From f5ad09dc539661c89da2697be4d08728cac7a370 Mon Sep 17 00:00:00 2001
From: Pieter Lexis <pieter.lexis@powerdns.com>
Date: Mon, 28 Oct 2019 12:35:05 +0100
Subject: [PATCH] Auth: Remove local-ipv6 setting

Treat listen address as equally as possible. This removes a bunch of
duplicate code.
---
 docs/guides/recursion.rst                     |   2 -
 docs/settings.rst                             |  13 +-
 pdns/common_startup.cc                        |   4 +-
 pdns/nameserver.cc                            | 130 ++++--------------
 pdns/nameserver.hh                            |   3 +-
 pdns/tcpreceiver.cc                           | 100 +++-----------
 regression-tests.api/runtests.py              |   2 +-
 regression-tests.auth-py/authtests.py         |   1 -
 regression-tests.nobackend/counters/command   |   2 +-
 .../distributor/command                       |   2 +-
 .../supermaster-signed/command                |   4 +-
 .../supermaster-unsigned/command              |   4 +-
 .../recursortests.py                          |   2 +-
 regression-tests.recursor/config.sh           |   2 +-
 14 files changed, 71 insertions(+), 200 deletions(-)

diff --git a/docs/guides/recursion.rst b/docs/guides/recursion.rst
index ea35f6c6f0..a1756ed976 100644
--- a/docs/guides/recursion.rst
+++ b/docs/guides/recursion.rst
@@ -52,7 +52,6 @@ and port 5300 change the following in ``pdns.conf``:
 
 .. code-block:: ini
 
-    local-ipv6=
     local-address=127.0.0.1
     local-port=5300
 
@@ -135,7 +134,6 @@ and port 5300 change the following in ``pdns.conf``:
 
 .. code-block:: ini
 
-    local-ipv6=
     local-address=127.0.0.1
     local-port=5300
 
diff --git a/docs/settings.rst b/docs/settings.rst
index 17e7e7f631..a5d7b2b9c4 100644
--- a/docs/settings.rst
+++ b/docs/settings.rst
@@ -745,10 +745,13 @@ available in non-static distributions.
 ``local-address``
 -----------------
 
+.. versionchanged:: 4.3.0
+  Before 4.3.0, this setting only supported IPv4.
+
 -  IPv4 Addresses, separated by commas or whitespace
--  Default: 0.0.0.0
+-  Default: 0.0.0.0, ``::``
 
-Local IP address to which we bind. It is highly advised to bind to
+Local IP addresses to which we bind. It is highly advised to bind to
 specific interfaces and not use the default 'bind to any'. This causes
 big problems if you have multiple IP addresses. Unix does not provide a
 way of figuring out what IP address a packet was sent to when binding to
@@ -770,6 +773,9 @@ Fail to start if one or more of the
 ``local-ipv6``
 --------------
 
+.. deprecated:: 4.3.0
+  This setting has been removed, use :ref:`setting-localaddress`
+
 -  IPv6 Addresses, separated by commas or whitespace
 -  Default: '::'
 
@@ -782,6 +788,9 @@ big problems if you have multiple IP addresses.
 ``local-ipv6-nonexist-fail``
 ----------------------------
 
+.. deprecated:: 4.3.0
+  This setting has been removed, use :ref:`setting-localaddress-nonexist-fail`
+
 -  Boolean
 -  Default: no
 
