How to disable DNS AAAA queries?

Asked by Humberto Jucá on 2012-12-14

I like to known what's the way to disable DNS AAAA queries.
Already have disabled all resources ipv6.

1. Changes in grub:
vim /etc/default/grub
    GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1"
update-grub

2. I'm using 12.04 LTS version (builtin ipv6 support)
grep -i ipv6 /boot/config-3.2.0-24-generic
    CONFIG_IPV6=y
    CONFIG_IPV6_PRIVACY=y
    ...

Before this i try with sysctl, but tcp6 sockets still alive.
After grub changes this solve the question - i can disable ipv6 address and networks sockets too.

But, internal lookups stay wrong.
Some sites like www.caixa.gov.br are slow.

When i sniff my connection i can see many DNS AAAA records and server fail
Running "lynx www.caixa.gov.br"

15:57:11.332463 IP 127.0.0.1.58734 > 127.0.0.1.53: 63741+ AAAA? www.caixa.gov.br. (34)
15:57:16.337439 IP 127.0.0.1.58734 > 127.0.0.1.53: 63741+ AAAA? www.caixa.gov.br. (34)
15:57:21.342488 IP 127.0.0.1.58067 > 127.0.0.1.53: 1244+ AAAA? www.caixa.gov.br.localdomain. (46)
15:57:21.342579 IP 127.0.0.1.53 > 127.0.0.1.58067: 1244 NXDomain 0/1/0 (121)
15:57:21.342648 IP 127.0.0.1.51657 > 127.0.0.1.53: 3236+ A? www.caixa.gov.br. (34)
15:57:21.342723 IP 127.0.0.1.53 > 127.0.0.1.51657: 3236 1/0/0 A 200.201.161.106 (50)
15:57:21.353289 IP 127.0.0.1.58482 > 127.0.0.1.53: 15390+ AAAA? www.caixa.gov.br. (34)
15:57:26.358326 IP 127.0.0.1.58482 > 127.0.0.1.53: 15390+ AAAA? www.caixa.gov.br. (34)
15:57:31.363381 IP 127.0.0.1.48398 > 127.0.0.1.53: 21648+ AAAA? www.caixa.gov.br.localdomain. (46)
15:57:31.363487 IP 127.0.0.1.53 > 127.0.0.1.48398: 21648 NXDomain 0/1/0 (121)
15:57:31.363560 IP 127.0.0.1.55657 > 127.0.0.1.53: 49860+ A? www.caixa.gov.br. (34)
15:57:31.363643 IP 127.0.0.1.53 > 127.0.0.1.55657: 49860 1/0/0 A 200.201.161.106 (50)
15:57:31.364319 IP 127.0.0.1.55431 > 127.0.0.1.53: 38110+ AAAA? www.caixa.gov.br. (34)
15:57:36.369352 IP 127.0.0.1.55431 > 127.0.0.1.53: 38110+ AAAA? www.caixa.gov.br. (34)

I do bind changes too
vim /etc/default/bind9
    RESOLVCONF=no
    OPTIONS="-4 -u bind"

vim /etc/bind/named.conf.options
        forward only;
        forwarders {
                208.67.222.222;
                8.8.8.8;
        };

This dont solve AAAA requests.
I like to known a way to prefer ipv4 queries (A) or disable ipv6 queries.

When i'm using squid proxy the same problem occur.
To solve this i need compile squid with --disable-ipv6.
This works to Squid proxy, but i think that the best way is disable all DNS AAAA queries.

This occur with lynx, wget and others.

Question information

Language:
English Edit question
Status:
Open
For:
Ubuntu bind9 Edit question
Assignee:
No assignee Edit question
Last query:
2012-12-15
Last reply:
2012-12-15
Humberto Jucá (betolj) said : #2

Thanks for the reply.

I had read these links and nothing worked on Ubuntu 12.04 LTS Server amd64.
I try this options:

1. In /etc/gai.conf
    precedence ::ffff:0:0/96 100

2. In /etc/resolv.conf
    options single-request

Ps.: Apparently there is no "single-request" in this version of Ubuntu. It's not even mentioned in the man command.

3. Ipv6 already have disabled the globally.
eth1 Link encap:Ethernet Endereço de HW 00:15:17:67:0d:34
          inet end.: x.x.x.x Bcast:y.y.y.y.y Masc:255.255.255.252
          UP BROADCAST RUNNING MULTICAST MTU:1500 Métrica:1
          pacotes RX:2729381 erros:0 descartados:0 excesso:0 quadro:0
          Pacotes TX:1738014 erros:0 descartados:0 excesso:0 portadora:0
          colisões:0 txqueuelen:5000
          RX bytes:3101710492 (3.1 GB) TX bytes:283255630 (283.2 MB)
          IRQ:16 Memória:fcda0000-fcdc0000

# sysctl net.ipv6.conf.all.accept_ra=0
error: "net.ipv6.conf.all.accept_ra" is an unknown key

These tips work well in other versions, but do not work anymore.
I wonder who uses Ubuntu 12.04 LTS Server and was able to confirm that this stopped by tcpdump.

Not just disable ipv6. I saw some documentation saying that this is controlled by glibc.
Also find tips with "no-inet6" in resolv.conf, but I know many distros that have this option in resolv.conf.

Humberto Jucá (betolj) said : #3

Correcting: i have not found a distribution that recognizes this in-inet6.

I do not understand why these queries on Ubuntu 12.04 are done if i dont have this option active (inet6).
Believe me, these tips do not work anymore.

Humberto Jucá (betolj) said : #4

These were the results I got so far with my internet searchs:

1. Changes in gai.conf: The system searches both A and AAAA records (remains the same) - the "precedence" does not change the dns query order (between ipv4 and ipv6). But define whats result will be prioritized. Soo, this does not change the performance in queries. Internal lookup stay the same (with or without IPv6 support).

2. For now i only seen hints of "solved problem" where the "single-request" is recognized. Many admins would like to see an option "noinet6" in resolv.conf.

3. Many users are indicating disable ipv6 in web browser - Everyone agrees with performance gain.

Humberto Jucá (betolj) said : #5

This is an old problem that recurs.
Some time ago there was a bugfix for this - in glibc.

http://jpmens.net/2011/09/28/aaaa-and-a/
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/80571

Apparently the patch was not applied in this release (Ubuntu 12.04 LTS Server amd64).

Mane (manfred-pausch-klug-is) said : #6

Have the same problem.
Initial connect to a internal SSH server feels like connecting via 56k modem... Sucks!

Disabling IPv6 with kernel parameter does not work.
Changing configuration in /etc/gai.conf does not work either.

Very annoying situation :-(

Can you help with this problem?

Provide an answer of your own, or ask Humberto Jucá for more information if necessary.

To post a message you must log in.