I just downloaded and installed VyOS 1.2.0-rolling+201807200337 on a new box.
I set both dhcp and dhcpv6 on the WAN port.
I received both IPv4 and IPv6 addresses as expected.
However, when I query for a host from the router using “host www.google.com” I get CONNECTION REFUSED from the DNS server.
I have a bunch of other IPv4 and IPv6 hosts on this same network so I know it should work.
I start a tcpdump on the WAN port and lo and behold:
00:07:27.439278 IP6 fe80::5054:ff:febf:640b.59361 > 2001:470:b872:2::2.53: 41264+ A? www.google.com. (32)
00:07:27.441667 IP6 2001:470:b872:2::2.53 > fe80::5054:ff:febf:640b.59361: 41264 Refused- [0q] 0/0/0 (12)
Notice the source address is a LINK-LOCAL fe80 address instead of the address it should be at 2001:470:b872:2::190 !!!
What is happening? Why isn’t it using the GLOBAL address?
show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address S/L Description
eth0 - u/u
eth1 - u/u
eth2 10.0.2.165/24 u/u
2001:470:b872:2::190/64
lo 127.0.0.1/8 u/u
::1/128
cat /etc/resolv.conf
#nameserver written by vyatta_update_resolv.pl (dhcp)
nameserver 2001:470:b872:2::2
So the problem is that it is SOURCING the DNS request from the LINK-LOCAL fe80 address instead of the GLOBAL 2001:470:b872:2::190/64 address.
Is this a bug in the new PDNS recursor?
I haven’t had this problem happen on previous versions of vyos-1.2.XXXX.
However, I also am not using DHCPv6 on other installed instances either.
Ok, this is very interesting.
I took out the DHCP and set static addresses and now everything works OK!
SO somehow the DHCP settings are causing the system to source LINK-LOCAL IPv6 addresses!
Any ideas?
Please let me know if I can supply any other information.
Should I open a bug report on Phrabricator?