From 2da361a1f21ac7d7e0162f2581ed5e16c709a3a8 Mon Sep 17 00:00:00 2001
From: Girish Ramakrishnan <girish@cloudron.io>
Date: Fri, 26 Apr 2024 17:41:51 +0200
Subject: [PATCH] waitfordns: resolve and check against NS' IPv6 address

---
 src/dns/waitfordns.js | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/src/dns/waitfordns.js b/src/dns/waitfordns.js
index 9a4a3ae90..1fd1ab62e 100644
--- a/src/dns/waitfordns.js
+++ b/src/dns/waitfordns.js
@@ -38,20 +38,24 @@ async function isChangeSynced(hostname, type, value, nameserver) {
     assert.strictEqual(typeof nameserver, 'string');
 
     // ns records cannot have cname
-    const [error, nsIps] = await safe(dig.resolve(nameserver, 'A', { timeout: 5000 }));
-    if (error || !nsIps || nsIps.length === 0) {
-        debug(`isChangeSynced: cannot resolve NS ${nameserver}`); // it's fine if one or more ns are dead
+    const [error4, nsIPv4s] = await safe(dig.resolve(nameserver, 'A', { timeout: 5000 }));
+    const [error6, nsIPv6s] = await safe(dig.resolve(nameserver, 'AAAA', { timeout: 5000 }));
+
+    if (error4 && error6) {
+        debug(`isChangeSynced: cannot resolve NS ${nameserver}`); // NS doesn't resolve at all; it's fine
         return true;
     }
 
+    const nsIPs = [].concat(nsIPv4s || []).concat(nsIPv6s || []);
     const status = [];
-    for (let i = 0; i < nsIps.length; i++) {
-        const nsIp = nsIps[i];
+    for (let i = 0; i < nsIPs.length; i++) {
+        const nsIp = nsIPs[i];
         const resolveOptions = { server: nsIp, timeout: 5000 };
         const resolver = type === 'A' || type === 'AAAA' ? resolveIp(hostname, type, resolveOptions) : dig.resolve(hostname, 'TXT', resolveOptions);
 
         const [error, answer] = await safe(resolver);
-        if (error && (error.code === dns.TIMEOUT || error.code === dns.REFUSED)) {
+        // CONNREFUSED - when there is no ipv4/ipv6 connectivity. REFUSED - server won't answer maybe by policy
+        if (error && (error.code === dns.TIMEOUT || error.code === dns.REFUSED || error.code === dns.CONNREFUSED)) {
             debug(`isChangeSynced: NS ${nameserver} (${nsIp}) not resolving ${hostname} (${type}): ${error}. Ignoring`);
             status[i] = true; // should be ok if dns server is down
             continue;