Re: [PATCHv2] handle DNS over IPv6

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Jan 06, 2011 at 09:45:04PM +0100, PaweÅ KrzeÅniak wrote:
> 2011/1/6 Daniel P. Berrange <berrange@xxxxxxxxxx>:
> > While it is shorter to just use '--interface brname' this comes
> > at the price of loosing compatibility with older dnsmasq which
> > we still wish to support.
> 
> sure. RHEL5 is important target :)
> 
> > If we used Â'--listen-address $IPV4ADDR --listen-address $IPV6ADDR'
> > then people with dnsmasq < 2.48 can still use the virtual network
> > capability in a IPv4 only context without problems. Only those
> > people who actually needed IPv6 DNS would have to upgrade to
> > newer dnsmasq.
> 
> hack for users of old dnsmasq and ipv6 needs is nodad option for
> /sbin/ip tool - read below.
> 
> > Do you have any idea what causes the delay ? ÂIn particular is
> > the delay caused by the use of --listen-interface, or caused
> > by the addition of IPv6 addrs ?
> 
> Delay is caused by DAD.
> http://en.wikipedia.org/wiki/IPv6_address#Duplicate_address_detection
> 
> It's caused by IPv6 address, not by --listen-interface option:
> # killall dnsmasq ; ip a del 2001:db8::1 dev wlan0 ; ip a add
> 2001:db8::1 dev wlan0 ; time dnsmasq --strict-order --bind-interfaces
> --conf-file= --except-interface lo  --listen-address 2001:db8::1
> dnsmasq: no process killed
> 
> real	0m2.008s
> user	0m0.000s
> sys	0m0.006s
> 
> # killall dnsmasq ; ip a del 2001:db8::1 dev wlan0 ; ip a add
> 2001:db8::1 dev wlan0 ; time dnsmasq --strict-order --bind-interfaces
> --conf-file= --except-interface lo  --interface wlan0
> 
> real	0m2.006s
> user	0m0.000s
> sys	0m0.003s
> 
> 
> We can add v6 address to interface with skipping DAD (nodad option for
> /sbin/ip tool), but we can end up with duplicate v6 hosts on the same
> network. Without DAD dnsmasq doesn't need to wait:
> 
> # killall dnsmasq ; ip a del 2001:db8::1 dev wlan0 ; ip a add
> 2001:db8::1 dev wlan0 nodad ; time dnsmasq --strict-order
> --bind-interfaces --conf-file= --except-interface lo  --interface
> wlan0
> dnsmasq: no process killed
> 
> real	0m0.017s
> user	0m0.000s
> sys	0m0.005s
> 
> 
> > Based on your descriptions here it sounds like going for multiple
> > --listen-address parameters offers the same level of overall
> > functionality, but with better compatibility for people on older
> > dnsmasq. So I'm not seeing a compelling reason to switch over to
> > using --listen-interface
> 
> OK, I understand.
> Final question: what about link-local ipv6 addresses (fe80::/10).
> Should we --listen-address on them? (I think we should)

Will DNS actually work over link-local addrs? IIUC, since
link-local addrs are scoped to a specific interface, apps
wanting to send traffic via a link local address need to
explicitly specify the interface name. Practically no apps
will be do this and so they typically can't make use of
the link-local address. Mostly a link-local address is just
there for the purpose of allowing ipv6 autoconf to take
place at which point the real address is used. So I'm not
sure that we need/want to use --listen-address on the link
local addr.

Regards,
Daniel

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]