Add IPv6 compatibility to the DNS handling #30
Conversation
|
Hey, this is an excellent and well-thought-out patch. Nicely done and thank you!
It works fine for me. This is a common problem with VPN-related tools… not many people have access to enough different ones to be able to test all the variations. (Even I don't… hence the issue you found here. 😢) |
vpn_slice/posix.py
Outdated
| if search_domains: | ||
| all_cls = (cl + ['+domain={!s}'.format(sd), hostname] for sd in search_domains) | ||
| for cl in some_cls: | ||
| all_cls.extend(cl + ['+domain={!s}'.format(sd), hostname, 'A', hostname, 'AAAA'] for sd in search_domains) |
There was a problem hiding this comment.
My only nitpick here is that we should probably skip IPv6 lookup if we don't have an IPv6 bind address at all (and skip IPv4 lookup if we don't have an IPv4 bind address) since we won't be able to use the result in any way.
🤔
There was a problem hiding this comment.
I changed it in my new commit. The consequence is that without any bind addresses a lookup isn't made anymore.
Hey Dan
They way I did it with dig is that now it splits the DNS requests into one call that includes all the IPv4 DNS server addresses and binds to the VPN internal IPv4 address and a second call that has all the IPv6 DNS server addresses and binds to the VPN internal IPv6 address.
All of those calls ask for both the A and the AAAA record, because I didn't really see a reason why I shouldn't ask a server I contact over its IPv4 address about the AAAA record or one that I contact over IPv6 about the A record. I figured asking doesn't hurt if we're doing a request anyway.
The command line strings it assembles now look like this for my school's VPN
I thought it over as well as I could and I don't think that I broke anything for the case where the VPN only provides an IPv4 address to the client and informs us about IPv4 DNS server addresses, but I can't test that case since I only have my school VPN, so I'll leave that part to you, Dan.
For my school it seems to work just fine. I see IPv4 and IPv6 routes in the hostfile and if I ping and traceroute an internal host the IPv6 address gets used too.
Indeed everything keeps working even if I purposely filter out the IPv4 DNS server addresses, so that it's forced to only use dig with the IPv6 DNS server address.
Best
--Joel