Unbound not listening on IPV6 address

Started by puithove, December 28, 2018, 05:54:08 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 28, 2018, 05:54:08 PM Last Edit: December 28, 2018, 06:00:10 PM by puithove
I'm on 18.7.9

I have IPV6 configured to go through TunnelBroker/HE.  All traffic on IPV6 flows fine.  Unbound is running as a forwarder - forwarding to IPv4 addresses - and successfullly resolves all IPV6 queries. DHCPv4 apparently includes the interface's IPV6 address in the list of DNS servers provided as it shows up in client's resolvers.  This results in slow DNS queries as clients sometimes attempt to contact DNS on IPV6 which times out.

Unbound is not listening on any IPV6 address.  Output from "sockstat | grep -i unbound" run on the OPNsense router:

Code Select
unbound  unbound    79724 3  stream /tmp/php-fastcgi.socket-1
unbound  unbound    79724 4  udp4   *:53                  *:*
unbound  unbound    79724 5  tcp4   *:53                  *:*
unbound  unbound    79724 6  tcp4   127.0.0.1:953         *:*
unbound  unbound    79724 7  dgram  -> /var/run/logpriv
unbound  unbound    79724 8  stream -> ??
unbound  unbound    79724 9  stream -> ??
unbound  unbound    79724 10 stream -> ??
unbound  unbound    79724 11 stream -> ??
unbound  unbound    79724 12 stream -> ??
unbound  unbound    79724 13 stream -> ??
unbound  unbound    79724 14 stream -> ??
unbound  unbound    79724 15 stream -> ??


You can see it's listening on all udp4 and tcp4 addresses.  On the config page, I have "ALL" set on both Network Interfaces and Outgoing Network Interfaces.  Unbound ACLs automatically include all IPV6 subnets from all my interfaces.

I saw in some other threads there may be a need to manually add config option "do-ip6: yes", but when I put that in Custom Options on the General config page, Unbound fails to start.

Any tips here?
January 04, 2019, 02:19:23 PM #1
Nobody run into this?  No thoughts?
January 04, 2019, 02:23:31 PM #2
Hi.

I'm interested too.

I've experienced the same issue and didn't manage to solve it.

Br

January 04, 2019, 02:47:03 PM #3 Last Edit: January 04, 2019, 04:02:16 PM by puithove
Ok, found this little gold nugget in the release notes for 18.7.9:

Code Select
unbound: only use IPv6 when enabled and IPv4 is not preferred

So I turned off the "Prefer IPv4" option (under System / Settings / General), and now it's listening on IPv6, and working correctly.

That seems valid - but if this is to be the case, then that option should also make it so that the DNS server list handed out by DHCP does NOT include any of the IPv6 addresses.
January 04, 2019, 06:50:24 PM #4
Thanks. I need to play a little bit around with my IPv6 setup, unitl now its just a playground.

Thanks for the hint!

br
January 06, 2019, 06:01:51 PM #5
In my opinion, this still sounds like a bug.
"Prefer IPv4 over IPv6" should not mean the daemon shall not listen on IPv6 at all. What I'd expect is that whenever outbound connections are made, IPv4 is preferred. It might be that this is not possible to do properly with Unbound but then a dedicated setting in Unbound should be there for it and the central setting should not be taken into account.

Might be worth opening a ticket for it on Github, but that's up to you guys.
January 06, 2019, 08:53:08 PM #6
Sorry, Unbound disables responding to queries on IPv6 using do-ip6 as well and defaults prefer-ip6 to 'no' which is a bit confusing and out of the scope of the feature request posted on GitHub...

https://github.com/opnsense/core/commit/53024b5c

# opnsense-patch 53024b5c

Won't be fixed in 18.7.10 as that is already waiting for final QA, but easily patched.

Even though I would not recommend preferring IPv4 in this day and age (it's the OPNsense default as well).


Cheers,
Franco
January 06, 2019, 08:54:24 PM #7
PS: quick issue opened in GitHub would be perfect... forum post is easily missed.
Print
Go Up Pages1
User actions