Dnsv4first on ignored? Hi I am using squid-3.2.6. Our network interfaces have IPV6INIT=no. We do not use ipv6. In squid.conf we have set dnsv4first to on but it still lookups for the AAAA record.
I setup proxy server 3proxy on my VPS which uses NAT IP4 address but offers IPv6 subnet /64 address I success make
3proxy
contact outside world using IPv6 , But I face other issue many websites didn't have AAAA/IPv6 record at all which was surprise to me , e/g twitter.com can't be resolved . So is it possible transfer websites IPv4 address to IPv4 so it will be available to the IPv6 proxy users !Edit I was able to reach IPv4 site temporary by letting the proxy resolve IPv4 if IPv6 not available
-64
adding this line 3proxy.cfg
.proxy -64 -n -p66505 -a -i0.0.0.0 -e2a04:f2a7:26:a143:3815:0abf:8723:1000
Looks like 3proxy tries to resolve host address with Ipv6 if it fails tray with current server IPv4 and bring back data to the proxy client (whether he is connection via IPv4 or IPv6) .PS After testing IPv6 only connection looks like only Google/YT/facebook and few other website are supporting IPv6 special that have cloudflare the rest of Internet are dark (reddit/twitter/) with no AAAA host record .
Salem F
Salem FSalem F
1 Answer
Yes, but that's not enough. Even if you put an IPv4 address in an AAAA record, IPv6-only clients still will not be able to contact it. (They can't talk using IPv6 packets because the IPv4-only destination won't understand them, and they can't talk using IPv4 packets because the IPv6-only source won't understand them.) So this needs to be paired with packet translation on the router.
Most commonly, you'll see NAT64 for the packet translation (from v6-only clients to v4-only services), and DNS64 for the generation of fake AAAA records for those clients. A common NAT64 translator is Tayga (although some ISPs have published their own open-source projects), and several DNS resolvers including Bind9 can do DNS64. Google Public DNS also has special servers which perform DNS64.
But, of course, the NAT64 gateway itself must be able to use IPv4. If your current server cannot access the IPv4 Internet, well, that means it cannot.
grawitygrawity
Not the answer you're looking for? Browse other questions tagged networkingdnsproxyipv66to4 or ask your own question.
I recently had an app rejected from the ios store for crashing during their (now) mandatory IPv6 test (didn't even know they did that).
My server (on AWS) wasn't setup for IPv6, but I've fixed that with proper DNS and routing. It passes the tests at http://ready.chair6.net/
To this point, I did some research and saw that you can spoof an IPv6 network at home using internet connection sharing (ie: NAT64) on Mac OS X. So, I did that and assigned a v6 address to the iphone with my app on it and everything worked fine. However, that's not really testing the whole end-to-end connection that apple would be doing since once it hits the Mac it goes back to v4.
I'm trying to figure out a way that I can test the whole v6 connection to my server. Right now I'm assuming my home internet will only offer IP4. My current thoughts are setting up a VM/droplet on Digital Ocean/etc. They can be assigned both v4 and v6 at the same time. Further research shows that either 'socat' or 'squid cache' might be able to do the trick of listening on IP4 port/address and routing to the IP6 address outgoing on the same machine to continue the path to my app server on IP6. I'm getting a little lost in the details though. How do I connect from my client at home via IP4 to the VM? Do I have to tunnel? Can I set a proxy in firefox? How do I pass DNS requests through this connection so that my DNS server responds with the IP6 address and not the v4 one? I'm sure there are many other questions that I'm not thinking of currently.
Any thoughts on how to do this? Thanks!
user3249281user3249281
1 Answer
You can set up a https://tunnelbroker.net/ tunnel to add IPv6 to your home system. Also some ISPs have IPv6 configurations that would allow native connectivity.
Jason MartinJason Martin