On Thu, Jan 06, 2011 at 09:45:04PM +0100, PaweÅ KrzeÅniak wrote: > 2011/1/6 Daniel P. Berrange <berrange@xxxxxxxxxx>: > > While it is shorter to just use '--interface brname' this comes > > at the price of loosing compatibility with older dnsmasq which > > we still wish to support. > > sure. RHEL5 is important target :) > > > If we used Â'--listen-address $IPV4ADDR --listen-address $IPV6ADDR' > > then people with dnsmasq < 2.48 can still use the virtual network > > capability in a IPv4 only context without problems. Only those > > people who actually needed IPv6 DNS would have to upgrade to > > newer dnsmasq. > > hack for users of old dnsmasq and ipv6 needs is nodad option for > /sbin/ip tool - read below. > > > Do you have any idea what causes the delay ? ÂIn particular is > > the delay caused by the use of --listen-interface, or caused > > by the addition of IPv6 addrs ? > > Delay is caused by DAD. > http://en.wikipedia.org/wiki/IPv6_address#Duplicate_address_detection > > It's caused by IPv6 address, not by --listen-interface option: > # killall dnsmasq ; ip a del 2001:db8::1 dev wlan0 ; ip a add > 2001:db8::1 dev wlan0 ; time dnsmasq --strict-order --bind-interfaces > --conf-file= --except-interface lo --listen-address 2001:db8::1 > dnsmasq: no process killed > > real 0m2.008s > user 0m0.000s > sys 0m0.006s > > # killall dnsmasq ; ip a del 2001:db8::1 dev wlan0 ; ip a add > 2001:db8::1 dev wlan0 ; time dnsmasq --strict-order --bind-interfaces > --conf-file= --except-interface lo --interface wlan0 > > real 0m2.006s > user 0m0.000s > sys 0m0.003s > > > We can add v6 address to interface with skipping DAD (nodad option for > /sbin/ip tool), but we can end up with duplicate v6 hosts on the same > network. Without DAD dnsmasq doesn't need to wait: > > # killall dnsmasq ; ip a del 2001:db8::1 dev wlan0 ; ip a add > 2001:db8::1 dev wlan0 nodad ; time dnsmasq --strict-order > --bind-interfaces --conf-file= --except-interface lo --interface > wlan0 > dnsmasq: no process killed > > real 0m0.017s > user 0m0.000s > sys 0m0.005s > > > > Based on your descriptions here it sounds like going for multiple > > --listen-address parameters offers the same level of overall > > functionality, but with better compatibility for people on older > > dnsmasq. So I'm not seeing a compelling reason to switch over to > > using --listen-interface > > OK, I understand. > Final question: what about link-local ipv6 addresses (fe80::/10). > Should we --listen-address on them? (I think we should) Will DNS actually work over link-local addrs? IIUC, since link-local addrs are scoped to a specific interface, apps wanting to send traffic via a link local address need to explicitly specify the interface name. Practically no apps will be do this and so they typically can't make use of the link-local address. Mostly a link-local address is just there for the purpose of allowing ipv6 autoconf to take place at which point the real address is used. So I'm not sure that we need/want to use --listen-address on the link local addr. Regards, Daniel -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list