Ignores IPv6 DNS results

[gloomytrousers]

I'm on an IPv6-capable (dual stack) network. With Blokada running, it seems no IPv6 (AAAA) records are returned in DNS results, only IPv4 (A) records. This makes IPv6-only sites inaccessible, and forces access to dual-stack sites via IPv4 only.

This can be tested by visiting an IPv6 test site with and without Blokada running.

[Mikaela]

I am behing carrier grade NAT (and most of mobile IPv6 users are likely in similar situation with DualStack Lite) also at home and lately it has seemed like either my router or the CGN is overloaded and my IPv4 connections are very slow or get cut or otherwise have issues while IPv6 works just fine.

Thus I think this issue is blocking me from using Blokada.

[cbruegg]

I've (hopefully) resolved this issue in PR #295 :smiley:

[cbruegg]

The PR for this is now merged, so this issue should be fixed in the next release.

[androidacy-user]

Issue unresolved in v3.7, which in the changelog says adds ipv6 support. I ping my (ipv6 ready) server IP, and it informs me 'no route to host'. Turn blokada off, and works as expected. The site ipv6-test.com also fails to see my ipv6 address I know I have. It says I'm not ipv6 capable (tried the site in both chrome and Firefox). I'm running Android 8.1, on an Alcatel Tetra (soon to be Moto g6 later this week. Yay!)

[cbruegg]

My patch was reverted unfortunately, but I don't know why. If somebody tells me the reason, I would love to look into it.

colbycdev notifications@github.com schrieb am Mo., 4. März 2019, 23:03:

Issue unresolved in v3.7, which in the changelog says adds ipv6 support. I ping my (ipv6 ready) server IP, and it informs me 'no route to host'. Turn blokada off, and works as expected. The site ipv6-test.com also fails to see my ipv6 address I know I have. It says I'm not ipv6 capable (tried the site in both chrome and Firefox). I'm running Android 8.1, on an Alcatel Tetra (soon to be Moto g6 later this week. Yay!)

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/blokadaorg/blokada/issues/94#issuecomment-469439781, or mute the thread https://github.com/notifications/unsubscribe-auth/AAKtPdACsvm6hVbUkZ5jv3kDVXd92Tp2ks5vTZgcgaJpZM4R2Z0W .

[InsaneSplash]

I hope this is resolved soon.

[peterroth]

It was reverted because this part of the code had a countereffect on the DNS fallback option:

if (dnsServers.none { it.getAddress() is Inet6Address }) {
 // If we add no IPv6 route or DNS server, all IPv6 access is otherwise blocked by default
 builder.allowFamily(OsConstants.AF_INET6)
}

Unfortunately it blocked the connection on devices where we faced #284

[cbruegg]

@rpeter85 Thanks for the information! Could you please elaborate how this interferes with the DNS fallback? All it should do is allow IPv6 traffic in addition to IPv4 traffic.

[androidacy-user]

Unfortunately, my internet service provider recently announced they are going all IPv6, so I'd highly appreciated if this issue can be resolved in a manner sufficient for all users (including ones from #284). This would mean that Blokada would block all of my traffic, as I'd be without an ipv4 address or access If I knew kotlin better, I'd help but for now I'll keep up my donation

Sent from my moto g(6) using FastHub

[kar]

The reason it was reverted was that it caused many users to report that Blokada is "no longer blocking ads". I made a hotfix by reverting this change and now it's all ok for them. I haven't had time to investigate why exactly it messes up with the blocking, if you could that would be great. We can organise a beta testing group to see if your ideas work for all users.

[kar]

https://www.reddit.com/r/blokada/comments/asdccl/blokada_v37_is_out/

[peterroth]

Based on user feedback, it seems it is still present in 4.4.2.

[pbiering]

Issue is still existing in 4.5.1 At least IPv6-only sites should be supported (means DNS returns AAAA, but no A record). One can test using http://ipv6.bieringer.de (this FQDN has no A record in DNS).

[Lavater]

Same problem to me. This site https://www.wieistmeineip.de/ipv6-test/ shows on some routers no IPv6. If I disable Blokada same site shows IPv6 connection. This happens not with all routers, but with some.

[fadenb]

For the record: I took the change from #295 and hacked it into the current codebase (basically just put https://github.com/blokadaorg/blokada/pull/295/files#diff-60b924b8d5d69c1beaa36fb63cf1b9a7R65 into app/src/tun-local/kotlin/tunnel/DnsVpnConfigurator.kt without any checks 😉), built the full debug apk and installed it.

Seems to work as intended ( http://ipv6.bieringer.de is accessible with Blokada active, test-ipv6.com shows 10/10 rating, wtfismyip.com shows IPv6 and IPv4 addresses; basically every test that comes to mind seems to work :) ) I can not confirm that blocking fails as was reported on reddit.

[laurentvv]

I still have problems with ipv6, I no longer have a visible ipv6 address for example on whatismyip and no website with only ipv6 does not work