Safari on IPv6 ?

Ron Broersma ron at spawar.navy.mil
Mon Feb 1 17:03:00 CET 2010


Yes. If the app makes separate queries, it will get separate answers.  If you let mDNSResponder do the separate queries, it takes the first answer and rejects the rest.   You can see it in the following tcpdump (lookup of www.kame.net)...

21:01:40.583892 192.168.1.2.62499 > 192.168.1.1.domain: 20561+ A? www.kame.net. (30)
21:01:40.594347 192.168.1.2.55014 > 192.168.1.1.domain: 24513+ AAAA? www.kame.net. (30)
21:01:40.739626 192.168.1.1.domain > 192.168.1.2.62499: 20561 1/0/0 www.kame.net. A 203.178.141.194 (46)
21:01:40.904784 192.168.1.1.domain > 192.168.1.2.55014: 24513 1/0/0 www.kame.net. AAAA 2001:200::8002:203:47ff:fea5:3085 (58)
21:01:40.904812 192.168.1.2 > 192.168.1.1: ICMP 192.168.1.2 udp port 55014 unreachable, length 36
    192.168.1.1.domain > 192.168.1.2.55014: [|domain]

Since the "A" resource record arrived first, it wins and the AAAA response is dropped because mDNSResponder isn't even listening for other responses at that point.

Debug output from mDNSResponder shows how it just shuts down down after processing the first response...

Oct 23 21:01:40 neko mDNSResponder[17]:  43: Error socket 40 created 00000000 00000233
Oct 23 21:01:40 neko mDNSResponder[17]:  43: DNSServiceQueryRecord(www.kame.net., Addr, 5000) START
Oct 23 21:01:40 neko mDNSResponder[17]:  43: Error socket 40 closed  00000000 00000233 (0)
Oct 23 21:01:40 neko mDNSResponder[17]:  43: Error socket 40 created 00000000 00000234
Oct 23 21:01:40 neko mDNSResponder[17]:  43: DNSServiceQueryRecord(www.kame.net., AAAA, 5000) START
Oct 23 21:01:40 neko mDNSResponder[17]:  43: Error socket 40 closed  00000000 00000234 (0)
Oct 23 21:01:40 neko mDNSResponder[17]: -- Sent UDP DNS Query (flags 0100) RCODE: NoErr (0) RD ID: 20561 18 bytes from port 62499 to 192.168.1.1:53 --
Oct 23 21:01:40 neko mDNSResponder[17]:  1 Questions
Oct 23 21:01:40 neko mDNSResponder[17]:  0 www.kame.net. Addr
Oct 23 21:01:40 neko mDNSResponder[17]:  0 Answers
Oct 23 21:01:40 neko mDNSResponder[17]:  0 Authorities
Oct 23 21:01:40 neko mDNSResponder[17]:  0 Additionals
Oct 23 21:01:40 neko mDNSResponder[17]: --------------
Oct 23 21:01:40 neko mDNSResponder[17]: -- Sent UDP DNS Query (flags 0100) RCODE: NoErr (0) RD ID: 24513 18 bytes from port 55014 to 192.168.1.1:53 --
Oct 23 21:01:40 neko mDNSResponder[17]:  1 Questions
Oct 23 21:01:40 neko mDNSResponder[17]:  0 www.kame.net. AAAA
Oct 23 21:01:40 neko mDNSResponder[17]:  0 Answers
Oct 23 21:01:40 neko mDNSResponder[17]:  0 Authorities
Oct 23 21:01:40 neko mDNSResponder[17]:  0 Additionals
Oct 23 21:01:40 neko mDNSResponder[17]: --------------
Oct 23 21:01:40 neko mDNSResponder[17]: -- Received UDP DNS Response (flags 8180) RCODE: NoErr (0) RD RA ID: 20561 34 bytes from 192.168.1.1:53 to 192.168.1.2:62499 --
Oct 23 21:01:40 neko mDNSResponder[17]:  1 Questions
Oct 23 21:01:40 neko mDNSResponder[17]:  0 www.kame.net. Addr
Oct 23 21:01:40 neko mDNSResponder[17]:  1 Answers
Oct 23 21:01:40 neko mDNSResponder[17]:  0 TTL    900    4 www.kame.net. Addr 203.178.141.194
Oct 23 21:01:40 neko mDNSResponder[17]:  0 Authorities
Oct 23 21:01:40 neko mDNSResponder[17]:  0 Additionals
Oct 23 21:01:40 neko mDNSResponder[17]: --------------
Oct 23 21:01:40 neko mDNSResponder[17]:  43: DNSServiceQueryRecord(www.kame.net., Addr) ADD    4 www.kame.net. Addr 203.178.141.194
Oct 23 21:01:40 neko mDNSResponder[17]:  43: Cancel 00000000 00000233
Oct 23 21:01:40 neko mDNSResponder[17]:  43: DNSServiceQueryRecord(www.kame.net., Addr) STOP
Oct 23 21:01:40 neko mDNSResponder[17]:  43: Cancel 00000000 00000234
Oct 23 21:01:40 neko mDNSResponder[17]:  43: DNSServiceQueryRecord(www.kame.net., AAAA) STOP

--Ron

On Feb 1, 2010, at 8:25 AM, Sam Wilson wrote:

> 
> On 1 Feb 2010, at 14:40, Gert Doering wrote:
> 
>> Hi,
>> 
>> On Mon, Feb 01, 2010 at 02:32:07PM +0000, Sam Wilson wrote:
>>> Can you describe situations where you should expect multiple answers
>>> to have different information?  I don't think I understand what
>>> mDNSResponder is doing because in normal DNS, modulo times when
>>> information is changing, all answers should have the same data.
>> 
>> Since you can't query DNS for "give me A+AAAA", the application query
>> "give me whatever address you have!" will result in two DNS queries, one
>> for A records and one for AAAA records.  Two queries, two packets, two
>> responses (possibly with 0 answer records in them, if no A or AAAA record
>> is available).
> 
> So using 'getaddrinfo' or some related call makes a single request to mDNSResponder rather than making the app issue two requests itself?  If the app made two separate requests to a daemon then the daemon would give two separate answers back.  Right?
> 
>> Querying for "ANY" doesn't work.
> 
> I was aware of that.
> 
> Thanks,
> 
> Sam Wilson
> Network Team, IT Infrastructure
> Information Services, The University of Edinburgh
> Edinburgh, Scotland, UK
> 
> 
> -- 
> The University of Edinburgh is a charitable body, registered in
> Scotland, with registration number SC005336.
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4936 bytes
Desc: not available
Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20100201/89b084b5/attachment.bin 


More information about the ipv6-ops mailing list