On Sat, Aug 06, 2005 at 12:38:50AM -0400, Tom Lane wrote:
> [EMAIL PROTECTED] writes:
> > Your are correct in that 8.0 is doing a AAAA request first. I am running
> > Red Hat version 8.0. The difference in the way 7.2 and 8.0 resolve the
> > host option has to be because of the change from gethostbyname to
> > getaddrinfo. Is there some way I can force my machine to do an A search
> > before a AAAA search?
>
> On a recent RH system, "man 5 resolver" suggests that putting "options
> inet6" into /etc/resolv.conf is what makes this happen ... if there is
> such an entry on your system, try removing it. RH 8.0 is a good ways
> back though, so read the local version of that man page before doing
> anything with that config file.
Hmmm...I have unprivileged access to a RH 7.3 box and I see the
"inet6" option in its resolver(5) manual page, but /etc/resolv.conf
doesn't have that option. Yet a test program that calls getaddrinfo()
with hints.ai_family = AF_UNSPEC nevertheless tries AAAA queries
first (I can't run a sniffer on that box, so I tweaked the test
program's _res structure to send DNS queries to a server that I can
sniff). The resolver algorithm for an unqualified hostname is:
1. AAAA query for hostname.domain (for each domain in the search list).
2. AAAA query for hostname (i.e., as a top-level domain).
3. A query for hostname.domain.
4. A query for hostname.
Lowell's sniffer output shows this algorithm in action. The (1)
query returns zero answers, so we proceed to the (2) query. Here we
see a retry due to a timeout and eventually the DNS server responds
with SERVFAIL (see later comments on this). Then we proceed to (3)
and finally get an answer.
Thomas Pundt suggested running "lsmod | grep ipv6" and disabling
the ipv6 module if it's not needed. On the RH 7.3 box I have access
to, lsmod shows nothing like "ipv6", "ip6", "inet6", etc.
So, /etc/resolv.conf doesn't have an "inet6" option and the kernel
doesn't appear to have an IPv6 module, and yet getaddrinfo() still
makes AAAA queries. Does anybody know if this behavior can be
disabled on Linux if the box doesn't use IPv6?
The (2) and (4) queries above (the queries for the hostname as a
top-level domain) are also a nuisance. On FreeBSD those can be
disabled with the "no_tld_query" option in /etc/resolv.conf, but a
glance through Linux's resolver(5) manual page doesn't show any
such option. Can these queries be disabled on Linux?
(This is becoming a Linux configuration thread, so these questions
might need to be asked elsewhere.)
> I concur with Michael's previous suggestion that the best answer
> is to fix the clearly-broken DNS environment you're dealing with.
> It is no longer acceptable for anyone to be running nameservers
> that have not heard of IPv6 --- unless it's for a network that
> only contains clients that have not heard of IPv6, which yours
> evidently is not. Have a word with your local network admin.
Something Wrong does appear to be happening with this site's DNS.
The top-level domain AAAA queries should fail fairly quickly with
NXDOMAIN after the query goes to a root DNS server that responds
with "sorry, ain't no such name," yet the DNS server takes several
seconds to respond at all, and when it does it responds with SERVFAIL.
That's why I was wondering about connectivity problems to the roots.
In summary, several things would be desirable:
1. Disable AAAA queries if the box doesn't use IPv6.
2. Disable top-level domain queries in the resolver search
algorithm when looking up an unqualified hostname.
3. Fix the DNS servers so that if top-level domain queries for
hostnames are made, responses are made quickly instead of taking
so long and failing with SERVFAIL.
Lowell, you'll probably have to look elsewhere for solutions to
these problems, as they're not PostgreSQL-specific.
--
Michael Fuhr
---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to [EMAIL PROTECTED] so that your
message can get through to the mailing list cleanly
