16

I would like to reach this address via an IPv6 address:
http://downloads.openwrt.org/attitude_adjustment/12.09/ar71xx/generic/packages/

In our Freifunk routers there is no DNS available, so the name downloads.openwrt.org cannot be resolved. All servers in the internet are only reacheable via ipv6 addresses. Now we cannot reach this package-mirror from inside the router t install packages via opkg install.

It would be a solution, if we could add this to our config for example:

http://[2001:db8::1]/attitude_adjustment/12.09/ar71xx/generic/packages/

Our routers are running OpenWRT and are IPv6-only and I would like to add an entry into /etc/hosts so that the domain name downloads.openwrt.org will resolve to an appropriate IPv6 address

Is it possible to redirect an IPv6 to a domain?

Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
rubo77
  • 2,282
  • 3
  • 32
  • 63

3 Answers3

18

You can't simply "add" an IPv6 address to reach a host that is only available via IPv4. These are two completely different and incompatible protocols.

In order for your IPv6-only network to be able to reach IPv4 addresses, a gateway is required, which has access to IPv4. This is generally done with a NAT64/DNS64 gateway, which translates IPv4 addresses into "fake" IPv6 addresses, and accepts connections to those "fake" IPv6 addresses and translates the connections to the IPv4 network. These IPv6 addresses will be in the 64:ff9b::/96 range.

In OpenWrt, NAT64 is done with Tayga, and DNS64 with bind. Further information on how to set them up is available in the OpenWrt wiki. You'll need Attitude Adjustment or Barrier Breaker; previous versions of OpenWrt did not have sufficiently complete support for IPv6 and other technologies.

You can add public DNS64/NAT64-resolvers to your /etc/resolv.conf:

nameserver 2001:67c:2b0::4
nameserver 2001:67c:2b0::6

You can also "revert" the translation on the client-site, using 464xlat. 464xlat uses the same tools. (mentioned above, but only in a different way). With 464xlat you can also reach urls with literal IPs.

Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
3

The domain downloads.openwrt.org has an IPv4 address but no IPv6 address. So you cannot reach it over IPv6 unless you use a translation mechanism. You could use NAT64 to be able to create a TCP connection to that IPv4-only server from an IPv6-only client.

But why would you be using an IPv6-only client? Going dual stack is a good idea, but for now IPv6-only is really only useful for testing for those who know the limitations that introduces in a world that has too many IPv4-only hosts.

If you manage to get a TCP connection opened to the server, you'll face another challenge. HTTP version 1.1 requires the client to send the name of the server it is contacting over the HTTP connection. And lots of sites, including downloads.openwrt.org require this header to be sent.

Your HTTP client can only send that header, if it knows the domain name to send. So you'd be better off letting client know the original URL and somehow give it access to resolve that name to an IP address. If it has to be IPv6, that still means you'll need NAT64. However a mapping from domain name to NAT64 IP address can be put in /etc/hosts, and should work just fine.

That may work fine for an individual domain name. But if you want an IPv6 only host to be able to reach multiple domains without having to put each and everyone of them in /etc/hosts with a NAT64 address, you need dynamic translation of the addresses. That is what DNS64 is for.

Now if the client does have IPv4 access and is only missing DNS, the answer becomes much simpler. Just put the IPv4 address in /etc/hosts like davidgo suggested. You'll of course need to update that file every time the IP address of the server changes, which hopefully won't be too often.

kasperd
  • 29,894
  • 16
  • 72
  • 122
  • Certainly, "going dual stack is a good idea", but not everybody can just "go dual stack". If my provider only gives me one or the other, there's not much I can do about that. – paolo Dec 06 '18 at 21:28
  • @paolo If you are talking about servers then you can choose a hosting provider who supports dual stack. There is such a large number of competing providers to choose from that insisting on dual stack support just makes the choice a little bit easier by trimming down the list of providers to choose from. If we are talking about networks with end-users there is less competition as you are limited to ISPs in your geographical area. In that case going with what the ISP provides will work as long as the services you rely on are dual stack like they should be. – kasperd Dec 06 '18 at 22:20
  • @paolo If you are talking about networks where the users are developers, system administrators, or others who need dual stack in order to develop/support dual stack infrastructure, then you really should go dual stack and use a tunnel if the ISP doesn't support IPv6. You can be almost certain the ISP provides some way to reach IPv4-only services possibly through NAT64 or other transition mechanism. – kasperd Dec 06 '18 at 22:24
  • Apparently that site is IPv6-enabled now (my browser connects to an actual IP rather than my standard 6to4 connection) – Paul Stelian Apr 26 '20 at 18:24
2

I think you may be asking the wrong question - You can't redirect an IPv6 address to a domain because the process works the opposite way, ie a domain resolves into a [or many] hosts.

I have not been able to find any information on your router, but if its running OpenWRT you should be able to add an entry into /etc/hosts so that the domain name will resolve to the appropriate IP address.

davidgo
  • 5,964
  • 2
  • 21
  • 38
  • that was what I had in mind. but since there is no "appropropiate" ip6 address, I thought I could redirect it somehow. I added it to the question – rubo77 May 16 '14 at 22:09