[Dnsmasq-discuss] Questions about adding IPv6 external DNS servers to dnsmasq

Simon Kelley simon at thekelleys.org.uk
Tue Oct 1 21:14:04 BST 2013


On 01/10/13 19:26, Patrick Dickey wrote:
> Hello there,
>
> I'm running a dual-stack IPv4/IPv6 network, where my IPv6 address is
> handled through a tunnel service (TunnelBroker). My router handles the
> IPv6 DHCP, but doesn't hand out the DNS server information. I have an
> Amahi Server running dnsmasq that handles my IPv4 DHCP and all DNS
> information. Currently it's only using the IPv4 DNS Servers, as it has
> never been configured with IPv6 entries.
>
> What I need to do is set dnsmasq up so that it can handle both IPv4 and
> IPv6 resolution. In the /etc/dnsmasq.conf file, I see the following
> lines
>
> # Send DHCPv6 option. Note [] around IPv6 addresses.
> #dhcp-option=option6:dns-server,[1234::77],[1234::88]
>
> # Send DHCPv6 option for namservers as the machine running
> # dnsmasq and another.
> #dhcp-option=option6:dns-server,[::],[1234::88]
>
> My questions are these:
>
> 1. If I uncomment these lines, and include the IPv6 addresses that I
> want to use (OpenDNS addresses), will this get sent out to the networked
> computers?

No, because dnsmasq is not doing DHCPv6 for your network.

> 2. If I uncomment these lines, and include the IPv6 addresses, will
> dnsmasq use those addresses to resolve IPv6?

No, that's not what they do. You can put IPv6 addresses in 
/etc/resolv.conf or server= lines in /etc/dnsmasq.conf to do that.

> 3. Do I need to include my IPv6 address for the dnsmasq (Amahi) server
> somewhere in either dnsmasq.conf or resolv.conf, in order to tell all
> networked computers to ask it for IPv6 addresses? (I ask this, because
> currently my networked computers are told to ask only the Amahi server
> for IPv4 DNS resolution, so I need that to happen with IPv6 also).

You can do. but see above and below.

> 4. What exactly do these two sets of configurations do, as the comment
> really doesn't explain it (only tells you what you're configuring)?
> 5. If editing these lines won't work, will adding the entries at the
> bottom of the dnsmasq.conf file do what I need?
>
> I'm mainly asking #4 because I can't find anything online that really
> explains what this option does, or how to actually *configure* your
> network for IPv6 DNS resolution.
>
> A final question is this: Will this work as I intend, or do I need to
> have dnsmasq handle my IPv6 DHCP also? I can either turn off the DHCP on
> my router (Cisco 2514 series), or if worse comes to worse, have the
> server handle updating my tunnel also. But, I'd prefer not to do this,
> in case the server is down (then at least I'll have IPv6 connectivity).
>
> Thank you for any information, and have a great day.:)
> Patrick.
>


So, the rules are that you can only hand out IPv6 DNS server addresses 
via DHCPv6 and IPv4 nameserver addresses via DHCPv4. But, you probably 
don't need to worry about this because a nameserver which is accessed 
via IPv4 is just as able to resolve IPv6 addresses as one accessed by 
IPv6. There's no such thing as an "IPv4 DNS server" that only knows 
about IPv4 addresses, and an "IPv6 DNS server" which only knows about 
IPv6 addresses. All DNS servers know about IPv4 (A-records) and IPv6 
(AAAA-records). They may only accept queries via IPv4, or IPv6, but 
that's irrelevant to the data they return.

So on a dual-stack system like yours, as long as the DNS system is 
functional via IPv4, that's all that's needed to resolve IPv6 addresses.
My home system only uses nameservers which are accessible via IPv4 
(that's all my ISP provides) but I can still do:

srk at beaglebone:~$ dig aaaa google.com

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> aaaa google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36132
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com.			IN	AAAA

;; ANSWER SECTION:
google.com.		81	IN	AAAA	2a00:1450:4009:803::1002

;; Query time: 24 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Tue Oct  1 20:09:11 2013
;; MSG SIZE  rcvd: 56


In other words, it's probably not a problem.


Cheers,

Simon.



>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>




More information about the Dnsmasq-discuss mailing list