<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 3.4.9) -->
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-ietf-v6ops-aaaa-filtering-01" category="info" consensus="true" submissionType="IETF" tocInclude="true" sortRefs="true" symRefs="true" version="3">
  <!-- xml2rfc v2v3 conversion 3.34.0 -->
  <front>
    <title abbrev="AAAA filtering considerations">A recommendation for filtering address records in stub resolvers</title>
    <seriesInfo name="Internet-Draft" value="draft-ietf-v6ops-aaaa-filtering-01"/>
    <author fullname="Ondřej Caletka">
      <organization>RIPE NCC</organization>
      <address>
        <email>ondrej@caletka.cz</email>
      </address>
    </author>
    <date year="2026" month="July" day="03"/>
    <area>OPS</area>
    <workgroup>IPv6 operations</workgroup>
    <keyword>IPv6</keyword>
    <keyword>DNS</keyword>
    <keyword>Address records</keyword>
    <abstract>
      <?line 68?>

<t>Since IPv4 and IPv6 addresses are represented by different resource records in
the Domain Name System, operating systems capable of running both IPv4 and IPv6 need to execute
two queries when resolving a host name. This document discusses the conditions under
which a stub resolver can optimize the process by not sending one of the
queries if the host is connected to a single-stack network.</t>
    </abstract>
    <note removeInRFC="true">
      <name>About This Document</name>
      <t>
        The latest revision of this draft can be found at <eref target="https://oskar456.github.io/ietf-aaaa-filtering/draft-ietf-v6ops-aaaa-filtering.html"/>.
        Status information for this document may be found at <eref target="https://datatracker.ietf.org/doc/draft-ietf-v6ops-aaaa-filtering/"/>.
      </t>
      <t>
        Discussion of this document takes place on the
        v6ops Working Group mailing list (<eref target="mailto:v6ops@ietf.org"/>),
        which is archived at <eref target="https://mailarchive.ietf.org/arch/browse/v6ops/"/>.
        Subscribe at <eref target="https://www.ietf.org/mailman/listinfo/v6ops/"/>.
      </t>
      <t>Source for this draft and an issue tracker can be found at
        <eref target="https://github.com/oskar456/ietf-aaaa-filtering"/>.</t>
    </note>
  </front>
  <middle>
    <?line 76?>

<section anchor="introduction">
      <name>Introduction</name>
      <t>Most operating systems support both the IPv6 and the IPv4 networking stack. When such a
host is connected to a dual-stack network, whenever a process requests
resolution of a DNS name, two DNS queries need to be issued - one for an A
record representing an IPv4 address, and one for a AAAA record representing an IPv6
address. The results of such queries are then merged and ordered based on
<xref target="RFC6724"/> or used as input for the Happy Eyeballs algorithm <xref target="RFC8305"/>.</t>
      <t>When such a host is connected to a single-stack network, only one DNS query
needs to be performed: there is no reason for querying for a AAAA record if the
host has no IPv6 connectivity. Similarly if the host does not have any IPv4
connectivity, neither native nor provided by some other mechanism like NAT64
<xref target="RFC6146"/>,
querying for an A record is useless. Such an optimization however has to consider
any possible means of obtaining connectivity for a particular address family,
including but not limited to IPv6 Transition Mechanisms or VPNs.</t>
      <t>Please note that Multicast DNS <xref target="RFC6762"/> or similar link-local name resolution
protocols are not considered in scope of this document.</t>
    </section>
    <section anchor="conventions-and-definitions">
      <name>Conventions and Definitions</name>
      <t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as
described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they
appear in all capitals, as shown here.</t>
      <?line -18?>

</section>
    <section anchor="problem-statement">
      <name>Problem statement</name>
      <t>Traditional DNS resolution uses UDP messages, capable of carrying only either A
query and response containing IPv4 addresses or AAAA query and response
containing IPv6 addresses. A simple dual-stack capable host has to wait until
both queries are finished before it can sort the results and start establishing
the connection.</t>
      <t>If the network suffers from packet loss, or the DNS server drops queries for
unknown resource record types, finishing these two DNS queries can cause delays
noticeable by users. Not resolving addresses for the address family the host is
not connected to can thus mitigate impact of slow DNS resolution without
compromising functionality.</t>
      <t>Combining A and AAAA queries into a single DNS query
<xref target="I-D.ietf-dnssd-multi-qtypes"/> mitigates the issue as well, however this depends
on particular resolver supporting this feature.</t>
      <t>Another approach mitigating this issue is the Happy Eyeballs algorithm version 2
or newer <xref target="RFC8305"/> which utilizes asynchronous DNS queries and asynchronous
connection attempts. Platforms utilizing Happy Eyeballs can therefore let the
algorithm query both A and AAAA records all the time without any impact on the
user experience.</t>
    </section>
    <section anchor="connectivity-detection-algorithms">
      <name>Connectivity detection algorithms</name>
      <t>Whenever an application asks the stub resolver to resolve a domain name without
specifying the address family, the stub resolver follows one of the algorithms
specified below:</t>
      <section anchor="routing-table-based-algorithm">
        <name>Routing table based algorithm</name>
        <t>This algorithm assumes that the host has connectivity of particular address
family if there is at least one route to a destination that is not in Link-Local
address space. If there are only routes for destinations in the Link-Local
address space, the host is not able to send any packets towards any destination
address that could be possibly obtained from the DNS. Therefore, sending an
address query for that particular address family is unnecessary.</t>
        <t>For each address family supported by the operating system:</t>
        <ol spacing="normal" type="1"><li>
            <t>Read the routing table of the address family;</t>
          </li>
          <li>
