[AusNOG] IPv6 and DNS

Stephen Welker stephen.welker at nemostar.com.au
Tue Aug 26 14:55:17 AEST 2025 

Exploring from an email deliverability perspective, using 
online.telstra.com.au as an example - important for billing purposes.

On 18/8/2025 11:35, Mark Andrews wrote:
> The IETF is currently updating the requirements for IPv6 support with respect
> to the DNS (https://datatracker.ietf.org/doc/draft-ietf-dnsop-3901bis/04/).
> 
> Basically the new requirements are that every zone is required to have both
> an IPv4 and and IPv6 servers to be compliant.  RFC 3901 only required IPv4
> servers.  It all points out some common configuration errors that happen
> when trying to do this like missing glue, delegation NS records only being
> in one family, etc.
> 
> I happened to be looking at the nameservers for optusnet.com.au because they
> where not accepting TCP queries as is required by RFC 7766 and noticed that
> this zone provides a perfect example of the things that can go wrong if you
> don’t take care.  The zone has nameservers that support both IPv4 and IPv6 but
> the delegating nameservers only support IPv4.  The Akamai servers are all dual
> stacked.  This could fixed by adding the Akamai servers to the delegation.
> This would also remove the single point of failure at the DNS level where all
> the servers are behind the same AS.  The Akamai servers also accept TCP connections
> so the zone would be resolvable if the clients needs to protect itself from
> spoofing attacks as ns1.optusnet.com.au and ns2.optusnet.com.au don’t have DNS
> COOKIE enabled.
> 
> This was not to pick on Optus.  I’m sure I could find other .AU zones that are
> equally poorly managed.

When receiving email our mail servers check for a valid return path 
(MAIL FROM) - the sending servers must have MX and IP address (at least 
for bounce messages).

For online.telstra.com.au (hosted via/at outlook.com) they have IPv4 
stack implemented fully, IPv6 is not fully implemented, thus when email 
is received via IPv6 it is rejected for not having IPv6 IPs.

If you are experiencing poor email delivery have a look at IPv6 
delegation, MX, and IPv6 settings.

-- 
regards,
Stephen Welker.

More information about the AusNOG mailing list