Bug 3392 - Regression on XFR(d) with IPv6
Regression on XFR(d) with IPv6
Status: RESOLVED FIXED
Product: NSD
Classification: Unclassified
Component: NSD Code
4.1.x
x86_64 Linux
: P5 enhancement
Assigned To: NSD team
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-12-06 15:11 CET by Vladimir
Modified: 2017-12-07 05:05 CET (History)
1 user (show)

See Also:


Attachments
NSD run under strace (69.04 KB, application/octet-stream)
2017-12-06 16:08 CET, Vladimir
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Vladimir 2017-12-06 15:11:11 CET
Hello,
I'm using Archlinux (x86_64) and nsd. Recently NSD was updated to ver 4.1.8 from 4.1.6. Nothing in package configuration and in my configuration of NSD wasn't changed but now NSD (xfrd) reports that IPv6 address not supported:

xfrd notify: sendto XXXX:XXXX:XXXX:XXXX::XXXX failed Address family not supported by protocol

Consulting with https://www.nlnetlabs.nl/projects/nsd/ I didn't find any changes in respect to XFR and IPv6. Is this a bug/regression?
Comment 1 Wouter Wijngaards 2017-12-06 15:15:59 CET
Hi Vladimir,

NSD works on IPv6 fine, also 4.1.8 (and 4.1.18 too).

I also cannot explain why you are getting this errno from the sendto system call.  the xfrd part of NSD is working fine and calling the sendto system call with this IPv6 address.  The system call then returns this error.

My guess is that the kernel does not have the ipv6 module loaded or enabled.  Or perhaps the ipv6 network is not up in some way...

With strace you can see it call the sendto and get the errno.  Since it also compiled, eg. with IPv6 support, I guess something else must be wrong somehow.

Best regards, Wouter
Comment 2 Vladimir 2017-12-06 16:08:49 CET
Created attachment 474 [details]
NSD run under strace

I didn't hide domain names and real IPs.
Comment 3 Vladimir 2017-12-06 16:09:16 CET
Hello Wouter,

I run nsd in strace and got some logs. I don't understand what all that means, so I just attach the log.

I can ping IPv6 addresses on this host, so I think that kernel has IPv6 support as well as the host.

On the other hand these messages appeared Dec 1 after I updated the host and new version of NSD (4.1.8), glibc (2.26-8) and kernel (4.14.3) were installed. I checked with previous version of glibc package (2.26-6) but the problem remains. Now host uses kernel 4.14.4 version and I'll to check with kernel 4.14.2 on weekend.

P.S. I quickly looked through kernels 4.14.3, 4.14.4 Changelogs and didn't find any information about net-ipv6.
Comment 4 Wouter Wijngaards 2017-12-06 16:14:56 CET
Hi Vladimir,

There are no errors in that strace.  Or, that I can see, IPv6 usage.  Everything looks okay... But there is a problem with sendto giving an error?  Because you configured an IPv6 upstream (master), or an IPv6 slave (notify target address) and XFRD tries to send a query there?

What is the config item with IPv6; can you ping that IPv6?

Can you send a query there with like  dig @<that address> ?

Best regards, Wouter
Comment 5 Wouter Wijngaards 2017-12-06 16:16:27 CET
Hi Vladimir,

Okay, so IPv6 works on your host I guess.  So your error is about xfrd notify.  There are notify related changes in NSD 4.1.18, this is where the bug could be.

Can you repeat the problem?

Best regards, Wouter
Comment 6 Wouter Wijngaards 2017-12-06 16:28:30 CET
Hi Vladimir,

Yes you are right, it is a regression, the notify upgrade in 4.1.18 fails to work when both ipv4 and ipv6 addresses are in a notify list for a zone at the same time.  Thanks for the report details.

Best regards, Wouter
Comment 7 Wouter Wijngaards 2017-12-06 16:45:49 CET
Hi Vladimir,

There is a fix in the source repo of NSD.  Thanks for the report!

Best regards, Wouter
Comment 8 Vladimir 2017-12-07 05:05:59 CET
Confirm,
I installed NSD packages with last patch (4803:4804) and now NSD works fine.

Thank you.