What is Duplicate Address Detection (DAD) and how does a host perform it?
Before using any IPv6 address, a host checks no one else has it by sending a Neighbor Solicitation (NS) for that address — if no Neighbor Advertisement (NA) comes back, the address is unique and safe to use.
DAD guarantees uniqueness on the link no matter how the address was formed (SLAAC, manual, EUI-64, or random). It is essentially the host asking "is anyone already using this address?" — conceptually the same idea as IPv4's gratuitous ARP, but done with ICMPv6 Neighbor Discovery messages. RFC 4862 makes DAD mandatory, and it runs for both the Global Unicast Address (GUA) and the Link-Local Address (LLA) before either is marked usable.
* Duplicate Address Detection: no reply means the tentative address is safe to use. *
The DAD exchange:
| Step | What happens |
|---|---|
| 1 | Host multicasts a Neighbor Solicitation (NS) asking who owns its tentative address |
| 2 | It waits a short interval for a Neighbor Advertisement (NA) reply |
| 3 | No reply → the address is unique → the host starts using it |
| 4 | NA received → a duplicate exists → the host must not use the address |
Why it matters: a duplicate address would silently break traffic for both hosts, so this one-time check at interface bring-up prevents hard-to-diagnose conflicts before they happen.
Go deeper:
RFC 4862 §5.4 — Duplicate Address Detection — the mandatory DAD procedure: tentative addresses, NS probes and the timeout that confirms uniqueness.
Neighbor Discovery Protocol (Wikipedia) — DAD alongside NS/NA address resolution, the ARP replacement in IPv6.