You are not logged in.

#1 2021-11-09 04:42:33

basie
Member
Registered: 2017-09-28
Posts: 12

[SOLVED] IPv6 DNS resolution

I've been playing with ipv6 (as a client, nothing especially fancy... or so I thought) and I'm a little puzzled as to why I can't get DNS resolution working. Perhaps someone can give me a pointer on where to look next?

It's entirely possible I've completely misunderstood the way DHCPv6 is supposed to work, of course, but it seems like everything is working except domain resolution.

Using:
- systemd-networkd
- systemd-resolved
- iwd

I did also try iwd's built-in network config, but had no joy there either so enabled systemd-networkd.

Current state:

dig -4 works, but dig -6 doesn't. ping -4 works, ping with no option does not. Browsing doesn't work until after a manual dhcpcd (output below).

Configs:

resolv.conf is in stub mode, and the contents (via the symlink) are:

nameserver 127.0.0.53
options edns0 trust-ad
search .

Nothing in networkd.conf. In /etc/systemd/network/wifi.network:

[Match]
Name=wlan0

[Network]
DHCP=ipv6
IPv6PrivacyExtensions=true

In /etc/systemd/resolved.conf:

[Resolve]
DNSSEC=allow-downgrade

In /etc/iwd/main.conf:

[Network]
EnableIPv6=true
NameResolvingService=systemd

Findings:

λ ip -6 route
::1 dev lo proto kernel metric 256 pref medium
2407:7000:81f3:7a00::/64 dev wlan0 proto ra metric 1024 expires 1295625sec pref medium
2407:7000:81f3:7a00::/56 via fe80::360a:33ff:feb9:193 dev wlan0 proto ra metric 1024 expires 1295625sec pref high
fe80::/64 dev wlan0 proto kernel metric 256 pref medium
default via fe80::360a:33ff:feb9:193 dev wlan0 proto ra metric 1024 expires 1425sec pref low
[iwd]# station wlan0 show
                                 Station: wlan0
--------------------------------------------------------------------------------
  Settable  Property            Value
--------------------------------------------------------------------------------
            Scanning            no
            State               connected
            Connected network   LANHolmFast
            IPv6 address        2407:7000:81f3:7a00:91c2:2e14:70a4:e0a
            IPv6 address        2407:7000:81f3:7a00:ad2:3eff:fe23:b93c
            IPv6 address        2407:7000:81f3:7a00:840b:735f:d3f9:6cee
            ConnectedBss        34:0a:33:b9:01:98
            Frequency           5745
            Security            WPA2-Personal
            RSSI                -56                  dBm
            AverageRSSI         -55                  dBm
            RxMode              802.11ax
            RxMCS               8
            TxMode              802.11ax
            TxMCS               5
            TxBitrate           576400               Kbit/s
            RxBitrate           864800               Kbit/s
λ systemctl status systemd-networkd
● systemd-networkd.service - Network Configuration
     Loaded: loaded (/usr/lib/systemd/system/systemd-networkd.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2021-11-09 16:17:33 NZDT; 16s ago
TriggeredBy: ● systemd-networkd.socket
       Docs: man:systemd-networkd.service(8)
   Main PID: 12441 (systemd-network)
     Status: "Processing requests..."
      Tasks: 1 (limit: 47424)
     Memory: 1.4M
        CPU: 76ms
     CGroup: /system.slice/systemd-networkd.service
             └─12441 /usr/lib/systemd/systemd-networkd

Nov 09 16:17:33 fitzgerald systemd-networkd[12441]: Enumeration completed
Nov 09 16:17:33 fitzgerald systemd[1]: Started Network Configuration.
Nov 09 16:17:33 fitzgerald systemd-networkd[12441]: wlan0: Connected WiFi access point: LANHolmFast (34:0a:33:b9:01:98)
Nov 09 16:17:38 fitzgerald systemd-networkd[12441]: wlan0: Link DOWN
Nov 09 16:17:38 fitzgerald systemd-networkd[12441]: wlan0: Lost carrier
Nov 09 16:17:38 fitzgerald systemd-networkd[12441]: wlan0: DHCPv6 lease lost
Nov 09 16:17:40 fitzgerald systemd-networkd[12441]: wlan0: Link UP
Nov 09 16:17:42 fitzgerald systemd-networkd[12441]: wlan0: Connected WiFi access point: LANHolmFast (34:0a:33:b9:01:98)
Nov 09 16:17:42 fitzgerald systemd-networkd[12441]: wlan0: Gained carrier
Nov 09 16:17:43 fitzgerald systemd-networkd[12441]: wlan0: Gained IPv6LL
λ systemctl status systemd-resolved
● systemd-resolved.service - Network Name Resolution
     Loaded: loaded (/usr/lib/systemd/system/systemd-resolved.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2021-11-09 16:17:28 NZDT; 1min 4s ago
       Docs: man:systemd-resolved.service(8)
             man:org.freedesktop.resolve1(5)
             https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
             https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients
   Main PID: 12360 (systemd-resolve)
     Status: "Processing requests..."
      Tasks: 1 (limit: 47424)
     Memory: 2.4M
        CPU: 126ms
     CGroup: /system.slice/systemd-resolved.service
             └─12360 /usr/lib/systemd/systemd-resolved

