Hello! I am having a strange issue with CentOS 5.4 that I cannot seem to solve. Every DNS lookup results in AAAA records being requested first before A records. As a result, this causes a large amount of unnecessary DNS traffic on the network. IPv6 has been completely disabled on these servers: /etc/modprobe.conf, ipv6 off and net-pf-10 off /etc/sysconfig/network, NETWORKING_IPV6=no lsmod | grep ipv6 shows the kernel module no longer loaded. Yet watching TCP dump shows that AAAA records are requested before A records every time a login is requested from one of our local machines to another. Is there some sort of configuration directive I can use to force IPv4 lookups first before IPv6? Or even better, stop IPv6 lookups all together?
Adam Tauno Williams
2011-Apr-04 15:50 UTC
[CentOS] Forcing IPv4 DNS lookups first before IPv6
On Mon, 2011-04-04 at 09:51 -0500, Russell Jones wrote:> Hello! > I am having a strange issue with CentOS 5.4 that I cannot seem to solve. > Every DNS lookup results in AAAA records being requested first before A > records. As a result, this causes a large amount of unnecessary DNS > traffic on the network. IPv6 has been completely disabled on these servers:Doubtful, if you are seeing AAAA lookups. Does "ip addr" show any IPv6 interfaces?> /etc/modprobe.conf, ipv6 off and net-pf-10 off > /etc/sysconfig/network, NETWORKING_IPV6=no > lsmod | grep ipv6 shows the kernel module no longer loaded. > Yet watching TCP dump shows that AAAA records are requested before A > records every time a login is requested from one of our local machines > to anotherYou *only* sees these for login? Perhaps some authentication module you are using is causing them to happen?> Is there some sort of configuration directive I can use to > force IPv4 lookups first before IPv6? Or even better, stop IPv6 lookups > all together?I don't believe you see IPv6 lookups from the normal resolver libraries unless there is at least one active IPv6 interface.
On Mon, Apr 4, 2011 at 10:51 AM, Russell Jones <rjones at eggycrew.com> wrote:> > I am having a strange issue with CentOS 5.4 that I cannot seem to solve. > > Every DNS lookup results in AAAA records being requested first before A > records. As a result, this causes a large amount of unnecessary DNS > traffic on the network. IPv6 has been completely disabled on these servers: > > /etc/modprobe.conf, ipv6 off and net-pf-10 off > /etc/sysconfig/network, NETWORKING_IPV6=no > > lsmod | grep ipv6 shows the kernel module no longer loaded. > > Yet watching TCP dump shows that AAAA records are requested before A > records every time a login is requested from one of our local machines > to another. Is there some sort of configuration directive I can use to > force IPv4 lookups first before IPv6? Or even better, stop IPv6 lookups > all together?Disabling ipv6 transport cannot prevent applications from making ipv6 queries - short of recompiling them as ipv4-only applications or having applications check whether there is a non-link-local ipv6 address before making an ipv6 query. I've seen these checks discussed but I don't think that they've been implemented - or, if they've been implemented, backported to CentOS 5. It's been going on for a while: https://www.redhat.com/archives/redhat-list/2009-March/msg00067.html