Maintained by: NLnet Labs

[Unbound-users] Linux kernel 2.6.18 and ipv6, and, Solaris and libevent

W.C.A. Wijngaards
Tue May 18 14:34:16 CEST 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Some software issues between unbound and others may interest you.

On Linux, if you use kernel 1.6.18 (a little older but found in 'stable'
distros, such as RHEL 5.5), and use ip6tables, then there is trouble
with unbound (and other IPv6 related troubles).  What is the issue is
that UDP fragmentation stops working (also for IPv4), making unbound if
it is DNSSEC validating unable to fetch whole responses for some
queries.  This would also affect other DNSSEC implementations.  The fix
is to upgrade to a newer kernel.  You can detect this issue with
unbound-host -t TXT rs.dns-oarc.net which drops from 4k to 1435 bytes
after enabling ip6tables.

On Solaris, if you use libevent and multithread, then you could get
evports-related crashes.  This turns out to be due to a configure and
compile issue in libevent.  The fix is in 2.0.5-beta and in the git
repo.  I saw it was backported to the 1.4 git branch too (that is to
become 1.4.14 I assume).  The issue does not occur with num-threads 1.

Best regards,
   Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkvyiUgACgkQkDLqNwOhpPjG6wCdENqUAn7hzACCId0uSCi3ABuz
eX0AoKOslkfDkqpd7ohK2ot8D89VHqU3
=MkRf
-----END PGP SIGNATURE-----