Teredo only used as last resort after IPv4 (Was: ipv6-ops Digest, Vol 25, Issue 9)

Andrius Kazimieras Kasparavic(ius andrius at andrius.org
Mon Apr 9 20:50:23 CEST 2007


Jeroen Massar wrote:
> Great that their network is large enough to DDoS *OTHER* sites indeed.
> Maybe they should then kick those people to educate themselves.
> Please point them at amongst others:
> http://www.us-cert.gov/reading_room/DNS-recursion033006.pdf
> http://csrc.nist.gov/fasp/FASPDocs/network-security/NISTSecuringDNS.htm
>
> and there are a variety of other documents explaining the problem.
>
>   
80% are still open, including i.e. ns[x].easynet.co.uk, let alone
http://www.opendns.com/ . Will single closures save the internet? Maybe
RIR's should scan their subnets now and again for open proxy/dns..,
or/and ISP's redirect dns traffic locally including setting up local
root mirrors.  But that is offtopic afaik.


>>> When you have native or tunneled IPv6 connectivity thatwill be
>>> preferred. See the discussion on Teredo from last week or so.
>>>
>>> If you try www.ipv6.sixxs.net, which only has a IPv6 address, then you
>>> should be reaching it using IPv6.
>>>   
>>>       
>> that works, thanks!
>>     

actually it works on WXP, but not on WV, as by
http://msdn2.microsoft.com/en-us/library/aa965910.aspx:

Due to current bsence of Teredo relays on the Internet, connections to
native IPv6 addresses are unlikely to succeed over the Teredo interface.
If WSAConnectByName is called, Windows Vista will not issue AAAA queries
when Teredo is the only IPv6 capable interface available. This ensures
that native IPv6 addresses are not obtained as a destination and that
connections are attempted over IPv4, which has the highest chance of
success. In order to obtain IPv6 addresses when Teredo is the only IPv6
capable interface, an application must explicitly use the DnsQuery API
for AAAA records.

that would mean, that unless application insists AAAA, windows will not
try to use teredo at all.. ? Both IE7 and FF2 on VW does not open your
URL provided.


> The reasoning that M$ used is very valid: Native IPv4 outperforms
> Teredo'd IPv6 always. Thus when IPv4 is possible, use that.
>   
agreed, just shame on old documents and who read them. :)

Thanks


More information about the ipv6-ops mailing list