IPv6-related (?) Bind issue
Hannes Frederic Sowa
hannes at stressinduktion.org
Thu Mar 6 10:40:34 CET 2014
On Thu, Mar 06, 2014 at 10:28:22AM +0100, Hannes Frederic Sowa wrote:
> On Thu, Mar 06, 2014 at 11:00:28AM +0200, Yannis Nikolopoulos wrote:
> > we've encountered a weird problem on our dual-stack (anycast) resolvers
> > and I'm wondering if anyone else has experienced anything similar.
> > Basically, we're getting many SERVFAIL responses for domains not in
> > cache. The weird part: if the domain does not exist in the cache, a
> > SERVFAIL response is produced (not all of the times) without the
> > resolver querying the auth NS (no outgoing communication is attempted).
>
> If you really thing this might be a kernel issue, please record the number of
> failed syscalls during the time this problem exists: perf script
> failed-syscalls-by-pid -p or strace -c.
>
> Further please record network packets drop in the stack via perf script
> net_dropmonitor.
>
> This might give a hint.
Regarding anycast addresses you can check cat /proc/net/anycast6 if they get
instantiated (this only happens if you have forwarding enabled for the subnet
defined addresses) or if you have a program which does IPV6_JOIN_ANYCAST
setsockopt on a socket.
Old kernels don't allow using anycast addresses as source address. This was
recently changed in the linux kernel.
But I don't suspect this to be the problem.
Bye,
Hannes
More information about the ipv6-ops
mailing list