This study addresses the critical gap in understanding whether existing Internet censorship infrastructure—such as firewalls, deep packet inspection (DPI) systems, and DNS injection—effectively controls IPv6 traffic to the same extent as IPv4. Method: We conducted the first global-scale empirical measurement of IPv6 DNS censorship by issuing over 20 million A/AAAA queries to open DNS resolvers worldwide, employing a three-tier comparative analysis across resolvers, networks, and countries. Contribution/Results: We find widespread IPv6 censorship deficiencies: inconsistent policies, significantly lower blocking rates compared to IPv4, and substantial censorship evasion (“leakage”). We propose a novel active probing methodology leveraging open IPv6 resolvers, demonstrating that IPv6 currently serves as an effective circumvention vector. This work provides the first large-scale empirical evidence on the interplay between protocol evolution and information control, establishing a new research paradigm for studying censorship resilience in next-generation Internet protocols.

Internet censorship impacts large segments of the Internet, but so far, prior work has focused almost exclusively on performing measurements using IPv4. As the Internet grows, and more users connect, IPv6 is increasingly supported and available to users and servers alike. But despite this steady growth, it remains unclear if the information control systems that implement censorship (firewalls, deep packet inspection, DNS injection, etc) are as effective with IPv6 traffic as they are with IPv4. In this paper, we perform the first global measurement of DNS censorship on the IPv6 Internet. Leveraging a recent technique that allows us to discover IPv6-capable open resolvers (along with their corresponding IPv4 address), we send over 20 million A and AAAA DNS requests to DNS resolvers worldwide, and measure the rate at which they block, at the resolver, network, and country level as well examine the characteristics of blocked domains. We observe that while nearly all censors support blocking IPv6, their policies are inconsistent with and frequently less effective than their IPv4 censorship infrastructure. Our results suggest that supporting IPv6 censorship is not all-or-nothing: many censors support it, but poorly. As a result, these censors may have to expend additional resources to bring IPv6 censorship up to parity with IPv4. In the meantime, this affords censorship circumvention researchers a new opportunity to exploit these differences to evade detection and blocking.