[Dnsmasq-discuss] localise-queries on ipv6 server does not work with ipv4-only hosts

[Dominik DL6ER]

Hey,

On Fri, 2021-07-16 at 02:22 +0200, fda at gmx.de wrote:
> If i ask dnsmasq BY ipv6, ALL A recorrd are returned (there is no AAAA)

man dnsmasq explicitly says:

> localise-queries
>     Return answers to DNS queries from /etc/hosts and --interface-name
> and --dynamic-host which depend on the interface over which the query
> was received. If a name has more than one address associated with it,
> and at least one of those addresses is on the same subnet as the
> interface to which the query was sent, then return only the address(es)
> on that subnet. This allows for a server to have multiple addresses in
> /etc/hosts corresponding to each of its interfaces, and hosts will get
> the correct address based on which network they are attached to.
> Currently this facility is limited to IPv4. 

Emphasis on

> Currently this facility is limited to IPv4. 

This is not a bug but actually rather expected behavior. The IPv6
address of the arriving query does not match the subnet of any of the
two A records you defined. Hence, dnsmasq is unable to determine what
is the best fit and returns all known A records. This lets the client
chose the one it can reach and seems meaningful.

What you request would be adding an interface-dependent address lookup:
is there any suitable IPv4 address on the same interface. However,a few
things need to be clarified in this case: how to handle multiple IPv4
addresses on the same interface each of which having a valid record? It
is just not possible to localize queries in the same way when it is not
clear which IPv4 subnet the client is in.

My advice: There is no advantage in reaching a DNS server internally
over IPv6 in a dual-stack network. Ensure your clients query dnsmasq
over IPv4 and your problem is solved in both the simplest and also most
reliable way.

Best,
Dominik