Re: How to disable ipv6 in Lenny to avoid 1.0.0.0 in name resolution for AAAA type queries?
Here are some outputs from Ubuntu that works fine (sends A queries
only) with ipv6 enabled and Debian that does not work fine (sends AAAA
queries) with my DNS server. I have generated this output with the
default settings of both Ubuntu and Debian. So, in the outputs below,
you'll see ipv6 enabled in Debian. However, with ipv6 disabled in
/etc/modprobe.d/aliases, the output remains similar and Debian does
not work with my DNS server.
UBUNTU OUTPUTS:-
$ lsmod | grep ipv6
ipv6 307072 10
$ sudo grep -R ipv6 /etc/
/etc/modprobe.d/aliases:alias net-pf-10 ipv6
/etc/mono/2.0/machine.config: <ipv6 enabled="false"/>
/etc/mono/1.0/machine.config: <ipv6 enabled="false"/>
/etc/protocols:ipv6 41 IPv6 # Internet Protocol, version 6
/etc/protocols:ipv6-route 43 IPv6-Route # Routing Header for IPv6
/etc/protocols:ipv6-frag 44 IPv6-Frag # Fragment Header for IPv6
/etc/protocols:ipv6-icmp 58 IPv6-ICMP # ICMP for IPv6
/etc/protocols:ipv6-nonxt 59 IPv6-NoNxt # No Next Header for IPv6
/etc/protocols:ipv6-opts 60 IPv6-Opts # Destination Options for IPv6
Binary file /etc/alternatives/cli matches
Binary file /etc/alternatives/www-browser matches
/etc/ppp/ipv6-up:if [ -x /etc/ppp/ipv6-up.local ]; then
/etc/ppp/ipv6-up: exec /etc/ppp/ipv6-up.local "$*"
/etc/ppp/ipv6-up:run-parts /etc/ppp/ipv6-up.d \
/etc/ppp/ipv6-down:if [ -x /etc/ppp/ipv6-down.local ]; then
/etc/ppp/ipv6-down: exec /etc/ppp/ipv6-down.local "$*"
/etc/ppp/ipv6-down:run-parts /etc/ppp/ipv6-down.d \
/etc/avahi/avahi-daemon.conf:use-ipv6=no
/etc/avahi/avahi-daemon.conf:#publish-a-on-ipv6=no
/etc/sysctl.conf:#net.ipv6.conf.default.forwarding=1
Binary file /etc/X11/X matches
$ cat /etc/resolv.conf
nameserver 192.168.1.1
$ ls -l /etc/resolv.conf
-rw-r--r-- 1 root root 23 2007-12-15 23:41 /etc/resolv.conf
DEBIAN OUTPUTS:-
# lsmod | grep ipv6
ipv6 213856 19
# grep -R ipv6 /etc/ 2> /dev/null
Binary file /etc/dosemu/drives/d/tmp/etherXXXXKM1kmz matches
Binary file /etc/dosemu/drives/c/tmp/etherXXXXKM1kmz matches
/etc/protocols:ipv6 41 IPv6 # Internet Protocol, version 6
/etc/protocols:ipv6-route 43 IPv6-Route # Routing Header for IPv6
/etc/protocols:ipv6-frag 44 IPv6-Frag # Fragment Header for IPv6
/etc/protocols:ipv6-icmp 58 IPv6-ICMP # ICMP for IPv6
/etc/protocols:ipv6-nonxt 59 IPv6-NoNxt # No Next Header for IPv6
/etc/protocols:ipv6-opts 60 IPv6-Opts # Destination Options for IPv6
/etc/avahi/avahi-daemon.conf:use-ipv6=no
/etc/avahi/avahi-daemon.conf:#publish-a-on-ipv6=no
Binary file /etc/X11/X matches
Binary file /etc/alternatives/php matches
Binary file /etc/alternatives/www-browser matches
Binary file /etc/alternatives/emacs matches
Binary file /etc/selinux/refpolicy-targeted/modules/active/base.linked matches
Binary file /etc/selinux/refpolicy-targeted/modules/active/base.pp matches
/etc/selinux/refpolicy-targeted/modules/active/file_contexts.template:/etc/ppp/ipv6-up\..*
-- system_u:object_r:bin_t:s0
/etc/selinux/refpolicy-targeted/modules/active/file_contexts.template:/etc/ppp/ipv6-down\..*
-- system_u:object_r:bin_t:s0
/etc/selinux/refpolicy-targeted/modules/active/file_contexts:/etc/ppp/ipv6-up\..*
-- system_u:object_r:bin_t:s0
/etc/selinux/refpolicy-targeted/modules/active/file_contexts:/etc/ppp/ipv6-down\..*
-- system_u:object_r:bin_t:s0
Binary file /etc/selinux/refpolicy-targeted/modules/previous/base.linked matches
Binary file /etc/selinux/refpolicy-targeted/modules/previous/base.pp matches
/etc/selinux/refpolicy-targeted/modules/previous/file_contexts.template:/etc/ppp/ipv6-up\..*
-- system_u:object_r:bin_t:s0
