I know ipv6 is going to be in all our futures, but for the moment it's
just a PITA. My ISP doesn't support it and my /var/log/messages is
overflowing with complaints from named (I run the basic caching
nameserver configuration).

There's lots of variegated advice around on turning off ipv6, much of it
out of date. What's the canonical way of doing this in Fedora (12), or
at least getting named to shut up about it?

poc

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Patrick O'Callaghan wrote:
> I know ipv6 is going to be in all our futures, but for the moment it's
> just a PITA. My ISP doesn't support it and my /var/log/messages is
> overflowing with complaints from named (I run the basic caching
> nameserver configuration).

Are you seeing messages like this?

named[27331]: network unreachable resolving 'fedoraproject.org/DS/IN':
2001:500:f::1#53
named[27331]: network unreachable resolving
'fedoraproject.org.dlv.isc.org/DLV/IN': 2001:502:2eda::23#53

Change your named.conf to have the following to suppress those messages:

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
channel default_syslog {
syslog local2;
severity warning;
};
};

I would agree that the default named logging output is far too verbose.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

> There's lots of variegated advice around on turning off ipv6, much of it
> out of date. What's the canonical way of doing this in Fedora (12), or
> at least getting named to shut up about it?

ipv6 is now compiled into the kernel so all the previous advice about
modprobe.conf, modprobe.d, and sysctl.conf no longer works.

You now have to
(1) add
ipv6.disable=1
to the kernel (grub1) or linux (grub2) line
or
(2) recompile the kernel without ipv6 or with ipv6 as a module
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

On 02/08/2010 10:16 AM, Tom H wrote:
>> There's lots of variegated advice around on turning off ipv6, much of it
>> out of date. What's the canonical way of doing this in Fedora (12), or
>> at least getting named to shut up about it?
>>
> ipv6 is now compiled into the kernel so all the previous advice about
> modprobe.conf, modprobe.d, and sysctl.conf no longer works.
>
> You now have to
> (1) add
> ipv6.disable=1
> to the kernel (grub1) or linux (grub2) line
> or
> (2) recompile the kernel without ipv6 or with ipv6 as a module
>
I created /etc/modprob.d/blacklist-ckj.conf (ckj being my initials)
containing:
# Blacklist additions by ckj
# block ipv6 being loaded
blacklist ipv6

That worked for me with kernel 2.6.31.9-174.fc12.i686.PAE without the
kernel argument in grub, so I don't believe ipv6 is compiled into the
kernel. I've not tested the kernel argument, but that may be preferable.

In addition there is an '-4' argument for named to preclude its use of
IPv6. You can edit /etc/sysconfig/named to add that argument:
OPTIONS=-4


--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

On Mon, 2010-02-08 at 09:00 -0600, Michael Cronenworth wrote:
> Patrick O'Callaghan wrote:
> > I know ipv6 is going to be in all our futures, but for the moment it's
> > just a PITA. My ISP doesn't support it and my /var/log/messages is
> > overflowing with complaints from named (I run the basic caching
> > nameserver configuration).
>
> Are you seeing messages like this?
>
> named[27331]: network unreachable resolving 'fedoraproject.org/DS/IN':
> 2001:500:f::1#53
> named[27331]: network unreachable resolving
> 'fedoraproject.org.dlv.isc.org/DLV/IN': 2001:502:2eda::23#53
>
> Change your named.conf to have the following to suppress those messages:
>
> logging {
> channel default_debug {
> file "data/named.run";
> severity dynamic;
> };
> channel default_syslog {
> syslog local2;
> severity warning;
> };
> };
>
> I would agree that the default named logging output is far too verbose.

I'll try that, but since it just affects the logging, does this mean
that named is still trying to do ipv6 lookups all the time?

poc

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Patrick O'Callaghan wrote:
> I'll try that, but since it just affects the logging, does this mean
> that named is still trying to do ipv6 lookups all the time?

Only if you are visiting a IPv6-capable site, but such lookups return
immediately since you have no IPv6 route. There will not be any
increased latency or performance loss due to it. Named sees the AAAA
record and attempts to perform DNSSEC validation.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

On Mon, 2010-02-08 at 11:53 -0600, Michael Cronenworth wrote:
> Patrick O'Callaghan wrote:
> > I'll try that, but since it just affects the logging, does this mean
> > that named is still trying to do ipv6 lookups all the time?
>
> Only if you are visiting a IPv6-capable site, but such lookups return
> immediately since you have no IPv6 route. There will not be any
> increased latency or performance loss due to it. Named sees the AAAA
> record and attempts to perform DNSSEC validation.

OK, sounds good.

poc

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

>> ipv6 is now compiled into the kernel so all the previous advice about
>> modprobe.conf, modprobe.d, and sysctl.conf no longer works.

>> You now have to
>> (1) add
>> ipv6.disable=1
>> to the kernel (grub1) or linux (grub2) line
>> or
>> (2) recompile the kernel without ipv6 or with ipv6 as a module

> I created /etc/modprob.d/blacklist-ckj.conf *(ckj being my initials)
> containing:
> # Blacklist additions by ckj
> # block ipv6 being loaded
> blacklist ipv6

> That worked for me with kernel 2.6.31.9-174.fc12.i686.PAE without the
> kernel argument in grub, so I don't believe ipv6 is compiled into the
> kernel. *I've not tested the kernel argument, but that may be preferable.

You are right. I have just installed a regular F12 kernel and ipv6 is
compiled in as a module. I may be misremembering but I remember
reading some threads where people were having problems with DNS and
ipv6 (with F10 or F11) and they were unable to blacklist ipv6 because
it was a not a module. So either Fedora backtracked on the compilation
of ipv6 or my memory sucks...

Blacklisting ipv6 may not be enough to disable it completely; ipv6 can
still be loaded with insmod/modprobe.

If you add
install ipv6 /bin/true
to the blacklist entry, it will not load at all.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

On Tue, Feb 9, 2010 at 11:39 PM, Tom H <tomh0665@gmail.com> wrote:
> Blacklisting ipv6 may not be enough to disable it completely; ipv6 can
> still be loaded with insmod/modprobe.
>
> If you add
> install ipv6 /bin/true
> to the blacklist entry, it will not load at all.

I think insmod will still load it even in that case although modprobe
won't. It is too much a pain to get rid of that I don't really want to
test that tonight.

John
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

inode0 wrote:
> On Tue, Feb 9, 2010 at 11:39 PM, Tom H <tomh0665@gmail.com> wrote:
>
>> Blacklisting ipv6 may not be enough to disable it completely; ipv6 can
>> still be loaded with insmod/modprobe.
>>
>> If you add
>> install ipv6 /bin/true
>> to the blacklist entry, it will not load at all.
>>
>
> I think insmod will still load it even in that case although modprobe
> won't. It is too much a pain to get rid of that I don't really want to
> test that tonight.
>
> John
>
Doesn't killing it in ifcfg-eth0 do the job of preventing ipv6 from
being considered for any and all intranet and interet communication?

Paul

Paul
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines