Problems with dns if only an AAAA record is present

rsch · January 9, 2024, 4:16pm

I do not understand the behavior of nslookup on pihole.

I've to access the devices on my home network with their IPv6
addresses with a newly set Prefix "a:b:c:d::" every day. A
raspberrypi running pihole is one of them. It can be
reached by an IPv6 of the kind "a:b:c:d:1:2:3:4". The ::1:2:3:4
part is constant. I'm using a dynDNS service which I update whenever
the IPv6-prefix is changing. To do so I set an AAAA Record on the
dynDNS server of my provider using a http-gui.

Here is my problem:
dig -t a rpi.mydomain.net @8.8.8.8 gives the correct answer:

 ; <<>> DiG 9.18.19-1~deb12u1-Debian <<>> -t a rpi.mydomain.net @8.8.8.8
 ;; global options: +cmd
 ;; Got answer:
 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45178
 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

 ;; OPT PSEUDOSECTION:
 ; EDNS: version: 0, flags:; udp: 512
 ;; QUESTION SECTION:
 ;rpi.mydomain.net.		IN	A

 ;; AUTHORITY SECTION:
 mydomain.net.		150	IN	SOA	some bla bla

 ;; Query time: 15 msec
 ;; SERVER: 8.8.8.8#53(8.8.8.8) (UDP)
 ;; WHEN: Tue Jan 09 14:52:18 GMT 2024
 ;; MSG SIZE  rcvd: 117

dig -t aaaa rpi.mydomain.net @8.8.8.8 works also fine:

 ; <<>> DiG 9.18.19-1~deb12u1-Debian <<>> -t aaaa rpi.mydomain.net @8.8.8.8
 ;; global options: +cmd
 ;; Got answer:
 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46276
 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

 ;; OPT PSEUDOSECTION:
 ; EDNS: version: 0, flags:; udp: 512
 ;; QUESTION SECTION:
 ;rpi.mydomain.net.		IN	AAAA

 ;; ANSWER SECTION:
 rpi.mydomain.net.	60	IN	AAAA	a:b:c:d:1:2:3:4

 ;; Query time: 43 msec
 ;; SERVER: 8.8.8.8#53(8.8.8.8) (UDP)
 ;; WHEN: Tue Jan 09 14:52:26 GMT 2024
 ;; MSG SIZE  rcvd: 73

nslookup rpi.mydomain.net gives:

 Server:		192.168.178.1
 Address:	192.168.178.1#53
     
 Non-authoritative answer:
 *** Can't find rpi.mydomain.net: No answer

While pihole.log contains the following information:
Jan 9 15:02:32 dnsmasq[37759]: query[A] rpi.mydomain.net from 192.168.178.1
Jan 9 15:02:32 dnsmasq[37759]: forwarded rpi.mydomain.net to 8.8.8.8
Jan 9 15:02:32 dnsmasq[37759]: reply rpi.mydomain.net is NODATA-IPv4
Jan 9 15:04:41 dnsmasq[37759]: query[AAAA] rpi.mydomain.net from 192.168.178.1
Jan 9 15:04:41 dnsmasq[37759]: forwarded rpi.mydomain.net to 8.8.8.8
Jan 9 15:04:41 dnsmasq[37759]: reply rpi.mydomain.net is a:b:c:d:1:2:3:4

outside of my home environmet I get the proper responds:
Server: 127.0.0.53
Address: 127.0.0.53#53

 Non-authoritative answer:
 Name:	rpi.mydomain.net
 Address: 	a:b:c:d:1:2:3:4

The command "ssh nas.mydomain.net" exits with
ssh: Could not resolve hostname nas.mydomain.net: No address associated with hostname
but adds two lines to pihole.log:
dnsmasq[37759]: reply nas.mydomain.net is NODATA-IPv4
dnsmasq[37759]: reply nas.mydomain.net is a:b:c:d:5:6:7:8

BTW, "ssh me@a:b:c:d:5:6:7:8" works just fine.

Any idea what's wrong with my setup?

Bucking_Horn · January 9, 2024, 5:08pm

That does not look like a DNS, but more like a client-side issue, as your logs demonstrate that Pi-hole is consistently providing the correct replies.

It seems your nslookup stops further output if there's no IPv4. As for ssh access, you could try ssh -6 to force usage of IPv6.

rsch · January 9, 2024, 5:53pm

Thanks, you are absolutely right. The problem persists if I disable pihole temporarily. The -6 switch to ssh, however, does not help. nas.mydomain.net just doesn't translate into it's IPv6 equivalent in "ssh nas.mydomain.net"; forcing to IPv6 makes no difference. I'll have to work on the raspberry configuration, I guess.

system · January 16, 2024, 5:53pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.