single dns query for A and AAAA

Seth Mos seth.mos at
Tue Feb 19 09:00:58 CET 2013

On 18-2-2013 22:49, Tassos Chatzithomaoglou wrote:
> Hi all,
> I wanted to share with you the following...
> I'm getting strange results from a DNS server when being queried through a f5 vpn
> connection, resulting in "AAAA" queries/responses being delayed, which in turn leads to
> unjustified IPv4 preference. "A" queries/responses are also a bit delayed in comparison to
> executing them outside of the vpn, but this extra time isn't justified by the extra
> processing and/or hops introduced by the vpn. So i'm guessing something strange is
> happening within the vpn.
> When the DNS server is being queried without using the vpn connection, then both types of
> queries/responses show similar/expected timing behavior and IPv6 preference is always
> happening as expected.
> Communication with the DNS server is happening solely over IPv4 and IPv6 connectivity (for
> other destinations) is working fine.

Just a thought, is the VPN connection actually Dual Stack? I can imagine
strange results when the host OS has choices of various DNS servers on
both a VPN IPv4 and a GUA IPv6.

I'm having good luck so far with dual-stack on OpenVPN 2.3, it works
better then I expected it would. I'm rolling this out pretty soon as I
get quite a few complications now because we already have part IPv6
deployment in the corporate network.

I ran into issues when one of our users actually got native IPv6 at
home. Because some services already resolve to a IPv6 it tried to
connect to the corp network over the internet which was not intended and

The word is that halfway 2013 Ziggo will start deploying dhcp-pd for
IPv6 to their residential customers, that would suddenly make this a far
bigger issue.

Another plus is that the Android client also works pretty well, which
sells well for quite a few of our users that have tablets and phones.


