[Solved] Opening home server to the Internet via IPv6

I’ve been wanting to set up a small game server on my home network for myself and a few friends lately. Nothing I haven’t done before - except the part where I open it up to the internet for people outside of my home network to play on.

So I tried setting up a small web server to test out the port forwarding functionality of my router. Darkhttpd, running on a spare Raspberry Pi, works fine on the local network. After digging through the web interface, I find out that using IPv4 isn’t an option because of how my ISP tunnels network traffic (sth sth Dual-Stack Lite)—fine by me, in 2024 we should be using IPv6 anyway. So I go and open up port 80 in my router’s web interface.

This is where the problem begins. Everything looks fine, but I don’t have ready access to a network outside of my own to check if the port is actually accessible from the internet. An online IPv6 open port checker I found tells me the ports are visible and that my ISP isn’t blocking anything. Trying to bind a domain that I had lying around to my IP address, however, has resulted in failure.

I have no idea how to debug this. I’m pretty sure there’s some issue on the DNS Server end, but I can’t even tell if the rest of what I’m trying to do is working. And if it is, I have no idea of how to go about fixing the DNS thing.

Update: I got a friend to test it, and the web page is accessible from the internet. Problem lies with the DNS server

Update 2: After contacting my friend again for a sanity check, it seems that the DNS server works fine and my test website can indeed be reached through my domain—it’s just that I can’t reach it.

Update 3: After poking at various DNS servers, it appears that the Mullvad DNS servers which I use don’t regularly update their records. I’ve now switched to Cloudflare. My router similarly implements some caching solution that, after much tinkering, I was unable to flush. For the time being I’ve just decided to fuck doing this properly and directly edit my /etc/resolv.conf with the Cloudflare DNS servers. If I ever manage to get this working properly, I will add a final update, but for the time being, I will consider it solved.

take6056,

I think some more info is necessary on the DNS configuration. You’ve made an AAAA type record pointing to the ipv6 address of the server (not the router)?

Flynn_Mandrake,
@Flynn_Mandrake@lemmy.dbzer0.com avatar

Correct! Single AAAA record pointing to the IP of my server, which I verified beforehand.

litchralee,

Could you let us know what the DNS issue was?

Flynn_Mandrake,
@Flynn_Mandrake@lemmy.dbzer0.com avatar

The DNS issue persists. The part that my friend helped me with was determining if I configured my router firewall correctly, which I did. Currently I can reach my server from the internet only directly via its IPv6 address, with no progress on binding it to my domain name.

litchralee,

If you describe what you configured using DNS and what tests you’ve performed, people in this community could also help debug that issue as well.

An AAAA records to map a hostname to an IPv6 address should be fairly trouble-free. If you create a new record, the “dig” command should be able to query it immediately, as the DNS servers will go through to the authoritative server, which has the new record. But if you modified an existing record, then the old record’s TTL value might cause the old value to remain in DNS caches for a while.

When in doubt, you can also aim “dig” at the authoritative name server directly, to rule out an issue with your local DNS server or with your ISP’s DNS server.

Flynn_Mandrake,
@Flynn_Mandrake@lemmy.dbzer0.com avatar

My host records consist of a single AAAA record that points to the IP address of my server, which I verified beforehand. I’ve tried dig, but I’m not sure how to interpret it’s output, which looks as follows:


<span style="color:#323232;">;; Warning: Client COOKIE mismatch
</span><span style="color:#323232;">
</span><span style="color:#323232;">; <<>> DiG 9.18.24 <<>> [domain]
</span><span style="color:#323232;">;; global options: +cmd
</span><span style="color:#323232;">;; Got answer:
</span><span style="color:#323232;">;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35067
</span><span style="color:#323232;">;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
</span><span style="color:#323232;">
</span><span style="color:#323232;">;; OPT PSEUDOSECTION:
</span><span style="color:#323232;">; EDNS: version: 0, flags:; udp: 1232
</span><span style="color:#323232;">; COOKIE: 485ffdde4d749cd80100000066019ef6aba1fc1942596e31 (bad)
</span><span style="color:#323232;">;; QUESTION SECTION:
</span><span style="color:#323232;">;[domain].              IN      A
</span><span style="color:#323232;">
</span><span style="color:#323232;">;; AUTHORITY SECTION:
</span><span style="color:#323232;">[domain].       3113    IN      SOA     dns1.registrar-servers.com. hostmaster.registrar-servers.com. 1711343555 43200 3600 604800 3601
</span><span style="color:#323232;">
</span><span style="color:#323232;">;; Query time: 0 msec
</span><span style="color:#323232;">;; SERVER: 192.168.178.1#53(192.168.178.1) (UDP)
</span><span style="color:#323232;">;; WHEN: Mon Mar 25 17:05:52 CET 2024
</span><span style="color:#323232;">;; MSG SIZE  rcvd: 146
</span>
Nithanim, (edited )

