[dns-operations] Sporadic but noticable SERVFAILs in specific dual stack nodes in an anycast resolving farm
Kostas Zorbadelos
kzorba at otenet.gr
Wed Mar 5 19:26:17 UTC 2014
Jeroen Massar <jeroen at massar.ch> writes:
> On 2014-03-05 14:45 , Kostas Zorbadelos wrote:
> [..]
>> The situation is described here:
>> https://lists.isc.org/pipermail/bind-users/2014-March/092706.html
>
Hi Jeroen,
> From that post:
>>> The main difference in the 3 machines from the rest is the IPv6
>>> operation. Those machines are dual stack, having /30 (v4) and /127
>>> (v6) on the physical interface.
>
> As your queries are going outbound over IPv6 while the other boxes do
> not, have IPv6, that is a big difference of course.
>
Quite true.
> How exactly did you configure that /127 on the interface, you are aware
> of this concept called subnet-router anycast address I hope?
>
> As that could cause packets not to be able to exit once in a while in
> miraculous ways...
>
> Next to that see:
> http://tools.ietf.org/html/rfc3627
>
> though some people disagree and thus there is now:
> http://tools.ietf.org/html/rfc6547
>
> and thus:
> http://tools.ietf.org/html/rfc6164
>
Actually, the /127 issue came up in internal discussions with colleagues.
We've been using /127 on our inter-router links, as per rfc6164, but
we're not sure how does the linux (kernel) support that (and especially
the CentOS 2.6.32-whatever).
As an extra step, we will reconfigure a link to use /64 on one of
the servers and will share the results.
>
> Additionally, you might want to monitor address/route add/removals with
> the 'ip mon' tool.
>
> Greets,
> Jeroen
>
Regards,
Kostas
More information about the dns-operations
mailing list