<div dir="ltr"><div>Hi,</div><div><br></div><div>I am setting up dnsmasq as a local DHCPv6 server and DNS server. (I am keeping my existing DHCPv4 server running on a separate appliance).</div><div><br></div><div>I am running into an issue in the following circumstances:</div><div><ul><li>auth-zone is enabled</li><li>For a given device, there is a dhcp-host entry with the device's DUID for an IPv6 address.</li><li>The device is successfully obtaining this IPv6 address.</li><li>There is an address or host-record entry for the same device's IPv4 address.</li></ul><div>When querying the DNS server for the hostname, only the DHCPv6 IPv6 address is provided, not the IPv4 address from the address or host-record entry.</div><div><br></div><div>This is problematic as I am trying to run a dual-stack network, and so need both IPv4 and IPv6 addresses readily resolvable. That said, I am not in any immediate need of help as using dynamic-host instead of address or host-record is a suitable workaround. But it would be helpful to find out whether I am missing some nuance in the configuration, or whether this is a bug.</div></div><div><br></div><div>In more detail: Consider the following dnsmasq configuration (private details have of course been modified)</div><div><br></div><blockquote style="margin:0 0 0 40px;border:none;padding:0px"><div><font face="monospace">no-resolv</font></div><div><font face="monospace">domain=<a href="http://example.org">example.org</a></font></div><div><font face="monospace">#auth-zone=<a href="http://example.org">example.org</a></font></div><div><font face="monospace">#auth-server=<a href="http://server.example.org">server.example.org</a>,<br>dhcp-range=fd00::1000,fd00::ffff,64,1h<br></font></div><div><font face="monospace">dhcp-host=id:00:00:00:01:23:45:67:89:AB:CD:EF:00:00:00, [fd00::10], Computer1<br></font></div><div><font face="monospace">address=/<a href="http://Computer1.example.org/10.0.0.10">Computer1.example.org/10.0.0.10</a></font></div><div><font face="monospace">#host-record=<a href="http://Computer1.example.org">Computer1.example.org</a>,10.0.0.10,3600</font></div><div><font face="monospace">#dynamic-host=<a href="http://Computer1.example.org">Computer1.example.org</a>, 10.0.0.10,eth0</font></div></blockquote><div><br></div><div>And assume:</div><div><ul><li>The server running dnsmasq has IPv4 10.0.0.1</li><li>Computer1 has IPv4 10.0.0.10 (either static, or obtained from a separate DHCPv4 server)</li><li>Computer1 is successfully obtaining its IPv6 lease for fd00::10 from dnsmasq</li></ul></div><div><br></div><div>(1) In the state above, providing Computer1 has obtained its IPv6 lease from dnsmasq, dnsmasq will provide both A and AAAA records for Computer1.</div><div>For example, using dig:</div><div><br></div><blockquote style="margin:0 0 0 40px;border:none;padding:0px"><div><font face="monospace">$ dig @<a href="http://10.0.0.1">10.0.0.1</a> +short <a href="http://Computer1.example.org">Computer1.example.org</a> A <a href="http://Computer1.example.org">Computer1.example.org</a> AAAA</font></div><div><font face="monospace">10.0.0.10</font></div><div><font face="monospace">fd00::10</font></div></blockquote><div><br></div><div>From my perspective this is expected behaviour.</div><div><br></div><div>(2) Now if you uncomment the auth-zone and auth-server lines, a DNS query will <b>only</b> provide an AAAA record for the IPv6 address, and no A record for the IPv4 address.</div><div>Again, using dig:</div><div><br></div><blockquote style="margin:0 0 0 40px;border:none;padding:0px"><div><font face="monospace">$ dig @<a href="http://10.0.0.1">10.0.0.1</a> +short <a href="http://Computer1.example.org">Computer1.example.org</a> A <a href="http://Computer1.example.org">Computer1.example.org</a> AAAA</font></div><div><font face="monospace">fd00::10</font></div></blockquote><div><br></div><div>From my perspective this is unexpected behaviour. The address line with the IPv4 address is for the authoritative domain, so I am unsure why it would not be included.</div><br><div>(3) If you comment out the address line and uncomment the host-record line, then DNS provides the same result as (2).</div><div>Again, this is unexpected behaviour. The host-record line is for the authoritative domain.</div><div><br></div><div>(4) If you comment out the host-record line and uncomment the dynamic-host line, then DNS provides the same result as (1).</div><div>This is expected behaviour and a suitable workaround to case (2)/(3). Although it is odd that it's inconsistent with address and host-record behaviour.</div><div><br></div><div>(5) I have also noticed that instead of using dig, one uses a Windows nslookup, Windows will declare the response as non-authoritative for case (4), but won't for case (2)/(3). Additionally if you remove the dhcp-range and dhcp-host entries, nslookup will receive the IPv4 address but again it will be marked as non-authoritative.</div><div><br></div><div>From my perspective, the behaviour in (2)/(3) is not correct (nor (5), though I don't think that will really affect me that much). The address/host-record entries are for the domain listed in auth-zone, and so should be included as authoritative records.</div><div>Indeed the dnsmasq man page more explicitly suggests that (3) is incorrect behaviour for host-record entries. It says that the authoritative zone is populated with "IPv4 and IPv6 addresses from /etc/hosts (and --addn-hosts ) and --host-record and --interface-name and ---dynamic-host provided the address falls into one of the subnets specified in the --auth-zone." (Explicitly adding a subnet to the auth-zone line makes no difference to the above tests)</div><div><br></div><div>I have tested this with the same results with the following OS and dnsmasq versions:<br></div><div><ul><li>Raspberry Pi OS Bullseye - dnsmasq 2.85-1 from RPi OS Repo</li><li>Debian Bullseye -
dnsmasq 2.85-1 from Debian Repo</li><li>Debian Sid -
dnsmasq 2.86-1.1 from Debian Repo</li><li>Debain Sid - Latest dnsmasq from the Git repo as of 2022-07-22</li></ul><div><br></div></div><div>Any help appreciated!</div><div><br></div><div>Kind regards,</div><div><br></div><div>ryt51v</div></div>