Router not resolving host with IPV6-only DNS authoritative server

Hi folks,

busy days after upgrading to 19.07.7.

Almost everything is starting to work fine now, but I've observed that OpenWRT dnsmasq stops resolving a hostname with IPV6-only DNS authoritative domain server. Lets take a look:

root@murguisrouter:~# nslookup ds.v6ns.test-ipv6.arauc.br 
;; connection timed out; no servers could be reached

root@murguisrouter:~# 

Changing to another server (Google DNS, for example) works fine (IPv4 and 6 too):

root@murguisrouter:~# nslookup ds.v6ns.test-ipv6.arauc.br 8.8.8.8
Server:		8.8.8.8
Address:	8.8.8.8#53

Name:      ds.v6ns.test-ipv6.arauc.br
Address 1: 200.238.130.45
Address 2: 2801:82:0:6::45
root@murguisrouter:~# nslookup ds.v6ns.test-ipv6.arauc.br 2001:4860:4860::8888
Server:		2001:4860:4860::8888
Address:	2001:4860:4860::8888#53

Name:      ds.v6ns.test-ipv6.arauc.br
Address 1: 200.238.130.45
Address 2: 2801:82:0:6::45
root@murguisrouter:~# 

It seems that IPv6 connection works:

root@murguisrouter:/etc/config# ping6 -c 2 ipv6.google.com
PING ipv6.google.com (2800:3f0:4001:817::200e): 56 data bytes
64 bytes from 2800:3f0:4001:817::200e: seq=0 ttl=118 time=10.858 ms
64 bytes from 2800:3f0:4001:817::200e: seq=1 ttl=118 time=6.376 ms

--- ipv6.google.com ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 6.376/8.617/10.858 ms
root@murguisrouter:/etc/config#

dnsmasq and network configuration is pretty vanilla:

/etc/config/dhcp
config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan exadomain'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.auto'
	option localservice '1'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv6 'server'
	option ra 'server'
	option ra_management '1'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'
/etc/config/network
config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdf0:ed02:a420::/48'

config device 'lan_eth0_1_dev'
	option name 'eth0.1'
	option macaddr '48:8f:xxxx'

config interface 'lan'
	option ifname 'eth0.1'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.143.1'

config device 'wan_eth0_2_dev'
	option name 'eth0.2'
	option macaddr '48:8f:xxxxx'

config interface 'wan'
	option ifname 'eth0.2'
	option proto 'pppoe'
	option password 'xxxxx'
	option ipv6 'auto'
	option username 'xxxxxx'

config interface 'wan_modem'
	option ifname 'eth0.2'
	option proto 'static'
	option ipaddr '192.168.15.2'
	option netmask '255.255.255.0'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '1 2 3 4 6t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '0 6t'

Any ideas?

Cheers!

1 Like

https://openwrt.org/docs/guide-user/base-system/dhcp_configuration#upstream_dns_provider

@vgaetera thanks for pointing this howto!

Creepy ISPs... lets take a look.

Restaring dnsmasq and looking on syslog (with logread) four upstream DNS servers appears:

(...)
Fri Mar 26 12:56:47 2021 daemon.info dnsmasq[6463]: using nameserver 200.204.0.10#53
Fri Mar 26 12:56:47 2021 daemon.info dnsmasq[6463]: using nameserver 200.204.0.138#53
Fri Mar 26 12:56:47 2021 daemon.info dnsmasq[6463]: using nameserver 2001:12e0:0:1025:a080::2#53
Fri Mar 26 12:56:47 2021 daemon.info dnsmasq[6463]: using nameserver 2001:12e0:0:1025:a080::3#53
Fri Mar 26 12:56:47 2021 daemon.info dnsmasq[6463]: read /etc/hosts - 4 addresses
(...)

Two IPv4 and two IPv6. And all of them can't resolve the so-called "host with IPv6-only DNS authoritative server" as described on OP.

The solution you pointed out solves, IMHO, changing DNS provided by my ISP to much more reliable servers.

Final lesson: never trust your ISP.

(one day I will take more care on DNS service on network, with DNSSEC and so on...)

Thank you very much!

Cheers!

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.