What does "Prefer IPv4 over IPv6" do?

matsan

Hi,
some background: I have a SOHO sharing the cable Internet connection with my home. We recently got a IoT project requiring us to look into IPv6. Our cable provider does not provide IPv6 connectivity so we configured pfsense to use tunnelbroker.net encapsulation service.

Everything worked flawlessly until we this evening tried to sit down and watch Netflix on our Apple TV. After a reboot the Apple TV picked up the IPv6 configuration running in the network and started to route traffic through the tunnelbroker.net connection. Needless to say, Netflix slowed down to a crawl.

Questions:

1. what does the System > Advanced > Networking > Prefer IPv4 over IPv6 do? I have tried checking this option but Netflix is still using IPv6 tunnel.
2. can unbound be configured to block certain DNS records, thinking along the lines of blocking AAAA records from netflix.com

…or this there a better way...?

Any insights greatly appreciated!
/Mattias

kejianshi

"started to route traffic through the tunnelbroker.net connection. Needless to say, Netflix slowed down to a crawl."

This has never been my experience - those tunnels support a ton of bandwidth usually.  I think something is wrong there.

matsan

I use the Stockholm end-point and see that the bandwidth consumed from my Apple TV is 1,5MBps and Netflix is running in SD. Running normally on IPv4 I get full HD and the Apple TV consumes around 5MBps.

Could perhaps be the geo-location logic failing when my traffic comes from the Tunnelbroker.net IP-range generating a poor latency thus low bandwidth?

kejianshi

Hmmmm.  I'm more than 8k away from my pfsense using an IPV6/4 openvpn tunnel for netflix and netflix always prefers IPV6 for me.

And the pfsense box is getting its IPV6 via Hurricane Electric.

So I'd think my latency should be way worse than yours.

The one thing that is different for me is that I use an actual computer attached to my flat screen TV and not one of those adapter boxes.

My computer is not the least bit confused what to do with IPV6 nor does it use some intermediate server somewhere.

matsan

@kejianshi:

My computer is not the least bit confused what to do with IPV6 nor does it use some intermediate server somewhere.

Everything else is running just fine in the network, iPads, phones and computers. Browsers pass test-ipv6.com and we can access sites running IPv6. IIRC we had similar problems with OpenDNS a couple of years ago when the Apple Store mis-detected us and we got streaming content from US instead of from Europe. I don't know if this was fixed as we moved to our ISP's DNS servers instead.

Anyway, simply blocking AAAA DNS records to get to the apple TV would be interesting to try, but I don't know if this is possible in unbound. For the moment we have disabled IPv6 and just use it in a VLAN segment for the IoT development.

kejianshi

You can use firewall rules to determine which devices on the network get IPV6 and which do not. 
Maybe just don't let your appletv get an IPV6 address?