[Pdns-users] Recursive lookups over IPv6 failing
Leen Besselink
leen at consolejunkie.net
Fri Apr 2 21:02:56 UTC 2010
On 04/02/2010 09:09 PM, Brielle Bruns wrote:
> Hello all,
>
Hello,
> I've got a weird issue, don't know if its come up before, and i'm not
> exactly sure where to file a bug report about it either.
>
> Server: 2.9.22 (Debian 2.9.22-3 package from sid, recompiled for lenny)
> Recursor: 3.2 (Debian 3.2-1 package from sid, recompiled for lenny)
> Backends: gmysql
>
> I've got a dual stack host that runs both authorative and recursive
> (yes, I know they should be separate) services, with auth running on
> TCP/UDP 53, and recursive running on TCP/UDP 8053. Server is set to
> forward queries to 8053 for the recursor to handle. IPv4 and IPv6
> ranges involved are allowed to query/recurse on the server.
>
> Querying from IPv6 host on the same LAN to the server:
>
> > www.apple.com
> ;; Got SERVFAIL reply from 2001:470:e867::3, trying next server
>
> It then tries the same server over ipv4, and is successful.
>
> Try it another time, same exact results. Try it a third time, and it
> is successful, returning the expected non-auth answers.
>
> Logs show the following:
>
> Apr 2 13:02:57 snowbank pdns[9084]: Not authoritative for
> 'www.apple.com', sending servfail to 2001:470:e867::2 (recursion was
> desired)
> Apr 2 13:03:57 snowbank pdns[9084]: Not authoritative for
> 'www.apple.com', sending servfail to 2001:470:e867::2 (recursion was
> desired)
>
> With no log entry for the third time querying. It does _not_ do this
> when querying over ipv4 - only over ipv6. I can reproduce this from
> any ipv6 host for any non-auth domain.
>
>
> The whole 2 out of 3 queries failing thing is a bit odd. Anyone have
> any insight or things I should try?
>
What I haven't seen you try is, did you try the pdns-recursor on port
8053 directly with IPv6 and IPv4, any strange results for that ?
More information about the Pdns-users
mailing list