            <t>Remove all the routes towards Link-Local destinations from the routing table, ie.:
            </t>
            <ul spacing="normal">
              <li>
                <t>remove routes towards addresses from Section 2.5.6 of <xref target="RFC4291"/> from the IPv6 routing table</t>
              </li>
              <li>
                <t>remove routes towards addresses from <xref target="RFC3927"/> from the IPv4 routing table</t>
              </li>
            </ul>
          </li>
          <li>
            <t>If the routing table is not empty, send the corresponding name query to the DNS:
            </t>
            <ul spacing="normal">
              <li>
                <t>AAAA query for IPv6</t>
              </li>
              <li>
                <t>A query for IPv4</t>
              </li>
            </ul>
          </li>
        </ol>
      </section>
      <section anchor="ip-address-based-algorithm">
        <name>IP address based algorithm</name>
        <t>As an alternative to analyzing the routing tables, the stub resolver might
choose to determine the connectivity by looking at the addresses configured on
all network interfaces. This is similar to an application using the flag
<tt>AI_ADDRCONFIG</tt> when interacting with the stub resolver using <tt>getaddrinfo()</tt>
function <xref target="GAI"/>.</t>
        <t>For each address family supported by the operating system:</t>
        <ol spacing="normal" type="1"><li>
            <t>Collect all addresses configured on all interfaces</t>
          </li>
          <li>
            <t>Remove all Link-Local addresses from the list, ie.:
            </t>
            <ul spacing="normal">
              <li>
                <t>remove addresses from Section 2.5.6 of <xref target="RFC4291"/> from the list of IPv6 addresses</t>
              </li>
              <li>
                <t>remove addresses from <xref target="RFC3927"/> from the list of IPv4 addresses</t>
              </li>
            </ul>
          </li>
          <li>
            <t>If the list of addresses is not empty, send the corresponding name query to the DNS:
            </t>
            <ul spacing="normal">
              <li>
                <t>AAAA query for IPv6</t>
              </li>
              <li>
                <t>A query for IPv4</t>
              </li>
            </ul>
          </li>
        </ol>
      </section>
    </section>
    <section anchor="connectivity-detection-considerations">
      <name>Connectivity detection considerations</name>
      <t>When detecting the connectivity presence, it is necessary to consider ANY routes
towards non Link-Local address space and/or IP addresses on ALL interfaces and
not just the default route and/or just the default network interface. The
implementations <bcp14>SHOULD NOT</bcp14> try to determine connectivity by hardcoding a
particular publicly reachable IP address <xref target="CHROME"/>.</t>
      <t>Improper detection can cause issues for:</t>
      <ul spacing="normal">
        <li>
          <t>private networks without reachability to the Internet</t>
        </li>
        <li>
          <t>VPN tunnels using different address family than the native address
family of the host, providing possibly only a limited subset of routes
(split-mode VPN)</t>
        </li>
      </ul>
      <section anchor="ipv4-connectivity-provided-by-nat64">
        <name>IPv4 connectivity provided by NAT64</name>
        <t>Even if the host has no routes towards IPv4 address space and/or no IPv4
addresses on interfaces, it can still have IPv4 connectivity provided by some
transition mechanism. In case of NAT64 <xref target="RFC6146"/>, this leads to three possible
scenarios:</t>
        <ol spacing="normal" type="1"><li>
            <t>464XLAT <xref target="RFC6877"/> is used. In this case the host has a default route
towards the CLAT translator, so the A queries are not suppressed. This
would be also the case for any other transition mechanism providing IPv4 as
a service over IPv6 bearer.</t>
          </li>
          <li>
            <t>Only DNS64 <xref target="RFC6147"/> is used. In this case, it is correct not to do A
queries because the host cannot send any native IPv4 packets.</t>
          </li>
          <li>
            <t>The host supports converting IPv4 API calls into IPv6 API calls similarly
to Bump-in-the-Host <xref target="RFC6535"/> API translator alternative. In this case,
such a translator can utilize A queries even if the host cannot send any
native IPv4 packets. Therefore such an API translator or a high level
library like <xref target="I-D.ietf-happy-happyeyeballs-v3"/> <bcp14>SHOULD NOT</bcp14> suppress A
queries if it is aware of the presence of NAT64 in the network.</t>
          </li>
        </ol>
      </section>
    </section>
    <section anchor="filtering-dns-results">
      <name>Filtering DNS results</name>
      <t>If the host does not have full connectivity for both address families (there
are no default gateways for both IPv4 and IPv6), it is possible that the IP(v6)
address obtained from the DNS falls into the address space not covered by any
route. This should not be problem for a properly written application, since
<xref target="RFC6724"/> requires applications to try connecting to all addresses received from
the stub resolver.</t>
      <t>However, in order to minimize the impact on poorly designed applications, the stub
resolver <bcp14>MAY</bcp14> remove addresses not covered by an entry in the routing table from
the list of DNS query results sent to the application.</t>
      <section anchor="filtering-ipv4-mapped-addresses">
        <name>Filtering IPv4-mapped addresses</name>
        <t>As an extension to the filtering of DNS results, the stub resolver <bcp14>MAY</bcp14> also
remove IPv4-mapped IPv6 addresses (Section 2.5.5.2 of <xref target="RFC4291"/>) from the list of DNS
query results sent to the application.</t>
        <t>IPv4-mapped IPv6 addresses are not valid destination addresses <xref target="IANA"/>,
therefore they should never appear in AAAA records. Sending IPv4-mapped IPv6
address to the application might cause address family confusion for applications
using IPv4 compatibility of IPv6 sockets <xref target="RFC3493"/>.</t>
      </section>
    </section>
    <section anchor="effects-of-not-doing-address-record-filtering">
