IPv6 to IPv4 address is invalid IPv6 address

[deividasraila]

• [x] This is not a support question, I have read about opensource and will send support questions to the IRC channel, GitHub Discussions or the mailing list.
• [x] I have read and understood the 'out in the open' support policy

• Program: Authoritative
• Issue type: Bug report

Short description

PowerDNS auth does not allow IPv6 to IPv4 addresses in AAAA records.

::ffff:c3c9:a472 is fine. ::ffff:195.201.164.114 is already invalid IPv6 address.

But PowerDNS itself always converts ::ffff:c3c9:a472 to ::ffff:195.201.164.114, and if we want to change ::ffff:195.201.164.114 to ::ffff:195.201.164.115, it shows error Invalid IPv6 address.

Environment

• Operating system: Rocky Linux 8.10 (Green Obsidian)
• Software version: pdns-4.9.1-1pdns.el8.x86_64
• Software source: PowerDNS repository

Steps to reproduce

Create ipv6-top-ipv4.test zone

with AAAA record converted from IPv6 to IPv4 ::ffff:c3c9:a472

curl -X POST "http://127.0.0.1:8081/api/v1/servers/localhost/zones" \
  -H "X-API-Key: changeme" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "ipv6-to-ipv4.test.",
    "kind": "Native",
    "nameservers": [
      "ns1.ipv6-to-ipv4.test.",
      "ns2.ipv6-to-ipv4.test."
    ],
    "soa_edit_api": "INCEPTION-INCREMENT",
    "rrsets": [
      {
        "name": "ipv6-to-ipv4.test.",
        "type": "A",
        "ttl": 3600,
        "changetype": "REPLACE",
        "records": [
          {
              "content": "127.0.0.1",
              "disabled": false

          }]

      },
      {
        "name": "ipv6-to-ipv4.test.",
        "type": "AAAA",
        "ttl": 3600,
        "changetype": "REPLACE",
        "records": [
          {
              "content": "::ffff:c3c9:a472",
              "disabled": false

          }]

      }]
  }'

in response AAAA record is already converted to ::ffff:195.201.164.114

{
  "account": "",
  "api_rectify": false,
  "catalog": "",
  "dnssec": false,
  "edited_serial": 0,
  "id": "ipv6-to-ipv4.test.",
  "kind": "Native",
  "last_check": 0,
  "master_tsig_key_ids": [],
  "masters": [],
  "name": "ipv6-to-ipv4.test.",
  "notified_serial": 0,
  "nsec3narrow": false,
  "nsec3param": "",
  "rrsets": [
    {
      "comments": [],
      "name": "ipv6-to-ipv4.test.",
      "records": [
        {
          "content": "::ffff:195.201.164.114",
          "disabled": false
        }
      ],
      "ttl": 3600,
      "type": "AAAA"
    },
    {
      "comments": [],
      "name": "ipv6-to-ipv4.test.",
      "records": [
        {
          "content": "a.misconfigured.dns.server.invalid. hostmaster.ipv6-to-ipv4.test. 0 10800 3600 604800 3600",
          "disabled": false
        }
      ],
      "ttl": 3600,
      "type": "SOA"
    },
    {
      "comments": [],
      "name": "ipv6-to-ipv4.test.",
      "records": [
        {
          "content": "ns1.ipv6-to-ipv4.test.",
          "disabled": false
        },
        {
          "content": "ns2.ipv6-to-ipv4.test.",
          "disabled": false
        }
      ],
      "ttl": 3600,
      "type": "NS"
    },
    {
      "comments": [],
      "name": "ipv6-to-ipv4.test.",
      "records": [
        {
          "content": "127.0.0.1",
          "disabled": false
        }
      ],
      "ttl": 3600,
      "type": "A"
    }
  ],
  "serial": 0,
  "slave_tsig_key_ids": [],
  "soa_edit": "",
  "soa_edit_api": "INCEPTION-INCREMENT",
  "url": "/api/v1/servers/localhost/zones/ipv6-to-ipv4.test."
}

The pdnsutil also shows the converted address.

[root@sandbox ~]# pdnsutil list-zone ipv6-to-ipv4.test
$ORIGIN .
ipv6-to-ipv4.test   3600    IN  A   127.0.0.1
ipv6-to-ipv4.test   3600    IN  AAAA    ::ffff:195.201.164.114
ipv6-to-ipv4.test   3600    IN  NS  ns1.ipv6-to-ipv4.test.
ipv6-to-ipv4.test   3600    IN  NS  ns2.ipv6-to-ipv4.test.
ipv6-to-ipv4.test   3600    IN  SOA a.misconfigured.dns.server.invalid hostmaster.ipv6-to-ipv4.test 0 10800 3600 604800 3600

Try to change ipv6-to-ipv4.test. AAAA ::ffff:195.201.164.114 to ::ffff:195.201.164.115

curl -X PATCH "http://127.0.0.1:8081/api/v1/servers/localhost/zones/ipv6-to-ipv4.test." \
  -H "X-API-Key: changeme" \
  -H "Content-Type: application/json" \
  -d '{
    "rrsets": [
      {
        "name": "ipv6-to-ipv4.test.",
        "type": "AAAA",
        "ttl": 3600,
        "changetype": "REPLACE",
        "records": [
          {
              "content": "::ffff:195.201.164.115",
              "disabled": false

          }]
      }
    ]
  }'

Response

{"error": "Record ipv6-to-ipv4.test./AAAA '::ffff:195.201.164.115': Invalid IPv6 address"}

Create ipv6-to-ipv4.testfailed

zone with AAAA record converted from IPv6 to IPv4 (::ffff:195.201.164.114)

curl -X POST "http://127.0.0.1:8081/api/v1/servers/localhost/zones" \
  -H "X-API-Key: changeme" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "ipv6-to-ipv4.testfailed.",
    "kind": "Native",
    "nameservers": [
      "ns1.ipv6-to-ipv4.testfailed.",
      "ns2.ipv6-to-ipv4.testfailed."
    ],
    "soa_edit_api": "INCEPTION-INCREMENT",
    "rrsets": [
      {
        "name": "ipv6-to-ipv4.testfailed.",
        "type": "A",
        "ttl": 3600,
        "changetype": "REPLACE",
        "records": [
          {
              "content": "127.0.0.1",
              "disabled": false

          }]

      },
      {
        "name": "ipv6-to-ipv4.testfailed.",
        "type": "AAAA",
        "ttl": 3600,
        "changetype": "REPLACE",
        "records": [
          {
              "content": "::ffff:195.201.164.114",
              "disabled": false

          }]

      }]
  }'

Response

{"error": "Record ipv6-to-ipv4.testfailed./AAAA '::ffff:195.201.164.114': Invalid IPv6 address"}

Expected behaviour

PowerDNS accept AAAA records like ::ffff:195.201.164.114

Actual behaviour

{"error": "Record ipv6-to-ipv4.testfailed./AAAA '::ffff:195.201.164.114': Invalid IPv6 address"}

Other information

[thomasschaeferm]

You shouldn't use that kind of IPv6 addresses in DNS at all.

https://ripe88.ripe.net/archives/video/1361/