Can you change this:
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 to hosts: files dns mdns4_minimal [NOTFOUND=return] May be this can help, because everything else exactly what I have. And can you tell, how many programs really use IPv6 dns query? |
I changed /etc/nsswitch.conf to:
Code:
# /etc/nsswitch.conf Code:
altair/phil /home/phil 183> telnet www.ham.org 99 Code:
altair/root /home/root/system-install-trees 394# diff /home/root/servers/marconi/2010-02-18-114508/etc/nsswitch.conf /home/root/servers/marconi/2010-02-18-123051/etc/nsswitch.conf Code:
# /etc/nsswitch.conf Code:
16:56:15.260109 IP 172.30.72.1.47475 > 172.30.0.4.53: 4660+ AAAA? www.ham.org. (29) |
You know, right now I boot to Fedora 12, where I have IPv6 and IPv4 enabled. And have done the same things:
telnet www.yandex.ru 80 18:22:11.020068 IP 192.168.2.5.44803 > 192.168.2.1.53: 51293+ A? www.yandex.ru. (31) 18:22:11.020078 IP 192.168.2.5.44803 > 192.168.2.1.53: 12001+ AAAA? www.yandex.ru. (31) I use local cache/dns, but it doesn't make any difference. My telnet sends first A and then AAAA request. So, I think, you have found new and one more bug. |
About single-request:
It's a feature added in glibc 2.10 and it's supposed to improve dns resolution by selecting whichever protocol (ipv4 or ipv6) works better. Regards |
Quote:
If one wants to spend some time sifting through the joys of IPv6 and BIND behavior, they should read this: http://www.linuxquestions.org/questi...e-13.0-775376/ The last 2.5 pages are a little more informative. That situation was one where a DSL modem/wireless device was defective, but the underlying troubleshooting would suit this situation well enough. Although we couldn't prove it outright, it appeared that when AAAA records were requested first, the response was always 1.0.0.0 for the A record. It was pretty bizarre. Skaperen, is there an actual issue with this? I have seen the AAAA record request being sent first on my systems, and never perceived any performance degradation. It seldom happens on my systems, however. If you find a solution for forcing A record requests first, I'd appreciate that info. It's not as if I need it, but it's more of a curiosity thing. ***EDIT -- I just read your post a little more closely, bathory, and see now that it was intended for resolv.conf, rather than the bind configuration file, where there was a similar option I tried. I'll give that a try to see if there is any difference in my queries. |
Be sure to see UPDATE at the end of this post.
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
At that point, if the application is coded to do so, it could presume that it's just an IPv6 failure and make a specific request to the resolver to get ONLY an A record and try to make the IPv4 connection. I don't know how many applications know to do this. I'm not even sure the resolver library has the means to be asked for just A records or just the inet4 family address. Anyway, the problem (when dealing with hosts that have both A and AAAA records) at best will be a time delay making connections, and at worst no connection at all. Quote:
UPDATE I am at home now, where I have a spare netbook I can reboot as desired without work loss, and even re-install without data loss, if needed. I just booted up Ubuntu 9.10 desktop in Live mode (from a USB memory stick written using dd with an image I created). I supplied my WLAN credentials to it to get net access. I ran tcpdump to watch the port 53 traffic, and ran the same "telnet www.ham.org 99" command as earlier at work. There were two queries instead of three, without the one that had the local domain appended (there isn't one on the Live Ubuntu). The query for AAAA came first and the query for A came second. So it appears to be something Ubuntu or maybe Debian did. And you could probably reproduce this without having to install Ubuntu. I had posted this same issue on the ubuntuforums.org site, which so far has 59 views and 0 responses. I suppose I will need to file a bug report, and check the 10.04 Alpha to see if it also does the same thing. FYI, I don't care what the default is. But there needs to be an administrative control knob to change whether it is "A then AAAA" or "AAAA then A" since both ways have failure scenarios. It would have been better if the DNS protocol had added a special record type just for queries that means "give me both A and AAAA" that would have behaved different than the "ANY" (which is the wrong way to get both A and AAAA since if partial data is cached, it only gives what is cached and does not go to the authoritative server for the other records). Maybe I should have a look at Fedora. I used it at my previous job, and aside from an occasional severe hosing of yum, I was happy with it. That was Fedora 8, and hopefully that issue has been corrected by now. But I'll probably have to figure out a different way to build a bootable flash memory stick or memory card drive image than I did with Ubuntu and Easypeasy which was based on casper (note, this was a process to build an image, NOT copy files to a FAT drive that unetbootin does). |
Quote:
|
I've been capturing the DNS traffic from my Ubuntu 9.10 laptop to the Vyatta firewall/router that has dnsmasq set up, and does the querying for the network here.
I've seen one AAAA record query in the last 2.5 hours, out of how many total, I am not sure. The file I am dumping tcpdump into is around 400K, although it is a little more detailed a capture, it's still singularly port 53 though. Hmmnn...my environment doesn't quite match yours, obviously, as I do not have IPv6 addresses assigned. Perhaps I'll set up the dhcp server for IPv6, but that probably won't be until tomorrow. I'm almost out to the door to go hang out with some friends at the bar. I've got another vyatta router set up that I might use for testing. I have zero experience with IPv6, but what the hell. I also have another laptop with Ubuntu 9.10 installed too, so I can somewhat emulate your environment. |
devwatchdog...
I have noticed that if I unconfigure all the Scope:Global IPv6 addresses from all interfaces, I don't see queries for AAAA records ... at least on installed systems. The live CD system was an exception. Try manually configuring a static temporary ULA IPv6 address: Code:
ifconfig eth0 add fc00::1/64 Yes, I saw that. That's why I may have a look at Fedora. As things are going, it would not be Fedora everywhere. But maybe on my desktop. |
Quote:
Code:
wlan0 Link encap:Ethernet HWaddr 00:c0:ca:19:ae:20 heh. Not terribly surprising I suppose. At least we're consistent. I did add the option that bathory suggested to resolv.conf, and I'm still seeing the same behavior. After more or less going down this road in that other thread I posted, where trying to figure out how to force the A record query first proved to be futile. I'll take another spin through documentation and see if I can find something that works. I'm not so sure that these are actual bugs per se. The inability to dictate the order is a PITA, but I would think it would take a spin through the RFC documents to determine if the behavior we see is outside of the standards. I might set up some IPv6 networking here as well to gain some knowledge. I'll be working with it at one point or another, and potentially soon. After reading through some of the documentation, I'll admit I have plenty to learn about it. Something that I found curious was that there is no longer arp traffic in IPv6. Anyhow, I'll see if I can find something to solve the ordering issue. |
If you don't have internet IPv6 connectivity, then hope that your router will at least give you a network unreachable return packet so the application will quickly revert to IPv4.
My read of the RFCs was that administrative control was required. If it isn't the default, having "options inet6" in /etc/resolv.conf would satisfy that requirement. Making it the default without an option to change it would not. It looks like the "something" that solves the ordering issue is Fedora or Slackware. I'm sure a few others will, too. Despite all this thread, it really isn't that big of an issue. I can manage my own network to make sure IPv6 to undeployed and unrouted networks gets the appropriate negative response. I'm NOT annoyed that Ubuntu or Debian packagers decided to alter this (eventually everyone needs to do this). Instead, I am annoyed that a way to set it to IPv4 (how about "options inet4" or "options noinet6") was not also added in when they changed the default. Better, yet, I'd prefer to see "options inet4-only" and "options inet6-only" and "options inet4-inet6" and "options inet6-inet4". I see this as a bug and see adding the options as the best fix. |
All times are GMT -5. The time now is 11:17 AM. |