Apache and DNS on IPv6-only systems got issues

[iliajie]

Hello Jamie!

Since this PR has been merged, I’d like to create a ticket to keep track of other issues that still haven’t been addressed.

In short, Apache records on IPv6-only systems are still being created as:

<VirtualHost :80 [fdb2:2c26:f4e4:0:21c:2222:1111:0000]:80>

And DNS zone records are being created as:

domain.tld.      IN      A       fdb2:2c26:f4e4:0:21c:2222:1111:0000

[jcameron]

Wow that DNS record seems wrong! How did you trigger this behavior exactly? Is it now possible to create an IPv6-only domain from the CLI that has this problem?

[iliajie]

Previously, it wasn’t even possible to create a new virtual server on IPv6-only system. Now, after the previous PR was merged, it is possible. However, despite running the config check and the removal of cached IPv4 record from Virtualmin config, i.e.:

Using the "Create Virtual Server" page still generates broken records for Apache and BIND on all IPv6-only systems:

Creates broken Apache and BIND configs, e.g.:

As you can see, the public IPv6 address isn’t being used correctly. Interestingly, DNS A records receive the public IPv6 address, while AAAA records get the local IPv6 address. Apache doesn’t get anything for IPv4 and just prints the port, like :80.

[jcameron]

Ok that Apache config is definitely a bug! This should fix it though : f2b9e30

[jcameron]

As for the DNS issue, what does the dns_ip= line in the domain's config file under /etc/webmin/virtual-server/domains contain?

[iliajie]

Ok that Apache config is definitely a bug! This should fix it though : f2b9e30

Giving it a quick look, it seems to resolve the issue. Do we need a similar patch for Nginx?

As for the DNS issue, what does the dns_ip= line in the domain's config file under /etc/webmin/virtual-server/domains contain?

Check this out but note that 173376457750228 is the new domain, created after the system was switched to IPv6-only network.

[jcameron]

Ok that's the problem, if dns_ip is set to an IPv6 address it will cause this kind of problem. It should be empty.

[iliajie]

Oh, geez, there’s a lot of dependency on this dns_ip key! For starters, we could tweak get_dns_ip sub when it’s in automatic mode (i.e., *) and say:

local $rv = &get_external_ip_address(undef, 4);

instead of:

local $rv = &get_any_external_ip_address();

Though, the following statement $rv || &error($text{'newdynip_eext'}); should be removed.

However, even then, the DNS zone is still created incorrectly, e.g.:

[jcameron]

Yes there will be a LOT of work to make IPv6-only mode work! But for starters, the ip field should certainly not be set, and likely dns_ip will not be set unless there is an odd case where the system only has a v6 address but is behind some kind of NAT that gives it an external v4 address.

[iliajie]

Well, okay! With all the recent changes checked into master, $ip shouldn’t be set anymore already. However, as you can see in the screenshot above, dns_ip, even if empty, is still being added to DNS.

Let’s leave it for now—can you add this to your distant to-do list?

By the way, SSL certificate sharing also isn’t working correctly in IPv6-only mode...

[jcameron]

Sure, I will update this ticket with progress on IPv6-only support