NetworkManager should put IPv6 DNS servers before IPv4 DNS servers in dnsmasq configuration (and possibly resolv.conf)

Bug #936712 reported by Stéphane Graber on 2012-02-20
This bug affects 6 people
Affects Status Importance Assigned to Milestone
network-manager (Ubuntu)
Mathieu Trudel-Lapierre

Bug Description

In cases where you are indeed on a dual-stack network and received DNS information from either SLAAC or DHCPv6, these should be used before any equivalent IPv4 data (usually a fallback/compatibility layer in such environment).

As an example, here's my generated /run/nm-dns-dnsmasq.conf on an up to date 12.04 system:

The result is that dnsmasq will only use the IPv6 dns servers if all 3 IPv4 dns servers are marked as failed.

As dnsmasq is perfectly able to detect and avoid broken DNS servers, favoritizing IPv6 servers shouldn't cause any damage even in environment where the information received by NM is wrong.

Stéphane Graber (stgraber) wrote :

Related to bug 734781 though not identical (as the bug didn't cover dnsmasq).
I'd really appreciate having this sorted for 12.04 as it'll be pretty critical for any massive deployment using dual-stack.

Confirming/Triaged. This should be easy enough to fix.

Are you saying the ordering should only be edited for dnsmasq?

Changed in network-manager (Ubuntu):
status: New → Triaged
importance: Undecided → High
assignee: nobody → Mathieu Trudel-Lapierre (mathieu-tl)
Stéphane Graber (stgraber) wrote :

Ideally I'd love to see both dnsmasq and resolv.conf updated to have IPv6 first but for Ubuntu, we really mostly care about dnsmasq at this point.

The issue with doing it in resolv.conf too is the libc 3 nameservers limitation, so Network Manager would have to be clever and decided which 3 servers to use, ideally avoiding having only IPv6 servers there (in case IPv6 doesn't work, you still want an IPv4 fallback).

So it looks like to me, we'd probably be better off doing it only for dnsmasq in 12.04, send the fix upstream and let upstream decide what they want to do for resolv.conf and how to handle that libc limitation of 3 servers.

Changed in network-manager (Ubuntu):
status: Triaged → In Progress
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package network-manager -

network-manager ( precise; urgency=low

  [ Gabor Kelemen ]
  * debian/network-manager.upstart: Make NM aware of the locale. (LP: #875017)

  [ Mathieu Trudel-Lapierre ]
  * debian/patches/lp936712_dnsmasq_ip6_ns_ordering.patch: order IPv6
    nameservers before IPv4 ones in dnsmasq config: dnsmasq is able to properly
    deal with broken IPv6 nameservers (or routers). (LP: #936712)
  * debian/control: add Conflicts: connman to network-manager. (LP: #659460)
  * debian/patches/manage-privacy-extensions.patch: set the default for using
    IPv6 Privacy extensions to TRUE; this is just correcting an oversight from
    adapting the upstream patch. (LP: #176125)
 -- Mathieu Trudel-Lapierre <email address hidden> Tue, 21 Feb 2012 19:40:35 -0500

Changed in network-manager (Ubuntu):
status: In Progress → Fix Released
Francesco Crippa (francesco87) wrote :

I am running NetworkManager version on Ubuntu 12.04 LTS and the bug seems to be still present. Here follows the content of my file /var/run/nm-dns-dnsmasq.conf:


In my case I have IPv4 DNS server statically configured and IPv6 DNS servers from DHCPv6. I also tried to get both v4 and v6 DNS servers from DHCPs but hothing changed: IPv4 DNS are always preferred.

Thiago Martins (martinx) wrote :

I'm running Ubuntu 14.04 and IPv4 nameservers have prevalence over IPv6 nameservers!

Workaround is to configure under:

1- click on WiFi Icon;
2- Edit Connections;
4- go to "IPv4 Settings";
5- choose "Automatic (DHCP) addresses only";

This way, my /etc/resolv.conf gets only the IPv6 nameservers, like this:

nameserver 2620:0:ccc::2
nameserver 2620:0:ccd::2

This works for my since I don;t care anymore about IPv4 networks.

But this is a big problem for dual-stacked environments!


Thiago Martins (martinx) wrote :

BTW, I also disabled local dnsmasq entirely (Ubuntu Desktop 14.04), by removing it from "/etc/NetworkManager/NetworkManager.conf" configuration file.

pdf (pdffs) wrote :

Please re-open - this is confirmed broken again in Trusty.

I also confirm the bug again in Trusty and Utopic

Noticed in Ubuntu 16.04 too

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers