System not using IPv6 DNS servers provided by RDNSS

t_wrex · 2020-03-27 13:41:27

I am using systemd-resolve to manage DNS server settings. I have made the "recommended" symlink of resolv.conf to the stub-resolv.conf file, as noted in the wiki for systemd-resolved. I have enabled RDNSS options in the router advertisements on the network's firewall, and other devices are able to use the advertised v6 DNS server with no problem. The Arch system looks like it is receiving the advertisement properly, as shown by the file /run/systemd/resolve/resolv.conf:

# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients directly to
# all known uplink DNS servers. This file lists all configured search domains.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 192.168.222.2
nameserver 2603:xxxx:xxxx:xxxx::b18a:e63e:a854:a3ed

But when I do a packet trace on the network interface, all of the Arch system's DNS traffic is being done to the IPv4 DNS address. I never see any queries to the 2603: address. I know that the system has routable access to the v6 DNS server, since I can successfully look up queries by running "nslookup google.com 2603:xxx:xxxx:xxxx::b18a:e63e:a854:a3ed". But all DNS lookups from all applications appear to be only using IPv4 (web browsers, Thunderbird mail client, ping commands, pacman operations, etc.)

So what's going on here? Is there something that needs to be done to have the v6 server queried first?

Lone_Wolf · 2020-03-27 14:43:36

Default behaviour for applications is to use the first server in resolve.conf and only switch to the second if the first is down.

My /etc/resolv.conf looks similar

# Generated by resolvconf
domain fritz.box
nameserver 192.168.178.1
nameserver fd00::de39:6fff:fe1b:27c

The ipv4 and address ipv6 addresses belong to the same fritzbox 7590 and It is setup to use DNSSEC over an IPv6 dns server as first choice.
As far as I know for my system only the local part of dns queries goes over ipv4 and outside of my local lan dns goes over ipv6 / DNSSEC i'm ok with that.

I don't know enough about dhcpv4 / dhcpv6 and linux resolv.conf details, but some possible approaches come to mind :

- configure the router to put the ipv6 server first
On the fritzbox I can change dnsv6 server order, but there doesn't appear to be a way to do that for dnsv4 .
The only option would be to disable the dhcpv4 server completely, your router may be more flexible .

- configure the local dhcp client to prefer the ipv6 dns
no clue how that could be done and whether that needs to be done differently for every client or whether there's a generic method.

ewaller · 2020-03-27 15:48:48

In case the information is of any use to you, I (slightly) abused my powers and peeked at your IP address; I can confirm that you connected here using IPv6.

t_wrex · 2020-03-28 08:05:17

Lone_Wolf wrote:

Default behaviour for applications is to use the first server in resolve.conf and only switch to the second if the first is down.
My /etc/resolv.conf looks similar
# Generated by resolvconf
domain fritz.box
nameserver 192.168.178.1
nameserver fd00::de39:6fff:fe1b:27c
The ipv4 and address ipv6 addresses belong to the same fritzbox 7590 and It is setup to use DNSSEC over an IPv6 dns server as first choice.
As far as I know for my system only the local part of dns queries goes over ipv4 and outside of my local lan dns goes over ipv6 / DNSSEC i'm ok with that.
I don't know enough about dhcpv4 / dhcpv6 and linux resolv.conf details, but some possible approaches come to mind :
- configure the router to put the ipv6 server first
On the fritzbox I can change dnsv6 server order, but there doesn't appear to be a way to do that for dnsv4 .
The only option would be to disable the dhcpv4 server completely, your router may be more flexible .
- configure the local dhcp client to prefer the ipv6 dns
no clue how that could be done and whether that needs to be done differently for every client or whether there's a generic method.

Thanks. Yeah my router does not have a way to change the order, and I'm not really sure how you would from the router side.... the addresses are being served to clients via different protocols (DHCP for v4, ICMPv6 RA options for v6). It seems to me that when systemd-resolve creates the resolv.conf file, it should put the IPv6 addresses above the v4 ones, so that applications would use them. As it stands, no programs are using IPv6 DNS because of this. I'll do some more digging, but I presume there isn't a way to change the ordering used by systemd-resolve.

t_wrex · 2020-03-28 08:10:07

ewaller wrote:

In case the information is of any use to you, I (slightly) abused my powers and peeked at your IP address; I can confirm that you connected here using IPv6.

IPv6 general connectivity is fine. It is the fact that the system is not using IPv6 for DNS queries, even though it is accepting the RDNSS server address. Systemd-resolve is writing the resolv.conf file by putting the v4 address at the top, and as a result all apps are using it exclusively for queries.

Arch Linux

#1 2020-03-27 13:41:27

System not using IPv6 DNS servers provided by RDNSS

#2 2020-03-27 14:43:36

Re: System not using IPv6 DNS servers provided by RDNSS

#3 2020-03-27 15:48:48

Re: System not using IPv6 DNS servers provided by RDNSS

#4 2020-03-28 08:05:17

Re: System not using IPv6 DNS servers provided by RDNSS

#5 2020-03-28 08:10:07

Re: System not using IPv6 DNS servers provided by RDNSS

Board footer