unbound: IPv6 fallback issues when IPv6 is not properly enabled/configured
If I have a server which has an IPv6 interface but it is not connected to the internet (eg a default docker container or most linux servers these days), the first time I run a query for 04u-ua5db72ef-c12-a2093-s1613236523-i52dab726-0.eu.dotnxdomain.net it returns a SERVFAIL. If I set prefer-ip4: yes it fails similarly. The only way to make this resolve correctly the first time is to do-ip6: no.
From what I can see the difference is if there is ipv6 enabled we get this log line repeated a few times (even if prefer-ip4: yes for some reason):
[1613241220] unbound[1:0] error: udp connect failed: Cannot assign requested address for 2a00:ab00:603:96::32 port 53
[1613241220] unbound[1:0] info: error sending query to auth server 2a00:ab00:603:96::32 port 53
It also tries to do IPv6 queries even when there is only an ipv4 address listed in outgoing-interface.
Unbound 1.13.0
About this issue
- Original URL
- State: closed
- Created 3 years ago
- Comments: 21 (10 by maintainers)
Commits related to this issue
- Merge remote-tracking branch 'nlnet/master' * nlnet/master: Fix #426: Replace _Py_fopen() with fopen() in pythonmod.c - Fix to make tests work with support indicators set for iterator. - Fix #4... — committed to jedisct1/unbound by jedisct1 3 years ago
- Little bump for the OpenSSL and Unbound issues — committed to DNSCrypt/dnscrypt-server-docker by jedisct1 3 years ago
- - Fix #422: IPv6 fallback issues when IPv6 is not properly enabled/configured. — committed to internetstandards/unbound by wcawijngaards 3 years ago
It seems that on servers that have IPv6 support and can connect via IPv6 but cannot resolve via IPv6 (for whatever reason, firewall maybe), unbound does not resolve properly.
do-ip6: nofixes the problem but this seems like a bad workaround.