[Dnsmasq-discuss] Disable IPV6 for DNS query alone

[Simon Kelley]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256



On 20/01/15 12:48, Sharan Basavaraj wrote:
> Problem: I am doing a DNS query and i see that queries are first
> sent for AAAA address and then sent for A on failure of AAAA
> option.

This is a feature of the client which is using dnsmasq, not dnsmasq
itself. A well behaved client shouldn't delay sending an A query
whilst waiting for an AAAA response.
https://tools.ietf.org/html/rfc6555 has the details, and the catchy
name "Happy eyeballs".

> 
> Restriction from my side: 1) I can not disable IPV6, as it is
> required by some other module. 2) I tried options like
> "single-request" but it didn't work, I still see queries sent for
> AAAA 3) I even tried compiling "dnsmasq" with option -DNO_IPV6.
> still i see it sends IPV6 query.
> 
> I am using RHEL5 and I dont see an easy option of disabling IPV6
> only for "dnsmasq"
> 
> 1) Can any one help with either how to modify code to disable IPV6
> query or 2) provide some option so that no IPV6 queries being sent.
> or 3) I see that AAAA query takes 5 sec to timeout, is there any
> way to restrict it to 1 sec?


It's not clear that dnsmasq can help here. The obvious thing is for
dnsmasq to always fail AAAA queries, so the client gets on and send a
A query instead. But there are two ways dnsmasq could fail an AAAA
query. It can return "no such domain", but then the client need no
ever send the A query, since it knows that the domains doesn't exists.
Or it can return "No data", ie the domain exists, but there's no AAAA
record. That will convince that client that the domain exists even
when it doesn't, which has more subtle but possibly bad effects.

There's no lie that dnsmasq can tell in response to the AAAA query
which will never have bad effects. Making this work is more
complicated that that, hence "happy eyeballs". The easiest solution
may be a find an upstream nameserver that can handle AAAA queries in a
sensible time.



Cheers,

Simon.

> 
> Any help here is really appreciated.
> 
> Regards, Sharan
> 
> 
> 
> _______________________________________________ Dnsmasq-discuss
> mailing list Dnsmasq-discuss at lists.thekelleys.org.uk 
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJUwBNYAAoJEBXN2mrhkTWiTpsP/25dEl7GIDxKpvDGmadwJ0ne
Bo/1kNq6S3ESe3mhO3QIwwYxS+aYGHhizecJ3RHkAoI6CFjTaN0/mpPg0oxhZK6Z
4KmbUUlrjDd5XGSTfol1hlMjURkXrF6PMZ1Ykh54AEDkmo7G3IUfPGZ3d3RX7G+Y
a7RQa1SRo9fZjUnzEvQibT0gEAYG6Hf8KqAIiNfQiOXqdgB7md66RyOaUotkMUjn
18iRn4vyPOKFWw2MJC5MUxwFg5AZ9pjYUkySec+6+bdK+mBGWmK7dJTaQPh8UQRu
lughJGaoaqcUMc4YsbhLdg4Hvmn+Q2ec0XGxPk6yI5flGhRLd+jIpoveYYlWqCW9
weQwNd7iULGcgdGy6sJbdFCxi36O//JxuTJ1MZtej+7yd40w98rSYifoK4Nnsgiz
pdqb7JfIc7E0aUQN/YnF7odvVw27CSk1Ip8X4Dghkzv+61FOa/hTx7swwLKhTtW5
UXPT0gYOfzcvA3gJT4E71EeK9fVPOcEY3844xPD2uh4HCLJ544FyXtZwlycbatPn
pbF3aBUZORcILwbUjT5h7aDNT/+5Dzms7YblGuGZFuvJzC3KZe7Q+QdWcOg+farD
5H/XbzLeDh76X4ysaFQFk3NisuJG6hEJz0OWMWtPK78+W9ceTKLE9OojK9E9eK1O
/phyMejkrP2ta/mr61eK
=v5vW
-----END PGP SIGNATURE-----