On Thu, Dec 17, 2020 at 12:27:00AM -0800, Jordan Geoghegan wrote:
>
>
> On 12/16/20 11:19 PM, Otto Moerbeek wrote:
> > On Wed, Dec 16, 2020 at 02:37:19PM -0800, Jordan Geoghegan wrote:
> >
> > > Hi folks,
> > >
> > > I've found some surprising behaviour in the 'dig' utility. I've noticed
> > > that
> > > dig doesn't seem to support link local IPv6 addresses. I've got unbound
> > > listening on a link local IPv6 address on my router and all queries seem
> > > to
> > > be working. I'm advertising this DNS info with rad, and I confirmed with
> > > tcpdump that my devices such as iPhones, Macs, Windows, Linux desktops etc
> > > are all properly querying my unbound server over IPv6.
> > >
> > > dhclient doesn't seem to allow you to specify an IPv6 address in it's
> > > 'supersede' options, so I manually edited my OpenBSD desktops resolv.conf
> > > to specify the IPv6 unbound server first. Again, I confirmed with tcpdump
> > > that my desktop was properly querying the unbound server over IPv6 (ie
> > > Firefox, ping, ssh etc all resolved domains using this server).
> > >
> > > I used 'dig' to make a query, and I noticed it was ignoring my link local
> > > IPv6 nameserver in my resolv.conf. I'll save you guys the long form Ted
> > > talk
> > > here and just make my point:
> > >
> > > $ cat resolv.conf
> > > nameserver fe80::f29f:c2ff:fe17:b8b2%em0
> > > nameserver 2606:4700:4700::1111
> > > lookup file bind
> > > family inet6 inet4
> > >
> > > $ dig google.ca
> > > [snip]
> > > ;; Query time: 12 msec
> > > ;; SERVER: 2606:4700:4700::1111#53(2606:4700:4700::1111)
> > > [snip]
> > >
> > > There's a bit of a delay as it waits for a time out, and then it falls
> > > back
> > > to the cloudflare IPv6 server.
> > >
> > > I tried specifying the server with '@' as well as specifying source
> > > IP/interface with '-I' to no avail. It seems dig really doesn't like the
> > > 'fe80::%em0' notation, as '@' and '-I' worked fine when used without a
> > > link-local address.
> > >
> > > Is this a bug or a feature? Am I just doing something stupid? Any insight
> > > would be appreciated.
> > I think it is a bug and I can reproduce. Will invesigate deeper later.
> >
> > -Otto
> >
>
> Hi Otto,
>
> Thanks for looking into this! I took Bodie's advice and tested nslookup and
> host, and they both seem to have the same behaviour as dig.
>
> Regards,
>
> Jordan
>
That is no big surprise, as they are essentially the same program
with a different user interface, all built from the same source.
-Otto
