Clients get DNS timeouts because ipv6 means more queries for each lookup
Tony Finch
dot at dotat.at
Mon Jul 11 19:10:35 UTC 2011
Jonathan Kamens <jik at kamens.us> wrote:
>
> I said above that the problem is exacerbated by the fact that many DNS servers
> don't yet support IPV6 queries. This is because the AAAA queries don't get
> NXDOMAIN responses, which would be cached, but rather FORMERR responses, which
> are not cached. As a result, the scenario describes above happens much more
> frequently because the DNS server has to redo the AAAA queries often.
Your upstream resolver is broken if it returns FORMERR responses to AAAA
queries. The behaviour you describe is not normal.
Have a look at bind's filter-aaaa-on-v4 and deny-answer-addresses options
which should allow you prevent applications from trying to use IPv6. The
latter might also quell queries for IPv6 addresses of name servers (though
I haven't verified that). Also perhaps it'll help to declare all IPv6 name
servers bogus -- server ::/0 { bogus yes; };
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
North Bailey: Variable becoming southeasterly 3 or 4. Slight or moderate.
Fair. Good.
More information about the bind-users
mailing list