Connecting to bitcoincore.org failed: Network is unreachable. (IPV6)

[maflcko]

Steps to reproduce:

• Not have an ipv4 address
• wget https://bitcoincore.org/bin/bitcoin-core-23.0/bitcoin-23.0-riscv64-linux-gnu.tar.gz

Alternative:

$ dig bitcoincore.org +noall +answer -t AAAA | wc -l
0

[TheBlueMatt]

It appears our current DDoS providers do not yet support IPv6. Definitely gonna nag them about it, though.

[verdy-p]

You probably mean your DNS providers. Alternatively you could try change the DNS settings on your host (or in the DHCP settings of your local router), to use public DNS servers like:

• OpenDNS (see https://www.opendns.com/, the publish their IPv4 and IPV6 DNS servers), or
• Google Publi DNS (see https://developers.google.com/speed/public-dns/docs/using for the configuration).

These DNS services support moderately large bands (for a home user, they are not meant to be used by hundreds of users at the same time from the same route, without implementing a real caching DNS proxy for them and using a normal feed from their own ISP and other DNS feeds, i.e. more than the 1 or 2 remote DNS servers that most hosts allow you to configure), but should work well to run well a single BitCoin Core host on your local network; this may not be true for all P2P networks or web crawlers, that use excessive name requests), and provide their own protections against DDoS, and support requests via UDP, TCP, or DoH (DNS over HTTPS). They both provide resolutions to IPv4 and IPv4 addresses (A or AAAA records), and give you access to other fields (like MX for mails, TXT records for holding some authentication keys).

They are reasonably fast and generally even faster than what most ISP provide in their default DNS servers (which also frequently have a very low limit on the number of resolutions per unit of time, which is why they don't work very well with P2P protocols if they make hundreds of requests per seconds for many sites; however Bitcoin core does not need domain resolution as its P2P protocol just exchange plain IP4 or IPv6 addresses and port numbers, but this is may not be true for Tor connections,depending on how you've configured your local Tor agent).

OpenDNS also allows you to create your own settings by creating a free account, registering your public IP addresses or address block, and setup your own filters, e.g. against undesired categories of sites; it also provides also some daily statistics for you about domain resolutions initiated from your network, and if they were successful, blocked according to your preferences, or really failed). Both services do not allow redirecting you to unrelated sites without your permission (like what too many ISPs are doing, to send you to their "assistance pages that are just there to send you advertizing isntead of the expected content, even if the domain resolution just failed temporarily and those domaisn are still validly registered, but possibly just unreachable, for technical reasons (such as normal maintenance, or recent changes of servers in the last 24/48 hours still not propagated, or changes of routing peerings, or an accidentally broken physical link to be repaired via alternate routes), or because on ongoing DDoS attack against their authoritative DNS server or in one of its downstream mirrors, or because too huge traffic over one of the necessary links.

[TheBlueMatt]

No, I mean DDoS. As in "the providers who protect us from DDoS attacks". We support v6 just fine for DNS today.

[fanquake]

@TheBlueMatt did anything come of the nagging?

[TheBlueMatt]

No. Relatively few DDoS providers do v6 even today, I can get another provider, though, thanks for reminding me.

[verdy-p]

I bet you meant "anti-DDoS providers" or "DDoS protection providers", not "DDoS providers" (which we would call "attackers", not "providers").
Anyway there's now a trend with various largeband links having "accidents" or severe damages now throughout Europe around major nodes. It seems to be not just made by local sabotage but coordinated, and probably related to the ongoing war of Russia. DDoS attacks in general have been tried but have failed, however physical damages on major fiber links (underground or undersea) are growing and they impact networks for much longer time

E.g. a major attack in France 6 months ago against major interregional links required using alternate routes, and dramatically reduced the bandwidth for home users, this was repaired noly by using other routes by other long distance links, rent from other operators, but working over VPNs that are saturated: home users can still use Internet, but their bandwidth is limited, and there's a much higher rate of loss packets, especially with IPv6 that have fewer alternate routes). If fiber links are cut, the other alternatives using radio frequencies are also limited: this means that now deployment of 5G mobile networks have stalled to preserve backup resources.

Today there are annoucnements that undersea cables are now exposed and must be actively protected. And networks must review how they manage their routes and how fast they can recover by cooperating (even if they are competityors on the consumer markets).

Internet operators should now avoid building centralized networks (which seemed to be faster to deploy at major costs and deploy meshes that will be more resilient, and as well they should cooperate to build shard infrastructures with prepared agreements for recovery at lower cost for all of them and faster responses: "accidents" are now verty likely and today's Internet infrastucture is too fragile. There's a limited backup possible with satellites, but with much higher latencies (but it could still be used to backup large users of bandwidth, notably TVs and VOD: CDNs should deploy more granular streaming servers in more datacenter locations (this cannot be done easily for one-to-one communications, except by increasing the latency: online game platforms will be the most affected or will have to deploy their own CDN in more locations; the time where it was sufficient to deploy a handful of datacenters to serve the world is over, and the services will have to be paid by final customers, or will ahve to be degraded).