ipv6 test AAAA DNS queries not resolving
-
Hi,
Running Unbound recursively, however
aaaa.v6ns.test-ipv6.comwont resolve, for example:[2.7.2-RELEASE][admin@pfSense.lan]/root: dig -6 aaaa aaaa.v6ns.test-ipv6.com ; <<>> DiG 9.18.19 <<>> -6 aaaa aaaa.v6ns.test-ipv6.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 22328 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;aaaa.v6ns.test-ipv6.com. IN AAAA ;; Query time: 0 msec ;; SERVER: ::1#53(::1) (UDP) ;; WHEN: Mon Dec 25 02:26:42 UTC 2023 ;; MSG SIZE rcvd: 52Yet using Google's DNS it will.
[2.7.2-RELEASE][admin@pfSense.lan]/root: dig -6 aaaa aaaa.v6ns.test-ipv6.com @2001:4860:4860::8888 ; <<>> DiG 9.18.19 <<>> -6 aaaa aaaa.v6ns.test-ipv6.com @2001:4860:4860::8888 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 358 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;aaaa.v6ns.test-ipv6.com. IN AAAA ;; ANSWER SECTION: aaaa.v6ns.test-ipv6.com. 300 IN AAAA 2001:470:1:18::115 ;; Query time: 73 msec ;; SERVER: 2001:4860:4860::8888#53(2001:4860:4860::8888) (UDP) ;; WHEN: Mon Dec 25 02:26:40 UTC 2023 ;; MSG SIZE rcvd: 80Any tips on where to begin chasing this down?
Oddly the AAAA record is buried in a trace:
[2.7.2-RELEASE][admin@pfSense.lan]/root: dig -6 aaaa aaaa.v6ns.test-ipv6.com +trace | grep AAAA aaaa.v6ns.test-ipv6.com. 300 IN AAAA 2001:470:1:18::115 -
@chill_out said in ipv6 test AAAA DNS queries not resolving:
aaaa.v6ns.test-ipv6.com
dig you do a trace.. I show its now working and sends back SOA...
aaaa.v6ns.test-ipv6.com. 300 IN NS v6ns.test-ipv6.com. aaaa.v6ns.test-ipv6.com. 300 IN NS v6ns1.test-ipv6.com. couldn't get address for 'v6ns.test-ipv6.com': failure ;; Received 210 bytes from 2a00:dd80:3c::898#53(ns3.test-ipv6.com) in 103 ms v6ns.test-ipv6.com. 300 IN SOA v6ns1.test-ipv6.com. jfesler\@test-ipv6.com. 20200614 86400 7200 604800 172800 ;; Received 156 bytes from 2001:470:1:18::3:53#53(v6ns1.test-ipv6.com) in 71 msWhere did you find that FQDN? And what it suppose to only resolve via IPv6?
-
@johnpoz yes it's only supposed to resolve if one is using ipv6 (it comes from a test site of the same name).
So dig can resolve it, but unbound cannot.
-
@chill_out that is odd, since as you see from snip of my trace I was talking to the ns via IPv6..
-
@johnpoz interesting, your extract was from the unbound logs?
-
@chill_out that was from a trace with dig..
So tried it again, and while still having an issue to that v6ns, I do get answer from the v6ns1
Here trace on pfsense.
[23.09.1-RELEASE][admin@sg4860.home.arpa]/: dig -6 aaaa.v6ns.test-ipv6.com AAAA +trace ; <<>> DiG 9.18.16 <<>> -6 aaaa.v6ns.test-ipv6.com AAAA +trace ;; global options: +cmd . 86340 IN NS m.root-servers.net. . 86340 IN NS f.root-servers.net. . 86340 IN NS h.root-servers.net. . 86340 IN NS g.root-servers.net. . 86340 IN NS c.root-servers.net. . 86340 IN NS j.root-servers.net. . 86340 IN NS a.root-servers.net. . 86340 IN NS k.root-servers.net. . 86340 IN NS i.root-servers.net. . 86340 IN NS l.root-servers.net. . 86340 IN NS b.root-servers.net. . 86340 IN NS d.root-servers.net. . 86340 IN NS e.root-servers.net. . 