Add support for IPv6 zone identifier in nameserver ip address (resolv.conf)

[csarn]

I have a network where I get an IPv6 nameserver via router advertisement, and it is a link-local ip. So the resolv.conf entry looks something like this:

nameserver fe80::1%eth0

Now ssh uses ldns to look up SSHFP records when having VerifyHostKeyDNS yes. It tries the lookup 3 times, each one timing out, then ssh fails:

$ strace -e sendto,poll ssh -vvv some.host.name
(...)
debug3: verify_host_key_dns
sendto(4, "<redacted>"..., 41, 0, {sa_family=AF_INET6, sin6_port=htons(53), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "fe80::1", &sin6_addr), sin6_scope_id=0}, 28) = 41
poll([{fd=4, events=POLLIN|POLLERR}], 1, 5000) = 0 (Timeout)
sendto(4, "<redacted>"..., 41, 0, {sa_family=AF_INET6, sin6_port=htons(53), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "fe80::1", &sin6_addr), sin6_scope_id=0}, 28) = 41
poll([{fd=4, events=POLLIN|POLLERR}], 1, 5000) = 0 (Timeout)
sendto(4, "<redacted>"..., 41, 0, {sa_family=AF_INET6, sin6_port=htons(53), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "fe80::1", &sin6_addr), sin6_scope_id=0}, 28) = 41
poll([{fd=4, events=POLLIN|POLLERR}], 1, 5000) = 0 (Timeout)
DNS lookup error: general failure
(...)
Host key verification failed.

I assume that the relevant piece in the strace output is the sin6_scope_id=0, which is not valid.

I am running ldns 1.8.1-1 (from arch linux), openssh 9.0p1, on linux 5.17.8.

Expected Behaviour: ldns sets the correct scope_id from the zone identifier in resolv.conf, resulting in successful DNS lookups from ssh.

[wtoorop]

I agree this should be done, but this is not easily accomplished with how things are currently handled. I guess we would need to add an additional list of IPv6 scope_id's to struct ldns_struct_resolver. I'll label this enhancement. So not for the next release but the release thereafter... @TCY16 would this be something you'd be willing to do?