Mac resolver AAAA flag missing

Hi! We probably have the similar problem as Setup IPv6 over IPv4 but we went a bit deeper with the workaround:

We have Pritunl server that has both IPv4 + IPv6 connectivity and it gives IPv6 addresses + default route to the clients. IPv6 connectivity works fine over Pritunl. The problem is when Mac client has native IPv4-only connectivity, it can not resolve DNS names that have only AAAA resource records.

The reason is that Mac resolver needs enabling IPv6 in resolver, which does not happen because of native IPv6 connectivity and Pritunl does not do it either (even though it provides IPv6 addresses, default GW and everything). This is what I see on Mac on IPv4-only network with IPv6-enabled Pritunl connected as utun4:

% scutil --dns
DNS configuration

resolver #1
  nameserver[0] : 1.1.1.1
  nameserver[1] : 1.0.0.1
  flags    : Supplemental, Request A records
  reach    : 0x00000002 (Reachable)
  order    : 101400

resolver #2
  nameserver[0] : 8.8.8.8
  nameserver[1] : 1.1.1.1
  flags    : Request A records
  reach    : 0x00000002 (Reachable)
  order    : 200000

<removed mdns records for brevity>

DNS configuration (for scoped queries)

resolver #1
  nameserver[0] : 8.8.8.8
  nameserver[1] : 1.1.1.1
  if_index : 15 (en0)
  flags    : Scoped, Request A records
  reach    : 0x00000000 (Not Reachable)

This hack helped:

% sudo python3 ipv6-resolver-up.py up en0                                                                                          11:18:46
Password:
d.init
d.add Addresses *
d.add DestAddresses *
d.add InterfaceName en0
set State:/Network/Service/en0/IPv4
set Setup:/Network/Service/en0/IPv4
d.init
d.add Addresses * fe80::145f:8ccf:9399:5f14
d.add DestAddresses * ::ffff:ffff:ffff:ffff:0:0
d.add Flags * 0
d.add InterfaceName en0
d.add PrefixLength * 64
set State:/Network/Service/en0/IPv6
set Setup:/Network/Service/en0/IPv6

After that I had:

% scutil --dns
DNS configuration

resolver #1
  nameserver[0] : 1.1.1.1
  nameserver[1] : 1.0.0.1
  flags    : Request A records, Request AAAA records
  reach    : 0x00000002 (Reachable)
  order    : 101400

resolver #2
  nameserver[0] : 8.8.8.8
  nameserver[1] : 1.1.1.1
  flags    : Request A records, Request AAAA records
  reach    : 0x00000002 (Reachable)
  order    : 200000

<removed mdns records for brevity>

DNS configuration (for scoped queries)

resolver #1
  nameserver[0] : 8.8.8.8
  nameserver[1] : 1.1.1.1
  if_index : 15 (en0)
  flags    : Scoped, Request A records, Request AAAA records
  reach    : 0x00000000 (Not Reachable)

But I guess there should be more fine-grained way of enabling it specifically on utun4?

There are numerous similar issues with other OpenVPN and other VPNs on MacOS that provide insights into this:

Could you consider adding the functionality to enable IPv6 resolver in Pritunl Mac client?

Or is there a way to piggy-back a hook script after Pritunl connects so I can run my scutil ... workaround on the client side after each connect instead of doing it manually?

This is an issue that should be fixed on the OS. It’s unlikely these changes will be added, it could create other issues.