Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
23.7 Legacy Series
»
unbound question AAAA
« previous
next »
Print
Pages: [
1
]
Author
Topic: unbound question AAAA (Read 1720 times)
TimmiORG
Newbie
Posts: 38
Karma: 1
unbound question AAAA
«
on:
November 13, 2023, 03:32:03 pm »
Hi guys,
I'm currently trying to reduce the amount of DNS requests hitting my OPNsense (Unbound).
All my networks are IPv4 based.
The client is caching IPv4 IPs correctly but still requests IPv6 IPs for the host name.
I guess the answer from the OPNsense does not keep him happy to he is requesting the IPv6 IP again next time.
Means I'm seeing only AAAA requests from that client.
Happy to get your ideas.
Best regards and thank you
Timmi
Logged
bimbar
Sr. Member
Posts: 436
Karma: 25
Re: unbound question AAAA
«
Reply #1 on:
November 13, 2023, 03:56:05 pm »
IPv6 usually has priority over IPv4, so clients will try to reach hosts by IPv6 first, hence the AAAA request.
Logged
TimmiORG
Newbie
Posts: 38
Karma: 1
Re: unbound question AAAA
«
Reply #2 on:
November 13, 2023, 03:59:14 pm »
Hi bimbar,
the client has IPv6 disabled on the nic.
I guess the empty response from the OPNsense is preventing the local DNS cache of the client to not ask again.
Logged
doktornotor
Hero Member
Posts: 709
Karma: 70
Re: unbound question AAAA
«
Reply #3 on:
November 13, 2023, 04:12:42 pm »
You can use BIND with no-aaaa. Other than that, disabling IPv6 is not a solution to anything, it is 2023.
Quote
reduce the amount of DNS requests hitting my OPNsense
Why? What number of clients and what HW are we talking about for this to be a real problem?
Logged
TimmiORG
Newbie
Posts: 38
Karma: 1
Re: unbound question AAAA
«
Reply #4 on:
November 13, 2023, 04:16:30 pm »
Hi,
the client is Rocky Linux 8 based and using systemd-resolved for the DNS cache.
This is not about to disable IPv6 at all.
The system is resolving internal hostnames. IPv4 responses are cached normally.
The client is just asking all the time AAAA requests for the internal hostnames as I guess I'm missing a config on the OPNsense to make sure that these responses are getting cached as well.
Hope this explains it better.
Logged
TimmiORG
Newbie
Posts: 38
Karma: 1
Re: unbound question AAAA
«
Reply #5 on:
November 13, 2023, 05:05:26 pm »
The single client is currently performing around 300 DNS lookups (5min so 1/sec) for IPv6 (AAAA) where the IPv4 (A) requests have been cached.
The systems inside my network register via DHCP their host names (IPv4 only).
Maybe this is also an issue of resolved that it does not cache the response.
Just to make it clear that the single client does not matter much. But it is unnecessary load for nothing and might effect the network and responses for normal DNS requests.
Logged
Saarbremer
Sr. Member
Posts: 353
Karma: 14
Re: unbound question AAAA
«
Reply #6 on:
November 13, 2023, 08:22:49 pm »
Hi,
just for the record, you don't have any AAAA defined for these loookups so it's always NXDOMAIN and the SOA TTL for negative answers is sufficiently big? If yes you might want to check with your rocky linux's resolver config.
Logged
TimmiORG
Newbie
Posts: 38
Karma: 1
Re: unbound question AAAA
«
Reply #7 on:
November 13, 2023, 08:48:00 pm »
Yes, there is no AAAA entry defined for this.
I guess the problem is Unbound. Will check with the guys there.
Keep you updated.
Logged
TimmiORG
Newbie
Posts: 38
Karma: 1
Re: unbound question AAAA
«
Reply #8 on:
November 14, 2023, 10:37:31 am »
Hi all,
I did some more research yesterday.
It looks like that the NOERROR response without answer and no SOA won't get cached by resolved.
The typetransparent flag in the unbound configuration solved my issue.
Best regards
Timmi
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
23.7 Legacy Series
»
unbound question AAAA