Inferring Internet server IPv4 and IPv6 address relationships

Abstract

While IPv6 is finally experiencing non-trivial deployment, IPv4 and IPv6 are expected to co-exist for the foreseeable future, implying dual-stacked devices, and protocol interdependence. We develop and deploy a system for characterizing the association between IPv4 and IPv6 addresses ("siblings") within network server infrastructure, with specific forcus on Internet DNS and web servers. We develop two novel techniques for finding DNS resolver sibling groups, one passive and one active. For 674k observed (IPv4, IPv6) address pairs, we find that 34% of the addresses are one-to-one, i.e. appear in no other pair. Yet there are also complex cases, where distributed DNS resolution creates interconnected series of nameserver address pairs that can span continents and autonomous systems, compexity confirmed using active probing. We then describe a targeted method to actively interrogate candidate (IPv4, IPv6) pairs to determine if they are assigned to the same device. We find that the IPv4 and IPv6 addresses of Internet servers frequently belong to different interfaces, machines, and even autonomous systems Our results have important implications on network resilience, security, geolocation and performance measurement.