[Dnsmasq-discuss] localise-queries on ipv6 server does not work with ipv4-only hosts
Dominik DL6ER
dl6er at dl6er.de
Fri Jul 16 08:53:36 UTC 2021
Hey,
On Fri, 2021-07-16 at 02:22 +0200, fda at gmx.de wrote:
> If i ask dnsmasq BY ipv6, ALL A recorrd are returned (there is no AAAA)
man dnsmasq explicitly says:
> localise-queries
> Return answers to DNS queries from /etc/hosts and --interface-name
> and --dynamic-host which depend on the interface over which the query
> was received. If a name has more than one address associated with it,
> and at least one of those addresses is on the same subnet as the
> interface to which the query was sent, then return only the address(es)
> on that subnet. This allows for a server to have multiple addresses in
> /etc/hosts corresponding to each of its interfaces, and hosts will get
> the correct address based on which network they are attached to.
> Currently this facility is limited to IPv4.
Emphasis on
> Currently this facility is limited to IPv4.
This is not a bug but actually rather expected behavior. The IPv6
address of the arriving query does not match the subnet of any of the
two A records you defined. Hence, dnsmasq is unable to determine what
is the best fit and returns all known A records. This lets the client
chose the one it can reach and seems meaningful.
What you request would be adding an interface-dependent address lookup:
is there any suitable IPv4 address on the same interface. However,a few
things need to be clarified in this case: how to handle multiple IPv4
addresses on the same interface each of which having a valid record? It
is just not possible to localize queries in the same way when it is not
clear which IPv4 subnet the client is in.
My advice: There is no advantage in reaching a DNS server internally
over IPv6 in a dual-stack network. Ensure your clients query dnsmasq
over IPv4 and your problem is solved in both the simplest and also most
reliable way.
Best,
Dominik
More information about the Dnsmasq-discuss
mailing list