/etc/selinux/refpolicy-targeted/modules/previous/file_contexts.template:/etc/ppp/ipv6-down\..*
-- system_u:object_r:bin_t:s0
/etc/selinux/refpolicy-targeted/modules/previous/file_contexts:/etc/ppp/ipv6-up\..*
-- system_u:object_r:bin_t:s0
/etc/selinux/refpolicy-targeted/modules/previous/file_contexts:/etc/ppp/ipv6-down\..*
-- system_u:object_r:bin_t:s0
/etc/selinux/refpolicy-targeted/contexts/files/file_contexts:/etc/ppp/ipv6-up\..*
-- system_u:object_r:bin_t:s0
/etc/selinux/refpolicy-targeted/contexts/files/file_contexts:/etc/ppp/ipv6-down\..*
-- system_u:object_r:bin_t:s0
/etc/security/access.conf:# User "john" should get access from ipv4 as
ipv6 net/mask
/etc/security/access.conf:# User "john" should get access from ipv6 host address
/etc/security/access.conf:# User "john" should get access from ipv6
host address (same as above)
/etc/security/access.conf:# User "john" should get access from ipv6 net/mask
/etc/sysctl.conf:#net.ipv6.ip_forward=1
/etc/modprobe.d/aliases:alias net-pf-10 ipv6
# cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 192.168.1.1
# ls -l /etc/resolv.conf
lrwxrwxrwx 1 root root 31 2007-12-14 21:22 /etc/resolv.conf ->
/etc/resolvconf/run/resolv.conf
TSHARK DNS LOGS IN UBUNTU:-
Command: wget www.debian.org
tshark output:
29.536837 192.168.1.5 -> 192.168.1.1 DNS Standard query A www.debian.org
29.540010 192.168.1.1 -> 192.168.1.5 DNS Standard query response A
194.109.137.218
Command: bitchx irc.freenode.net
tshark output:
5.535012 192.168.1.5 -> 192.168.1.1 DNS Standard query A irc.freenode.net
5.538236 192.168.1.1 -> 192.168.1.5 DNS Standard query response A
207.158.1.150
TSHARK DNS LOGS IN DEBIAN:-
Command: wget www.debian.org
tshark output:
0.000344 192.168.1.5 -> 192.168.1.1 DNS Standard query AAAA www.debian.org
0.057051 192.168.1.1 -> 192.168.1.5 DNS Standard query response
0.057175 192.168.1.5 -> 192.168.1.1 DNS Standard query AAAA www.debian.org
0.060241 192.168.1.1 -> 192.168.1.5 DNS Standard query
response[Malformed Packet]
0.060308 192.168.1.5 -> 192.168.1.1 DNS Standard query A www.debian.org
0.062209 192.168.1.1 -> 192.168.1.5 DNS Standard query response A 1.0.0.0
Command: bitchx irc.freenode.net
tshark output:
1.839877 192.168.1.5 -> 192.168.1.1 DNS Standard query AAAA irc.freenode.net
1.891477 192.168.1.1 -> 192.168.1.5 DNS Standard query response
CNAME chat.freenode.net
1.891623 192.168.1.5 -> 192.168.1.1 DNS Standard query A irc.freenode.net
1.896916 192.168.1.1 -> 192.168.1.5 DNS Standard query response A 1.0.0.0
Command: nslookup irc.freenode.net
tshark output:
7.346382 192.168.1.5 -> 192.168.1.1 DNS Standard query A irc.freenode.net
7.673511 192.168.1.1 -> 192.168.1.5 DNS Standard query response
CNAME chat.freenode.net A 209.177.146.34 A 82.96.64.4 A 140.211.166.4
A 207.158.1.150 A 140.211.166.3 A 64.161.254.20 A 208.71.169.36 A
216.165.191.52 A 213.92.8.4
Command: bitchx irc.freenode.net
tshark output:
1.700702 192.168.1.5 -> 192.168.1.1 DNS Standard query AAAA irc.freenode.net
1.704137 192.168.1.1 -> 192.168.1.5 DNS Standard query
response[Malformed Packet]
1.704609 192.168.1.5 -> 192.168.1.1 DNS Standard query A irc.freenode.net
1.707047 192.168.1.1 -> 192.168.1.5 DNS Standard query response A
209.177.146.34
So, as you can see once I did nslookup for irc.freenode.net, then
bitchx could successfully connect to irc.freenode.net.
After this, I installed bind9 and configured this in
/etc/bind/named.conf.options (which is included in
/etc/bind/named.conf)
forwarders {
192.168.1.1;
};
I did not use the -4 option for ipv4 only. I just ran the default
/etc/init.d/bind9 start and tried wget www.debian.org. tshark logs
below.
