Currently it seems that packets are passed on transparently on the other interface.
This is potentially problematic when a link-local IPv6 address is passed. By default, and mDNS resolver assumes that a link-local address is reachable on the interface it received the mDNS packet on. mDNS resolvers pass the link-local address along with the interface it received the packet on as scope. However, since mdns-reflector forwards mDNS responses across network segments, those link-local addresses are not valid in that scope.
Depending on the service, it might just fallback to another address or handle the situation gracefully in some shape or form. But I think it would be better if the mdns-reflector removes all link-local addresses in general, to avoid mDNS resolvers picking them up and passing them along to their clients.
There is one corner case which pops into my mind: What if a link-local IPv6 address is the only address in the answer section. From my testing with systemd-resolved as mDNS responder, it seems that in this case simply no answer is sent back to the query. So I guess the equivalent behavior would be to simply drop such a packet.
Currently it seems that packets are passed on transparently on the other interface.
This is potentially problematic when a link-local IPv6 address is passed. By default, and mDNS resolver assumes that a link-local address is reachable on the interface it received the mDNS packet on. mDNS resolvers pass the link-local address along with the interface it received the packet on as scope. However, since mdns-reflector forwards mDNS responses across network segments, those link-local addresses are not valid in that scope.
Depending on the service, it might just fallback to another address or handle the situation gracefully in some shape or form. But I think it would be better if the mdns-reflector removes all link-local addresses in general, to avoid mDNS resolvers picking them up and passing them along to their clients.
There is one corner case which pops into my mind: What if a link-local IPv6 address is the only address in the answer section. From my testing with systemd-resolved as mDNS responder, it seems that in this case simply no answer is sent back to the query. So I guess the equivalent behavior would be to simply drop such a packet.