Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Name resolution problem caused by IPv4 and IPv6 mix
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Mike81
n00b
n00b


Joined: 05 Jan 2011
Posts: 39

PostPosted: Wed Nov 27, 2013 2:29 pm    Post subject: Name resolution problem caused by IPv4 and IPv6 mix Reply with quote

Hello,

I have multiple Gentoo systems with 2 NICs (eth0 for internal network and eth1 for external network).

My internal network is IPv4 only at the moment.

Every system has one internal IPv4 address (eth0) and one public external IPv4 and IPv6 address (eth1).

I have set
Code:
dns_search="foo.local foo.com"
in /etc/conf.d/net which will set SEARCH in /etc/resolv.conf (foo.local is my internal local domain, foo.com is my public domain; if I try resolve "bar" for example, I want that the systems first try to use "bar.foo.local." and if they don't get a DNS reply they should try "bar.foo.com"; otherwise I would have used DOMAIN instead of SEARCH).

I have set an A record for the internal IPv4 address (in foo.local zone) and an A and AAAA address for the public addresses (in foo.com zone).

My problem:
I am unable to set the local domain. Therefore I am unable to target an internal host by name.

The reason: Because my systems are IPv6-enabled "hostname --domain" will return "foo.com". That's because the system will ask for AAAA? $hostname.foo.local ... will get a NXDOMAIN reply, because I don't have such an AAAA record in foo.local... now it will ask for AAAA? $hostname.foo.com and will get an AAAA record. Because now it has a record, it doesn't even ask for A (I thought glibc performs IPv4 and IPv6 lookups in parallel since version 2.9..).

My problem could be solved if the system would first try the first SEARCH value for AAAA followed by A but currently it tries all SEARCH values for AAAA first and only if no AAAA was returned it will start again and asks for A records.

Although, currently it takes 4 requests to get one A record ("AAAA? $hostname.foo.local.", "AAAA? $hostname.foo.com.", "AAAA? $hostname.", "A? $hostname.foo.local.")

Any ideas? I am not yet ready to roll out IPv6 in my internal network.
But I also don't want to lose the ability to search in multiple DOMAINs...
Do I have to split by hostnames?
Back to top
View user's profile Send private message
Adel Ahmed
Veteran
Veteran


Joined: 21 Sep 2012
Posts: 1158

PostPosted: Tue Dec 03, 2013 3:11 am    Post subject: Reply with quote

take a look at /etc/gai.conf
I believe you can change the type of lookup precedence (A or AAAA) on a per subnet basis:

# precedence <mask> <value>
# Add another rule to the RFC 3484 precedence table. See section 2.1
# and 10.3 in RFC 3484. The default is:
#
#precedence ::1/128 50
#precedence ::/0 40
#precedence 2002::/16 30
#precedence ::/96 20
#precedence ::ffff:0:0/96 10
#
# For sites which prefer IPv4 connections change the last line to
#
#precedence ::ffff:0:0/96 100

hope that's helpful
Back to top
View user's profile Send private message
Mike81
n00b
n00b


Joined: 05 Jan 2011
Posts: 39

PostPosted: Tue Dec 03, 2013 1:18 pm    Post subject: Reply with quote

Well, gai.conf will only be used when you have both (A and AAAA) records.

But the "problem" is, that an IPv6-enabled host will first query for AAAA (when using glibc). If it would also query for an A record, it wouldn't be problem because I only have A records (no need for configuring a precedence) but because glibc will first query for an AAAA record for every possible combination out of SEARCH values before querying for A (e.g. SEARCH="bar.internal bar.com", glibc would AAAA? for foo.bar.internal. followed by AAAA? for foo.bar.com. Only when there isn't an AAAA record for foo.bar.internal and foo.bar.com, glibc would query A? foo.bar.internal (in my case it would get an A response and would stop, if not it would also query A? foo.bar.com)). In my setup the second combination has an AAAA record, so glibc won't ask for A? because it is satisfied with an AAAA response.

I stopped using SEARCH because of that.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum