[Dnsmasq-discuss] coping with ipv6 source routing and dns

Dave Taht dave.taht at gmail.com
Thu Jan 30 14:40:17 GMT 2014


On Thu, Jan 30, 2014 at 1:57 AM, Simon Kelley <simon at thekelleys.org.uk> wrote:
> On 29/01/14 19:22, Dave Taht wrote:
>>
>> I have been (mostly) happily fiddling with my new comcast ipv6 connection,
>> trying to route all dns queries over ipv6 in particular, by disabling
>> requesting the ipv4 dns addrs and relying on the dhcpv6 request to
>> succeed.
>>
>> config interface eth0
>>          option 'ifname' 'eth0'
>>          option 'proto'  'dhcp'
>>          option 'peerdns' '0'
>>
>> config interface wan6
>>          option ifname   @eth0
>>          option proto    dhcpv6
>>          option 'broadcast' '1'
>>          option 'metric' '2048'
>>
>> works. yea! no more nat holes for ipv4 dns.
>>
>> Problem is, I also have a hurricane electric tunnel. When I try to use
>> both, addresses from one get used on the other and dns forward
>> lookups fail.
>>
>> I think the right answer is to abandon resolv.conf.auto
>> and instead explicitly assign ipv6 source addrs in dnsmasq...
>>
>> server=2001:558:feed::1 at AAAA:comcast:assigned:ipv6:address
>> server=2001:558:feed::2 at AAAA:comcast.assigned:ipv6:address
>> server=2001:470:20::2 at my:hurricane:assigned:ipv6:address

To try to explain the reasoning for this better, the first two servers
refuse requests from an address range assigned the third. This is
probably because the first two are not open resolvers.

>>
>> yes? (I'll be trying this in a bit)
>>
>> One thing of possible useful note is that (yea!) we can just
>> select some arbitrary new ipv6 address within the assigned range,
>> add it to the local dnsmasq server box, and source dns lookups from
>> that, using up just that port space.
>>
>> then my own /etc/resolv.conf just points to localhost
>> for hm.armory.com,
>>
>> so I fix that with
>>
>> server=/hm.armory.com/172.26.3.1/
>> server=/wifi.armory.com/172.26.2.1/
>>
>> But this doesn't help in terms of reverse lookups (I think),
>> where I might or might not have my own delegated subdomain.
>>
>> from
>>
>> someoption=
>> comcast.assigned.ipv6.address.range/60 lookup via 2001:558:feed::1 or ::2
>> someoption=
>> he.assigned.ipv6.address.range/48 lookup via 2001:470:20::2
>>
>
> I'm not sure I follow all of this, but for reverse DNS  something like
> server=/<hex, lots of hex>.ip6.arpa/2001:558:feed::1
>
> Will work.

Syntactically having to have a tool to reverse the domain is a pita,
what I'd like is

reverse=#260x:x:y:z::/60#2001:558:feed::1#


>
>> ?
>>
>> and then there's splitting dns... where I might want nuc.hm.armory.com
>> AAAAs available to the outside universe. somehow.
>
>
> Have you looked at the dnsmasq auth stuff for this?

head, hurting.

>
>
> Simon.
>
>>
>> ?
>>
>>
>> My brain hurts.
>>
>>
>>
>>
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss



-- 
Dave Täht

Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html



More information about the Dnsmasq-discuss mailing list