Missing IPv4 or IPv6 connection and Running BIND on Solaris?
BIND 9's named(1M) performance can be vastly improved when running on Solaris operating environment where either no IPv4 or no IPv6 connectivity is available.
The issue is documented in the named(1M) manual page:
BUGS
By default, named attempts to contact remote name servers by
either their IPv4 or IPv6 address, even though the host sys-
tem does not have either IPv4 or IPv6 connectivity (that is,
a configured and active interface). To address this issue,
either provide the missing connectivity or use the relevant
-4 or -6 command line option. When using svccfg(1M), set
application property options/ip_interfaces to either IPv4 or
IPv6.
Essentially 'named' receives both IPv4 and IPv6 addresses for name servers. As it goes about its business of resolving queries it attempts to send UDP packets to those addresses. Ideally it would be informed of a missing transport and quickly fail. Alas defect 6320428 "sendto() should return errors up the stack" means that does not happen and thus 'named' waits for a response that is never going to come.
As an example, lets take a peek at the root name server addresses using dig (domain Internet Groper):
$ dig . ns ; <<>> DiG 9.3.6-P1 <<>> . ns ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 878 ;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 14 ;; QUESTION SECTION: ;. IN NS ;; ANSWER SECTION: . 498528 IN NS c.root-servers.net. . 498528 IN NS d.root-servers.net. . 498528 IN NS e.root-servers.net. . 498528 IN NS f.root-servers.net. . 498528 IN NS g.root-servers.net. . 498528 IN NS h.root-servers.net. . 498528 IN NS i.root-servers.net. . 498528 IN NS j.root-servers.net. . 498528 IN NS k.root-servers.net. . 498528 IN NS l.root-servers.net. . 498528 IN NS m.root-servers.net. . 498528 IN NS a.root-servers.net. . 498528 IN NS b.root-servers.net. ;; ADDITIONAL SECTION: a.root-servers.net. 498238 IN A 198.41.0.4 a.root-servers.net. 195801 IN AAAA 2001:503:ba3e::2:30 b.root-servers.net. 593090 IN A 192.228.79.201 c.root-servers.net. 412662 IN A 192.33.4.12 d.root-servers.net. 592857 IN A 128.8.10.90 e.root-servers.net. 419480 IN A 192.203.230.10 g.root-servers.net. 26029 IN A 192.112.36.4 i.root-servers.net. 592963 IN A 192.36.148.17 j.root-servers.net. 498528 IN A 192.58.128.30 j.root-servers.net. 498528 IN AAAA 2001:503:c27::2:30 k.root-servers.net. 593006 IN A 193.0.14.129 k.root-servers.net. 589950 IN AAAA 2001:7fd::1 l.root-servers.net. 3378 IN A 199.7.83.42 l.root-servers.net. 195801 IN AAAA 2001:500:3::42 ;; Query time: 3 msec ;; SERVER: 129.156.86.11#53(129.156.86.11) ;; WHEN: Thu Aug 27 12:53:49 2009 ;; MSG SIZE rcvd: 500
As documented in named(1M) the solution is to enable only IPv4 or IPv6 transports. On Solaris 10 or above this should be accomplished using SMF properties:
Example 1 Configuring named to Transmit Only over IPv4 Net-
works
The following command sequence configures named such that it
will transmit only over IPv4 networks.
# svccfg -s svc:network/dns/server:default setprop \
> options/ip_interfaces=IPv4
# svcadm refresh svc:network/dns/server:default
#
On Solaris 8 or 9 modify init.d(4) script /etc/init.d/inetsvc and append either -4 or -6 to the BIND 9 startup line.
Note BIND 9 should be used as documented in SunAlert 239392.
For example, the following is a excerpt from a modified /etc/init.d/inetsvc to start named(1M) so that it only uses IPv4 transports:
if [ -f /usr/lib/dns/named -a -f /etc/named.conf ]; then
echo 'starting internet domain name server.'
/usr/lib/dns/named -4&
fi
By limiting 'named' to the available transport its performance is vastly improved.
