On 12/16/20 11:19 PM, Otto Moerbeek wrote:
On Wed, Dec 16, 2020 at 02:37:19PM -0800, Jordan Geoghegan wrote:
Hi folks,
I've found some surprising behaviour in the 'dig' utility. I've noticed that
dig doesn't seem to support link local IPv6 addresses. I've got unbound
listening on a link local IPv6 address on my router and all queries seem to
be working. I'm advertising this DNS info with rad, and I confirmed with
tcpdump that my devices such as iPhones, Macs, Windows, Linux desktops etc
are all properly querying my unbound server over IPv6.
dhclient doesn't seem to allow you to specify an IPv6 address in it's
'supersede' options, so I manually edited my OpenBSD desktops resolv.conf
to specify the IPv6 unbound server first. Again, I confirmed with tcpdump
that my desktop was properly querying the unbound server over IPv6 (ie
Firefox, ping, ssh etc all resolved domains using this server).
I used 'dig' to make a query, and I noticed it was ignoring my link local
IPv6 nameserver in my resolv.conf. I'll save you guys the long form Ted talk
here and just make my point:
$ cat resolv.conf
nameserver fe80::f29f:c2ff:fe17:b8b2%em0
nameserver 2606:4700:4700::1111
lookup file bind
family inet6 inet4
$ dig google.ca
[snip]
;; Query time: 12 msec
;; SERVER: 2606:4700:4700::1111#53(2606:4700:4700::1111)
[snip]
There's a bit of a delay as it waits for a time out, and then it falls back
to the cloudflare IPv6 server.
I tried specifying the server with '@' as well as specifying source
IP/interface with '-I' to no avail. It seems dig really doesn't like the
'fe80::%em0' notation, as '@' and '-I' worked fine when used without a
link-local address.
Is this a bug or a feature? Am I just doing something stupid? Any insight
would be appreciated.
I think it is a bug and I can reproduce. Will invesigate deeper later.
-Otto
Hi Otto,
Thanks for looking into this! I took Bodie's advice and tested nslookup
and host, and they both seem to have the same behaviour as dig.
Regards,
Jordan
