[GH-ISSUE #142] deletion of AAAA record results in NAT64 address being shown as current address #133

New issue

Closed

opened 2026-02-26 09:35:58 +03:00 by kerem · 4 comments

kerem commented

2026-02-26 09:35:58 +03:00

Owner

Originally created by @ThomasWaldmann on GitHub (Jan 26, 2014).
Original GitHub issue: https://github.com/nsupdate-info/nsupdate.info/issues/142

just delete a AAAA record (ipv6 address) of some host and see that (after a page refresh), nsupdate.info shows a 64:.... address as ipv6 address of that host in the master server.

while this is somehow legitimate (it is a NAT64 address, corresponding to the existing v4 address of that host), I would have expected "none" if there is no AAAA record.

bug or feature? where does this NAT64 address come from?

Originally created by @ThomasWaldmann on GitHub (Jan 26, 2014). Original GitHub issue: https://github.com/nsupdate-info/nsupdate.info/issues/142 just delete a AAAA record (ipv6 address) of some host and see that (after a page refresh), nsupdate.info shows a 64:.... address as ipv6 address of that host in the master server. while this is somehow legitimate (it is a NAT64 address, corresponding to the existing v4 address of that host), I would have expected "none" if there is no AAAA record. bug or feature? where does this NAT64 address come from?

kerem

2026-02-26 09:35:58 +03:00

closed this issue
added the
needs help

bug
labels

kerem commented

2026-02-26 09:35:59 +03:00

Author

Owner

@ThomasWaldmann commented on GitHub (Jan 26, 2014):

I tried on a different machine (which only has v4 connectivity):

>>> import dns.resolver
>>> resolver = dns.resolver.Resolver(configure=False)
>>> resolver.nameservers = ['85.10.192.104', ]
>>> resolver.search = []
>>> resolver.lifetime = 10
>>> resolver.query('tw.nsupdate.info', 'AAAA')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/home/tw/w/nsupdate-env/local/lib/python2.7/site-packages/dns/resolver.py", line 905, in query
    raise_on_no_answer)
  File "/home/tw/w/nsupdate-env/local/lib/python2.7/site-packages/dns/resolver.py", line 142, in __init__
    raise NoAnswer
dns.resolver.NoAnswer

There, the answer is as expected. So what's going on on nsupdate.info?

@ThomasWaldmann commented on GitHub (Jan 26, 2014): I tried on a different machine (which only has v4 connectivity): ``` >>> import dns.resolver >>> resolver = dns.resolver.Resolver(configure=False) >>> resolver.nameservers = ['85.10.192.104', ] >>> resolver.search = [] >>> resolver.lifetime = 10 >>> resolver.query('tw.nsupdate.info', 'AAAA') Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/home/tw/w/nsupdate-env/local/lib/python2.7/site-packages/dns/resolver.py", line 905, in query raise_on_no_answer) File "/home/tw/w/nsupdate-env/local/lib/python2.7/site-packages/dns/resolver.py", line 142, in __init__ raise NoAnswer dns.resolver.NoAnswer ``` There, the answer is as expected. So what's going on on nsupdate.info?

kerem commented

2026-02-26 09:35:59 +03:00

Author

Owner

@ThomasWaldmann commented on GitHub (Jan 26, 2014):

inside the vm hosting the service:

$ host tw.nsupdate.info
tw.nsupdate.info has address 46.237.210.69
tw.nsupdate.info has IPv6 address 64:ff9b::2eed:d245   # XXX it has NO AAAA record!

on the base machine:

$ host tw.nsupdate.info 
tw.nsupdate.info has address 46.237.210.69

@ThomasWaldmann commented on GitHub (Jan 26, 2014): inside the vm hosting the service: ``` $ host tw.nsupdate.info tw.nsupdate.info has address 46.237.210.69 tw.nsupdate.info has IPv6 address 64:ff9b::2eed:d245 # XXX it has NO AAAA record! ``` on the base machine: ``` $ host tw.nsupdate.info tw.nsupdate.info has address 46.237.210.69 ```

kerem commented

2026-02-26 09:35:59 +03:00

Author

Owner

@ThomasWaldmann commented on GitHub (Jan 26, 2014):

ok, now it gets clearer: the bind9 we use for resolving has the "dns64" feature on, thus it creates such v6 addresses automatically from A records if there is no AAAA record.

but, we have also recursive-only yes configured for dns64, so it should not do that for own domains, right?

@ThomasWaldmann commented on GitHub (Jan 26, 2014): ok, now it gets clearer: the bind9 we use for resolving has the "dns64" feature on, thus it creates such v6 addresses automatically from A records if there is no AAAA record. but, we have also recursive-only yes configured for dns64, so it should not do that for own domains, right?

kerem commented

2026-02-26 09:35:59 +03:00

Author

Owner

@waldiTM commented on GitHub (Jan 26, 2014):

No. This means that only recursive queries (with the RD flag set) are handled. You want to do all queries without this flag.

@waldiTM commented on GitHub (Jan 26, 2014): No. This means that only recursive queries (with the RD flag set) are handled. You want to do all queries without this flag.

kerem referenced this issue

2026-02-26 10:31:59 +03:00

[PR #495] [MERGED] Include note about IPv4 interface ID #519