[Bug] Unable to parse IPv6 link-local resolvers from resolv.conf

[maxmouchet]

Describe the bug

This is my /etc/resolv.conf file:

nameserver fe80::4aa9:8aff:febd:c390%en9
nameserver 192.168.255.1

If I run zdns without specifying name servers:

❯ echo "google.com" | zdns A
FATA[0000] unable to parse resolvers file, please use '--name-servers':
could not parse IP address ([fe80::4aa9:8aff:febd:c390%en9]:53) from file: /etc/resolv.conf

To Reproduce

zdns 2.0.0 on macOS 15.2 (arm64).

Expected behavior

This is a valid resolv.conf entry, so zdns should be able to use it, or at-least ignore it.

[phillip-stephens]

This is a good catch, our current /etc/resolv.conf parsing logic only handles IP addresses, not interfaces or SNI for DoT.

Per man resolvectl, nameservers can be formatted:

The dns command expects IPv4 or IPv6
           address specifications of DNS servers to use. Each address can optionally take a port number separated with ":", a network interface name or index separated
           with "%", and a Server Name Indication (SNI) separated with "#". When IPv6 address is specified with a port number, then the address must be in the square
           brackets. That is, the acceptable full formats are "111.222.333.444:9953%ifname#example.com" for IPv4 and "[1111:2222::3333]:9953%ifname#example.com" for
           IPv6.

We don't have a concept of per-interface nameservers, so we couldn't say "for all queries going out on en9 use nameserver X and for all on en3 use nameserver Y" without a decent bit of refactoring that I'm not sure is worth it.

Skipping domains that include SNI or interfaces is totally possible and would be quite easy. I'm thinking we skip listings with either a # or % and warn the user that DNS entries with interface specs or SNI is not supported at this time.

WDYT @maxmouchet @zakird

[Seanstoppable]

IMO, you are probably doing the right thing by failing, otherwise users will be perplexed about why a given configuration is not working as expected.

Especially given there is a way to override.

It would be somewhat beneficial to improve error messaging and/or documentation to make it clearer only specific formats are supported.

[zakird]

I tend to agree with @Seanstoppable. Since this is a measurement instrument, we're better off to fail with a good explanation why than to sweep something under the rug.

[maxmouchet]

We don't have a concept of per-interface nameservers, so we couldn't say "for all queries going out on en9 use nameserver X and for all on en3 use nameserver Y" without a decent bit of refactoring that I'm not sure is worth it.

Ah this is interesting; I had a different interpretation of it!

To me nameserver fe80::1%en0 means use the resolver at the IP address fe80::1%en0, not use the resolver fe80::1 for queries going out on en0.

I say this because the resolvectl syntax is resolvectl dns [LINK] [SERVER...], where LINK is already the interface for which the nameserver should be set:

# Set 2606:4700:4700::1111 as the resolver for ens2
resolvectl dns ens2 2606:4700:4700::1111

What I'm suggesting is not to implement per-interface resolvers, but rather support resolvers on a link-local IPv6 address.

In any case, do not spend too much time on this; this is a rather niche configuration :-)