Mastodawn

Mildly cursed factoid about UNC paths:

- UNC Paths can contain IP addresses such as \\192.168.1.1\share
- IPv6 addresses are supported as well
- IPv6 addresses contain colons
- can't have colons in Windows paths since colons are reserved for drive letters

So Microsoft came up with the the ipv6-literal.net domain that's special-cased by Windows so you can to write IPv6 addresses in UNC paths as 2a0e-3c0--21.ipv6-literal.net without it hitting any resolvers.

Lukas Jul 18, 2025

Turns out, it's worse than this: The ipv6-literal.net shenanigans aren't limited to UNC paths.

It works in all places:
> ping 2a0e-3c0--21.ipv6-literal.net

Pinging 2a0e:3c0::21 with 32 bytes of data:

Also works in browsers: http://2a0e-3c0--21.ipv6-literal.net/

Thanks to @casandro for asking.

mirabilos Jul 18, 2025

@karotte @casandro "server name not found"

m0xEE Jul 18, 2025

@[email protected]
I thinks it's Windows exclusive 😄

@[email protected] @[email protected]

Axel 🚴😷🐧🐪⌨ | #WeAreNatenom Jul 18, 2025

@karotte @casandro: The domain ipv6-literal.net doesn't look as if it belongs to Microsoft (as @GossiTheDog already mentioned in his posting). It is parked at GoDaddy.

Christian Huitema Jul 18, 2025

@xtaran @karotte @casandro @GossiTheDog

That's an old one! We came up with it for IPv6 when I was working at Microsoft. I think it was introduced in Windows XP SP1. We were worried that typing addresses like 2001:2:3::abcd was not going to work well in a variety of user interfaces, hence the "2001-2-3--abcd.ipv6-literal.net" hack. One of the team members (maybe me, not sure now) registered it on a personal account, and then transferred ownership to Microsoft before shipping.

webhat Jul 18, 2025

@karotte @casandro someone registered this domain name on GoDaddy and hosts it on Amazon

Stuart Longland (VK4MSL)Jul 18, 2025

@karotte @casandro Not on Linux it seems:

```
stuartl@vk4msl-tp:~$ ping 2a0e-3c0--21.ipv6-literal.net
ping: 2a0e-3c0--21.ipv6-literal.net: Name or service not known
stuartl@vk4msl-tp:~$ uname -a
Linux vk4msl-tp 6.12.12+bpo-rt-amd64 #1 SMP PREEMPT_RT Debian 6.12.12-1~bpo12+1 (2025-02-23) x86_64 GNU/Linux
```

Christian Berger DECT 2763 Jul 18, 2025

@stuartl @karotte Yeah it's a Windows only thingy, but only few Windows variants even come with an IP-stack in their default installation... and only a few of them even have an IPv6 stack available. So it might be largely irrelevant.

Stuart Longland (VK4MSL)Jul 18, 2025

@casandro @karotte

As I recall…
Windows 2000 had IPv6 as a "technology preview" that had to be separately downloaded and installed.
Windows XP whad it disabled by default, but did otherwise ship with it.
Windows Vista and later turned it on by default.

Anything currently supported by Microsoft right now will have it turned on unless the user/administrator turns it off manually.

So "only few" actually covers a lot of users.

Christian Berger DECT 2763 Jul 18, 2025

@stuartl @karotte Did Microsoft start support their operating systems again? I always thought they stopped providing free support in the mid 1990s, reducing their post-sales involvement to bug-fixes.

Stuart Longland (VK4MSL)Jul 18, 2025

@casandro @karotte "Support" in the form of security fixes and service packs.

The bare minimum.

Christian Berger DECT 2763 Jul 18, 2025

@stuartl @karotte Also I know there is a very loud Windows XP fanbase out there, but outside of some companies and statistics based on web-ad servers, I don't think Microsoft still has a wide market share. I did make some cursory statistics during a camping trip in 2009... and there the market share was well below 10%.

Jernej Simončič �Jul 18, 2025

@casandro @stuartl @karotte IPv6 is mandatory since Vista, and while you can turn it off, that puts your system in a state that's not supported by Microsoft (and there are things that break with IPv6 disabled).

Zehka Jul 18, 2025

@karotte @casandro To add insult to injury there isn't even an AAAA record, only A on the public DNS

schrotthaufen Jul 18, 2025

@karotte @casandro @catsalad Looks about as cursed as `curl http://2398796366`

✧✦Catherine✦✧Jul 18, 2025

@karotte that's horrifying. thanks

rootfake Jul 18, 2025

@whitequark @karotte Thanks, I hate it!

Jona Joachim Jul 19, 2025

@whitequark
Let's hope they will never forget to renew that domain
@karotte

Patrick Mevzek Jul 19, 2025

@jaj @whitequark @karotte Right now the domain has `clientRenewProhibited` EPP status and expires next June.

