IPv4-Mapped IPv6 Address used in DNS with AAAA-records
Brian E Carpenter
brian.e.carpenter at gmail.com
Sat Jul 29 01:28:30 CEST 2023
On 28-Jul-23 21:27, Nick Hilliard wrote:
> Thomas Schäfer wrote on 28/07/2023 09:04:
>> "We did this to drive down the cost with our DNS provider. Queries for
>> AAAA records that didn't exist, followed by queries for A records,
>> was costing us significantly and we needed to alleviate that."
>>
>> "Our AAAA answers follow the standards, and our local dual-stack
>> testing has shown no issues."
>
> There's a long tail of ipv6 implementations, and some of them are very
> broken indeed. Thoughts and prayers to their user base.
No issues?
I just stuck this in the hosts file on Windows: ::ffff:8.8.8.8 www.google.com
and now I can't reach Google any more... Error code: SSL_ERROR_BAD_CERT_DOMAIN
So I would be surprised if they have got this working in all cases without
any such issues. At least they have to configure tolerant certs.
Interestingly, since Thomas mentioned IBM, ::ffff:23.43.149.178 www.ibm.com
works without certificate errors (and that's via Akamai). So not everybody
is as strict with their certificates as Google.
Brian
More information about the ipv6-ops
mailing list