[libvirt] [PATCHv2] handle DNS over IPv6
Daniel P. Berrange
berrange at redhat.com
Fri Jan 7 10:51:29 UTC 2011
On Thu, Jan 06, 2011 at 09:45:04PM +0100, Paweł Krześniak wrote:
> 2011/1/6 Daniel P. Berrange <berrange at redhat.com>:
> > While it is shorter to just use '--interface brname' this comes
> > at the price of loosing compatibility with older dnsmasq which
> > we still wish to support.
>
> sure. RHEL5 is important target :)
>
> > If we used '--listen-address $IPV4ADDR --listen-address $IPV6ADDR'
> > then people with dnsmasq < 2.48 can still use the virtual network
> > capability in a IPv4 only context without problems. Only those
> > people who actually needed IPv6 DNS would have to upgrade to
> > newer dnsmasq.
>
> hack for users of old dnsmasq and ipv6 needs is nodad option for
> /sbin/ip tool - read below.
>
> > Do you have any idea what causes the delay ? In particular is
> > the delay caused by the use of --listen-interface, or caused
> > by the addition of IPv6 addrs ?
>
> Delay is caused by DAD.
> http://en.wikipedia.org/wiki/IPv6_address#Duplicate_address_detection
>
> It's caused by IPv6 address, not by --listen-interface option:
> # killall dnsmasq ; ip a del 2001:db8::1 dev wlan0 ; ip a add
> 2001:db8::1 dev wlan0 ; time dnsmasq --strict-order --bind-interfaces
> --conf-file= --except-interface lo --listen-address 2001:db8::1
> dnsmasq: no process killed
>
> real 0m2.008s
> user 0m0.000s
> sys 0m0.006s
>
> # killall dnsmasq ; ip a del 2001:db8::1 dev wlan0 ; ip a add
> 2001:db8::1 dev wlan0 ; time dnsmasq --strict-order --bind-interfaces
> --conf-file= --except-interface lo --interface wlan0
>
> real 0m2.006s
> user 0m0.000s
> sys 0m0.003s
>
>
> We can add v6 address to interface with skipping DAD (nodad option for
> /sbin/ip tool), but we can end up with duplicate v6 hosts on the same
> network. Without DAD dnsmasq doesn't need to wait:
>
> # killall dnsmasq ; ip a del 2001:db8::1 dev wlan0 ; ip a add
> 2001:db8::1 dev wlan0 nodad ; time dnsmasq --strict-order
> --bind-interfaces --conf-file= --except-interface lo --interface
> wlan0
> dnsmasq: no process killed
>
> real 0m0.017s
> user 0m0.000s
> sys 0m0.005s
>
>
> > Based on your descriptions here it sounds like going for multiple
> > --listen-address parameters offers the same level of overall
> > functionality, but with better compatibility for people on older
> > dnsmasq. So I'm not seeing a compelling reason to switch over to
> > using --listen-interface
>
> OK, I understand.
> Final question: what about link-local ipv6 addresses (fe80::/10).
> Should we --listen-address on them? (I think we should)
Will DNS actually work over link-local addrs? IIUC, since
link-local addrs are scoped to a specific interface, apps
wanting to send traffic via a link local address need to
explicitly specify the interface name. Practically no apps
will be do this and so they typically can't make use of
the link-local address. Mostly a link-local address is just
there for the purpose of allowing ipv6 autoconf to take
place at which point the real address is used. So I'm not
sure that we need/want to use --listen-address on the link
local addr.
Regards,
Daniel
More information about the libvir-list
mailing list