diff --git a/pdns/common_startup.cc b/pdns/common_startup.cc
index 1a383c71fa..9ad7459e21 100644
--- a/pdns/common_startup.cc
+++ b/pdns/common_startup.cc
@@ -84,12 +84,10 @@ void declareArguments()
   ::arg().setSwitch("forward-dnsupdate","A global setting to allow DNS update packages that are for a Slave domain, to be forwarded to the master.")="yes";
   ::arg().setSwitch("log-dns-details","If PDNS should log DNS non-erroneous details")="no";
   ::arg().setSwitch("log-dns-queries","If PDNS should log all incoming DNS queries")="no";
-  ::arg().set("local-address","Local IP addresses to which we bind")="0.0.0.0";
+  ::arg().set("local-address","Local IP addresses to which we bind")="0.0.0.0, ::";
   ::arg().setSwitch("local-address-nonexist-fail","Fail to start if one or more of the local-address's do not exist on this server")="yes";
   ::arg().setSwitch("non-local-bind", "Enable binding to non-local addresses by using FREEBIND / BINDANY socket options")="no";
-  ::arg().set("local-ipv6","Local IP address to which we bind")="::";
   ::arg().setSwitch("reuseport","Enable higher performance on compliant kernels by using SO_REUSEPORT allowing each receiver thread to open its own socket")="no";
-  ::arg().setSwitch("local-ipv6-nonexist-fail","Fail to start if one or more of the local-ipv6 addresses do not exist on this server")="yes";
   ::arg().set("query-local-address","Source IP address for sending queries")="0.0.0.0";
   ::arg().set("query-local-address6","Source IPv6 address for sending queries")="::";
   ::arg().set("overload-queue-length","Maximum queuelength moving to packetcache only")="0";
diff --git a/pdns/nameserver.cc b/pdns/nameserver.cc
index 77344b5219..427089702e 100644
--- a/pdns/nameserver.cc
+++ b/pdns/nameserver.cc
@@ -86,7 +86,7 @@ extern StatBag S;
 
 vector<ComboAddress> g_localaddresses; // not static, our unit tests need to poke this
 
-void UDPNameserver::bindIPv4()
+void UDPNameserver::bindAddresses()
 {
   vector<string>locals;
   stringtok(locals,::arg()["local-address"]," ,");
@@ -96,33 +96,36 @@ void UDPNameserver::bindIPv4()
     throw PDNSException("No local address specified");
 
   int s;
-  for(vector<string>::const_iterator i=locals.begin();i!=locals.end();++i) {
-    string localname(*i);
-    ComboAddress locala;
+  // for(vector<string>::const_iterator i=locals.begin();i!=locals.end();++i) {
+  for (const auto &local : locals) {
+    ComboAddress locala(local, ::arg().asNum("local-port"));
 
-    s=socket(AF_INET,SOCK_DGRAM,0);
+    s = socket(locala.sin4.sin_family, SOCK_DGRAM, 0);
 
-    if(s<0) {
-      int err = errno;
-      g_log<<Logger::Error<<"Unable to acquire UDP socket: "+stringerror(err) << endl;
-      throw PDNSException("Unable to acquire a UDP socket: "+stringerror(err));
+    if(s < 0) {
+      if(errno == EAFNOSUPPORT) {
+        g_log<<Logger::Error<<"Binding "<<locala.toStringWithPort()<<": Address Family is not supported - skipping bind" << endl;
+        return;
+      }
+      throw PDNSException("Unable to acquire a UDP socket: "+stringerror());
     }
-  
+
     setCloseOnExec(s);
-  
     if(!setNonBlocking(s))
-      throw PDNSException("Unable to set UDP socket to non-blocking: "+stringerror());
-
-    locala=ComboAddress(localname, ::arg().asNum("local-port"));
+      throw PDNSException("Unable to set UDP socket " + locala.toStringWithPort() + " to non-blocking: "+stringerror());
 
-    if(locala.sin4.sin_family != AF_INET)
-      throw PDNSException("Attempting to bind IPv4 socket to IPv6 address");
-
-    if(IsAnyAddress(locala))
+    if(IsAnyAddress(locala)) {
       setsockopt(s, IPPROTO_IP, GEN_IP_PKTINFO, &one, sizeof(one));
+      if (locala.isIPv6()) {
+        setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, &one, sizeof(one));      // if this fails, we report an error in tcpreceiver too
+#ifdef IPV6_RECVPKTINFO
+        setsockopt(s, IPPROTO_IPV6, IPV6_RECVPKTINFO, &one, sizeof(one));
+#endif
+      }
+    }
 
     if (!setSocketTimestamps(s))
-      g_log<<Logger::Warning<<"Unable to enable timestamp reporting for socket"<<endl;
+      g_log<<Logger::Warning<<"Unable to enable timestamp reporting for socket "<<locala.toStringWithPort()<<endl;
 
     if (locala.isIPv4()) {
       try {
@@ -140,8 +143,7 @@ void UDPNameserver::bindIPv4()
 #endif
 
     if( ::arg().mustDo("non-local-bind") )
-	Utility::setBindAny(AF_INET, s);
-
+      Utility::setBindAny(locala.sin4.sin_family, s);
 
