6to4 in Internet aaaa records

Jeroen Massar jeroen at massar.ch
Sat Oct 4 13:02:26 CEST 2014

On 2014-10-04 12:49, Gert Doering wrote:
> Hi,
> On Thu, Oct 02, 2014 at 10:31:25PM -0400, Jeroen Massar wrote:
>>> <http://www.azdes.gov>)... 2002::cf6c:8846
>> That is an invalid 6to4 address as it would have a 6to4 gateway of
> Uh, what?
> Who are you and what happens to the Jeroen I know who understands IPv6,
> and knows that 6to4 addresses do (unlike Teredo) not call a reference
> to the gateway in there...

I think Gert needs some Saturday morning coffee.... ;)

Just in case:

$ ipv6calc -i 2002::cf6c:8846
No input type specified, try autodetection...found type: ipv6addr
No output type specified, try autodetection...found type: ipv6addr
Address type: unicast, 6to4, global-unicast, productive
Address type is 6to4 and included IPv4 address is:
IPv4 registry for 6to4 address: reserved(RFC1122#
Address type has SLA: 0000
Error getting registry string for IPv6 address: reserved(RFC3056#2)
Interface identifier: 0000:0000:cf6c:8846
Interface identifier is probably manual set or based on a local EUI-64

If a packet from say 2001:db8::1 would go to 2002::cf6c:8846 it will be
forwarded to a router with 6to4-tunneling-ability, which will create a
IPv4 packet with destination (due to 2002:aabb:ccdd:...)
containing a protocol 41 payload that is the IPv6 packet we are forwarding.

The host will then deliver over native IPv6 the packet to

As is invalid though, the packet will not end up anywhere and
stuff miserably fails.

Note that if all is correctly implemented the 6to4-relay will send an
icmp6-unreachable as it will have a 2002::/24 route to loopback (just
like it should have routes for 2002:<rfc1918 etc>).

>  and that the biggest part of the actual
> *problem* with 6to4 is exactly the anycast nature of it's current
> deployment...?

Of course that is a big problem.

But the in there will never work either ;)

With or without an anycast node.

>> One would think with all the "IPv6 consultants" in the US, that .gov
>> agencies would be able to get that part right...
>> Though, better point them out that 6to4 is a bad idea in general anyway.
> I certainly agree with that sentiment, though.  6to4 should never ever
> (NEVER!) show up in public DNS for servers, as "just stick to IPv4" is 
> guaranteed to give better service.



More information about the ipv6-ops mailing list