There is no answer (“Answer: 0”). If you got one it would be obvious because you would see the ip address. Either the DNS entry is not correct or your dig query does not work. I have not queried AAAA with dig myself yet and I am lazy on mobile. But you can try specifying manually using dig AAAA <your hostname> (at least that works with MX, TXT, CNAME and NS) records. (At least from the question section in your output it just says “A”, not sure.)

Edit: the output of dig is actually quite simple. Lines starting with ; are comments just four your information and improved formatting. Most you can ignore but some are helpful. Most important for you is stuff below your “Answer section” since everything below is, well, the answer for your query. If you do not have one (like in your example) the query did not return any results. This is also stated relatively at the top where it gives you a summary of the numer of queries, answers, authorities, … the request+response contained. There is also the question section (as a comment) which shows an A request, not AAAA. I think that shoud state the query you made which is not what you wanted. (Could be wrong though; never paid attention to that).

Flynn_Mandrake,
@Flynn_Mandrake@lemmy.dbzer0.com avatar

Thanks for the answer! Unfortunately, the response from dig AAAA is rather lackluster:


<span style="color:#323232;">; <<>> DiG 9.18.24 <<>> AAAA [domain]
</span><span style="color:#323232;">;; global options: +cmd
</span><span style="color:#323232;">;; Got answer:
</span><span style="color:#323232;">;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14166
</span><span style="color:#323232;">;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
</span><span style="color:#323232;">
</span><span style="color:#323232;">;; QUESTION SECTION:
</span><span style="color:#323232;">;[domain].              IN      AAAA
</span><span style="color:#323232;">
</span><span style="color:#323232;">;; Query time: 19 msec
</span><span style="color:#323232;">;; SERVER: 192.168.178.1#53(192.168.178.1) (UDP)
</span><span style="color:#323232;">;; WHEN: Mon Mar 25 19:22:18 CET 2024
</span><span style="color:#323232;">;; MSG SIZE  rcvd: 34
</span>

I’m starting to suspect Namecheap just hates IPv6. Their dynamic DNS service only covers v4, too

Nithanim,

Well, uh, with Namecheap it should work just as fine as everywhere else. But as I said, I never used IPv6 and do not have anything on Namecheap anymore since I host my DNS server myself. Just a dumb question but are you sure you added the AAAA for the domain root correctly? Back when I used the web UI for DNS providers it was sometimes very confusing. Maybe you could test a subdomain? Like minecraft.yourdomain.com?

Also: you can query google.com if you want examples of how stuff looks when you get answers back.

Flynn_Mandrake,
@Flynn_Mandrake@lemmy.dbzer0.com avatar

Some further tests make it look like dig is influenced by some caching stuff going on on my PC. I figured that out while playing around with a TXT record for testing purposes, and noticing that host and dig return different results for the same input.

Running the commands again on my phone using Termux reveals that the AAAA record is in place and functioning, but I still can’t reach the website from my browser by using the domain name.


