NetworkManager should put IPv6 DNS servers before IPv4 DNS servers in dnsmasq configuration (and possibly resolv.conf)

Bug #936712 reported by Stéphane Graber
This bug affects 6 people
Affects Status Importance Assigned to Milestone
network-manager (Ubuntu)
Fix Released
Mathieu Trudel-Lapierre

Bug Description

In cases where you are indeed on a dual-stack network and received DNS information from either SLAAC or DHCPv6, these should be used before any equivalent IPv4 data (usually a fallback/compatibility layer in such environment).

As an example, here's my generated /run/nm-dns-dnsmasq.conf on an up to date 12.04 system:

The result is that dnsmasq will only use the IPv6 dns servers if all 3 IPv4 dns servers are marked as failed.

As dnsmasq is perfectly able to detect and avoid broken DNS servers, favoritizing IPv6 servers shouldn't cause any damage even in environment where the information received by NM is wrong.

Revision history for this message
Stéphane Graber (stgraber) wrote :

Related to bug 734781 though not identical (as the bug didn't cover dnsmasq).
I'd really appreciate having this sorted for 12.04 as it'll be pretty critical for any massive deployment using dual-stack.

Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

Confirming/Triaged. This should be easy enough to fix.

Are you saying the ordering should only be edited for dnsmasq?

Changed in network-manager (Ubuntu):
status: New → Triaged
importance: Undecided → High
assignee: nobody → Mathieu Trudel-Lapierre (mathieu-tl)
Revision history for this message
Stéphane Graber (stgraber) wrote :

Ideally I'd love to see both dnsmasq and resolv.conf updated to have IPv6 first but for Ubuntu, we really mostly care about dnsmasq at this point.

The issue with doing it in resolv.conf too is the libc 3 nameservers limitation, so Network Manager would have to be clever and decided which 3 servers to use, ideally avoiding having only IPv6 servers there (in case IPv6 doesn't work, you still want an IPv4 fallback).

So it looks like to me, we'd probably be better off doing it only for dnsmasq in 12.04, send the fix upstream and let upstream decide what they want to do for resolv.conf and how to handle that libc limitation of 3 servers.

Changed in network-manager (Ubuntu):
status: Triaged → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package network-manager -

network-manager ( precise; urgency=low

  [ Gabor Kelemen ]
  * debian/network-manager.upstart: Make NM aware of the locale. (LP: #875017)

  [ Mathieu Trudel-Lapierre ]
  * debian/patches/lp936712_dnsmasq_ip6_ns_ordering.patch: order IPv6
    nameservers before IPv4 ones in dnsmasq config: dnsmasq is able to properly
    deal with broken IPv6 nameservers (or routers). (LP: #936712)
  * debian/control: add Conflicts: connman to network-manager. (LP: #659460)
  * debian/patches/manage-privacy-extensions.patch: set the default for using
    IPv6 Privacy extensions to TRUE; this is just correcting an oversight from
    adapting the upstream patch. (LP: #176125)
 -- Mathieu Trudel-Lapierre <email address hidden> Tue, 21 Feb 2012 19:40:35 -0500

Changed in network-manager (Ubuntu):
status: In Progress → Fix Released
Revision history for this message
Francesco Crippa (francesco87) wrote :

I am running NetworkManager version on Ubuntu 12.04 LTS and the bug seems to be still present. Here follows the content of my file /var/run/nm-dns-dnsmasq.conf:


In my case I have IPv4 DNS server statically configured and IPv6 DNS servers from DHCPv6. I also tried to get both v4 and v6 DNS servers from DHCPs but hothing changed: IPv4 DNS are always preferred.

Revision history for this message
Thiago Martins (martinx) wrote :

I'm running Ubuntu 14.04 and IPv4 nameservers have prevalence over IPv6 nameservers!

Workaround is to configure under:

1- click on WiFi Icon;
2- Edit Connections;
4- go to "IPv4 Settings";
5- choose "Automatic (DHCP) addresses only";

This way, my /etc/resolv.conf gets only the IPv6 nameservers, like this:

nameserver 2620:0:ccc::2
nameserver 2620:0:ccd::2

This works for my since I don;t care anymore about IPv4 networks.

But this is a big problem for dual-stacked environments!


Revision history for this message
Thiago Martins (martinx) wrote :

BTW, I also disabled local dnsmasq entirely (Ubuntu Desktop 14.04), by removing it from "/etc/NetworkManager/NetworkManager.conf" configuration file.

Revision history for this message
pdf (pdffs) wrote :

Please re-open - this is confirmed broken again in Trusty.

Revision history for this message
xtsbdu3reyrbrmroezob (xtsbdu3reyrbrmroezob) wrote :

I also confirm the bug again in Trusty and Utopic

Revision history for this message
Koos van den Hout (koos-kzdoos) wrote :

Noticed in Ubuntu 16.04 too

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.