1 files changed, 15 insertions, 3 deletions

diff --git a/src/conf_mode/dns_forwarding.py b/src/conf_mode/dns_forwarding.py
index 43be9d526..135f6fec0 100755
--- a/src/conf_mode/dns_forwarding.py
+++ b/src/conf_mode/dns_forwarding.py
@@ -36,9 +36,11 @@ config_tmpl = """
 # Non-configurable defaults
 daemon=yes
 threads=1
-allow-from=0.0.0.0/0
+allow-from=0.0.0.0/0, ::/0
 log-common-errors=yes
 non-local-bind=yes
+query-local-address=0.0.0.0
+query-local-address6=::
 
 # cache-size
 max-cache-entries={{ cache_size }}
@@ -65,8 +67,12 @@ forward-zones={% for d in domains %}
 # dnssec
 dnssec={{ dnssec }}
 
+{% if name_servers -%}
 # name-server
 forward-zones-recurse=.={{ name_servers | join(';') }}
+{% else %}
+# no name-servers specified - start full recursor
+{% endif %}
 
 """
 
@@ -114,10 +120,10 @@ def get_config():
 
     if conf.exists('domain'):
         for node in conf.list_nodes('domain'):
-            server = conf.return_values("domain {0} server".format(node))
+            servers = conf.return_values("domain {0} server".format(node))
             domain = {
                 "name": node,
-                "servers": server
+                "servers": bracketize_ipv6_addrs(servers)
             }
             dns['domains'].append(domain)
 
@@ -138,6 +144,8 @@ def get_config():
             dns['name_servers'] = dns['name_servers'] + system_name_servers
         conf.set_level('service dns forwarding')
 
+    dns['name_servers'] = bracketize_ipv6_addrs(dns['name_servers'])
+
     if conf.exists('listen-address'):
         dns['listen_on'] = conf.return_values('listen-address')
 
@@ -193,6 +201,10 @@ def get_config():
 
     return dns
 
+def bracketize_ipv6_addrs(addrs):
+    """Wraps each IPv6 addr in addrs in [], leaving IPv4 addrs untouched."""
+    return ['[{0}]'.format(a) if a.count(':') > 1 else a for a in addrs]
+
 def verify(dns):
     # bail out early - looks like removal from running config
     if dns is None: