What's new

IPv6 precedes IPv4 translation

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Still, for a domain with both IPv4 and IPv6 the router translates IPv6 first.
That's not necessarily true. Ultimately it depends on how to program trying to resolve the name has been coded. nslookup for example is just a user program and may prioritise addresses in a different order than say ping does.

That said, most programs use getaddrinfo() or gethostbyname(). Failing an order being specified explicitly the results order may default to first response first, or the precedence table specified in RFC 3484. But even the RFC 3484 order can be overridden.

In the case of your nslookup result in your OP the IPv6 was shown first. This is normal if the router has IPv6 enabled. If the router doesn't have IPv6 enabled the IPv4 result appears before the IPv6 result. Contrast that with Windows' nslookup where AFAICT it always presents the IPv6 address first.
 
That's not necessarily true. Ultimately it depends on how to program trying to resolve the name has been coded. nslookup for example is just a user program and may prioritise addresses in a different order than say ping does.

That said, most programs use getaddrinfo() or gethostbyname(). Failing an order being specified explicitly the results order may default to first response first, or the precedence table specified in RFC 3484. But even the RFC 3484 order can be overridden.

In the case of your nslookup result in your OP the IPv6 was shown first. This is normal if the router has IPv6 enabled. If the router doesn't have IPv6 enabled the IPv4 result appears before the IPv6 result. Contrast that with Windows' nslookup where AFAICT it always presents the IPv6 address first.
I agree with your understanding Colin, when I use host method to look up ddns address, it shows the ipv4 address first, where as nslookup shows ipv6 first.
 
Some interesting background info from the mobile carrier space...


The rationale here for 464XLAT vs. CGNAT is that 464XLAT can use a single PDP context, whereas CGNAT would have to use more than one...

T-Mobile Home Internet uses this to a significant degree, and with them, IPv6 will almost always perform better for connectivity than IPv4.

Yeah that's one example of 6to4 gateways I was referring to (and gaining in popularity, though relatively newer than doing a traditional overload NAT which some are still doing).

If T-Mo is using 464 and assigning IPV6 to end users then definitely connecting to an IPv6 endpoint should (assuming that endpoint is as robust as its v4 equivalent, which is not always the case) be faster, since it does not have to go through that translation (and potentially take a longer path to go through the translator).

For one dual stack client talking to another dual stack client, (or comparing a v6 to v6 vs a v4 to v4) there is going to be little difference. Some tests the v6 will be a tiny bit faster due to no NAT, others the v4 will be a bit faster due to less overhead and sometimes a more direct path to the endpoint.
 
Many applications will do both - querying IPv4 and IPv6

Many times IPv6 can be faster to respond to the query...

It's call Happy Eyeballs -- https://datatracker.ietf.org/doc/html/rfc6555

At one point Windows and other OS's were waiting to get both responses back (A and AAAA) before doing anything so it defeated the purpose. That's one big reason why Happy Eyeballs was developed. I haven't played with it recently, but I believe the logic now is to prefer the AAAA but only if it comes back within like 1msec of the A (if the A comes back first). I'm not sure why you say many times v6 is faster to respond. Both are coming from the same DNS server, and since v4 is still a lot more prevalent, that DNS is more likely to have the v4 IP cached and not have to do a recursive lookup.
 
I agree with your understanding Colin, when I use host method to look up ddns address, it shows the ipv4 address first, where as nslookup shows ipv6 first.

Doesn't really matter which is displayed first, it matters which the OS or application uses first. All the major software manufacturers have standardized on preferring IPv6 (knowing that it is necessary to move IPv6 forward).
 
That's not necessarily true. Ultimately it depends on how to program trying to resolve the name has been coded. nslookup for example is just a user program and may prioritise addresses in a different order than say ping does.

That said, most programs use getaddrinfo() or gethostbyname(). Failing an order being specified explicitly the results order may default to first response first, or the precedence table specified in RFC 3484. But even the RFC 3484 order can be overridden.

In the case of your nslookup result in your OP the IPv6 was shown first. This is normal if the router has IPv6 enabled. If the router doesn't have IPv6 enabled the IPv4 result appears before the IPv6 result. Contrast that with Windows' nslookup where AFAICT it always presents the IPv6 address first.

It seems gethostbyname() is deprecated, but some apps might still use it, I guess.

As for getaddrinfo function, it seems most Linux dists use the /etc/gai.conf file to configure IP precedence.
So, by setting a "precedence" parameter, I can prefer IPv4.

