How to get public ipv4 and ipv6 dns record?

Lier0 · July 15, 2020, 12:46pm

Hello,

I m trying to address a container with public ipv4 and ipv6. Badly I ve currently a single ipv4, but an ipv6 network. I want to expose services like webserver and ssh in theses containers. And will certainly have an issue to proxy the mails but that’s not the point.

I want lxd’s dnsmasq able to respond a public ipv4 and the public ipv6.

I succedded to address my containers with ipv6 and getting dns record. But I stuck on ipv4. So, currently, I’ve host nic eth0 (ipv4, ipv6) and host bridge lxdbr0 for lxd c1 (ipv6):

host nic eth0 is listen interface for a host dnsmasq, set to handle dns ipv4 and query lxd dnsmasq about ipv6.
lxdbr0 is listen interface for lxd dnsmasq.

I tryed somes dnsmasq directives:

address, but it overrides all the records and I dont get AAAA.
host-record, but lxd is overriding it.

Host-record is the way to go, in my opnion, but If I set host-record=non-c,1.2.3.4, then non-c A is correct but I miss non-c AAAA moreover, the non-c container doesnt exists.
At the moment, my issue is: why lxd is overriding host-record A, when I set ipv4.address: none ? How could I tell dnsmasq “complet your answer AAAA with this A” ?

tomp · July 15, 2020, 1:48pm

Hi,

I don’t really understand what you are trying to achieve.

Please can you give some example dig commands you would run, and where, and with the expected responses so I can better understand.

Thanks
Tom

Lier0 · July 15, 2020, 4:09pm

Sure,

I want to get this result about a container, from internet:

$ host discuss.linuxcontainers.org
discuss.linuxcontainers.org has address 149.56.148.5
discuss.linuxcontainers.org has IPv6 address 2001:470:b368:1020:1::2

And I currently have only the ipv6 answer.

tomp · July 15, 2020, 4:47pm

Do you have a public IPv4 address in your container?

What is the domain name you are looking to publishing the IP records on?

Who/what hosts that domain’s DNS?

Lier0 · July 15, 2020, 6:10pm

No and I dont want. I want the dns record to point to the host, not the container. It would be far simpler with public ipv4 yeah, but I want to find a way without.

the domain is lxd.odass.org.

$ dig first.lxd.odass.org A @ns-lxd.odass.org

; <<>> DiG 9.11.5-P4-5.1-Debian <<>> first.lxd.odass.org A @ns-lxd.odass.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52178
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;first.lxd.odass.org.		IN	A

;; Query time: 53 msec
;; SERVER: 2a01:4f9:c010:8619::1#53(2a01:4f9:c010:8619::1)
;; WHEN: mer. juil. 15 20:04:29 CEST 2020
;; MSG SIZE  rcvd: 48

And I got:

$ host -4 first.lxd.odass.org ns-lxd.odass.org
Using domain server:
Name: ns-lxd.odass.org
Address: 95.217.182.125#53
Aliases: 

first.lxd.odass.org has IPv6 address 2a01:4f9:c010:8619:c99f:bf38:fa3c:a116

Where I would like to get:

$ host -4 first.lxd.odass.org ns-lxd.odass.org
Using domain server:
Name: ns-lxd.odass.org
Address: 95.217.182.125#53
Aliases: 

first.lxd.odass.org has address 95.217.182.125
first.lxd.odass.org has IPv6 address 2a01:4f9:c010:8619:c99f:bf38:fa3c:a116

tomp · July 16, 2020, 8:27am

So you want to setup an internal domain name of lxd.odass.org that points to your host’s private IP? (and then presumably you’ll use the proxy device to forward that into the container?).

Right now I can’t see any records on first.lxd.odass.org.

I’m still not entirely clear what you’re trying to do I’m afraid.

dig first.lxd.odass.org

; <<>> DiG 9.16.1-Ubuntu <<>> first.lxd.odass.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 10046
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;first.lxd.odass.org.		IN	A

Lier0 · July 16, 2020, 11:55am

I’m not sure how to explain my goal in a better way than the host example. I want dig -4 to get a A record while the container haven’t any ipv4.

I ve an issue with dnsmasq forwarding, that’s why you haven’t answer at the moment. Please query directly the server:

$ dig first.lxd.odass.org A @ns-lxd.odass.org first.lxd.odass.org AAAA @ns-lxd.odass.org

; <<>> DiG 9.11.5-P4-5.1-Debian <<>> first.lxd.odass.org A first.lxd.odass.org AAAA @ns-lxd.odass.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 33294
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;first.lxd.odass.org.		IN	A

;; Query time: 175 msec
;; SERVER: 192.168.1.254#53(192.168.1.254)
;; WHEN: jeu. juil. 16 13:54:49 CEST 2020
;; MSG SIZE  rcvd: 48

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1942
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;first.lxd.odass.org.		IN	AAAA

;; ANSWER SECTION:
first.lxd.odass.org.	584	IN	AAAA	2a01:4f9:c010:8619:c99f:bf38:fa3c:a116

;; Query time: 53 msec
;; SERVER: 2a01:4f9:c010:8619::1#53(2a01:4f9:c010:8619::1)
;; WHEN: jeu. juil. 16 13:54:49 CEST 2020
;; MSG SIZE  rcvd: 76

Lier0 · July 16, 2020, 12:22pm

I resolved my issue concerning the public ipv4…

I had two issues:

my dig query had form “dig name A name AAAA @ns” instead of “dig name A @ns name AAAA @ns”. I just realized I had to put @ns per query.
dnsmasq host-record directive need the full name and doesn’t complete the zone with the short name. I had to set host-record=first.lxd.odass.org,95.217.182.125 instead of host-record=first,95.217.182.125

Thanks for your time @tomp and have a nice day !