Maintained by: NLnet Labs

[Unbound-users] RHEL 5 and Unbound

Roland van Rijswijk
Tue Oct 26 08:44:26 CEST 2010


Guys,

RHEL 5 + IPv6 = evil

Bruce, could it be that you have ip6tables turned on? The IPv6 and ip6tables implementations in the kernel shipped with RHEL 5 are riddled with bugs. One of these bugs is that if you enable ip6tables, even without any firewall rules, the MTU size drops dramatically and the kernel mucks up IPv6 fragmentation.

I've written down some of the problems we ran into on our resolvers (running unbound on both IPv4 as well as IPv6) in this blogpost (it also contains some info on compiling a newer BIND on RHEL 5.x, but you can ignore that):

https://dnssec.surfnet.nl/?p=464

Cheers,

-- Roland M. van Rijswijk
-- SURFnet Middleware Services
-- t: +31-30-2305388
-- e: roland.vanrijswijk at surfnet.nl