[Dnsmasq-discuss] localise-queries on ipv6 server does not work with ipv4-only hosts

Geert Stappers stappers at stappers.nl
Fri Jul 16 09:37:08 UTC 2021

On Fri, Jul 16, 2021 at 08:53:36AM +0000, Dominik DL6ER wrote:
> Hey,
> On Fri, 2021-07-16 at 02:22 +0200, fda at gmx.de wrote:
> > If i ask dnsmasq BY ipv6, ALL A recorrd are returned (there is no AAAA)
> man dnsmasq explicitly says:
> > localise-queries
> >     Return answers to DNS queries from /etc/hosts and --interface-name
> > and --dynamic-host which depend on the interface over which the query
> > was received. If a name has more than one address associated with it,
> > and at least one of those addresses is on the same subnet as the
> > interface to which the query was sent, then return only the address(es)
> > on that subnet. This allows for a server to have multiple addresses in
> > /etc/hosts corresponding to each of its interfaces, and hosts will get
> > the correct address based on which network they are attached to.
> > Currently this facility is limited to IPv4. 
> Emphasis on
> > Currently this facility is limited to IPv4. 
> This is not a bug but actually rather expected behavior. The IPv6
> address of the arriving query does not match the subnet of any of the
> two A records you defined. Hence, dnsmasq is unable to determine what
> is the best fit and returns all known A records. This lets the client
> chose the one it can reach and seems meaningful.
> What you request would be adding an interface-dependent address lookup:
> is there any suitable IPv4 address on the same interface. However,a few
> things need to be clarified in this case: how to handle multiple IPv4
> addresses on the same interface each of which having a valid record? It
> is just not possible to localize queries in the same way when it is not
> clear which IPv4 subnet the client is in.
> My advice: There is no advantage in reaching a DNS server internally
> over IPv6 in a dual-stack network. Ensure your clients query dnsmasq
> over IPv4 and your problem is solved in both the simplest and also most
> reliable way.

My advice:
  See how (IPv4 or IPv6) and what (A versus AAAA)
  as totally different things.

Geert Stappers

@Original Poster: Feel welcome, feeling shy is also fine.
Silence is hard to parse

More information about the Dnsmasq-discuss mailing list