[157368] in North American Network Operators' Group
Re: Please, talk me down.
daemon@ATHENA.MIT.EDU (Mark Andrews)
Wed Oct 17 01:23:02 2012
To: Joseph Anthony Pasquale Holsten <joseph@josephholsten.com>
From: Mark Andrews <marka@isc.org>
In-reply-to: Your message of "Wed, 17 Oct 2012 03:35:11 -0000."
<2801F5F8-B8E2-4A9F-9A89-02D7783CCDA7@josephholsten.com>
Date: Wed, 17 Oct 2012 16:21:44 +1100
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
In message <2801F5F8-B8E2-4A9F-9A89-02D7783CCDA7@josephholsten.com>, Joseph Ant
hony Pasquale Holsten writes:
> I want to like IPv6. I do. But I'm seriously considering turning off
> IPv6 support from our servers.
>
> First off, I'm using djbdns internally and it doesn't support AAAA
> records. So we really aren't using it internally.
djbdns doesn't support lots of things.
> But today I noticed that we have a lot of traffic to our DNS cache, and
> started to investigate. Turns out that every DNS request would start
> with one for the AAAA record. Ah, no luck. Maybe you forgot the search
> domain? Let's retry that DNS request with that tacked on. Failed again?
> Meanwhile, lets simultaneously try for the AA record then. Repeat.
It looks like your getaddrinfo implementation is a searching for
AAAA records and then searching for A records. With a A record for
name2 you get a query path like this.
e.g. name1 AAAA -> NXDOMAIN
name2 AAAA -> NODATA
name3 AAAA -> NXDOMAIN
name1 A -> NXDOMAIN
name2 A -> DATA
You could ask you vendor to implement a alternating search strategy.
e.g. name1 AAAA -> NXDOMAIN
name1 A -> NXDOMAIN
name2 AAAA -> NODATA
name2 A -> DATA
Additionally you could get your vendor skip the A lookup on NXDOMAIN
from AAAA.
e.g. name1 AAAA -> NXDOMAIN
name2 AAAA -> NODATA
name2 A -> DATA
> I'm _this_ close to turning IPv6 off entirely. Anyone want to talk me
> off this ledge?
> --
> http://josephholsten.com
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
