I was just typing up a new thread here to ask a question. Yup. Me. I was lost for several hours trying to debug a new configuration problem. I'd just deployed IPv6 on the home network for the first time, but it was only partially working. Domain queries from browsers were returning NXDOMAIN (unresolved domain name), but direct IPv6 URLs were working normally, and debugging tools worked normally.
- ping6(8) and traceroute(6) worked fine by domain name.
- dig(1) was finding AAAA records just fine when I asked for them.
- PF was passing DOMAIN records without blocking them, both over IPv4 and IPv6.
Unfortunately, the queries from the browsers were for A records, not AAAA.
I checked the browsers. Firefox had the default setting of
network.dns.DisableIPv6 =
False, so it should have received the AF_INET6 resolution. Chrome no longer has this as a user configurable setting.
So I searched, and searched. No results. I added IPv6 domain resolution locally. I changed unbound(1) settings to accept them. I even switched from using local unbound resolving to resolving from Google's IPv6 nameservers, in case it was my local resolution configuration. Nothing seemed to help. So ... I began typing up a problem post in this thread, to ask if anyone here had seen this before. And as I was about to post it, checking for typos (yes, I know, I'm always posting typos even after checking) ... I went back and looked at the resolv.conf file I'd been editing repeatedly for more than an hour. Here's what I finally noticed:
Uh. That eliminates any AAAA queries by default. They can be requested specifically, which is what ping6(), traceroute6() and dig() with an AAAA option will do.
So I rewrote this thread. No need to ask for help, now.