     if( !d_additional_socket )
         g_localaddresses.push_back(locala);
@@ -150,7 +152,7 @@ void UDPNameserver::bindIPv4()
       string binderror = stringerror();
       close(s);
       if( errno == EADDRNOTAVAIL && ! ::arg().mustDo("local-address-nonexist-fail") ) {
-        g_log<<Logger::Error<<"IPv4 Address " << localname << " does not exist on this server - skipping UDP bind" << endl;
+        g_log<<Logger::Error<<"Address " << locala << " does not exist on this server - skipping UDP bind" << endl;
         continue;
       } else {
         g_log<<Logger::Error<<"Unable to bind UDP socket to '"+locala.toStringWithPort()+"': "<<binderror<<endl;
@@ -158,12 +160,12 @@ void UDPNameserver::bindIPv4()
       }
     }
     d_sockets.push_back(s);
-    g_log<<Logger::Error<<"UDP server bound to "<<locala.toStringWithPort()<<endl;
     struct pollfd pfd;
     pfd.fd = s;
     pfd.events = POLLIN;
     pfd.revents = 0;
     d_rfds.push_back(pfd);
+    g_log<<Logger::Error<<"UDP server bound to "<<locala.toStringWithPort()<<endl;
   }
 }
 
@@ -199,79 +201,6 @@ bool AddressIsUs(const ComboAddress& remote)
   return false;
 }
 
-
-void UDPNameserver::bindIPv6()
-{
-  vector<string> locals;
-  stringtok(locals,::arg()["local-ipv6"]," ,");
-  int one=1;
-
-  if(locals.empty())
-    return;
-
-  int s;
-  for(vector<string>::const_iterator i=locals.begin();i!=locals.end();++i) {
-    string localname(*i);
-
-    s=socket(AF_INET6,SOCK_DGRAM,0);
-    if(s<0) {
-      if( errno == EAFNOSUPPORT ) {
-        g_log<<Logger::Error<<"IPv6 Address Family is not supported - skipping UDPv6 bind" << endl;
-        return;
-      } else {
-        g_log<<Logger::Error<<"Unable to acquire a UDPv6 socket: "+stringerror() << endl;
-        throw PDNSException("Unable to acquire a UDPv6 socket: "+stringerror());
-      }
-    }
-
-    setCloseOnExec(s);
-    if(!setNonBlocking(s))
-      throw PDNSException("Unable to set UDPv6 socket to non-blocking: "+stringerror());
-
-    ComboAddress locala(localname, ::arg().asNum("local-port"));
-    
-    if(IsAnyAddress(locala)) {
-      setsockopt(s, IPPROTO_IP, GEN_IP_PKTINFO, &one, sizeof(one));     // linux supports this, so why not - might fail on other systems
-#ifdef IPV6_RECVPKTINFO
-      setsockopt(s, IPPROTO_IPV6, IPV6_RECVPKTINFO, &one, sizeof(one)); 
-#endif
-      setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, &one, sizeof(one));      // if this fails, we report an error in tcpreceiver too
-    }
-
-    if (!setSocketTimestamps(s))
-      g_log<<Logger::Warning<<"Unable to enable timestamp reporting for socket"<<endl;
-
-#ifdef SO_REUSEPORT
-    if( d_can_reuseport )
-        if( setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &one, sizeof(one)) )
-          d_can_reuseport = false;
-#endif
-
-    if( ::arg().mustDo("non-local-bind") )
-	Utility::setBindAny(AF_INET6, s);
-
-    if( !d_additional_socket )
-        g_localaddresses.push_back(locala);
-    if(::bind(s, (sockaddr*)&locala, locala.getSocklen())<0) {
-      close(s);
-      if( errno == EADDRNOTAVAIL && ! ::arg().mustDo("local-ipv6-nonexist-fail") ) {
-        g_log<<Logger::Error<<"IPv6 Address " << localname << " does not exist on this server - skipping UDP bind" << endl;
-        continue;
-      } else {
-        g_log<<Logger::Error<<"Unable to bind to UDPv6 socket "<< localname <<": "<<stringerror()<<endl;
-        throw PDNSException("Unable to bind to UDPv6 socket");
-      }
-    }
-    d_sockets.push_back(s);
-    struct pollfd pfd;
-    pfd.fd = s;
-    pfd.events = POLLIN;
-    pfd.revents = 0;
-    d_rfds.push_back(pfd);
-    g_log<<Logger::Error<<"UDPv6 server bound to "<<locala.toStringWithPort()<<endl;
-  }
-}
-
 UDPNameserver::UDPNameserver( bool additional_socket )
 {
 #ifdef SO_REUSEPORT
@@ -280,13 +209,10 @@ UDPNameserver::UDPNameserver( bool additional_socket )
   // Are we the main socket (false) or a rebinding using SO_REUSEPORT ?
   d_additional_socket = additional_socket;
 
