On Wed, Dec 16, 2020 at 02:37:19PM -0800, Jordan Geoghegan wrote:
> Hi folks,
>
> I've found some surprising behaviour in the 'dig' utility. I've noticed that
> dig doesn't seem to support link local IPv6 addresses. I've got unbound
> listening on a link local IPv6 address on my router and all queries seem to
> be working. I'm advertising this DNS info with rad, and I confirmed with
> tcpdump that my devices such as iPhones, Macs, Windows, Linux desktops etc
> are all properly querying my unbound server over IPv6.
>
> dhclient doesn't seem to allow you to specify an IPv6 address in it's
> 'supersede' options, so I manually edited my OpenBSD desktops resolv.conf
> to specify the IPv6 unbound server first. Again, I confirmed with tcpdump
> that my desktop was properly querying the unbound server over IPv6 (ie
> Firefox, ping, ssh etc all resolved domains using this server).
>
> I used 'dig' to make a query, and I noticed it was ignoring my link local
> IPv6 nameserver in my resolv.conf. I'll save you guys the long form Ted talk
> here and just make my point:
>
> $ cat resolv.conf
> nameserver fe80::f29f:c2ff:fe17:b8b2%em0
> nameserver 2606:4700:4700::1111
> lookup file bind
> family inet6 inet4
>
> $ dig google.ca
> [snip]
> ;; Query time: 12 msec
> ;; SERVER: 2606:4700:4700::1111#53(2606:4700:4700::1111)
> [snip]
>
> There's a bit of a delay as it waits for a time out, and then it falls back
> to the cloudflare IPv6 server.
>
> I tried specifying the server with '@' as well as specifying source
> IP/interface with '-I' to no avail. It seems dig really doesn't like the
> 'fe80::%em0' notation, as '@' and '-I' worked fine when used without a
> link-local address.
>
> Is this a bug or a feature? Am I just doing something stupid? Any insight
> would be appreciated.
I think it is a bug and I can reproduce. Will invesigate deeper later.
-Otto
