[Dnsmasq-discuss] Bug while using address=//::

Petr Menšík pemensik at redhat.com
Thu Sep 30 12:23:11 UTC 2021


On 9/30/21 09:42, john doe wrote:
> On 9/30/2021 7:17 AM, Geert Stappers via Dnsmasq-discuss wrote:
>> On Wed, Sep 29, 2021 at 09:15:15PM -0700, E wrote:
>>>> IPv6 connectivity
>>>
>>> Why dnsmasq can't drop AAAA,
>>> when the server has no IPv6 connectivity at all?
>>> This doesn't make sense.
I have no connectivity but still would like to know, which servers have
public IPv6 addresses and which don't. Connectivity is not directly
related to type of queries forwarded.
>>
>> No sense to those would don't understand what DNS is.
>> (DNS is a key value database (which is distributed))
>>
>>
>>> Something like "no-ipv6" or "ipv4-only" switch
>>> would be really nice here...
>>
>> Nice is how people should behave.
>>
>> Computers and other tools are blunt, rude, straight down and such.
>>
>>
>> Please understand that querying an AAAA record
>> is the very same as querying an TXT, MX or A record.
>> It doesn't mather if the request travels
>> over IPv6 or IPv4.
>>
>
> A 'AAAA' record is for IPv6 and a 'A' record is for IPv4.

Understood. But filtering all records of single type is not usually
required and not helping. BIND has moved similar functionality to plugin
[1]. But they recommend in its own documentation it should not be used
*unless absolutely necessary*. Fetching AAAA records is not usually the
problem to solve, but some corner cases exists. Partial modification of
contents is not considered good practice by DNS community.

I think Geert tried to note I can request AAAA via IPv4 and it is safe.
Likewise I can request A record over IPv6 and there is no problem with
that. I would like to know why is fetching AAAA records bad on host
without IPv6 connectivity. Dominik already pointed to valid cases on
IPv6 connected host with limited IPv6 link.

Dnsmasq relies on forwarders configured explicitly or read from
/etc/resolv.conf. If there is no IPv6 address in resolv.conf, no IPv6
would be used. Isn't that enough?

Cheers,
Petr

1. https://manpages.debian.org/unstable/bind9/filter-aaaa.8.en.html

>
> -- 
> John Doe
>
-- 
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemensik at redhat.com
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB




More information about the Dnsmasq-discuss mailing list