Re: Potential dig bug?

Wed, 16 Dec 2020 20:40:25 -0800 



On 16.12.2020 23:56, Jordan Geoghegan wrote:

On 12/16/20 2:37 PM, Jordan Geoghegan wrote:

Hi folks,


I've found some surprising behaviour in the 'dig' utility. I've 
noticed that dig doesn't seem to support link local IPv6 addresses. 
I've got unbound listening on a link local IPv6 address on my router 
and all queries seem to be working. I'm advertising this DNS info with 
rad, and I confirmed with tcpdump that my devices such as iPhones, 
Macs, Windows, Linux desktops etc are all properly querying my unbound 
server over IPv6.



dhclient doesn't seem to allow you to specify an IPv6 address in it's 
'supersede'  options, so I manually edited my OpenBSD desktops 
resolv.conf to specify the IPv6 unbound server first. Again, I 
confirmed with tcpdump that my desktop was properly querying the 
unbound server over IPv6 (ie Firefox, ping, ssh etc all resolved 
domains using this server).



I used 'dig' to make a query, and I noticed it was ignoring my link 
local IPv6 nameserver in my resolv.conf. I'll save you guys the long 
form Ted talk here and just make my point:


$ cat resolv.conf
   nameserver fe80::f29f:c2ff:fe17:b8b2%em0
   nameserver 2606:4700:4700::1111
   lookup file bind
   family inet6 inet4

$ dig google.ca
   [snip]
   ;; Query time: 12 msec
   ;; SERVER: 2606:4700:4700::1111#53(2606:4700:4700::1111)
   [snip]


There's a bit of a delay as it waits for a time out, and then it falls 
back to the cloudflare IPv6 server.



I tried specifying the server with '@' as well as specifying source 
IP/interface with '-I' to no avail. It seems dig really doesn't like 
the 'fe80::%em0' notation, as  '@' and '-I' worked fine when used 
without a link-local address.



Is this a bug or a feature? Am I just doing something stupid? Any 
insight would be appreciated.


Regards,

Jordan


Sorry for the double mail, I hit send too early...

Woops, I failed to make the key point here:

I checked with tcpdump and confirmed that dig does not even attempt to
query the IPv6 link local DNS server, even though it reports a timeout
- ie dig sends no traffic over the wire destined to that address:

; <<>> dig 9.10.8-P1 <<>> @fe80::f29f:c2ff:fe17:b8b2%em0 google.ca
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

Regards,
Jordan



Quick idea for check..how other commands from base behave? nslookup and 
host namely
























					Reply via email to