Popular Posts

Sunday, 28 August 2022

Using IPv6 with your Custom Domain on Blogger

If you want your custom domain on Blogger, you will most likely just use the typical two CNAME records. This is all easy if you use Google Domains. Instant verification and does all the DNS handling for you no problem. But you might not be using Google Domains and want to redirect your root domain. That doesn't use CNAME because you actually cannot put CNAMEs at the root domain level. This is supposed to be solved by CNAME flattening (sometimes called ANAME or ALIAS records) but you still cannot put IP addresses in either a CNAME or an ALIAS record because these are meant to resolve to IP addresses. Wanting to put an IP address at the root domain using CNAME is called an A/AAAA record.

For Google Domains users, this is dealt with by just checking the box. For non-Google Domains users, Google has documentation on setting this up. But it's missing something: the AAAA records (IPv6). Something even more interesting? Google Domains deals with both A records and AAAA records. Fear not, this is easy to solve.

It should be no surprise that we have exhausted all IPv4 addresses many years ago and IANA of ICANN has depleted all available free IPv4 addresses many, many years ago and have been recycling IPv4 addresses since 2014.

IPv6 is supposed to be used and we could have silently deprecated IPv4 from production, but a mixture of IPv4 zealots, pointless technical politics, critical infrastructure software and hardware made under the assumption IPv4 will never run out / IPv6 does not exist, and added complexity of IPv6 have severely hindered this to the point where we aren't dropping IPv4 for the foreseeable future and people are seriously recommending we make routable to scrape up the remaining breadcrumbs of IPv4. This is obviously a terrible idea for a bajillion reasons and we'll probably see airplanes crashing and burning because of this, but this draft RFC is expiring this September so we should be okay assuming these people don't try it again. Sane-minded people didn't like this proposal anyways for a good reason. If you want to scrape up IPv4 bread chunks instead of breadcrumbs, consider dealing with the amount of IP addresses the US Department of Defense has assigned and companies that don't need them like Ford and Apple. Oh wait, that isn't going to happen. Cool so let's consider IPv6, yeah?

Okay, end rant. Anyways, the Google support page only shows IPv4 addresses, but Google Domains will assign IPv6 addresses. Let's fix that by giving you the IPv6 addresses that you need to use.

Citing a Reddit post on r/blogpost shows the IPv4 addresses on the Google support page, but 4 other IPv6 addresses that are associated with Google. I remember seeing this, and doing a tiny bit of OSINT using AbuseIPDB can help prove that these addresses belong to Google, but you always want to be sure. Now that I have Google Domains and viewing the DNS records show the IPv6 and IPv4 addresses, we can confirm this:

Screenshot of my DNS records panel for the "Blog hosting" section in Google Domains
Same IP addresses!

So this does prove that if you want IPv6 on your custom root domain using Blogger without Google Domains as a registrar, you can enter the following DNS records (substitute my domain with yours).

AAAA records:

terezi.dev. 3600 IN AAAA 2001:4860:4802:32::15
terezi.dev. 3600 IN AAAA 2001:4860:4802:34::15
terezi.dev. 3600 IN AAAA 2001:4860:4802:36::15
terezi.dev. 3600 IN AAAA 2001:4860:4802:38::15

A records:

terezi.dev. 3600 IN A
terezi.dev. 3600 IN A
terezi.dev. 3600 IN A
terezi.dev. 3600 IN A

No comments:

Post a Comment

Commenting on this blog means you consent to Blogger's (Google) Privacy Policy and Terms of Service and including the policies for any captcha services used.

You also consent that moderation actions of this comment section are at the discretion of the moderators and all decisions made are final. Moderation actions may include, but are not limited to blocking your IP address, removing or hiding your comments, reports to Blogger/Google regarding your comments and any information about the offender if possible at which point the organisation may perform their own actions listed or not listed here, approving/denying comments in specific circumstances such as potentially abusive content or reviewing agreeable or disagreeable opinions/topics, and if need be reports to local or national law enforcement to the fullest extent.

In general, be nice, don't be rude, and be civil.

Newest Post

Windows, OpenSSH, and FIDO2

Being able to use your FIDO2 key (e.g. Yubikey) for OpenSSH is amazing, as long as you're on Linux. For some reason, Windows has very li...