Question: How can I disable inet6 AAAA queries for my LDAP server during (LDAP-backed) NSS lookups on a CentOS (RHEL) 5 machine?
Background: I’ve servers configured to consult
ldap://ldap.internal
for NSS passwd and group lookups. Every relevant NSS lookup, for example the getpwuid(3) implied by anls -l
which needs to translate UIDs to network user names, performs the following DNS dance before connecting to the ldap server:AAAA? ldap.internal -> (no records) AAAA? ldap.internal.internal -> NXDomain A? ldap.internal -> 192.168.3.89
I’d like to skip the first two queries completely. Configuration:
[server]$ cat /etc/redhat-release CentOS release 5.4 (Final) [server]$ grep ^passwd /etc/nsswitch.conf passwd: files ldap [server]$ grep ^uri /etc/ldap.conf uri ldap://ldap.internal/
For what it’s worth, IPv6 support is otherwise disabled on these systems:
[server]$ grep off /etc/modprobe.conf alias ipv6 off alias net-pf-10 off [server]$ echo "$(ip a | grep -c inet6) IPv6-enabled interfaces" 0 IPv6-enabled interfaces
Answer
I’m not sure if /etc/gai.conf
would have been available in 2009, but it is now (and would appear to have been at least since CentOS 5.5). It is a feature of glibc and allows setting the preference for sorting of IP addresses by getaddrinfo(3)
.
Look at https://serverfault.com/a/511240/161782 for a full answer with examples.
If you also want to make source address selection have a matching policy, see this post:
http://biplane.com.au/blog/?p=122
Attribution
Source : Link , Question Author : pilcrow , Answer Author : Community