      <name>Effects of not doing address record filtering</name>
      <t>The optimization described above is <bcp14>OPTIONAL</bcp14>. A stub resolver of a dual-stack
capable host can always issue both A and AAAA queries to the DNS, merge and
order the results and send them to the application even if it has only
single-stack connectivity. Sending packets to a destination not covered by an
entry in the routing table will be immediately refused, so a properly written
application will quickly iterate through the list of addresses and finally
select the one using the same address family as the connectivity of the host.</t>
      <t>However, it should be noted that such behavior is not only less robust against
DNS resolution delays but also increases load on the DNS system.  If such an
optimization is removed (for instance by a software update) on a large
single-stack network, this might overload parts of the DNS infrastructure, since
the number of queries will double.</t>
    </section>
    <section anchor="security-considerations">
      <name>Security Considerations</name>
      <t>Reducing the number of queries allows an attacker observing the DNS traffic to
figure out which address families the host uses.</t>
      <t>Suddenly disabling the optimization can overload parts of the DNS
infrastructure due to doubling the number of queries.</t>
    </section>
    <section anchor="iana-considerations">
      <name>IANA Considerations</name>
      <t>This document has no IANA actions.</t>
    </section>
  </middle>
  <back>
    <references anchor="sec-combined-references">
      <name>References</name>
      <references anchor="sec-normative-references">
        <name>Normative References</name>
        <reference anchor="RFC3493">
          <front>
            <title>Basic Socket Interface Extensions for IPv6</title>
            <author fullname="R. Gilligan" initials="R." surname="Gilligan"/>
            <author fullname="S. Thomson" initials="S." surname="Thomson"/>
            <author fullname="J. Bound" initials="J." surname="Bound"/>
            <author fullname="J. McCann" initials="J." surname="McCann"/>
            <author fullname="W. Stevens" initials="W." surname="Stevens"/>
            <date month="March" year="2003"/>
            <abstract>
              <t>The de facto standard Application Program Interface (API) for TCP/IP applications is the "sockets" interface. Although this API was developed for Unix in the early 1980s it has also been implemented on a wide variety of non-Unix systems. TCP/IP applications written using the sockets API have in the past enjoyed a high degree of portability and we would like the same portability with IPv6 applications. But changes are required to the sockets API to support IPv6 and this memo describes these changes. These include a new socket address structure to carry IPv6 addresses, new address conversion functions, and some new socket options. These extensions are designed to provide access to the basic IPv6 features required by TCP and UDP applications, including multicasting, while introducing a minimum of change into the system and providing complete compatibility for existing IPv4 applications. Additional extensions for advanced IPv6 features (raw sockets and access to the IPv6 extension headers) are defined in another document. This memo provides information for the Internet community.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="3493"/>
          <seriesInfo name="DOI" value="10.17487/RFC3493"/>
        </reference>
        <reference anchor="RFC3927">
          <front>
            <title>Dynamic Configuration of IPv4 Link-Local Addresses</title>
            <author fullname="S. Cheshire" initials="S." surname="Cheshire"/>
            <author fullname="B. Aboba" initials="B." surname="Aboba"/>
            <author fullname="E. Guttman" initials="E." surname="Guttman"/>
            <date month="May" year="2005"/>
            <abstract>
              <t>To participate in wide-area IP networking, a host needs to be configured with IP addresses for its interfaces, either manually by the user or automatically from a source on the network such as a Dynamic Host Configuration Protocol (DHCP) server. Unfortunately, such address configuration information may not always be available. It is therefore beneficial for a host to be able to depend on a useful subset of IP networking functions even when no address configuration is available. This document describes how a host may automatically configure an interface with an IPv4 address within the 169.254/16 prefix that is valid for communication with other devices connected to the same physical (or logical) link.</t>
              <t>IPv4 Link-Local addresses are not suitable for communication with devices not directly connected to the same physical (or logical) link, and are only used where stable, routable addresses are not available (such as on ad hoc or isolated networks). This document does not recommend that IPv4 Link-Local addresses and routable addresses be configured simultaneously on the same interface. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="3927"/>
          <seriesInfo name="DOI" value="10.17487/RFC3927"/>
        </reference>
        <reference anchor="RFC4291">
          <front>
            <title>IP Version 6 Addressing Architecture</title>
            <author fullname="R. Hinden" initials="R." surname="Hinden"/>
            <author fullname="S. Deering" initials="S." surname="Deering"/>
            <date month="February" year="2006"/>
            <abstract>
              <t>This specification defines the addressing architecture of the IP Version 6 (IPv6) protocol. The document includes the IPv6 addressing model, text representations of IPv6 addresses, definition of IPv6 unicast addresses, anycast addresses, and multicast addresses, and an IPv6 node's required addresses.</t>
              <t>This document obsoletes RFC 3513, "IP Version 6 Addressing Architecture". [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="4291"/>
          <seriesInfo name="DOI" value="10.17487/RFC4291"/>
        </reference>
        <reference anchor="RFC6724">
          <front>
            <title>Default Address Selection for Internet Protocol Version 6 (IPv6)</title>
            <author fullname="D. Thaler" initials="D." role="editor" surname="Thaler"/>
            <author fullname="R. Draves" initials="R." surname="Draves"/>
            <author fullname="A. Matsumoto" initials="A." surname="Matsumoto"/>
            <author fullname="T. Chown" initials="T." surname="Chown"/>
            <date month="September" year="2012"/>
            <abstract>
              <t>This document describes two algorithms, one for source address selection and one for destination address selection. The algorithms specify default behavior for all Internet Protocol version 6 (IPv6) implementations. They do not override choices made by applications or upper-layer protocols, nor do they preclude the development of more advanced mechanisms for address selection. The two algorithms share a common context, including an optional mechanism for allowing administrators to provide policy that can override the default behavior. In dual-stack implementations, the destination address selection algorithm can consider both IPv4 and IPv6 addresses -- depending on the available source addresses, the algorithm might prefer IPv6 addresses over IPv4 addresses, or vice versa.</t>
              <t>Default address selection as defined in this specification applies to all IPv6 nodes, including both hosts and routers. This document obsoletes RFC 3484. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="6724"/>
          <seriesInfo name="DOI" value="10.17487/RFC6724"/>
        </reference>
        <reference anchor="RFC6762">
          <front>
            <title>Multicast DNS</title>
            <author fullname="S. Cheshire" initials="S." surname="Cheshire"/>
            <author fullname="M. Krochmal" initials="M." surname="Krochmal"/>
            <date month="February" year="2013"/>
            <abstract>
              <t>As networked devices become smaller, more portable, and more ubiquitous, the ability to operate with less configured infrastructure is increasingly important. In particular, the ability to look up DNS resource record data types (including, but not limited to, host names) in the absence of a conventional managed DNS server is useful.</t>
              <t>Multicast DNS (mDNS) provides the ability to perform DNS-like operations on the local link in the absence of any conventional Unicast DNS server. In addition, Multicast DNS designates a portion of the DNS namespace to be free for local use, without the need to pay any annual fee, and without the need to set up delegations or otherwise configure a conventional DNS server to answer for those names.</t>
              <t>The primary benefits of Multicast DNS names are that (i) they require little or no administration or configuration to set them up, (ii) they work when no infrastructure is present, and (iii) they work during infrastructure failures.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="6762"/>
          <seriesInfo name="DOI" value="10.17487/RFC6762"/>
        </reference>
        <reference anchor="RFC8305">
          <front>
            <title>Happy Eyeballs Version 2: Better Connectivity Using Concurrency</title>
            <author fullname="D. Schinazi" initials="D." surname="Schinazi"/>
            <author fullname="T. Pauly" initials="T." surname="Pauly"/>
            <date month="December" year="2017"/>
            <abstract>
              <t>Many communication protocols operating over the modern Internet use hostnames. These often resolve to multiple IP addresses, each of which may have different performance and connectivity characteristics. Since specific addresses or address families (IPv4 or IPv6) may be blocked, broken, or sub-optimal on a network, clients that attempt multiple connections in parallel have a chance of establishing a connection more quickly. This document specifies requirements for algorithms that reduce this user-visible delay and provides an example algorithm, referred to as "Happy Eyeballs". This document obsoletes the original algorithm description in RFC 6555.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8305"/>
          <seriesInfo name="DOI" value="10.17487/RFC8305"/>
        </reference>
        <reference anchor="RFC2119">
          <front>
            <title>Key words for use in RFCs to Indicate Requirement Levels</title>
            <author fullname="S. Bradner" initials="S." surname="Bradner"/>
            <date month="March" year="1997"/>
            <abstract>
              <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="2119"/>
          <seriesInfo name="DOI" value="10.17487/RFC2119"/>
        </reference>
        <reference anchor="RFC8174">
          <front>
            <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
            <author fullname="B. Leiba" initials="B." surname="Leiba"/>
            <date month="May" year="2017"/>
            <abstract>
              <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="8174"/>
          <seriesInfo name="DOI" value="10.17487/RFC8174"/>
        </reference>
      </references>
      <references anchor="sec-informative-references">
        <name>Informative References</name>
        <reference anchor="IANA" target="https://www.iana.org/assignments/iana-ipv6-special-registry">
          <front>
            <title>IANA IPv6 Special-Purpose Address Registry</title>
            <author>
              <organization/>
            </author>
            <date>n.d.</date>
          </front>
        </reference>
        <reference anchor="GAI" target="https://pubs.opengroup.org/onlinepubs/9799919799/functions/freeaddrinfo.html">
          <front>
            <title>freeaddrinfo, getaddrinfo - The Open Group Base Specifications Issue 8, IEEE Std 1003.1-2024</title>
            <author>
              <organization/>
            </author>
            <date>n.d.</date>
          </front>
        </reference>
        <reference anchor="CHROME" target="https://chromium.googlesource.com/chromium/src/+/0de3ceea881115dd18e79e1d9ea4e090c655996b/net/dns/README.md#IPv6-and-connectivity">
          <front>
            <title>Chrome Host Resolution - IPv6 and connectivity</title>
            <author>
              <organization/>
            </author>
            <date>n.d.</date>
          </front>
        </reference>
        <reference anchor="RFC6146">
          <front>
            <title>Stateful NAT64: Network Address and Protocol Translation from IPv6 Clients to IPv4 Servers</title>
