[ipxe-devel] Fallback to IPv4 or disable IPv6

Andreas Fink afink at list.fink.org
Mon Nov 19 12:06:04 UTC 2018 


> On 19 Nov 2018, at 12:26, Geert Stappers <geert.stappers at hendrikx-itc.nl> wrote:
> 
> On Mon, Nov 19, 2018 at 12:13:55PM +0100, Andreas Fink wrote:
>>> On 19 Nov 2018, at 11:52, Michael Brown <mcb30 at ipxe.org> wrote:
>>> On 01/11/2018 17:40, Anatoli Babenia wrote:
>>>> My upstream provider doesn't support IPv6. No addresses are reachable.
>>>> But my router still gives me an IPv6 address and is even able to resolve
>>>> AAAA records. Being able to resolve IPv6 address iPXE thinks that it got
>>>> IPv6 and fails, but it should try IPv4 instead.
>>>> Here is the log - https://github.com/antonym/netboot.xyz/issues/283
>>>> Is it possible to make current 133f fallback to IPv4 if IPv6 fetch fails?
>>>> Also, is there an option to disable IPv6 from Failsafe Menu? Manual
>>>> network configuration doesn't help.
>>> 
>>> iPXE will query for AAAA records only if the DNS server address is itself an IPv6 address.  This is the heuristic we use to decide between IPv6 and IPv4 when a DNS name is used.
>> 
>> This is not really what the idea is.
>> 
>> I would recommend the following logic:
> 
> I would appreciate patches.

I will look into this.
>> 
>> 1. If there is a IPv4 address only provided by the DHCP server, do IPv4 only.  Consider the host "ipv4 only"
>> 1. If there is a IPv6 address only provided by the DHCP server or through router advertizement (and its not only link local)  do IPv6 only. Consider the host "ipv6 only"
>> 3. If there host has a IPv4 and a IPv6 address do both ( Consider the host ipv4/ivp6 capable)
> 
> Bullshit.  Reread
>>> iPXE will query for AAAA records only if the DNS server address is itself an IPv6 address.  This is the heuristic we use to decide between IPv6 and IPv4 when a DNS name is used.

> Pay attention to the "decide between IPv6 and IPv4" part.
> 
> 


I still have to disagree. It's perfectly normal and ok to have a IPv4 based DNS server provide AAAA record for a host which is IPv6 only connected.
Having the DNS servers own IP address as a deciding factor to query for AAAA records is a wrong one. If a host can be reached over IPv6 should only be determined by the fact if the remote host has AAAA record and if the local host has an IPv6 connectivity and this potentially could reach the remote node over IPv6. The DNS server can still be IPv4 (unless the local host does not have any IPv4 anymore in which case, it can not even reach that DNS server).

see https://tools.ietf.org/html/rfc2893#page-7 <https://tools.ietf.org/html/rfc2893#page-7>  section 2.2 which says:


   DNS resolver libraries on IPv6/IPv4 nodes MUST be capable of handling
   both A6/AAAA and A records.  However, when a query locates an A6/AAAA
   record holding an IPv6 address, and an A record holding an IPv4
   address, the resolver library MAY filter or order the results
   returned to the application in order to influence the version of IP
   packets used to communicate with that node.  


So if it's possible to communicate with the target on ipv6 or not is the deciding factor if IPv6 AAAA records should be considered nor not. Not the DNS's own IP address.


Andreas Fink

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ipxe.org/pipermail/ipxe-devel/attachments/20181119/7d905508/attachment.htm>

More information about the ipxe-devel mailing list