I wish this blog post went a little bit deeper with the investigation to confirm whether this is the issue (ollama.tymscar.com having an AAAA record); it's missing the answer to "Why is the JVM trying (or initializing toward) an IPv6 path first and not gracefully falling back?"
java.net.preferIPv4Stack (default: false)
If IPv6 is available on the operating system the underlying native socket will be, by default, an IPv6 socket which lets applications connect to, and accept connections from, both IPv4 and IPv6 hosts. However, in the case an application would rather use IPv4 only sockets, then this property can be set to true. The implication is that it will not be possible for the application to communicate with IPv6 only hosts.
It's strange that things didn't work with this flag to false. It should be able to connect to both IPv4 and IPv6. Now that the author has set it to true, the drawback is that his IntelliJ won't be able to connect to IPv6-only hosts anymore.
macOS doesn’t give you a built-in toggle — but you can use a resolver config tweak.
sudo nano /etc/gai.conf
Add this..
precedence ::ffff:0:0/96 100
it will boosts IPv4 preference when resolving hostnames that return both A (IPv4) and AAAA (IPv6) records.
(The file may not exist; if so, you’re creating it. It’s honored by getaddrinfo, which Java ultimately uses through the OS.)
Fun read, but you probably could have installed mitmproxy with brew, pointed your IntelliJ instance through this proxy (you can either set it in your settings or run it with environment variable HTTP_PORT or HTTPS_PORT). This allows you intercept the request like wireshark and diagnose. You honestly can just intercept the interface request using wireshark but the learning curve is stepper.
You have to work around TLS, though. Although it is possible with Wireshark, extracting the shared keys through from the browser, I never could get it to work. With mitmproxy I was more successful and could even get iOS Safari to accept my self-issued certificate and read HTTP traffic from a third-party app that I re-routed through my own proxy.
This sounds similar to an infuriating issue I've been dealing with AWS Client VPN for at least a year - it does not support ipv6, but depending on your setup, requests may try to resolve a ipv6 address first, not find one, and then stall/fail. Only solution seems to be trying to guarantee ipv6 resolution is disabled.
It is a meme, but it's always DNS
This error can happen if there's an AAAA record, but it contains the ipv4 address packed inside a ipv6 mask.
If the AAAA record says ::ffff:10.0.0.105, then you can either fix DNS or do what's in the blog, which should stop checking for quad A records.
I wish this blog post went a little bit deeper with the investigation to confirm whether this is the issue (ollama.tymscar.com having an AAAA record); it's missing the answer to "Why is the JVM trying (or initializing toward) an IPv6 path first and not gracefully falling back?"
From the Oracle/Java documentation:
java.net.preferIPv4Stack (default: false) If IPv6 is available on the operating system the underlying native socket will be, by default, an IPv6 socket which lets applications connect to, and accept connections from, both IPv4 and IPv6 hosts. However, in the case an application would rather use IPv4 only sockets, then this property can be set to true. The implication is that it will not be possible for the application to communicate with IPv6 only hosts.
It's strange that things didn't work with this flag to false. It should be able to connect to both IPv4 and IPv6. Now that the author has set it to true, the drawback is that his IntelliJ won't be able to connect to IPv6-only hosts anymore.
>Now that the author has set it to true, the drawback is that his IntelliJ won't be able to connect to IPv6-only hosts anymore.
I'm very sure the author has no such need.
Yeah, I am aware of this and its totally fine for me for now!
macOS doesn’t give you a built-in toggle — but you can use a resolver config tweak. sudo nano /etc/gai.conf Add this..
precedence ::ffff:0:0/96 100
it will boosts IPv4 preference when resolving hostnames that return both A (IPv4) and AAAA (IPv6) records. (The file may not exist; if so, you’re creating it. It’s honored by getaddrinfo, which Java ultimately uses through the OS.)
Keeps IPv6 alive but prefers IPv4
Fun read, but you probably could have installed mitmproxy with brew, pointed your IntelliJ instance through this proxy (you can either set it in your settings or run it with environment variable HTTP_PORT or HTTPS_PORT). This allows you intercept the request like wireshark and diagnose. You honestly can just intercept the interface request using wireshark but the learning curve is stepper.
In this case it's possible that it would have worked if he had used mitmproxy.
Yep, pretty much any proxy would have resolved the issue, unless of course it was java based and used the same connection methods.
You have to work around TLS, though. Although it is possible with Wireshark, extracting the shared keys through from the browser, I never could get it to work. With mitmproxy I was more successful and could even get iOS Safari to accept my self-issued certificate and read HTTP traffic from a third-party app that I re-routed through my own proxy.
Good point! Wireshark was the next step actually if this didnt work!
Even if you know how to use Wireshark already, a lot of times it’s faster and easier to use mitmproxy for something simple.
I use it for reverse engineering IoT apps on android emulators regularly.
i wasted days on a similar issue… thanks for the write up, hopefully this saves someone else in the future
This sounds similar to an infuriating issue I've been dealing with AWS Client VPN for at least a year - it does not support ipv6, but depending on your setup, requests may try to resolve a ipv6 address first, not find one, and then stall/fail. Only solution seems to be trying to guarantee ipv6 resolution is disabled.