With a Linux machine, I'll use ipv6.com for testing. host lists both IPv4 and IPv6 with no clear precedence.
Code:
$ host ipv6.com
ipv6.com has address 173.198.234.109
ipv6.com has IPv6 address 2604:7c00:18:e::2

Before changing gai.conf file, Netcat and Ping uses IPv6 first.
Code:
$ n c -zv ipv6.com 443
Connection to ipv6.com (2604:7c00:18:e::2) 443 port [tcp/https] succeeded!
$ ping ipv6.com
PING ipv6.com(2604:7c00:18:e::2 (2604:7c00:18:e::2)) 56 data bytes
64 bytes from 2604:7c00:18:e::2 (2604:7c00:18:e::2): icmp_seq=1 ttl=49 time=172 ms

After changing gai.conf, Netcat and Ping prefer IPv4.
Code:
$ n c -zv ipv6.com 443
Connection to ipv6.com (173.198.234.109) 443 port [tcp/https] succeeded!
$ ping ipv6.com
PING ipv6.com (173.198.234.109) 56(84) bytes of data.
64 bytes from 173-198-234-109.static.as40244.net (173.198.234.109): icmp_seq=1 ttl=49 time=156 ms

I wanted that behavior on my router as well, but I could not find gai.conf file.
Is there some sort of "gai.conf" within AX86U router?
 
The router has no gai.conf file, but we can simply add it, and that seems to favor IPv4.
In my testing, I could see a change while using nslookup and netcat.

Before adding gai.conf:
Code:
# nslookup ipv6-test.com
    Server:    127.0.0.1
    Address 1: 127.0.0.1 localhost.localdomain

    Name:      ipv6-test.com
    Address 1: 2001:41d0:701:1100::29c8
    Address 2: 51.75.78.103 muscaria.t0x.net

# n cat -zv ipv6-test.com 443
    Ncat: Version 7.91 ( https://nmap.org/ncat )
    Ncat: Connected to 2001:41d0:701:1100::29c8:443

After adding gai.conf:
Code:
# nslookup ipv6-test.com
    Server:    127.0.0.1
    Address 1: 127.0.0.1 localhost.localdomain

    Name:      ipv6-test.com
    Address 1: 51.75.78.103 muscaria.t0x.net
    Address 2: 2001:41d0:701:1100::29c8

# n cat -zv ipv6-test.com 443
    Ncat: Version 7.91 ( https://nmap.org/ncat )
    Ncat: Connected to 51.75.78.103:443

To make the change persistent after boot, I added the following to services-start.sh script.
Code:
cat > /tmp/etc/gai.conf << EOF
# getaddressinfo() CONF FILE FOR IPV4 PRECEDENCE
precedence  ::1/128       50
precedence  ::/0          40
precedence  2002::/16     30
precedence ::/96          20
precedence ::ffff:0:0/96  100
EOF
 
The router has no gai.conf file, but we can simply add it, and that seems to favor IPv4.
In my testing, I could see a change while using nslookup and netcat.

Before adding gai.conf:
Code:
# nslookup ipv6-test.com
    Server:    127.0.0.1
    Address 1: 127.0.0.1 localhost.localdomain

    Name:      ipv6-test.com
    Address 1: 2001:41d0:701:1100::29c8
    Address 2: 51.75.78.103 muscaria.t0x.net

# n cat -zv ipv6-test.com 443
    Ncat: Version 7.91 ( https://nmap.org/ncat )
    Ncat: Connected to 2001:41d0:701:1100::29c8:443

After adding gai.conf:
Code:
# nslookup ipv6-test.com
    Server:    127.0.0.1
    Address 1: 127.0.0.1 localhost.localdomain

    Name:      ipv6-test.com
    Address 1: 51.75.78.103 muscaria.t0x.net
    Address 2: 2001:41d0:701:1100::29c8

# n cat -zv ipv6-test.com 443
    Ncat: Version 7.91 ( https://nmap.org/ncat )
    Ncat: Connected to 51.75.78.103:443

To make the change persistent after boot, I added the following to services-start.sh script.
Code:
cat > /tmp/etc/gai.conf << EOF
# getaddressinfo() CONF FILE FOR IPV4 PRECEDENCE
precedence  ::1/128       50
precedence  ::/0          40
precedence  2002::/16     30
precedence ::/96          20
precedence ::ffff:0:0/96  100
EOF
Awesome! Please post updates if you experience any challenges with normal router operations from the addition of these settings. (I don't think you will, but it would still be good to pop in and keep updates on the matter if anything were to be adverse.)
 
Actually, the remote AAAA record was set by No-IP automatically. Not sure why.
I managed to delete the AAAA record from No-IP and now the communication is going through.

Just out of curiosity - did you ever find out how the heck no-ip created the AAAA record by default?

I've got a couple of test domains out there, and no-ip only configured the A record.
 
Just out of curiosity - did you ever find out how the heck no-ip created the AAAA record by default?

I've got a couple of test domains out there, and no-ip only configured the A record.
As I mentioned previously, it was a mistake. I thought it was updating but it was actually an old IPv6 that I manually added and forgot to remove.
 
As I mentioned previously, it was a mistake. I thought it was updating but it was actually an old IPv6 that I manually added and forgot to remove.

So at the end of the day, it was self-inflicted... The reason for me bringing this up - this thread actually goes down a path where two things happen:

1) apply fixes/workarounds that can and likely will cause problems down the road

2) there are a number of forum members that are averse to using IPv6, and this thread goes a long way towards the justification of not using IPv6 - people fear what they don't understand.

The root cause of having a manually entered invalid AAAA record is a corner case that most users would never do in the first place... and the outcome of bad DNS entries would apply to any normative record, not just AAAA

With the no-ip.com webUI, it's actually not obvious for most how to even get there.
 