86340 IN RRSIG NS 8 0 518400 20240108170000 20231226160000 46780 . rBc0dPAiLU3UJN/aFWQF30h6HAxcfaQVw2EQmd5+mLsRWFSNGzPTKs4C iGchL5Q9WI0xkYGcjx2BtoMbaJXiaGio8IgOKib/naqoprA2CmSaurkH mUcGl5lOR2cbyLvdMn3Xd7FI0lkEcT1xmCYGKvmnkWUintePJJnE1pJj uskQdgwyArCTlmuKAlH8Cjfh7eIu3/rWTLutxHqdn3fTpX4x9WoQOA7e UgzR7Mn7Nux1EuWgEvDE5wPBPPYWUcUfrRtTVi5IyXzag+L35Q2TrknO AHyhiJ33/UpygNfMYdiTutHhlUP4DcpzVUHPFWVuwnz8at6nfKFnwS0m 69pcgA== couldn't get address for 'l.root-servers.net': not found ;; Received 525 bytes from ::1#53(::1) in 0 ms com. 172800 IN NS a.gtld-servers.net. com. 172800 IN NS b.gtld-servers.net. com. 172800 IN NS c.gtld-servers.net. com. 172800 IN NS d.gtld-servers.net. com. 172800 IN NS e.gtld-servers.net. com. 172800 IN NS f.gtld-servers.net. com. 172800 IN NS g.gtld-servers.net. com. 172800 IN NS h.gtld-servers.net. com. 172800 IN NS i.gtld-servers.net. com. 172800 IN NS j.gtld-servers.net. com. 172800 IN NS k.gtld-servers.net. com. 172800 IN NS l.gtld-servers.net. com. 172800 IN NS m.gtld-servers.net. com. 86400 IN DS 19718 13 2 8ACBB0CD28F41250A80A491389424D341522D946B0DA0C0291F2D3D7 71D7805A com. 86400 IN RRSIG DS 8 1 86400 20240108170000 20231226160000 46780 . O9wfB2aYbpDc6ZDemRDwRlfO9mbDUbG2EDYLZ4ezLjAYVnj6y1uDJT9i 9hozE/ciaY3kYGdDQVQbzeNb/TyyZVpajL/ju4B/EfSekHCrH1ULpKT2 Wl3mZThYW4WbLGuFIhv3WBU4ZHm/RzUPIbh9yJEOK2i5H99t7HgklPoQ mba3bvSOncDeWD8VcmXucr1ZaxzErHONxk5t88TBwz63Xznu5pX7MpGC iB6Gz5/lWu6k6fpFfCHSJjlTOG2Agpjij0duPs4KmA1h2Uxe8qnHe9PC /UHGMpMYUMnep9ktC2uVGjEDNnaUrkT17B8loFpIpoY1rYT+JBu9mUpD iYBJJg== ;; Received 1183 bytes from 2801:1b8:10::b#53(b.root-servers.net) in 101 ms test-ipv6.com. 172800 IN NS ns1.test-ipv6.com. test-ipv6.com. 172800 IN NS ns3.test-ipv6.com. CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q2D6NI4I7EQH8NA30NS61O48UL8G5 NS SOA RRSIG DNSKEY NSEC3PARAM CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 13 2 86400 20240101052609 20231225041609 46171 com. szNQwwMmA2dHL1TDz7A/9vScomqNiEhUSBw2TAovHQVMKkVwg3qXkXfG qUX0oLbe4MP3UE1v6cstVpBNmKjO+g== ERPS5KLB395KB2467L2UDQ1BFNI0FOG4.com. 86400 IN NSEC3 1 1 0 - ERPS808LVB5J6C45C9K3V9L4PKOV156G NS DS RRSIG ERPS5KLB395KB2467L2UDQ1BFNI0FOG4.com. 86400 IN RRSIG NSEC3 13 2 86400 20231230064608 20231223053608 46171 com. 1HBXtCixq+b3Qj/LhJXuIuN+daTSof3fH/HctUGCHcJrwyqd+l4qxrQe oP59EZSAzZ0rH3AGmktms5n2CkB7mA== ;; Received 505 bytes from 2001:502:8cc::30#53(h.gtld-servers.net) in 28 ms aaaa.v6ns.test-ipv6.com. 300 IN NS v6ns.test-ipv6.com. aaaa.v6ns.test-ipv6.com. 300 IN NS v6ns1.test-ipv6.com. couldn't get address for 'v6ns.test-ipv6.com': not found ;; Received 210 bytes from 2001:470:1:18::118#53(ns1.test-ipv6.com) in 58 ms aaaa.v6ns.test-ipv6.com. 300 IN AAAA 2001:470:1:18::115 v6ns.test-ipv6.com. 300 IN NS v6ns1.test-ipv6.com. ;; Received 141 bytes from 2001:470:1:18::3:53#53(v6ns1.test-ipv6.com) in 57 ms [23.09.1-RELEASE][admin@sg4860.home.arpa]/:So if I trace it, you would think normal query would work.. But I just keep getting servfail..
AHHHH!!!! I found my problem.. Maybe yours is sim?? On my outgoing interfaces for unbound, I only had loopback, it was never talking anything via IPv6 when you asked it.. I added my HE tunnel interface as an outgoing interface.. And now I can resolve it
[23.09.1-RELEASE][admin@sg4860.home.arpa]/: dig -6 aaaa.v6ns.test-ipv6.com aaaa ; <<>> DiG 9.18.16 <<>> -6 aaaa.v6ns.test-ipv6.com aaaa ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38677 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;aaaa.v6ns.test-ipv6.com. IN AAAA ;; ANSWER SECTION: aaaa.v6ns.test-ipv6.com. 3600 IN AAAA 2001:470:1:18::115 ;; Query time: 321 msec ;; SERVER: ::1#53(::1) (UDP) ;; WHEN: Tue Dec 26 16:46:21 CST 2023 ;; MSG SIZE rcvd: 80 [23.09.1-RELEASE][admin@sg4860.home.arpa]/: -
@johnpoz yes, same issue! I changed outgoing interfaces to "all" and now it can resolve.
Thanks for the tip!
-
@chill_out Personally I normally just have it use loopback.. And I am back to that - I don't really need my dns going out my HE tunnel..And other than that test of theirs have no need of it.
-
O OffstageRoller referenced this topic on
