process will take, specifying an appeals process, maintaining organizational contact staff for whitelisting purposes, creating time to troubleshoot before a network is removed from a whitelist, and publishing the whitelists themselves. Finally, the BITAG suggests several further steps to help smooth the IPv6 transition: sharing IPv6-related impairment statistics and notifying end users about impairments (while protecting user privacy), solving end user IPv6 impairments, and gaining experience with IPv6-only domain names.
The DNS whitelisting issue may not seem like the most pressing Internet policy topic of the day. But a key part of the BITAG’s value is to give technical experts the opportunity to discuss operational practices before they become headline news items. The shift to IPv6 is vital to the future health and accessibility of the Internet for all, and with its first Technical Report, the BITAG has contributed valuable guidance that we hope will be used to the benefit of Internet users during this crucial transitional phase.