Missing route for 169.254.1.1 in the sandbox for IPv6-only hosts #1065

New issue

Open

opened 2025-12-02 23:28:01 +00:00 by raito · 0 comments

raito commented

2025-12-02 23:28:01 +00:00

Owner

Describe the bug

When the host is IPv6-only and running with an IPv4-only DNS resolver, pasta will set up dual stack resolvers inside the sandbox.
But it won't setup IPv4 connectivity to 169.254.1.1.

All DNS queries will fail.

[root@shiva:~]# nix-build -E 'let pkgs = (import <nixpkgs> {}); in pkgs.runCommand "resolvconf" { outputHashAlgo = "sha256"; outputHashMode = "flat"; outputHash = pkgs.lib.fakeHash; } "${pkgs.bind.host}/bin/host download.samba.org"'
this derivation will be built:
  /nix/store/q3pxi75g82zl0yx4rayzaqb83fq78mng-resolvconf.drv
building '/nix/store/q3pxi75g82zl0yx4rayzaqb83fq78mng-resolvconf.drv'...
;; UDP setup with 169.254.1.1#53(169.254.1.1) for download.samba.org failed: network unreachable.
;; no servers could be reached
;; UDP setup with 169.254.1.1#53(169.254.1.1) for download.samba.org failed: network unreachable.
;; communications error to 64:ff9b:1:4b8e:472e:a5c8:a9fe:101#53: timed out
;; no servers could be reached
error: builder for '/nix/store/q3pxi75g82zl0yx4rayzaqb83fq78mng-resolvconf.drv' failed with exit code 1;
       last 5 log lines:
       > ;; UDP setup with 169.254.1.1#53(169.254.1.1) for download.samba.org failed: network unreachable.
       > ;; no servers could be reached
       > ;; UDP setup with 169.254.1.1#53(169.254.1.1) for download.samba.org failed: network unreachable.
       > ;; communications error to 64:ff9b:1:4b8e:472e:a5c8:a9fe:101#53: timed out
       > ;; no servers could be reached
       For full logs, run:
         nix log /nix/store/q3pxi75g82zl0yx4rayzaqb83fq78mng-resolvconf.drv

Steps To Reproduce

Set up IPv6-only
Use systemd-resolved with IPv4-only stub
Use Lix 2.93.0+ with pasta
Attempt to resolve any FOD (IPv6 or IPv4)
See time out

Expected behavior

Successful resolution.

`nix --version` output

Happens since introduction of Pasta.

Additional context

#1014 fixed only the DNS part, this is the IP episode.
Reported-by: xored in Lix matrix chats.

## Describe the bug When the host is IPv6-only and running with an IPv4-only DNS resolver, pasta will set up dual stack resolvers inside the sandbox. But it won't setup IPv4 connectivity to 169.254.1.1. All DNS queries will fail. ``` [root@shiva:~]# nix-build -E 'let pkgs = (import <nixpkgs> {}); in pkgs.runCommand "resolvconf" { outputHashAlgo = "sha256"; outputHashMode = "flat"; outputHash = pkgs.lib.fakeHash; } "${pkgs.bind.host}/bin/host download.samba.org"' this derivation will be built: /nix/store/q3pxi75g82zl0yx4rayzaqb83fq78mng-resolvconf.drv building '/nix/store/q3pxi75g82zl0yx4rayzaqb83fq78mng-resolvconf.drv'... ;; UDP setup with 169.254.1.1#53(169.254.1.1) for download.samba.org failed: network unreachable. ;; no servers could be reached ;; UDP setup with 169.254.1.1#53(169.254.1.1) for download.samba.org failed: network unreachable. ;; communications error to 64:ff9b:1:4b8e:472e:a5c8:a9fe:101#53: timed out ;; no servers could be reached error: builder for '/nix/store/q3pxi75g82zl0yx4rayzaqb83fq78mng-resolvconf.drv' failed with exit code 1; last 5 log lines: > ;; UDP setup with 169.254.1.1#53(169.254.1.1) for download.samba.org failed: network unreachable. > ;; no servers could be reached > ;; UDP setup with 169.254.1.1#53(169.254.1.1) for download.samba.org failed: network unreachable. > ;; communications error to 64:ff9b:1:4b8e:472e:a5c8:a9fe:101#53: timed out > ;; no servers could be reached For full logs, run: nix log /nix/store/q3pxi75g82zl0yx4rayzaqb83fq78mng-resolvconf.drv ``` ## Steps To Reproduce 1. Set up IPv6-only 2. Use systemd-resolved with IPv4-only stub 3. Use Lix 2.93.0+ with pasta 4. Attempt to resolve any FOD (IPv6 or IPv4) 5. See time out ## Expected behavior Successful resolution. ## `nix --version` output Happens since introduction of Pasta. ## Additional context #1014 fixed only the DNS part, this is the IP episode. Reported-by: xored in Lix matrix chats.