From owner-freebsd-net@FreeBSD.ORG Thu Jul 6 12:25:42 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1C19616A4DE for ; Thu, 6 Jul 2006 12:25:42 +0000 (UTC) (envelope-from b.candler@pobox.com) Received: from proof.pobox.com (proof.pobox.com [207.106.133.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id 29FDD43D77 for ; Thu, 6 Jul 2006 12:25:39 +0000 (GMT) (envelope-from b.candler@pobox.com) Received: from proof (localhost [127.0.0.1]) by proof.pobox.com (Postfix) with ESMTP id 7865229D4D; Thu, 6 Jul 2006 08:25:38 -0400 (EDT) Received: from mappit.local.linnet.org (212-74-113-67.static.dsl.as9105.com [212.74.113.67]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by proof.sasl.smtp.pobox.com (Postfix) with ESMTP id 3DF215BCD9; Thu, 6 Jul 2006 08:25:37 -0400 (EDT) Received: from lists by mappit.local.linnet.org with local (Exim 4.61 (FreeBSD)) (envelope-from ) id 1FySvH-0008OB-HP; Thu, 06 Jul 2006 13:25:35 +0100 Date: Thu, 6 Jul 2006 13:25:35 +0100 From: Brian Candler To: Brett Glass Message-ID: <20060706122535.GB32208@uk.tiscali.com> References: <7.0.1.0.2.20060705115517.05fb6f78@lariat.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <7.0.1.0.2.20060705115517.05fb6f78@lariat.net> User-Agent: Mutt/1.4.2.1i Cc: net@freebsd.org Subject: Re: Strange errors from BIND on FreeBSD 4.x system X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Jul 2006 12:25:42 -0000 On Wed, Jul 05, 2006 at 09:39:17PM -0600, Brett Glass wrote: > I'm working with a client's FreeBSD system (4.9 with patches) which > is having trouble resolving certain domains but not others. When I > try to execute the same queries using "dig", I see the error message > > res_nsend: Protocol not supported > > Via various search engines, I've seen hints that the problem may > have something to do with IPV6 but no instructions as to how to > resolve it. Can anyone explain what's wrong and how to fix it? The nameserver you're trying to talk to has both IPv6 and IPv4 addresses, dig is trying to use the IPv6 one, but failing because your host doesn't have IPv6 connectivity. Example: ;; ANSWER SECTION: ns-pri.ripe.net. 166057 IN A 193.0.0.195 ns-pri.ripe.net. 72477 IN AAAA 2001:610:240:0:53::3 If you try "dig @ns-pri.ripe.net. ripe.net. soa" I suspect you will get this error. (Of course, this bug only happens because the IPv6 address is tried in preference to IPv4 whenever this case occurs. Life would be much easier if it tried IPv4 in preference to IPv6 - but then the IPv6 stack would never get exercised at all. That would be a good thing IMO :-) Solutions: (1) try rebuilding the kernel with INET6 commented out. Or if it's commented out now, try rebuilding with it back in. I can't remember which way round caused the problem. (2) otherwise, you could upgrade dig to a version from a newer version of BIND, as ISTR this was fixed in the application. So much for the IPv4-IPv6 transition being transparent to applications :-( Regards, Brian.