IPv6 Provider Diversity

What This Check Does

The IPv6 Provider Diversity check verifies that your active nameserver IPv6 addresses are hosted by more than one DNS provider. Similar to the IPv4 Provider Diversity check, this ensures that a single provider's outage does not eliminate all IPv6 DNS resolution for your domain.

DNS Spy identifies the hosting provider for each nameserver IPv6 address using ASN data and verifies that at least two different providers are represented.

Why It Matters

Provider diversity is just as critical for IPv6 as for IPv4. Some providers may have different IPv6 infrastructure than their IPv4 infrastructure, meaning provider diversity must be verified independently for each protocol. A provider could experience an IPv6-specific outage while their IPv4 service remains operational.

As IPv6 traffic grows, ensuring that your IPv6 DNS infrastructure is resilient against provider-level failures becomes increasingly important. Multi-provider IPv6 DNS ensures continuous resolution for the growing number of IPv6-native users and networks.

NIST SP 800-81, Section 3.3, recommends avoiding concentration of DNS infrastructure with a single provider. DNS Spy verifies this independently for IPv6 addresses.

NIST SP 800-81 Compliance

Section 3.3 of the NIST Secure DNS Deployment Guide emphasizes provider diversity for all nameserver infrastructure. This check ensures your IPv6 deployment meets NIST guidelines by verifying multi-provider distribution of IPv6 nameserver addresses.

Good vs. Bad Configuration

Bad Configuration

All nameserver IPv6 addresses belong to the same hosting provider's ASN. An IPv6-specific outage at that provider eliminates all IPv6 DNS resolution for your domain.

Good Configuration

Nameserver IPv6 addresses are distributed across multiple providers' ASNs, ensuring that a single provider's IPv6 outage does not affect all DNS resolution.

How DNS Spy Monitors This

DNS Spy identifies the hosting provider for each nameserver IPv6 address using ASN data during every monitoring cycle. If all IPv6 addresses belong to the same provider, an alert is triggered. Provider changes are tracked over time to ensure continued diversity.