HE Tunnel, only IPv6, resolution brings IPv4 adresses sometimes



  • Hy,
    I set up a Lan with IPV6 only (over HE Tunnel) using this fine Article:
    https://doc.pfsense.org/index.php/Using_IPv6_with_a_Tunnel_Broker

    Only difference, I choose ipv6 only on the LAN interface.

    With DHCP in Managed-mode my clients get to use the DNS I set, from HE:
    2001:470:20::2

    In PFsense globally i set up an Ipv4 DNS for the other subnets.

    So now, if on a client in my ipv6 subnet i dig <domain>AAAA I sometimes get Ipv4 adresses - if there is no AAAA record, so if the site is only ipv4.

    Why do I get back Ipv4 Adresses as results on my ipv6 clients, how can this work - is this HE's dns server of is it pfsense falling back 
    to the system ipv4 dns ? I dont get how a ipv6 dns serves ipv4's. Is that normal? Just want to know.
    thx!</domain>



  • DNS servers serve up records of whatever address type is requested by the client. The server doesn't care if you're connecting through IPv6 or IPv4.

    If an A record (IPv4 address) is requested, then an A record will be returned if one exists, even if the connection to the server is made over IPv6. If both A and AAAA records are present for a hostname, and the client is requesting both, then both will be returned.


  • Rebel Alliance Global Moderator

    "Only difference, I choose ipv6 only on the LAN interface."

    Yeah that is going to break access to pretty much the whole internet… The % of the internet that has ipv6 access is pretty small in the big scheme of things.. It for sure is not ready for ipv6 only networks, unless you were serving up some service to the public and all you wanted was to service ipv6 users..

    Trying to run any sort of device/workstation/tablet that a user would use to access stuff is not viable to be ipv6 only... Unless you really don't want them doing much with said device.

    As stated already dns just returns what is in the record.  If your saying your doing a query for AAAA and getting back IPv4 then clearly they have a busted AAAA record..  Since that should only be IPv6, but many clients query both/all so if doing a query for some fqdn you quite possible will get back both ipv4 and ipv6 A and AAAA..  Be it your only ipv4 or only ipv6 makes no matter what what the record you query has in it.



  • DNS can return both types of records (A and AAAA) and it's completely up to the application that requested the DNS resolution to decide which ones it's going to use. Availability of IPv6 connectivity and set up preferences in the operating system (such as ip6addrctl(8) in FreeBSD) can also affect the decision whether to use the IPv4 or IPv6 address for the connection.