Inside Out

Slow dns resolution and IPv6

In some lan setups (e.g. you’re using a pihole), DNS resolution can be extremely slow due to AAAA records. Under the hood, glibc sends A (ipv4) and AAAA (ipv6) resolution requests by default. In a faulty setup, the DNS server doesn’t respond to AAAA leading to timeouts and visible latencies in browsing.

Details about glibc behavior is here: https://udrepper.livejournal.com/20948.html

Identify the problem

Use dig to request for AAAA record. You will get a connection timeout or no data.

dig AAAA cdn.sstatic.net

If you’re using pi-hole, here’s how the problem shows up in query log.

Figure: ipv6 resolver problem

Workaround

If you don’t control the DNS server, force the local resolver to send a single request at a time and an early timeout.

# add to resolv.conf
options timeout:1
options single-request

Some more ways to disable AAAA lookups are outlined in https://serverfault.com/questions/632665/how-to-disable-aaaa-lookups

Alternatively you could disable the ipv6 stack with a kernel parameter. See https://wiki.archlinux.org/index.php/IPv6#Disable_IPv6

Fix

Ensure your pi-hole setup is configured to resolve AAAA requests.

Figure: ipv6 resolver configuration

We can verify working state with dig command above or from pi-hole query log.

Figure: ipv6 resolver working


© 2020. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.