[nsd-users] NSD 4.0.1 - signed zones AXFR via IPv6 fails
Antonio Prado
aprado at topnet.it
Thu Mar 13 19:10:47 UTC 2014
FreeBSD 9.2-RELEASE-p3 amd64
master and slave NSD version 4.0.1
Hello,
I'm observing an odd behavior when trying to AXFR a signed zone from a
slave NSD via IPv6.
Both hosts are on the same /64.
The slave receives a correct reply from the master with:
dig A myzone.tld @2A02:XXXX:XXXX::XXX:X:201:53 -y
sec1_key:MYKEYfEpamEq72HQdA== +tcp +norec
No answer with:
dig AXFR myzone.tld @2A02:XXXX:XXXX::XXX:X:201:53 -y
sec1_key:MYKEYfEpamEq72HQdA==
A tcpdump on the master starts with the TCP flow and ends with a lot of:
19:45:21.230427 IP6 (hlim 64, next-header ICMPv6 (58) payload length:
1240) 2A02:XXXX:XXXX::XXX:X:202:53 > 2A02:XXXX:XXXX::XXX:X:201:53:
[icmp6 sum ok] ICMP6, time exceeded in-transit (reassembly)
19:45:25.230398 IP6 (hlim 64, next-header ICMPv6 (58) payload length:
1240) 2A02:XXXX:XXXX::XXX:X:202:53 > 2A02:XXXX:XXXX::XXX:X:201:53:
[icmp6 sum ok] ICMP6, time exceeded in-transit (reassembly)
In the mean time on the slave dig exits with:
"connection timed out; no servers could be reached".
Everything is fine via IPv4.
Any idea on what I am missing here?
Thank you
--
antonio
More information about the nsd-users
mailing list