3

I have a OSX El Capitain (10.11.2) host that has only IPv6 connectivity. The network uses NAT64 and DNS64 to provide access to legacy IPv4 hosts on the internet. The problem is that when looking up a hostname most tools (at least Curl, and Ruby's Net::HTTP) will try to connect to an IPv4 address despite there not being IPv4 connectivity.

How do I stop this?

From what I can see a few ideas:

1) Somehow prevent DNS A records being received by the host. I think this may be possible to do if I write a Python filter module for unbound.

2) Somehow disable the Happy Eyeballs algorithm so that the host does not attempt to use IPv4 if an A record comes back quicker than an AAAA record.

3) Somehow disable IPv4 in the kernel somehow.

The problem will manifest itself in that then I try to download something over HTTP via a Ruby script or try to download something with Curl then it will intermittently fail due to Happy Eyeballs receiving the DNS A record before the AAAA record.

Any ideas?

-Matt

Matt Hamilton
  • 161
  • 2
  • Are you _certain_ that the computer didn't get an IPv4 address? – Michael Hampton Dec 17 '15 at 16:20
  • Isn't the Happy Eyeballs implementation on OS X supposed to automatically remember that IPv6 has been working more reliably than IPv4 in the past and thus always try IPv6 before IPv4? With any proper Happy Eyeballs implementation, the scenario you describe should be a non-issue. Happy Eyeballs is not supposed to only use the first DNS record it got back but rather use the first connection to send a SYN-ACK back. – kasperd Dec 17 '15 at 17:05
  • michael: yes I'm sure. As I haven't given IPv4 connectivity. – Matt Hamilton Dec 18 '15 at 17:16
  • kasperd: yes, that is what I though, but it seems it will still attempt to make the connection and then fail. Or rather certain applications (as least curl and ruby's http lib) attempt and fail. I think it must be up to the application to implement this functionality and i guess a lot of them don't. – Matt Hamilton Dec 18 '15 at 17:18
  • @MattHamilton I think the functionality exists in a standard HTTP library for OS X, it is still up to application to use that library. Applications can have their own HTTP implementation or use a library which doesn't have the functionality. And in those cases it will be up to the application to choose between IPv4 and IPv6 in a sensible way. Many command line tools have `-4` and `-6` flags to enforce a specific protocol being used. There is also `/etc/gai.conf`, though I don't know if that exists on OS X. – kasperd Dec 20 '15 at 00:33

0 Answers0