On Mon, 24 Nov 2008, Simon Matter wrote: >> I just wanted to follow up on this thread, rather than leaving it hanging. >> >> It seems there was a more serious issue, which ultimately lead to the >> failure we experienced, with our murder setup. Specifically our >> internal DNS servers, were having sporadic time-outs for Linux and >> Macintosh clients. After disabling ipv6 on both of our nameservers, it >> seemed the name resolution issue cleared up. The strange thing is that >> it has been working without any complications for the last 6 months. >> But nobody at Marshall can pinpoint anything that may have changed >> recently with regards to ipv6 networking on the internal network. What >> is even stranger is that the name resolution timeouts only seemed to >> occur on Linux and Macintosh clients, while having no harmful effects on >> Microsoft Windows servers and clients. > > I had a strange issue recently with name resolution (OT because it has > nothing todo with cyrus-imapd). > Resolvers on Linux and recent OSX seem to always try to query for IPv6 > (AAAA) records even if NO IPv6 is configured on the client (no, I think it > only happens if the client program tries to resolve IPv6 like firefox in > our case). The problem starts if the DNS servers in question don't reply > correctly to those requests and reply with SERVFAIL for example. The > resolver will then ask the next DNS server it find in resolv.conf and go > on until no more servers to ask, which can take quite some time if you > have 4 servers configured like in our case. > In the end it turned out the company in question were running DNS > loadbalancers and they simply replied with SERVFAIL for AAAA records. I've > been told customers with Windows don't have that problem and I guess it's > because their resolver doesn't ask for IPv6 adresses if no IPv6 is > configured. I ran into an almost identical problem just yesterday with my silly home network router (D-Link DIR-655). The built-in DNS server in the router simply ignored AAAA queries. It didn't respond as all, even with SERVFAIL. Eventually the resolver library on Linux would timeout and try an A query instead. I ended up disabling the built-in DNS server and using the Comcast DNS servers directly. Anyways, I can definately understand why IPv6 might cause some issues... :) Andy ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
