IPv6 DNS Servers are broken

[Leseratte10]

This is a bug that I happened to stumble upon while reading Thunderbird's debug logs for an unrelated issue. In my /etc/resolv.conf on my machine I have two DNS servers, and the add-on does detect both (IPs censored):

console.info: DKIM_Verifier.JSDNS: "Got servers from resolv.conf: " [{server:"fdxx:xxxx:xxxx::xxxx:xxxx:x", alive:true}, {server:"10.0.xx.x", alive:true}]

However when actually querying the DNS, it skips over the IPv6 DNS:

console.info: DKIM_Verifier.JSDNS: "changed DNS Servers to :" [{server:"fdxx:xxxx:xxxx::xxxx:xxxx:x", alive:true}, {server:"10.0.xx.x", alive:true}, {server:"8.8.8.8", alive:true}]
console.info: DKIM_Verifier.JSDNS: "Resolving xxxxxxxx._domainkey.example.com TXT by querying fdxx:xxxx:xxxx::xxxx:xxxx:x"
console.debug: DKIM_Verifier.JSDNS: "Resolving xxxxxxxx._domainkey.example.com/TXT: Failed to connect to DNS server fdxx:xxxx:xxxx::xxxx:xxxx:x with error code 2152398878."
console.info: DKIM_Verifier.JSDNS: "Resolving xxxxxxxx._domainkey.example.com TXT by querying 10.0.xx.x"
console.debug: DKIM_Verifier.JSDNS: "xxxxxxxx._domainkey.example.com/TXT: Answer: v=DKIM1; k=rsa; h=sha1:sha256; p=xxxxxxxxx...xxxxxxxxx;"

I believe this bug is due to the following code in JSDNS.jsm.js:

	// allow server to be either a hostname or hostname:port
	var server_hostname = server;
	var port = 53;
	if (server.includes(":")) {
		server_hostname = server.substring(0, server.indexOf(":"));
		port = parseInt(server.substring(server.indexOf(":") + 1), 10);
	}

If there's a colon in the hostname string, it assumes by default that that's for a non-default port. However, I don't think /etc/resolv.conf even supports ports other than 53 - but it does obviously support IPv6 addresses, and I think people are way more likely to want to use an IPv6 DNS server than they are to want to use a DNS server on a nonstandard port.

Can this be updated to support IPv6 DNS servers as well? If I'm running this on a system that only has an IPv6 DNS entered (no need for IPv4 DNS, usually ...) it'll fail.

EDIT: This is happening with the default JavaScript DNS library. When I use unbound it seems to sometimes use IPv4 and sometimes IPv6 for the DNS queries but that's probably due to unbound picking a DNS server at random.

[lieser]

Thanks for bringing this up. Should not be hard to distinguish between an IPv4 address with port and an IPv6 address, will try to get this to work in the next version.
I will probably ask you to test it as my internet is still IPv4 only.

About libunbound:
I don't know how they decide which DNS server from /etc/resolv.conf is used. If getting DNS servers from the OS is enabled in the add-on all it does for libunbound is call ub_ctx_resolvconf. And libunbound is taking care of the rest itself.

[Leseratte10]

Thanks for the response. Yeah, testing is no problem, once you have a fixed version I can test that with IPv6 to see if it works.

[subscribernamegoeshere]

guys, not much of a developer here and about parsing and stuff, but if you want to add port numbers to an ipv6 adress (hostname) then you need to use/have/enclose the ipv6 address with square brackets [ ] and colon portnumber at the right end to it.

there is no such thing as an ipv6 hostname followed by a mere colon and portnumber to the end. you need to always enclose it with square brackets.

so there is no such thing as:

dns.google has address 8.8.4.4
dns.google has address 8.8.8.8
dns.google has IPv6 address 2001:4860:4860::8844
dns.google has IPv6 address 2001:4860:4860::8888

2001:4860:4860::8888:53

but there is only:

[2001:4860:4860::8888]:53

maybe first always enclose and add the square brackets to your ipv6 string and then add the colon portnumber to it on the right most end, similar for ipv4, then you can parse all of this the same way and or tokenize this stuff and extract the actual ipv6 and ipv4 addresses and the port number nonstandard portnumber and whatever.

cheers.

[Leseratte10]

That is true if you're talking about your own config files that you're creating (or parsing), but this plugin is reading an existing file (/etc/resolv.conf) so it has to deal with whatever existing file format there is - and that format says it's only the IP address (without brackets) and no port. I don't think there's a way on any OS (Linux, MacOS, Windows) to add a System DNS server on a nonstandard port so maybe the port handling should just be disabled when reading DNS servers from the system.

[lieser]

Should be fixed now. A non standard port is now only extracted from the server if it contains exactly one :.
I.e. currently the is no support for non standard ports with IPv6 addresses. And unless someone comes with an actual use case I don't plan to add support for it.

@Leseratte10 Would be nice if you could try it out, a fixed version is attached.
dkim_verifier@pl-2023-05-20-295112d.zip

[Leseratte10]

Yeah, can confirm that it now seems to be using the system's IPv6 DNS resolver, thanks for the fix.