Silently drop queries for AAAA records
Niobos
niobos at dest-unreach.be
Wed Dec 8 07:40:46 UTC 2010
On 2010-12-07 23:31, David A. Evans wrote:
>
> I'm in the mood to prove a point. I have a very poorly written
> application that is generating a few hundred queries per second of
> completely bogus AAAA records before attempting a lookup of the correct
> A records. This is because the application was compiled with a IPv6
> interface enabled on the severs so it assumes that v6 is available. It
> is not. The application owner does not see an issue as they get the
> handful NXDOMAIN responses back in ~2 ms for each valid response and
> don't see any performance hit.
Actually, this is the desired behavior for IPv6 applications. They
prefer v6, so they first try to connect over v6 (hence the AAAA
request). When they either (1) don't get an IPv6 address or (2) they see
that they have no route to that IPv6 address or (3) the v6 connection
times out; they fall back to IPv4.
Most applications are configurable to "only try" either v4 or v6. In my
humble opinion, you should ask for this last option in your software.
As for proving your point in that second case, you can add a bogus IPv6
address and push the client into failure mode (3), which will cause a
noticeable delay.
Niobos
More information about the bind-users
mailing list