IPv6 and Nslookup
-
Thursday, July 05, 2012 2:17 PM
hi,
I have three BIND DNS servers running on Linux. The DNS servers have dual stacked IPv4 and IPv6 public routeable addresses, connectivity is fine and they seem to resolve DNS ok.
I added a AAAA record to the DNS server name (example) -
ns0 A 10.0.0.10
ns0 AAAA 2001:db8:85a3:0:0:8a2e:370:7334
When I perfom an nslookup under a Windows 7 or 2008 R2 server it lists both the IPv4 and IPv6 IP ok for the DNS server but fails to return any results. IPv6 is not configured on the Windows machines but I would have expected it to skip the v6 address then use the v4? Im not sure if this is just nslookup thats not working correctly?
thanks
matt
- Edited by MRM1 Thursday, July 05, 2012 2:18 PM
All Replies
-
Thursday, July 05, 2012 3:37 PM
"Not configured" or disabled?
There's a huge difference. Just because you have not configured IPv6 does not mean it is not configured and not in use. Auto-configuration is a corner-stone of IPv6.
Jason | http://blog.configmgrftw.com | Twitter @JasonSandys
-
Thursday, November 01, 2012 4:40 PM
hi,
Thought no one had replied to this thread, I still have the same issue. IPv6 is not disabled on the client windows workstation nor configured so its default out the box installed/enabled which is true probably of most Windows 7/8 machines.
for example I get the same thing with one of HE's DNS dual stacked servers -
> server ordns.he.net
Default Server: ordns.he.net
Addresses: 2001:470:20::2
74.82.42.42
Server: ordns.he.net
Addresses: 2001:470:20::2
74.82.42.42
*** ordns.he.net can't find www.microsoft.com: No response from server
then I force NSLookup to use the IPv4 address -
> server 74.82.42.42
Default Server: [74.82.42.42]
Address: 74.82.42.42
Server: [74.82.42.42]
Address: 74.82.42.42
Non-authoritative answer:
www.microsoft.com canonical name = toggle.www.ms.akadns.net
toggle.www.ms.akadns.net canonical name = g.www.ms.akadns.net
g.www.ms.akadns.net canonical name = lb1.www.ms.akadns.net
akadns.net
primary name server = internal.akadns.net
responsible mail addr = hostmaster.akamai.com
serial = 1339107600
refresh = 90000 (1 day 1 hour)
retry = 90000 (1 day 1 hour)
expire = 90000 (1 day 1 hour)
default TTL = 180 (3 mins)
>
the result is returned.
so is it just Nslookup that's not correct and not falling back to the v4 address when it gets no where with the v6 address?
thanks
matt
-
Wednesday, November 07, 2012 6:54 PM
I am having the same issue and I think its my problem to resolve my FQDN for my application., any solution?
-
Thursday, January 17, 2013 3:33 PM
This is a problem for any dual stack implementations when the destination has both a ipv6 and ipv4 address.
how this is resolved depends on what windows version you are using.
Microsoft has put quite some effort in to the connectivity algorithm of windows 8 and windows server 2012.
you can check out this article for more information: http://blogs.msdn.com/b/b8/archive/2012/06/05/connecting-with-ipv6-in-windows-8.aspx
hope this helps.
- Edited by Blinkage17 Thursday, January 17, 2013 3:34 PM link clean-up
-
Thursday, January 17, 2013 3:42 PM
Is it just nslookup that's broken? I cant control what client (XP, 7, 8) etc on the internet that does a lookup for a record from the DNS servers that are dual stacked. :/
thanks
matt
-
Thursday, January 17, 2013 8:36 PM
Well it seems that nslookup is broken even on windows8.
I do a nslookup on a client (windows8) with only a link-local address, with a DNS-server which has an IPv6 address and IPv4 such as your example server ordns.he.net its unable to resolve addresses. it tries.. but it gets no response.
