Date: Mon, 5 Oct 2015 10:18:40 +0200 From: Niklaas Baudet von Gersdorff <niklaas@kulturflatrate.net> To: freebsd-questions@freebsd.org Cc: Jon Radel <jon@radel.com>, Adam Vande More <amvandemore@gmail.com> Subject: Re: IPv6 only Jails cannot connect to the outside world Message-ID: <56123260.1010901@kulturflatrate.net> In-Reply-To: <5611CA44.4030602@radel.com> References: <5611AFCA.4010909@kulturflatrate.net> <CA%2BtpaK0fyqEvc3kWMfhD9teogTG8euWfqEn1szmUhYXQ5e_UCg@mail.gmail.com> <5611CA44.4030602@radel.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 05/10/15 02:54, Jon Radel wrote: > On 10/4/15 7:15 PM, Adam Vande More wrote: >> You haven't demonstrated IPv6 doesn't work. You've only demonstrated >> name >> resolution on an IPv6 jail doesn't work. OK. I can make a DNS lookup but get the same error message as in my original mail: > root@ipv6only:~ # drill google.com AAAA > ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 61714 > ;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 > ;; QUESTION SECTION: > ;; google.com. IN AAAA > > ;; ANSWER SECTION: > google.com. 139 IN AAAA 2a00:1450:4001:801::1006 > > ;; AUTHORITY SECTION: > > ;; ADDITIONAL SECTION: > > ;; Query time: 0 msec > ;; SERVER: 2a01:4f8:0:a111::add:9898 > ;; WHEN: Mon Oct 5 07:34:06 2015 > ;; MSG SIZE rcvd: 56 > root@ipv6only:~ # telnet google.com 80 > google.com: hostname nor servname provided, or not known But, you're right, my IPv6 connectivity actually works: > root@ipv6only:~ # telnet -6 2a00:1450:4001:801::1006 80 > Trying 2a00:1450:4001:801::1006... > Connected to 2a00:1450:4001:801::1006. > Escape character is '^]' Now to the /etc/resolv.conf as mentioned by Jon: > To expand on Adam's observation, I use an IPv6-only (well it does have > an IPv4 loopback address) jail on an otherwise dual-stacked machine, > using ezjail and it works fine. Of course > > root@mns:~ # cat /etc/resolv.conf > search radel.com > nameserver 2001:4830:1707:5237::10:1 > nameserver 2001:470:880a:5237::7:1 > options edns0 timeout:1 > root@mns:~ # My resolv.conf in every jail: > root@ipv6only:~ # cat /etc/resolv.conf > search financecomm.com > nameserver 213.133.98.98 > nameserver 213.133.99.99 > nameserver 213.133.100.100 > nameserver 2a01:4f8:0:a0a1::add:1010 > nameserver 2a01:4f8:0:a102::add:9999 > nameserver 2a01:4f8:0:a111::add:9898 So, as you can see, I also have IPv4 and IPv6 nameservers in my resolv.conf. > I don't bother mentioning ipv4 resolvers in resolv.conf, but the end > result is that the test you were trying works fine: > > root@mns:~ # telnet google.com 80 > Trying 2607:f8b0:4004:807::1006... > Connected to google.com. > Escape character is '^]'. > blort > HTTP/1.0 400 Bad Request > <snip> As in my original email, the above test I cannot confirm. Mentioning /etc/resolv.conf made me trying something else: I removed the IPv4 nameservers in it: > root@ipv6only:~ # cat /etc/resolv.conf > search financecomm.com > nameserver 2a01:4f8:0:a0a1::add:1010 > nameserver 2a01:4f8:0:a102::add:9999 > nameserver 2a01:4f8:0:a111::add:9898 And now my test works: > root@ipv6only:~ # telnet google.com 80 > Trying 2a00:1450:4001:80d::100e... > Connected to google.com. > Escape character is '^]' Thus it seems that, in an IPv6 only jail, I may not list IPv4 nameservers in /etc/resolv.conf because otherwise I get the weird error that it cannot resolve the hostname although it actually can? Is that intended? Probably I'm missing something. -- Niklaas
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?56123260.1010901>