NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Link-local used for IPv6 DNS server
Basically, https://community.netgear.com/t5/Orbi/Bug-RBR20-incorrectly-uses-link-local-router-IPv6-address-as/td-p/1887490 I turned on IPv6 and now my Orbi is telling DHCP clients that the DNS se...
Have noticed that nslookup returns IPv6 addresses for every domain that ping -6 is successful with.
nslookup returns only IPv4 addresses for the domains that ping -6 fails on.
What would help is a list of domains that definitely have IPv6 addresses but ping -6 fails to reach.
I love to rag on Netgear, but so far the damning evidence eludes me.
There is another experiment, which I will attempt this evening.
Capture LAN/WAN traffic.
Make IPv6 calls for domains that are not likely to be in the DNS cache.
Analyze LAN/WAN with Wireshark.
For every IPv6 DNS lookup that is addressed to the Link Local Orbi interface, look for corresponding IPv6 lookups from the Orbi IPv6 WAN interface and responses from the designated DNS servers.
It probably doesn't matter if the domains support IPv6 or not, as long as the DNS requests are made.
Does anyone know the telnet command to clear the local DNS cache on Orbi?
Okay, so here's a concrete example:
On my clients (numerous macOS and Linux devices), the names servers in the DHCP responses are the link-local address of the router:
nameserver fe80::2a80:88ff:feeb:3cf8 nameserver 192.168.1.1
I can use dig to query the v4 address:
$ dig @192.168.1.1 netgear.com ; <<>> DiG 9.10.6 <<>> @192.168.1.1 netgear.com ; (1 server found) ;; ANSWER SECTION: netgear.com. 60 IN A 76.223.14.31 netgear.com. 60 IN A 13.248.140.194 ;; Query time: 29 msec ;; SERVER: 192.168.1.1#53(192.168.1.1)
Dig also works using the v6 address of my ISP's server:$ dig @2001:8b0::2020 netgear.com ; <<>> DiG 9.10.6 <<>> @2001:8b0::2020 netgear.com ; (1 server found) ;; ANSWER SECTION: netgear.com. 60 IN A 76.223.14.31 netgear.com. 60 IN A 13.248.140.194 ;; SERVER: 2001:8b0::2020#53(2001:8b0::2020)
But using the IPv6 address that the router is telling the clients to use fails:$ dig @fe80::2a80:88ff:feeb:3cf8 netgear.com ; <<>> DiG 9.10.6 <<>> @fe80::2a80:88ff:feeb:3cf8 netgear.com ; (1 server found) ;; connection timed out; no servers could be reached
Thanks for the example. (Now I get to learn about the Linux dig command - and see if there is an equivalent in Windows).
We seem to have a different understanding of the meaning of "nameserver". I take it as "send DNS queries to these servers" and they will respond to you." They are not the ultimate resolvers for DNS.
netgear.com does not appear to have an IPv6 address, so attempts to resolve it will fail, whereas
www.netgear.com has a bunch of IPv6 addresses.
While I haul out a Linux box and load up dig, maybe you could do the same test with domains such as ibm.com and google.com that are known to have IPv6 addresses.
That's not how dig works. Unless you tell it otherwise, it looks up the IPv4 (A record) for the name.
Note how when I used the v4 address of the router, or a v6 external server, it worked, but the v6 address the router gave timed out.
To demonstrate this, here's dig looking up the v6 (AAAA record) for my ISP on both the v6 address the router is giving and the real public v6 address of the ISP's DNS server.
$ dig @2001:8b0::2020 www.aa.net.uk AAAA ;; ANSWER SECTION: www.aa.net.uk. 367 IN AAAA 2001:8b0:0:62::14 www.aa.net.uk. 367 IN AAAA 2001:8b0:0:62::13 ;; Query time: 136 msec ;; SERVER: 2001:8b0::2020#53(2001:8b0::2020) $ dig @fe80::2a80:88ff:feeb:3cf8 www.aa.net.uk AAAA ;; connection timed out; no servers could be reached