OpenWrt/LEDE Project

  • Status Closed
  • Percent Complete
    100%
  • Task Type Bug Report
  • Category Base system
  • Assigned To
    Hans Dedecker
  • Operating System All
  • Severity Medium
  • Priority Very Low
  • Reported Version lede-17.01
  • Due in Version Undecided
  • Due Date Undecided
  • Private
Attached to Project: OpenWrt/LEDE Project
Opened by Peter Marheine - 17.03.2017
Last edited by Hans Dedecker - 30.03.2017

FS#635 - IPv6 RA provides broken DNS

In the default IPv6 configuration, the RDNSS advertised has a link-local address. This address appears to be a valid address for the router, but DNS requests to it receive no responses with the result that IPv6-only DNS is broken.

On a Linux machine where I’ve done no special IPv6 configuration, autoconfiguration successfully assigns an address and I can reach public addresses via IPv6. My automatically generated resolv.conf looks like this:

nameserver 192.168.127.1
nameserver fe80::32b5:c2ff:fe09:6202%eth0

where the first entry matches configuration acquired via DHCP, and the second is a link-local address acquired from autoconfiguration. rdisc6 reports the same:

$ rdisc6 eth0
Soliciting ff02::2 (ff02::2) on eth0...

...

 Recursive DNS server     : fe80::32b5:c2ff:fe09:6202
  DNS server lifetime     :        18000 (0x00004650) seconds
 from fe80::32b5:c2ff:fe09:6202

Manually querying the provided DNS server fails:

$ dig @fe80::32b5:c2ff:fe09:6202%eth0 google.com

; <<>> DiG 9.11.0-P3 <<>> @fe80::32b5:c2ff:fe09:6202%eth0 google.com
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

but because this system prefers to do DNS over IPv4 I don’t normally notice. Android devices however appear to prefer to do DNS over IPv6, so all requests from those attempt and fail to reach the IPv6 DNS server then fall back to IPv4, meaning every lookup takes about 10 seconds.


I’ve worked around the problem by manually advertising the router’s address on the configured global ULA prefix as a DNS server instead, though it feels like a bit of a hack.

/etc/config/network:

config globals 'globals'
        option ula_prefix 'fd1d:1efd:22ed::/48'

/etc/config/dhcp:

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option ra 'server'
        option dhcpv6 'server'
        option ra_management '1'
        list dns 'fd1d:1efd:22ed::1'

Current software version is 17.01.0 r3205-59508e3 running on a TP-Link Archer C7 v2.


Closed by  Hans Dedecker
30.03.2017 13:17
Reason for closing:  Fixed
Project Manager
Hans Dedecker commented on 30.03.2017 13:17

IPv6 DNS address selection has been reworked as follows :
*First consider all global/ULA IPv6 address having a valid lifetime
*Next give preference to global/ULA IPv6 addresses being not deprecated
*Give preference to ULA IPv6 addresses over IPv6 global addresses
*Give preference to the IPv6 address with the longest preferred lifetime in
its selected category (ULA or global)
*Finally if no global/ULA IPv6 address is present use the IPv6 link local address

Eric Luehrsen commented on 30.03.2017 21:27

This is suitable for solving  FS#399  also (3d9f4067d56660a2c75ab2ce9b801ae1a4ff4cde)

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing