[Dnsmasq-discuss] Questions about Adding IPv6 External DNS Servers to dnsmasq

Patrick Dickey pdickeybeta at gmail.com
Wed Oct 2 23:07:17 BST 2013

> Message: 4
> Date: Tue, 01 Oct 2013 21:14:04 +0100
> From: Simon Kelley <simon at thekelleys.org.uk>
> To: dnsmasq-discuss at lists.thekelleys.org.uk
> Subject: Re: [Dnsmasq-discuss] Questions about adding IPv6 external
> 	DNS servers to dnsmasq
> Message-ID: <524B2D0C.2030208 at thekelleys.org.uk>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> On 01/10/13 19:26, Patrick Dickey wrote:
> > Hello there,
> >
> > I'm running a dual-stack IPv4/IPv6 network, where my IPv6 address is
> > handled through a tunnel service (TunnelBroker). My router handles the
> > IPv6 DHCP, but doesn't hand out the DNS server information. I have an
> > Amahi Server running dnsmasq that handles my IPv4 DHCP and all DNS
> > information. Currently it's only using the IPv4 DNS Servers, as it has
> > never been configured with IPv6 entries.
> >
> > What I need to do is set dnsmasq up so that it can handle both IPv4 and
> > IPv6 resolution. In the /etc/dnsmasq.conf file, I see the following
> > lines
> >
> > # Send DHCPv6 option. Note [] around IPv6 addresses.
> > #dhcp-option=option6:dns-server,[1234::77],[1234::88]
> >
> > # Send DHCPv6 option for namservers as the machine running
> > # dnsmasq and another.
> > #dhcp-option=option6:dns-server,[::],[1234::88]
> >
> > My questions are these:
> >
> > 1. If I uncomment these lines, and include the IPv6 addresses that I
> > want to use (OpenDNS addresses), will this get sent out to the networked
> > computers?
> No, because dnsmasq is not doing DHCPv6 for your network.
> > 2. If I uncomment these lines, and include the IPv6 addresses, will
> > dnsmasq use those addresses to resolve IPv6?
> No, that's not what they do. You can put IPv6 addresses in 
> /etc/resolv.conf or server= lines in /etc/dnsmasq.conf to do that.
> > 3. Do I need to include my IPv6 address for the dnsmasq (Amahi) server
> > somewhere in either dnsmasq.conf or resolv.conf, in order to tell all
> > networked computers to ask it for IPv6 addresses? (I ask this, because
> > currently my networked computers are told to ask only the Amahi server
> > for IPv4 DNS resolution, so I need that to happen with IPv6 also).
> You can do. but see above and below.
> > 4. What exactly do these two sets of configurations do, as the comment
> > really doesn't explain it (only tells you what you're configuring)?
> > 5. If editing these lines won't work, will adding the entries at the
> > bottom of the dnsmasq.conf file do what I need?
> >
> > I'm mainly asking #4 because I can't find anything online that really
> > explains what this option does, or how to actually *configure* your
> > network for IPv6 DNS resolution.
> >
> > A final question is this: Will this work as I intend, or do I need to
> > have dnsmasq handle my IPv6 DHCP also? I can either turn off the DHCP on
> > my router (Cisco 2514 series), or if worse comes to worse, have the
> > server handle updating my tunnel also. But, I'd prefer not to do this,
> > in case the server is down (then at least I'll have IPv6 connectivity).
> >
> > Thank you for any information, and have a great day.:)
> > Patrick.
> >
> So, the rules are that you can only hand out IPv6 DNS server addresses 
> via DHCPv6 and IPv4 nameserver addresses via DHCPv4. But, you probably 
> don't need to worry about this because a nameserver which is accessed 
> via IPv4 is just as able to resolve IPv6 addresses as one accessed by 
> IPv6. There's no such thing as an "IPv4 DNS server" that only knows 
> about IPv4 addresses, and an "IPv6 DNS server" which only knows about 
> IPv6 addresses. All DNS servers know about IPv4 (A-records) and IPv6 
> (AAAA-records). They may only accept queries via IPv4, or IPv6, but 
> that's irrelevant to the data they return.
> So on a dual-stack system like yours, as long as the DNS system is 
> functional via IPv4, that's all that's needed to resolve IPv6 addresses.
> My home system only uses nameservers which are accessible via IPv4 
> (that's all my ISP provides) but I can still do:
> srk at beaglebone:~$ dig aaaa google.com
> ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> aaaa google.com
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36132
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> ;google.com.			IN	AAAA
> google.com.		81	IN	AAAA	2a00:1450:4009:803::1002
> ;; Query time: 24 msec
> ;; SERVER:
> ;; WHEN: Tue Oct  1 20:09:11 2013
> ;; MSG SIZE  rcvd: 56
> In other words, it's probably not a problem.
> Cheers,
> Simon.

Hello Simon,

Thanks for your quick response. Here's my issue, if you will. When I go
to www.test-ipv6.com and run their tests, the last one fails, because if
I ever shut off IPv4 on my network, I don't have IPv6 DNS Servers
listed. Which is what I'm trying to accomplish here. I tried adding them
to my router, but the IOS is old enough that it doesn't support
propagating them to my computers. Since Amahi moved to dnsmasq from
BIND, I want to add them to dnsmasq.

Basically all of my computers in my LAN ask my Amahi Server for their
DNS queries. It turns around and forwards them to OpenDNS for answers.
What I'd like to do is include OpenDNS's IPv6 servers in the mix.

If I'm understanding your responses correctly, for my specific case
(where the server running dnsmasq handles all queries for my LAN), I
either need to add the OpenDNS IPv6 addresses to my /etc/resolv.conf
file, or include server=IPv6-address at the end of my /etc/dnsmasq.conf
file (they can be anywhere, but at the end is probably where I'd put

Thanks again for the quick response. Have a great day.:)

P.S. I should add that while I don't intend on shutting off IPv4 on my
computers, I do want to cover my bases in case my ISP decides to do it.
Plus it's future proofing my setup.

More information about the Dnsmasq-discuss mailing list