how to make resolver ask for A record before AAAA record
Anyone know how to configure the resolver to ask for an A record before it asks for an AAAA record? I don't want to disable IPv6. I just want to prefer IPv4 over IPv6 (because for now I do not have IPv6 connectivity to the internet and even when I do I may likely not want to use it for everything for a while, like it being a low bandwidth tunnel or something).
The resolver is version 9.6.1.dfsg.P1-3ubuntu0.3. So unless the Ubuntu maintainers broke this, it should be a resolver/BIND9 issue rather than an Ubuntu issue. |
Type on root console:
tcpdump -nn port 53 And check first what really is happening with your DNS requests. |
Quote:
Code:
14:35:45.065118 IP 172.30.72.1.59404 > 172.30.0.4.53: 43074+ AAAA? www.ham.org. (29) If the queried host does have an AAAA record, then it will get a positive response and attempt to connect to an IPv6 address which cannot be reached. The application would then have to query again and in a way to force looking for only an A record to be able to connect. Until there is a solution to this resolver misbehaviour, I will not want to put AAAA records on my server hostnames once I am connected via IPv6 to the internet, to avoid problems with users connecting to my servers. |
Strange on my Fedora, where I have IPv4 and IPv6 the first query goes to v4=A and then AAAA.
Can you post output for "ifconfig <interface>" Also can you tell, what was sending these DNS requests? |
The default is to try an A query before an AAAA (see resolv.conf man page)
Anyway you might use: Code:
options single-request Regards |
bathory...
Just tried that, but there is no change. What does that do? It's not documented in "man resolv.conf". nimnull22... Yes, that is my understanding of what it SHOULD do (A before AAAA) based on the man page. But maybe it got compiled to change the default to "options inet6" ... which means there needs to be a way to revert that by configuration (e.g. "options inet4" or options "inet"). IMHO, there should be several options: "4only", "4then6", "6only", "6then4" or however they might want to express it. The query results appear to happen with every program I run, except for specific DNS tools that do their own thing instead of using the resolver. It is definitely doing it for Firefox. I have been doing the testing with "telnet www.ham.org 99" which gets me a "connection refused" once it gets the IPv4 address (there is no AAAA record for that host ... yet). Here is output from "ifconfig etho": Code:
altair/root /root 329# ifconfig eth0 Maybe Ubuntu maintainers for the BIND9/resolver package did something goofy? This is on Ubuntu 9.10 Karmic, and is also seen on Ubuntu 9.10 server. |
First of all, you have to understand that DNS QUERY can make any program. In case if you talk about Firefox, there is special option in it, to prevent use IPv6 dns.
I do not think that "nslookup www.com 208.67.222.222" will ask AAAA first. Try. |
I tried "nslookup www.com 208.67.222.222" and as you and I both expected (for me, because it is a DNS tool) it only queried for an A record.
But "ordinary" programs seem to be using the resolver and that is querying for AAAA records first. And it clearly is the resolver doing it because I changed "/etc/resolv.conf" to literally have "search example.com" and the 2nd of the 2 AAAA queries does have "example.com" appended. So it or something clearly read the "/etc/resolv.conf" file. Code:
altair/root /root 155# cat /etc/resolv.conf |
Here is the significant part of the output of strace when running "telnet www.ham.org 99" with it:
Code:
16:07:13.635844 stat("/etc/resolv.conf", {st_mode=S_IFREG|0644, st_size=85, ...}) = 0 Code:
16:07:13.637058 IP 172.30.72.1.51041 > 172.30.0.4.53: 19611+ AAAA? www.ham.org. (29) |
Tell please, if you do "telnet www.yandex.com 80", what query will be the first A or AAAA?
Actually, please send output of "route -n" Thanks. P.S. And "ifconfig lo" also. Thanks |
Code:
16:18:00.710527 IP 172.30.72.1.33523 > 172.30.0.4.53: 5528+ AAAA? www.yandex.com. (32) |
Please send output of "route -n"
And "ifconfig lo" also. Thanks |
I replaced the first 16 bits of our public IP address with XXX.YY since this is a public forum.
Code:
altair/root /root 340# route -n |
And last question. There is file in /etc - host.conf and nsswitch.conf. Can you post their content, please.
Thanks |
Code:
altair/root /root 347# cat /etc/host.conf |
All times are GMT -5. The time now is 08:04 PM. |