Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

how to reduce unnecessary lots of AAAA queries?

1,346 views
Skip to first unread message

MontyRee

unread,
Mar 3, 2012, 4:24:25 AM3/3/12
to bind-...@isc.org

Hello, all.


I have operated some centos 5.3 (x86_64) linux servers.
when I tcpdump the dns query, I can see lots of AAA queries from my linux servers.
and ServFail response from DNS server.

surely, I don't use ipv6 and "NETWORKING_IPV6=no" was configured at /etc/sysconfig/network file.

How to reduce(or stop) unnecessary lots of AAAA queries?


Thank you!
 

Mark Andrews

unread,
Mar 3, 2012, 10:04:26 PM3/3/12
to MontyRee, bind-...@isc.org

In message <BLU149-W15EB3AD03...@phx.gbl>, MontyRee writes:
>
> Hello, all.
>
>
> I have operated some centos 5.3 (x86_64) linux servers.
> when I tcpdump the dns query, I can see lots of AAA queries from my linux s=
> ervers.
> and ServFail response from DNS server. =

If you are getting SERVFAIL responses there usually is something wrong with
how the zone is configured or the servers for the zone are broken. To
address that you need to contact the admistrator of the zone.

> surely, I don't use ipv6 and "NETWORKING_IPV6=no" was configured at /etc/=
> sysconfig/network file.
>
> How to reduce(or stop) unnecessary lots of AAAA queries?
>
> Thank you!
> =A0
> =
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscri=
> be from this list
>
> bind-users mailing list
> bind-...@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org

Chuck Anderson

unread,
Mar 4, 2012, 2:20:31 PM3/4/12
to bind-...@lists.isc.org
On Sat, Mar 03, 2012 at 09:24:25AM +0000, MontyRee wrote:
> surely, I don't use ipv6 and "NETWORKING_IPV6=no" was configured at /etc/sysconfig/network file.

That doesn't prevent IPv6 from being autoconfigured on an interface,
it just tells the initscripts to ignore IPv6/pretend it doesn't exist.
The kernel will still do SLAAC and RA and configure interfaces with
that information (at least link-local if there are no IPv6 routers on
the network). To prevent SLAAC:

NETWORKING_IPV6=yes
IPV6INIT=yes
IPV6FORWARDING=no
IPV6_AUTOCONF=no
IPV6_ROUTER=no
IPV6_AUTOTUNNEL=no

To really turn off all IPv6 you can put this in /etc/sysctl.conf:

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.eth0.disable_ipv6 = 1

> How to reduce(or stop) unnecessary lots of AAAA queries?

You can't, clients can decide to query whatever they want, and they
may have other IPv6 connectivity to use AAAA responses with. AAAA can
be queried over IPv4 just fine, just as A can be queried over IPv6.

Ian Pilcher

unread,
Mar 5, 2012, 10:49:12 AM3/5/12
to bind-...@isc.org
On 03/04/2012 01:20 PM, Chuck Anderson wrote:
> You can't, clients can decide to query whatever they want, and they
> may have other IPv6 connectivity to use AAAA responses with. AAAA can
> be queried over IPv4 just fine, just as A can be queried over IPv6.

Most clients, however, are smart enough not to do AAAA queries if they
don't have an IPv6 address. Firefox on Linux is a glaring exception to
this; you need to set network.dns.disableIPv6 in about:config to stop it
from doing pointless AAAA queries.

--
========================================================================
Ian Pilcher arequ...@gmail.com
"If you're going to shift my paradigm ... at least buy me dinner first."
========================================================================

0 new messages