[dns-operations] IPv6 Connectivity on Firefox

Bob Harold rharolde at umich.edu
Wed Nov 25 14:25:25 UTC 2015 

On Wed, Nov 25, 2015 at 7:44 AM, Shane Kerr <shane at time-travellers.org>
wrote:

> Fatemah,
>
> I'm not sure that this is the best list to ask this question. Possibly
> a Firefox development list would be a better place.
>
> Still, lets have a look at your questions...
>
> At 2015-11-25 02:06:41 -0800
> Fatemah Alharbi <falha008 at ucr.edu> wrote:
>
> > I am a PhD student at UC Riverside, CA, USA. I am conducting
> > experiments using Firefox to test Ipv6 connectivity and I would
> > appreciate your cooperation and help to answer the following
> > questions.
> >
> > Experiment 1:
> > By default, Firefox has Ipv6 enabled. When I visit a particular
> > website, Firefox always sends 2 DNS queries: A query(For IPv4
> > address) and AAAA query (for IPv6 address). It always prefers the
> > IPv4 address, why?
>
> Firefox wants to know the IP addresses of the web server you are
> connecting to. These can be either IPv4 or IPv6, so two separate
> queries are needed.
>
> As for why Firefox prefers IPv4... Firefox uses what we call "happy
> eyeballs":
>
> https://en.wikipedia.org/wiki/Happy_Eyeballs
>
> You can read their ticket about the details of the implementation here:
>
> https://bugzilla.mozilla.org/show_bug.cgi?id=684893
>
> Most likely in your case it is always preferring IPv4 because it is
> faster (or at least lower-latency).
>
> > Experiment 2:
> > Please see the attached file: block_A_record_google.pcapng. I blocked
> > the IPv4 response packets (for the A queries) of the domain name
> > clients1.google.com to see how Firefox would behave if it gets only
> > the AAAA response. Even if Firefox gets a positive response for the
> > AAAA query, it ignores the response and keeps asking for the Ipv4
> > address! Why?
> >
> > Does that have anything to do with my ISP Ipv6 connectivity? My ISP,
> > Charter, doesn’t support Ipv6 connectivity to residential customers
> > yet. If so, how Firefox does know that my ISP doesn’t support Ipv6
> > connectivity? How does Firefox know that the host triggering the DNS
> > requests is not within an Ipv6 network?
> >
> > This is the result of the Ipv6 connectivity test on Firefox (Please
> > see the attached file: Test Your Ipv6 Connectivity-Firefox.pdf):
>
> Since you don't have IPv6 connectivity, disabling IPv4 by blocking DNS
> lookup for A records just means that you can't connect to the Internet.
> It looks like the browser is continuing to try to connect to the web
> page by retrying the queries. I'm not sure what you think the browser
> should do?
>
> Cheers,
>
> --
> Shane
>
>
Also note that 'blocking' the "A" queries is the wrong method - it will
keep trying to get an answer.  A better method would be to answer the query
as if there were no A records - "no error, empty answer section".  You
would probably need to set up your own DNS resolver, limited to only
answering for your client, and create a zone for the domain name that you
want to spoof, without the A records.  (Or you could try to use RPZ.)

-- 
Bob Harold
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20151125/0ed61e77/attachment.html>

More information about the dns-operations mailing list