> www.microsoft.com Server: ordns.he.net Addresses: 2001:470:20::2 74.82.42.42 ------------ SendRequest(), len 35 HEADER: opcode = QUERY, id = 16, rcode = NOERROR header flags: query, want recursion questions = 1, answers = 0, authority records = 0, additional = 0 QUESTIONS: www.microsoft.com, type = A, class = IN ------------ DNS request timed out. timeout was 2 seconds. timeout (2 secs) SendRequest failed ------------ SendRequest(), len 35 HEADER: opcode = QUERY, id = 17, rcode = NOERROR header flags: query, want recursion questions = 1, answers = 0, authority records = 0, additional = 0 QUESTIONS: www.microsoft.com, type = AAAA, class = IN ------------ DNS request timed out. timeout was 2 seconds. timeout (2 secs) SendRequest failed ------------ SendRequest(), len 35 HEADER: opcode = QUERY, id = 18, rcode = NOERROR header flags: query, want recursion questions = 1, answers = 0, authority records = 0, additional = 0 QUESTIONS: www.microsoft.com, type = A, class = IN ------------ DNS request timed out. timeout was 2 seconds. timeout (2 secs) SendRequest failed ------------ SendRequest(), len 35 HEADER: opcode = QUERY, id = 19, rcode = NOERROR header flags: query, want recursion questions = 1, answers = 0, authority records = 0, additional = 0 QUESTIONS: www.microsoft.com, type = AAAA, class = IN ------------ DNS request timed out. timeout was 2 seconds. timeout (2 secs) SendRequest failed *** Request to ordns.he.net timed-out >
As you can see it asks for both A and AAAA records but to no avail.
If i do the same from a machine with a global ipv6 address. i get an answer just fine.
> www.microsoft.com Server: ordns.he.net Addresses: 2001:470:20::2 74.82.42.42 ------------ SendRequest(), len 35 HEADER: opcode = QUERY, id = 13, rcode = NOERROR header flags: query, want recursion questions = 1, answers = 0, authority records = 0, additional = 0 QUESTIONS: www.microsoft.com, type = A, class = IN ------------ ------------ Got answer (123 bytes): HEADER: opcode = QUERY, id = 13, rcode = NOERROR header flags: response, want recursion, recursion avail. questions = 1, answers = 4, authority records = 0, additional = 0 QUESTIONS: www.microsoft.com, type = A, class = IN ANSWERS: -> www.microsoft.com type = CNAME, class = IN, dlen = 26 canonical name = toggle.www.ms.akadns.net ttl = 3058 (50 mins 58 secs) -> toggle.www.ms.akadns.net type = CNAME, class = IN, dlen = 4 canonical name = g.www.ms.akadns.net ttl = 300 (5 mins) -> g.www.ms.akadns.net type = CNAME, class = IN, dlen = 6 canonical name = lb1.www.ms.akadns.net ttl = 300 (5 mins) -> lb1.www.ms.akadns.net type = A, class = IN, dlen = 4 internet address = 65.55.57.27 ttl = 300 (5 mins) ------------ Non-authoritative answer: ------------ SendRequest(), len 35 HEADER: opcode = QUERY, id = 14, rcode = NOERROR header flags: query, want recursion questions = 1, answers = 0, authority records = 0, additional = 0 QUESTIONS: www.microsoft.com, type = AAAA, class = IN ------------ ------------ Got answer (170 bytes): HEADER: opcode = QUERY, id = 14, rcode = NOERROR header flags: response, want recursion, recursion avail. questions = 1, answers = 3, authority records = 1, additional = 0 QUESTIONS: www.microsoft.com, type = AAAA, class = IN ANSWERS: -> www.microsoft.com type = CNAME, class = IN, dlen = 26 canonical name = toggle.www.ms.akadns.net ttl = 3058 (50 mins 58 secs) -> toggle.www.ms.akadns.net type = CNAME, class = IN, dlen = 4 canonical name = g.www.ms.akadns.net ttl = 300 (5 mins) -> g.www.ms.akadns.net type = CNAME, class = IN, dlen = 6 canonical name = lb1.www.ms.akadns.net ttl = 300 (5 mins) AUTHORITY RECORDS: -> akadns.net type = SOA, class = IN, dlen = 51 ttl = 180 (3 mins) primary name server = internal.akadns.net responsible mail addr = hostmaster.akamai.com serial = 1358454652 refresh = 90000 (1 day 1 hour) retry = 90000 (1 day 1 hour) expire = 90000 (1 day 1 hour) default TTL = 180 (3 mins) ------------ Name: lb1.www.ms.akadns.net Address: 65.55.57.27 Aliases: www.microsoft.com toggle.www.ms.akadns.net g.www.ms.akadns.net >
So it appears the connectivity algorithm is failing to realise that it only has a link-local ipv6 address, and thus prefering ipv6 over ipv4 it tries to connect to the ipv6 dns server. If i change my DNS server to something ipv4 like googles 8.8.8.8 everything resolves fine. but not if the DNS server has an ipv6 address.
