> I run isc-bind as both a resolver and an authoritative name server in
> a very simple configuration.
>
> Starting sometime during period I was running in OpeBSD 7.5, after one
> of the updates (syspatch / pkg_add -u) something changed, manifested
> as sporadic lookup failures (SERVFAIL) e.g.,:
>
> $ host anoncvs4.usa.openbsd.org.
> anoncvs4.usa.openbsd.org has address 66.111.2.37
> anoncvs4.usa.openbsd.org has IPv6 address 2610:1c0:0:5::37
> Scratching my head, I started to wonder if isc-bind was trying to use
> ipv6 to send out some of the queries, and then falling back to using
> ipv4. I don't have any ipv6 uplink, nor any actual interfaces
> configured for ipv6. The only ones I see are on lo0. Looking through
> the isc-bind option list in named.conf(5) (so many options!) I
> wondered if "query-source-v6 none;" might be "the drones I'm looking
> for"(tm). Sure enough, it seems to have alleviated all these issues.
>
> A bit of a curious problem, which I thought I would share in case
> anyone else finds themselves in a similar situation.
>
> Since I suspected my uplink to my ISP, I didn't keep track of queries,
> so I can't say definitively, but I do wonder if these issues perhaps
> coincided with OpenBSD deploying ipv6 and ipv6 authoritative servers?
If you don't have ipv6 on any interface (except lo0), you would not
have routes for ipv6, and hence bind should not even attempt to use
v6.
What does it look like if you ask the routing table for which
interface to use to reach a v6 ip?
A v6-connected host would say something like this:
$ route get -inet6 2610:1c0:0:5::37
route to: 2610:1c0:0:5::37
destination: ::
mask: ::
gateway: 2a03:6000:6f65:626::1
[...]
whereas a v4-only host says:
$ route get -inet6 2610:1c0:0:5::37
get host 2610:1c0:0:5::37: not in table
Still, the bug would be in isc-bind for trying to use v6 when its
trivial to deduce it is not possible to use that protocol.
--
May the most significant bit of your life be positive.
