HPE Community
Operating System - Linux
1753271 Members
5065 Online
108792 Solutions
New Discussion юеВ

ipv6 question

 
SOLVED
Go to solution
brian_31
Super Advisor

тАО12-20-2010 12:27 PM

тАО12-20-2010 12:27 PM

ipv6 question

On our RHEL 4 box we have ipv6 turned off. But still the ipv6 dns lookup is done. Any way to permanently disable it? (checked /etc/modprobe.conf and sysconfig/network file..all ok..)it looks quite a challenge as the config seems to be OK

Thanks

Brian
0 Kudos
Reply
12 REPLIES 12
Suman_1978
HPE Pro

тАО12-21-2010 02:54 AM

тАО12-21-2010 02:54 AM

Re: ipv6 question

Hi,

You need to do this as root

Edit /etc/sysconfig/network and change

NETWORKING_IPV6=yes to
NETWORKING_IPV6=no

Edit /etc/modprobe.conf and add these lines (if they├в re not in it):

alias net-pf-10 off
alias ipv6 off

Stop the ipv6tables service by typing:

service ip6tables stop

Disable the ipv6tables service by typing:

chkconfig ip6tables off

After these changes, IPv6 will be disabled after the next reboot of your system.

Hope this helps

I work for HPE.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]

Accept or Kudo
0 Kudos
Reply
brian_31
Super Advisor

тАО12-21-2010 06:26 AM

тАО12-21-2010 06:26 AM

Re: ipv6 question

As mentioned earlier wehave followed normal protocols. All these have been done. But still the ipv6 DNS lookups happen. Not sure why??

Thanks

Brian.
0 Kudos
Reply
Chhaya_Z
Valued Contributor

тАО12-21-2010 10:51 AM

тАО12-21-2010 10:51 AM

Re: ipv6 question

Hi Brain,

What is the kernel version?

I have not tested this however you can try below command:
Check the value first:
#cat /proc/sys/net/ipv6/conf/all/disable_ipv6

if its 0 then change it using below command to disable it

#echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6

To check if the value has changed:
#cat /proc/sys/net/ipv6/conf/all/disable_ipv6

Hope this helps
Regards,
Chhaya

I am an HP employee.
Was this post useful? - You may click the KUDOS! star to say thank you.
0 Kudos
Reply
Matti_Kurkela
Honored Contributor

тАО12-22-2010 04:02 AM

тАО12-22-2010 04:02 AM

Re: ipv6 question

IPv6 DNS lookups?

Do you mean the system will attempt to communicate with a DNS server over IPv6?

Or do you mean the system will send AAAA record queries to perfectly ordinary IPv4 DNS servers? I guess this is what you probably mean.

If you're using an application that is IPv6 aware, it probably always uses IPv6 versions of DNS query functions, or sets RES_USE_INET6 in global program variable _res.options. This makes the resolver library send an IPv6 AAAA query before each IPv4 A query.

Because IPv6 resolver functions can automatically fallback to IPv4 when necessary, using them always makes it simpler to write a program that can work with both IPv6 and IPv4. But as a side effect, you'll get the AAAA query.

If your DNS server complies with the appropriate RFCs, the extra AAAA queries should be harmless.

The IPv6 query option of the DNS resolver library can apparently be forced on by adding "options inet6" line to /etc/resolv.conf, but there is apparently no way to force the option off.

MK
MK
0 Kudos
Reply
brian_31
Super Advisor

тАО01-03-2011 05:26 AM

тАО01-03-2011 05:26 AM

Re: ipv6 question

Happy New Year!!

Thanks for the responses..

As mentioned we have disabled the IPV6(alias net-pf-10 off in modprobe.conf, alias ipv6 off in /etc/modprobe.conf and then the NETWORK_IPV6 line for /etc/sysconfig/network)and rebooted, but still the ifconfig -a reports inet6 addr for bond0 and eth1..

MK..

is this what you were mentioning as normal?

Thanks again

Brian
0 Kudos
Reply
brian_31
Super Advisor

тАО01-03-2011 05:43 AM

тАО01-03-2011 05:43 AM

Re: ipv6 question

Please note the inet6 addr line is in addition to the normal inet,Bcast and Mask line. Is this normal?

Thanks

Brian.
0 Kudos
Reply
Matti_Kurkela
Honored Contributor

тАО01-05-2011 11:59 AM

тАО01-05-2011 11:59 AM

Solution

Re: ipv6 question

If ifconfig still displays IPv6 addresses, it looks like your attempt to disable IPv6 using the module alias didn't work. I guess some startup script loads the module explicitly.

A RedHat-recommended procedure for disabling IPv6 is to add this line to /etc/modprobe.conf:

options ipv6 disable=1

This won't prevent the ipv6 module from loading, but tells it to disable itself. The kernel will log a message telling IPv6 is "administratively disabled" until next reboot.

Even this may not stop IPv6-aware applications from making AAAA queries to IPv4 nameservers: making those DNS queries does not require any kernel-level IPv6 protocol support. But those queries should not be harmful: a standards-compliant DNS server can simply answer "I have no information about IPv6".

To completely stop an IPv6-aware application from making AAAA queries, the application would have to have a configurable IPv4-only mode. Not all IPv6-aware programs have such a mode.

MK
MK
Reply
Mike_Swift
Advisor

тАО10-26-2011 06:58 AM

тАО10-26-2011 06:58 AM

Re: ipv6 question

Matti

 

We have the same issue with the DNS server flooding with AAAA quesries. When you mention "But those queries should not be harmful: a standards-compliant DNS server can simply answer "I have no information about IPv6". what does this mean or what RFC's it should comply with?

 

Thanks

 

Mike.

0 Kudos
Reply
Matti_Kurkela
Honored Contributor

тАО10-26-2011 12:49 PM

тАО10-26-2011 12:49 PM

Re: ipv6 question

I meant that the DNS server does not even need to know what the AAAA record is to be able to answer "I don't have any records of that type matching the name you asked for". Since an A record exists for the name, a Name Error is not appropriate. The situation should be handled essentially the same as when querying for NS record for a name that does not have one.

 

The algorithm in RFC 1034 (STD 13, the fundamental definition of DNS), paragraph 4.3.2 would lead to the generation of a response with an empty answer section and no error indication (status NOERROR) - as always when there is no record of the requested type, but records of some other type exist for the name queried.

 

The later RFC 2308 (Proposed Standard) confirms this is exactly the expected format for a NODATA answer.

 

RFC 1123 (STD 3), paragraph 6.1.3.5 says:

6.1.3.5  Extensibility

DNS software MUST support all well-known, class-independent
formats [DNS:2], and SHOULD be written to minimize the
trauma associated with the introduction of new well-known
types and local experimentation with non-standard types.

 

Both RFC 1034 and RFC 1123 considerably pre-date the IPv6 RFCs.

 

The DNS extensions for IPv6 are provided in RFC 1886 (Proposed Standard), and it defines the query type for AAAA records as type value 28.

 

Here's a handy list of the various DNS-related RFCs:

http://www.zoneedit.com/doc/rfc/

MK
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.