https://www.txthinking.com/talks/
Updated at: 2023-05-14
cloud@txthinking.com
Google data IPv6 traffic is already close to 40%.
Brook's stance on IPv6 is positive. For example, when the server address filled in by the client is domain address and no address parameter is specified, it will try to use an IPv6 address first; it will also try to set up a dual-stack environment; IPv6 system DNS, etc.
If both local and server support IPv6, you should have no problems.
The operating system is also IPv6-first. Different applications also have their own fallback mechanism. For example, Chrome will consider that the dual-stack environment fails and will not fall back, while under the same network environment, Safari will fall back successfully.
Proxy tunnels can transport proxy IPv4 and IPv6 destinations regardless of whether they are established over IPv4 or IPv6. Refer to the picture above.
If Fake DNS is guaranteed to work
However, if the IPv6 IP is bypassed by the rule, that is, the local connects it directly, it will fail, because the local does not support IPv6 and cannot connect to the IPv6 IP
The solution is to avoid resolve IPv6 IP, which is to block AAAA
Brook client configures System DNS that automatically blocks AAAA, such as using brook to create one:
brook dnsserver -l :53 --disableAAAA
Brook client configures Bypass DNS that automatically blocks AAAA, such as using brook to create one:
brook dnsserver -l :53 --disableAAAA
Brook client configures Bypass DNS that automatically blocks AAAA, such as using brook to create one:
brook dohserver ... --disableAAAA
Use script to block AAAA
f := func() {
if in_dnsquery {
if in_dnsquery.type == "AAAA" {
return {"block": true}
}
return
}
}
out := f()