1. Understand the basics of IPv6

To get started, you may want to view our “IPv6 Basics” page. Additionally, you may find these ebooks and resources helpful:

• IPv6 for IPv4 Experts (Available in English and Russian)
• IPv6 for All (Available in English and Spanish)
• IPv6 for Network Operators (Available in Spanish)

2. Obtain IPv6 addresses and determine an address plan:

• DNS Considerations for IPv6 
• How to get IPv6 addresses
• IPv6 Address Planning

3. Determine if your existing network equipment will support IPv6 or purchase appropriate equipment:

• RIPE-554: Requirements for IPv6 in ICT Equipment (useful for specifying requirements for new purchases)
• IPv6 Ready Logo Program Approved List
• UNH-IOL’s Tested Devices for US Government IPv6 program

4. Understand different transition technologies that can help your network:

• RFC 6180: Guidelines for Using IPv6 Transition Mechanisms during IPv6 Deployment
• Four outstanding IPv6 transition videos

5. Understand IPv6 security concerns:

• IPv6 Security resources

6. Build the case for management about your transition to IPv6:

• Find IPv6 statistics
• Explore IPv6 case studies

7. Keep up-to-date on the latest IPv6 news and activities:

• IPv6-related blog posts
• Join IPv6 communities: there are many places on the Internet where members of the “IPv6 community” gather to discuss IPv6 deployment, ask and answer questions and share new tools/services/questions. With new discussion areas appearing on new social services all the time, here are the public places we are currently aware of:
  • Email Discussion Lists:
    • ipv6-ops – a list for people involved in the deployment of IPv6
    • RIPE NCC IPv6 working group – a list for discussion of IPv6 policy and operational issues within the RIPE NCC community.
    • ipv6-hackers – lists for discussion of IPv6 security issues (one list in English and one in Spanish)
  • IETF Working Groups: within the Internet Engineering Task Force (IETF), IPv6-related issues and standards are developed and discussed in many different working groups. Some of the primary groups include:
    • v6ops – IPv6 Operations
    • 6man – IPv6 Maintenance
    • 6lowpan – IPv6 over low power networks
    • opsec – Operational Security Capabilities for IP Network Infrastructure
  • LinkedIn Groups: LinkedIn currently has over 100 different Groups related to IPv6, many connected with different regions and subject areas. Two of the more active Groups are:
    • IPv6
    • IPv6 Enthusiasts
  • Facebook: Similar to LinkedIn, Facebook contains a large number of IPv6-related Groups and IPv6-related Pages.
  • Twitter: the #IPv6 hashtag is commonly used for DNSSEC-related tweets.
  • Reddit: find the IPv6 “subreddit”

• Learn about peering: All About Peering: What It Is, How It’s Done, and Why We Need It
• Understand different transition technologies that can help your network:
  • Four outstanding IPv6 transition videos
  • RFC 6180, “Guidelines for Using IPv6 Transition Mechanisms during IPv6 Deployment“

• Evaluate what will need to be done to enterprise applications for them to work over IPv6:
  • Virtual Private Server(VPS) providers that support IPv6
  • Hosting providers that support IPv6
  • IPv6 for Developers steps on this page

• Understand the potential impact of “Happy Eyeballs” on how people may connect to your service / application: RFC 6555 – Happy Eyeballs

The 2013 RAA requires that registrars be able to accept IPv6 addresses for DNS records. For instance, a registrant may want to enter a “AAAA” record for the IPv6 address of his/her website. The RAA states:

To the extent that Registrar offers registrants the ability to register nameserver addresses, Registrar must allow both IPv4 addresses and IPv6 addresses to be specified.

This may require changes to your web interface to allow the longer IPv6 addresses to be entered.  If you specify which DNS records your users are able to enter, you may need to add “AAAA” as a possible choice.  Other existing records such as NS records will need to also be able to accommodate IPv6 addresses.

Now, allowing IPv6 addresses to be added into DNS zone files will not be all that your users will ask of you. You will also need to publish that information over IPv6 from your authoritative name servers.  This will mean that you will need to have IPv6 connectivity to your name servers.

Visit our resource on DNS Considerations for IPv6 for more detail on this process. For more general information about IPv6 see our list of IPv6 resources.