Andreas, DJ3EI, he/him Jul 25, 2025

Whether that domain exists or what its DNS servers say is only relevant for users of other, non-Microsoft OSs.

@jaj @whitequark @karotte

Jona Joachim Jul 25, 2025

@dj3ei
Yes. This could be relevant for cross OS platforms like .NET and Java and for Windows developers that move to Unix / Apple platforms. And who knows where these platforms will be in 5 years. At least they could have chosen an invalid TLD instead of .net
@whitequark @karotte

🌸 lily 🏳️‍⚧️

θΔ ⋐ & ∞Jul 18, 2025

@karotte why did they do it like that

neofox_googly_shocked

Lukas Jul 18, 2025

@tauon I mean, what else could they have done? I agree that the solution is a bit bonkers, but I don't immediately see any other viable solutions that don't conflict with anything else.

They could at least held on to the ipv6-literal.net domain.

Juli Jane Jul 18, 2025

@karotte @tauon What else they could have done? Well maybe implement some logic which does not make any use of colons in a path impossible. It would be quite clear in this use case that it can't be meant as a drive name.

🌸 lily 🏳️‍⚧️

θΔ ⋐ & ∞Jul 18, 2025

@julijane @karotte it's too late for that

Wladimir Palant Jul 18, 2025

@julijane @karotte @tauon They probably missed their chance back when UNC paths were introduced. And now way too much software depends on UNC paths being structured in a particular way, breaking backwards compatibility is an absolute no-go. You have to wait for Microsoft to introduce yet another path type, might even happen within your lifetime.

Jernej Simončič �Jul 18, 2025

@julijane @karotte @tauon Colons are also used as a separator for NTFS named streams…

Ge0rG ➡️ Easter-H-Egg Jul 19, 2025

@julijane
But that would break all the legacy programs using `strtok(..., ":")` to separate the driver letter! It's a CON!
@karotte @tauon

🌸 lily 🏳️‍⚧️

θΔ ⋐ & ∞Jul 18, 2025

@karotte
- changed unc parsing to support ipv6 (perhaps \\[2a0e-3c0--21]\share?)
- i was going to say use ip6.arpa but those don't seem to require AAAA records that point to the requested ip so that's not an option
- use a different domain that's not ipv6-literal.net that won't ever be resolved (i forget in what circumstances underscores are allowed, but 2a0e-3c0--21._ip6?)
- probably something better that i'm not realising

cat::<kleinesFilmröllchen>Jul 18, 2025

@karotte @tauon

> They could at least held on to the ipv6-literal.net domain.

They could have used ipv6-literal.arpa and probably even gotten it through IANA, though I don't remember if Microsoft literally ever engaged with the IETF.

(also @tauon you don't need to have DNS records for these domains if you just specify that there are none)

chrysn Jul 19, 2025

@filmroellchen @karotte @tauon I adree that .arpa would have been the right choice. And they do engage in IETF activities (with very good people at that), so IDK why this went so wrong. What I've seen in other companies is that they design good things there and then management decides not to ship it, maybe that happened here too.

chrysn Jul 19, 2025

@filmroellchen @karotte @tauon That'd also have spared us RFC6874 and the whole mess of https://datatracker.ietf.org/doc/draft-ietf-6man-zone-ui/

Entering IPv6 Zone Identifiers in User Interfaces

This document describes how the zone identifier of an IPv6 scoped address, defined in the IPv6 Scoped Address Architecture (RFC 4007), should be entered into a user interface. It obsoletes RFC 6874 and updates RFC 4007, RFC 7622 and RFC 8089. Discussion Venue This note is to be removed before publishing as an RFC. Discussion of this document takes place on the 6MAN mailing list ([email protected]), which is archived at https://mailarchive.ietf.org/arch/browse/ipv6/ (https://mailarchive.ietf.org/arch/browse/ipv6/).

IETF Datatracker

🌸 lily 🏳️‍⚧️

θΔ ⋐ & ∞Jul 19, 2025

@filmroellchen @karotte
@karotte @[email protected]

you don't need to have DNS records for these domains if you just specify that there are nonewhat do you mean?

cat::<kleinesFilmröllchen>Jul 19, 2025

@tauon @karotte this would be a new .arpa domain, which you can specify to have whatever behavior you want through an RFC or the IANA registration. this is why i wouldn’t go with ip6.arpa since it has defined behavior and requires the various PTR records for rDNS.

🌸 lily 🏳️‍⚧️

θΔ ⋐ & ∞Jul 19, 2025

@filmroellchen @karotte ohh okay i see ^^

SnowFox Jul 18, 2025

@karotte @tauon Huh, I missed the bit where they let it lapse! Domain-parked by GoDaddy, how wonderful.

