Clients get DNS timeouts because ipv6 means more queries for each lookup

Tim Maestas t.maestas at
Mon Jul 11 22:27:28 UTC 2011

I'm unclear how BIND could be modified to fix this.  The querying
client machines are asking BIND for AAAA records.  BIND goes out to
the authoritative nameservers to attempt to resolve said AAAA records.
 The broken nameservers (PowerDNS <3.0 etc) timeout or otherwise hand
out bad responses (FORMERR, NXDOMAIN).  What would BIND do differently
to avoid this?

Even if BIND was modified, why would the responsibility fall on all
BIND administrators to implement this hack as opposed to the onus
being on the owners of the broken nameservers to upgrade their broken
authoritative servers?


On Mon, Jul 11, 2011 at 1:25 PM, Jonathan Kamens <jik at> wrote:
> On 7/11/2011 4:06 PM, Bill Owens wrote:
>  in which the first sentence says it all: "The nameservers for
> are broken."
> It's not just that's broken, obviously. I see this error in my
> logs for 19 domains since July 3:
> Even if PowerDNS is the only source of this issue, and even if the new
> version of PowerDNS is released tomorrow, I'm sure there will still be sites
> running the old version a year from now. So just relying on a PowerDNS
> release to fix this problem seems unwise.
> Users are experiencing this problem now in the field, and more users will be
> experiencing it as BIND is upgraded in more and more places. Every single
> user relying on a Fedora 15 DNS server, for example, is going to see
> occasional unnecessary DNS timeouts when trying to resolve host names.
> It seems clear to me that a generally available, generally applicable fix to
> BIND is needed to avoid this issue and perhaps similar issues like it.
>   jik
> _______________________________________________
> Please visit to
> unsubscribe from this list
> bind-users mailing list
> bind-users at

More information about the bind-users mailing list