Maintained by: NLnet Labs

[Unbound-users] RHEL 5 and Unbound

Hayward, Bruce
Tue Oct 26 14:18:36 CEST 2010


Hi

Iptables(6) is not an issue. Thanks  8o)

Bruce

Bruce Hayward, MTS Allstream Inc., (p) 204-958-1983 (e)
bruce.hayward at mtsallstream.com 


-----Original Message-----
From: Roland van Rijswijk [mailto:Roland.vanRijswijk at surfnet.nl] 
Sent: October 26, 2010 1:44 AM
To: Hayward, Bruce
Cc: unbound-users at unbound.net
Subject: Re: [Unbound-users] RHEL 5 and Unbound

Guys,

RHEL 5 + IPv6 = evil

Bruce, could it be that you have ip6tables turned on? The IPv6 and
ip6tables implementations in the kernel shipped with RHEL 5 are riddled
with bugs. One of these bugs is that if you enable ip6tables, even
without any firewall rules, the MTU size drops dramatically and the
kernel mucks up IPv6 fragmentation.

I've written down some of the problems we ran into on our resolvers
(running unbound on both IPv4 as well as IPv6) in this blogpost (it also
contains some info on compiling a newer BIND on RHEL 5.x, but you can
ignore that):

https://dnssec.surfnet.nl/?p=464

Cheers,

-- Roland M. van Rijswijk
-- SURFnet Middleware Services
-- t: +31-30-2305388
-- e: roland.vanrijswijk at surfnet.nl


 
 
Is it really necessary to print this email?
 
MTS ALLSTREAM INC. CONFIDENTIALITY WARNING: This email message is confidential and intended only for the named recipient(s).  If you are not the intended recipient, or an agent responsible for delivering it to the intended recipient, or if this message has been sent to you in error, you are hereby notified that any review, use, dissemination, distribution or copying of this message or its contents is strictly prohibited.   If you have received this message in error, please notify the sender immediately and delete the original message.  If there is an agreement attached with this message, such agreement will not be binding until it is signed by all parties named therein.