1.1.1.1 is usually a good bet On Jul 10, 2015 6:21 PM, "Mark Andrews" <marka@isc.org> wrote:
In message <20150710215658.GC23237@puck.nether.net>, Jared Mauch writes:
On Sat, Jul 11, 2015 at 07:41:53AM +1000, Mark Andrews wrote:
+1 and you will most probably see about 50% of the traffic being IPv6 if you do so. There is lots of IPv6 capable equipment out there just waiting to see a RA.
What I noticed when I ran a transparent HTTP proxy at my gateway where it had IPv6 on the outside but the hosts inside did not, a lot of traffic was converted from IPv4 to IPv6 on the exterior.
As the internet has been moving to HTTPS/HSTS having DHCP and client-side support of something like draft-wkumari-dhc-capport is going to become more critical as the days go by.
While attempting to trigger the captive portal at RDU this week, Boingo redirected a query for google to their HTTPS to the portal and since HSTS was enabled I had no way to proceed from there to the right location to authenticate.
There was also some other broken stuff at RDU so I ended up just using cellular data.
- Jared
-- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine.
I just type a random IP address into the browser when this sort of thing happens. Most of my connections are encrypted. Once the landing page comes up and I've clicked through a pointless terms of service they start working. If they intercept the session with their own cert I get lots of error dialogs. I then cancel the connection attempts and go the browser.
Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org