Nov 09 16:17:28 fitzgerald systemd[1]: Starting Network Name Resolution...
Nov 09 16:17:28 fitzgerald systemd-resolved[12360]: Positive Trust Anchors:
Nov 09 16:17:28 fitzgerald systemd-resolved[12360]: . IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
Nov 09 16:17:28 fitzgerald systemd-resolved[12360]: Negative trust anchors: home.arpa 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-addr.arpa 26.172.in-addr.a>
Nov 09 16:17:28 fitzgerald systemd-resolved[12360]: Using system hostname 'fitzgerald'.
Nov 09 16:17:28 fitzgerald systemd[1]: Started Network Name Resolution.
Nov 09 16:17:29 fitzgerald systemd-resolved[12360]: Switching to fallback DNS server 1.1.1.1.
Nov 09 16:17:33 fitzgerald systemd-resolved[12360]: wlan0: Failed to read DNSSEC negative trust anchors for the interface, ignoring: No data available
λ systemctl status iwd
● iwd.service - Wireless service
     Loaded: loaded (/usr/lib/systemd/system/iwd.service; enabled; vendor preset: disabled)
     Active: active (running) since Tue 2021-11-09 16:17:39 NZDT; 1min 37s ago
   Main PID: 12537 (iwd)
      Tasks: 1 (limit: 47424)
     Memory: 488.0K
        CPU: 50ms
     CGroup: /system.slice/iwd.service
             └─12537 /usr/lib/iwd/iwd

Nov 09 16:17:39 fitzgerald iwd[12537]:                 HT RX MCS indexes:
Nov 09 16:17:39 fitzgerald iwd[12537]:                         0-15
Nov 09 16:17:39 fitzgerald iwd[12537]:                 VHT Capabilities:
Nov 09 16:17:39 fitzgerald iwd[12537]:                         160 Mhz operation
Nov 09 16:17:39 fitzgerald iwd[12537]:                         Short GI for 80Mhz
Nov 09 16:17:39 fitzgerald iwd[12537]:                         Short GI for 160 and 80 + 80 Mhz
Nov 09 16:17:39 fitzgerald iwd[12537]:                         Max RX MCS: 0-9 for NSS: 2
Nov 09 16:17:39 fitzgerald iwd[12537]:                         Max TX MCS: 0-9 for NSS: 2
Nov 09 16:17:39 fitzgerald iwd[12537]:         Ciphers: CCMP TKIP BIP
Nov 09 16:17:39 fitzgerald iwd[12537]:         Supported iftypes: ad-hoc station ap p2p-client p2p-go p2p-device
λ resolvectl status
Global
           Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=allow-downgrade/supported
    resolv.conf mode: stub
  Current DNS Server: 2001:4860:4860::8888
Fallback DNS Servers: 1.1.1.1 9.9.9.10 8.8.8.8 2606:4700:4700::1111 2620:fe::10 2001:4860:4860::8888

<< snip a bunch of docker interfaces >>

Link 13 (wlan0)
Current Scopes: LLMNR/IPv6
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=allow-downgrade/supported
λ ip -6 route
::1 dev lo proto kernel metric 256 pref medium
2407:7000:81f3:7a00::/64 dev wlan0 proto ra metric 1024 expires 1295790sec pref medium
2407:7000:81f3:7a00::/56 via fe80::360a:33ff:feb9:193 dev wlan0 proto ra metric 1024 expires 1295790sec pref high
fe80::/64 dev wlan0 proto kernel metric 256 pref medium
default via fe80::360a:33ff:feb9:193 dev wlan0 proto ra metric 1024 expires 1590sec pref low
λ dig -6 archlinux.org

; <<>> DiG 9.16.22 <<>> -6 archlinux.org
;; global options: +cmd
;; connection timed out; no servers could be reached

λ dig -4 archlinux.org

; <<>> DiG 9.16.22 <<>> -4 archlinux.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42878
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;archlinux.org.			IN	A

