Rebind protection but for IPv6

I have allowed my domain for rebind protection and it works fine for LAN ipv4 address but not for IPv6 address like fd00::8, opening the website defaults to 192.168.1.8, it it possible to allow IPv6 too?

Have you added an AAAA record?
Is the OS/browser preferring IPv6 over v4?

1 Like

Yes, I have added both for dual stack, and the browser prefers IPv6 but only opens IPv4 address by default.

Are you sure it prefers IPv6 for both GUA and ULA scopes?
It may differ depending on the scope of the routing.

1 Like

I am not sure how to even check it. I think I will just delete the IPv6 address from subdomain.

Check from the client:

nslookup DOMAIN
ping DOMAIN

Ping domain pings IPv4 unless I use ping -6 domain

Does the first command return the expected ULA address?
What is the client OS?

if I use ping -6 domain, I get the ULA, If I use ping domain I get IPv4 address on Windows 10.

But Its OK, its not a big problem I can live with IPv4 on my LAN. I will just delete the IPv6 address for my domain, I was just curious.

Sounds like it prefers v4.
Try to remove the A record for a moment and verify it works over v6 only.

1 Like

I think this may be a property of ping rather than an OS level preference.

On the other hand this article implies windows prefers IPv4 over ula

2 Likes

This behavior appears to be OS-specific.
A general-purpose Linux prefers IPv6 ULA over IPv4:

> resolvectl --legend=no query example.org
example.org: 192.168.122.1                     -- link: enp1s0
             fde4:b6fd:2df0::1                 -- link: enp1s0

> getent hosts example.org
fde4:b6fd:2df0::1 example.org

> ping -q -w 1 example.org | head -n 1
PING example.org(example.org (fde4:b6fd:2df0::1)) 56 data bytes

> uname -n -o -r -s
Linux fedora 5.10.16-200.fc33.x86_64 GNU/Linux

As it should IMHO :wink:

Let's turn off IPv4 already!

1 Like