TSHARK DNS LOGS IN DEBIAN WITH BIND9 NAMED:-
Command: wget www.debian.org
tshark output:
16.727530 192.168.1.5 -> 192.168.1.1 DNS Standard query AAAA www.debian.org
16.789290 192.168.1.1 -> 192.168.1.5 DNS Standard query response
16.790362 192.168.1.5 -> 192.168.1.1 DNS Standard query A www.debian.org
16.792937 192.168.1.1 -> 192.168.1.5 DNS Standard query response OPT
16.793168 192.168.1.5 -> 192.5.5.241 DNS Standard query A www.debian.org
16.840249 192.5.5.241 -> 192.168.1.5 DNS Standard query response
16.840964 192.168.1.5 -> 199.19.53.1 DNS Standard query A www.debian.org
17.227114 199.19.53.1 -> 192.168.1.5 DNS Standard query response
17.227680 192.168.1.5 -> 194.109.137.218 DNS Standard query A www.debian.org
17.438482 194.109.137.218 -> 192.168.1.5 DNS Standard query response
A 194.109.137.218
With bind9 running, all applications run fine with the Internet.
On Dec 15, 2007 10:14 PM, Nicolás Ruiz <nicolas@ula.ve> wrote:
> Yes, from a cursory search on google, it seems like running bind9 with
> the "-4" option would work
>
> Are you using the same applications in debian and ubuntu? The
> application is the one that controls if there are going to be AAAA
> queries or not. But if you're totally sure that ubuntu does not make
> AAAA queries, it should be controlled via the resolver library. Maybe
> IPv6 can be disabled during compilation.
>
> >
> > On Dec 15, 2007 9:40 PM, Nicolás Ruiz <nicolas@ula.ve> wrote:
>
> > Hello:
> >
> > Amogh Hooshdar wrote:
> >>>> I am using Debian Lenny.
> >>>>
> >>>> $ uname -a
> >>>> Linux mylappy 2.6.18-4-486 #1 Wed May 9 22:23:40 UTC 2007 i686 GNU/Linux
> >>>>
> >>>> I changed the "alias net-pf-10 ipv6" line to the following two lines.
> > That's an interesting problem, and although I don't have an answer, I
> > can tell you that disabling the IPv6 module would not solve the problem.
> > You see, the IPv6 module only controls the handling of ipv6 packets sent
> > or received, while your problem is generating AAAA queries. Since the
> > AAAA queries can be - and in this case are - transported over IPv4, it's
> > not working.
> >
> > The solution should involve the resolver library, which you control via
> > /etc/resolv.conf. As far as I can tell, there is no system-wide way to
> > prevent the use of IPv6, so no luck there.
> >
> > The only way I can think of (if you can't just update the DNS server to
> > be able to handle IPv6 requests) is to install a local DNS server in
> > your own laptop, disable handling (and querying) of AAAA records in the
> > DNS server and make it recursive. Finally, point your resolver
> > (/etc/resolv.conf) only to your local DNS server.
> >
> > hope it helps
> > nicolás
> >
> >>>> alias net-pf-10 off
> >>>> alias ipv6 off
> >>>>
> >>>> After rebooting, I checked: lsmod | grep ipv6. Sure enough it is gone
> >>>> and the command gives nil output. But when I use bitchx or pidgin to
> >>>> connect to irc.freenode.net, I can still see DNS AAAA irc.freenode.net
> >>>> type of queries.As a result our DNS server that can't handle
> >>>> ipv6 returns 1.0.0.0 as the address and the clients don't work.
> >>>>
> >>>> (1) First I tried making these changes /etc/modprobe.d/aliases - Result:
> >>>> problem persists (Yes, I did reboot after the changes)
> >>>>
> >>>> (2) Next, I tried adding the two alias off lines in
> >>>> /etc/modeprobe.d/00local - Result: problem persists.
> >>>>
> >>>> (3) Finally, I added the line "blacklist ipv6" towards the top (5th line)
> >>>> of /etc/modeprobe.d/blacklist - Result: still the problem persists.
> >>>>
> >>>> I have also tried the following as per some suggestions:-
> >>>>
> >>>> 1. commenting out ipv6 related lines in /etc/hosts
> >>>> 2. /etc/init.d/avahi-daemon stop
> >>>>
> >>>> But they didn't help.
> >>>>
> >>>> I have succeeded to make Iceweasel work by setting
> >>>> network.dns.disableIPv6=true in about:config. But I need a OS-wide
> >>>> solution so that all my network apps do not send ipv6 DNS AAAA type
> >>>> requests and they work successfully.
> >>>>
> >>>> Please help me to disable ipv6 completely.
> >>>>
> >>>>
> >>
> >>
>
> - --
> A: Because it destroys the flow of conversation.
> Q: Why is top posting dumb?
> - --
> Juan Nicolás Ruiz | Corporación Parque Tecnológico de Mérida
> nicolas@ula.ve | Mérida - Venezuela
> PGP Key fingerprint = CDA7 9892 50F7 22F8 E379 08DA 9A3B 194B D641 C6FF
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFHZARpmjsZS9ZBxv8RAtc3AJ9Gte8YhprzGWyHHINZ2ZrlMtKD1gCfa00j
> QQXpFWRn+Ga76ZSolPdH5WA=
> =ppIM
> -----END PGP SIGNATURE-----
>
>
Reply to: