Ipv6 again. Give more priority to ipv4

Hi. maybe in 2019 you will give more priority to ipv4 and not ipv6 ? Countless topics about this problem and with 99% ipv4 servers and 1% ipv4 + ipv6 you decided ipv6 ? where is logic ?

If you have a specific technical issue or request, please put in the details and people can help you, otherwise vague rants aren’t useful to anyone.

people during 2 years asking you to give ipv4 more priority, isn’t it an issue ?

Hi @krioz

I don’t think and I don’t hope Letsencrypt switches back to ipv4.

Ipv6 has a lot of additional features.

So if a domain has ipv6 AAAA entries, ipv6 should work.

If not, it’s a good indicator that something is wrong. Perhaps the ip address is spoofed.

Ipv6 with DNSSEC is amazing :wink:

PS: Only ipv4 is supported. So there is no problem.

2 Likes

Hi @krioz,

This is an issue fully in your own control: you can remove the AAAA records in your DNS zone and no IPv6 connections will be made. By advertising an AAAA record you are inviting connections to your domain over IPv6.

3 Likes

Please correct me if I’m wrong, but prioritizing ip6 over ipv4 help to discover problems with ipv6, that some of your visitors already experience, or do you have a more specific argument?

1 Like

I think your priorities here are wrong. If a site has an AAAA record, but isn’t reachable over IPv6, then the site’s configuration is broken. The site operator should fix this, either by fixing IPv6 connectivity or removing the AAAA record.

Preferring IPv6 over IPv4, when both the server and the client support it, is standard practice. Almost every application and operating system behaves this way. Let’s Encrypt is just a canary in the coal mine: if it’s having trouble reaching you over IPv6, it’s probably not the only IPv6 related problem you’re having, it’s just the one you’ve noticed.

7 Likes

When you have 1-2 domains it’s not an issue, but when you have thousands of domains and from different providers(sometimes with wrong ipv6 configuration) and it’s not a day or two to solve problem, then it would be nice if there are an options ‘check over ipv4’, so you can use it for problem domains

If you have a not working ipv6 configuration, you should remove the dns-AAAA entry or fix it.

There is a growing number of users with ipv6. They may have timeouts or can’s see the site.

Check

https://www.google.com/intl/en/ipv6/statistics.html

USA has 33 % ipv6 traffic, Germany has 42 % (cable providers use ipv6 and DS Lite (no explicit ipv4), Telecom and others switch to ipv6 + ipv4 if ISDN is removed).

Conclusion: Such a switch will not come, you have to find other solutions.

1 Like

You are working with certificates and saying about traffic amount ? not number of domains ?
If you are using only most popular sites such as google, youtube, facebook with ipv6 support, then it means 100% ipv6 traffic ? what about real statistic ? Here https://www.apnic.net/community/ipv6-program/data/ you can find statistic(https://bgp.he.net/ipv6-progress-report.cgi/) for May 2019 about *.com(for example) domains, where among 139809442 domains 89.5 % has ipv4 and 5.5% has ipv6.

Multiple people have told you to remove your AAAA record to resolve your IPv6 problems, since AAAA indicates that you fully support IPv6… and obviously you don’t. Why won’t you try that quick and simple step?

1 Like

maybe coz this ? Ipv6 again. Give more priority to ipv4 . And I’m not asking about "how to solve this proble’ coz i know it myself. I’m asking about logic behind this action because in percentage ipv4 more actual

I think there’s a difference in opinions here unlikely to be resolved with further discussion.

We can not support the partial solution you’re recommending (an inversion of protocol preference) and continue to recommend that domains without functional IPv6 connectivity do not advertise an IPv6 address in DNS. Resolving the problem in any other way than fixing the IPv6 connectivity or removing the AAAA record is a partial band-aid that addresses only one symptom (Let’s Encrypt certificate issuance) and not the many other problems you will encounter from advertising broken IPv6. Our current behaviour w.r.t IPv6/IPv4 is common best practice and has not been an issue for millions of other subscribers.

I’m going to close this thread since there aren’t any directions to continue this discussion. If you have other questions on a topic other than IPv6 and IPv4 priority please feel free to open a new thread.

Thanks everyone,

4 Likes