Description of problem:
It is not possible to enroll ipa replica on IPv6 only ipa client.

Version-Release number of selected component (if applicable):
ipa-client-4.10.1-8.el9_2.x86_64
ipa-client-common-4.10.1-8.el9_2.noarch
ipa-common-4.10.1-8.el9_2.noarch
ipa-healthcheck-core-0.12-1.el9.noarch
ipa-selinux-4.10.1-8.el9_2.noarch
ipa-server-4.10.1-8.el9_2.x86_64
ipa-server-common-4.10.1-8.el9_2.noarch
ipa-server-dns-4.10.1-8.el9_2.noarch
ipa-server-trust-ad-4.10.1-8.el9_2.x86_64

How reproducible:
Always.

Steps to Reproduce:
filippa:~# ipa-replica-install \
> --no-ui-redirect \
> --no-ssh \
> --no-sshd \
> --unattended \
> \
> --setup-ca \
> \
> --setup-dns \
> --no-forwarders \
> --allow-zone-overlap \
> --no-dns-sshfp \
> --setup-adtrust
Connection to https://triss.jot23.net/ipa/json failed with Insufficient access: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Credential cache is empty)
Lookup failed: Preferred host filippa.jot23.net does not provide DNS.
WARNING: The smb.conf already exists. Running ipa-adtrust-install will break your existing samba configuration.

Run connection check to master
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

Connection check failed!
See /var/log/ipareplica-conncheck.log for more information.
If the check results are not valid it can be skipped with --skip-conncheck parameter.
The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information

The excerpt from /var/log/ipareplica-install.log:

2023-08-07T15:15:30Z DEBUG args=['/usr/sbin/ipa-replica-conncheck', '--master', 'triss.jot23.net', '--auto-master-check', '--realm', 'IPA.JOT23.NET', '--hostname', 'filippa.jot23.net', '--ca-cert-file', '/etc/ipa/ca.crt']
2023-08-07T15:15:31Z DEBUG Process finished, return code=1
2023-08-07T15:15:31Z DEBUG stdout=
2023-08-07T15:15:31Z DEBUG stderr=Check connection from replica to remote master 'triss.jot23.net':
Failed to connect to port 389 tcp on 192.168.16.10
Directory Service: Unsecure port (389): FAILED
Failed to connect to port 636 tcp on 192.168.16.10
Directory Service: Secure port (636): FAILED
Failed to connect to port 88 tcp on 192.168.16.10
Kerberos KDC: TCP (88): FAILED
Failed to connect to port 464 tcp on 192.168.16.10
Kerberos Kpasswd: TCP (464): FAILED
Failed to connect to port 80 tcp on 192.168.16.10
HTTP Server: Unsecure port (80): FAILED
Failed to connect to port 443 tcp on 192.168.16.10
HTTP Server: Secure port (443): FAILED
ERROR: Port check failed! Inaccessible port(s): 389 (TCP), 636 (TCP), 88 (TCP), 464 (TCP), 80 (TCP), 443 (TCP)

The host is IPv6 only:

filippa:~# ifconfig
enp1s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::5054:ff:fea2:1097 prefixlen 64 scopeid 0x20<link>
inet6 2a06:a005:1991:1100::20 prefixlen 64 scopeid 0x0<global>
ether 52:54:00:a2:10:97 txqueuelen 1000 (Ethernet)
RX packets 86772 bytes 69805321 (66.5 MiB)
RX errors 0 dropped 34778 overruns 0 frame 0
TX packets 33819 bytes 4954541 (4.7 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 46 bytes 2696 (2.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 46 bytes 2696 (2.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

ipa-replica-conncheck is NOT compliant with RFC6724. See https://datatracker.ietf.org/doc/html/rfc6724#section-6 where Rule 1 clearly states: Avoid unusable destinations. The system in question has AAAA record which should have been used in the first place:
filippa:~# dig triss.jot23.net aaaa +short
2aXX:XXXX:XXXX:1000::10

Actual results:
Cannot enroll IPv6 only replica.

Expected results:
Can enroll IPv6 only replica.

Additional info:
It is possible to skip the check with --skip-conncheck option and proceed. It should not be needed though.
The system being enrolled is on RHEL 9.2. Other replicas are on AlmaLinux 9.2.