From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 6B8F81FF14F for ; Fri, 08 May 2026 20:47:13 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 586C9219EA; Fri, 8 May 2026 20:47:04 +0200 (CEST) From: Christoph Heiss To: pve-devel@lists.proxmox.com Subject: [PATCH RFC installer 6/8] sys: net: ignore ipv6 nameservers with zone identifiers Date: Fri, 8 May 2026 20:44:09 +0200 Message-ID: <20260508184546.113293-7-c.heiss@proxmox.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260508184546.113293-1-c.heiss@proxmox.com> References: <20260508184546.113293-1-c.heiss@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1778265874775 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.076 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: V76C3FWIEQSWTJUF3PNXE4WQYNWIV3JP X-Message-ID-Hash: V76C3FWIEQSWTJUF3PNXE4WQYNWIV3JP X-MailFrom: c.heiss@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox VE development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: The stack does not handle IPv6 addresses with zone identifiers anywhere (yet). Just dropping the zone identifier would be another possibility for now, but would probably break more things (as they are e.g. pretty much mandantory for link-local addresses.) IPv6 addresses with zone identifiers are not all that well supported and are uncommon anyway it seems, see [0][1][2]. For now, work around that by ignoring all IPv6 nameservers with zone identifiers. [0] https://github.com/containers/common/pull/2233 [1] https://github.com/containers/aardvark-dns/issues/535 [2] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=255316 Signed-off-by: Christoph Heiss --- Sending as RFC as it is a rather ugly hack, but reworking the rest of the stack is a bit more effort and wanted to send the series now. Mainly fails due to parsing it as a `std::net::IpAddr` addresses in Rust, which does not support zone identifiers, in addition to Proxmox::Sys::Net::parse_ip_address() not recognizing them either. Proxmox/Sys/Net.pm | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/Proxmox/Sys/Net.pm b/Proxmox/Sys/Net.pm index c6bd841..4781e51 100644 --- a/Proxmox/Sys/Net.pm +++ b/Proxmox/Sys/Net.pm @@ -334,7 +334,14 @@ sub query_dns : prototype() { my $domain; while (defined(my $line = <$fh>)) { if ($line =~ /^nameserver\s+(\S+)/) { - push @dns, $1; + # FIXME: handle IPv6 zone identifiers across the stack. + # For now, ignore all addresses containing them. + my $addr = $1; + if ($addr =~ /%\S+$/) { + log_warn("skipping nameserver $addr as being link-local"); + } else { + push @dns, $addr; + } } elsif (!defined($domain) && $line =~ /^domain\s+(\S+)/) { $domain = $1; } -- 2.53.0