Option "Register connected OpenVPN clients in the DNS Resolver" does not create AAAA records



  • I have a number of OpenVPN clients connecting with dual stack addresses, and have the option "Register connected OpenVPN clients in the DNS Resolver" set however only A records are created and no AAAA records.

    $ host test-appliance-1.rt.ev6.net 2001:bd0:100:77::1
    Using domain server:
    Name: 2001:bd0:100:77::1
    Address: 2001:bd0:100:77::1#53
    Aliases:

    test-appliance-1.rt.ev6.net has address 127.1.0.3
    $ host -t AAAA test-appliance-1.rt.ev6.net 2001:bd0:100:77::1
    Using domain server:
    Name: 2001:bd0:100:77::1
    Address: 2001:bd0:100:77::1#53
    Aliases:

    test-appliance-1.rt.ev6.net has no AAAA record



  • Upon further investigation, it seems openvpn calls /usr/local/sbin/openvpn.learn-address.sh specifying the domain, ip, fqdn and an "update" command....
    OpenVPN calls this script twice - once for legacy ipv4, and again immediately afterwards for ipv6.

    The problem seems to be that this script explicitly tries to create A records irrespective of the value provided for $IP, which when coupled with the ipv6 address are then rejected by the /usr/local/sbin/unbound-checkconf command.

    Forcing it to create AAAA records reverses the problem, it now only creates ipv6 records. Given more time i'l look at creating a patch that checks for and creates both.


Log in to reply