[Dnsmasq-discuss] Questions about Adding IPv6 External DNS Servers to dnsmasq
uwe at thetaphi.de
Thu Oct 3 12:27:56 BST 2013
if the failing test is only the last one: "Your DNS server (possibly run by your ISP) appears to have no access to the IPv6 internet, or it is not configured to use it", then you are perfectly fine! The message is a little bit misleading, but if you understand what's happening its quite clear:
This test checks, if the *last* nameserver in the chain uses IPv6 to connect the nameserver responsible for the requested domain (the trick they use is to return a different IP address for requests coming in with IPv4 and IPv6). As dnsmasq does not do recursive lookups and just delegates to another nameserver at your ISP (or OpenDNS,as you configured it), your ISP's caching nameserver does this request to the final destination. If this connection (ISP nameserver -> responsible nameserver) is done by IPv4, the test fails. It does not matter if your own nameserver uses IPv6 or if your own nameserver connects via IPv6 to the ISP's nameserver. Here is only tests if the connection to the responsible final nameserver is done via IPv6. As you have no access to your ISP's nameserver, there is nothing you can do. And it does not matter at all. If your ISP switches to IPv6 completely, they have to fix this, too - but it is out of your control.
H.-H.-Meier-Allee 63, D-28213 Bremen
eMail: uwe at thetaphi.de
> -----Original Message-----
> From: dnsmasq-discuss-bounces at lists.thekelleys.org.uk [mailto:dnsmasq-
> discuss-bounces at lists.thekelleys.org.uk] On Behalf Of Patrick Dickey
> Sent: Thursday, October 03, 2013 12:07 AM
> To: dnsmasq-discuss at lists.thekelleys.org.uk
> Subject: Re: [Dnsmasq-discuss] Questions about Adding IPv6 External DNS
> Servers to dnsmasq
> > Message: 4
> > Date: Tue, 01 Oct 2013 21:14:04 +0100
> > From: Simon Kelley <simon at thekelleys.org.uk>
> > To: dnsmasq-discuss at lists.thekelleys.org.uk
> > Subject: Re: [Dnsmasq-discuss] Questions about adding IPv6 external
> > DNS servers to dnsmasq
> > Message-ID: <524B2D0C.2030208 at thekelleys.org.uk>
> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> > On 01/10/13 19:26, Patrick Dickey wrote:
> > > Hello there,
> > >
> > > I'm running a dual-stack IPv4/IPv6 network, where my IPv6 address is
> > > handled through a tunnel service (TunnelBroker). My router handles
> > > the
> > > IPv6 DHCP, but doesn't hand out the DNS server information. I have
> > > an Amahi Server running dnsmasq that handles my IPv4 DHCP and all
> > > DNS information. Currently it's only using the IPv4 DNS Servers, as
> > > it has never been configured with IPv6 entries.
> > >
> > > What I need to do is set dnsmasq up so that it can handle both IPv4
> > > and
> > > IPv6 resolution. In the /etc/dnsmasq.conf file, I see the following
> > > lines
> > >
> > > # Send DHCPv6 option. Note  around IPv6 addresses.
> > > #dhcp-option=option6:dns-server,[1234::77],[1234::88]
> > >
> > > # Send DHCPv6 option for namservers as the machine running # dnsmasq
> > > and another.
> > > #dhcp-option=option6:dns-server,[::],[1234::88]
> > >
> > > My questions are these:
> > >
> > > 1. If I uncomment these lines, and include the IPv6 addresses that I
> > > want to use (OpenDNS addresses), will this get sent out to the
> > > networked computers?
> > No, because dnsmasq is not doing DHCPv6 for your network.
> > > 2. If I uncomment these lines, and include the IPv6 addresses, will
> > > dnsmasq use those addresses to resolve IPv6?
> > No, that's not what they do. You can put IPv6 addresses in
> > /etc/resolv.conf or server= lines in /etc/dnsmasq.conf to do that.
