IPv4-mapped Addresses in AAAA-records

[maertsen]

I just came across a curious case while testing the batch functionality of #613 on a Forum Standaardisatie dataset:

$ dig +short -t AAAA www.haarlemmermeer.nl
::ffff:136.144.238.186

$ dig +short -t NS haarlemmermeer.nl
ns4.kpn.net.
dns.haarlemmermeer.nl.

$ dig +short -t AAAA dns.haarlemmermeer.nl
::ffff:31.161.51.11

These are IPv4-mapped IPv6 addresses. It is my understanding that when a dual stack hosts (such as internet.nl) connects a IPv6 socket to such an address, it will transparently use a IPv4 transport instead. I think that makes publishing these records for most purposes equivalent to not publishing a AAAA-record at all. However, using IPv4-mapped addresses does seem to pass all relevant IPv6 tests.

Pretty clever :-)

[maertsen]

This is a practical example of #146. I missed that ticket when opening this new one.

@gthess notes that the difference appears to be that the connectivity test failed to connect in the past. He thinks this change may be related to differences between internet.nl running from FreeBSD (then) and Linux (now)

[baknu]

Other example: logius.sitearchief.nl

"IPv4-Mapped IPv6 Addresses" are defined in https://www.rfc-editor.org/rfc/rfc4291#section-2.5.5.2

[mxsasha]

#787 filters out these IPv4-mapped addresses, as they aren't "real" IPv6 addresses. So a host that only has v4-mapped is considered not to have IPv6.

We need to add this to the explanation. Suggestion for @baknu: expand the text for web-mail ns AAAA and web AAAA and add something like: "We do not count IPv4-mapped IPv6 addresses (RC4291, beginning with ::ffff:) as they do not provide IPv6 connectivity.

[baknu]

@mxsasha Does #787 also fix this issue in the mail test?

[mxsasha]

@mxsasha Does #787 also fix this issue in the mail test?

Yes.

[baknu]

Done