DNS Resolver starts rejecting requests over IPv6 after a couple of weeks
-
Re: https://forum.netgate.com/topic/196876
The problem in the above referenced post went away as soon as I restarted the resolver. It started happening again yesterday.
In summary, if the resolver receives a request from the LAN side, and the request arrives on the IPv6 interface, the request is rejected with
WARNING: recursion requested but not availableI just now restarted the resolver and the error went away.
Below is a log of a terminal session on a LAN host. In this case it was Cygwin on Windows 11 but I've seen the same behavior in Debian 12.
The first
digcommand was issued while lookups were failing. The seconddigabout 23 seconds later, after having restarted the resolver.Note, it's not the type of request (
AvsAAAAfor example), but the IP version interface over which pfSense receives the request. Windows defaults to using IPv6 if it's available.What logging should I be gathering in order to help Netgate troubleshoot the issue?
jim@HOME11 ~ $ dig sqlite.org ; <<>> DiG 9.11.9 <<>> sqlite.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 58298 ;; flags: qr rd ad; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; Query time: 0 msec ;; SERVER: 2601:1c0:5600:c367:eaff:1eff:fed2:b036#53(2601:1c0:5600:c367:eaff:1eff:fed2:b036) ;; WHEN: Mon Apr 14 15:09:54 PDT 2025 ;; MSG SIZE rcvd: 12 jim@HOME11 ~ $ dig sqlite.org ; <<>> DiG 9.11.9 <<>> sqlite.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48986 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1432 ;; QUESTION SECTION: ;sqlite.org. IN A ;; ANSWER SECTION: sqlite.org. 300 IN A 194.195.208.62 ;; Query time: 206 msec ;; SERVER: 2601:1c0:5600:c367:eaff:1eff:fed2:b036#53(2601:1c0:5600:c367:eaff:1eff:fed2:b036) ;; WHEN: Mon Apr 14 15:10:17 PDT 2025 ;; MSG SIZE rcvd: 55