From nobody@FreeBSD.org  Mon Mar  7 22:02:12 2005
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 44C3B16A4CF
	for <freebsd-gnats-submit@FreeBSD.org>; Mon,  7 Mar 2005 22:02:12 +0000 (GMT)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1D9A943D58
	for <freebsd-gnats-submit@FreeBSD.org>; Mon,  7 Mar 2005 22:02:12 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id j27M2BZK027136
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 7 Mar 2005 22:02:11 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id j27M2BNo027135;
	Mon, 7 Mar 2005 22:02:11 GMT
	(envelope-from nobody)
Message-Id: <200503072202.j27M2BNo027135@www.freebsd.org>
Date: Mon, 7 Mar 2005 22:02:11 GMT
From: Roy Badami <roy@gnomon.org.uk>
To: freebsd-gnats-submit@FreeBSD.org
Subject: Default FreeBSD 5.3 named setup has problems resolving names due to IPv6 issues
X-Send-Pr-Version: www-2.3

>Number:         78565
>Category:       bin
>Synopsis:       Default FreeBSD 5.3 named setup has problems resolving names due to IPv6 issues
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    dougb
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Mar 07 22:10:06 GMT 2005
>Closed-Date:    Sun Apr 10 05:24:01 GMT 2005
>Last-Modified:  Sun Apr 10 05:24:01 GMT 2005
>Originator:     Roy Badami
>Release:        5.3-RELEASE-p5
>Organization:
>Environment:
FreeBSD buffy.gnomon.org.uk 5.3-RELEASE-p5 FreeBSD 5.3-RELEASE-p5 #1: Sun Mar  6 20:19:33 UTC 2005 root@buffy.gnomon.org.uk:/usr/obj/usr/src/sys/BUFFY  i386
>Description:
The default FreeBSD 5.3 configuration brings up IPv6, though typically users won't be using it.  However the ethernet interfaces nonetheless have (link-local) IPv6 addresses.

It appears that under these circumstances BIND 9 has difficulty talking to nameservers that are IPv6-connected (ie have AAAA records).  I infer that it's probably trying to talk IPv6 to them, even though there is no suitable local IPv6 address to use.

As a result of the fact that many important DNS servers now have AAAA records (eg many of the root servers and many of the servers for .com) DNS resolution becomes very slow, as a singificant proportion of these servers become unreachable.

I don't know enough about IPv6 address selection to know whether this is a BIND bug or a bug in the IPv6 stack; this article on the OpenBSD list suggests it's a BIND bug, but gives no reference

http://archives.neohapsis.com/archives/openbsd/2004-11/0966.html

My concern is that this problem hits a default install of named on a non-IPv6-connected host, and makes name resolution horribly slow (verging on unusable).
>How-To-Repeat:
On a default FreeBSD 5.3 install, without disabling IPv6, but without actual IPv6 connectivity, run a caching name server.

Attempt to resolve names under .com

Observer that this often takes 5 seconds or longer.
>Fix:
Workaround is to add "-4" to named_flags.  

>Release-Note:
>Audit-Trail:

From: Roy Badami <roy@gnomon.org.uk>
To: freebsd-gnats-submit@FreeBSD.org
Cc:  
Subject: Re: misc/78565: Default FreeBSD 5.3 named setup has problems
	resolving names due to IPv6 issues
Date: Mon, 7 Mar 2005 22:49:20 +0000

 I should add that this problem also affects the bind9 port in FreeBSD
 4.  I'm not sure whether it effects the BIND 8 install in the base
 FreeBSD 4 system (I suspect not [1], but I'm not immediately in a
 position to verify it).
 
 Another good way to demonstrate the problem is with dig, which suffers
 from the same problem as named
 
 The command
 
 dig @a.gtld-servers.net foo.com
 
 will fail to get a response, because a.gtld-servers.net is
 IPv6-connected.
 
 	-roy
 
 [1] I note that /usr/bin/dig doesn't suffer from this on FreeBSD 4.10,
 but that /usr/local/bin/dig (built from the bind9 port) does; hence
 the suspicion that BIND 8's named won't suffer from this either.
Responsible-Changed-From-To: freebsd-bugs->dougb 
Responsible-Changed-By: kris 
Responsible-Changed-When: Sat Apr 9 00:41:58 GMT 2005 
Responsible-Changed-Why:  
Assign to BIND maintainer 

http://www.freebsd.org/cgi/query-pr.cgi?pr=78565 
State-Changed-From-To: open->closed 
State-Changed-By: dougb 
State-Changed-When: Sun Apr 10 05:23:05 GMT 2005 
State-Changed-Why:  

BIND 9.3.1 fixed this problem. Update to the latest 
5-Stable and/or update your ports tree to the latest 
version.  

http://www.freebsd.org/cgi/query-pr.cgi?pr=78565 
>Unformatted:
