A6 lookups from clients and bind9?

[Simon Waters]

Matthew Hall wrote:
> 
> The quadruple A is indicative of a IPv6 lookup, yes? Now, on my
> bind9 servers, it seems to be trying to answer/lookup the request
> from my forwarders, because there is a timeout of 10-15 seconds
> or so before the client asks "the right" question and gets back
> the info it needs to proceed.

Check the logs carefully, is it asking for AAAA in other domain
names, i.e. is the 10 or 15 second delay due to the client
trying other variations of the same name, or maybe BIND 9 trying
to reach the Internet again (it likes to talk to the root
servers after start up).

> Using the FQDN on the same command 'ssh me at irk.foo.bar.net' will
> get an immediate response.

As above.

> Now, if I switch my name server on my client from the new bind9
> to the old bind8 server (we're transitioning), there is no such
> delay/timeout - is there a difference in how bind8/bind9 handle
> IPv6 requests - I was under the impression that bind8 didn't really
> do them at all.

Difficult to say, does the other BIND 8 server allow recursive
queries of Internet domain, or is it a private server. If you
have private roots, remember bind 9 has an implicit 'cache "."'

> Is there any way I can tell my bind9 servers to send an
> immediate 'don't know/don't care' response to clients for
> IPv6 queries? 

It can only answer questions as best it can - my guess is it is
the questions the client is asking that is wrong.

My guess is you have a difference in the ability to answer
general (usually Internet) queries between the two servers.

> I think this would be the quickest way to
> get things back the way they were.

Stop the client asking IPv6 queries, for some SSH builds this
requires either "ssh -4" or rebuilding without IPv6 support.