how to make resolver ask for A record before AAAA record
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
how to make resolver ask for A record before AAAA record
Anyone know how to configure the resolver to ask for an A record before it asks for an AAAA record? I don't want to disable IPv6. I just want to prefer IPv4 over IPv6 (because for now I do not have IPv6 connectivity to the internet and even when I do I may likely not want to use it for everything for a while, like it being a low bandwidth tunnel or something).
The resolver is version 9.6.1.dfsg.P1-3ubuntu0.3. So unless the Ubuntu maintainers broke this, it should be a resolver/BIND9 issue rather than an Ubuntu issue.
And check first what really is happening with your DNS requests.
Already did that. Queries are for AAAA records first. The caching server dutifully tries and gets a negative answer and returns that. Then a query is made for an A record. The answer to that is provided. But, so you can see, I captured one:
Code:
14:35:45.065118 IP 172.30.72.1.59404 > 172.30.0.4.53: 43074+ AAAA? www.ham.org. (29)
14:35:45.833519 IP 172.30.0.4.53 > 172.30.72.1.59404: 43074 0/1/0 (88)
14:35:45.833866 IP 172.30.72.1.55554 > 172.30.0.4.53: 875+ AAAA? www.ham.org.example.com. (41)
14:35:46.720186 IP 172.30.0.4.53 > 172.30.72.1.55554: 875 0/0/0 (41)
14:35:46.723638 IP 172.30.72.1.53017 > 172.30.0.4.53: 29772+ A? www.ham.org. (29)
14:35:46.724433 IP 172.30.0.4.53 > 172.30.72.1.53017: 29772 1/3/0 A 72.232.245.28 (99)
The above is an actual query with "example.com" substituted for the search domain, using the actual addresses in private IP space (172.30.72.1 is my laptop and 172.30.0.{4,5,6} being the local caching servers as given on "nameserver" lines in /etc/resolv.conf).
If the queried host does have an AAAA record, then it will get a positive response and attempt to connect to an IPv6 address which cannot be reached. The application would then have to query again and in a way to force looking for only an A record to be able to connect. Until there is a solution to this resolver misbehaviour, I will not want to put AAAA records on my server hostnames once I am connected via IPv6 to the internet, to avoid problems with users connecting to my servers.
Just tried that, but there is no change. What does that do? It's not documented in "man resolv.conf".
nimnull22...
Yes, that is my understanding of what it SHOULD do (A before AAAA) based on the man page. But maybe it got compiled to change the default to "options inet6" ... which means there needs to be a way to revert that by configuration (e.g. "options inet4" or options "inet"). IMHO, there should be several options: "4only", "4then6", "6only", "6then4" or however they might want to express it.
The query results appear to happen with every program I run, except for specific DNS tools that do their own thing instead of using the resolver. It is definitely doing it for Firefox. I have been doing the testing with "telnet www.ham.org 99" which gets me a "connection refused" once it gets the IPv4 address (there is no AAAA record for that host ... yet).
Yes, there are Scope:Global IPv6 addresses configured. But that's not sufficient justification for the resolver to change the default. I'm doing lots of tests to determine IPv6 issues like this one I'm dealing with now (saw it a couple weeks ago but it only now reached the top of the issue stack).
Maybe Ubuntu maintainers for the BIND9/resolver package did something goofy? This is on Ubuntu 9.10 Karmic, and is also seen on Ubuntu 9.10 server.
First of all, you have to understand that DNS QUERY can make any program. In case if you talk about Firefox, there is special option in it, to prevent use IPv6 dns.
I do not think that "nslookup www.com 208.67.222.222" will ask AAAA first. Try.
I tried "nslookup www.com 208.67.222.222" and as you and I both expected (for me, because it is a DNS tool) it only queried for an A record.
But "ordinary" programs seem to be using the resolver and that is querying for AAAA records first. And it clearly is the resolver doing it because I changed "/etc/resolv.conf" to literally have "search example.com" and the 2nd of the 2 AAAA queries does have "example.com" appended. So it or something clearly read the "/etc/resolv.conf" file.
Nearly next on my list of things to try is IPv6 addresses in "/etc/resolv.conf" (my DNS caching servers do also have unique local addresses configured in fc00::/7 space). But I suspect that won't help this problem.
altair/root /root 347# cat /etc/host.conf
# The "order" line is only used by old versions of the C library.
order hosts,bind
multi on
altair/root /root 348# cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: compat
group: compat
shadow: compat
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
altair/root /root 349#
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.