Double entries (A and AAA) in query log

aschmid · January 22, 2020, 2:44pm

I have setup pi-hole and unbound on a Debian VM and configured according to the guide available on the pi-hole website. Everything is running fine but I am curious about the double entries in the log.

I have setup two customer DNS for IPv4 and IPv6 for unbound forward:
Custom DNS 1: 127.0.0.1#5353
Custom DNS 3: ::1#5353

For nearly every query I get an A and an AAA entry in the log, e.g.:
15:22:07 dnsmasq[66215]: query[AAAA] fonts.gstatic.com from 192.168.1.23
15:22:07 dnsmasq[66215]: query[A] fonts.gstatic.com from 192.168.1.23

So from this it looks like for every request is send to the IPv4 and IPv6 DNS servers.
This is probably expected behaviour as you can't tell from the hostname.

Just wanted to make sure I don't have misconfigured something. Thanks!

jfb · January 22, 2020, 3:03pm

You have not misconfigured anything.

aschmid · January 22, 2020, 9:06pm

Ok. Great thank you!

Am I right in the assumption that the second DNS entry for ::1#5353 is actually not needed? It seems the local unbound server resolves IPv6 addresses anyway even if the request is send to 127.0.0.1#5353.

Also it looks it looks like the custom DNS are following the same rules as the normal DNS (keep the same server until failure or timeout) anyway so it's irrelevant if the DNS query to unbound comes through 127.0.0.1#5353 or ::1#5353. Is that right?

deHakkelaar · January 22, 2020, 9:19pm

dig +short @127.0.0.1 -p 5353 pi-hole.net

dig +short @::1 -p 5353 pi-hole.net

aschmid · January 22, 2020, 9:28pm

Both commands give me the same output:

$ dig +short @127.0.0.1 -p 5353 pi-hole.net
206.189.252.21

$ dig +short @::1 -p 5353 pi-hole.net
206.189.252.21

deHakkelaar · January 22, 2020, 9:30pm

Did that answer the question ?

aschmid · January 22, 2020, 9:41pm

That's what I am not sure because a:

*$nslookup pi-hole.net*
*Server: 127.0.0.1*
*Address: 127.0.0.1#53*
*Non-authoritative answer:*
*Name: pi-hole.net*
*Address: 206.189.252.21*
*Name: pi-hole.net*
*Address: 2604:a880:400:d0::1071:1*

tells me that pi-hole.net has a IPv4 and a IPv6 address.

Hence if I do a name resolution via ::1 I"d expect the IPv6 address will be returned and not the IPv4. So that's why I am a bit confused.

deHakkelaar · January 22, 2020, 9:44pm

dig +short @127.0.0.1 -p 5353 a pi-hole.net

dig +short @127.0.0.1 -p 5353 aaaa pi-hole.net

dig +short @::1 -p 5353 a pi-hole.net

dig +short @::1 -p 5353 aaaa pi-hole.net

aschmid · January 22, 2020, 9:50pm

Okay got it. Thank you very much for your time to explain this to me.

jfb · January 22, 2020, 11:05pm

IPv6 DNS queries can be answered by IPv4.

aschmid · January 23, 2020, 5:14am

Yep. What misled me is that when use the large DNS resolver like Cloudflare they have a different servers addresses for IPv4 and IPv6. Of course they probably have different dedicated server (clusters) which are configured to only do either IPv4 or IPv6. For my little home setup it's just one and the same unbound doing both hence it doesn't matter how you reach it. A little mental hurdle I had to get over to understand.

Thanks you!

system · February 13, 2020, 5:14am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.