IPv6 woes - RFC

Sun Sep 5 21:07:22 UTC 2021

Grant Taylor via NANOG <nanog at nanog.org> writes:

> Hi,
>
> Does anyone have any recommendation for a viable IPv6 tunnel broker / 
> provider in the U.S.A. /other/ /than/ Hurricane Electric?
>
> I reluctantly just disabled IPv6 on my home network, provided by 
> Hurricane Electric, because multiple services my wife uses are objecting 
> to H.E.'s IPv6 address space as so called VPN or proxy provider. 
> Netflix, HBO Max, Pandora, and other services that I can't remember at 
> the moment have all objected to H.E.
>
> Disabling IPv6 feels *SO* *WRONG*!  But fighting things; hacking DNS, 
> null routing prefixes, firewalling, etc., seems even more wrong.

Well, that's what I used to do back when I didn't have native v6 and ran
into this issue: block v6 at the DNS level. I.e., simply filter out all
AAAA records for offending service providers. Pretty simple to setup on
your home router (it's usually one or a few TLDs per service provider).
It does fail if your clients do DNSSEC validation, but if you do that at
the router (or not at all) it should just work :)

And yeah, it's an ugly hack that really shouldn't be necessary, but I
found it worked quite well back when I used it (a handful of years ago
or so), and it keeps IPv6 active and working for everything else...

Another solution that I've used on occasion is to do your own
tunnelling: find a hosting provider that can provide you a VPS with a v6
prefix and do your own tunnelling to that. This works by virtue of being
"under the radar" of the service providers that do this kind of broken
filtering, providing you can find a VPS provider whose prefixes are not
blacklisted for some other reason (like being non-residential or
something). Works equally well by tunnelling to a friend (or other
trusted third party) who does have native v6 and a prefix that's large
enough to sub-delegate some IP space to you.

-Toke