2095207 – [RFE] Support IPv6 link local address for DNS server

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 2095207 - [RFE] Support IPv6 link local address for DNS server

Summary: [RFE] Support IPv6 link local address for DNS server

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 9
Classification:	Red Hat
Component:	nmstate
Sub Component:
Version:	9.1
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	rc
Target Release:	9.2
Assignee:	Gris Ge
QA Contact:	Mingyu Shi
Docs Contact:	Marc Muehlfeld
URL:
Whiteboard:
Depends On:
Blocks:	2130231 2142619
TreeView+	depends on / blocked

Reported:	2022-06-09 09:56 UTC by Quique Llorente
Modified:	2023-12-06 08:35 UTC (History)
CC List:	9 users (show)
Fixed In Version:	nmstate-2.2.2-0.alpha.20221201.el9
Doc Type:	Enhancement
Doc Text:	.The `nmstate` API now supports IPv6 link-local addresses as DNS servers With this enhancement, you can use the `nmstate` API to set IPv6 link-local addresses as DNS servers. Use the `<link-local_address>%<interface>` format, for example: ---- dns-resolver: config: server: - fe80::deef:1%enp1s0 ----
Clone Of:
Clones:	2142619 (view as bug list)
Environment:
Last Closed:	2023-05-09 07:31:01 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	nmstate nmstate pull 2105	None	open	dns: Support IPv6 link local address as DNS nameserver	2022-11-17 09:06:20 UTC
Red Hat Issue Tracker	NMT-123	None	None	None	2023-01-22 15:28:45 UTC
Red Hat Issue Tracker	RHELPLAN-124762	None	None	None	2022-06-09 10:01:29 UTC
Red Hat Product Errata	RHBA-2023:2190	None	None	None	2023-05-09 07:31:15 UTC

Description Quique Llorente 2022-06-09 09:56:55 UTC

Description of problem:

At some scenarios one of the nameserver entries at the resolv.conf can contain a suffix where the interface name is appended with an porcentage symbol "%".

cat /etc/resolv.conf 
# Generated by NetworkManager
nameserver 192.168.66.2
nameserver fd00::1
nameserver fe80::e880:55ff:fe96:6424%eth0

The nmcli view of this is 
[vagrant@node01 ~]$ nmcli c show eth0 |grep DNS
IP4.DNS[1]:                             192.168.66.2
IP6.DNS[1]:                             fd00::1
IP6.DNS[2]:                             fe80::e880:55ff:fe96:6424

This nameserver is being received by dhcp6
Jun 09 09:44:11 node01 NetworkManager[4947]: <info>  [1654767851.3536] dhcp6 (eth0): activation: beginning transaction (timeout in 45 seconds)
Jun 09 09:44:11 node01 NetworkManager[4947]: <info>  [1654767851.3547] dhcp6 (eth0): dhclient started with pid 5000
Jun 09 09:44:11 node01 NetworkManager[4947]: <info>  [1654767851.3552] policy: set 'eth0' (eth0) as default for IPv6 routing and DNS
Jun 09 09:44:11 node01 dhclient[5000]: XMT: Confirm on eth0, interval 1080ms.
Jun 09 09:44:11 node01 dhclient[5000]: RCV: Reply message on eth0 from fe80::e880:55ff:fe96:6424.
Jun 09 09:44:11 node01 dhclient[5000]: message status code Success: "all addresses still on link"

When trying to apply this dns-resolver configuration with nmstate:
dns-resolver:
  config:
    server:
    - 192.168.66.2
    - fd00::1
    - fe80::e880:55ff:fe96:6424%eth0

We get the following error

      libnmstate.error.NmstateValueError
          Invalid IP address
            'fe80::e880:55ff:fe96:6424%eth0' does not appear to be an IPv4 or IPv6 address

Version-Release number of selected component (if applicable): 


How reproducible: Always


Steps to Reproduce:
1. nmstatectl apply
dns-resolver:
  config:
    server:
    - 192.168.66.2
    - fd00::1
    - fe80::e880:55ff:fe96:6424%eth0


Actual results:
libnmstate.error.NmstateValueError
          Invalid IP address
            'fe80::e880:55ff:fe96:6424%eth0' does not appear to be an IPv4 or IPv6 address



Expected results:
Nmstate is able to configure this special case of nameserver

Additional info:
We have found this at kubevirtci clusters and it's generated from NetworkManager but I don't find any reference for this syntax.

Comment 2 Gris Ge 2022-06-20 08:32:28 UTC

When IPv6 link local address is used as DNS resolve server, the interface name should be defined in the format of`<ipv6-link-local-address>%<interface_name>`.

Reporter agreed to targeting this bug in 9.2.


The acceptance criteria is allowing user to use IPv6 link local address as DNS resolver(e.g. fe80::e880:55ff:fe96:6424%eth0).

Comment 3 sushil kulkarni 2022-11-14 13:58:38 UTC

Removing from the 8.8 RPL tracker. See Devel whiteboard for details.

-Sushil

Comment 4 Gris Ge 2022-11-17 09:06:21 UTC

Patch sent to upstream: https://github.com/nmstate/nmstate/pull/2105


Example yaml:

```
---
dns-resolver:
  config:
    search:
    - example.com
    - example.org
    server:
    - fe80::deef:1%eth1
    - 2001:4860:4860::8844
    - 8.8.4.4
    - 8.8.8.8
interfaces:
  - name: eth1
    type: ethernet
    state: up
    ipv4:
      address:
      - ip: 192.0.2.251
        prefix-length: 24
      dhcp: false
      enabled: true
    ipv6:
      address:
      - ip: 2001:db8:1::1
        prefix-length: 64
      dhcp: false
      enabled: true
      autoconf: false
routes:
  config:
  - destination: 0.0.0.0/0
    next-hop-address: 192.0.2.1
    next-hop-interface: eth1
  - destination: ::/0
    next-hop-address: 2001:db8:1::3
    next-hop-interface: eth1
```

Comment 9 Mingyu Shi 2023-02-13 07:47:43 UTC

Verified with:
nmstate-2.2.5-1.el9.x86_64
nispor-1.2.9-1.el9.x86_64
NetworkManager-1.41.90-1.el9.x86_64

Comment 14 errata-xmlrpc 2023-05-09 07:31:01 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (nmstate bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:2190

Note You need to log in before you can comment on or make changes to this bug.