            <author fullname="M. Bagnulo" initials="M." surname="Bagnulo"/>
            <author fullname="P. Matthews" initials="P." surname="Matthews"/>
            <author fullname="I. van Beijnum" initials="I." surname="van Beijnum"/>
            <date month="April" year="2011"/>
            <abstract>
              <t>This document describes stateful NAT64 translation, which allows IPv6-only clients to contact IPv4 servers using unicast UDP, TCP, or ICMP. One or more public IPv4 addresses assigned to a NAT64 translator are shared among several IPv6-only clients. When stateful NAT64 is used in conjunction with DNS64, no changes are usually required in the IPv6 client or the IPv4 server.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="6146"/>
          <seriesInfo name="DOI" value="10.17487/RFC6146"/>
        </reference>
        <reference anchor="RFC6147">
          <front>
            <title>DNS64: DNS Extensions for Network Address Translation from IPv6 Clients to IPv4 Servers</title>
            <author fullname="M. Bagnulo" initials="M." surname="Bagnulo"/>
            <author fullname="A. Sullivan" initials="A." surname="Sullivan"/>
            <author fullname="P. Matthews" initials="P." surname="Matthews"/>
            <author fullname="I. van Beijnum" initials="I." surname="van Beijnum"/>
            <date month="April" year="2011"/>
            <abstract>
              <t>DNS64 is a mechanism for synthesizing AAAA records from A records. DNS64 is used with an IPv6/IPv4 translator to enable client-server communication between an IPv6-only client and an IPv4-only server, without requiring any changes to either the IPv6 or the IPv4 node, for the class of applications that work through NATs. This document specifies DNS64, and provides suggestions on how it should be deployed in conjunction with IPv6/IPv4 translators. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="6147"/>
          <seriesInfo name="DOI" value="10.17487/RFC6147"/>
        </reference>
        <reference anchor="RFC6535">
          <front>
            <title>Dual-Stack Hosts Using "Bump-in-the-Host" (BIH)</title>
            <author fullname="B. Huang" initials="B." surname="Huang"/>
            <author fullname="H. Deng" initials="H." surname="Deng"/>
            <author fullname="T. Savolainen" initials="T." surname="Savolainen"/>
            <date month="February" year="2012"/>
            <abstract>
              <t>Bump-in-the-Host (BIH) is a host-based IPv4 to IPv6 protocol translation mechanism that allows a class of IPv4-only applications that work through NATs to communicate with IPv6-only peers. The host on which applications are running may be connected to IPv6-only or dual-stack access networks. BIH hides IPv6 and makes the IPv4-only applications think they are talking with IPv4 peers by local synthesis of IPv4 addresses. This document obsoletes RFC 2767 and RFC 3338. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="6535"/>
          <seriesInfo name="DOI" value="10.17487/RFC6535"/>
        </reference>
        <reference anchor="RFC6877">
          <front>
            <title>464XLAT: Combination of Stateful and Stateless Translation</title>
            <author fullname="M. Mawatari" initials="M." surname="Mawatari"/>
            <author fullname="M. Kawashima" initials="M." surname="Kawashima"/>
            <author fullname="C. Byrne" initials="C." surname="Byrne"/>
            <date month="April" year="2013"/>
            <abstract>
              <t>This document describes an architecture (464XLAT) for providing limited IPv4 connectivity across an IPv6-only network by combining existing and well-known stateful protocol translation (as described in RFC 6146) in the core and stateless protocol translation (as described in RFC 6145) at the edge. 464XLAT is a simple and scalable technique to quickly deploy limited IPv4 access service to IPv6-only edge networks without encapsulation.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="6877"/>
          <seriesInfo name="DOI" value="10.17487/RFC6877"/>
        </reference>
        <reference anchor="I-D.ietf-happy-happyeyeballs-v3">
          <front>
            <title>Happy Eyeballs Version 3: Better Connectivity Using Concurrency</title>
            <author fullname="Tommy Pauly" initials="T." surname="Pauly">
              <organization>Apple Inc</organization>
            </author>
            <author fullname="David Schinazi" initials="D." surname="Schinazi">
              <organization>Google LLC</organization>
            </author>
            <author fullname="Nidhi Jaju" initials="N." surname="Jaju">
              <organization>Google LLC</organization>
            </author>
            <author fullname="Kenichi Ishibashi" initials="K." surname="Ishibashi">
              <organization>Google LLC</organization>
            </author>
            <date day="1" month="July" year="2026"/>
            <abstract>
              <t>   Many communication protocols operating over the modern Internet use
   hostnames.  These often resolve to multiple IP addresses, each of
   which may have different performance and connectivity
   characteristics.  Since specific addresses or address families (IPv4
   or IPv6) may be blocked, broken, or sub-optimal on a network, clients
   that attempt multiple connections in parallel have a chance of
   establishing a connection more quickly.  This document defines the
   algorithm for "Happy Eyeballs", a technique for reducing user-visible
   delays on dual-stack hosts.  This document updates the algorithm in
   RFC 8305.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-happy-happyeyeballs-v3-04"/>
        </reference>
        <reference anchor="I-D.ietf-dnssd-multi-qtypes">
          <front>
            <title>DNS Multiple QTYPEs</title>
            <author fullname="Ray Bellis" initials="R." surname="Bellis">
              <organization>Internet Systems Consortium, Inc.</organization>
            </author>
            <date day="27" month="February" year="2026"/>
            <abstract>
              <t>   This document specifies a method for a DNS client to request
   additional DNS record types to be delivered alongside the primary
   record type specified in the question section of a DNS QUERY
   (OpCode=0).

