[CentOS] Forcing IPv4 DNS lookups first before IPv6

Mon Apr 4 18:12:27 UTC 2011
Russell Jones <rjones at eggycrew.com>

Thanks.

Yes, the modules are disabled via /etc/modprobe.conf:
alias net-pf-10 off
alias ipv6 off


The issue at stake here is not queries timing out, as these aren't even 
external network queries, it's the queries being sent to begin with. We 
have thousands of CentOS 5 boxes all doing 3 or more IPv6 DNS queries 
for 1 IPv4 host. These aren't wanted or needed on the network, and it's 
causing a large amount of unneeded traffic and strain on our DNS 
servers. We need the traffic to go away, we don't want any IPv6 DNS 
queries at all, as they are useless to us. They should not be sent when 
IPv6 is disabled in both networking and kernel modules, and no IPv6 
address exists on the interfaces, yet they still are.

I'm unsure how enabling IPv6 via /etc/sysconfig/network is going to make 
the IPv6 DNS queries stop, but I tried it anyway:

[root at hostname1 sysconfig]# nano -w network
[root at hostname1 sysconfig]# service network restart
Shutting down interface eth0:                              [  OK  ]
Shutting down loopback interface:                          [  OK  ]
FATAL: Module off not found.
CRITICAL : [ipv6_test] Kernel is not compiled with IPv6 support
Bringing up loopback interface:                            [  OK  ]
Bringing up interface eth0:                                [  OK  ]
FATAL: Module off not found.
CRITICAL : [ipv6_test] Kernel is not compiled with IPv6 support


Re-enabling the IPv6 kernel modules will just put us back to where we 
were to begin with. Any other ideas on how to make the AAAA queries stop?



On 4/4/2011 12:10 PM, Brunner, Brian T. wrote:
> centos-bounces at centos.org wrote:
>> Thank you, but unfortunately this is a different issue. These boxes do
>> not run bind, they resolve their DNS queries via dedicated bind
>> servers on the network. Configuring the bind servers on the network a
>> different way still would not stop the IPv6 traffic I am showing in
>> the TCP dump from being sent.
> Things described in the bug report are
>
> Adding
>           NETWORKING_IPV6=yes
>   to /etc/sysconfig/network
>   prevents the queries to root nameservers with IPv6 addresses
>   timing out.
>
> And
>
> alias net-pf-10 off to /etc/modprobe.conf
>
> Have you tried both of them?
>
>> On 4/4/2011 11:54 AM, Stephen Harris wrote:
>>> On Mon, Apr 04, 2011 at 11:34:25AM -0500, Russell Jones wrote:
>>>> [root at hostname1 ~]# tcpdump -vvvvv 'port 53'
>>>> tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture
>>>> size 96 bytes
>>>>
>>>> 11:07:24.989304 IP (tos 0x0, ttl  64, id 65039, offset 0, flags
>>>> [DF], proto: UDP (17), length: 60) hostname1.59725>
>>>> vdns1-hc.example.com.domain: [bad udp cksum 2bd2!]  26130+ AAAA?
>>>> hostname2.example.com. (32)
>>> Check https://bugzilla.redhat.com/show_bug.cgi?id=140528 and see if
>>> that resolves your issue.
>>>
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>
>
> Insert spiffy .sig here:
> Life is complex: it has both real and imaginary parts.
>
> //me
> *******************************************************************
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom
> they are addressed. If you have received this email in error please
> notify the system manager. This footnote also confirms that this
> email message has been swept for the presence of computer viruses.
> www.Hubbell.com - Hubbell Incorporated**
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>