Description
Describe the bug
Have a DNS hijack rule for IPv6 that DNAT's packets to Google's DNS server as follows:
config redirect
option dest 'wan'
option target 'DNAT'
option name 'Hijack-DNS-IPv6'
option src 'lan'
option src_dport '53'
option dest_ip '2001:4860:4860::8888'
option family 'ipv6'
list src_mac '$clientMAC'
Then from an iOS client with iSH shell app, fire off a DNS query to a fictional server that should get hijacked by the rule and DNAT'ed:
nslookup google.com fd::1
This will fire off an A query and an AAAA query very close to each other. Listening with tcpdump on the wan interface of the router you'll see the A query being DNAT'ed, but the AAAA query goes out to the internet still with the original destination (obviously wrong and undesired behavior):
11:53:01.900537 Out ethertype IPv6 (0x86dd), length 92: $clientIPv6.61581 > 2001:4860:4860::8888.53: 27025+ A? google.com. (28)
11:53:01.900584 Out ethertype IPv6 (0x86dd), length 92: $clientIPv6.61581 > fd::1.53: 53025+ AAAA? google.com. (28)
This should not ever happen, as any IPv6 packet on port 53 should be caught by the rule and DNAT'ed.
OpenWrt version
r28427-6df0e3d02a
OpenWrt release
24.10.0
OpenWrt target/subtarget
ramips/mt7621
Device
TP-Link Archer C6U v1
Image kind
Official downloaded image
Steps to reproduce
Install rule as in the example.
Get an iOS phone and install iSH app then fire off an nslookup as above.
I don't know what's special about this client, but it's able to generate the second packet that is not DNAT'ed correctly by the rule. Other Linux-based nslookup clients I have seem to not be able to reproduce this.
Actual behaviour
AAAA query shortly after A query is not DNAT'ed.
Expected behaviour
Both A and AAAA queries should be DNAT'ed.
Additional info
This bug reproduces 100% of the time on 24.10 and 0% of the time on 23.05.
Diffconfig
Terms
- I am reporting an issue for OpenWrt, not an unsupported fork.