Why does http client try to connect via IPv6 address when IPv6 is not enabled on machine

[bryan...@gmail.com]

I've done quite a bit of searching and can't seem to find a definitive answer to my problem.

I am periodically seeing errors where my code is doing an http get request to a web service which offers both IPv4 and IPv6 connectivity.  My code is running in a docker container without IPv6 enabled on a machine that also doesn't have IPv6 enabled.  Yet go is trying to connect to this website via IPv6 and I get a failure like dial tcp [XXXX:XXXX:XXXX:XXX::XXXa]:443: connect: cannot assign requested address.  The error makes sense, IPv6 connections aren't going to work from this machine.  The question is why is go even trying to connect via IPv6 when that isn't an option on the machine?

I've gone through and read quite a bit about the Go resolver and confirmed it does request both the A and AAAA records for a domain name.  This particular service advertises 8 different IPv4 addresses and 1 IPv6 address when I look at the returned address options.  I want to make sure Go doesn't try the IPv6 address.

Any suggestions on how I can keep Go from trying to use the IPv6 address or better yet have it not even query for the AAAA record?  Most of the time I don't have problems but I'm seeing this error in my logs often enough that it is concerning.

Thanks!

Bryan

[James Bardin]

The net dialer sorts the addresses according to RFC6724, which means that since you don't have ipv6 enabled they go to the end of the list, but doesn't remove them entirely. Also if you're using the DefaultTransport from the net/http package, it has DualStack enabled which means that ipv4 and ipv6 are tried nearly concurrently (RFC6555), so if the ipv4 host takes longer than 300ms to connect, the ipv6 racer will kick off too and you might get the ipv6 error as the final error if the connection fails.

In this case, you're only getting that error because the ipv4 connection has already failed, so it's harmless albeit somewhat confusing. If you disable DualStack all 8 ipv4 hosts would have to be down before the ipv6 address is attempted, and if you never want to even see ipv6 addresses, set the dialer to only use the "tcp4" network.