-
Notifications
You must be signed in to change notification settings - Fork 127
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for IPv6 #410
Merged
Merged
Add support for IPv6 #410
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…I side and distinguish later
…an't get an IPv6 address
…v6 support in authority/additional iteration
…trying to use IPv6 loopback nameserver, since we don't support that
…ue records when they should (#417) * stop handling a domain if the nameserver that should provide glue records doesn't * add rfc comment * lint * updated ipv6 integration test * update comment
zakird
approved these changes
Aug 14, 2024
I think that this looks good, though it's a bit hard for me to tell if we've caught everything. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Adds support for IPv6 name server lookups (nameservers with IPv6 addresses, AAAA lookups were already supported) and binding to IPv6 local addresses.
IP mode is selected with the following criteria:
--4
or--6
, we'll use only IPv4 or only IPv6. This flags cannot be combined/etc/resolv.conf
Adds a new
--prefer-ipv4-iteration
and--prefer-ipv6-iteration
options that specifically affect iteration when in both IPv4/6. When we're iterating thru the Authorities and we prefer IPv4, we'll prefer to request A records if they exist, but AAAA are used as a backup. The reverse is true for--prefer-ipv6-iteration
.IPv6 nameservers are treated the same as IPv4 in the way that they're added to the list of external/root nameservers. Each resolver has one list of these and IPv4/IPv6 addresses are mixed. Whenever a random Nameserver is pulled for a lookup, we choose the relevant
ConnectionInfo
object (a new wrapper around alocalAddr
,dns.Conn
, tcp/udp connection), either IPv4 or IPv6.A couple other notes:
IPv6Only
/--6
and we can't bind to an IPv6 local address, we error. Same for IPv4OnlyIPv6
Answers/Additionals if we're inIPv4Only
mode, since that could result in responses not including all records related to a domain queryTesting
Testing in any sort of automated way is difficult. Github actions don't seem to support IPv6 and our lab VMs don't yet support IPv6 either. Fortunately, my home connection does have IPv6 so I've included the testing I've done below. Additionally, I've added a make target
make ipv6-tests
that run a new python fileipv6_tests.py
. These cannot be included with our main suite because anyone that runs these on a host w/o IPv6 support will see tests fail. So presently these are a "test manual on your machine that hopefully has IPv6" sort of deal.Test Cases
[2001:4860:4860::8888]:53
)--prefer-ipv4-iteration
(Notice in the DEBUG logs how we're following IPv4)--prefer-ipv6-iteration
Performance
With changes of this magnitude, I wanted to be sure our accuracy/error rate wasn't decreasing. Compared to
main
, we're seeing similar IPv4 performance:main - IPv4 -
make benchmark
Phillip/ipv4 - IPv4 -
make benchmark
IPv6
Ofc we can't measure IPv6 performance compared to
main
since this is a new feature, but you can compare the runtimes to the IPv4 runs above. These were performed on a Digital Ocean IPv6 VM with 1 core and 1 GB RAM../benchmark/main.go
was modified to runzdns
with--6
to use IPv6.make benchmark, IPv6-only, Phillip/ipv6 branch
Most failed domains (1080/1209) failed with
NONEEDEDGLUE
, meaning it's likely their nameservers weren't capable of IPv6.For the timeouts, I selected a handful and checked them manually and they were again not successful: