Silently drop queries for AAAA records
p.mayers at imperial.ac.uk
Wed Dec 8 09:09:44 UTC 2010
On 12/08/2010 07:40 AM, Niobos wrote:
> On 2010-12-07 23:31, David A. Evans wrote:
>> I'm in the mood to prove a point. I have a very poorly written
>> application that is generating a few hundred queries per second of
>> completely bogus AAAA records before attempting a lookup of the correct
>> A records. This is because the application was compiled with a IPv6
>> interface enabled on the severs so it assumes that v6 is available. It
>> is not. The application owner does not see an issue as they get the
>> handful NXDOMAIN responses back in ~2 ms for each valid response and
>> don't see any performance hit.
> Actually, this is the desired behavior for IPv6 applications. They
> prefer v6, so they first try to connect over v6 (hence the AAAA
> request). When they either (1) don't get an IPv6 address or (2) they see
> that they have no route to that IPv6 address or (3) the v6 connection
> times out; they fall back to IPv4.
Not quite. The desired behaviour for *all* applications these days is to
call the system library getaddrinfo() call, and loop over the responses.
getaddrinfo() in turn decides what DNS lookups to perform, and on most
platforms will omit AAAA lookups if it doesn't have a routable IPv6 address.
Whether AAAA or A responses are preferred depends on the application of
RFC 3484 sorting rules keyed of available local addresses as well as the
remote. Native v6 -> Native v6 is preferred, then Native v4 -> Native
v4, then tunneled v6 -> tunneled v6, and so forth.
More information about the bind-users