Really annoying is when recent devices don’t respect the DNS you’re advertising or allow configuration (Android…)
My site is behind CGNAT on IPv4 with recently added fully routed IPv6. There are legacy control devices all over it that don’t speak IPv6, with local DNS records that allow them to be readily accessed while walking around with a mobile device… Allowed them to be accessed that is, until IPv6.
The Android IPv6 stack ignores the RA for my local DNS and also resolves via v6 by default, forwarding local queries upstream and returning no results. Then it doesn’t bother to fall back to v4. Unrooted Android has no exposed configuration for IPv6 of any sort to modify its behaviour, no hosts file to override or any way I can see to fix this. I can’t even disable IPv6 on my phone.
So to access my local devices from Android I need to use their full IPv4 address or VPN back into my own network… Oh wait, the stack is so broken that despite setting DNS in Wireguard, it still tries to resolve through upstream v6 first!
Apparently recent smart TVs are doing similar even on IPv4, hard-coded to 1.1.1.1 or 8.8.8.8 to dodge ad blocking, which is plain malicious and ignores all standards…
Really annoying is when recent devices don’t respect the DNS you’re advertising or allow configuration (Android…)
My site is behind CGNAT on IPv4 with recently added fully routed IPv6. There are legacy control devices all over it that don’t speak IPv6, with local DNS records that allow them to be readily accessed while walking around with a mobile device… Allowed them to be accessed that is, until IPv6.
The Android IPv6 stack ignores the RA for my local DNS and also resolves via v6 by default, forwarding local queries upstream and returning no results. Then it doesn’t bother to fall back to v4. Unrooted Android has no exposed configuration for IPv6 of any sort to modify its behaviour, no hosts file to override or any way I can see to fix this. I can’t even disable IPv6 on my phone.
So to access my local devices from Android I need to use their full IPv4 address or VPN back into my own network… Oh wait, the stack is so broken that despite setting DNS in Wireguard, it still tries to resolve through upstream v6 first!
Apparently recent smart TVs are doing similar even on IPv4, hard-coded to 1.1.1.1 or 8.8.8.8 to dodge ad blocking, which is plain malicious and ignores all standards…
So anyways this is why DNS is dragon #3