1.1.1.1/help taking too long, IPv6 requests blocked by CORS

https://1.1.1.1/help#eyJpc0NmIjoiWWVzIiwiaXNEb3QiOiJObyIsImlzRG9oIjoiWWVzIiwicmVzb2x2ZXJJcC0xLjEuMS4xIjoiWWVzIiwicmVzb2x2ZXJJcC0xLjAuMC4xIjoiWWVzIiwicmVzb2x2ZXJJcC0yNjA2OjQ3MDA6NDcwMDo6MTExMSI6Ik5vIiwicmVzb2x2ZXJJcC0yNjA2OjQ3MDA6NDcwMDo6MTAwMSI6Ik5vIiwiZGF0YWNlbnRlckxvY2F0aW9uIjoiR1JVIiwiaXNXYXJwIjoiTm8iLCJpc3BOYW1lIjoiQ2xvdWRmbGFyZSIsImlzcEFzbiI6IjEzMzM1In0=

Hi @cbrandt , can you share what the output of

$ curl -s -o /dev/null -D - https://ipv6a.cloudflare-dns.com/resolvertest | grep access
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
access-control-expose-headers: Content-Length,Content-Range,CF-RAY

$ curl -s -o /dev/null -D - https://ipv6b.cloudflare-dns.com/resolvertest | grep access
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
access-control-expose-headers: Content-Length,Content-Range,CF-RAY

Clear the cache might help if you don’t find these CROS control headers.

Hi @Hunts,

I get empty results, with or without piping to grep.

I run curl out of a Ubuntu installation on a Windows / WSL, don’t know how to clear its cache (if that’s what you mean)

Oh, I meant clear browser cache. But since your curl output also don’t have the headers, there might be other issues.

Can you share the full output of the curl commands without grep?

Copying and pasting the curl command as provided, I get nothing in return, back to the prompt. With or without grep.

I emptied Firefox’s cache and visited the URL again, same results, same errors.

Hmm, do you say the curl return nothing, i.e. no HTTP response at all. If there was a response, you should at least saw the status code, content-type kinds of info.

I’m now interested in what the output of the verbose version:

dig AAAA ipv6a.cloudflare-dns.com
dig AAAA ipv6a.cloudflare-dns.com @1.1.1.1

and

curl -v https://ipv6a.cloudflare-dns.com/resolvertest
$ dig AAAA ipv6a.cloudflare-dns.com

; <<>> DiG 9.16.1-Ubuntu <<>> AAAA ipv6a.cloudflare-dns.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2802
;; flags: qr rd ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;ipv6a.cloudflare-dns.com. IN AAAA

;; ANSWER SECTION:
ipv6a.cloudflare-dns.com. 0 IN AAAA 2606:4700:4700::1001

;; Query time: 20 msec
;; SERVER: 172.28.240.1#53(172.28.240.1)
;; WHEN: Wed Feb 02 11:37:29 -03 2022
;; MSG SIZE rcvd: 94

$ dig AAAA ipv6a.cloudflare-dns.com @1.1.1.1

; <<>> DiG 9.16.1-Ubuntu <<>> AAAA ipv6a.cloudflare-dns.com @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13642
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;ipv6a.cloudflare-dns.com. IN AAAA

;; ANSWER SECTION:
ipv6a.cloudflare-dns.com. 300 IN AAAA 2606:4700:4700::1001

;; Query time: 20 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Wed Feb 02 11:38:06 -03 2022
;; MSG SIZE rcvd: 81

$ curl -v https://ipv6a.cloudflare-dns.com/resolvertest
* Could not resolve host: ipv6a.cloudflare-dns.com
* Closing connection 0
curl: (6) Could not resolve host: ipv6a.cloudflare-dns.com
$

Hmm, I don’t know what your dns related settings are in your system. This command should make the curl return something:

curl -v --resolve ipv6a.cloudflare-dns.com:443:2606:4700:4700::1001 https://ipv6a.cloudflare-dns.com/resolvertest

but it still cannot answer what the response your browsers received. From your screenshot, looks like the hostname did resolve. If you are able to dump the HTTP response the browser receives, that would really help.

$ curl -v --resolve ipv6a.cloudflare-dns.com:443:2606:4700:4700::1001 https://ipv6a.cloudflare-dns.com/resolvertest
* Added ipv6a.cloudflare-dns.com:443:2606:4700:4700::1001 to DNS cache
* Hostname ipv6a.cloudflare-dns.com was found in DNS cache
*   Trying 2606:4700:4700::1001:443...
* TCP_NODELAY set
* Immediate connect fail for 2606:4700:4700::1001: Network is unreachable
* Closing connection 0
curl: (7) Couldn't connect to server
$

Windows 11
Network adapter > DNS set to 1.1.1.1, 1.0.0.1, and their IPv6 cousins
Router > DNS set to 1.1.1.1, 1.0.0.1, no option to set IPv6
Firefox Browser set to use DNS over HTTPS with Cloudflare as provider.

I’ve only managed to get a 200 for that curl command when I issued it from my cell phone using 4G. My cell phone has the 1.1.1.1 app with Warp+ enabled for 4G. I’ve tried both with the app enabled and disabled, and got 200 for both.

Could this be an ISP issue? My router connects to Vivo, my cellphone to TIM Brasil.

Your computer probably don’t have IPv6 connectivity? You can run a test at here: https://test-ipv6.com/

I tried to see how the help page works if I don’t have IPv6 connectivity, by adding

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1

to /etc/sysctl.conf (Linux btw). The page showed me no & no correctly because there was a network issue:

You’re right! I’m so used to having IPv6 that I never bothered to check, but it seems that my ISP dropped it, apparently in a temporary glitch. I’ve rebooted the router and I have it again.

Still, I see one of the 3 error messages while running the 1.1.1.1/test. So it sees that Firefox wrongly attributes lack of IPv6 to a browser security issue.

image

But the result now shows IPv6 connectivity:

I’m sendingthe HAR via email, in case you want to check what is leading Firefox to that misleading error msg.

Thank you @cbrandt , I reproduced the same error message on Firefox. I think it is a specific behavior of Firefox. When the hostname does not resolve, Chrome just raise NAME_NOT_RESOLVED issue, while Firefox would also raise the CORS error which I think is unnecessary or inaccurate.

Anyway, I think the error message does not impact debug information shows on the page.

2 Likes

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.