Guys, RHEL 5 + IPv6 = evil
Bruce, could it be that you have ip6tables turned on? The IPv6 and ip6tables implementations in the kernel shipped with RHEL 5 are riddled with bugs. One of these bugs is that if you enable ip6tables, even without any firewall rules, the MTU size drops dramatically and the kernel mucks up IPv6 fragmentation. I've written down some of the problems we ran into on our resolvers (running unbound on both IPv4 as well as IPv6) in this blogpost (it also contains some info on compiling a newer BIND on RHEL 5.x, but you can ignore that): https://dnssec.surfnet.nl/?p=464 Cheers, -- Roland M. van Rijswijk -- SURFnet Middleware Services -- t: +31-30-2305388 -- e: [email protected] _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
