On Thu, Jan 06, 2011 at 09:45:04PM +0100, Paweł Krześniak wrote:
2011/1/6 Daniel P. Berrange <berrange@redhat.com>:
While it is shorter to just use '--interface brname' this comes at the price of loosing compatibility with older dnsmasq which we still wish to support.
sure. RHEL5 is important target :)
If we used '--listen-address $IPV4ADDR --listen-address $IPV6ADDR' then people with dnsmasq < 2.48 can still use the virtual network capability in a IPv4 only context without problems. Only those people who actually needed IPv6 DNS would have to upgrade to newer dnsmasq.
hack for users of old dnsmasq and ipv6 needs is nodad option for /sbin/ip tool - read below.
Do you have any idea what causes the delay ? In particular is the delay caused by the use of --listen-interface, or caused by the addition of IPv6 addrs ?
Delay is caused by DAD. http://en.wikipedia.org/wiki/IPv6_address#Duplicate_address_detection
It's caused by IPv6 address, not by --listen-interface option: # killall dnsmasq ; ip a del 2001:db8::1 dev wlan0 ; ip a add 2001:db8::1 dev wlan0 ; time dnsmasq --strict-order --bind-interfaces --conf-file= --except-interface lo --listen-address 2001:db8::1 dnsmasq: no process killed
real 0m2.008s user 0m0.000s sys 0m0.006s
# killall dnsmasq ; ip a del 2001:db8::1 dev wlan0 ; ip a add 2001:db8::1 dev wlan0 ; time dnsmasq --strict-order --bind-interfaces --conf-file= --except-interface lo --interface wlan0
real 0m2.006s user 0m0.000s sys 0m0.003s
We can add v6 address to interface with skipping DAD (nodad option for /sbin/ip tool), but we can end up with duplicate v6 hosts on the same network. Without DAD dnsmasq doesn't need to wait:
# killall dnsmasq ; ip a del 2001:db8::1 dev wlan0 ; ip a add 2001:db8::1 dev wlan0 nodad ; time dnsmasq --strict-order --bind-interfaces --conf-file= --except-interface lo --interface wlan0 dnsmasq: no process killed
real 0m0.017s user 0m0.000s sys 0m0.005s
Based on your descriptions here it sounds like going for multiple --listen-address parameters offers the same level of overall functionality, but with better compatibility for people on older dnsmasq. So I'm not seeing a compelling reason to switch over to using --listen-interface
OK, I understand. Final question: what about link-local ipv6 addresses (fe80::/10). Should we --listen-address on them? (I think we should)
Will DNS actually work over link-local addrs? IIUC, since link-local addrs are scoped to a specific interface, apps wanting to send traffic via a link local address need to explicitly specify the interface name. Practically no apps will be do this and so they typically can't make use of the link-local address. Mostly a link-local address is just there for the purpose of allowing ipv6 autoconf to take place at which point the real address is used. So I'm not sure that we need/want to use --listen-address on the link local addr. Regards, Daniel