Search Posts

Prefer/Precedence IPv4 over IPv6 for DNS lookups

We had an issue with DNS lookup/Querying the whois servers(Example: whois.crsnic.net) while Domain Search/Registration for any TLDs through WHMCS, Domain Manager etc. The tool/system used to timeout whenever the users searched a domain for availability.

We found the following via CLI when telnet’ing to the whois server directly.

[root@host ~]# telnet whois.crsnic.net 43
Trying 2620:74:20::30...
telnet: connect to address 2620:74:20::30: Connection refused
Trying 2620:74:21::30...
telnet: connect to address 2620:74:21::30: Connection refused
Trying 192.34.234.30...
Connected to whois.crsnic.net.
Escape character is '^]'.

The above indicates it attempts IPv6 DNS lookup first but the whois server doesn’t support or provide it, later our server tries IPv4 DNS lookup and it worked.

The system by default uses AAAA(IPv6) DNS lookups before IPv4 according to the default precedence blocks in /etc/gai.conf (gai stands for getaddrinfo, the standard system call for resolving host names).

As many prefer to disable IPv6 completely and it is not a good solution on the servers which require IPv6 for other purposes, we can try an alternative solution by giving precedence to IPv4 over IPv6 without disabling IPv6.

This is done by changing “precedence ::ffff:0:0/96 10" toprecedence ::ffff:0:0/96 100" in the config file /etc/gai.conf. Check whole /etc/gai.conf to read and understand.

[root@host ~]# grep "::ffff:0:0/96" /etc/gai.conf
#label ::ffff:0:0/96 4
#precedence ::ffff:0:0/96  10
precedence ::ffff:0:0/96  100

If you do not have a /etc/gai.conf(which controls the getaddrinfo() call), you should have an example somewhere within /usr/share/doc (on Centos/RHEL, it is at /usr/share/doc/glibc-common-X.XX.XX/gai.conf) which you can copy over to /etc/gai.conf.

Mine was at:

[root@host ~]# rpm -qa glibc*
glibc-common-2.17-260.el7_6.6.x86_64
glibc-2.17-260.el7_6.6.x86_64
glibc-headers-2.17-260.el7_6.6.x86_64
glibc-devel-2.17-260.el7_6.6.x86_64

[root@host ~]# ll /usr/share/doc/glibc-common-2.17/gai.conf
-rw-r--r--. 1 root root 2584 Jul  3 15:25 /usr/share/doc/glibc-common-2.17/gai.conf

[root@host ~]# cp -pv /usr/share/doc/glibc-common-2.17/gai.conf /etc/
‘/usr/share/doc/glibc-common-2.17/gai.conf’ -> ‘/etc/gai.conf’

Then it started working fine by giving preference to IPv4 over IPv6.

[root@host ~]# telnet whois.crsnic.net 43
Trying 192.34.234.30...
Connected to whois.crsnic.net.
Escape character is '^]'.
Connection closed by foreign host.

Leave a Reply

Your email address will not be published. Required fields are marked *