-  if(!::arg()["local-address"].empty())
-    bindIPv4();
-  if(!::arg()["local-ipv6"].empty())
-    bindIPv6();
-
-  if(::arg()["local-address"].empty() && ::arg()["local-ipv6"].empty()) 
+  if(::arg()["local-address"].empty())
     g_log<<Logger::Critical<<"PDNS is deaf and mute! Not listening on any interfaces"<<endl;    
+
+  bindAddresses();
 }
 
 void UDPNameserver::send(DNSPacket& p)
diff --git a/pdns/nameserver.hh b/pdns/nameserver.hh
index d879fa5403..d592345ade 100644
--- a/pdns/nameserver.hh
+++ b/pdns/nameserver.hh
@@ -97,8 +97,7 @@ private:
   bool d_can_reuseport;
 #endif
   vector<int> d_sockets;
-  void bindIPv4();
-  void bindIPv6();
+  void bindAddresses();
   vector<pollfd> d_rfds;
 };
 
diff --git a/pdns/tcpreceiver.cc b/pdns/tcpreceiver.cc
index 5634318ded..b49b362d3c 100644
--- a/pdns/tcpreceiver.cc
+++ b/pdns/tcpreceiver.cc
@@ -1196,125 +1196,67 @@ TCPNameserver::TCPNameserver()
   d_connectionroom_sem = make_unique<Semaphore>( ::arg().asNum( "max-tcp-connections" ));
   d_maxTCPConnections = ::arg().asNum( "max-tcp-connections" );
   d_tid=0;
+
   vector<string>locals;
   stringtok(locals,::arg()["local-address"]," ,");
-
-  vector<string>locals6;
-  stringtok(locals6,::arg()["local-ipv6"]," ,");
-
-  if(locals.empty() && locals6.empty())
-    throw PDNSException("No local address specified");
+  if(locals.empty())
+    throw PDNSException("No local addresses specified");
 
   d_ng.toMasks(::arg()["allow-axfr-ips"] );
 
   signal(SIGPIPE,SIG_IGN);
 
-  for(vector<string>::const_iterator laddr=locals.begin();laddr!=locals.end();++laddr) {
-    int s=socket(AF_INET,SOCK_STREAM,0); 
-    
-    if(s<0) 
-      throw PDNSException("Unable to acquire TCP socket: "+stringerror());
+  for(auto const &laddr : locals) {
+    ComboAddress local(laddr, ::arg().asNum("local-port"));
 
+    int s=socket(local.sin4.sin_family, SOCK_STREAM, 0);
+    if(s<0)
+      throw PDNSException("Unable to acquire TCP socket: "+stringerror());
     setCloseOnExec(s);
 
-    ComboAddress local(*laddr, ::arg().asNum("local-port"));
-      
     int tmp=1;
-    if(setsockopt(s,SOL_SOCKET,SO_REUSEADDR,(char*)&tmp,sizeof tmp)<0) {
+    if(setsockopt(s, SOL_SOCKET,SO_REUSEADDR, (char*)&tmp, sizeof tmp) < 0) {
       g_log<<Logger::Error<<"Setsockopt failed"<<endl;
-      _exit(1);  
+      _exit(1);
     }
 
     if (::arg().asNum("tcp-fast-open") > 0) {
 #ifdef TCP_FASTOPEN
       int fastOpenQueueSize = ::arg().asNum("tcp-fast-open");
       if (setsockopt(s, IPPROTO_TCP, TCP_FASTOPEN, &fastOpenQueueSize, sizeof fastOpenQueueSize) < 0) {
-        g_log<<Logger::Error<<"Failed to enable TCP Fast Open for listening socket: "<<stringerror()<<endl;
+        g_log<<Logger::Error<<"Failed to enable TCP Fast Open for listening socket "<<local.toStringWithPort()<<": "<<stringerror()<<endl;
       }
 #else
       g_log<<Logger::Warning<<"TCP Fast Open configured but not supported for listening socket"<<endl;
 #endif
     }
 