• Understand what is involved with enabling DNSSEC validation: Whitepaper on DNSSEC validation

To check if your content is available over IPv6 – or to make it accessible over IPv6 – follow these steps:

1. Understand the overall process of making your content available over IPv6
View these resources as a start:

• Making Content Available over IPv6
• RFC 6589 – Transitioning Content to IPv6
• Video: How To IPv6-Enable ANY Website Using A Content Delivery Network (CDN)

2. Find Out If Your Hosting Providers Support IPv6
If your website (or sites) is hosted with a provider, find out if your provider supports IPv6. We have pointers to lists of hosting providers who support IPv6, but your best bet is to start with the contacts you have at your providers. Ask if they will be making your content available over both IPv4 and IPv6. Ideally you are looking for a “dual-stack” server that supports both protocols.

If your hosting provider is?NOT?planning to support IPv6 any time soon, consider?moving to a hosting provider that does support IPv6, or a?Virtual Private Server(VPS) provider that supports IPv6.

Don’t forget about other services you may use, too, such as social networks. Contact them to ask if they will be supporting IPv6. The good news is that both Facebook, Google+ and YouTube were all participants in World IPv6 Launch and started making their sites available over IPv6 as of June 6, 2012.

3. Determine If Your Own Servers Have IPv6 Connectivity
If you host your own website(s), find out whether your Internet Service Provider (ISP) can provide you with IPv6 connectivity. If not, consider what might be involved with switching to an ISP that supports IPv6 – or perhaps bringing in a separate connection. A great place to start is with the list of network operators participating in World IPv6 Launch as they have all committed to providing IPv6 connectivity.

4. Consider Using A Content Delivery Network (CDN) – or Contact Your Existing CDN
A “content delivery network” (CDN) (also called a “content distribution network”) is a service that takes your existing content and makes it available through a global network of distribution servers. The primary reason companies use CDNs is to speed up access to website content because a CDN’s servers can be closer to end users and therefore deliver the content to those users faster. A CDN can also help absorb a greater load of traffic than an individual server.

The cool thing about a CDN is that once your content is in its network, that content can be easily made available over both IPv4 and IPv6 – even if YOUR web servers are IPv4-only!  A CDN can be a very quick way to make your content IPv6-enabled, even if your own infrastructure cannot make the move quickly.

Some of the largest CDNs such as a Akamai and Limelight as well as newer entrants like CloudFlare are all participating in World IPv6 Launch. We’ve started a list of content delivery networks (CDNs) supporting IPv6 and would encourage you to investigate this option. If you are already using a CDN, contact them and find out how soon they will be able to make your content available over IPv6.

5. Update DNS To Point To The IPv6 Address(es) For Your Site
Finally, once you have determined that your website has IPv6 connectivity, you’ll need to update DNS so that it is publishing the IPv6 address(es) for your site(s).

NOTE: If you are using a CDN, you will usually NOT have to do this because the CDN takes care of handling all of your DNS entries for you.

What you need to do is to update DNS with “AAAA” record(s) pointing to your IPv6 address(es). For example, if your web server is at the address “www.example.com” and has the IPv6 address “2001:db8:1234:3f4c:51::234“, you need to create an AAAA record with this information. (Tip: If you are speaking with your IT team or provider about these DNS records, they will sometimes call them “quad-A” records.)

For more information on DNS for IPv6 visit our resource on DNS Considerations for IPv6.

5. Celebrate!
Congrats! You’ve done it – your content is now available to all of those people who are connecting to the Internet using IPv6.

1. Understand the basics of DNSSEC

If you would like to understand more of the basics of DNSSEC, we suggest starting with this video (and this video interview) and also visiting DNSSEC basics page.

2. Learn how to deploy DNSSEC-validating DNS resolvers

To assist in the development of DNSSEC in your products, it would be good to deploy “DNSSEC-validating DNS resolvers” that allow users on your network to be able to have their DNS queries validated with DNSSEC.  This whitepaper is a great place to start:

