Re: disabling aaaa queries
From: Ben Halicki (bhalicki_at_dodo.com.au)
Date: 11/24/04
- Next message: Rhett Oracle: "OT:: Is this political or linguistic?"
- Previous message: Luke Robertson: "New to TC and qdisc"
- In reply to: Simon Waters: "Re: disabling aaaa queries"
- Next in thread: Ben Halicki: "Re: disabling aaaa queries"
- Reply: Ben Halicki: "Re: disabling aaaa queries"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: 23 Nov 2004 20:55:10 -0800
Simon Waters <simon@wretched.demon.co.uk> wrote in message news:<cnvu4h$1g5$1$8300dec7@news.demon.co.uk>...
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Ben Halicki wrote:
> | Walter Hofmann <abe198@mx2.homelinux.com> wrote in message
> news:<slrncpq80g.gih.from@secretlab.mine.nu>...
> |
> |>Jerry Smiley <jsmiley@nc.rr.com> schrieb:
> |>
> |>>Walter Hofmann wrote:
> |>>
> |>>
> |>>>Jerry Smiley <jsmiley@nc.rr.com> schrieb:
> |>>>
> |>>>>Walter Hofmann wrote:
> |>>>>
> |>>>>>Hi,
> |>>>>>
> |>>>>>it seems that my Debain unstable computer queries for an AAAA
> record
> |>>>>>(ie. ipv6), waits for a timeout, and only then queries for the A
> |>>>>>record (ie. ipv4) address whenever it needs to resolve a name
> in DNS.
> |>>>>>
> |>>>>>Of course every network application is delayed by this. How
> can I switch
> |>>>>>this off?
> |>>>>>
> |>>>>>I read the man page for resolv.conf, and it says that this is
> switched
> |>>>>>_on_ by adding the line "options inet6" to /etc/resolv.conf. But I
> |>>>>>checked and this line is not there. So why is it doing ipv6
> queries?
> |>>>>>
> |>>>>>Walter
> |>>>>
> |>>>>Try adding in the /etc/modules.conf
> |>>>>
> |>>>> alias net-pf-10 off
> |>>>> alias ipv6 off
> |>>>
> |>>>This didn't work. I added these lines and also rebooted to make sure
> |>>>that the ipv6 module was not loaded, but nothing changed.
> |>>>
> |>>>Any other help?
> |>>>
> |>>>Walter
> |>>
> |>> If you want to disable ipv6 then you can put the following line
> in either
> |>>/etc/modules.conf for 2.4 kernel or /etc/modprobe.conf for 2.6
> kernel.
> |>>
> |>> alias net-pf-10 off
> |>
> |>This didn't work. I added these lines and also rebooted to make sure
> |>that the ipv6 module was not loaded, but nothing changed.
> |>
> |>Both telnet and ssh still look for an AAAA record first.
> |>
> |>Any other help?
> |>
> |>Walter
> |
> |
> | Hi Walter,
> |
> | I'm stuck in a similar situation, where telnet and ssh are both
> | resolving ipv6 addresses before ipv4.. very slow! Just wondering if
> | you managed to find a solution?
>
> Stupid question time, but why is it slow, and why is it waiting for
> a timeout?
>
> In any case where the IPv6 record exists, or doesn't exist, the
> response should be no different than any other DNS lookup, and the
> result should also be cached (if only briefly for NXDOMAIN).
> Anything other than this suggests other configuration problems.
>
> Typically if it is slow, it is because the first query caches the
> relevant nameserver data, and the subsequent query is then very
> quick because all the cached data is current.
>
> The issue with SSH is I believe well documented, some versions are
> built to try IPv6 addresses first. I vaguely recall it is a compile
> time switch which can be overridden with a run time option, but it
> is very well documented.
>
> The confusion here seems to be between trying lookups for IPv6 data
> (AAAA) and actually using IPv6 to perform lookups. In most cases the
> resolvers (and DNS servers) will use IPv4 to perform the lookup for
> AAAA, unless you have configured IPv6 as an available protocol (in
> which case you probably want the AAAA lookup anyway).
I think you are right with what you say here. It seems that telnet is
using IPv4 to perform the IPv6 lookup. Seeing that IPv6 hasn't been
configured in DNS, the response eventually times out (after 5
seconds), retries, times out then reverts to IPv4. This process takes
an exact 10 seconds on my machine.
I can't figure it out though, I have two machines at home setup in a
similar environment to my network at work... My machine at home tries
the IPv6 connection but immediately times out (instead of waiting the
5 seconds). My machine at work waits 5 seconds before timing out.
Could a switch reject IPv6 packets at all? I guess the obvious
solution would be to configure bind with both IPv4 and IPv6, but not
the preferred option.
Let me know if you all eventually find something!
Regards,
Ben.
> -----BEGIN PGP SIGNATURE-----
> Comment: Using GnuPG with Debian - http://enigmail.mozdev.org
>
> iD8DBQFBo3vSGFXfHI9FVgYRAhv2AJ9MMEH80FYvchIaFl7rjaRBIUc2LgCg1zmN
> XZT/wFpUmSvIEqaQ04QiM+s=
> =aeWA
> -----END PGP SIGNATURE-----
- Next message: Rhett Oracle: "OT:: Is this political or linguistic?"
- Previous message: Luke Robertson: "New to TC and qdisc"
- In reply to: Simon Waters: "Re: disabling aaaa queries"
- Next in thread: Ben Halicki: "Re: disabling aaaa queries"
- Reply: Ben Halicki: "Re: disabling aaaa queries"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
