DNS lookup not return IPv6 record for home network device in TurrisOS 5.0.2

tldr: migrating from router running OpenWrt ‘19.07.3’ to ‘TurrisOS 5.0.2’ running on Turris Omnia,
for home network, nslookup for names won’t return IPv6 address, after doing the same process in Luci GUI (it work in OpenWrt)


I would like to receive dynamic IP addresses (both IPv4 and IPv6) from the router for home network devices, that will be returned in dns lookups as well.

On OpenWrt 19.07.3 router after setting in:

/home.arpa/ in Local server
home.arpa in Local domain

nslookup command from my computer return IPv4 & IPv6 addresses for devices in home network

user@comp2 ~>>nslookup comp1.home.arpa

Name:	comp1.home.arpa
Name:	comp1.home.arpa
Address: fd11:1111:1111::20

On Turris omnia running ‘TurrisOS 5.0.2’ after applying the same configuration nslookup won’t return ip addresses at all (no IPv4 or IPv6)

user@comp2 ~>>nslookup comp1.home.arpa

** server can't find comp1.home.arpa: NXDOMAIN

I tried to solved this myself by:

adding custom configuration for kresd resolver by:
editing file /etc/config/resolver then adding:

        option include_config '/etc/kresd/custom.conf'

after config resolver 'kresd' line.

The content of custom configuration at /etc/kresd/custom.conf is:

local internalDomains = policy.todnames({

policy.add(policy.suffix(policy.PASS, internalDomains))

Then running /etc/init.d/resolver restart to apply configuration.

Running nslookup will return only IPv4 address for devices in home network.

user@comp2 ~>>nslookup comp1.home.arpa

Non-authoritative answer:
Name:	comp1.home.arpa

How to make nslookup return IPv6 address as well?
Is there more changes need to be done to custom.conf file?
Or is there another way to make dns lookups works?
Or maybe it’s a bug that it’s not working out of box as expected on TurrisOS (works in OpenWrt)

1 Like

None that I know of. Currently the tool collecting dynamic addresses from DHCP only tries to handle IPv4. (IPv6 isn’t done by dnsmasq, too, IIRC.)

… so I’d probably call it a missing feature. I wonder, do you have some particular use case for preferring IPv6 on names within LAN?

In a vanilla setup DHCPv6 is provided through odhcpd

1 Like

so I’d probably call it a missing feature

The first section of my post mention that changing Local server & Local domain settings in Luci, make DNS from DHCP works on OpenWRT, but not work on TurrisOS, where do I can report this issue/bug? (There no Luci repo or general issues repo in gitlab at Explore projects · GitLab)

Also on OpenWRT the DNS from DHCP return for both IPV6 & IPV4 by default, while on Turris it doesn’t work (and my manual configuration change fix IPV4 only)

I wonder, do you have some particular use case for preferring IPv6 on names within LAN?

Yes, increasing security as I want/plan to migrate to IPV6-Only LAN Network without supporting IPV4 at all, thus

  • reducing attack-surface (not supporting IPV4 at all)
  • making mapping the local-network via network scans (nmap/etc…) very-hard/almost-impossible using IP connections only (without passing through DNS first and brute-forcing the used names or hacking the router itself) as the range of available IPs in IPV6 is very large.

There probably other use-cases as well for other users (as IPV6 support many other stuff/features that IPV4 don’t support)

1 Like

Difference is that OpenWrt utilises dnsmasq for DNS (in a vanilla setup) and not kresd (as TOS does) or do you use kresd also on the OpenWrt instance?

I use defaults without modifications (download firmware, flash it, change above settings), that means probably OpenWrt with dnsmasq and TOS with kresd, I expect the DNS from DHCP to work on Turris the same way as in OpenWrt when changing the same configuration from luci-gui under network tab, can you provide example on how to make working DNS from DHCP on TOS? (my above custom configuration is partial fix for only IPv4)

The DNS related settings in LuCI are only pertinent to dnsmsaq settings but not for kresd.

TOS’s glue script does not read the DHCPv6 entries from odhcpd that would generate IPv6 PTRs.

You could either

  • replicate the OpenWrt DNS/DHCP setup on TOS, forgoing kresd, or
  • forgo odhcpd as DHCPv6 provider and use dnsmasq-full instead, or
  • if you have static IPv6 address clients create manually suitable IPv6 PTRs for kresd, or
  • write a script that reads odhcpd’s DHCPv6 entries and from it dynamically generates IPv6 PTRs for kresd, or
  • wait (some more) for TOS developer to get around implementing a patch (current milestone 5.2)
1 Like

I suspect there will be some harder hurdles than just your machines not getting their names into DNS. On a practical side, many servers/services in the internet still don’t support IPv6. There are some approaches addressing that (e.g. with NAT64), but I don’t expect any of them will be practical to deploy on a small network (in the sense of overall advantages of the whole solution).

Maybe my notes can be useful for you: https://wiki.gentoo.org/wiki/User:Vazhnov/Knowledge_Base:IPv6_only

1 Like