FAQ on "Buggy DNS"

If you were referred to this page by test-ipv6.com, it means that we were able to detect a dangerous condition with your DNS server.

First a description of the problem:

Your browser asked for a DNS lookup, both IPv4 and IPv6.
The IPv6 response was returned first.
Your DNS server was confused by the result - it doesn't fully follow the DNS standards.
Your DNS server took the first piece of the IPV6 address, and memorized it as the IPv4 address.
The browser fails the IPv6 lookup, but "succeeds" in getting a bogus IPv4 address.
It then tries to make a connecting, to the wrong address, with the wrong protocol.

This is bad for several reasons:

You won't be able to connect to IPv6-only sites.
You may sporadically fail (or always fail) to connect to IPv6-enabled web sites. This is regardless of whether you are capable IPv6 or not - you may still be impacted.
Malicious people can recognize that specific IPv6 addresses, when matched with this bug, map to IPv4 addresses they control. Web sites you depend on can be spoofed; you would not know any better, unless the sites are using SSL.

So, what is actually affected?

You'll need to determine what device is forwarding your DNS queries.

With Windows, at the cmd prompt, you can type ipconfig /all. Look for "DNS Servers".

With Linux, BSD, and Mac OS X, you can do this in a terminal: cat /etc/resolv.conf.

Residential ISP customers: look to see if the DNS server is 192.168.0.1 or 192.168.1.1. If so, chances are good that your home router is at fault. This is probably the blue box you have that connects the Internet.

Business customers: Provide this information to your IT professional to investigate.

IT professionals:

You can see an illustration of this, by doing:


dig aaaa buggydns1.test-ipv6.com  @192.168.1.1
dig a buggydns1.test-ipv6.com @192.168.1.1

Substitute the 192.168.1.1 with the resolver being used by the host. If the "aaaa" request comes back with no answer, but the "a" answer does, this is a confirmation of a broken DNS cache or forwarder. The actual DNS information for buggydns1.test-ipv6.com has only an IPv6 record configured.