How to prevent Brook from failing to connect to IPv6

https://www.txthinking.com/talks/
Updated at: 2023-05-14
cloud@txthinking.com

x

The current proportion of IPv6 in the Internet

Google data IPv6 traffic is already close to 40%.

Brook's attitude towards IPv6

Brook's stance on IPv6 is positive. For example, when the server address filled in by the client is domain address and no address parameter is specified, it will try to use an IPv6 address first; it will also try to set up a dual-stack environment; IPv6 system DNS, etc.

If both local and server support IPv6, you should have no problems.

OS's attitude towards IPv6

The operating system is also IPv6-first. Different applications also have their own fallback mechanism. For example, Chrome will consider that the dual-stack environment fails and will not fall back, while under the same network environment, Safari will fall back successfully.

Proxy tunnel

Proxy tunnels can transport proxy IPv4 and IPv6 destinations regardless of whether they are established over IPv4 or IPv6. Refer to the picture above.

Local or Server does not support IPv6

If Fake DNS is guaranteed to work

However, if the IPv6 IP is bypassed by the rule, that is, the local connects it directly, it will fail, because the local does not support IPv6 and cannot connect to the IPv6 IP

The solution is to avoid resolve IPv6 IP, which is to block AAAA

Option 1

Brook client configures System DNS that automatically blocks AAAA, such as using brook to create one:

brook dnsserver -l :53 --disableAAAA

Brook client configures Bypass DNS that automatically blocks AAAA, such as using brook to create one:

brook dnsserver -l :53 --disableAAAA

Brook client configures Bypass DNS that automatically blocks AAAA, such as using brook to create one:

brook dohserver ... --disableAAAA

Option 2

Use script to block AAAA

f := func() {
    if in_dnsquery {
        if in_dnsquery.type == "AAAA" {
            return {"block": true}
        }
        return
    }
}
out := f()

Example

Comments