Antonio Prado
2014-Mar-13 19:10 UTC
[nsd-users] NSD 4.0.1 - signed zones AXFR via IPv6 fails
FreeBSD 9.2-RELEASE-p3 amd64 master and slave NSD version 4.0.1 Hello, I'm observing an odd behavior when trying to AXFR a signed zone from a slave NSD via IPv6. Both hosts are on the same /64. The slave receives a correct reply from the master with: dig A myzone.tld @2A02:XXXX:XXXX::XXX:X:201:53 -y sec1_key:MYKEYfEpamEq72HQdA== +tcp +norec No answer with: dig AXFR myzone.tld @2A02:XXXX:XXXX::XXX:X:201:53 -y sec1_key:MYKEYfEpamEq72HQdA= A tcpdump on the master starts with the TCP flow and ends with a lot of: 19:45:21.230427 IP6 (hlim 64, next-header ICMPv6 (58) payload length: 1240) 2A02:XXXX:XXXX::XXX:X:202:53 > 2A02:XXXX:XXXX::XXX:X:201:53: [icmp6 sum ok] ICMP6, time exceeded in-transit (reassembly) 19:45:25.230398 IP6 (hlim 64, next-header ICMPv6 (58) payload length: 1240) 2A02:XXXX:XXXX::XXX:X:202:53 > 2A02:XXXX:XXXX::XXX:X:201:53: [icmp6 sum ok] ICMP6, time exceeded in-transit (reassembly) In the mean time on the slave dig exits with: "connection timed out; no servers could be reached". Everything is fine via IPv4. Any idea on what I am missing here? Thank you -- antonio
W.C.A. Wijngaards
2014-Mar-14 08:00 UTC
[nsd-users] NSD 4.0.1 - signed zones AXFR via IPv6 fails
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Antonio, On 03/13/2014 08:10 PM, Antonio Prado wrote:> FreeBSD 9.2-RELEASE-p3 amd64 master and slave NSD version 4.0.1 > > Hello, > > I'm observing an odd behavior when trying to AXFR a signed zone > from a slave NSD via IPv6. Both hosts are on the same /64. > > The slave receives a correct reply from the master with: dig A > myzone.tld @2A02:XXXX:XXXX::XXX:X:201:53 -y > sec1_key:MYKEYfEpamEq72HQdA== +tcp +norec > > No answer with: dig AXFR myzone.tld @2A02:XXXX:XXXX::XXX:X:201:53 > -y sec1_key:MYKEYfEpamEq72HQdA=> > A tcpdump on the master starts with the TCP flow and ends with a > lot of: > > 19:45:21.230427 IP6 (hlim 64, next-header ICMPv6 (58) payload > length: 1240) 2A02:XXXX:XXXX::XXX:X:202:53 > > 2A02:XXXX:XXXX::XXX:X:201:53: [icmp6 sum ok] ICMP6, time exceeded > in-transit (reassembly) 19:45:25.230398 IP6 (hlim 64, next-header > ICMPv6 (58) payload length: 1240) 2A02:XXXX:XXXX::XXX:X:202:53 > > 2A02:XXXX:XXXX::XXX:X:201:53: [icmp6 sum ok] ICMP6, time exceeded > in-transit (reassembly) > > In the mean time on the slave dig exits with: "connection timed > out; no servers could be reached". > > Everything is fine via IPv4. > > Any idea on what I am missing here?I have no idea. You could try to update to latest or - --disable-recvmmsg configure, some people have IPv6 problems with that syscall enabled (but their problems did not look like this). Best regards, Wouter -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJTIrc5AAoJEJ9vHC1+BF+N2ooP/2SGzL7IDFn4jOlqGC5SDOxQ NkAYHIi3D/7m2LYMUt0ynfAihTxBbY4953jgegrNM2cgFdq3HqHy8k6mKUsu3he1 L88Mxlt5IYMFw+0s4IIPaQzZJ4K6nnSRfJfa8bhS5Ehc5enNKPVUfZsShiSLDDb2 xKc6HMR0/xxjlEP664X5pHjZjcNqHP7ZBynVWjUlL6SdohMM4G9aSJVg+nIctceF dpPUBPZ4GAIk63L/s9byqFwIBbUQCCLzBLCoHNmabe7kBSuS1IVzUSTwwOHvvKcx RoHpEb/KTs+Bg8hLun/TFNk80Sgk+bX2DpbKDETDhv4S5ix0fQGPpg5FMrshE1GM fsMlv2NuGhpG1xKWUh4YYXu3KhWJpXtI0QzqNx16+7ylDnPCtaabpT26woIeD3Y7 n4LU1d5gPVX+Of+1P8tx26ZkHwC9vQiXHVkNtAdptfpl5ghVddEzjHwZWfVSD5eD +0VjOL8e8QT03wLZFMzPvJa9XKq2eToyZAcRxBFqLXTljGczkK5OiGYMg80s2Pvz 5972k7Bc7limQ4TZWroGW14m/PpfKfYeeUGEpEXQ14xbte6P64INfZai7+y2m1bA gjUqdiovxHG9xe8UzhVv8GMuRTenT6qUFlpjZqn5pETqdiAXpbsB1ptwY+MU8tXJ 5s6uUPyy1L0yX1zf3dd9 =KR+K -----END PGP SIGNATURE-----
Antonio Prado
2014-Apr-05 09:10 UTC
[nsd-users] NSD 4.0.1 - signed zones AXFR via IPv6 fails
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 3/14/14, 9:00 AM, W.C.A. Wijngaards wrote:> I have no idea. You could try to update to latest or > --disable-recvmmsg configure, some people have IPv6 problems with > that syscall enabled (but their problems did not look like this).Hi, the issue I reported is not related to NSD at all. It's related to E1000 NIC driver in VMware ESXi 5.5 Using a VMXNET3 driver everything works as expected. Thank you - -- antonio -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlM/yHcACgkQuwElOCdao3+vOQCeOVe1zvqEuhKnkAH56yVgxJp6 HdoAmwf/fJYK/Ry8/rzbGkePg4KAeYEq =0Jc5 -----END PGP SIGNATURE-----