HPE Community
Operating System - HP-UX
1752794 Members
6746 Online
108789 Solutions
New Discussion юеВ

Can I disable IPv6 lookup when querying DNS?

 
SOLVED
Go to solution
Ken Englander
Regular Advisor

тАО11-17-2010 12:55 PM

тАО11-17-2010 12:55 PM

Can I disable IPv6 lookup when querying DNS?

We have found there are significant time delays when issuing a DNS lookup by name if one of the DNS servers is down. This problem seems to be much worse when the OS attempts to look for IPv6 addresses first, then IPv4.

So, I want to know if there is a way to tell the lookup process NOT to check for IPv6 addresses or tell it to prefer IPv4 addresses?
0 Kudos
Reply
11 REPLIES 11
Anshumali
Esteemed Contributor

тАО11-17-2010 03:06 PM

тАО11-17-2010 03:06 PM

Re: Can I disable IPv6 lookup when querying DNS?

We got it done by adding:

ipnodes: files [NOTFOUND=return]

in /etc/nsswitch.conf
You can check the syntax and modify that as per your usage.
Check it with tcpdump port 54 afterwards.
Dreams are not which you see while sleeping, Dreams are which doesnt allow you to sleep while you are chasing for them!!
0 Kudos
Reply
rick jones
Honored Contributor

тАО11-17-2010 03:41 PM

тАО11-17-2010 03:41 PM

Re: Can I disable IPv6 lookup when querying DNS?

Don't you mean port 53 for DNS?
there is no rest for the wicked yet the virtuous have no pillows
0 Kudos
Reply
Anshumali
Esteemed Contributor

тАО11-17-2010 06:26 PM

тАО11-17-2010 06:26 PM

Re: Can I disable IPv6 lookup when querying DNS?

Ooops..my fat fingers... For sure 53 :)
Dreams are not which you see while sleeping, Dreams are which doesnt allow you to sleep while you are chasing for them!!
0 Kudos
Reply
Bill Hassell
Honored Contributor

тАО11-17-2010 08:02 PM

тАО11-17-2010 08:02 PM

Solution

Re: Can I disable IPv6 lookup when querying DNS?

IPv6 is embedded in very unexpected ways, haphazard is my take on it. I recently had to eliminate all IPv6 client and server responses for an (probably misguided) auditor. If you're running 11.11, you can probably remove the IPv6 patches and products with success.

nsswitch.conf MUST have:

ipnodes: files

to avoid DNS issues. Some DNS servers do not support IPv6 and some are just not configured for IPv6 support, all causing DNS resolution delays.

But for 11.23 and 11.31, I discovered that getipnodebyname, getipnodebyaddr, gethostint, getaddrinfo all have IPv6 embedded with nothing to turn that 'feature' off.

icmp will try IPv6 and if fails, IPv4 only when there is a DNS server declared
in resolv.conf.

If you want to pretty much disable IPv6 junk, you can rename the ipv6 device file:

mv /dev/ipv6 /dev/ipv6-deny


Bill Hassell, sysadmin
Reply
Ken Englander
Regular Advisor

тАО11-18-2010 07:47 AM

тАО11-18-2010 07:47 AM

Re: Can I disable IPv6 lookup when querying DNS?

Anshumali - You must have a different situation. I still need to query DNS for IPv4 information so I cannot setup nsswitch.conf as you suggested.

Bill - Your information is what I needed. I am a bit hesitant about renaming the driver. Have you actually done that?

Thanks all for the feedback!
0 Kudos
Reply
Ken Englander
Regular Advisor

тАО11-18-2010 07:58 AM

тАО11-18-2010 07:58 AM

Re: Can I disable IPv6 lookup when querying DNS?

BTW - this is on 11.23 and 11.31
0 Kudos
Reply
rick jones
Honored Contributor

тАО11-18-2010 01:10 PM

тАО11-18-2010 01:10 PM

Re: Can I disable IPv6 lookup when querying DNS?

Applications should be calling getaddrinfo() (*), and probably should be setting AI_ADDRCONFIG. If that is the case, then getaddrinfo() will only request an IPv6 address if a non-loopback IPv6 address is configured on the system. (Same for IPv4).

I would not expect gethostbyname() to ask for IPv6 addresses. If a gethostbyname() call is actually triggering queries for IPv6 addresses, that might be something worth mentioning to the Response Center.

(*) conversion from gethostbyname() to getaddrinfo() should have started years ago, so if you have apps you've not converted, get started!-)
there is no rest for the wicked yet the virtuous have no pillows
0 Kudos
Reply
Ken Englander
Regular Advisor

тАО11-18-2010 02:12 PM

тАО11-18-2010 02:12 PM

Re: Can I disable IPv6 lookup when querying DNS?

Hi Rick - thanks for that info. I am not sure at this point what calls are being made as this is from within Java. The doc indicates that Java 6 now checks for IPv6 addresses so I suspect it is using the getaddrinfo calls.

As for our native code, I do not know if we have updated it or not. However, if not we will be doing that in 2011.
0 Kudos
Reply
rick jones
Honored Contributor

тАО11-18-2010 02:20 PM

тАО11-18-2010 02:20 PM

Re: Can I disable IPv6 lookup when querying DNS?

One thing you might try is making sure there are indeed no IPv6 addresses assigned on your system. If there are no IPv6 addresses assigned, and you still see attempts to get resolve to IPv6 addresses, then it suggests that asking the JVM to add that AI_ADDRCONFIG would be goodness. Further confirmation would be achieved by using a small C test program that calls getaddrinfo() with the AI_ADDRCONFIG bit set.
there is no rest for the wicked yet the virtuous have no pillows
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.