Bug 78565

Summary: Default FreeBSD 5.3 named setup has problems resolving names due to IPv6 issues
Product: Base System Reporter: Roy Badami <roy>
Component: binAssignee: Doug Barton <dougb>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 5.3-RELEASE   
Hardware: Any   
OS: Any   

Description Roy Badami 2005-03-07 22:10:06 UTC 
The default FreeBSD 5.3 configuration brings up IPv6, though typically users won't be using it.  However the ethernet interfaces nonetheless have (link-local) IPv6 addresses.

It appears that under these circumstances BIND 9 has difficulty talking to nameservers that are IPv6-connected (ie have AAAA records).  I infer that it's probably trying to talk IPv6 to them, even though there is no suitable local IPv6 address to use.

As a result of the fact that many important DNS servers now have AAAA records (eg many of the root servers and many of the servers for .com) DNS resolution becomes very slow, as a singificant proportion of these servers become unreachable.

I don't know enough about IPv6 address selection to know whether this is a BIND bug or a bug in the IPv6 stack; this article on the OpenBSD list suggests it's a BIND bug, but gives no reference

http://archives.neohapsis.com/archives/openbsd/2004-11/0966.html

My concern is that this problem hits a default install of named on a non-IPv6-connected host, and makes name resolution horribly slow (verging on unusable).

Fix: 

Workaround is to add "-4" to named_flags.
How-To-Repeat: On a default FreeBSD 5.3 install, without disabling IPv6, but without actual IPv6 connectivity, run a caching name server.

Attempt to resolve names under .com

Observer that this often takes 5 seconds or longer.
Comment 1 Roy Badami 2005-03-07 22:49:20 UTC 
I should add that this problem also affects the bind9 port in FreeBSD
4.  I'm not sure whether it effects the BIND 8 install in the base
FreeBSD 4 system (I suspect not [1], but I'm not immediately in a
position to verify it).

Another good way to demonstrate the problem is with dig, which suffers
from the same problem as named

The command

dig @a.gtld-servers.net foo.com

will fail to get a response, because a.gtld-servers.net is
IPv6-connected.

	-roy

[1] I note that /usr/bin/dig doesn't suffer from this on FreeBSD 4.10,
but that /usr/local/bin/dig (built from the bind9 port) does; hence
the suspicion that BIND 8's named won't suffer from this either.
Comment 2 Kris Kennaway freebsd_committer freebsd_triage 2005-04-09 01:41:58 UTC 
Responsible Changed
From-To: freebsd-bugs->dougb

Assign to BIND maintainer
Comment 3 Doug Barton freebsd_committer freebsd_triage 2005-04-10 06:23:05 UTC 
State Changed
From-To: open->closed


BIND 9.3.1 fixed this problem. Update to the latest 
5-Stable and/or update your ports tree to the latest 
version.