Problem with recursively resolving AAAA records from CNAMES

Teran McKinney sega01 at gmail.com
Mon Jun 16 11:18:31 EDT 2008


Hi,

I had heard about MaraDNS from a friend and wanted to implement a
recursive DNS server for my LAN. MaraDNS looked quite nice, so I
decided to give it a try. I recently migrated from DD-WRT to OpenWRT,
and used its 1.2.12.06 MaraDNS package. Everything worked perfectly,
except I started to notice that I did not connect over IPv6 to some
IPv6-enabled sites. Digging a little deeper, I found that only sites
that used CNAMEs pointing to records with AAAA records were the
culrpit.

For example:
sega01[~]$ dig ipv6.google.com aaaa

; <<>> DiG 9.4.2 <<>> ipv6.google.com aaaa
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4801
;; flags: qr; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;ipv6.google.com.		IN	AAAA

;; ANSWER SECTION:
ipv6.google.com.	900	IN	CNAME	ipv6.l.google.com.

;; Query time: 221 msec
;; SERVER: 192.168.8.1#53(192.168.8.1)
;; WHEN: Mon Jun 16 11:11:00 2008
;; MSG SIZE  rcvd: 54

However, it appears that MaraDNS does not recursively resolve the
CNAME's target for AAAA records.

OpenDNS returns the following:

sega01[~]$ dig ipv6.google.com aaaa @208.67.222.222

; <<>> DiG 9.4.2 <<>> ipv6.google.com aaaa @208.67.222.222
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59569
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;ipv6.google.com.		IN	AAAA

;; ANSWER SECTION:
ipv6.google.com.	9753	IN	CNAME	ipv6.l.google.com.
ipv6.l.google.com.	300	IN	AAAA	2001:4860:0:2001::68

;; Query time: 50 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Mon Jun 16 11:12:44 2008
;; MSG SIZE  rcvd: 82

There is no issue with MaraDNS using CNAMEs and A records, but AAAA
records individually work fine. I have also tested this on 1.3.11 with
the same results. Some other users on #ipv6 reported the same issues
with MaraDNS after I asked about this.

Any ideas?

Thanks,
Teran McKinney (sega01)


More information about the list mailing list