Hi Dan,

Yes my thoughts exactly I've tried numerous ways including the gai.conf mod to 'disable' IPv6 on 9.2 none seem all that successful in 9.2. e.g.

root@backup:/home/xxxx# cat /etc/gai.conf
# Configuration for getaddrinfo(3).
#precedence ::1/128 50
#precedence ::/0 40
#precedence 2002::/16 30
#precedence ::/96 20
#precedence ::ffff:0:0/96 10
# For sites which prefer IPv4 connections change the last line to
precedence ::ffff:0:0/96 100

# scopev4 <mask> <value>
# Add another rule to the RFC 6724 scope table for IPv4 addresses.
#scopev4 ::ffff: 2
#scopev4 ::ffff: 14

root@backup:/home/xxxx# ip ad
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether ca:57:82:c2:51:ad brd ff:ff:ff:ff:ff:ff
    inet brd scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::c857:82ff:fec2:51ad/64 scope link
       valid_lft forever preferred_lft forever

root@backup:/home/xxxx# ping www.google.com
ping: www.google.com: Temporary failure in name resolution
root@backup:/home/xxxx# ping -4 www.google.com
PING www.google.com ( 56(84) bytes of data.
64 bytes from icmp_seq=1 ttl=54 time=11.2 ms
64 bytes from icmp_seq=2 ttl=54 time=11.2 ms
64 bytes from icmp_seq=3 ttl=54 time=11.5 ms
64 bytes from icmp_seq=4 ttl=54 time=11.3 ms
64 bytes from icmp_seq=5 ttl=54 time=11.3 ms
--- www.google.com ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4004ms
rtt min/avg/max/mdev = 11.2

------ Original Message ------
From: "Dan Ritter" <d...@randomstring.org>
To: "Simon Slaytor" <si...@slaytor.com>
Cc: debian-user@lists.debian.org
Sent: 17/11/2017 16:39:57
Subject: Re: 9.2 DNS Confusion

On Thu, Nov 16, 2017 at 07:55:18PM +0000, Simon Slaytor wrote:
Hi Folks,

Long time Debian user and up until now I've not had to reach out for help as
I've always found the answer after a short Google.

I've recently made the move from 8.x to 9.2 for my production boxes and I'm
having the mother of all DNS issues. My network is simple:

My network
2 x Juniper SSG-140 (Active/Passive) HA 1xTrust 1xDMZ 1xUntrust interfaces
IPv4 only IPv6 is not enabled.
2 x Netgear GSM724 Switches

The Junipers do DNS proxying for the Trust and DMZ networks. Junipers are in
NAT/Route mode.

Sitting onthe Trust network ( are Debian 8.8 / 9.2 and
Windoze 10 devices.
Sitting in the DMZ network ( are Debian 9.2 and Centos 7

My problem is this, after a vanilla 9.2 AMD 64 install DNS resolution 99
times out of 100 fails unless I force IPv4 for example:

xxxx@backup:~$ su
root@backup:/home/xxxx# cat /etc/resolv.conf
domain abc.com
search abc.com.
root@backup:/home/xxxx# ip ad
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group
default qlen 1000
    link/ether ca:57:82:c2:51:ad brd ff:ff:ff:ff:ff:ff
    inet brd scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::c857:82ff:fec2:51ad/64 scope link
       valid_lft forever preferred_lft forever
root@backup:/home/xxxx# ping www.apple.com
ping: www.apple.com: Temporary failure in name resolution
root@backup:/home/xxxx# ping -4 www.apple.com
PING e6858.dsce9.akamaiedge.net ( 56(84) bytes of data.
64 bytes from icmp_seq=1 ttl=50 time=19.3 ms
64 bytes from icmp_seq=2 ttl=50 time=19.7 ms
--- e6858.dsce9.akamaiedge.net ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 19.311/19.508/19.705/0.197 ms

The above box is in the Trust network however the same result occurs if I
use a host in the DMZ.

If I however use a Centos 7 box everything works as expected e.g.

[root@loadbalancer ~]# cat /etc/resolv.conf
# Generated by NetworkManager
[root@loadbalancer ~]# ip ad
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen
    link/ether 22:e7:41:55:a6:9c brd ff:ff:ff:ff:ff:ff
    inet brd scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::20e7:41ff:fe55:a69c/64 scope link
       valid_lft forever preferred_lft forever
[root@loadbalancer ~]# ping www.apple.com
PING e6858.dsce9.akamaiedge.net ( 56(84) bytes of data.
64 bytes from ( icmp_seq=1 ttl=55 time=28.4 ms 64 bytes from ( icmp_seq=2 ttl=55 time=28.4 ms
--- e6858.dsce9.akamaiedge.net ping statistics ---
3 packets transmitted, 2 received, 33% packet loss, time 2002ms
rtt min/avg/max/mdev = 28.453/28.456/28.459/0.003 ms
[root@loadbalancer ~]

Also Windoze 10 boxes running on the Trust network and Debian 8 boxes on
both have no issues its purely the 9.2 boxes.

Any help would be much appreciated.

You can effectively disable IPv6 on a Debian box by editing
/etc/gai.conf and uncommenting the line:

precedence ::ffff:0:0/96  100

Does that make a difference for you?


Reply via email to