-    if( ::arg().mustDo("non-local-bind") )
-	Utility::setBindAny(AF_INET, s);
+    if(::arg().mustDo("non-local-bind"))
+      Utility::setBindAny(local.sin4.sin_family, s);
+
+    if(local.isIPv6() && setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, &tmp, sizeof(tmp)) < 0) {
+      g_log<<Logger::Error<<"Failed to set IPv6 socket to IPv6 only, continuing anyhow: "<<stringerror()<<endl;
+    }
 
     if(::bind(s, (sockaddr*)&local, local.getSocklen())<0) {
       int err = errno;
       close(s);
       if( err == EADDRNOTAVAIL && ! ::arg().mustDo("local-address-nonexist-fail") ) {
-        g_log<<Logger::Error<<"IPv4 Address " << *laddr << " does not exist on this server - skipping TCP bind" << endl;
+        g_log<<Logger::Error<<"Address " << local.toString() << " does not exist on this server - skipping TCP bind" << endl;
         continue;
       } else {
-        g_log<<Logger::Error<<"Unable to bind to TCP socket " << *laddr << ": "<<stringerror(err)<<endl;
+        g_log<<Logger::Error<<"Unable to bind to TCP socket " << local.toStringWithPort() << ": "<<stringerror(err)<<endl;
         throw PDNSException("Unable to bind to TCP socket");
       }
     }
-    
-    listen(s,128);
-    g_log<<Logger::Error<<"TCP server bound to "<<local.toStringWithPort()<<endl;
-    d_sockets.push_back(s);
-    struct pollfd pfd;
-    memset(&pfd, 0, sizeof(pfd));
-    pfd.fd = s;
-    pfd.events = POLLIN;
-
-    d_prfds.push_back(pfd);
-  }
 
-  for(vector<string>::const_iterator laddr=locals6.begin();laddr!=locals6.end();++laddr) {
-    int s=socket(AF_INET6,SOCK_STREAM,0); 
-
-    if(s<0) 
-      throw PDNSException("Unable to acquire TCPv6 socket: "+stringerror());
-
-    setCloseOnExec(s);
-
-    ComboAddress local(*laddr, ::arg().asNum("local-port"));
-
-    int tmp=1;
-    if(setsockopt(s,SOL_SOCKET,SO_REUSEADDR,(char*)&tmp,sizeof tmp)<0) {
-      g_log<<Logger::Error<<"Setsockopt failed"<<endl;
-      _exit(1);  
-    }
-
-    if (::arg().asNum("tcp-fast-open") > 0) {
-#ifdef TCP_FASTOPEN
-      int fastOpenQueueSize = ::arg().asNum("tcp-fast-open");
-      if (setsockopt(s, IPPROTO_TCP, TCP_FASTOPEN, &fastOpenQueueSize, sizeof fastOpenQueueSize) < 0) {
-        g_log<<Logger::Error<<"Failed to enable TCP Fast Open for listening socket: "<<stringerror()<<endl;
-      }
-#else
-      g_log<<Logger::Warning<<"TCP Fast Open configured but not supported for listening socket"<<endl;
-#endif
-    }
-
-    if( ::arg().mustDo("non-local-bind") )
-	Utility::setBindAny(AF_INET6, s);
-    if(setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, &tmp, sizeof(tmp)) < 0) {
-      g_log<<Logger::Error<<"Failed to set IPv6 socket to IPv6 only, continuing anyhow: "<<stringerror()<<endl;
-    }
-    if(bind(s, (const sockaddr*)&local, local.getSocklen())<0) {
-      int err = errno;
-      close(s);
-      if( err == EADDRNOTAVAIL && ! ::arg().mustDo("local-ipv6-nonexist-fail") ) {
-        g_log<<Logger::Error<<"IPv6 Address " << *laddr << " does not exist on this server - skipping TCP bind" << endl;
-        continue;
-      } else {
-        g_log<<Logger::Error<<"Unable to bind to TCPv6 socket" << *laddr << ": "<<stringerror(err)<<endl;
-        throw PDNSException("Unable to bind to TCPv6 socket");
-      }
-    }
-    
-    listen(s,128);
-    g_log<<Logger::Error<<"TCPv6 server bound to "<<local.toStringWithPort()<<endl; // this gets %eth0 right
+    listen(s, 128);
+    g_log<<Logger::Error<<"TCP server bound to "<<local.toStringWithPort()<<endl;
     d_sockets.push_back(s);
-
     struct pollfd pfd;
     memset(&pfd, 0, sizeof(pfd));
     pfd.fd = s;
     pfd.events = POLLIN;
-
     d_prfds.push_back(pfd);
   }
 }
diff --git a/regression-tests.api/runtests.py b/regression-tests.api/runtests.py
index f9f4dba179..2ff41e5c25 100755
--- a/regression-tests.api/runtests.py
+++ b/regression-tests.api/runtests.py
@@ -147,7 +147,7 @@ if daemon == 'authoritative':
         pdns_conf.write(AUTH_CONF_TPL)
 
