Accounting for IPv6 in Your Content Filtering Strategy
If you're implementing a content filtering strategy using DNS as the support technology stack, you have no choice but to be familiar with basic network terms like IPv4 and IPv6. in this article we'll provide a basic primer, and provide you with some things to think about when deploying your filtering solution.
What is IPv6?
If you spend time on the internet, you have likely heard of IPv4 (whether you realize it, or not). Maybe you've heard in the context of an "IP" (an Internet Protocol).
Maybe at some point, you saw a series of numbers like 188.8.131.52. Or maybe somewhere in the process you have heard us talk about DNS and how the IP is the location of a domain and it's at the core of how DNS works.
In whatever context you have heard it, IPv6 is supposed to be the successor to IPv4. IPv6 was introduced because we were running out of IPv4 addresses. Yes, it's true. Just think of the number of devices connected to the internet today - it's astronomical!
Here is an example of the differences between IPv4 and IPv6:
If you're feeling overwhelmed about this, it's ok this is not a tutorial about IPs.
Its adoption is not moving very fast. It was invented in 1998 (yes, it's been going for over 20 years and still struggling with adoption), but as of late we have started to see a big push where it's coming default on devices. This brings us full circle to why you should care.
IPv6 and Content Filtering
Although the adoption of IPv6 has been slow, it is happening, and we're starting to see it enabled by default on devices. From local desktops to gaming devices.
This is important because we typically see CleanBrowsing users configuring IPv4 on their DNS, not IPv6.
For example, users will configure this on their router (IPv4):
Primary DNS: 184.108.40.206 Secondary DNS: 220.127.116.11
They are forgetting to configure their IPv6 values as well, which would be:
Primary DNS: 2a0d:2a00:0001:0000:0000:0000:0000:0000 Secondary DNS: 2a0d:2a00:0002:0000:0000:0000:0000:0000
The net result is that if the device, router, and network support IPv6, and IPv6 is not configured on the router, it will circumvent any filtering you have in place on the network.
Accounting for IPv6 on Networks
Three things have to exist for IPv6 to a problem:
|Device||The device has to support IPv6, and this is becoming a standard default configuration. This applies to mobile, gaming, and desktop devices.|
|Router||The router has to support IPv6 routing. This is one of the biggest problems. A lot of router providers are way behind the power curve, and in some instances, they support it but disallow the user to enable, disable or even edit the values.|
|ISP||Most importantly, the ISP has to support IPv6 routing and this last requirement is by far one of the biggest problems.|
If you're experiencing anomalous behavior where your filtering is not applying to a specific device, it could be IPv6. One easy way to test is this free Test Your IPv6 scanner. If IPv6 is detected, it will notify you and you can figure out what you'd like to do.
Speaking of which, here are some options when working with IPv6:
Option 1 - Disable IPv6
If you don't want to deal with any of this, the easiest thing to do is disable IPv6. It's not going to hurt your device. A lot of technologists will frown on this recommendation, but it's the most practical for people that don't live and breathe networking.
If you're on Windows, we've prepared a simple guide to help you disable it.
Alternatively, you can log into your router and look for an IPv6 specific section. Rarely do they have it on the same settings page, don't know why, with the exception of Netgear Orbi routers. If they do have a section, they sometimes have a "disable" feature, but not always.
Option 2 - Configure IPv6 DNS
The most sound approach will always be to deploy the IPv6 DNS values in addition to the IPv4.
Every free filter and paid account is issued an IPv6 value, so if your device (router) supports values we encourage you to update both sections to avoid filtering issues and be prepared for future network changes.