;; ANSWER SECTION:
archlinux.org.		20988	IN	A	95.217.163.246

;; Query time: 149 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Tue Nov 09 16:22:23 NZDT 2021
;; MSG SIZE  rcvd: 58
λ sudo dhcpcd
[sudo] password for basie:
dhcpcd-9.4.0 starting
dev: loaded udev
dhcp6_openudp: Address already in use
ps_inet_startcb: dhcp6_open: Address already in use
DUID 00:04:52:2d:ec:91:c6:0a:fb:4f:85:a4:04:9d:22:16:48:04
wlan0: connected to Access Point: LANHolmFast
wlan0: IAID 3e:23:b9:3c
wlan0: soliciting an IPv6 router
wlan0: Router Advertisement from fe80::360a:33ff:feb9:193
wlan0: adding address 2407:7000:81f3:7a00:b4b8:696d:7855:a8bb/64
wlan0: adding route to 2407:7000:81f3:7a00::/64
wlan0: adding default route via fe80::360a:33ff:feb9:193
wlan0: requesting DHCPv6 information
wlan0: rebinding lease of 192.168.0.194
wlan0: NAK: from 192.168.0.1
wlan0: soliciting a DHCP lease
wlan0: offered 192.168.0.194 from 192.168.0.1
wlan0: probing address 192.168.0.194/24
wlan0: leased 192.168.0.194 for 86400 seconds
wlan0: adding route to 192.168.0.0/24
wlan0: adding default route via 192.168.0.1
forked to background, child pid 5420


λ sudo dhcpcd -6
dhcpcd-9.4.0 starting
dev: loaded udev
dhcp6_openudp: Address already in use
ps_inet_startcb: dhcp6_open: Address already in use
DUID 00:04:52:2d:ec:91:c6:0a:fb:4f:85:a4:04:9d:22:16:48:04
wlan0: connected to Access Point: LANHolmFast
wlan0: IAID 3e:23:b9:3c
wlan0: soliciting an IPv6 router
wlan0: Router Advertisement from fe80::360a:33ff:feb9:193
wlan0: adding address 2407:7000:81f3:7a00:b4b8:696d:7855:a8bb/64
wlan0: adding route to 2407:7000:81f3:7a00::/64
wlan0: adding default route via fe80::360a:33ff:feb9:193
wlan0: requesting DHCPv6 information
wlan0: failed to request DHCPv6 information
forked to background, child pid 6674
timed out

Last edited by basie (2021-11-09 19:07:14)

Offline

#2 2021-11-09 04:57:38

progandy
Member
Registered: 2012-05-17
Posts: 4,638

Re: [SOLVED] IPv6 DNS resolution

Your resolv.conf only tells programs the IPv4 address of your local dns resolver, so you can only connect to it over IPv4. That doesn't matter, the server returns ipv4 and ipv4 addresses.


You have to also tell systemd-networkd to also ask for an IPv4 address DHCP=yes, that should replace the need for manual dhcpcd.


| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |

Offline

#3 2021-11-09 05:07:06

basie
Member
Registered: 2017-09-28
Posts: 12

Re: [SOLVED] IPv6 DNS resolution

I may have gotten that wrong, I thought that was taken care of with:

# /etc/systemd/network/wifi.network
[Match]
Name=wlan0

[Network]
DHCP=ipv6
IPv6PrivacyExtensions=true

Offline

#4 2021-11-09 05:12:01

progandy
Member
Registered: 2012-05-17
Posts: 4,638

Re: [SOLVED] IPv6 DNS resolution

You have "DHCP=ipv6", which tells systemd-networkd to only ask for an IPv6 address not IPv4.


| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |

Offline

#5 2021-11-09 05:19:23

basie
Member
Registered: 2017-09-28
Posts: 12

Re: [SOLVED] IPv6 DNS resolution

It does work significantly better when I change it to `true`, that's for sure. `ping` starts working correctly, even `ping -6` works. But curiously `dig -6` does not.

Offline

#6 2021-11-09 13:44:48

progandy
Member
Registered: 2012-05-17
Posts: 4,638

Re: [SOLVED] IPv6 DNS resolution

basie wrote:

But curiously `dig -6` does not.

That is completely normal. All DNS servers you receive over DHCP (IPv4 and IPv6 servers) will be added to systemd-resolved, which in turn listens on 127.0.0.53 (IPv4) only. Applications like dig only know about the IPv4 address 127.0.0.53 that is in /etc/resolv.conf. There is no IPv6 address they can talk to, so "dig -6" fails, which is completely normal and of no concern. systemd-resolved will then take the query and forward it to one of the servers it knows about, sometimes the IPv4 one and sometimes the IPv6 one. The DNS results should be the same regardless of the IP used.

To specifically look for IPv4 addresses use "dig example.com A", for IPv6 use "dig example.com AAAA".

Last edited by progandy (2021-11-09 13:46:40)


| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |

Offline

#7 2021-11-09 19:03:02

basie
Member
Registered: 2017-09-28
Posts: 12

Re: [SOLVED] IPv6 DNS resolution

I'm learning a lot, thanks and marking this SOLVED! I discovered that if you really want to make `dig -6` work, you can tell resolved to also use an IPv6 address in stub mode with:

# /etc/systemd/resolved.conf
DNSStubListenerExtra=[::1]:53

https://github.com/systemd/systemd/issu … -713871459 but as you say, completely unnecessary for normal operation.

Offline

Board footer

Powered by FluxBB