-1

I'm trying to enable both IPv4 and IPv6 stack on SUSE 15 environment. I've assigned both IPv4 and IPv6 addresses to the same interface using /opt/vmware/share/vami/vami_set_network. Both IPv4 and IPv6 addresses are pingable.

Now I need to enable dns resolution for both IPv4 and IPv6 using dnsmasq. But when I use dig to check the dns server status, dig IPv4 address succeed while dig IPv6 address failed with refused.

Is there anything to notice to configure an IPv6 dns server with dnsmasq?

# dig 2001:db8:3333:4444:5555:6666:7777:200

; <<>> DiG 9.16.6 <<>> 2001:db8:3333:4444:5555:6666:7777:200
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 64764  <<<<<<<<<<<<<<<<<<<<<<
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;2001:db8:3333:4444:5555:6666:7777:200. IN A

;; Query time: 0 msec
;; SERVER: ::1#53(::1)
;; WHEN: Mon Sep 27 16:42:04 UTC 2021
;; MSG SIZE  rcvd: 55

# dig 172.20.10.25

; <<>> DiG 9.16.6 <<>> 172.20.10.25
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60743
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;172.20.10.25.                  IN      A

;; ANSWER SECTION:
172.20.10.25.           0       IN      A       172.20.10.25

;; Query time: 0 msec
;; SERVER: ::1#53(::1)
;; WHEN: Mon Sep 27 16:45:54 UTC 2021
;; MSG SIZE  rcvd: 57

Another issue is that, when I add both ipv4 and ipv6 record in /etc/hosts, only the ipv4 record can be resolved properly.

# cat /etc/hosts
192.168.10.10 ipv4-hostname.com
2001:db8:3333:4444:5555:6666:7777:200 ipv6-hostname.com

# dig @127.0.0.1 ipv4-hostname.com +short +time=15 +tries=3
192.168.10.10
# dig @127.0.0.1 ipv6-hostname.com +short +time=15 +tries=3
<<<<< empty result

dnsmasq server configuration is default:

# cat /etc/dnsmasq.conf | grep -v '^#' | grep -v '^$'
conf-dir=/etc/dnsmasq.d/,*.conf

Here's the hostname dig result, refused as well:

# dig ipv6-hostname.com

; <<>> DiG 9.16.6 <<>> ipv6-hostname.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 4887
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;ipv6-hostname.com.                  IN      A

;; Query time: 0 msec
;; SERVER: ::1#53(::1)
;; WHEN: Tue Sep 28 08:24:45 UTC 2021
;; MSG SIZE  rcvd: 30

Port status:

# netstat -lnp | grep dnsmasq
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      19455/dnsmasq
tcp6       0      0 :::53                   :::*                    LISTEN      19455/dnsmasq
udp        0      0 0.0.0.0:53              0.0.0.0:*                           19455/dnsmasq
udp6       0      0 :::53                   :::*                                19455/dnsmasq

Seems both ipv4 and ipv6 wildcard are listening in the environment. Not sure why ipv6 dig kept being refused.

cynkiller
  • 1
  • 1
  • You are querying a local dnsmasq server? What is its configuration? – Michael Hampton Sep 27 '21 at 13:05
  • It should be a default dnsmasq server. No extra options configured. # cat /etc/dnsmasq.conf | grep -v '^#' | grep -v '^$' conf-dir=/etc/dnsmasq.d/,*.conf – cynkiller Sep 27 '21 at 15:12
  • A good catch. I found the ipv6 hostname can be resolved from outside, but it failed to be resolved locally. But I need to use the local dns server.. – cynkiller Sep 27 '21 at 15:21
  • `dig` does `A` requests by default and those records only make sense on hostnames not on IP addresses. Your 2 `dig` traces do not show anything useful really (and second one can be considered a protocol violation) – Patrick Mevzek Sep 27 '21 at 15:48
  • "Now I need to enable dns resolution for both IPv4 and IPv6 using dnsmasq." What does that mean? IP addresses do not need "resolution". They work as is. Names and hostnames need resolution (towards IP addresses). – Patrick Mevzek Sep 27 '21 at 15:49
  • @PatrickMevzek Yes exactly. I mean resolution for hostname. The ip address resolved from the hostname could be IPv4 or IPv6, currently only IPv4 addresses can be correctly resolved locally. – cynkiller Sep 27 '21 at 16:13
  • "I mean resolution for hostname. " Then show `dig` outputs when querying for the hostnames, not for IP addresses... – Patrick Mevzek Sep 27 '21 at 16:15
  • Did you look to see if any files were in that conf-dir? – Michael Hampton Sep 27 '21 at 18:55
  • @MichaelHampton There's only one trust-anchors.conf file under /etc/dnsmasq.d folder recording two trust-anchor. – cynkiller Sep 28 '21 at 01:17
  • @PatrickMevzek If I dig hostname, the result is also being refused. I've added the result in the content. – cynkiller Sep 28 '21 at 01:21
  • As @PatrickMevzek said, `dig` defaults to `A`. Do `dig @127.0.0.1 ipv6-hostname AAAA`. – dave_thompson_085 Sep 28 '21 at 01:53
  • @dave_thompson_085 Oh! I missed this, when switching to AAAA, everything went fine. Thanks for the reminding! – cynkiller Sep 28 '21 at 02:01

1 Answers1

0

For IPv6 hostname resolution, remember to add AAAA in the command line arguments:

dig @<server> <hostname> AAAA

cynkiller
  • 1
  • 1
  • If you don't need all the detail that `dig` provides, consider using `host` instead. It will by default look up A, AAAA and MX records in one invocation and print them in a relatively compact format. – Michael Hampton Sep 28 '21 at 09:53