     run_check_call(PDNSUTIL_CMD + ["secure-zone", "powerdnssec.org"])
-    servercmd = [pdns_server] + common_args + ["--local-ipv6=", "--no-shuffle", "--dnsupdate=yes", "--cache-ttl=0", "--api=yes"]
+    servercmd = [pdns_server] + common_args + ["--no-shuffle", "--dnsupdate=yes", "--cache-ttl=0", "--api=yes"]
 
 else:
     conf_dir = 'rec-conf.d'
diff --git a/regression-tests.auth-py/authtests.py b/regression-tests.auth-py/authtests.py
index cedbb3a455..f91c03510f 100644
--- a/regression-tests.auth-py/authtests.py
+++ b/regression-tests.auth-py/authtests.py
@@ -29,7 +29,6 @@ class AuthTest(AssertEqualDNSMessageMixin, unittest.TestCase):
     _config_template_default = """
 module-dir=../regression-tests/modules
 daemon=no
-local-ipv6=
 bind-config={confdir}/named.conf
 bind-dnssec-db={bind_dnssec_db}
 socket-dir={confdir}
diff --git a/regression-tests.nobackend/counters/command b/regression-tests.nobackend/counters/command
index 6475101104..bea9c047c3 100755
--- a/regression-tests.nobackend/counters/command
+++ b/regression-tests.nobackend/counters/command
@@ -8,7 +8,7 @@ port=5600
 
 rm -f pdns*.pid
 
-$PDNS --daemon=no --local-ipv6=::1 --local-address=127.0.0.1 \
+$PDNS --daemon=no --local-address=127.0.0.1,::1 \
   --local-port=$port --socket-dir=./ --no-shuffle --launch=random --no-config \
   --module-dir=../regression-tests/modules &
 
diff --git a/regression-tests.nobackend/distributor/command b/regression-tests.nobackend/distributor/command
index aa57e5e456..e5a2ab1863 100755
--- a/regression-tests.nobackend/distributor/command
+++ b/regression-tests.nobackend/distributor/command
@@ -9,7 +9,7 @@ port=5600
 
 rm -f pdns*.pid
 
-$PDNS --daemon=no --local-ipv6=::1 --local-address=127.0.0.1 \
+$PDNS --daemon=no --local-address=127.0.0.1,::1 \
   --local-port=$port --socket-dir=./ --no-shuffle --launch=pipe --no-config \
   --module-dir=../regression-tests/modules --pipe-command=$(pwd)/distributor/slow.pl \
   --pipe-abi-version=5 \
diff --git a/regression-tests.nobackend/supermaster-signed/command b/regression-tests.nobackend/supermaster-signed/command
index ffb0da45c5..151c179e76 100755
--- a/regression-tests.nobackend/supermaster-signed/command
+++ b/regression-tests.nobackend/supermaster-signed/command
@@ -84,7 +84,7 @@ start_master()
 {
         $RUNWRAPPER $PDNS --daemon=no --local-port=$port --config-dir=. --module-dir=../regression-tests/modules \
                 --config-name=gsqlite3-master --socket-dir=./ --no-shuffle \
-                --master=yes --local-address=127.0.0.1 --local-ipv6='' \
+                --master=yes --local-address=127.0.0.1 \
                 --query-local-address=127.0.0.1 --cache-ttl=$cachettl --dname-processing --allow-axfr-ips= &
 }
 
