Join Log in
Score:-1
cynkiller avatar Server

IPv6 dnsmasq dig refused

jp flag
cynkiller

I'm trying to enable both IPv4 and IPv6 stack on SUSE 15 environment. I've assigned both IPv4 and IPv6 addresses to the same interface using /opt/vmware/share/vami/vami_set_network. Both IPv4 and IPv6 addresses are pingable.

Now I need to enable dns resolution for both IPv4 and IPv6 using dnsmasq. But when I use dig to check the dns server status, dig IPv4 address succeed while dig IPv6 address failed with refused.

Is there anything to notice to configure an IPv6 dns server with dnsmasq?

# dig 2001:db8:3333:4444:5555:6666:7777:200

; <<>> DiG 9.16.6 <<>> 2001:db8:3333:4444:5555:6666:7777:200
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 64764  <<<<<<<<<<<<<<<<<<<<<<
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;2001:db8:3333:4444:5555:6666:7777:200. IN A

;; Query time: 0 msec
;; SERVER: ::1#53(::1)
;; WHEN: Mon Sep 27 16:42:04 UTC 2021
;; MSG SIZE  rcvd: 55

# dig 172.20.10.25

; <<>> DiG 9.16.6 <<>> 172.20.10.25
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60743
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;172.20.10.25.                  IN      A

;; ANSWER SECTION:
172.20.10.25.           0       IN      A       172.20.10.25

;; Query time: 0 msec
;; SERVER: ::1#53(::1)
;; WHEN: Mon Sep 27 16:45:54 UTC 2021
;; MSG SIZE  rcvd: 57

Another issue is that, when I add both ipv4 and ipv6 record in /etc/hosts, only the ipv4 record can be resolved properly.

# cat /etc/hosts
192.168.10.10 ipv4-hostname.com
2001:db8:3333:4444:5555:6666:7777:200 ipv6-hostname.com

# dig @127.0.0.1 ipv4-hostname.com +short +time=15 +tries=3
192.168.10.10
# dig @127.0.0.1 ipv6-hostname.com +short +time=15 +tries=3
<<<<< empty result

dnsmasq server configuration is default:

# cat /etc/dnsmasq.conf | grep -v '^#' | grep -v '^$'
conf-dir=/etc/dnsmasq.d/,*.conf

Here's the hostname dig result, refused as well:

# dig ipv6-hostname.com

; <<>> DiG 9.16.6 <<>> ipv6-hostname.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 4887
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;ipv6-hostname.com.                  IN      A

;; Query time: 0 msec
;; SERVER: ::1#53(::1)
;; WHEN: Tue Sep 28 08:24:45 UTC 2021
;; MSG SIZE  rcvd: 30

Port status:

# netstat -lnp | grep dnsmasq
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      19455/dnsmasq
tcp6       0      0 :::53                   :::*                    LISTEN      19455/dnsmasq
udp        0      0 0.0.0.0:53              0.0.0.0:*                           19455/dnsmasq
udp6       0      0 :::53                   :::*                                19455/dnsmasq

Seems both ipv4 and ipv6 wildcard are listening in the environment. Not sure why ipv6 dig kept being refused.

245
0 + 0
Michael Hampton avatar
cz flag
Michael Hampton
You are querying a local dnsmasq server? What is its configuration?
0
Reply
cynkiller avatar
jp flag
cynkiller
It should be a default dnsmasq server. No extra options configured. # cat /etc/dnsmasq.conf | grep -v '^#' | grep -v '^$' conf-dir=/etc/dnsmasq.d/,*.conf
0
Reply
cynkiller avatar
jp flag
cynkiller
A good catch. I found the ipv6 hostname can be resolved from outside, but it failed to be resolved locally. But I need to use the local dns server..
0
Reply
Patrick Mevzek avatar
cn flag
Patrick Mevzek
`dig` does `A` requests by default and those records only make sense on hostnames not on IP addresses. Your 2 `dig` traces do not show anything useful really (and second one can be considered a protocol violation)
0
Reply
Patrick Mevzek avatar
cn flag
Patrick Mevzek
"Now I need to enable dns resolution for both IPv4 and IPv6 using dnsmasq." What does that mean? IP addresses do not need "resolution". They work as is. Names and hostnames need resolution (towards IP addresses).
0
Reply
cynkiller avatar
jp flag
cynkiller
@PatrickMevzek Yes exactly. I mean resolution for hostname. The ip address resolved from the hostname could be IPv4 or IPv6, currently only IPv4 addresses can be correctly resolved locally.
0
Reply
Patrick Mevzek avatar
cn flag
Patrick Mevzek
"I mean resolution for hostname. " Then show `dig` outputs when querying for the hostnames, not for IP addresses...
0
Reply
Michael Hampton avatar
cz flag
Michael Hampton
Did you look to see if any files were in that conf-dir?
0
Reply
cynkiller avatar
jp flag
cynkiller
@MichaelHampton There's only one trust-anchors.conf file under /etc/dnsmasq.d folder recording two trust-anchor.
0
Reply
cynkiller avatar
jp flag
cynkiller
@PatrickMevzek If I dig hostname, the result is also being refused. I've added the result in the content.
0
Reply
dave_thompson_085 avatar
jp flag
dave_thompson_085
As @PatrickMevzek said, `dig` defaults to `A`. Do `dig @127.0.0.1 ipv6-hostname AAAA`.
0
Reply
cynkiller avatar
jp flag
cynkiller
@dave_thompson_085 Oh! I missed this, when switching to AAAA, everything went fine. Thanks for the reminding!
0
Reply
Score:0
cynkiller avatar Server
jp flag
cynkiller

For IPv6 hostname resolution, remember to add AAAA in the command line arguments:

dig @<server> <hostname> AAAA

0 + 0
Michael Hampton avatar
cz flag
Michael Hampton
If you don't need all the detail that `dig` provides, consider using `host` instead. It will by default look up A, AAAA and MX records in one invocation and print them in a relatively compact format.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.