Hi, we seem to have an issue where sometimes a domain is resolved to using ipv4.
I seem to be able to reproduce this (although not as reliably) when we use pdns-recursor. When I stop the service things seem to be better.
Our servers config:
vm config:
ping debug:
PowerDNS recursor setting:
I'm not sure how to resolve this to force ipv6 to be used all the time.
I seem to be able to reproduce this (although not as reliably) when we use pdns-recursor. When I stop the service things seem to be better.
Our servers config:
Code:
auto lo
iface lo inet loopback
iface eno1 inet manual
auto vmbr0
iface vmbr0 inet static
address 38.46.219.119/28
gateway 38.46.219.113
bridge-ports eno1
bridge-stp off
bridge-fd 0
iface vmbr0 inet6 static
address 2602:294:0:b12::100/64
gateway 2602:294:0:b12::1
bridge-ports eno1
bridge-stp off
bridge-fd 0
iface eno3 inet manual
iface eno4 inet manual
iface eno2 inet manualvm config:
Code:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug ens18
iface ens18 inet6 static
address 2602:294:0:b12::108/128
gateway 2602:294:0:b12::1ping debug:
Code:
root@swiftobject181:/home/paladox# ping mariadb.org -v
ping: sock4.fd: 3 (socktype: SOCK_RAW), sock6.fd: 4 (socktype: SOCK_RAW), hints.ai_family: AF_UNSPEC
ai->ai_family: AF_INET6, ai->ai_canonname: 'mariadb.org'
PING mariadb.org(2a01:4f8:c012:39f8::1 (2a01:4f8:c012:39f8::1)) 56 data bytes
64 bytes from 2a01:4f8:c012:39f8::1 (2a01:4f8:c012:39f8::1): icmp_seq=1 ident=18559 ttl=46 time=140 ms
64 bytes from 2a01:4f8:c012:39f8::1 (2a01:4f8:c012:39f8::1): icmp_seq=2 ident=18559 ttl=46 time=139 ms
^C
--- mariadb.org ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 139.227/139.439/139.651/0.212 ms
root@swiftobject181:/home/paladox# service pdns-recursor restart
root@swiftobject181:/home/paladox# ping mariadb.org -v
ping: sock4.fd: 3 (socktype: SOCK_RAW), sock6.fd: 4 (socktype: SOCK_RAW), hints.ai_family: AF_UNSPEC
ai->ai_family: AF_INET, ai->ai_canonname: 'mariadb.org'
ping: connect: Network is unreachable
Code:
root@swiftobject181:/home/paladox# service pdns-recursor restart
root@swiftobject181:/home/paladox# nslookup mariadb.org
;; Got SERVFAIL reply from 127.0.0.1, trying next server
Server: 2606:4700:4700::1111
Address: 2606:4700:4700::1111#53
Non-authoritative answer:
Name: mariadb.org
Address: 157.90.247.81
Name: mariadb.org
Address: 2a01:4f8:c012:39f8::1
root@swiftobject181:/home/paladox# service pdns-recursor restart
root@swiftobject181:/home/paladox# ping mariadb.org -v
ping: sock4.fd: 3 (socktype: SOCK_RAW), sock6.fd: 4 (socktype: SOCK_RAW), hints.ai_family: AF_UNSPEC
ai->ai_family: AF_INET, ai->ai_canonname: 'mariadb.org'
ping: connect: Network is unreachablePowerDNS recursor setting:
Code:
# Basic config for setup
allow-from = 127.0.0.0/8, ::1/128
config-dir = /etc/powerdns
dnssec = off
local-address = 127.0.0.1, ::1
quiet = yes
setgid = pdns
setuid = pdns
daemon=yes
threads=6
pdns-distributes-queries=no
reuseport=yes
# Set a maximum TTL for all records to prevent overcaching
max-cache-ttl = 600
stats-ringbuffer-entries=1000
# Ensure transport for outgoing queries works for ipv4 and ipv6
query-local-address=0.0.0.0,[::]
# This prevents pdns from polling a public server to check for sec fixes
security-poll-suffix=
# Forward requests to our authorative servers
forward-zones = wikitide.net=2607:f1c0:1800:1f2::1;2a10:6740::6:314;74.208.210.151;31.24.105.140, miraheze.org=2607:f1c0:1800:1f2::1;2a10:6740::6:314;74.208.210.151;31.24.105.140, 0.0.0.0.0.4.7.6.0.1.a.2.ip6.arpa=2607:f1c0:1800:1f2::1;2a10:6740::6:314;74.208.210.151;31.24.105.140, 139.105.24.31.in-addr.arpa=2607:f1c0:1800:1f2::1;2a10:6740::6:314;74.208.210.151;31.24.105.140I'm not sure how to resolve this to force ipv6 to be used all the time.
Last edited:
