[nsd-users] NSD 4.0.1 - signed zones AXFR via IPv6 fails

W.C.A. Wijngaards wouter at nlnetlabs.nl
Fri Mar 14 08:00:57 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Antonio,

On 03/13/2014 08:10 PM, Antonio Prado wrote:
> FreeBSD 9.2-RELEASE-p3 amd64 master and slave NSD version 4.0.1
> 
> Hello,
> 
> I'm observing an odd behavior when trying to AXFR a signed zone
> from a slave NSD via IPv6. Both hosts are on the same /64.
> 
> The slave receives a correct reply from the master with: dig A
> myzone.tld @2A02:XXXX:XXXX::XXX:X:201:53 -y 
> sec1_key:MYKEYfEpamEq72HQdA== +tcp +norec
> 
> No answer with: dig AXFR myzone.tld @2A02:XXXX:XXXX::XXX:X:201:53
> -y sec1_key:MYKEYfEpamEq72HQdA==
> 
> A tcpdump on the master starts with the TCP flow and ends with a
> lot of:
> 
> 19:45:21.230427 IP6 (hlim 64, next-header ICMPv6 (58) payload
> length: 1240) 2A02:XXXX:XXXX::XXX:X:202:53 >
> 2A02:XXXX:XXXX::XXX:X:201:53: [icmp6 sum ok] ICMP6, time exceeded
> in-transit (reassembly) 19:45:25.230398 IP6 (hlim 64, next-header
> ICMPv6 (58) payload length: 1240) 2A02:XXXX:XXXX::XXX:X:202:53 >
> 2A02:XXXX:XXXX::XXX:X:201:53: [icmp6 sum ok] ICMP6, time exceeded
> in-transit (reassembly)
> 
> In the mean time on the slave dig exits with: "connection timed
> out; no servers could be reached".
> 
> Everything is fine via IPv4.
> 
> Any idea on what I am missing here?

I have no idea.  You could try to update to latest or
- --disable-recvmmsg configure, some people have IPv6 problems with that
syscall enabled (but their problems did not look like this).

Best regards,
   Wouter

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJTIrc5AAoJEJ9vHC1+BF+N2ooP/2SGzL7IDFn4jOlqGC5SDOxQ
NkAYHIi3D/7m2LYMUt0ynfAihTxBbY4953jgegrNM2cgFdq3HqHy8k6mKUsu3he1
L88Mxlt5IYMFw+0s4IIPaQzZJ4K6nnSRfJfa8bhS5Ehc5enNKPVUfZsShiSLDDb2
xKc6HMR0/xxjlEP664X5pHjZjcNqHP7ZBynVWjUlL6SdohMM4G9aSJVg+nIctceF
dpPUBPZ4GAIk63L/s9byqFwIBbUQCCLzBLCoHNmabe7kBSuS1IVzUSTwwOHvvKcx
RoHpEb/KTs+Bg8hLun/TFNk80Sgk+bX2DpbKDETDhv4S5ix0fQGPpg5FMrshE1GM
fsMlv2NuGhpG1xKWUh4YYXu3KhWJpXtI0QzqNx16+7ylDnPCtaabpT26woIeD3Y7
n4LU1d5gPVX+Of+1P8tx26ZkHwC9vQiXHVkNtAdptfpl5ghVddEzjHwZWfVSD5eD
+0VjOL8e8QT03wLZFMzPvJa9XKq2eToyZAcRxBFqLXTljGczkK5OiGYMg80s2Pvz
5972k7Bc7limQ4TZWroGW14m/PpfKfYeeUGEpEXQ14xbte6P64INfZai7+y2m1bA
gjUqdiovxHG9xe8UzhVv8GMuRTenT6qUFlpjZqn5pETqdiAXpbsB1ptwY+MU8tXJ
5s6uUPyy1L0yX1zf3dd9
=KR+K
-----END PGP SIGNATURE-----



More information about the nsd-users mailing list