Presumably that means whoever buys it off them will be the proud owner of a domain that nobody on Windows can resolve.

pathetic piss kitten Jul 18, 2025

@karotte @tauon couldn't they just keep using dots?

🌸 lily 🏳️‍⚧️

θΔ ⋐ & ∞Jul 18, 2025

@kitten @karotte wouldn't it get parsed as a domain? ig they could add square brackets syntax to unc though

pathetic piss kitten Jul 18, 2025

@tauon @karotte I mean

wouldn't the same apply to IPv4? and it doesn't seem to be an issue

pathetic piss kitten Jul 18, 2025

@tauon @karotte oh but IPv6 has letters...

draeath Jul 18, 2025

@kitten @tauon @karotte both of them should be interpreted as an integer, that's all that they are. The dots/colons are just there to make it easier on people.

This works in most browsers FYI, at least for v4 - take your router's IP and slap it in your address bar as an integer instead and it'll navigate to your router.

🌸 lily 🏳️‍⚧️

θΔ ⋐ & ∞Jul 18, 2025

@kitten @karotte no cause ipv4 can only have numbers and domains have to at least have a letter i think

mwguy Jul 19, 2025

@karotte @tauon Fixed their unc parser to accept ipv6 addresses.

Arcaik Jul 19, 2025

@karotte @tauon They could've used a different notation, like dot separated.

🌸 lily 🏳️‍⚧️

θΔ ⋐ & ∞Jul 19, 2025

@Arcaik @karotte it would require changes to unc parsing (if you changed colons in ipv6 to dots, 2 dots could appear next to each other) which is possibly why they decided to do it this way

Tony “Abolish ICE” Arcieri🌹🦀Jul 19, 2025

@karotte @tauon wait, they *don't* control the ipv6-literal.net domain?!?!

shironeko Jul 18, 2025

@karotte and that domain is not owned by Microsoft it looks like?

radentscheiderin :ferris:Jul 18, 2025

@karotte TIL why colons are forbidden in Windows paths! I was confused when a colleague of mine using Windows wasn't able to open a file with a timestamp in the name that I sent them

Jernej Simončič �Jul 18, 2025

@pmmeurcatpics @karotte It's worse than that – : is used as stream separator on NTFS, so foo:bar refers to a named stream bar in file (or directory) named foo.

Klaus Frank Jul 18, 2025

@jernej__s @pmmeurcatpics @karotte

It's even worse than that, a few years (oh or was it almost 10 by now?) where the spooler service was able to write raw filenames to disk that bypassed all of the usual validations and you could end up with such files on disk. And you probably can imagine what trying to access such a file could have caused. I think there wasn't a way to get rid of these names except for reformatting C or Hexeditor edits of the filesystem...

aburka 🫣Jul 18, 2025

@karotte that is indeed quite cursed thank you

CyberFrog Jul 18, 2025

@karotte thanks I hate it!

Christian Berger DECT 2763 Jul 18, 2025

@karotte Does this work outside of UNC paths?

Lukas Jul 18, 2025

@casandro Turns out, yes:

> ping 2a0e-3c0--21.ipv6-literal.net

Pinging 2a0e:3c0::21 with 32 bytes of data:

Also works in browsers: http://2a0e-3c0--21.ipv6-literal.net/

Christian Berger DECT 2763 Jul 18, 2025

@karotte Faszinating, it's not a real domain, yet it feels like this could lead to a whole range of security issues.

Wladimir Palant Jul 18, 2025

@casandro @karotte Luckily no issues that wouldn’t exist without this. Anybody is free to create a real domain name that maps subdomains to arbitrary IP addresses. In fact, a number of such domain names exist.

Christian Berger DECT 2763 Jul 18, 2025

@WPalant @karotte Well I can't think of anything yet, but it does create different views on something. A Windows system would think that a certain domain exists when it doesn't.

Wladimir Palant Jul 18, 2025

@casandro @karotte The only issue that I can see would be access to the actual ipv6-literal.net domain. If some subdomains of ipv6-literal.net hit the DNS instead of being resolved internally (no idea whether they do) and if something important were happening on ipv6-literal.net (currently it doesn’t – the domain is parked), there could be some issues because anybody can effectively have their own ipv6-literal.net subdomain without consent of the domain owner (who isn’t Microsoft it seems).

Klaus Frank Jul 18, 2025

@WPalant @casandro @karotte

Well imagine a bad actor getting control over that domain and generating AAAA-RRs for all of the subdomains pointing to something else on public servers.

I don't even want to know how many firewalls and other devices you could confuse with this.
Like what happens when you send an E-Mail from an IP that has a PTR-RR pointing towards one of these?

Questions over questions...

ShadSterling Jul 22, 2025

@agowa338 @WPalant @casandro @karotte now I’m expecting someone to buy the domain and set it up to go to pages that will offer to restore the old resolution per-subdomain for an exorbitant fee