Apicast fail to start when the resolv.conf contains an IPv6 DNS server

[nmasse-itix]

When developing on Apicast, if there is an IPv6 DNS server in the /etc/resolv.conf file, Apicast fails to start.

Version

$ nginx -V
nginx version: nginx/1.12.0
built by clang 8.1.0 (clang-802.0.38)
built with OpenSSL 1.0.2k  26 Jan 2017 (running with OpenSSL 1.0.2l  25 May 2017)
TLS SNI support enabled
configure arguments: --prefix=/usr/local/Cellar/nginx-full/1.12.0 --with-http_ssl_module --with-pcre --with-ipv6 --sbin-path=/usr/local/Cellar/nginx-full/1.12.0/bin/nginx --with-cc-opt='-I/usr/local/include -I/usr/local/opt/pcre/include -I/usr/local/opt/openssl/include' --with-ld-opt='-L/usr/local/lib -L/usr/local/opt/pcre/lib -L/usr/local/opt/openssl/lib' --conf-path=/usr/local/etc/nginx/nginx.conf --pid-path=/usr/local/var/run/nginx.pid --lock-path=/usr/local/var/run/nginx.lock --http-client-body-temp-path=/usr/local/var/run/nginx/client_body_temp --http-proxy-temp-path=/usr/local/var/run/nginx/proxy_temp --http-fastcgi-temp-path=/usr/local/var/run/nginx/fastcgi_temp --http-uwsgi-temp-path=/usr/local/var/run/nginx/uwsgi_temp --http-scgi-temp-path=/usr/local/var/run/nginx/scgi_temp --http-log-path=/usr/local/var/log/nginx/access.log --error-log-path=/usr/local/var/log/nginx/error.log --add-module=/usr/local/share/ngx-devel-kit --add-module=/usr/local/share/lua-nginx-module

$ openresty -V
nginx version: openresty/1.11.2.3
built by clang 8.1.0 (clang-802.0.42)
built with OpenSSL 1.0.2k  26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/usr/local/Cellar/openresty/1.11.2.3/nginx --with-cc-opt='-O2 -I/usr/local/include -I/usr/local/opt/pcre/include -I/usr/local/opt/openresty-openssl/include' --add-module=../ngx_devel_kit-0.3.0 --add-module=../echo-nginx-module-0.60 --add-module=../xss-nginx-module-0.05 --add-module=../ngx_coolkit-0.2rc3 --add-module=../set-misc-nginx-module-0.31 --add-module=../form-input-nginx-module-0.12 --add-module=../encrypted-session-nginx-module-0.06 --add-module=../srcache-nginx-module-0.31 --add-module=../ngx_lua-0.10.8 --add-module=../ngx_lua_upstream-0.06 --add-module=../headers-more-nginx-module-0.32 --add-module=../array-var-nginx-module-0.05 --add-module=../memc-nginx-module-0.18 --add-module=../redis2-nginx-module-0.14 --add-module=../redis-nginx-module-0.3.7 --with-ld-opt='-Wl,-rpath,/usr/local/Cellar/openresty/1.11.2.3/luajit/lib -L/usr/local/lib -L/usr/local/opt/pcre/lib -L/usr/local/opt/openresty-openssl/lib' --pid-path=/usr/local/var/run/openresty.pid --lock-path=/usr/local/var/run/openresty.lock --conf-path=/usr/local/etc/openresty/nginx.conf --http-log-path=/usr/local/var/log/nginx/access.log --error-log-path=/usr/local/var/log/nginx/error.log --with-pcre-jit --with-ipv6 --with-stream --with-stream_ssl_module --with-http_v2_module --without-mail_pop3_module --without-mail_imap_module --without-mail_smtp_module --with-http_stub_status_module --with-http_realip_module --with-http_addition_module --with-http_auth_request_module --with-http_secure_link_module --with-http_random_index_module --with-http_geoip_module --with-http_gzip_static_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-threads --with-dtrace-probes --with-http_ssl_module

Steps To Reproduce

1. define an IPv6 nameserver in /etc/resolv.conf

cat > /etc/resolv.conf <<EOF
search home
nameserver 192.168.1.1
nameserver fe80::ba26:6cff:fef6:e526:53
EOF

2. start apicast

$ ./bin/apicast --dev
loading production environment configuration: /Users/nmasse/git/3scale-apicast/gateway/config/production.lua
loading development environment configuration: /Users/nmasse/git/3scale-apicast/gateway/config/development.lua
nginx: [alert] lua_code_cache is off; this will hurt performance in /tmp/lua_KXG0p2:35
nginx: [emerg] invalid port in resolver "fe80::ba26:6cff:fef6:e526:53" in /tmp/lua_KXG0p2:46

Current Result

Apicast fails to start. Commenting the IPv6 name server in the resolv.conf does not help, the line needs to be completely removed.

Expected Result

The IPv6 addresses needs to be enclosed between brackets (see http://nginx.org/en/docs/http/ngx_http_core_module.html#resolver) when generating the resolver directives.

Additional Information

It seems that commented lines of the resolv.conf file are still taken into account.

[mikz]

Confirmed this was introduced by #508.

[mikz]

@nmasse-itix going to fix this now. Could you confirm the format of the IPv6 nameserver in your resolv.conf ?

Is it fe80::ba26:6cff:fef6:e526:53 as an IP address ? Or does the :53 stand for a port?
Could you verify this IP address is reachable and the :53 is not a port?

There is no common definition how to define port in resolv.conf so I was wondering.

[nmasse-itix]

53 is for the port.
fe80::ba26:6cff:fef6:e526 is the IP address

$ dig www.redhat.com @fe80::ba26:6cff:fef6:e526%en0

; <<>> DiG 9.9.7-P3 <<>> www.redhat.com @fe80::ba26:6cff:fef6:e526%en0
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41134
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1460
;; QUESTION SECTION:
;www.redhat.com.			IN	A

;; ANSWER SECTION:
www.redhat.com.		3580	IN	CNAME	ds-www.redhat.com.edgekey.net.
ds-www.redhat.com.edgekey.net. 21580 IN	CNAME	ds-www.redhat.com.edgekey.net.globalredir.akadns.net.
ds-www.redhat.com.edgekey.net.globalredir.akadns.net. 2254 IN CNAME e3396.dscx.akamaiedge.net.
e3396.dscx.akamaiedge.net. 20	IN	A	23.211.151.51

;; Query time: 24 msec
;; SERVER: fe80::ba26:6cff:fef6:e526%5#53(fe80::ba26:6cff:fef6:e526%5)
;; WHEN: Wed Nov 29 10:59:21 CET 2017
;; MSG SIZE  rcvd: 201

Note: it seems valid to have ports in the resolv.conf on MacOS (https://developer.apple.com/legacy/library/documentation/Darwin/Reference/ManPages/man5/resolver.5.html). However, I don't know why there is a 53 port for the IPv6 address and no port for the IPv4 address.

[head scratching]

[mikz]

@nmasse-itix would be a great help if you could try #511 as I don't have IPv6 available and would have to get a tunnel.