Hi folks,
I've found some surprising behaviour in the 'dig' utility. I've noticed
that dig doesn't seem to support link local IPv6 addresses. I've got
unbound listening on a link local IPv6 address on my router and all
queries seem to be working. I'm advertising this DNS info with rad, and
I confirmed with tcpdump that my devices such as iPhones, Macs, Windows,
Linux desktops etc are all properly querying my unbound server over IPv6.
dhclient doesn't seem to allow you to specify an IPv6 address in it's
'supersede' options, so I manually edited my OpenBSD desktops
resolv.conf to specify the IPv6 unbound server first. Again, I confirmed
with tcpdump that my desktop was properly querying the unbound server
over IPv6 (ie Firefox, ping, ssh etc all resolved domains using this
server).
I used 'dig' to make a query, and I noticed it was ignoring my link
local IPv6 nameserver in my resolv.conf. I'll save you guys the long
form Ted talk here and just make my point:
$ cat resolv.conf
nameserver fe80::f29f:c2ff:fe17:b8b2%em0
nameserver 2606:4700:4700::1111
lookup file bind
family inet6 inet4
$ dig google.ca
[snip]
;; Query time: 12 msec
;; SERVER: 2606:4700:4700::1111#53(2606:4700:4700::1111)
[snip]
There's a bit of a delay as it waits for a time out, and then it falls
back to the cloudflare IPv6 server.
I tried specifying the server with '@' as well as specifying source
IP/interface with '-I' to no avail. It seems dig really doesn't like the
'fe80::%em0' notation, as '@' and '-I' worked fine when used without a
link-local address.
Is this a bug or a feature? Am I just doing something stupid? Any
insight would be appreciated.
Regards,
Jordan