Maintained by: NLnet Labs

[Unbound-users] Can't Enable Link-Local IPv6

Phil Pennock
Sun Mar 18 21:56:49 CET 2012


On 2012-03-18 at 09:14 +0000, Sabahattin Gucukoglu wrote:
> Running Unbound 1.4.16, I cannot put "interface: fe80::…" into unbound.conf.  It warns on startup that there's no IPv6 support.  Yet, outgoing interface is default (::) and the default ::1 bind works.  Finally, just setting it to "::0" to listen on all works, and that's what I've had to do, just using access control to limit it.
> 
> So what's happening?  I'd love to only accept queries from the local link, and retrieve DNS data from v6-reachable name servers.  Your help appreciated.

At a guess (because I haven't explored this area with unbound): remember
that link-level addresses are per-interface and need a scope in order to
be interpreted.

A convention on KAME-derived systems is that you can attach the
interface name to the address as the scope, with %intf at the end of the
address.

Here you'll see how I can't even ping an IP address attached to an
interface on the same machine generating the pings, until I provide a
scope for interpretation.

% ping6 -n fe80::2e0:81ff:fe5c:8ea9
ping6: UDP connect: Network is unreachable
% ping6 -n fe80::2e0:81ff:fe5c:8ea9%bge0
PING6(56=40+8+8 bytes) fe80::2e0:81ff:fe5c:8ea9%bge0 --> fe80::2e0:81ff:fe5c:8ea9%bge0
16 bytes from fe80::2e0:81ff:fe5c:8ea9%bge0, icmp_seq=0 hlim=64 time=0.072 ms
^C

-Phil