Fallback to ipv6 (DNS AAAA) only if there is no ipv4 (DNS A)

patrikx3 · December 15, 2024, 4:55pm

Hello,

I am on 24.10 OpenWrt.
My issue is, that if i get an static ipv4, they are not providing ipv6 (if i disable static ip, i get ipv6 native).
So what i solved using 6in4 he.net tunnelbroker setup.
it is working, but right now it is always priority ipv6 so it is slow, as ipv6 ping is 10 times slower than ipv4 as it is not native.
i want tried these settings:

	option filter_aaaa '1' # Disables AAAA responses for LAN clients
	option filter_aaaa_sentinel '1' # Enables fallback to AAAA only when no A record exists
---	---

but it really still disable ipv6 dns query, though i can access with ipv6 address, but it is not i want to solve.

so do you know if there is a solution that only retrieve AAAA when there is no A DNS?
or some other solution?
as you can see:

it is 10 slower using 6in4 than native ipv4.

brada4 · December 15, 2024, 5:04pm

There is no such option in dnsmasq upstream. If you are in development you can write one for them.
https://thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html

patrikx3 · December 15, 2024, 5:32pm

i think option filter_aaaa_sentinel only on the dnsmasq-full, possible i do not have to rewrite this function

patrikx3 · December 15, 2024, 6:17pm

How these two dnsmasq options interact:

option filter_aaaa '1'
This directive tells dnsmasq to block or strip AAAA records (IPv6 addresses) in DNS responses going to LAN clients. This reduces IPv6-related issues for environments that don’t fully support IPv6. By itself, it’s a blanket filter of AAAA records.
option filter_aaaa_sentinel '1'
The “sentinel” logic introduces a conditional fallback to returning AAAA records in certain scenarios—for example, if there is no IPv4 (A) record available for that hostname. This means if the client queries for a domain that genuinely only has AAAA records, dnsmasq can still return them.

So in practice:

filter_aaaa '1': “Don’t provide AAAA answers, except…”
filter_aaaa_sentinel '1': “…if no A record is available, we’ll allow AAAA as a fallback.”

This combination helps if you have mostly IPv4-only clients but occasionally need IPv6 for domains that do not have an IPv4 address.

patrikx3 · December 16, 2024, 1:09am

the problam is , i installed dnsmasq-full on 24.10-0-rc2 but it is not working. how come?

patrikx3 · December 16, 2024, 1:11am

you are coorect, there is only --filter-AAAA and snetinel AAAA is not available in today, how come?

do you guys have a solution for this issue?

brada4 · December 16, 2024, 5:58am

What come? Ask your hallucinating AI assistant to back you.

lleachii · December 16, 2024, 8:00am

Because it doesn't exist (i.e., it's not listed here: https://dnsmasq.org/docs/dnsmasq-man.html).

It was suggested you volunteer to develop it.

I'm really curious where this "sentinel" information came from?

vincejv · December 16, 2024, 10:16am

This requirement of prioritizing IPv4 over IPv6 seems like more of something you should solve in the client devices, not OpenWrt or the DNS resolver. Since I don't think there is a way for now..

Afaik for linux glibc systems it's /etc/gai.conf, not so sure with musl but i think there's also a config for windows too, but not 100% sure.

patrikx3 · December 16, 2024, 10:41am

you are right, this was a hallucinating AI, i have asked if i can develop for dnsmasq, as it would be good feature for me. closing it, as there is no solution unless i develop it, which i am already working on

brada4 · December 16, 2024, 11:59am

Thats a good spirit, good luck in your RR sorting ventures.

system · December 26, 2024, 11:59am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.