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-dnssd-multi-qtypes-14"/>
        </reference>
      </references>
    </references>
    <?line 279?>

<section numbered="false" anchor="acknowledgments">
      <name>Acknowledgments</name>
      <t>The author would like to thank these people for feedback and comments:
Massimiliano Stucchi, Nick Buraglio, Jen Linkova, Gert Doering, Philip Homburg,
Lorenzo Colitti</t>
    </section>
  </back>
  <!-- ##markdown-source:
H4sIAAAAAAAAA71a23IbOZJ9x1dg5Re7hxdLomSLOze2JNvcsC4rqWfGoVBs
g1UgWa1igVNAkU139Ifs237LRsx/zckE6kZSnp2NjXV0tMgiLom8nDyZqG63
K17JVbIYSrvUaZqqbPY7nYlXr17h+ThzOs+0617kaurklcqfY7PO5INeLFPl
tKBBD/PESheeyMJqK59ztaCB3XwaDeXcuaUd9vuzxM2LSS8yi36kJqbfHIV1
vphCRiqTucZKkZZurqXOXJJrOU1SLZOp3GDIMtdTnUsl42SKDxghpyZfKNfD
GudzyO+n8hz9s9OZTUwmnZEYE839bzxBvu79vEjpi/zL1eeO1C7q9Xpv6FA4
vUtcqofyYASBIPJCZ7FytBKNx+LQTJLNpIrjXFvLg/LYyiST1hUTfLcmXenc
Hgg1meR6RUvhX2NqZCBarHNeFuMi6G9m8s0Qi0yNELGJMrWADDFpv5toN+2u
Ts3SdhX+dauFum8PhS0mi8TSSd1miSnjy4cPUr6SKrUGOydZrJc4AbR10JEH
Ok6cyROV0pfx6Hv8waEOxncPHw5EViwmOh8KHFcPBQkJFRZ2KF1eaIFzHAuV
azWUN7f3Ym3y51luiiW2vF2dSrMszyOe9Qa/xkMhu/wb/b24vqc/o7bSxEpn
BfaSMizFp8RXf5Y/Yw/S10f6EU8XKknDmD+SUnomn+GxyqN57Ww0iJ4kK90r
B/XpQX+Sm7XVfZ7fpz3ZLYfS2GeVD05O+6zotooxjLzbunqDcngvuHVi9k3s
/wPb9eZukQqhCjc3OakKO0k5LdLUm/4mi//2n/onea5S7Z4V/4qTqCz5ymoe
yrvx7aW8Pj/nn7TXjcmg35/+GPlJveirEBm7PLRBar77cH48ODsuP54dvQsf
B0dnh+Hj6bujQfXx9Ch8fH/89mQoBDloY73x6Ho0ZAGcyme6oaX1et1LVKa8
+uGgswyR5GyfHnaT5eq0C9yJ4IrdXM8S6/KNX8dHHy3sHes+jLot8qWxunKh
u3rWx9F4vxDLYmJ78MyM3YtFMVmaZJp+6J+9Ozs7O6T/96dFFrHz9qe51hTa
dFBvo4ZUzR87EluVX+DaD4CXG2zlvVV+ryAryz5NIh8YcmxtoeX7DoL08lLe
u1gevn173DvsHr09GmCf8093N1eX+48SzXOzSIpFb2bMLAXGFHmkPaSGX/o2
j/q/6b+N9XEEMd+/Pzw8PInjw/f63Zk+jM+0Gui3Z2+j05OTs7PTSR/w3o9x
4rvL0cXVZW8RvyJ9d1UWdxH7mYZCVolrWeWcttLyk7EO+gfOFQyMPswlZsqt
meRDh4PTYfWx9LfTk+OT8uP7d/x03L3ggO3O1XK58f/XGz1RaWq7q+PWEMht
4+6iSF3S/SuBhYVvAsOF6Ha7Uk3gGCpyQtwnGRIKpBuwdF5M70DIVkAzSjr4
Bs/UsZxsGrklDzpuALygFHJhEGqZvEaUyvuNRf7rlOAHqLL8xCKfLdUEechM
ZV5kGf00MW6+JUqmsSsSlP5ZRwWyqlsb+dcC+ADh1nOdhWTC6UbOSesEDj2f
eZElCgopyGyjgg9E8sECAHn2twK4n4v1PEH2U+3sxAnXLF2ySL76tLnMTURx
BSVkxkmoJKZ9TcaHwAhRSpbwVy8P5Agm9yfBNpiV6q51KnrGAR0limCXRRLH
qRaeX+QmLjjmhLiilXZ1aIvl0uTOK452rLwsfBmU6/Ms2rAn/0xqswWdWLwg
