[libvirt] [PATCHv2] handle DNS over IPv6

Paweł Krześniak pawel.krzesniak at gmail.com
Thu Jan 6 20:45:04 UTC 2011 

2011/1/6 Daniel P. Berrange <berrange at redhat.com>:
> While it is shorter to just use '--interface brname' this comes
> at the price of loosing compatibility with older dnsmasq which
> we still wish to support.

sure. RHEL5 is important target :)

> If we used  '--listen-address $IPV4ADDR --listen-address $IPV6ADDR'
> then people with dnsmasq < 2.48 can still use the virtual network
> capability in a IPv4 only context without problems. Only those
> people who actually needed IPv6 DNS would have to upgrade to
> newer dnsmasq.

hack for users of old dnsmasq and ipv6 needs is nodad option for
/sbin/ip tool - read below.

> Do you have any idea what causes the delay ?  In particular is
> the delay caused by the use of --listen-interface, or caused
> by the addition of IPv6 addrs ?

Delay is caused by DAD.
http://en.wikipedia.org/wiki/IPv6_address#Duplicate_address_detection

It's caused by IPv6 address, not by --listen-interface option:
# killall dnsmasq ; ip a del 2001:db8::1 dev wlan0 ; ip a add
2001:db8::1 dev wlan0 ; time dnsmasq --strict-order --bind-interfaces
--conf-file= --except-interface lo  --listen-address 2001:db8::1
dnsmasq: no process killed

real	0m2.008s
user	0m0.000s
sys	0m0.006s

# killall dnsmasq ; ip a del 2001:db8::1 dev wlan0 ; ip a add
2001:db8::1 dev wlan0 ; time dnsmasq --strict-order --bind-interfaces
--conf-file= --except-interface lo  --interface wlan0

real	0m2.006s
user	0m0.000s
sys	0m0.003s


We can add v6 address to interface with skipping DAD (nodad option for
/sbin/ip tool), but we can end up with duplicate v6 hosts on the same
network. Without DAD dnsmasq doesn't need to wait:

# killall dnsmasq ; ip a del 2001:db8::1 dev wlan0 ; ip a add
2001:db8::1 dev wlan0 nodad ; time dnsmasq --strict-order
--bind-interfaces --conf-file= --except-interface lo  --interface
wlan0
dnsmasq: no process killed

real	0m0.017s
user	0m0.000s
sys	0m0.005s


> Based on your descriptions here it sounds like going for multiple
> --listen-address parameters offers the same level of overall
> functionality, but with better compatibility for people on older
> dnsmasq. So I'm not seeing a compelling reason to switch over to
> using --listen-interface

OK, I understand.
Final question: what about link-local ipv6 addresses (fe80::/10).
Should we --listen-address on them? (I think we should)

-- 
Pawel

More information about the libvir-list mailing list