blokada icon indicating copy to clipboard operation
blokada copied to clipboard

Published 20 hours ago verified publisher icon blokadaorg

Ignores IPv6 DNS results

Open gloomytrousers opened this issue 7 years ago • 16 comments
trafficstars

I'm on an IPv6-capable (dual stack) network. With Blokada running, it seems no IPv6 (AAAA) records are returned in DNS results, only IPv4 (A) records. This makes IPv6-only sites inaccessible, and forces access to dual-stack sites via IPv4 only.

This can be tested by visiting an IPv6 test site with and without Blokada running.

gloomytrousers avatar Feb 01 '18 22:02 gloomytrousers

I am behing carrier grade NAT (and most of mobile IPv6 users are likely in similar situation with DualStack Lite) also at home and lately it has seemed like either my router or the CGN is overloaded and my IPv4 connections are very slow or get cut or otherwise have issues while IPv6 works just fine.

Thus I think this issue is blocking me from using Blokada.

Mikaela avatar Oct 13 '18 13:10 Mikaela

I've (hopefully) resolved this issue in PR #295 :smiley:

cbruegg avatar Nov 23 '18 17:11 cbruegg

The PR for this is now merged, so this issue should be fixed in the next release.

cbruegg avatar Dec 17 '18 08:12 cbruegg

Issue unresolved in v3.7, which in the changelog says adds ipv6 support. I ping my (ipv6 ready) server IP, and it informs me 'no route to host'. Turn blokada off, and works as expected. The site ipv6-test.com also fails to see my ipv6 address I know I have. It says I'm not ipv6 capable (tried the site in both chrome and Firefox). I'm running Android 8.1, on an Alcatel Tetra (soon to be Moto g6 later this week. Yay!)

androidacy-user avatar Mar 04 '19 22:03 androidacy-user

My patch was reverted unfortunately, but I don't know why. If somebody tells me the reason, I would love to look into it.

colbycdev [email protected] schrieb am Mo., 4. März 2019, 23:03:

Issue unresolved in v3.7, which in the changelog says adds ipv6 support. I ping my (ipv6 ready) server IP, and it informs me 'no route to host'. Turn blokada off, and works as expected. The site ipv6-test.com also fails to see my ipv6 address I know I have. It says I'm not ipv6 capable (tried the site in both chrome and Firefox). I'm running Android 8.1, on an Alcatel Tetra (soon to be Moto g6 later this week. Yay!)

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/blokadaorg/blokada/issues/94#issuecomment-469439781, or mute the thread https://github.com/notifications/unsubscribe-auth/AAKtPdACsvm6hVbUkZ5jv3kDVXd92Tp2ks5vTZgcgaJpZM4R2Z0W .

cbruegg avatar Mar 04 '19 22:03 cbruegg

I hope this is resolved soon.

InsaneSplash avatar Mar 07 '19 17:03 InsaneSplash

It was reverted because this part of the code had a countereffect on the DNS fallback option:

if (dnsServers.none { it.getAddress() is Inet6Address }) {
 // If we add no IPv6 route or DNS server, all IPv6 access is otherwise blocked by default
 builder.allowFamily(OsConstants.AF_INET6)
}

Unfortunately it blocked the connection on devices where we faced #284

peterroth avatar Mar 12 '19 07:03 peterroth

@rpeter85 Thanks for the information! Could you please elaborate how this interferes with the DNS fallback? All it should do is allow IPv6 traffic in addition to IPv4 traffic.

cbruegg avatar Mar 12 '19 19:03 cbruegg

Unfortunately, my internet service provider recently announced they are going all IPv6, so I'd highly appreciated if this issue can be resolved in a manner sufficient for all users (including ones from #284). This would mean that Blokada would block all of my traffic, as I'd be without an ipv4 address or access If I knew kotlin better, I'd help but for now I'll keep up my donation

Sent from my moto g(6) using FastHub

androidacy-user avatar Mar 13 '19 01:03 androidacy-user

The reason it was reverted was that it caused many users to report that Blokada is "no longer blocking ads". I made a hotfix by reverting this change and now it's all ok for them. I haven't had time to investigate why exactly it messes up with the blocking, if you could that would be great. We can organise a beta testing group to see if your ideas work for all users.

kar avatar Mar 13 '19 07:03 kar

https://www.reddit.com/r/blokada/comments/asdccl/blokada_v37_is_out/

kar avatar Mar 13 '19 07:03 kar

Based on user feedback, it seems it is still present in 4.4.2.

peterroth avatar Nov 18 '19 15:11 peterroth

Issue is still existing in 4.5.1 At least IPv6-only sites should be supported (means DNS returns AAAA, but no A record). One can test using http://ipv6.bieringer.de (this FQDN has no A record in DNS).

pbiering avatar Feb 04 '20 06:02 pbiering

Same problem to me. This site https://www.wieistmeineip.de/ipv6-test/ shows on some routers no IPv6. If I disable Blokada same site shows IPv6 connection. This happens not with all routers, but with some.

Lavater avatar Feb 26 '20 22:02 Lavater

For the record: I took the change from #295 and hacked it into the current codebase (basically just put https://github.com/blokadaorg/blokada/pull/295/files#diff-60b924b8d5d69c1beaa36fb63cf1b9a7R65 into app/src/tun-local/kotlin/tunnel/DnsVpnConfigurator.kt without any checks 😉), built the full debug apk and installed it.

Seems to work as intended ( http://ipv6.bieringer.de is accessible with Blokada active, test-ipv6.com shows 10/10 rating, wtfismyip.com shows IPv6 and IPv4 addresses; basically every test that comes to mind seems to work :) ) I can not confirm that blocking fails as was reported on reddit.

fadenb avatar Jun 23 '20 18:06 fadenb

I still have problems with ipv6, I no longer have a visible ipv6 address for example on whatismyip and no website with only ipv6 does not work

laurentvv avatar Jun 13 '22 09:06 laurentvv