3
And if so, how is this supposed to work? Is the client supposed to attach the interface identifier himself, based on the interface the assignment came through?
barbaz
Posted 2011-09-03T11:55:44.080
Reputation: 2 696
Is an RDNSS or DHCPv6 server allowed to distribute a link-local IP address as DNS server?
Answers
1
RDNSS
The newly updated (March 2017) definition of RDNSS, RFC 8106, says in section 5.1:
Note: The addresses for RDNSSes in the RDNSS option MAY be link-local addresses. Such link-local addresses SHOULD be registered in the Resolver Repository along with the corresponding link zone indices of the links that receive the RDNSS option(s) for them. The link-local addresses MAY be represented in the Resolver Repository with their link zone indices in the textual format for scoped addresses as described in [RFC4007]. When a resolver sends a DNS query message to an RDNSS identified by a link-local address, it MUST use the corresponding link.
Presumably this was added to indicate that using link-local DNS servers should be acceptable, and as you say the host needs to ensure it keeps its interface identifiers straight in that case.
As with anything related to new IPv6 standards, support in your favorite operating system to be able to actually use what's being announced will vary, but hopefully eventually vendors will sign on and implement it. It's reported on Wikipedia that "Windows 10 Creators Update introduces support for RFC 8106 RDNSS", though there's no citation for that as of this writing, I haven't independently verified it, and I don't know if its support includes this feature.
DHCPv6
I haven't found any similar updates that clarify the situation for DNS servers specified in DHCPv6 options. Suffice it to say, I wouldn't expect it to work consistently across various systems.
Workarounds
Until there's a standard (specified or de-facto) method to specify link-local DNS servers to network clients, in any non-lab scenario it's probably best to use real global addresses or at least Unique Local Addresses, since those are what most software is expecting.
2
Interesting. The RFCs don't mention anything about using link-local. I just tried it with a Juniper SSG5 as DHCPv6 server and Mac OS X Lion as client, and it did seem to work :-) The interface that received the DHCP packet became the outgoing interface for the request.
It can make debugging awfully complicated though...
Sander Steffann
Posted 2011-09-03T11:55:44.080
Reputation: 4 169
are you sure? i'm using mac os x lion, too, and when my radvd distributes a link-local dns via RDNSS, i dont get an interface identifier on the IP set by mac os and all DNS requests time out. Also, leaving RDNSS/DHCPv6 apart - the network dialog does not even allow the IP address to contain a % character, if you want to configure the DNS manually – barbaz – 2011-09-03T13:02:06.707
I just checked with Wireshark, and you are right, I don't see the request. Must have been either cached settings or cached results. – Sander Steffann – 2011-09-03T21:48:37.980
So: new conclusion! Although it could work it's not implemented at the moment, so don't use link-local addresses for DNS! :-) – Sander Steffann – 2011-09-03T21:49:22.357
While I can't think of any valid reason to do so, it's not mentioned/forbidden anywhere. Is this just curiosity, or why would you want to do this? – WhyNotHugo – 2014-05-19T11:25:29.000