Doesn't bind to ::

[asdfjkluiop]

As far as I can tell there's no way to bind sslip to :: or any other address for that matter. It always binds to 0.0.0.0 which only handles v4. I figured there should be a way to bind to v6 since the aws instance has it but I can't find any option for it.

[cunnie]

Show me the output of sudo ss -lntu | grep 53

My output shows that it binds to IPv6 as well as IPv4:

udp   UNCONN 0      0                            172.17.0.1:53        0.0.0.0:*
udp   UNCONN 0      0                           10.241.0.10:53        0.0.0.0:*
udp   UNCONN 0      0                             127.0.0.1:53        0.0.0.0:*
udp   UNCONN 0      0                         127.0.0.53%lo:53        0.0.0.0:*
udp   UNCONN 0      0               [2600:1f18:aaf:6900::a]:53           [::]:*
udp   UNCONN 0      0                                 [::1]:53           [::]:*
tcp   LISTEN 0      4096                      127.0.0.53%lo:53        0.0.0.0:*

[asdfjkluiop]

Huh??? That's weird... I'm running the following sudo -u sslip ./sslip.io-dns-server-linux-amd64 -port 9553 -nameservers ns1.example.com -addresses ns1.example.com=2001:db8::

With my information in place and the only thing ss shows it binding to is 0.0.0.0:9553. Is there some way to force it to bind to all addresses instead of ANYADDR? Maybe the problem is it only binds to v4 ANYADDR but will bind to v6 directly? I'm still not entirely sure how to stop it from using ANYADDR though.

[cunnie]

Let's see the output of the following

• ip a
• sudo ss -lntu | grep 53

Are you running in a container/namespace/cgroup?

Are you running macOS, Linux, FreeBSD, Windows?

[asdfjkluiop]

I have replaced my actual prefixes with 2001:db8 but left the rest unmodified including my ULA prefixes. Please note I am running IPv6 exclusively, there are no v4 addresses. This is a VM but no containerization is being done. Please note I'm running bind on 53 which is why I'm setting sslip to use 9553 but for completeness I have included my port 53 binds as requested as well as my 9553 binds. Debian 10 bookworm is the host

ip a:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
    inet6 fd2e:9fea:c7ed:6011::/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 fd2e:9fea:c7ed:53::/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 2001:db8:60:11::/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 2001:db8:53::/48 scope global 
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 2001:db8::1d1d/128 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::1d1d/64 scope link 
       valid_lft forever preferred_lft forever
14: akashi@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1444 state UNKNOWN qlen 1000
    inet6 fe80::2/64 scope link 
       valid_lft forever preferred_lft forever
    inet6 fe80::303e:6ff:fe98:deb6/64 scope link 
       valid_lft forever preferred_lft forever
15: raphtalia: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 state UNKNOWN qlen 500
    inet6 fe80::2/64 scope link 
       valid_lft forever preferred_lft forever
    inet6 fe80::ed0:af23:8d67:2045/64 scope link stable-privacy 
       valid_lft forever preferred_lft forever

ss -lntu | grep 53:

