Bug 2095207

Summary: [RFE] Support IPv6 link local address for DNS server
Product: Red Hat Enterprise Linux 9 Reporter: Quique Llorente <ellorent>
Component: nmstateAssignee: Gris Ge <fge>
Status: CLOSED ERRATA QA Contact: Mingyu Shi <mshi>
Severity: medium Docs Contact: Marc Muehlfeld <mmuehlfe>
Priority: unspecified    
Version: 9.1CC: ferferna, fge, jiji, jishi, jklech, network-qe, sfaye, sukulkar, till
Target Milestone: rcKeywords: FutureFeature, Triaged
Target Release: 9.2   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: nmstate-2.2.2-0.alpha.20221201.el9 Doc Type: Enhancement
Doc Text:
.The `nmstate` API now supports IPv6 link-local addresses as DNS servers With this enhancement, you can use the `nmstate` API to set IPv6 link-local addresses as DNS servers. Use the `<link-local_address>%<interface>` format, for example: ---- dns-resolver: config: server: - fe80::deef:1%enp1s0 ----
 Story Points: ---
Clone Of:
: 2142619 (view as bug list) Environment:
Last Closed: 2023-05-09 07:31:01 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2130231, 2142619    

Description Quique Llorente 2022-06-09 09:56:55 UTC 
Description of problem:

At some scenarios one of the nameserver entries at the resolv.conf can contain a suffix where the interface name is appended with an porcentage symbol "%".

cat /etc/resolv.conf 
# Generated by NetworkManager
nameserver 192.168.66.2
nameserver fd00::1
nameserver fe80::e880:55ff:fe96:6424%eth0

The nmcli view of this is 
[vagrant@node01 ~]$ nmcli c show eth0 |grep DNS
IP4.DNS[1]:                             192.168.66.2
IP6.DNS[1]:                             fd00::1
IP6.DNS[2]:                             fe80::e880:55ff:fe96:6424

This nameserver is being received by dhcp6
Jun 09 09:44:11 node01 NetworkManager[4947]: <info>  [1654767851.3536] dhcp6 (eth0): activation: beginning transaction (timeout in 45 seconds)
Jun 09 09:44:11 node01 NetworkManager[4947]: <info>  [1654767851.3547] dhcp6 (eth0): dhclient started with pid 5000
Jun 09 09:44:11 node01 NetworkManager[4947]: <info>  [1654767851.3552] policy: set 'eth0' (eth0) as default for IPv6 routing and DNS
Jun 09 09:44:11 node01 dhclient[5000]: XMT: Confirm on eth0, interval 1080ms.
Jun 09 09:44:11 node01 dhclient[5000]: RCV: Reply message on eth0 from fe80::e880:55ff:fe96:6424.
Jun 09 09:44:11 node01 dhclient[5000]: message status code Success: "all addresses still on link"

When trying to apply this dns-resolver configuration with nmstate:
dns-resolver:
  config:
    server:
    - 192.168.66.2
    - fd00::1
    - fe80::e880:55ff:fe96:6424%eth0

We get the following error

      libnmstate.error.NmstateValueError
          Invalid IP address
            'fe80::e880:55ff:fe96:6424%eth0' does not appear to be an IPv4 or IPv6 address

Version-Release number of selected component (if applicable): 


How reproducible: Always


Steps to Reproduce:
1. nmstatectl apply
dns-resolver:
  config:
    server:
    - 192.168.66.2
    - fd00::1
    - fe80::e880:55ff:fe96:6424%eth0


Actual results:
libnmstate.error.NmstateValueError
          Invalid IP address
            'fe80::e880:55ff:fe96:6424%eth0' does not appear to be an IPv4 or IPv6 address



Expected results:
Nmstate is able to configure this special case of nameserver

Additional info:
We have found this at kubevirtci clusters and it's generated from NetworkManager but I don't find any reference for this syntax.
Comment 2 Gris Ge 2022-06-20 08:32:28 UTC 
When IPv6 link local address is used as DNS resolve server, the interface name should be defined in the format of`<ipv6-link-local-address>%<interface_name>`.

Reporter agreed to targeting this bug in 9.2.


The acceptance criteria is allowing user to use IPv6 link local address as DNS resolver(e.g. fe80::e880:55ff:fe96:6424%eth0).
Comment 3 sushil kulkarni 2022-11-14 13:58:38 UTC 
Removing from the 8.8 RPL tracker. See Devel whiteboard for details.

-Sushil
Comment 4 Gris Ge 2022-11-17 09:06:21 UTC 
Patch sent to upstream: https://github.com/nmstate/nmstate/pull/2105


Example yaml:

```
---
dns-resolver:
  config:
    search:
    - example.com
    - example.org
    server:
    - fe80::deef:1%eth1
    - 2001:4860:4860::8844
    - 8.8.4.4
    - 8.8.8.8
interfaces:
  - name: eth1
    type: ethernet
    state: up
    ipv4:
      address:
      - ip: 192.0.2.251
        prefix-length: 24
      dhcp: false
      enabled: true
    ipv6:
      address:
      - ip: 2001:db8:1::1
        prefix-length: 64
      dhcp: false
      enabled: true
      autoconf: false
routes:
  config:
  - destination: 0.0.0.0/0
    next-hop-address: 192.0.2.1
    next-hop-interface: eth1
  - destination: ::/0
    next-hop-address: 2001:db8:1::3
    next-hop-interface: eth1
```
Comment 9 Mingyu Shi 2023-02-13 07:47:43 UTC 
Verified with:
nmstate-2.2.5-1.el9.x86_64
nispor-1.2.9-1.el9.x86_64
NetworkManager-1.41.90-1.el9.x86_64
Comment 14 errata-xmlrpc 2023-05-09 07:31:01 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (nmstate bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:2190