0

I have an Azure VM whose Azure Network and adapters are all configured for IPv4 only. Among other things the provides backend services a for a phone app. We rebooted the VM last evening. There were no changes made to Azure or app, just rebooting to reset an app cache issue. All phones that prefer IPv6 are failing to connect. It appears that Azure DNS is returning an IPv6 address to the phones when no AAAA records are stored in the zone what-so-ever. Here is a screen snap from a phone that clearly shows Azure DNS is returning an address, one we don't control. It's clear Azure DNS is returning "2607:7700:0:1a::682c:1742" and there's no entry for it in our zone.

enter image description here

Any ideas on how to resolve this? We are working on a plan to move to another DNS provider.

BigTFromAZ
  • 684
  • 7
  • 22
  • 2607:7700:0:1a::682c:1742 is (according to WhoIS) registered to "T-Mobile USA, Inc.", so may not be an Azure DNS' problem but some kind of IPv6 proxy at your cell phone company. – Joachim Isaksson Jun 12 '22 at 17:52
  • I get that that but it's a series of Microsoft hops that returned the address. This could be an issue in Azure DNS where it's sending something back when it should be replying not found. It could be a man in the middle. Or as you said, it could be a misconfigured DNS server or proxy a T-Mobile. We "changed the IPv4 record, pointing it our on-premise address. We'll try and point it back this weekend. I'm going to call T-Mobile today to see if they can find anything. I still think this is/was an Azure issue. Why else would changing the IPv4 record correct the problem? – BigTFromAZ Jun 13 '22 at 18:41
  • You have a T-Mobile problem. They are performing an IPv6 to IPv4 proxy. If your customer base uses mobile, then I recommend that you set up IPv6. Otherwise, you are stuck with mobile provider issues. – John Hanley Jun 13 '22 at 20:56
  • @John Hanley That does seem to be the only explanation, and the only solution. Can you post your comment asan answer so I can mark it so? – BigTFromAZ Jun 14 '22 at 21:05

2 Answers2

1

The problem is caused by T-Mobile performing an IPv6 to IPv4 proxy.

If your customer base includes mobile devices, I recommend implementing IPv6 end-to-end. This means adding DNS AAAA resource records, configuring IPv6 listeners for load balancers, and enabling IPv6 at the virtual machines.

John Hanley
  • 74,467
  • 6
  • 95
  • 159
-1

As per the limitations provided in the Microsoft Document. When you are trying to connect only with IPV6 to Azure VM that feature is not supported. But you can try connecting with atleast one NIC IPV4.

Also, if you are trying to add IPV6 to existing IPV4 deployments, The IPV6 ranges cannot be added to existing links.

Here are the few laminations for connecting to IPV6 through Azure DNS.

enter image description here

You can go through the Microsoft Document for complete Overview on connecting IPV6 with Azure DNS.

SaiSakethGuduru
  • 2,218
  • 1
  • 5
  • 15
  • I'm not trying for IPv6 only, in fact it's just the opposite. It's IPv4 only environment. In fact, the entire zone is IPv4 only, However, DNS lookups are returning an IPv6 address that's not in the zone file. – BigTFromAZ Jun 13 '22 at 18:31
  • Further note that the issue only occurs on phones that prefer IPv6. Older phones that prefer IPv4 work fine. – BigTFromAZ Jun 13 '22 at 18:49