Kitz Forum

Broadband Related => Broadband Hardware => Topic started by: Weaver on August 14, 2018, 03:25:36 AM

Title: Firebrick publishing self as local forwarding DNS server over IPv6 - snafu?
Post by: Weaver on August 14, 2018, 03:25:36 AM
I think my Firebrick is publishing the global / routable IPv6 address of its LAN interface - as opposed to link local address - as a usable DNS server to the boxes on the LAN. It also publishes the global / routable IPv4 address of the Firebrick's LAN interface too as a DNS server. (All boxes in the LAN have global, routable, public IP addresses. I do not use RFC 1918 addresses or nat for any source addresses in internet access.)

It seems that the boxes on the LAN are picking the IPv4 address of the Firebrick and accessing DNS using that.

* However, if I configure an iPad by hand in settings with manually-set values, or I configure various DNS test tool apps, to use the Firebrick's LAN IPv6 address, then DNS lookup fails with I think some long timeout.

* Could anyone give me an idea what might be going wrong?

It seems to me that although the Firebrick is advertising the IPv6 address as 'good for DNS' it is as if DNS in the Brick is not actually operating on that IPv6+protocol+port combination.

As a sanity check, I tried IPv6-pinging the expected IPv6 LAN i/f address of the Firebrick from an iPad and no problems. Looking at the XML config, everything relating to DNS and the main LAN i/f and the subnet associated with it is just using defaults, pretty much, although the addresses are given explicitly in the XML, not obtained from the ISP, AA, by PPP.

I should make sure that the iPad works in general with IPv6 over DNS just in case this is all some sad iPad 20C-thinking bug.

I could get some sort of traffic capture over the LAN by using the facilities available in my powerful ZyXEL WAPs and see if there is even anything to see.
Title: Re: Firebrick publishing self as local forwarding DNS server over IPv6 - snafu?
Post by: DaveC on August 19, 2018, 02:16:07 AM
Weaver,

Do your ipv6 subnet(s) listed in the "allow" attribute of the dns object in your Firebrick's config?

Dave.
Title: Re: Firebrick publishing self as local forwarding DNS server over IPv6 - snafu?
Post by: Weaver on August 19, 2018, 03:33:16 AM
no, and the ipv4 is not listed either.

I noted there is a local-only attribute set to true. Tried taking that out and now no problem. Tada!

Just for a sanity check, I put the attribute back, and still it did not fail: so now I can no longer reproduce the bug. I don't know what on earth I have done.