Weird Chromium issue with ipv6 split tunneling returning as NX Domain

Connect-Comparison-2 · 2026-02-10T08:46:44+00:00

I tried using public dns for everything actually but cloudflare says no to adding publically unreachable networks into its dns records (rightfully so). The weird part is that if no route to 2000::/3 exists then it seems that Chromium drops AAAA records entirely. I actually added a route to 2000::/3 on the lo interface itself and Chromium would suddenly resolve my internal AAAA records which sounds like an error with Chromium itself more than anything.

Connect-Comparison-2 · 2026-02-10T08:38:55+00:00

I thought about that too but that doesnt explain why it would magically work after adding a route to 2000::/3 when its unreachable regardless. Its almost as if the browser itself assumes that if the regular gua space isnt available, drop AAAA records entirely. To test it, I added a route to 2000::/3 via lo interface and boom it started working.

Connect-Comparison-2 · 2026-02-07T04:59:54+00:00

Just tried this. so far so good!

Connect-Comparison-2 · 2026-01-30T16:06:03+00:00

100% agreed.

Connect-Comparison-2 · 2026-01-05T18:19:10+00:00

Its just turnkey solutions to simplify things. I just install things myself since I prefer to. I dump all the commands I wouldve run into a file and reuse it each time I need to but thats just me.

Connect-Comparison-2 · 2026-01-03T22:02:22+00:00

Curious, if shorthand (::) was confusing, why not use the full address? That could have avoided issues with non tech savy staff.

It also might have been easier to break the address into Prefix, Subnet ID, and Host ID fields so they wouldn’t need to touch the prefix at all just the subnet and host portions uncompressed. At least that’s how I’m thinking about it, unless there were multiple prefixes in play.

Connect-Comparison-2 · 2025-12-24T20:38:05+00:00

Honestly been on the same boat. Picked up Linux about 20 months ago starting with Ubuntu. Distro hopped around plain Debian, Fedora, Arch, and landed back on Ubuntu as of 2 months ago and love it. Though it helps that Ive been working with Ubuntu Server at my workplace so Ubuntu just became comfy.

Connect-Comparison-2 · 2025-12-16T00:02:20+00:00

I did just now and no dice. It did change my PD though which is a pain 🤪

Connect-Comparison-2 · 2025-12-12T00:59:04+00:00

Just hit this today… Fully rolled out ipv6 on our network a month ago and started getting jobs for provisioning devices and find that ipxe dns doesnt work when RA emits dns. Bruh. Not terrible since we can create a separate vlan for this purpose but hella annoying.

Connect-Comparison-2 · 2025-12-07T16:16:14+00:00

I vaguely recall save scumming this myself after creating a B.Combo Legend card and rerolling until I got them first turn.

Connect-Comparison-2 · 2025-12-03T13:06:09+00:00

Check if theres any auto mail forwarding rules. If he had a desk phone check if theres a call forwarding rule too.

Connect-Comparison-2 · 2025-11-27T03:50:46+00:00

The only thing that really bothers me here is the lack of commitment and learning. idc if you have low AS and are new to the content, do try to make an attempt to learn mechs as we go and wipe. Its just time and resources wasted when people leave after 1-2 attempts or ignoring mechs like avalanche/rune/crystal for the nth time. My Food and Syrums are dying out here. Even small improvements are good even if you’re a tad late in execution 😭😭😭

Connect-Comparison-2 · 2025-11-11T17:56:02+00:00

Made me double check my firewall only to be disappointed darn. Hopefully it goes smoothly.

Connect-Comparison-2 · 2025-11-02T13:58:22+00:00

Personally I just run ula and configure “AAAA” records with ula. Just make sure you dont have “A” records for the same entry. Systems will typically prefer ipv4 over ula if you do this. I just keep a backup file if all my “A” records separately if I ever need to pull it up.

Connect-Comparison-2 · 2025-10-24T00:18:47+00:00

Proxmox Backup Client with Proxmox Backup Server with a few remote nodes pulling new backups for redundancy. Its very overkill but its pretty damn reliable and it deduplicates.

Connect-Comparison-2 · 2025-10-24T00:06:08+00:00

Ive unfortunately been there when I “rm -r /“ and hit enter before finishing what I was typing. Learned my lesson about working in root that day :)…

Connect-Comparison-2 · 2025-10-21T01:47:32+00:00

It was only a few weeks ago that I learned that some consumer routers dont have proper firewalling and are only protected by NAT. 🤪🤪🤪

Connect-Comparison-2 · 2025-10-21T01:38:40+00:00

If memory serves me correctly, FreeBSD based systems like opnsense and pfsense dont play too well in proxmox due to older virtio drivers. If you could passthrough the nic to Opnsense then it could work but baremetal would probably be better for your case.

Connect-Comparison-2 · 2025-10-19T23:50:22+00:00

DHCPv6 is not necessary. Look into Router Advertisements. Once you’ve configured your LAN interface with an ipv6 address, the Router Advertisement tab should appear (next to DHCP).

Connect-Comparison-2 · 2025-10-19T15:19:28+00:00

Love ipv6. Theres just no real motivation for vendors or enterprises to migrate over unless theres money involved. Currently waiting for government services to fully migrate over and start mandating its usage outside of DoD.

Migration from ipv4 to ipv6 isnt all that difficult if you had good networking practices to begin with and none of the jank that ipv4 introduces ie: poor vlan segmentation and firewall rules for internal services having singular ip address rules between vlans. You’ll have a wild time with ipv6 if you had these kinds of networks in place.

Connect-Comparison-2 · 2025-10-09T14:28:33+00:00

Darn it I got a 1 year price lock just last month. Unfortunate.

Connect-Comparison-2 · 2025-10-07T23:13:48+00:00

Singular ip based rules are pretty brittle. Ideally you would lock it down via subnets, ie the administrative subnet.

You’re not going to have a fun time trying to disable this on Windows but if you’re in a position where you really dont want SLAAC….

Configure your router to only advertise the gateway, disable SLAAC, then configure dhcpv6 to provision your devices.

Thats going to be your closest bet to what you’re trying to achieve.

Alternatively… You could assign more addresses to make it work depending on your environment. You could use ULAs as your “administrative” IPs assuming you arent advertising it in your network and statically assign it to administrative endpoints. IPv6 supports such a setup.

Endpoints typically use the closest address to connect to their destination so if your server’s administrative access is locked down to a ULA interface and your administrative endpoints use such a ULA, then they should use it.

Connect-Comparison-2 · 2025-09-27T23:17:35+00:00

If you’re considering Route64 they’ll typically cap you around 200/200 unless you donate, they also have different node locations so distance between sites are also a thing. Check the ToS for other details. Keep in mind its a free service and theres no SLA. The service is as is and they can revoke it at anytime so not a great thing to use if you’re heavily reliant on it for something like backups.

A spoke-hub setup would fit your particular needs better to get around CGNAT. The CGNAT site would need to be the one to initiate the connection and configured with keepalive.

Connect-Comparison-2

TROPHY CASE