Strange IPv6 DNS lookups

Kenneth Holter kenneho.ndu at gmail.com
Tue Mar 24 13:49:06 UTC 2009 

I've not yet seen any severe performance issues because of this issue,
but the DNS administrator reported on an unusual high number of
queries from our linux-boxes. After examining it we found that this is
most likely the result of the numerous (unnecessary) IPv6 queries. So
we thought we'd just disable it once and for all, but this turns out
to be very difficult.

Btw, we're running mostly RHEL 5 servers, but also some RHEL 4.

On 3/20/09, Reber, Simon <simon.reber at roche.com> wrote:
> Kenneth,
>
> Just one question about this problem:
>        Do you report any performance problems or latency on your system
> because of this issue?
>
> The reason why I am asking is that I hardly remember seeing that before.
> But I haven't noticed any problem. I've just realized that the lookup
> covers both IPv6 and IPv4.
>
> An other question would be which version of RedHat you are running on?
>
> Cheers,
> Si
>
> >-----Original Message-----
> >From: redhat-list-bounces at redhat.com
> >[mailto:redhat-list-bounces at redhat.com] On Behalf Of Kenneth Holter
> >Sent: Friday, March 20, 2009 8:18 AM
> >To: General Red Hat Linux discussion list
> >Subject: Re: Strange IPv6 DNS lookups
> >
> >Thanks for the advice.
> >
> >I've followed the steps you outlined below, but the problem
> >unfortunately
> >persists. I've learned that most packages on the system are
> >compiled with
> >IPv6 support, so from what I can tell this is what is usually
> >happening:
> >
> >   1. The client process (can be more or less whatever process
> >running on
> >   the linux box) issues a AAAA DNS query for the FQDN *
> >   server1.example-prod.com*
> >   2. The DNS server drops the package, so the linux box
> >iterates through
> >   the "search" entries in /etc/resolv.conf, adding the
> >entries found here to
> >   the FQDN. This results in the bizarre queries mentioned in
> >my first post.
> >   3. When AAAA record queries does not return a valid answer,
> >a normal A
> >   query is made. This query returns the corret result.
> >
> >Say I have two entries in the "search" section of
> >/etc/resolv.conf, I will
> >end up with the linux box issuing 3 unsuccessful AAAA queries for every
> >successful A query. This causes a great amount of overhead on
> >the DNS server
> >(or the linux box if caching is used).
> >
> >I'm sure we're not the only ones having to deal with this issue, so any
> >advice on how to proceed will be greatly appreciated.
> >
> >Regards,
> >Kenneth
> >
> >
> >
> >On 3/11/09, Reber, Simon <simon.reber at roche.com> wrote:
> >
> >> Hey Kenneth,
> >>
> >> Try to fully disable IPv6 while adding:
> >>
> >>        alias net-pf-10 off
> >>        alias ipv6 off
> >>
> >> to /etc/modprobe.conf and to /etc/sysconfig/network
> >>
> >>        NETWORKING_IPV6=no
> >>
> >> This should probably solve the problem (at least IPv6 is turned off)
> >>
> >> Cheers,
> >> Si
> >>
> >> >-----Original Message-----
> >> >From: redhat-list-bounces at redhat.com
> >> >[mailto:redhat-list-bounces at redhat.com] On Behalf Of Kenneth Holter
> >> >Sent: Monday, March 09, 2009 4:17 PM
> >> >To: redhat-list at redhat.com
> >> >Subject: Strange IPv6 DNS lookups
> >> >
> >> >Hello all.
> >> >
> >> >
> >> >Several of our RHEL-servers are issuing strange DNS lookups.
> >> >Consider this
> >> >example:
> >> >
> >> >
> >> >*  1   0.000000   1.2.3.4 -> 5.6.7.8   DNS Standard query AAAA **
> >> >server1.example-prod.com* <http://server1.example-prod.com/>*
> >> >  9   0.007891   1.2.3.4 -> 5.6.7.8   DNS Standard query AAAA
> >> >server1.example-prod.com.example-test.local
> >> > 11   0.092904   1.2.3.4 -> 5.6.7.82   DNS Standard query A
> >> >server1.example-prod.com
> >> > 12   0.093356   5.6.7.8 -> 1.2.3.4   DNS Standard query
> >> >response A 1.2.3.4
> >> >*
> >> >
> >> >>From what I can tell, the client first issues two IPv6 DNS
> >> >lookups, before
> >> >falling back to IPv4 lookup. We're not running IPv6 (and our
> >> >DNS servers do
> >> >not support IPv6 lookups), so the client is not getting and
> >> >answer before
> >> >issuing the IPv4 lookup.
> >> >
> >> >I've very puzzled by the second query, in which the FQDN of
> >> >the lookup query
> >> >is appended another domain. I've noticed that the appended
> >> >domain may be
> >> >both the same domain name (i.e.
> >> >server1.example-prod-com.example-prod.com)
> >> >or another domain as in the example above.
> >> >Does anyone have a clue as to why such bizarre queries are
> >> >performed by the
> >> >client?
> >> >
> >> >Since we're not running IPv6, I have simply disabled it for
> >this server
> >> >(grepping "lsmod" does not return any "ipv6" results). Yet
> >the problem
> >> >remains. Does the DNS lookup library automatically issue IPv6
> >> >queries before
> >> >issuing IPv4 queries? Is there a way to disable IPv6 lookups?
> >> >
> >> >
> >> >Regards,
> >> >Kenneth Holter
> >> >--
> >> >redhat-list mailing list
> >> >unsubscribe
> >mailto:redhat-list-request at redhat.com?subject=unsubscribe
> >> >https://www.redhat.com/mailman/listinfo/redhat-list
> >> >
> >>
> >> --
> >> redhat-list mailing list
> >> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> >> https://www.redhat.com/mailman/listinfo/redhat-list
> >>
> >--
> >redhat-list mailing list
> >unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> >https://www.redhat.com/mailman/listinfo/redhat-list
> >
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>

More information about the redhat-list mailing list