To make the change persistent after boot, I added the following to services-start.sh script.
Code:
cat > /tmp/etc/gai.conf << EOF
# getaddressinfo() CONF FILE FOR IPV4 PRECEDENCE
precedence  ::1/128       50
precedence  ::/0          40
precedence  2002::/16     30
precedence ::/96          20
precedence ::ffff:0:0/96  100
EOF
I like this solution, I put it in the init-start script so that it will create the config file when the system starts instead of being created every time services runs. thank you.
 
So at the end of the day, it was self-inflicted... The reason for me bringing this up - this thread actually goes down a path where two things happen:

1) apply fixes/workarounds that can and likely will cause problems down the road

2) there are a number of forum members that are averse to using IPv6, and this thread goes a long way towards the justification of not using IPv6 - people fear what they don't understand.

The root cause of having a manually entered invalid AAAA record is a corner case that most users would never do in the first place... and the outcome of bad DNS entries would apply to any normative record, not just AAAA

With the no-ip.com webUI, it's actually not obvious for most how to even get there.
I agree

For those following along, If you count yourself among those to whom the second point applies, please consider spending a few hours of your life at https://ipv6.he.net/certification/ to make many more hours to come free/enjoyable
 
I like this solution, I put it in the init-start script so that it will create the config file when the system starts instead of being created every time services runs. thank you.
good tip. I've switched to init-start as well
 
2) there are a number of forum members that are averse to using IPv6, and this thread goes a long way towards the justification of not using IPv6 - people fear what they don't understand.

It is not fear of the unknown for many (though yes, for some), it is simply not necessary for the vast majority of users. Yes, we should all play nice and get onboard with IPv6 to keep the transition moving, but many don't have the option (i.e. Verizon FIOS in most areas) and in my experience it simply isn't stable enough yet. Even large corporations and enterprises, v6 is sort of "secondary". When they make changes or redesign something, they often don't even think about the v6 portion or test it after and things can be down significant time before someone realizes, oops, we forgot about the v6 stuff. This of course doesn't apply to the ISPs and corporations that have been forced to use IPv6 as their primary addressing due to not being able to get v4 space, but that is a small share of the market right now.

Pretty much everyone I know with Comcast, one of the first to adopt native dual stack, has run into an issue that ended up necessitating disabling v6 on their router. Until the time comes when the tables turn and the internet is primarily on v6 and v4 starts having these issues because they aren't paying attention to it, I don't see any reason to re-enable it for them.
 
I agree

For those following along, If you count yourself among those to whom the second point applies, please consider spending a few hours of your life at https://ipv6.he.net/certification/ to make many more hours to come free/enjoyable
I count myself among those people that are adverse to using v6 in most cases, and it is nothing to do with fear of the unknown. I ran an HE IPv6 tunnel for years out of my house with web and mail servers on it, but for the average home user, it is more headache than it is worth.

I get the reason why everything prefers v6 over v4 to facilitate the migration, but unfortunately with the instability and unreliability of many v6 endpoints out there, it really should be the other way around. Then less people will disable v6 due to issues and as v4 starts disappearing, they won't even notice (assuming at that point providers have gotten their act together and their v6 is stable).
 
Pretty much everyone I know with Comcast, one of the first to adopt native dual stack, has run into an issue that ended up necessitating disabling v6 on their router.

Good you qualified that. I have had Comcast for years, run a couple of servers here, have DDNS through Google (was no-ip).
When I wanted to force all DNS traffic to a pi-hole I needed help with the IPv6 traffic. Else, troublefree.

Until recently, I have worked for large companies, medium, spent a few years doing server/networking for a break/fix company.
None had IPv6 disabled.

Experiences vary and ours are quite different.
 
From reddit earlier today: https://www.google.com/intl/en/ipv6/statistics.html
That's just Google servers - does Amazon and/or CloudFlare offer the same info?
40% is 2/5 users, and I wonder how many else have equipment that doesn't support v6 or have chosen to disable it?
 
Good you qualified that. I have had Comcast for years, run a couple of servers here, have DDNS through Google (was no-ip).
When I wanted to force all DNS traffic to a pi-hole I needed help with the IPv6 traffic. Else, troublefree.

Until recently, I have worked for large companies, medium, spent a few years doing server/networking for a break/fix company.
None had IPv6 disabled.

Experiences vary and ours are quite different.

In some cases it was comcast that had the issue (specifically their email servers), but in many others it was totally non-comcast endpoints. I mostly mentioned Comcast because they're the only one around here that has v6 enabled so that's the only one I have to deal with (I'm friend/family/neighborhood/distant cousin/friend of friend of friend, etc tech support).

Most large companies do not have v6 enabled at all, with the exception of ISPs using it for device management to free up v4 space. Large corporations and ISPs were lucky enough to scoop up plenty of v4. I work for one of the world's largest telcos and we serve every size company from small to very large, none of them have wanted to even talk about going v6.

The only people I see with v6 enabled are homes and small business that use consumer or SOHO routers that default to v6 enabled, and their ISP happens to support it. They did not intend to use it, it is just on by default.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top