The city of Gävle in Sweden have a special Christmas tradition for which it is quite famous. Every year in December a giant Christmas Goat in straw is put in to place in one of the central town squares. In relation to this tradition a sub-tradition has emerged which the city is even more renowned for — to burn down the poor Christmas Goat. This is of course an "illegal" act, but still of quite some interest!
Web-cameras showing the status of the Christmas Goat have been put up by the city of Gävle, primarily in a purpose of control. However, when someone sets fire to the poor Goat, the traffic and need for bandwidth tend to go sky-high for these cams.
It is with this background that the IT-department within the city of Gävle turned to me and my company with questions about load sharing the traffic. Since the traffic is quite substantial and visitors come from all over the world, I gave it some thought and came to the following conclusion: Why not combine business with pleasure?! I accepted the request with the following therms: loadsharing for the site AND at the same time validating the use of IPv6 and DNSSEC.
So, at the time of the premier of the 2010 Christmas Goat, 28/11 - 2010, the following was done:
http://www.julbockmedipv6ochdnssec.se/kamera1 and http://www.julbockmedipv6ochdnssec.se/kamera2 were set up in order to:
• Track native IPv6 with a RR with A and AAAA.
• Track those who can run IPv6 with a RR with only one AAAAA.
• Track validating DNS-resolvers with a domain that has a faulty DNSSEC.
The result we got showed that native IPv6 was in use by very few users. Quite a few of them ran 6to4 but nobody(!) used Teredo. The fact that nobody seemed to use Teredo raised some questions and we started to investigate. A standard search on Google gave us nothing so we moved on to a contact on Microsoft that supplied us with the following link.
Basically this says that Windows Vista/7 don't do DNS-entries after AAAA RR if the only active IPv6 alternative is Teredo. Here you can start to wonder why Microsoft bothered to have Teredo active, but perhaps we should have that discussion some other time.
Upon that we changed the IPv6-link to:
After that the use of Teredo increased.
Up until today, 13/12 - 2010, the result is as follows:
• 0,1% has reached the site with native IPv6.
• 52% of the visitors have reached http://[2001:b48:10:3::215]/ipv6.jpg and 53% of them use 6to4 and 47% use Teredo.
• 44% of the visitors validate DNSSEC but do not reach http://pic.try2readme.se/dnssec.jpg
My reaction to the results is that the use of validation of DNSSEC is surprisingly low. It is also surprising that the use of 6to4 and Teredo is this high! If we take in account that 40% of the visitors run Windows XP, the figure is even more surprising. I guess that this shows that the people with interest in the Christmas Goat in Gävle also are well prepared for the future with a dual-stack that seems to work well. (If we don't count the failure from Microsoft with Teredeo… But hey, it is soon Christmas so let´s be nice :)
Conclusion: The Gävle Christmas Goat can be used to much more than first intended.
By Torbjörn Eklöv, CTO, Senior Network Architect, DNSSEC/IPv6
|Cybersquatting||Policy & Regulation|
|DNS Security||Registry Services|
|IP Addressing||White Space|
Neustar DDoS Protection
Minds + Machines
Neustar DNS Services