YVwATlrydVjbesX0olRErnFg66zIa0+HJhTlMrZDR5K96FupmdKeE5AWivUY
oUEKJOYAfY+E96Xa6diyWfAK75cdPmE1SzJ3eHneqQjzeoxA+ISgsCQoK6GU
jFzdkWoWGrgS+z1yuAe5PaCKdhSPAf2fiBQU9FCR2y8LZlqs9U8UlfIyhCVY
BngL0uBCPoYc8QRbN2zwz3gJ4ihLN3z0UqkbQSq1QafwEMo+Oh6SLDkpGb6K
Mysb6BnPIeXs6s57rfeJueKJ7E9NxOrJewQE6APEaHp5bMi4hiauNHS3YYuJ
5tQOTpGQVHANyo4YnpMrrUD0GFksIafhEQsdga4mdiHT5FnL69HD6cArH1j5
1BHtU8BvqjNYMkvK1r5n/VZB7Cnq3KzZi+mA0FlJNAWJjOxpE8KkhVYZe4iZ
OEBZYKTVSYLulip3SVRAGRXVnSooZ9MBCYjSgtFhAtcgvaQQIdiWlfqQYwtG
IXlVHtaSV/3p9trCQ25TTfkRU8ktwcivCMojBV2T6R8D92BHtN4k2CN77qYG
3IajT9ZhKaBnZyKTej8ngcqTQyYi5hHQxcNYAzh7hETnJltRQBFeUlBc6ClU
4omsoIgCm5VrTgAHVz/cPxBxpr/y+oY/313++w/ju8sL+nz/afT5c/VBhBH3
n25++HxRf6pnnt9cXV1eX/jJeCpbj8TB1ejLgYeDg5vbh/HN9ejzAR2ndQof
2h5zqGoDQjiOXBFrG+XJxKvg+/Pb//6vw4H85Zd/gXKPDg/Pfv01fHl/+G6A
LwSBJfjA//1X+OtGIOY1DIBVEPSU2hKH8qJD6GDnVBZSMEKb3z2SZp6G8reT
aHk4+H14QAduPSx11nrIOtt9sjPZK3HPoz3bVNpsPd/SdFve0ZfW91LvjYe/
/QMxSNk9fP+H3wtyodvcIKwWlIGQt2ASOE6ufBKGs5JDN1II18k/XNwiDK1V
Mw09NshCpHIf+myDgCgjjwhsG6y0pMqMPLyM3mb60BxmDHy7k0R7UoML9QAy
CLQlpGikx1KwCjThZ2uVODALl6SCE3Mzw1Do2DnhnQaIwCEd8wxLWdw1shPJ
hB3wFAkWO2AS1VqBvjASmQwONfYYHPIDUgqRM+AQWCjwKXrWQB5DKTNkJ1K1
1TkhYJyj5qqEgzSiyJ4zctYtYse1JpbwspNmsBL0u53b6SCRgvVkrFO1sSis
gFia9QN4xw85tHhtXJO0VTYp82cbSps8SgTYqrMk7YgK04I3uWRGPRYYCLSW
k3tq1tuetYa3mMLByIsllQSWU0iobFRK+U2Ic7OYeAcYsRkqT2FmlzWScyMJ
P36DeD9V4nn+ycSHoGGt07RTZSSPWdyLsALCNtJLxUkD4fM2wPCpVq5gZBll
PnMCiXKjkPjCntVQv2tiv01SqC1DmjoSMEem11ix4i3S82SoMgUlxiy7yai0
ygws0HQE0lrzR1G7rFSO+mEOjnCbKkdkxYYVSdItubx9AZ0cK6jYmaDU0vr4
5SBr2KosRwiK6bDI/ro0PVOT0kl4cUF+ifpiSbKjFipzXp3tY6SLIHy5s/UU
zvPhjJSehhoWB3/2Om5XE86Un4lf+wqJk3Tpk1zrTzchvLYZxZ4VpyaFi9tG
/dGUzy+XMNJgGIq/V6/kHTbiDXxMMqut5lAyT5q+oOAxC/ZZ5eo4JJBrkSHs
vcuERAhfzxE9EcUqRGocS5xDFB2qDUBcknnt8V6Jp5LQ0GdiNJ+J0ZQkXlrY
DgXeuFyYUJVTAa/ocaSxovV0QL+4VKdVqtG+rBxIRgUe+4sHUsL2tWLHyjbN
Lar1WPjIFGnMXNyzyU0gkVA1o3JAYS5GvGN3qlJS1Wt51/agiFVf5JrMeMka
lCtzwq8PmKMJAbYGBuzwXJuk2K4n4SPysCfvtPL1Y97yltLFWov+q5BHNGNh
yK9DvAVDlNqqFd+2S6WN1j4dmeieb/B8B1/nhbcWbOQMWuI+BOdR76R3SmI+
hm7dU70Fp/LWPv/MDo+hE9hecLC94HHplVuaC25FsLfxtg5tiNyzDjY9Y4E3
OlwvOEmphwZZIY/wLWP/S/vxgMN8fFuZaSfGR5YBi3qsoQyjGETy23wtoacl
vd0HPYtkNkcWnRtqN2I+IWS+IM7XJCiMDvC11BjuPwQUqZWLgdNkVuS+tib3
KXkM8/QpotOGVg7+K6sclrcFuYUtRZ+maiZ+HI3/Y3RxcXd+c/1h/PFH3yfi