<span style="color:#323232;">~ $ dig [domain]
</span><span style="color:#323232;">
</span><span style="color:#323232;">; <<>> DiG 9.16.41 <<>> [domain]
</span><span style="color:#323232;">;; global options: +cmd
</span><span style="color:#323232;">;; Got answer:
</span><span style="color:#323232;">;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39355
</span><span style="color:#323232;">;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
</span><span style="color:#323232;">
</span><span style="color:#323232;">;; OPT PSEUDOSECTION:
</span><span style="color:#323232;">; EDNS: version: 0, flags:; udp: 512
</span><span style="color:#323232;">;; QUESTION SECTION:
</span><span style="color:#323232;">;[domain].              IN      A
</span><span style="color:#323232;">
</span><span style="color:#323232;">;; AUTHORITY SECTION:
</span><span style="color:#323232;">[domain].       1800    IN      SOA     dns1.registrar-servers.com. hostmaster.registrar-servers.com. 1711402015 43200 3600 604800 3601
</span><span style="color:#323232;">
</span><span style="color:#323232;">;; Query time: 30 msec
</span><span style="color:#323232;">;; SERVER: 8.8.8.8#53(8.8.8.8)
</span><span style="color:#323232;">;; WHEN: Mon Mar 25 22:35:59 CET 2024
</span><span style="color:#323232;">;; MSG SIZE  rcvd: 118
</span><span style="color:#323232;">
</span><span style="color:#323232;">~ $ dig [domain] AAAA
</span><span style="color:#323232;">
</span><span style="color:#323232;">; <<>> DiG 9.16.41 <<>> [domain] AAAA
</span><span style="color:#323232;">;; global options: +cmd
</span><span style="color:#323232;">;; Got answer:
</span><span style="color:#323232;">;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45166
</span><span style="color:#323232;">;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
</span><span style="color:#323232;">
</span><span style="color:#323232;">;; OPT PSEUDOSECTION:
</span><span style="color:#323232;">; EDNS: version: 0, flags:; udp: 512
</span><span style="color:#323232;">;; QUESTION SECTION:
</span><span style="color:#323232;">;[domain].              IN      AAAA
</span><span style="color:#323232;">
</span><span style="color:#323232;">;; ANSWER SECTION:
</span><span style="color:#323232;">[domain].       1799    IN      AAAA    [correct IP!]
</span><span style="color:#323232;">
</span><span style="color:#323232;">;; Query time: 36 msec
</span><span style="color:#323232;">;; SERVER: 8.8.8.8#53(8.8.8.8)
</span><span style="color:#323232;">;; WHEN: Mon Mar 25 22:36:11 CET 2024
</span><span style="color:#323232;">;; MSG SIZE  rcvd: 73
</span><span style="color:#323232;">
</span><span style="color:#323232;">~ $ host -t AAAA [domain]
</span><span style="color:#323232;">[domain] has IPv6 address [correct IP!]
</span><span style="color:#323232;">~ $
</span>
litchralee,

If I understand correctly, you’re now able to verify the AAAA on mobile. But you’re still not able to connect to the web server from your mobile phone. Do I have that right?

I believe in a different comment here, you said that your mobile network doesn’t support IPv6, and nor does a local WiFi network. In that case, it seems like your phone is performing DNS lookups just fine, but has no way to connect to an IPv6 destination.

If your desktop does have IPv6 connectivity but has DNS resolution issues, then I would now look into resolving that. To be clear, was your desktop a Linux/Unix system?

Flynn_Mandrake,
@Flynn_Mandrake@lemmy.dbzer0.com avatar

Correct on all counts. I’ll try some other DNS servers later. Right now I’m using the Mullvad DNS servers, any suggestions for ones that support DNS over TLS?

litchralee,

I’m afraid I have no suggestions for DoT servers.

One tip for your debugging that might be useful is to use dig to directly query DNS servers, to help identify where a DNS issue may lay. For example, your earlier test on mobile happened to be using Google’s DNS server on legacy IP (8.8.8.8). If you ran the following on your desktop, I would imagine that you would see the AAAA record:

dig @8.8.8.8 mydomain.example.com

If this succeeds, you know that Google’s DNS server is a viable choice for resolving your AAAA record. You can then test your local network’s DNS server, to see if it’ll provide the AAAA record. And then you can test your local machine’s DNS server (eg systemd-resolved). Somewhere, something is not returning your AAAA record, and you can slowly smoke it out. Good luck!

cmnybo,

All you should have to do is open the port in your firewall to the server. Also, make sure you are allowing ICMP through the firewall. It’s important for IPv6 and shouldn’t be blocked. If your server is running a firewall, don’t forget to open the port there too.

To test if it’s working, you can use the 5G connection on your phone since it should have IPv6.

Flynn_Mandrake, (edited )
@Flynn_Mandrake@lemmy.dbzer0.com avatar

The firewall port on my router is open, and as far as I can tell, my server isn’t running a firewall at the moment. ICMP might be a problem; ipv6-test tells me that those are filtered out. After checking my router settings, I’ve determined that ICMP is enabled for the device in question.

Tried my mobile connection already, doesn’t have IPv6. Also tried a nearby hotspot, same issue.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • selfhost@lemmy.ml
  • PowerRangers
  • DreamBathrooms
  • ngwrru68w68
  • magazineikmin
  • thenastyranch
  • InstantRegret
  • Youngstown
  • mdbf
  • slotface
  • rosin
  • GTA5RPClips
  • khanakhh
  • kavyap
  • Durango
  • provamag3
  • modclub
  • ethstaker
  • cubers
  • vwfavf
  • everett
  • cisconetworking
  • tacticalgear
  • tester
  • normalnudes
  • osvaldo12
  • anitta
  • Leos
  • megavids
  • All magazines
    •