When looking in the querylog for BIND 9.3.1 running on FreeBSD 5.4, almost every other log entry specifies an AAAA query. The only client is localhost. I see no reason right now to have BIND wasting resources on IPv6 requests, so I added named_flags="-4" to rc.conf and restarted named. Sockstat tells me named is listening only on udp4 and tcp4, but I still get lots of AAAA entries in the querylog: 12-Sep-2007 21:40:47.129 client 127.0.0.1#60103: query: smtp.secureserver.net IN AAAA + 12-Sep-2007 21:40:47.648 client 127.0.0.1#64489: query: smtp.where.secureserver.net IN AAAA + 12-Sep-2007 21:40:47.847 client 127.0.0.1#61673: query: smtp.secureserver.net IN A + 12-Sep-2007 21:40:47.869 client 127.0.0.1#53040: query: mailstore1.secureserver.net IN AAAA + 12-Sep-2007 21:40:47.871 client 127.0.0.1#54473: query: mailstore1.secureserver.net IN A + 12-Sep-2007 21:40:58.261 client 127.0.0.1#58124: query: 120.86.248.87.in-addr.arpa IN PTR + 12-Sep-2007 21:40:58.340 client 127.0.0.1#56511: query: static-ip-87-248-86-120.promax.media.pl IN AAAA + 12-Sep-2007 21:40:58.410 client 127.0.0.1#61212: query: static-ip-87-248-86-120.promax.media.pl IN A + What can I do to get rid of these? -- Andreas
On Wednesday 12 September 2007, Andreas Pettersson wrote:> When looking in the querylog for BIND 9.3.1 running on FreeBSD 5.4, > almost every other log entry specifies an AAAA query. The only client > is localhost. I see no reason right now to have BIND wasting resources > on IPv6 requests, so I added > > named_flags="-4" > > to rc.conf and restarted named. Sockstat tells me named is listening > only on udp4 and tcp4, but I still get lots of AAAA entries in the > querylog:...> What can I do to get rid of these?Change your resolver. The name*server* can nothing do about what the *client* asks of them. The fact that you connect to a nameserver via IPv4 says nothing about what kind of queries you want to send to it. At the moment you can't change the behavior of the resolver in libc and (as far as I know) that of the isc implementation either. There has been a discussion to provide a environment variable to emit only IPv4 queries, though. -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: This is a digitally signed message part. Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20070912/4727fd64/attachment.pgp
On Wed, Sep 12, 2007 at 09:45:21PM +0200, Andreas Pettersson wrote:> When looking in the querylog for BIND 9.3.1 running on FreeBSD 5.4, almost > every other log entry specifies an AAAA query. The only client is > localhost. I see no reason right now to have BIND wasting resources on IPv6 > requests, so I added > > named_flags="-4" > > to rc.conf and restarted named. Sockstat tells me named is listening only > on udp4 and tcp4, but I still get lots of AAAA entries in the querylog: > > 12-Sep-2007 21:40:47.129 client 127.0.0.1#60103: query: > smtp.secureserver.net IN AAAA + > 12-Sep-2007 21:40:47.648 client 127.0.0.1#64489: query: > smtp.where.secureserver.net IN AAAA + > 12-Sep-2007 21:40:47.847 client 127.0.0.1#61673: query: > smtp.secureserver.net IN A + > 12-Sep-2007 21:40:47.869 client 127.0.0.1#53040: query: > mailstore1.secureserver.net IN AAAA + > 12-Sep-2007 21:40:47.871 client 127.0.0.1#54473: query: > mailstore1.secureserver.net IN A + > 12-Sep-2007 21:40:58.261 client 127.0.0.1#58124: query: > 120.86.248.87.in-addr.arpa IN PTR + > 12-Sep-2007 21:40:58.340 client 127.0.0.1#56511: query: > static-ip-87-248-86-120.promax.media.pl IN AAAA + > 12-Sep-2007 21:40:58.410 client 127.0.0.1#61212: query: > static-ip-87-248-86-120.promax.media.pl IN A + > > What can I do to get rid of these?I'm not sure you can. This is how I understand it: The -4 switch just tells BIND, as a daemon, to only bind to/utilise IPv4 interfaces on your system. That means named -4 will only listen on IPv4 addresses (e.g. 127.0.0.1) and not things like ::1. That's completely separate from what *DNS records* BIND will see queries for -- you have no control over those. People can ask you for any type of DNS record (A, AAAA, MX, CNAME, NS, TXT, whatever...) and your daemon will respond for things it's authoritative for (or do recursive queries if configured to do so). In English: -4 won't completely remove IPv6-specific zone data/capability from BIND, it'll just cause the actual daemon to not bind to an IPv6 interface. -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB |
> When looking in the querylog for BIND 9.3.1 running on FreeBSD 5.4, > almost every other log entry specifies an AAAA query. The only client is > localhost. I see no reason right now to have BIND wasting resources on > IPv6 requests, so I added > > named_flags="-4" > > to rc.conf and restarted named. Sockstat tells me named is listening > only on udp4 and tcp4, but I still get lots of AAAA entries in the querylog: > > 12-Sep-2007 21:40:47.129 client 127.0.0.1#60103: query: > smtp.secureserver.net IN AAAA + > 12-Sep-2007 21:40:47.648 client 127.0.0.1#64489: query: > smtp.where.secureserver.net IN AAAA + > 12-Sep-2007 21:40:47.847 client 127.0.0.1#61673: query: > smtp.secureserver.net IN A + > 12-Sep-2007 21:40:47.869 client 127.0.0.1#53040: query: > mailstore1.secureserver.net IN AAAA + > 12-Sep-2007 21:40:47.871 client 127.0.0.1#54473: query: > mailstore1.secureserver.net IN A + > 12-Sep-2007 21:40:58.261 client 127.0.0.1#58124: query: > 120.86.248.87.in-addr.arpa IN PTR + > 12-Sep-2007 21:40:58.340 client 127.0.0.1#56511: query: > static-ip-87-248-86-120.promax.media.pl IN AAAA + > 12-Sep-2007 21:40:58.410 client 127.0.0.1#61212: query: > static-ip-87-248-86-120.promax.media.pl IN A + > > What can I do to get rid of these?Teach each and every application not to make them. :-) -4 stops named *making* and accepting queries *over* IPv6. It does NOT stop it accepting AAAA queries. It does NOT stop it making AAAA queries. Why don't you go the other way and get yourself IPv6 connectivity. You do realise that you will require it to reach many sites in about 3 years time as they will be IPv6 only (new IPv4 address space is running out real soon now). Running dual stacked now is how you debug you system. If you ISP doesn't yet offer IPv6 natively there are lots of alternate method. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 17 Sep 2007 21:10+1000, Aristedes Maniatis wrote:> http://www.ipv6.org.au/summit/speakers.htmlThe IPv6 routing is misconfigured at a particular point: $ traceroute6 www.ipv6.org.au traceroute6 to www.ipv6.org.au (2001:388:f000::7cd) from 2001:700:1100:1:250:4ff:fe43:9d15, 64 hops max, 12 byte packets ... 17 p4-0.aarnet.plalca01.us.bb.gin.ntt.net 352.189 ms 352.374 ms 352.151 ms 18 so-3-2-0.bb1.a.syd.aarnet.net.au 345.747 ms 345.714 ms 346.015 ms 19 broker1.a.syd.aarnet.net.au 351.585 ms 351.735 ms 351.495 ms 20 ge-1-0-0.bb1.a.syd.aarnet.net.au 342.427 ms 342.349 ms 342.470 ms 21 broker1.a.syd.aarnet.net.au 351.625 ms 357.724 ms 353.034 ms 22 ge-1-0-0.bb1.a.syd.aarnet.net.au 342.548 ms 342.515 ms 344.867 ms 23 broker1.a.syd.aarnet.net.au 351.741 ms 351.707 ms 351.623 ms 24 ge-1-0-0.bb1.a.syd.aarnet.net.au 342.494 ms 342.518 ms 342.493 ms ... 63 broker1.a.syd.aarnet.net.au 353.474 ms 353.365 ms 353.457 ms 64 ge-1-0-0.bb1.a.syd.aarnet.net.au 344.356 ms 344.120 ms 344.203 ms - -- - ---------------------------------------------------------------------- Trond Endrest?l | trond@fagskolen.gjovik.no Patron of The Art of Computer Programming| FreeBSD 6.2-S & Pine 4.64 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQFG7mxybYWZalUoElsRApbGAKCADOb+jKTYkZgPoNEqEOxHMjN13wCeJpUW tbOJkVU16QgiUmYYXljkUzo=voS/ -----END PGP SIGNATURE-----
since we are talking about IPv6, how do people genarlly find it on FreeBSD? I use 6to4 in a number of places, but have had a few problems with it unfortunately - one of the most annoying being dropped TCP connections which lead to me turning it off on my home machine. The other problem I had was connecting through the 6to4 machine freezing for 30 seconds or so after they start getting data, and thehn returning the rest of the data a few seconds later. Performance has also been poor compared to IPv4. Has anyone else has experineces like this ? I only have 6to4 available to test with, so this may be 6to4 specific I guess (my performance tests have been between to 6to4 machines compared to the same machines using IP4 only, so the packets should be taking the same route as I understand it) Any comments? -pcf.