This needs some more looking into, or if someone else has an obvious answer?
-
Thursday, January 17, 2013 9:18 PM
some more info I've gathered by dumping network traffic while using nslookup.
> server ordns.he.net
Default Server: ordns.he.net
Addresses: 2001:470:20::2
74.82.42.42
MessageNumber Diagnosis Timestamp TimeElapsed Source Destination Module Summary 141 None 01.17.2013 09:43:39.2174768 0,0000009 2001:0:5EF5:73B8:1807:F:A0DD:CB08 2001:470:20:0:0:0:0:2 ICMPv6 Echo Request, ID = 0x7207, Seq = 0x8364
seems like my client is trying to connect to ordns.he.net via my local teredo tunnel adapter, pinging the DNS server to test for connectivity i suppose.Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:73b8:1807:f:a0dd:cb08(Preferred)
Link-local IPv6 Address . . . . . : fe80::1807:f:a0dd:cb08%14(Preferred)
Default Gateway . . . . . . . . . : ::
DHCPv6 IAID . . . . . . . . . . . : 335544320
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-70-DE-3D-50-46-5D-53-A9-7F
NetBIOS over Tcpip. . . . . . . . : Disabled
And it keeps trying to ping the dns server
MessageNumber Diagnosis Timestamp TimeElapsed Source Destination Module Summary 454 None 01.17.2013 09:44:09.8377164 0,0000003 2001:0:5EF5:73B8:1807:F:A0DD:CB08 2001:470:20:0:0:0:0:2 ICMPv6 Echo Request, ID = 0xF281, Seq = 0x244
But no DNS requests are noted in my network trace... untill i change my dns server to 8.8.8.8
> www.microsoft.com
Server: google-public-dns-a.google.com
Address: 8.8.8.8
MessageNumber Diagnosis Timestamp TimeElapsed Source Destination Module Summary 1562 None 01.17.2013 09:45:15.2772249 0,0287775 192.168.1.146 8.8.8.8 DNS Id = 0x3, QUERY (Standard query), Query for www.microsoft.com of type Host Addr on class Internet, Success, 64.4.11.42 1565 None 01.17.2013 09:45:15.3094439 0,0595018 192.168.1.146 8.8.8.8 DNS Id = 0x4, QUERY (Standard query), Query for www.microsoft.com of type AAAA on class Internet, Success
and the query succeeds.
considering it never falls back to IPv4 DNS query after 10 ICMPv6 Echos to ordns.he.net fails in an attempt to veryfi connectivity to ordns.he.net (which has both ipv6 and ipv4 addresses) i would say nslookup is sorta broken...- Edited by Blinkage17 Thursday, January 17, 2013 9:23 PM
-
Thursday, January 17, 2013 11:45 PM
hi,
if you use that DNS server with a client that has IPv6 enabled but just a link local address and you have a genuine IPv4 address, even though nslookup is busted can you still surf the net etc?
I enabled dual stack on our public facing DNS servers which use bind, individually they work fine if you use IPv4 or IPv6. I paniced though at the time when I had it respond with a v4 and v6 address because nslookup wasn't working as expected but perhaps general internet surfing etc was fine?
thanks
matt
.png)