FYH6NJIgd8+p/DI/NpqWr9/8KEp6IB8/jsZP/wfxdQ7chno4XF7QBf9W62A7
yBoRteWptC24otsXRf+LsKGl6Kc2E/7msntipbHKoLlKHS/liHqt/+eYeSnh
t++hQt8m/BxcruXtvvlESSXx6aTE5WavQY6uvwTEESXiZCbbY1afoYjZ9FnW
ZgmTSar9aiehUcyQfyqsD7RYTxVoaEi1YZGdX3dCjjOT4EqHSrWA1nUFKZ0/
Th302wE/x5Ei4zOaaGSuZYFCJqJUTfHD2NiAqkff3KcQGxM9X1KNUluiKi6Y
yHKep4D6DjpPVkT9w0FsRfXCLgnx+tJBymtbmvin22vpKHemNsR+3dveqUI8
Ey1bVyXLoQspP8LUzbBO6GrRijUJIIqiqjaQLSZWs88HR8BKry0gzXUXJtYk
25uA5QiaLR+rW2a+MSYuV4RwjXZcaN9tpbVmALZdy7f6BqLlX7Vvdao6FUw9
9T2+bwtGvTzh6h5X1dBDzJMhLRMKFl/WfT1fqYAk+oamm+e64lFa2EhnKk8M
3WRIQtLB6eAvn0cPfoH374A5vv0X8ya8Fu/UUotqxwVjQqUhGnlOS7LoKFBM
DvTxrjNqFfJ8AwDEZ3XFPkv5tdYlAaQLZg8RJITvVG5Cg3Ofahpu4y0VFlRc
saOSlobSFIPxREOIvEeKQG64IecC9tXKfEkXJTAxkEa+NUmxbOTIb1aecaJ9
tFW6g/nLWw8+R4gEljQQZBbn2LfZeU5IiZzdILqrjja6HWNBKvG4oOYj1c9s
2WIujSO/LxbLbpJ1IU2X79Yeww3ZE0+rrdVkNlsn94uFpntjBvl1qGkbNtbb
IbV1fr/aPiXUxD5slm3LyN3jOTgUXH2l/f0pkGGSU6LghvfjP7jqe2ricemG
2yaE9N7Yas1F0jTcYvkUVcdfKJDqm6hX8kP1JkbooFBTquo27en407X8bo+c
K/MWlJJcr7lwEz6Kqmik/shabWw9sXUT+Kb03KpJX5Wl49vX+L2qnPaWW9i9
8rZmGeNR0DeWVv6uZ8PmZXAI5NPOOaRp1ISvAbmZGS4BOFFRNxgE2+kWMe1Q
nyjSjVsjujFLcoKQepSHOli+VB8RC7NFDxGsGp7mDyV2uCuM9sm3kTpkTr63
4vd6kqy+v6zbHktjSGSUY8mMNNWUpub7omLGV6Mvu3RvR2n0ShKOEdypXQNV
YpdUr2qdVS1PurUr03RDoB6nwdohySu6C2q4xw0yGeqa1ktN4VWnMC/sGXbb
V9XQKQmzRThqc6ete/HXTfZ80jtq8ec3u9SXXu75n572G9uWiWel0iRu9U3q
MY/0YshTR9R9M7qhqHzYt6yq64pmw6yHmiCLt3XcvEHdI7CvBQM122JNVNMU
tnwxrOlkwvOtwCHgly4JPK2sNqzxPZfH8ELOE+PSJfhZ5C9vSQ+x2X3PrDa5
v51q3f7VFz5qQiZGcJf3F9zfb/kDX2XXvX7R6vVHXEUzYPnO6nYXskThujLp
+KtlJuohQrc7/qHOWexTdJmREs9jiFCK1iXx1j1tsGXdvNpqte3Er/hG/K6J
99EF2mKh4wRQzSx+SgSDCdIuEIqm7Dwd0Bc9U8eKKnG+1sQes/kLFSDpYwpZ
Uzqm5oqZi+pMN+p9SxXgltep6i2PVo+yTFwtqHRlXEz8VWvsswrn7YlGZkvg
uKEWZQafsqOZCVVRaoY8Y53YumTwlx988csMECmA7t9xpNSoOHSd/UUMtwV6
ksrgQBVEy10TG2A3lq8phGg7Rbmb7AW1Tx1n9mJJLyS+4caBTOm1KLH/7QEm
Qz5gyfAsD9VntlQQSZVk01xZlxcRXS2UOYwZAr/+SGOrV3DIrrFBXef75oDF
IieFn28Vznc6LqLSarvrKN/KVnw/QA6LXyfMesMUEgwMajpNIniy8K0SSVVe
eHlnm2RUPIVuEyHbfRHHmiwYJ5bu08K6LXXzGz8v6UW09QJg8K0vOvyLB+vx
9Se/qretkfYbSuX7FjRS+RftaC69EzQh7MEqo4hu51Idz/g1QfHL0G+n498d
gN1YffCrRzz/xmSoQ5hOMpqo7Dlc3C21oWtMfltX65g2CK+mLXjpobii9xFJ
kwpC3bsiiuZJR14jfkHFczVLE9OR/6Z9z8KsVEd+BL2XF4aBtyNv55i7lJ/M
YlLks474jDyUfTXU+wI4JEL8HcpIyYFdLQAA

-->

</rfc>
