Automatically add IPv6 addresses for common Global IPv4 nameservers

[vysecurity]

The mobile application DNS does not work for iOS 15.

[vysecurity]

Using the version on TestFlight

[DentonGentry]

DNS servers were properly set up using the 1.10 iOS app, but after switching to the 1.11 TestFlight it no longer does?

[vysecurity]

Nah, it doesn't work on either. I used the TestFlight version with iOS 15 today. There's no where to change DNS settings in iOS application anyway.

I fixed this temporarily by removing all DNS servers from admin console and specifying only 1 DNS server.

[DentonGentry]

The iOS Testflight still has the last 1.9 build, right now the regular version in the App Store is 1.10.x.

There was an earlier problem with iOS 15 in #2072, but even 1.9.204 has a fix for that.

[DentonGentry]

So:

• if you install either the 1.10.2 build from the App Store or the 1.9 build from TestFlight, DNS does not resolve hostnames? Does that mean the browser just hangs? Gives an error?
• You changed the config in https://login.tailscale.com/admin/dns to have just one DNS server, and disable Magic DNS, and now DNS works?

At roughly the time this was reported, we see:

2021-07-17 19:22:37.953529 +0000 UTC: dns: error: write udp [::]:61046->1.1.1.1:53: sendto: can't assign requested address
2021-07-17 19:22:37.953727 +0000 UTC: dns: error: write udp [::]:63219->1.0.0.1:53: sendto: can't assign requested address
2021-07-17 19:22:37.953825 +0000 UTC: dns: error: write udp [::]:51031->1.0.0.1:53: sendto: can't assign requested address

Which is the device trying to use an IPv6 source address to send to an IPv4 DNS server. That isn't going to work.

I think the main issue is that the iPhone was on a mobile carrier which only provides an IPv6 address, but the DNS configuration at the time only supplied servers with an IPv4 address. At about the time the iPhone started working, did it also switch to a Wi-Fi network? Maybe it got an IPv4 address and started working.

In any case, things will likely work better if the nameserver configuration includes at least one IPv6 DNS server. For example CloudFlare's IPv6 DNS servers are 2606:4700:4700::1111 and 2606:4700:4700::1001. That way, even if on a mobile network with only IPv6 addresses, it will still have working DNS.

[bradfitz]

In any case, things will likely work better if the nameserver configuration includes at least one IPv6 DNS server. For example CloudFlare's IPv6 DNS servers are 2606:4700:4700::1111 and 2606:4700:4700::1001. That way, even if on a mobile network with only IPv6 addresses, it will still have working DNS.

Ideally we should just make it work, though.

For the common cases (like 98% of people's DNS settings) we can also use the well-known IPv6 address corresponding to their IPv4-only settings. Or detect the carrier's IPv6 transition mechanism and do whatever we're supposed to do there.

[vysecurity]

It's sorted now! Thanks

[DentonGentry]

Fixed by 3daf27e

[bradfitz]

Not quite. It's close but it doesn't add IPv6 yet.

[bradfitz]

Well, actually, sorry, maybe that's good enough. I was thinking of something else.

[bradfitz]

Now that I'm back at a computer, more context: 3daf27e only adds a single IPv6 address as a fallback when one/both of the equivalent IPv4s fail. It doesn't add both IPv6s for e.g. Google/Cloudflare/Quad9.

But that's still probably good enough.