IPv6 UDP?

Hi, While waiting for support of UDP on IPv6 to arrive, would it be possible to add an option to disable Fly’s DNS servers to return AAAA records to DNS requests for selected hosts in the *.fly.dev. domain?

This might provide us a temporary workaround for situations like @tomklein and others had mentioned above.

For @thomas @kurt, this is my “Use Case”: I have managed to get TFTP servers build and run on Fly, for ex. at tftpNN.fly.io. Distributed machines connect to them using their PXE network boot options in order to chainload customised iPXE images from Anycast TFTP servers. Those iPXE images in turn load and verify signed images of NomadOS from static HTTPS servers which may also be built and run by a multi-stage Dockerfile on Fly, for example.
The HTTPS servers authenticate & authorize the iPXE clients before handing out any signed images and custom configurations.

However, TFTP clients likely fail to connect to tftpNN.fly.io because they usually prefer the AAAA over the A records if they run on hosts that are connected to dual-stack IPv4/IPv6 networks! Thus the only way to get this to work is to manually force TFTP clients to use IPv4 only ;-(

While this is tedious during manual testing, this gets difficult with PXE boot implementations on random hardware (BIOS, network interfaces). Hiding AAAA answers from these TFTP clients selectively by manipulating (local) DNS resolvers, or trying to force IPv4 only in BIOS options, etc. are not really options with distributed swarms of embedded IoT devices, or a cattle herd of servers.

I have written the TFTP server in Go using the pin/tftp client & server library. Specifically for Fly, this implementation of TFTP uses port 69/UDP only because the servers run in single-port mode, e.g. they do not negotiate a random high port for the file transfer.

Any thoughts, ideas? Thanks.

3 Likes