Happened to me today, I couldn’t print or access internet until I changed the DNS server, still no clue why 1.1.1.1 wasn’t working or how printing is related
It’s like the opposite of Dr. House’s “It’s never Lupus.”
“It’s always DNS.”
I feel like we really need to speed up the embrace of IPv6 to solve this kind of issue. DNS is helpful to humans sure but a lot of these outages are triggered by services not being able to reach one another because they’re hard-coded to a DNS to avoid shifting IPs due to things like NAT.
It feels like we could do an end-run around a lot of this by having a failover to an IPv6 address that is associated with the DNS entry if the DNS fails. Kind of like you generally have multiple DNS servers in sequence in case one of not-responsive, what if, at the service-level we stopped relying on DNS so much and instead used the benefits of IPv6 to not have services fail when DNS does? DNS should be for humans not for computers especially not in a world where IPv6 exists.
(someone who is more familiar with the ins-and-outs of IPv6 is welcome to tell me if and why I am wrong in thinking this)
because they’re hard-coded to a DNS to avoid shifting IPs due to things like NAT
One of the many, many things we shoved into DNS was service discovery. It’s not because of NAT, it’s because we want to seamlessly support migrating from 1 server to 10 billions of them without reconfiguring anything.
The solution in indeed to migrate to IPv6, but that’s because IPv6 multi-cast is actually usable. This time it’s not because of NAT.
My network doesn’t often go down, but when it does, it’s always DNS (or the power went out).
My wife: accidentially unplugs homeservers (with PiHole running)
Also my wife: the internet is down?!
IPv4 is definitely a large part of the blame for this and we need to start resting the blame there in hopes we force these companies (and their users) to actually use it. We need ISPs to support it, of course for end users, but at the enterprise level everything should be IPv6. It should have been IPv6 a decade ago, or more.
The good news is that the amount of traffic hitting Google that’s connecting over IPv6 is just about at the 50% mark:
https://www.google.com/intl/en/ipv6/statistics.html
We need to start talking about IPv6 as something that is here and now, not some far off future.
IMHO, the biggest issue is setup for SOHO users. Routers for that market have gotten the IPv4 setup wizard process down pretty good. With IPv6, there’s like three different ways your ISP might have set it up, and you need to tell your router which way to go. It’s complicated enough that even people with a solid understanding of IPv4 can be confused trying to figure out what works.
Further, there’s often not clear documentation from your ISP which of the ways they have it set up!
Definitely.
The first time I tried to setup IPv6 on OPNsense, Android phones thought they couldn’t connect to the Internet after getting on WiFi. Something about the endpoint they check for Internet access wasn’t going through. I backed out some settings, and something fixed it, but I’m still not sure what.
I was learning IPv6 in second year Network & Télécom, in 1997. We were running out of IPs back then.
Then we invented proxies and NAT and things got better and nature took its course (it ain’t broke? Don’t fucking touch it).Sure, nature took its course, but did NATs make things better? I’m a game dev and getting two computers to talk to each other is so so much harder due to NAT traversal, requiring punchthrough servers. Voice chat and stuff need STUN/TURN servers. A game has to account for “what if my host wants to connect two clients, one of which within the NAT and one without?”
Makes far more sense to give every device an address and just talk to it and leave security and port openness up to firewalls.
getting two computers to talk to each other is so so much harder due to NAT traversal
… which is why you will take IPv4 on my home network from my cold, dead hands, and why all IPv6 traffic is blocked in the network that hosts my PC/laptop
So you admit you can block IPv6 traffic in your rebuke to IPv6 adoption. What’s then the issue? Block what you want, it’s your network, but do it with a firewall and not NAT.
Thanks for holding us back, champ.
I guess fuck stateful packet inspection as a tool or anything.
NAT isn’t a security measure you know that right?
Recently helped some Lemmy user who was having issues with images loading the thumbnail version for every link. Bunch of people trying to figure out why in the comments but no one thinking DNS. I told him it was probably DNS. It was DNS.
Can someone ELI5 me why DNS is such a fucking cancer with VPNs? My work machine uses VPNs and my home network, my server, etc, no probs whatsoever. I can ping outside all damn day. But to get DNS to work on my work pc sometimes I have to restart my home network to get DNS to work on the machine. I can’t wrap my head around that.
DNS
A server where you ask what IP is connected to the letters you enter in the browser.
VPN
A way to connect to someone else’s pc and Internet.
The issue that I had with dns was for example connecting to the router.
It has a url like fritz.box so you get to the UI. Now with a vpn this won’t work, because the router is circumvented and can’t redirect your DNS request to its own ip.
However the ip of the router still works.
So you must know that when using a vpn you have the dns of the config in router of your vpn provider. You can overwrite that on various places but it is a bit confusing.
Fin.
