Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DNS64: Not resolving and synthesizing correctly for CNAME chain (rfc6147#section-5.1.5) #6932

Open
4 tasks done
GoetzGoerisch opened this issue Apr 20, 2024 · 2 comments
Open
4 tasks done

DNS64: Not resolving and synthesizing correctly for CNAME chain (rfc6147#section-5.1.5) #6932

GoetzGoerisch opened this issue Apr 20, 2024 · 2 comments
Assignees
@EugeneOne1
Labels
needs investigation Needs to be reproduced reliably.

Comments

@GoetzGoerisch
Copy link

Prerequisites

Platform (OS and CPU architecture)

Linux, ARM64

Installation

GitHub releases or script from README

Setup

On one machine

AdGuard Home version

v0.107.48

Action

AdGuard configured for DNS64

AdGuardHome.yml:

...
  use_dns64: true
  dns64_prefixes:
    - 64:ff9b::/96
...

$ nslookup -debug -type=aaaa 'www.zdf.de' 'fd23:ff12:fde5:20::53'
Server:		fd23:ff12:fde5:20::53
Address:	fd23:ff12:fde5:20::53#53

------------
    QUESTIONS:
	www.zdf.de, type = AAAA, class = IN
    ANSWERS:
    ->  www.zdf.de
	canonical name = ssl.zdf.de.edgekey.net.
	ttl = 240
    ->  ssl.zdf.de.edgekey.net
	canonical name = e8383.e6.akamaiedge.net.
	ttl = 240
    AUTHORITY RECORDS:
    ->  e6.akamaiedge.net
	origin = n0e6.akamaiedge.net
	mail addr = hostmaster.akamai.com
	serial = 1713621457
	refresh = 1000
	retry = 1000
	expire = 1000
	minimum = 1800
	ttl = 240
    ADDITIONAL RECORDS:
------------
Non-authoritative answer:
www.zdf.de	canonical name = ssl.zdf.de.edgekey.net.
ssl.zdf.de.edgekey.net	canonical name = e8383.e6.akamaiedge.net.

Expected result

Expected to follow https://datatracker.ietf.org/doc/html/rfc6147#section-5.1.5
AAAA record is correctly synthesized from AdGuardHome and the upstream CNAME chain and A record.

Output from Cloudflare DNS64 server for comparison

nslookup -debug -type=aaaa 'www.zdf.de' '2606:4700:4700::64'
Server:		2606:4700:4700::64
Address:	2606:4700:4700::64#53

------------
    QUESTIONS:
	www.zdf.de, type = AAAA, class = IN
    ANSWERS:
    ->  www.zdf.de
	canonical name = ssl.zdf.de.edgekey.net.
	ttl = 2434
    ->  ssl.zdf.de.edgekey.net
	canonical name = e8383.e6.akamaiedge.net.
	ttl = 34
    ->  e8383.e6.akamaiedge.net
	has AAAA address 64:ff9b::687a:252c
	ttl = 8
    AUTHORITY RECORDS:
    ADDITIONAL RECORDS:
------------
Non-authoritative answer:
www.zdf.de	canonical name = ssl.zdf.de.edgekey.net.
ssl.zdf.de.edgekey.net	canonical name = e8383.e6.akamaiedge.net.
Name:	e8383.e6.akamaiedge.net
Address: 64:ff9b::687a:252c

Actual result

see above, AAAA is not synthesized.

AdGuard upstream server is Cloudflare DNS 2606:4700:4700::1111 or tls://one.one.one.one

Additional information and/or screenshots

Another sample to test ipv4.google.com or ipv4.myip.wtf
@GoetzGoerisch
Copy link
Author

ping @ainar-g

@ainar-g ainar-g added the needs investigation Needs to be reproduced reliably. label May 23, 2024
@ainar-g
Copy link
Contributor

ainar-g commented May 23, 2024

Apologies for the delay. @EugeneOne1, please investigate.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@EugeneOne1 EugeneOne1

Labels
needs investigation Needs to be reproduced reliably.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ainar-g @EugeneOne1 @GoetzGoerisch