Network Manager IPv6 DNS Should be first

I feel a bit lost in this conversation. I feel that this conversation drifted into a debate of “is this really a problem?” The answer is, yes, this is a problem. This issue causes the v6ns test on test-ipv6.com to fail.

I also feel I’ve discovered a bug with ifup due to the testing that was asked of me. However, that is a different topic.

I think that at this point the technical nature of this issue is a bit beyond my knowledge, but here is where I stand:

When enabling the “Wired” connection in network manager, two dhclient processes are briefly started. One in v4 mode, one in v6 mode.


gundam:~ # ps aux | grep dh
root     16365  0.0  0.0  12356  7800 ?        S    20:13   0:00 /sbin/dhclient -d -4 -sf /usr/lib/nm-dhcp-client.action -pf /var/run/dhclient-eth0.pid -lf /var/lib/dhcp/dhclient-5d850656-2873-498e-8fc9-0389270e8e98-eth0.lease -cf /var/run/nm-dhclient-eth0.conf eth0
root     16500  0.0  0.0  12352  7708 ?        S    20:13   0:00 /sbin/dhclient -d -6 -S -sf /usr/lib/nm-dhcp-client.action -pf /var/run/dhclient6-eth0.pid -lf /var/lib/dhcp/dhclient6-5d850656-2873-498e-8fc9-0389270e8e98-eth0.lease eth0

When this finished, /etc/resolv.conf lists the IPv4 name server first. This results in a failed v6ns test with test-ipv6.com.

About the “v6ns” test

However, when manually changing the order of the nameservers around, the v6ns test passes. And I score a 10/10 on test-ipv6.com

It’s definitely not an openSUSE-specific issue or quirk, but rather seemingly related to the NM-related code.

It was reported as a RH bug some time back

https://bugzilla.redhat.com/show_bug.cgi?id=661150

but as the discussion there and in this thread shows, there are suggestions that the given order makes some sense

hm… certainly ip6_vpn_config should go above ip4_device_config (ignoring the fact that we don’t
have any ipv6 vpns yet…). Not sure if there’s any rule that says ipv6 should go above ipv4 in
general. I think for now it’s probably better to keep ipv4 first, since people are more likely to
accidentally have a broken ipv6 config than they are to accidentally have a broken ipv4 config…

glibc queries the nameservers in the order they are listed in resolv.conf, so if the IPv4 servers
don’t know the address of the IPv6 machine it should fail and glib will query the IPv6 server. The
apps themselves are the things that request AAA records (IPv6) instead of the A records and they are
the ones that decide what to do with the records that actually get returned too. So unless the app
is badly coded, is there a real difference which nameservers are first? Is ordering necessary to
work around bad servers?

so I’m not convinced that it is a bug as such. (Of course, you are free to manually configure /etc/resolv.conf as you like.)

Hm, interesting discussion there. Thanks.

Which I do not realyy understand (which again may be due to my ignorance).
My test-ipv6.com test:

Your IPv4 address on the public Internet appears to be 80.101.225.164
Your IPv6 address on the public Internet appears to be 2001:980:91a0:1:190a:c908:f07c:334d
Your Internet Service Provider (ISP) appears to be XS4ALL-NL XS4ALL Internet BV
Since you have IPv6, we are including a tab that shows how well you can reach other IPv6 sites. [more info]
Good news! Your current configuration will continue to work as web sites enable IPv6. [more info]
Your DNS server (possibly run by your ISP) appears to have IPv6 Internet access.

Your readiness score
10/10 for your IPv6 stability and readiness, when publishers are forced to go IPv6 only

As you see I have 10/10. Though I am not sure which of those 10 is the v6ns one you mention, I do not see any such a mnemonic there, nor on the technical details page.

And (as shown earlier) I do not have any IPv6 address in my resolving configuration:

henk@boven:~> grep -v '^#' /etc/resolv.conf
search xs4all.nl
nameserver 194.109.6.66
nameserver 194.109.9.99
nameserver 194.109.104.104
henk@boven:~>

On 2013-08-23 07:46, deano ferrari wrote:
>
> It’s definitely not an openSUSE-specific issue or quirk, but rather
> seemingly related to the NM-related code.
>
> It was reported as a RH bug some time back
>
> https://bugzilla.redhat.com/show_bug.cgi?id=661150
>
> but as the discussion there and in this thread shows, there are
> suggestions that the given order makes some sense

Thinking…

>> glibc queries the nameservers in the order they are listed in resolv.conf, so if the IPv4 servers
>> don’t know the address of the IPv6 machine it should fail and glib will query the IPv6 server.

So, why is not the second DNS server on the OP setup queried? As I
understand, it is because the first one gives a failure or reply that
says conclusively not to look any more for that name, right?

So his first DNS is bad.


Cheers / Saludos,

Carlos E. R.
(from 12.3 x86_64 “Dartmouth” at Telcontar)