I've been wanting to set up a small game server on my home network for myself and a few friends lately. Nothing I haven't done before - except the part where I open it up to the internet for people outside of my home network to play on.
So I tried setting up a small web server to test out the port forwarding functionality of my router. Darkhttpd, running on a spare Raspberry Pi, works fine on the local network. After digging through the web interface, I find out that using IPv4 isn't an option because of how my ISP tunnels network traffic (sth sth Dual-Stack Lite)—fine by me, in 2024 we should be using IPv6 anyway. So I go and open up port 80 in my router's web interface.
This is where the problem begins. Everything looks fine, but I don't have ready access to a network outside of my own to check if the port is actually accessible from the internet. An online IPv6 open port checker I found tells me the ports are visible and that my ISP isn't blocking anything. Trying to bind a domain that I had lying around to my IP address, however, has resulted in failure.
I have no idea how to debug this. I'm pretty sure there's some issue on the DNS Server end, but I can't even tell if the rest of what I'm trying to do is working. And if it is, I have no idea of how to go about fixing the DNS thing.
Update: I got a friend to test it, and the web page is accessible from the internet. Problem lies with the DNS server
Update 2: After contacting my friend again for a sanity check, it seems that the DNS server works fine and my test website can indeed be reached through my domain—it's just that I can't reach it.
Update 3: After poking at various DNS servers, it appears that the Mullvad DNS servers which I use don't regularly update their records. I've now switched to Cloudflare. My router similarly implements some caching solution that, after much tinkering, I was unable to flush. For the time being I've just decided to fuck doing this properly and directly edit my /etc/resolv.conf
with the Cloudflare DNS servers. If I ever manage to get this working properly, I will add a final update, but for the time being, I will consider it solved.
If I understand correctly, you're now able to verify the AAAA on mobile. But you're still not able to connect to the web server from your mobile phone. Do I have that right?
I believe in a different comment here, you said that your mobile network doesn't support IPv6, and nor does a local WiFi network. In that case, it seems like your phone is performing DNS lookups just fine, but has no way to connect to an IPv6 destination.
If your desktop does have IPv6 connectivity but has DNS resolution issues, then I would now look into resolving that. To be clear, was your desktop a Linux/Unix system?
Correct on all counts. I'll try some other DNS servers later. Right now I'm using the Mullvad DNS servers, any suggestions for ones that support DNS over TLS?
I'm afraid I have no suggestions for DoT servers.
One tip for your debugging that might be useful is to use dig to directly query DNS servers, to help identify where a DNS issue may lay. For example, your earlier test on mobile happened to be using Google's DNS server on legacy IP (8.8.8.8). If you ran the following on your desktop, I would imagine that you would see the AAAA record:
dig @8.8.8.8 mydomain.example.com
If this succeeds, you know that Google's DNS server is a viable choice for resolving your AAAA record. You can then test your local network's DNS server, to see if it'll provide the AAAA record. And then you can test your local machine's DNS server (eg systemd-resolved). Somewhere, something is not returning your AAAA record, and you can slowly smoke it out. Good luck!