A Network Access Issue Caused by DNS64

-

Background

While I was troubleshooting a network access issue last night, I found an interesting issue caused by DNS64.  So I spent some time research what's the DNS64 feature is , why it's causing problem to me and how to fix it.

The Issue

During the troubleshooting, I noticed that some of the network connection between my computer and zhihu-web-analytics.zhihu.com failed.  More specifically, get timed out.  I suspected there might be some heavy packet loss along the network path, so I tried to use mtr to check if that's the case.
                                    My traceroute  [v0.95]
Bob-Desktop (2600:1700:5050:bcf:22d3:cd56:fda7:fe3a) -> zhihu-web-analyt2022-08-13T16:50:00-0700
Keys:  Help   Display mode   Restart statistics   Order of fields   quit
                                                        Packets               Pings
 Host                                                 Loss%   Snt   Last   Avg  Best  Wrst StDev
 1. OPNsense.localdomain                               0.0%     4    0.1   0.1   0.1   0.2   0.0
 2. (waiting for reply)
 3. 2001:506:6000:11b:71:165:123:86                    0.0%     4    2.2   2.1   1.9   2.2   0.1
 4. (no route to host)
Hey, no route to host.  How come?  And it's using IPv6.  Am I accessing an IPv6 site?  What's the IP address for zhihu-web-analytics.zhihu.com?
nslookup does show me botht he IPv4 addreass and IPv6 addresses tied to the DNS name.
$ nslookup zhihu-web-analytics.zhihu.com
Server: 127.0.0.53
Address: 127.0.0.53#53

Non-authoritative answer:
zhihu-web-analytics.zhihu.com canonical name = gslb-offline-pkx01.zhihu.com.
gslb-offline-pkx01.zhihu.com canonical name = lb-pkx01-offline.zhihu.com.
Name: lb-pkx01-offline.zhihu.com
Address: 192.144.195.62
Name: lb-pkx01-offline.zhihu.com
Address: 140.143.214.102
Name: lb-pkx01-offline.zhihu.com
Address: 64:ff9b::c090:c33e
Name: lb-pkx01-offline.zhihu.com
Address: 64:ff9b::8c8f:d666
Oh, wait!  Why does the IPv6 address all started with 64:ff9b, which is the special IPv6 address range reserved for IPv4/IPv6 translation.  It seems that the DNS name do not have a real IPv6 IP address assigned to it.  The DNS resolver I am using is tring to translate the IPv4 IP address and providing translated IPv6 IP address for the IPv4 address.  However, there is no NAT64 configured on my Intnert gateway, the IPv6 traffic to those 64:ff9b IPv6 address will not be translated to IPv4 traffic, then routed to my upstream Internet service provider.

The Fix

To fix the issue, I looked through the configuration for the DNS resolver and I noticed the DNS64 feature was indeed being enabled.  I went ahead and disalbed the feature.  After that, the DNS resolver will not create those 64:ff9b response for IPv4 only hosts.  Here is the result after the issue is fixed.
$ nslookup zhihu-web-analytics.zhihu.com
Server: 127.0.0.53
Address: 127.0.0.53#53

Non-authoritative answer:
zhihu-web-analytics.zhihu.com canonical name = gslb-offline-pkx01.zhihu.com.
gslb-offline-pkx01.zhihu.com canonical name = lb-pkx01-offline.zhihu.com.
Name: lb-pkx01-offline.zhihu.com
Address: 140.143.214.102
Name: lb-pkx01-offline.zhihu.com
Address: 192.144.195.62

Comments

Post a Comment

Popular posts from this blog

Secure Home Network with OPNsense

-
Image
I was working on some smart home project as I bought a new home earlier this year.  With more and more devices connected to my home network then to Internet.  I do have some concerns regarding the security of those devices.  For two reasons: Quite of the smart home devices need to have Internet connection and being controlled by some SaaS platform Any devices in my home network can communicate with the smart home devices Smart home devices can freely talk to other devices in my home network In order to provide some protection to the home network and those smart home devices, I decided to bring some open source software firewall to segregate the traffic for different types of the devices. After doing some research, I decided to go with OPNsense firewall.  According to the article on Wikipedia,  OPNsense is an open source, FreeBSD-based firewall and routing software developed by Deciso. It is a fork of pfSense, which in turn was forked from m0n0wall built o...
Read more

Dropping Into "initramfs" Prompt After Installing Ubuntu 22.04 LTS on to Dell VRTX Server

-
Image
Background During one of the recent projects, I want to install a Linux OS onto a Dell VRTX server. Without checking the hardware compatibility list and with limited knowledge about the Dell VRTX server platform, I started to install Ubuntu 20.04 LTS on one of the server blades in the chassis. And running into some interesting issues, which forces me to learn more about the Dell VRTX platform and Linux OS. Though spending quite a lot of effort in sorting out the issue, I am happy to share it with others who are interested to know more about it. Server blades inside the Dell VRTX chassis have no hard hard drive installed. But the chassis enclosure has 25 2.5 in SAS hard drive installed. Before starting the whole process, I picked up two of the SAS hard drive and created a RAID-1 logical drive, and assigned it to the server blade. I thought the system would be able to boot from the new logical drive. The Start of the Problem After inserting the USB disk with Ubuntu 22.04, the server blad...
Read more

Ubuntu 22.04 Multipath I/O Problem with Dell VRTX

-
Image
High-Level Architecture of Dell PowerEdge VRTX In the previous article , I explain the issue I am running into when installing Ubuntu 22.04 on a Dell VRTX server.  To understand a little bit more about what went wrong and potentially fix the problem, I tried to know how the Dell VRTX server was designed. After some googling, I found the  Technical Guide from Dell.  It revealed a pretty interesting design of the system.  The Dell VRTX system is designed to be a Cost-Effective Hyperconverged server system for a small office environment or remote office environment, where there are some compute power is needed but not on a large scale.  One Dell VRTX chassis can host up to 4 server blades, up to 25 x 2.5 in. NLSAS, SAS, or SAS SSD hot-plug drives (not including the hard drive bays on the server blades), and 8 flexible PCIe slots.  All those hard drives, PCIe slots, and network ports belong to the Dell VRTX chassis.  The chassis management syste...
Read more