A way to disable AAAA lookups in the resolver (again)

Bug #1092691 reported by Humberto Jucá on 2012-12-20
28
This bug affects 5 people
Affects Status Importance Assigned to Milestone
glibc (Ubuntu)
Undecided
Unassigned

Bug Description

I like to known what's the way to disable DNS AAAA queries.
Already have disabled all resources ipv6.

1. Changes in grub:
vim /etc/default/grub
    GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1"
update-grub

2. I'm using 12.04 LTS version (builtin ipv6 support)
grep -i ipv6 /boot/config-3.2.0-24-generic
    CONFIG_IPV6=y
    CONFIG_IPV6_PRIVACY=y
    ...

Before this i try with sysctl, but tcp6 sockets still alive.
After grub changes this solve the question - i can disable ipv6 address and networks sockets too.

But, internal lookups stay wrong.
Some sites like www.caixa.gov.br are slow.

When i sniff my connection i can see many DNS AAAA records and server fail
Running "lynx www.caixa.gov.br"

15:57:11.332463 IP 127.0.0.1.58734 > 127.0.0.1.53: 63741+ AAAA? www.caixa.gov.br. (34)
15:57:16.337439 IP 127.0.0.1.58734 > 127.0.0.1.53: 63741+ AAAA? www.caixa.gov.br. (34)
15:57:21.342488 IP 127.0.0.1.58067 > 127.0.0.1.53: 1244+ AAAA? www.caixa.gov.br.localdomain. (46)
15:57:21.342579 IP 127.0.0.1.53 > 127.0.0.1.58067: 1244 NXDomain 0/1/0 (121)
15:57:21.342648 IP 127.0.0.1.51657 > 127.0.0.1.53: 3236+ A? www.caixa.gov.br. (34)
15:57:21.342723 IP 127.0.0.1.53 > 127.0.0.1.51657: 3236 1/0/0 A 200.201.161.106 (50)
15:57:21.353289 IP 127.0.0.1.58482 > 127.0.0.1.53: 15390+ AAAA? www.caixa.gov.br. (34)
15:57:26.358326 IP 127.0.0.1.58482 > 127.0.0.1.53: 15390+ AAAA? www.caixa.gov.br. (34)
15:57:31.363381 IP 127.0.0.1.48398 > 127.0.0.1.53: 21648+ AAAA? www.caixa.gov.br.localdomain. (46)
15:57:31.363487 IP 127.0.0.1.53 > 127.0.0.1.48398: 21648 NXDomain 0/1/0 (121)
15:57:31.363560 IP 127.0.0.1.55657 > 127.0.0.1.53: 49860+ A? www.caixa.gov.br. (34)
15:57:31.363643 IP 127.0.0.1.53 > 127.0.0.1.55657: 49860 1/0/0 A 200.201.161.106 (50)
15:57:31.364319 IP 127.0.0.1.55431 > 127.0.0.1.53: 38110+ AAAA? www.caixa.gov.br. (34)
15:57:36.369352 IP 127.0.0.1.55431 > 127.0.0.1.53: 38110+ AAAA? www.caixa.gov.br. (34)

I do bind changes too
vim /etc/default/bind9
    RESOLVCONF=no
    OPTIONS="-4 -u bind"

vim /etc/bind/named.conf.options
        forward only;
        forwarders {
                208.67.222.222;
                8.8.8.8;
        };

This dont solve AAAA requests.
I like to known a way to prefer ipv4 queries (A) or disable ipv6 queries.

When i'm using squid proxy the same problem occur.
To solve this i need compile squid with --disable-ipv6.
This works to Squid proxy, but i think that the best way is disable all DNS AAAA queries.

This occur with lynx, wget and others.

Humberto Jucá (betolj) on 2012-12-20
description: updated
Humberto Jucá (betolj) on 2012-12-20
affects: bind9 (Ubuntu) → glibc (Ubuntu)
Humberto Jucá (betolj) wrote :

This is an old problem that recurs.
Some time ago there was a bugfix for this - in glibc.

http://jpmens.net/2011/09/28/aaaa-and-a/
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/80571

Apparently the patch was not applied in this release (Ubuntu 12.04 LTS Server amd64).

Mane (manfred-pausch-klug-is) wrote :

Have the same problem.
Initial connect to a internal SSH server feels like connecting via 56k modem... Sucks!

Disabling IPv6 with kernel parameter does not work.
Changing configuration in /etc/gai.conf does not work either.

Very annoying situation :-(

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in glibc (Ubuntu):
status: New → Confirmed
ITec (itec) wrote :

Yes, I do have the same problem:
Disabling IPv6 with kernel parameter does not work.
Changing configuration in /etc/gai.conf does not work either.

AAAA requests are still resolved on IPv4.

Isn't there a solution, yet?

Carlo Wood (carlo-alinoe) wrote :

Same problem here... and now it's 2017. My ISP is not going to support ipv6 for years :(, and in the mean time it would be nice if connections to servers with both, ipv4 and ipv6 (like google) I wouldn't run into a 2 minute timeout all the time :/.

Carlo Wood (carlo-alinoe) wrote :

I have the same problem. After trying very hard to disable ipv6 completely (in order to get rid of EXTREME LONG download times for chromium git and having an ISP that does not support ipv6), my interface *STILL* has an inet6 addr and the resolver STILL does AAAA look ups :(.

This is insane-- why is there is no way to disable ipv6?!

eth0 Link encap:Ethernet HWaddr c8:60:00:c3:37:1c
          inet addr:192.168.0.14 Bcast:192.168.0.255 Mask:255.255.255.0
          inet6 addr: fe80::92f9:ecc1:82d2:1d3/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:27837071 errors:0 dropped:0 overruns:0 frame:0
          TX packets:24277886 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:13897890845 (13.8 GB) TX bytes:3590197010 (3.5 GB)

Dowloading 13.8 GB of repositories (many of them) took me two days; should be possible in an hour.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Related questions