Disable NSS LDAP IPv6 (AAAA) lookups
- by pilcrow
Question: How can I disable inet6 AAAA queries for my LDAP server during (LDAP-backed) NSS lookups on a CentOS (RHEL) 5 machine?
Background: I've servers configured to consult ldap://ldap.internal for NSS passwd and group lookups. Every relevant NSS lookup, for example the getpwuid(3) implied by an ls -l which needs to translate UIDs to network user names, performs the following DNS dance before connecting to the ldap server:
AAAA? ldap.internal -> (no records)
AAAA? ldap.internal.internal -> NXDomain
A? ldap.internal -> 192.168.3.89
I'd like to skip the first two queries completely. Configuration:
[server]$ cat /etc/redhat-release
CentOS release 5.4 (Final)
[server]$ grep ^passwd /etc/nsswitch.conf
passwd: files ldap
[server]$ grep ^uri /etc/ldap.conf
uri ldap://ldap.internal/
For what it's worth, IPv6 support is otherwise disabled on these systems:
[server]$ grep off /etc/modprobe.conf
alias ipv6 off
alias net-pf-10 off
[server]$ echo "$(ip a | grep -c inet6) IPv6-enabled interfaces"
0 IPv6-enabled interfaces