udp   UNCONN 0      0                                   0.0.0.0:9553       0.0.0.0:*
udp   UNCONN 0      0                   [fd2e:9fea:c7ed:6011::]:53            [::]:*          
udp   UNCONN 0      0                   [fd2e:9fea:c7ed:6011::]:53            [::]:*          
udp   UNCONN 0      0                     [fd2e:9fea:c7ed:53::]:53            [::]:*          
udp   UNCONN 0      0                     [fd2e:9fea:c7ed:53::]:53            [::]:*          
udp   UNCONN 0      0                        [2001:db8:60:11::]:53            [::]:*          
udp   UNCONN 0      0                        [2001:db8:60:11::]:53            [::]:*          
udp   UNCONN 0      0                           [2001:db8:53::]:53            [::]:*          
udp   UNCONN 0      0                           [2001:db8:53::]:53            [::]:*          
udp   UNCONN 0      0                                     [::1]:53            [::]:*          
udp   UNCONN 0      0                                     [::1]:53            [::]:*          
udp   UNCONN 0      0                          [2001:db8::1d1d]:53            [::]:*          
udp   UNCONN 0      0                          [2001:db8::1d1d]:53            [::]:*          
udp   UNCONN 0      0                         [fe80::1d1d]%eth0:53            [::]:*          
udp   UNCONN 0      0                         [fe80::1d1d]%eth0:53            [::]:*          
udp   UNCONN 0      0                          [fe80::2]%akashi:53            [::]:*          
udp   UNCONN 0      0                          [fe80::2]%akashi:53            [::]:*          
udp   UNCONN 0      0         [fe80::303e:6ff:fe98:deb6]%akashi:53            [::]:*          
udp   UNCONN 0      0         [fe80::303e:6ff:fe98:deb6]%akashi:53            [::]:*          
udp   UNCONN 0      0                       [fe80::2]%raphtalia:53            [::]:*          
udp   UNCONN 0      0                       [fe80::2]%raphtalia:53            [::]:*          
udp   UNCONN 0      0      [fe80::ed0:af23:8d67:2045]%raphtalia:53            [::]:*          
udp   UNCONN 0      0      [fe80::ed0:af23:8d67:2045]%raphtalia:53            [::]:*          
tcp   LISTEN 0      10                          [2001:db8:53::]:53            [::]:*          
tcp   LISTEN 0      10                          [2001:db8:53::]:53            [::]:*          
tcp   LISTEN 0      10                  [fd2e:9fea:c7ed:6011::]:53            [::]:*          
tcp   LISTEN 0      10                  [fd2e:9fea:c7ed:6011::]:53            [::]:*          
tcp   LISTEN 0      10        [fe80::303e:6ff:fe98:deb6]%akashi:53            [::]:*          
tcp   LISTEN 0      10        [fe80::303e:6ff:fe98:deb6]%akashi:53            [::]:*          
tcp   LISTEN 0      10                        [fe80::1d1d]%eth0:53            [::]:*          
tcp   LISTEN 0      10                        [fe80::1d1d]%eth0:53            [::]:*          
tcp   LISTEN 0      10                         [2001:db8::1d1d]:53            [::]:*          
tcp   LISTEN 0      10                         [2001:db8::1d1d]:53            [::]:*          
tcp   LISTEN 0      10                                    [::1]:53            [::]:*          
tcp   LISTEN 0      10                                    [::1]:53            [::]:*          
tcp   LISTEN 0      10     [fe80::ed0:af23:8d67:2045]%raphtalia:53            [::]:*          
tcp   LISTEN 0      10     [fe80::ed0:af23:8d67:2045]%raphtalia:53            [::]:*          
tcp   LISTEN 0      10                    [fd2e:9fea:c7ed:53::]:53            [::]:*          
tcp   LISTEN 0      10                    [fd2e:9fea:c7ed:53::]:53            [::]:*          
tcp   LISTEN 0      10                       [2001:db8:60:11::]:53            [::]:*          
tcp   LISTEN 0      10                       [2001:db8:60:11::]:53            [::]:*          
tcp   LISTEN 0      5                                     [::1]:953           [::]:*          
tcp   LISTEN 0      5                                     [::1]:953           [::]:*          
tcp   LISTEN 0      10                         [fe80::2]%akashi:53            [::]:*          
tcp   LISTEN 0      10                         [fe80::2]%akashi:53            [::]:*          
tcp   LISTEN 0      10                      [fe80::2]%raphtalia:53            [::]:*          
tcp   LISTEN 0      10                      [fe80::2]%raphtalia:53            [::]:*

ss -lntu | grep 9553:

udp   UNCONN 0      0                                   0.0.0.0:9553       0.0.0.0:*

[cunnie]

Did you build from source or download an executable?

When the DNS server starts up, does it emit a message similar to "I couldn't bind to "0.0.0.0:%d" (INADDR_ANY, all interfaces), so I'll try to bind to each address individually."?

[asdfjkluiop]

I downloaded the latest binaries last night, I did not build from source. I do not get that message...I get this one 2023/07/11 18:22:19 Successfully bound to all IPs, port 9553.

[cunnie]

Hmmm, maybe a bug in Golang 1.20.2. You a coder? Try building from source with Golang 1.20.6 (came out today) and see if that has the same problem.

I don't have any pure-IPv6 machines to test on, sorry.

[asdfjkluiop]

Yeah I program. I was just being lazy trying to avoid building from source, only do that when I have to. Something something all programmers are fundamentally lazy lol. I'll build it and let you know what happens.

[cunnie]

Let me know if building on your machine fixes it. Could you also test the one I built with Go 1.20.6? Here's the link: https://nono.io/sslip.io-dns-server-linux-amd64

[asdfjkluiop]

On Go 1.20.5 which is what's in the debian sid repos it still only binds to v4. Same goes for your build...that being said I did figure out why the problem happens. It's a go "bug" triggered by a quirk of my very aggressive IPv6 only setup. For whatever reason go will only bind to :: if 127.0.0.1 is present on your loopback interface, I only have ::1. If I add 127.0.0.1 on my loopback it binds to :: ...but if I remove it as is my normal configuration it will only bind to 0.0.0.0...which seems awfully backwards to me but that does make it not your bug. I tried adding loopback only because this isn't the first nor will it be the last time I find IPv4 assumptions in software and 127.0.0.1 is often a hardcoded assumption in many pieces of software causing wide ranging issues. Thanks for helping me look into this. I have patched it myself to work around the issue by doing

conn, err := net.ListenUDP("udp", &net.UDPAddr{IP: net.ParseIP("::"), Port: *bindPort})

[cunnie]

Great troubleshooting—my hat's off to you!

[asdfjkluiop]

Software breaks in weird ways without 127.0.0.1 if they don't use localhost, glad I thought of it. Here's the go issue for reference https://github.com/golang/go/issues/61310