diff --git a/.env.template b/.env.template index 99f693dd..457ca803 100644 --- a/.env.template +++ b/.env.template @@ -472,6 +472,11 @@ ## Setting this to true will enforce the Single Org Policy to be enabled before you can enable the Reset Password policy. # ENFORCE_SINGLE_ORG_WITH_RESET_PW_POLICY=false +## Prefer IPv6 (AAAA) resolving +## This settings configures the DNS resolver to resolve IPv6 first, and if not available try IPv4 +## This could be useful in IPv6 only environments. +# DNS_PREFER_IPV6=false + ##################################### ### SSO settings (OpenID Connect) ### ##################################### diff --git a/src/config.rs b/src/config.rs index 5582e9b0..1b6d3183 100644 --- a/src/config.rs +++ b/src/config.rs @@ -789,6 +789,10 @@ make_config! { /// Bitwarden enforces this by default. In Vaultwarden we encouraged to use multiple organizations because groups were not available. /// Setting this to true will enforce the Single Org Policy to be enabled before you can enable the Reset Password policy. enforce_single_org_with_reset_pw_policy: bool, false, def, false; + + /// Prefer IPv6 (AAAA) resolving |> This settings configures the DNS resolver to resolve IPv6 first, and if not available try IPv4 + /// This could be useful in IPv6 only environments. + dns_prefer_ipv6: bool, true, def, false; }, /// OpenID Connect SSO settings diff --git a/src/http_client.rs b/src/http_client.rs index b48f340c..5462ef8e 100644 --- a/src/http_client.rs +++ b/src/http_client.rs @@ -185,7 +185,10 @@ impl CustomDnsResolver { fn new() -> Arc { match TokioResolver::builder(TokioConnectionProvider::default()) { - Ok(builder) => { + Ok(mut builder) => { + if CONFIG.dns_prefer_ipv6() { + builder.options_mut().ip_strategy = hickory_resolver::config::LookupIpStrategy::Ipv6thenIpv4; + } let resolver = builder.build(); Arc::new(Self::Hickory(Arc::new(resolver))) }