Subscribe to the Non-Human & AI Identity Journal

Forums
The Non-Human & AI ...
General NHI, AI & I...
IPv6 and AAAA recor...
 
Notifications
Clear all

IPv6 and AAAA records: what DNS teams need to fix now

 
    Last Post
  RSS

 NHI Mgmt Group
(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 6713
Topic starter 23/06/2026 8:04 pm  

TL;DR: IPv6 can scale internet addressing to 340 undecillion possibilities and remove several IPv4 constraints, but the transition creates DNS, routing, and configuration risk when dual-stack environments are unevenly managed, according to DigiCert. Existing identity and access programmes also inherit new operational friction because protocol coexistence, not protocol choice alone, becomes the control problem.

NHIMG editorial — based on content published by DigiCert: What is IPv6, and How Does It Differ from IPv4?

Questions worth separating out

Q: How should security and infrastructure teams roll out IPv6 in dual-stack environments?

A: They should publish IPv6 only after validating end-to-end reachability across DNS, firewall policy, routing, and application listeners.

Q: Why do AAAA records sometimes cause service delays or failed connections?

A: Because clients may prefer IPv6 when both A and AAAA records exist, and they will wait if the IPv6 path is advertised but not actually reachable.

Q: What should organisations check before moving critical services to IPv6?

A: They should check that the service can accept IPv6 traffic, that security controls allow it, and that clients can resolve and reach it consistently.

Practitioner guidance

  • Audit dual-stack exposure across critical services Inventory which public-facing and internal services have A records only, AAAA records only, or both.
  • Test DNS resolution and fallback behaviour separately Measure how clients behave when both A and AAAA records exist.
  • Assign ownership for IPv6 readiness checks Make one team accountable for end-to-end validation before AAAA records are published.

What's in the full article

DigiCert's full blog post covers the operational detail this post intentionally leaves for the source:

  • Detailed explanation of IPv4 address exhaustion and why NAT extended the protocol's lifespan
  • Side-by-side examples of A and AAAA records with formatting and resolution differences
  • Google adoption figures and regional comparisons that show where IPv6 deployment is already ahead
  • Managed DNS configuration guidance for teams that need practical implementation support

👉 Read DigiCert's explanation of IPv4 and IPv6 differences for managed DNS →

IPv6 and AAAA records: what DNS teams need to fix now?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
Topic Tags
digicert ipv6-transition dns-management dual-stack-networking identity-governance
Forum Jump:
  Previous Topic
Next Topic  
Related Topics
Topic Tags:  digicert (279) , ipv6-transition (6) , dns-management (6) , dual-stack-networking (6) , identity-governance (2280) ,
Share:

#1 Authority in NHI Education, Research and Advisory, empowering organizations to tackle the critical risks posed by Non-Human Identities (NHIs), including AI Agents.

Get in Touch

Quick Links

Legal & Policies

©2025 NHIMG. All right reserved.