From owner-freebsd-questions@freebsd.org Mon Oct 5 13:39:03 2015 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 86EC49B14C4 for ; Mon, 5 Oct 2015 13:39:03 +0000 (UTC) (envelope-from wam@hiwaay.net) Received: from fly.hiwaay.net (fly.hiwaay.net [216.180.54.1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 57A999DD for ; Mon, 5 Oct 2015 13:39:02 +0000 (UTC) (envelope-from wam@hiwaay.net) Received: from kabini1.local (dynamic-216-186-213-32.knology.net [216.186.213.32] (may be forged)) (authenticated bits=0) by fly.hiwaay.net (8.13.8/8.13.8/fly) with ESMTP id t95DcxiO015432 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO) for ; Mon, 5 Oct 2015 08:39:01 -0500 Subject: Re: IPv6 only Jails cannot connect to the outside world To: freebsd-questions@freebsd.org References: <5611AFCA.4010909@kulturflatrate.net> <5611CA44.4030602@radel.com> <56123260.1010901@kulturflatrate.net> From: "William A. Mahaffey III" Message-ID: <56127D73.5040001@hiwaay.net> Date: Mon, 5 Oct 2015 08:44:29 -0453.75 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 MIME-Version: 1.0 In-Reply-To: <56123260.1010901@kulturflatrate.net> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Oct 2015 13:39:03 -0000 On 10/05/15 03:24, Niklaas Baudet von Gersdorff wrote: > My resolv.conf in every jail: > >> >root@ipv6only:~ # cat /etc/resolv.conf >> >search financecomm.com >> >nameserver 213.133.98.98 >> >nameserver 213.133.99.99 >> >nameserver 213.133.100.100 >> >nameserver 2a01:4f8:0:a0a1::add:1010 >> >nameserver 2a01:4f8:0:a102::add:9999 >> >nameserver 2a01:4f8:0:a111::add:9898 > So, as you can see, I also have IPv4 and IPv6 nameservers in my resolv.conf. > >> >I don't bother mentioning ipv4 resolvers in resolv.conf, but the end >> >result is that the test you were trying works fine: >> > >> >root@mns:~ # telnet google.com 80 >> >Trying 2607:f8b0:4004:807::1006... >> >Connected to google.com. >> >Escape character is '^]'. >> >blort >> >HTTP/1.0 400 Bad Request >> > > As in my original email, the above test I cannot confirm. > > Mentioning /etc/resolv.conf made me trying something else: I removed the > IPv4 nameservers in it: > >> >root@ipv6only:~ # cat /etc/resolv.conf >> >search financecomm.com >> >nameserver 2a01:4f8:0:a0a1::add:1010 >> >nameserver 2a01:4f8:0:a102::add:9999 >> >nameserver 2a01:4f8:0:a111::add:9898 > And now my test works: > >> >root@ipv6only:~ # telnet google.com 80 >> >Trying 2a00:1450:4001:80d::100e... >> >Connected to google.com. >> >Escape character is '^]' > Thus it seems that, in an IPv6 only jail, I may not list IPv4 > nameservers in /etc/resolv.conf because otherwise I get the weird error > that it cannot resolve the hostname although it actually can? Is that > intended? > > Probably I'm missing something. > I thought you were limited to a small number of entries in resolv.conf, 3 by default (in my man page). If so, the 3 IPv4 entries were all that were searched when they were there & it never got to the IPv6 nameservers. $0.02, no more, no less .... -- William A. Mahaffey III ---------------------------------------------------------------------- "The M1 Garand is without doubt the finest implement of war ever devised by man." -- Gen. George S. Patton Jr.