Date: Thu, 13 Sep 2007 08:56:31 +1000 From: Mark Andrews <Mark_Andrews@isc.org> To: Andreas Pettersson <andpet@telia.com> Cc: freebsd-stable@freebsd.org Subject: Re: BIND 9.3.1 - How to get rid of AAAA querys? Message-ID: <200709122256.l8CMuVLx004978@drugs.dv.isc.org> In-Reply-To: Your message of "Wed, 12 Sep 2007 21:45:21 %2B0200." <46E841D1.3020002@telia.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> When looking in the querylog for BIND 9.3.1 running on FreeBSD 5.4, > almost every other log entry specifies an AAAA query. The only client is > localhost. I see no reason right now to have BIND wasting resources on > IPv6 requests, so I added > > named_flags="-4" > > to rc.conf and restarted named. Sockstat tells me named is listening > only on udp4 and tcp4, but I still get lots of AAAA entries in the querylog: > > 12-Sep-2007 21:40:47.129 client 127.0.0.1#60103: query: > smtp.secureserver.net IN AAAA + > 12-Sep-2007 21:40:47.648 client 127.0.0.1#64489: query: > smtp.where.secureserver.net IN AAAA + > 12-Sep-2007 21:40:47.847 client 127.0.0.1#61673: query: > smtp.secureserver.net IN A + > 12-Sep-2007 21:40:47.869 client 127.0.0.1#53040: query: > mailstore1.secureserver.net IN AAAA + > 12-Sep-2007 21:40:47.871 client 127.0.0.1#54473: query: > mailstore1.secureserver.net IN A + > 12-Sep-2007 21:40:58.261 client 127.0.0.1#58124: query: > 120.86.248.87.in-addr.arpa IN PTR + > 12-Sep-2007 21:40:58.340 client 127.0.0.1#56511: query: > static-ip-87-248-86-120.promax.media.pl IN AAAA + > 12-Sep-2007 21:40:58.410 client 127.0.0.1#61212: query: > static-ip-87-248-86-120.promax.media.pl IN A + > > What can I do to get rid of these? Teach each and every application not to make them. :-) -4 stops named *making* and accepting queries *over* IPv6. It does NOT stop it accepting AAAA queries. It does NOT stop it making AAAA queries. Why don't you go the other way and get yourself IPv6 connectivity. You do realise that you will require it to reach many sites in about 3 years time as they will be IPv6 only (new IPv4 address space is running out real soon now). Running dual stacked now is how you debug you system. If you ISP doesn't yet offer IPv6 natively there are lots of alternate method. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200709122256.l8CMuVLx004978>