=== So I am at my dads this weekend, and I (as always) load bgp.tools to check what the internet connection is doing, and to my surprise this time IPv4 was showing correctly as Trooli (his local AltNet), but huh, what? on IPv6 Cloudflare is his upstream? That seems wrong and unlikely? So surely I thought my dad might be running the Cloudflare Warp VPN or something, but I asked him, and nope. The IPv6 address check on bgp.tools works by making you request v6.bgp.tools/whoami, a DNS name that only has a AAAA on it, forcing you to use IPv6 (if you have it). Yet this time it seemed that it was returning a IPv4 cloudflare record! Also interestingly, I could not reproduce this on Firefox.
The Mystery Cloudflare NAT64
one honk maybe more
benjojo
replied 20 May 2023 15:48 +0000
in reply to: https://mastodon.social/users/jamesog/statuses/110401290821709366
@jamesog yeah there is a honk quirk where all hyperlinks are classed as person links to avoid mastodon from attempting to "twitter card" them. 99% of clients just treat it as a link, Ivory attempts to be clever and turns it into a profile page. Promptly exploding shortly upon impact
benjojo
replied 20 May 2023 11:03 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/CFkXcj8K9fG3BH8w34
So, I think "Is cloudflare acting as a weird NAT64", he is using 1.1.1.1 in his PiHole config, but surely cloudflare would not dare try and work around AAAA records like this? A quick dig proves that 1.1.1.1 is not doing this: So what is doing this? To get a better idea, I use chrome://net-export/ to export a file, and load the file in https://netlog-viewer.appspot.com/#dns And I see this in the DNS tab, showing a pretty normal DNS setup, but there is a critical clue on what is going on here!
[11:59:15] ben@eshwill:~$ dig A v6.bgp.tools +short
[11:59:19] ben@eshwill:~$ dig A v6.bgp.tools @1.1.1.1 +short
[11:59:23] ben@eshwill:~$ 
benjojo
replied 20 May 2023 11:07 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/7hVSl1Ys168mL2Wh7G
So. My dad configured a DNS search domain. It turned out, because he has no IPv6 in the house. It used the search domain. Of course. My dad had a wildcard proxy record on his cloudflare domain, that he used on his DNS search domain/path. So when the resolver tried the search path, it got back CF v4 records. And because bgp.tools (for now) uses Cloudflare for DNS, Cloudflare had no problem proxying it as if the proxy was enabled on bgp.tools. Search domains/paths are evil!
[11:59:19] ben@eshwill:~$ dig A v6.bgp.tools @1.1.1.1 +short
[11:59:23] ben@eshwill:~$ dig A v6.bgp.tools.replaced-personal-domain.com @1.1.1.1 +short
172.67.222.196
104.21.17.59
benjojo
replied 21 May 2023 06:37 +0000
in reply to: https://mastodon.social/users/Oskar456/statuses/110403092999908915