host -6 failure

David Horn dhorn2000 at gmail.com
Sat Nov 8 17:10:43 PST 2008 

On Sat, Nov 8, 2008 at 7:55 PM, mdh <mdh_lists at yahoo.com> wrote:
> --- On Sat, 11/8/08, David Horn <dhorn2000 at gmail.com> wrote:
>> From: David Horn <dhorn2000 at gmail.com>
>> Subject: Re: host -6 failure
>> To: mdh_lists at yahoo.com
>> Cc: freebsd-questions at freebsd.org
>> Date: Saturday, November 8, 2008, 7:25 PM
>> On Fri, Nov 7, 2008 at 2:18 PM, mdh
>> <mdh_lists at yahoo.com> wrote:
>> > Howdy folks,
>> > I'm having a little trouble understanding a
>> problem that the `host` command in RELENG_7_0 (very recent)
>> is having.  This is by and large my first time working with
>> IPv6, which I've been meaning to learn for some time.
>> First off, I've got my zone file configured to return a
>> AAAA record for x1.mydomain and named isn't complaining.
>>  However, when I run `host -6 x1.mydomain`, host returns the
>> following output:
>> >
>> > (root at rapier) [/etc/namedb]: host -6 x1.mydomain
>> >
>> /usr/src/lib/bind/isc/../../../contrib/bind9/lib/isc/unix/socket.c:1179:
>> internal_send: ::ffff:127.0.0.1#53: Invalid argument
>> >
>> /usr/src/lib/bind/isc/../../../contrib/bind9/lib/isc/unix/socket.c:1179:
>> internal_send: ::ffff:IP.IP.IP.8#53: Invalid argument
>> >
>> /usr/src/lib/bind/isc/../../../contrib/bind9/lib/isc/unix/socket.c:1179:
>> internal_send: ::ffff:127.0.0.1#53: Invalid argument
>> >
>> /usr/src/lib/bind/isc/../../../contrib/bind9/lib/isc/unix/socket.c:1179:
>> internal_send: ::ffff:IP.IP.IP.8#53: Invalid argument
>> > ;; connection timed out; no servers could be reached
>>
>> The '-6' on the command line for host(1) forces an
>> IPv6 only
>> connection to your nameserver, not necessarily a
>> "AAAA" query for the
>> hostname in question.  In this case, your nameservers
>> listed in the
>> warnings are IPv4 nameservers that host(1) is attempting to
>> connect to
>> using an ipv4 mapped ipv6 address (which by default is
>> disabled in the
>> kernel) In other words, don't use host -6 for this
>> scenario.
>
> Yet as I pointed out, the second nameserver in my resolv.conf is ::1 - so shouldn't it work with that?  It's clearly trying to contact the first and third nameservers listed.  If the behavior I'm experiencing is the proper behavior, then let me pose this question: when would anyone conceivably want to use the -6 option, and why does it exist?  My intent was to force a query to hit the nameserver on ::1 rather than 127.0.0.1.
>
>>
>> Most recent versions of the host(1) command will do both
>> "A" (IPv4
>> host record), and "AAAA" (IPv6 host record)
>> lookups for you
>> automatically.  For example:
>>
>>  host www.kame.net
>> www.kame.net has address 203.178.141.194
>> www.kame.net has IPv6 address
>> 2001:200:0:8002:203:47ff:fea5:3085
>>
>> >
>> > IP.IP.IP.8 is my ISP's DNS server, and is a third
>> option just in case the localhost DNS server crashes or goes
>> batty while I'm out drinking or somesuch.  Here's my
>> resolv.conf, which shows ::1 listed as the second nameserver
>> entry - however, it seems host -6 never even tries it.
>> >
>> > domain          mydomain
>> > search          mydomain
>> > nameserver      127.0.0.1
>> > nameserver      ::1
>> > nameserver      IP.IP.IP.8
>> >
>> > The DNS server running on localhost is authoritative
>> for mydomain.  I can ping it via localhost using both v4 and
>> v6, and I can also ping the external v4 and v6 addresses
>> just fine remotely.
>> >
>> > As I said, I'm new to IPv6, but this behavior
>> seems to be counterintuitive.  Am I just doing it wrong?
>> >
>>
>> For diagnosing your own nameservers, you are better off
>> using the
>> dig(1) utility.
>>
>> Example:
>>
>>  dig ipv6.google.com AAAA @::1
>>
>> This causes a dns query for an IPv6 address (aka
>> "AAAA" query) for the
>> hostname of "ipv6.google.com" using the
>> nameserver on the IPv6
>> localhost loopback address (::1), and will give a very nice
>> verbose
>> output.  man dig for more details.
>
> That is more useful, but still doesn't stifle my desire to stomp a potential bug in the base system.

Right after sending, I realized that I did not tell you all of the answer....

host(1) will successfully query ::1 when named is setup to listen on
::1 in named.conf, and ::1 is listed in /etc/resolv.conf (I just ran a
test on my box to be sure that it works this way with the -6 switch)

Example line from /etc/namedb/named.conf:

listen-on-v6    { ::1; any; };

And of course you need to restart named after the config change(
/etc/rc.d/named restart)

To make sure that it is listening on the IPv6 loopback address:

netstat -anW -f inet6

I do not remember the minimum version of bind (aka named) required for
IPv6 off the top of my head, but I am running 9.4.2-P2 on my IPv6
machine.

-_Dave

>
>>
>> Good Luck.
>>
>> BTW, if you have not already setup an IPv6 tunnel to the
>> internet, I
>> highly recommend SixXS's (www.sixxs.net) free tunnels
>> (and the
>> sixxs-aiccu port), or you can look at Hurricane Electric
>> (www.he.net),
>> and some other tunnel brokers as well.
>
> Actually this system is located at HE.  :)
>
> Thanks,
> - mdh
>
>
>
>
>

More information about the freebsd-questions mailing list