@@ -93,7 +93,7 @@ start_slave()
         slaveport=53
 
         $RUNWRAPPER $PDNS2 --daemon=no --local-port=$slaveport --config-dir=. --module-dir=../regression-tests/modules \
-                --config-name=gsqlite3-slave --socket-dir=./ --no-shuffle --local-address=127.0.0.2 --local-ipv6='' \
+                --config-name=gsqlite3-slave --socket-dir=./ --no-shuffle --local-address=127.0.0.2 \
                 --slave --retrieval-threads=4 --slave=yes --superslave=yes --query-local-address=127.0.0.2 \
                 --slave-cycle-interval=300 --allow-unsigned-notify=no --allow-unsigned-supermaster=no &
 }
diff --git a/regression-tests.nobackend/supermaster-unsigned/command b/regression-tests.nobackend/supermaster-unsigned/command
index 6311fd2d01..a695c063d9 100755
--- a/regression-tests.nobackend/supermaster-unsigned/command
+++ b/regression-tests.nobackend/supermaster-unsigned/command
@@ -75,7 +75,7 @@ start_master()
 {
         $RUNWRAPPER $PDNS --daemon=no --local-port=$port --config-dir=. --module-dir=../regression-tests/modules \
                 --config-name=gsqlite3-master --socket-dir=./ --no-shuffle \
-                --master=yes --local-address=127.0.0.1 --local-ipv6= \
+                --master=yes --local-address=127.0.0.1 \
                 --query-local-address=127.0.0.1 --cache-ttl=$cachettl --dname-processing --allow-axfr-ips= &
 }
 
@@ -84,7 +84,7 @@ start_slave()
         slaveport=53
 
         $RUNWRAPPER $PDNS2 --daemon=no --local-port=$slaveport --config-dir=. --module-dir=../regression-tests/modules \
-                --config-name=gsqlite3-slave --socket-dir=./ --no-shuffle --local-address=127.0.0.2 --local-ipv6= \
+                --config-name=gsqlite3-slave --socket-dir=./ --no-shuffle --local-address=127.0.0.2 \
                 --slave --retrieval-threads=4 --slave=yes --superslave=yes --query-local-address=127.0.0.2 \
                 --slave-cycle-interval=300 --dname-processing &
 }
diff --git a/regression-tests.recursor-dnssec/recursortests.py b/regression-tests.recursor-dnssec/recursortests.py
index 9406f11eac..a6f688fc3d 100644
--- a/regression-tests.recursor-dnssec/recursortests.py
+++ b/regression-tests.recursor-dnssec/recursortests.py
@@ -401,7 +401,6 @@ options {
 module-dir=../regression-tests/modules
 launch=bind
 daemon=no
-local-ipv6=
 bind-config={confdir}/named.conf
 bind-dnssec-db={bind_dnssec_db}
 socket-dir={confdir}
@@ -489,6 +488,7 @@ distributor-threads={threads}""".format(confdir=confdir,
         authcmd = list(cls._auth_cmd)
         authcmd.append('--config-dir=%s' % confdir)
         authcmd.append('--local-address=%s' % ipaddress)
+        authcmd.append('--local-ipv6=')
         print(' '.join(authcmd))
 
         logFile = os.path.join(confdir, 'pdns.log')
diff --git a/regression-tests.recursor/config.sh b/regression-tests.recursor/config.sh
index 074b2159f9..97b505c086 100755
--- a/regression-tests.recursor/config.sh
+++ b/regression-tests.recursor/config.sh
@@ -512,6 +512,7 @@ module-dir=../../../regression-tests/modules
 launch=bind
 daemon=no
 local-address=$dir
+## TODO remove when switching circle-ci and travis to 4.3
 local-ipv6=
 bind-config=named.conf
 no-shuffle
@@ -522,7 +523,6 @@ query-cache-ttl=0
 distributor-threads=1
 
 EOF
-
     if [ -e $dir/prequery.lua ]
     then
         echo 'lua-prequery-script=prequery.lua' >> $dir/pdns.conf
-- 
2.47.2