I am trying to prevent a webserver to do IPv6 lookups (AAAA) to the DNS-server. The webserver has no IPv6 addresses set-up on the interfaces. Disabling IPv6 in sysctl.conf had no impact either, the webserver keeps sending both A and AAAA requests for every hostname to the DNS server (I performed a tcpdump).
Can anyone help me with stopping the webserver to send out IPv6 hostname lookups?
Extra information:
This is on my internal network. TCPDump:
webserver.internal.43831 > internaldns.internal.domain: [bad udp cksum 629d!] 63585+ A? someserver.internal. (43)`
webserver.internal.43831 > internaldns.internal.domain: [bad udp cksum 32dd!] 40337+ AAAA? someserver.internal. (43)
internaldns returns the IP for the A-record and NXDOMAIN for the AAAA, as there isn't set one.
Best Answer
There is no reason to disable IPv6 AAAA lookups (at least none you've given us), so my answer to you is please stop trying to outsmart your system and let it work the way it's intended to.
By disabling IPv6 lookups now you're just setting yourself up for mysterious problems in the future when you add IPv6 to your environment and suddenly some systems aren't working properly.
The negligible cost of a few bytes in a spurious DNS request is far outweighed by the predictability/correctness of your environment in the future.
That said, if you still want to play with this foot-gun the easiest solution (in fact the only one I'm aware of) is to compile and install a resolver which is not IPv6 aware.
If you do such a horrible thing ensure that it is well documented in no fewer than 5 places (Your site's documentation repository, MOTD/issue, SSH banner, a sticker on the machine itself, and in a memo to your boss) so that when it breaks in the future there's a chance someone will be able to fix it quickly, without having to figure out that the machine was lobotomized.