[Unbound-users] RHEL 5 and Unbound

Roland van Rijswijk Roland.vanRijswijk at surfnet.nl
Tue Oct 26 06:44:26 UTC 2010


Guys,

RHEL 5 + IPv6 = evil

Bruce, could it be that you have ip6tables turned on? The IPv6 and ip6tables implementations in the kernel shipped with RHEL 5 are riddled with bugs. One of these bugs is that if you enable ip6tables, even without any firewall rules, the MTU size drops dramatically and the kernel mucks up IPv6 fragmentation.

I've written down some of the problems we ran into on our resolvers (running unbound on both IPv4 as well as IPv6) in this blogpost (it also contains some info on compiling a newer BIND on RHEL 5.x, but you can ignore that):

https://dnssec.surfnet.nl/?p=464

Cheers,

-- Roland M. van Rijswijk
-- SURFnet Middleware Services
-- t: +31-30-2305388
-- e: roland.vanrijswijk at surfnet.nl





More information about the Unbound-users mailing list