> > > 3. Do I need to include my IPv6 address for the dnsmasq (Amahi)
> > > server somewhere in either dnsmasq.conf or resolv.conf, in order to
> > > tell all networked computers to ask it for IPv6 addresses? (I ask
> > > this, because currently my networked computers are told to ask only
> > > the Amahi server for IPv4 DNS resolution, so I need that to happen with
> IPv6 also).
> > You can do. but see above and below.
> > > 4. What exactly do these two sets of configurations do, as the
> > > comment really doesn't explain it (only tells you what you're
> > > 5. If editing these lines won't work, will adding the entries at the
> > > bottom of the dnsmasq.conf file do what I need?
> > >
> > > I'm mainly asking #4 because I can't find anything online that
> > > really explains what this option does, or how to actually
> > > *configure* your network for IPv6 DNS resolution.
> > >
> > > A final question is this: Will this work as I intend, or do I need
> > > to have dnsmasq handle my IPv6 DHCP also? I can either turn off the
> > > DHCP on my router (Cisco 2514 series), or if worse comes to worse,
> > > have the server handle updating my tunnel also. But, I'd prefer not
> > > to do this, in case the server is down (then at least I'll have IPv6
> > >
> > > Thank you for any information, and have a great day.:) Patrick.
> > >
> > So, the rules are that you can only hand out IPv6 DNS server addresses
> > via DHCPv6 and IPv4 nameserver addresses via DHCPv4. But, you probably
> > don't need to worry about this because a nameserver which is accessed
> > via IPv4 is just as able to resolve IPv6 addresses as one accessed by
> > IPv6. There's no such thing as an "IPv4 DNS server" that only knows
> > about IPv4 addresses, and an "IPv6 DNS server" which only knows about
> > IPv6 addresses. All DNS servers know about IPv4 (A-records) and IPv6
> > (AAAA-records). They may only accept queries via IPv4, or IPv6, but
> > that's irrelevant to the data they return.
> > So on a dual-stack system like yours, as long as the DNS system is
> > functional via IPv4, that's all that's needed to resolve IPv6 addresses.
> > My home system only uses nameservers which are accessible via IPv4
> > (that's all my ISP provides) but I can still do:
> > srk at beaglebone:~$ dig aaaa google.com
> > ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> aaaa google.com ;; global
> > options: +cmd ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36132 ;; flags: qr
> > rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> > ;; QUESTION SECTION:
> > ;google.com. IN AAAA
> > ;; ANSWER SECTION:
> > google.com. 81 IN AAAA 2a00:1450:4009:803::1002
> > ;; Query time: 24 msec
> > ;; SERVER: 192.168.0.1#53(192.168.0.1) ;; WHEN: Tue Oct 1 20:09:11
> > 2013 ;; MSG SIZE rcvd: 56
> > In other words, it's probably not a problem.
> > Cheers,
> > Simon.
> Hello Simon,
> Thanks for your quick response. Here's my issue, if you will. When I go to
> www.test-ipv6.com and run their tests, the last one fails, because if I ever
> shut off IPv4 on my network, I don't have IPv6 DNS Servers listed. Which is
> what I'm trying to accomplish here. I tried adding them to my router, but the
> IOS is old enough that it doesn't support propagating them to my computers.
> Since Amahi moved to dnsmasq from BIND, I want to add them to dnsmasq.
> Basically all of my computers in my LAN ask my Amahi Server for their DNS
> queries. It turns around and forwards them to OpenDNS for answers.
> What I'd like to do is include OpenDNS's IPv6 servers in the mix.
> If I'm understanding your responses correctly, for my specific case (where
> the server running dnsmasq handles all queries for my LAN), I either need to
> add the OpenDNS IPv6 addresses to my /etc/resolv.conf file, or include
> server=IPv6-address at the end of my /etc/dnsmasq.conf file (they can be
> anywhere, but at the end is probably where I'd put them).
> Thanks again for the quick response. Have a great day.:) Patrick.
> P.S. I should add that while I don't intend on shutting off IPv4 on my
> computers, I do want to cover my bases in case my ISP decides to do it.
> Plus it's future proofing my setup.
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
More information about the Dnsmasq-discuss