-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
IMHO the fix is two-fold:
1. You should probably not have any search stanza in the resolv.conf on
a server. Search is useful for a desktop machine as (lazy) humans want
to use it and not bother typing in a fully qualified domain name. For
servers you should be specifically configuring FQDNs to optimise
traffic. (Of course, now someone will provide an equally compelling
reason for using search on a server ;) )
2. Seriously, the correct fix is to get those domain holders to enable
IPv6 and provide AAAA records for their domains. Changing the order of
lookups changes the preference for IPv6/4 in contravention to the RFC,
and common sense. Surely if a better / later version of something is
available you want to prefer that?!? In particular, I fully expect that
in a few years you'll see the opposite happening as many hosts don't
have an A record at all and your DNS will spuriously attempt to find it
before trying IPv6.
Best regards,
-->Gar
On 28/02/11 15:27, stephen mulcahy wrote:
> Hi,
>> So after more debugging I've gotten to the bottom of this issue.
>> It seems name resolution behaviour has been changed in glibc to comply
> with RFC3484. The upshot of this is that the following is the typical
> sequence of events during name resolution - lets say I run command to
> access aaa.example.com
>> 1. Query for for IPv6 record for aaa.example.com (AAAA record)
> 2. If query fails, query for IPv6 record aaa.example.com.<first value
> from search directive of resolv.conf>
> 3. If query fails, query for IPv6 record aaa.example.com.<second value
> from search directive of resolv.conf>
> 4. If query fails, query for IPv6 record aaa.example.com.<third value
> from search directive of resolv.conf>
> 5. and so on for each value in the search directive of your resolv.conf
> 6. If query fails, query for IPv4 record aaa.example.com (A record).
> 7. Success
>> Which explains all the spurious queries.
>> Once I knew what I was looking for, I googled a few references to this
> including
>>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=343140>> It seems the fix is to change the address lookup order in /etc/gai.conf
>> Adding
>> ipv6.disable=1
>> to GRUB_CMDLINE_LINUX_DEFAULT in /etc/default/grub also seemed to have
> an affect but not for all commands so gai.conf modification is probably
> better.
>> I guess this isn't a big issue for most people but on a server which
> normally does a few million queries a day it does result in a noticeable
> increase in traffic! I would imagine defaulting to IPv4 lookups first
> would be better for the internet as a whole but obviously the smarter
> RFC authors disagree.
>> Thanks - hope this helps someone else,
>> -stephen
>>>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk1ryBoACgkQK36C50PvIR+O8gCfayt51x0TJmqANgzzwKEQ7Xw3
d1UAn2OavzuobFonO3R5Xo0UifllgvHA
=pJuB
-----END PGP SIGNATURE-----
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