• Deploying DNS: Validation on recursive caching name servers

3. Determine what tools may be out there to help automate your usage of DNSSEC.

• Our list of DNSSEC tools

4. Sign your own domains:

• How to sign your domain using DNS registrars

5. Build the case for management about your deployment of DNSSEC:

• Find recent DNSSEC statistics
• Explore DNSSEC case studies

6. Keep up-to-date on the latest DNSSEC news and activities:

• DNSSEC-related blog posts
• Join DNSSEC communities: there are many places on the Internet where members of the “DNSSEC community” gather to discuss DNSSEC, ask and answer questions and share new tools/services/questions. With new discussion areas appearing on new social services all the time, here are the public places we are currently aware of:
  • Email Discussion Lists:
    • dnssec-coord – a list for people interested in promoting DNSSEC (advocacy/marketing/evangelism)
    • JANET DNSSEC-DISCUSS – a list for members for the UK academic community
    • dns-operations – a public forum for discussing DNS operational issues, of which DNSSEC is one of the many topics discussed.
    • DNSSEC Tools Project “users” – a list for discussion of users of the tools associated with the DNSSEC Tools Project
    • dns-esp – a Spanish-language DNS operations list
  • IETF Working Groups: within the Internet Engineering Task Force (IETF), DNSSEC-related issues and standards are developed and discussed in several different working groups, including:
    • DNSOP – Domain Name System Operations
    • DNSEXT – DNS Extensions
    • DANE – DNS-based Authentication of Named Entities (see our resource page about DANE)
  • LinkedIn Groups:
    • DNSSEC
    • DNSSEC Enthusiasts
  • Twitter: the #DNSSEC hashtag is commonly used for DNSSEC-related tweets.
  • Reddit: DNS security issues are discussed in the “DNS” subreddit
  • Email Discussion Lists:
    • dnssec-coord – a list for people interested in promoting DNSSEC (advocacy/marketing/evangelism)
    • JANET DNSSEC-DISCUSS – a list for members for the UK academic community
    • dns-operations – a public forum for discussing DNS operational issues, of which DNSSEC is one of the many topics discussed.
    • DNSSEC Tools Project “users” – a list for discussion of users of the tools associated with the DNSSEC Tools Project
    • dns-esp – a Spanish-language DNS operations list
  • IETF Working Groups: within the Internet Engineering Task Force (IETF), DNSSEC-related issues and standards are developed and discussed in several different working groups, including:
    • DNSOP – Domain Name System Operations
    • DNSEXT – DNS Extensions
    • DANE – DNS-based Authentication of Named Entities (see our resource page about DANE)
  • LinkedIn Groups:
    • DNSSEC
    • DNSSEC Enthusiasts
  • Twitter: the #DNSSEC hashtag is commonly used for DNSSEC-related tweets.
  • Reddit: DNS security issues are discussed in the “DNS” subreddit

• Understand what developer libraries are out there that support DNSSEC: List of developer libraries supporting DNSSEC
• Explore how you could use DANE to provide an extra layer of trust and protection to TLS/SSL certificates: DANE information

• Understand what developer libraries are out there that support DNSSEC: List of developer libraries supporting DNSSEC
• Explore how you could use DANE to provide an extra layer of trust and protection to TLS/SSL certificates: DANE information

The DNS Security Extensions (DNSSEC) provide a method to ensure that an attacker cannot intercept a DNS query and provide back to a user false data that might, for instance, redirect a user to a different website.  You can learn the basics by viewing a 4-minute animated video.

Domain name registrars play a critical role in DNSSEC by accepting DNSSEC records (either a “DS” or “DNSKEY” record) from a registrant and relaying those securely to the registry for the top-level domain.  As noted in the 2013 RAA:

Registrar must allow its customers to use DNSSEC upon request by relaying orders to add, remove or change public key material (e.g., DNSKEY or DS resource records) on behalf of customers to the Registries that support DNSSEC. Such requests shall be accepted and processed in a secure manner and according to industry best practices. Registrars shall accept any public key algorithm and digest type that is supported by the TLD of interest and appears in the registries posted at: and . All such requests shall be transmitted to registries using the EPP extensions specified in RFC 5910 or its successors.

Registrars will need to provide some mechanism such as a web interface that allows a registrant to enter this data.  This could merely be an extension of your existing user interface or a new page or tab for the DNSSEC information.  As noted, you will also need to be able to transmit the DNSSEC information to a TLD registry using EPP.

As examples, we have several tutorials about DNSSEC support at a few registrars. ICANN also maintains a list of registrars supporting DNSSEC where you can get a sense of what other registrars are doing and perhaps explore their sites for more information.

• Understand the basics of naming and numbering in the Internet. To get started, you may want to view our “IANA Explained” document.
• Explore “DNSSEC Practice and Policy Statements” (DPS) that define the signing process for major top-level domains (TLDs).

• Determine if your top-level domain (TLD) supports DNSSEC: If your domain ends in one of the common domains such as .COM, .NET, .ORG, .EDU, etc., those zones as well as many country code TLDs (ccTLDs) have all been signed with DNSSEC. To check if your TLD has been signed, you can visit ICANN’s list of signed TLDs.  If your TLD has not been signed, you can still sign your own domain but you cannot link it in to the global “chain of trust” that gives DNSSEC its power.
• Consider adding a widget to your site to help promote DNSSEC

Learn about peering over IPv6: IPv6 Peering and Transit