Compiling net-dns/djbdns-1.05-r23 with the IPv6 USE flag results (eventually) in dnscache lame delegation for obviously valid zones, e.g. nstld.com, and random lookup failures. I tested this on two heterogeneous amd64 systems, one with IPv6 addresses, the other not. The failures sometimes occur immediately after daemon start, sometimes after many lookups. Downgrading to -r22 or building -ipv6 made the problem disappear.
How adventurous are you feeling? In -r23, the developer applied the ipv6 patch and then tried to manually rebase the two CVE fixes on top of that. I have an overlay here: http://michael.orlitzky.com/git/mjo-overlay.git where I tried the opposite approach. I applied the CVE fixes, and then tried to apply the ipv6 patch. There were a few conflicts that I manually resolved, and it seems to compile and not immediately catch fire. Don't use that overlay anywhere near a production server! Not even down the hall. I haven't analyzed any of the changes, nor do I understand what most of them do. I just rearranged the existing patches so that they apply and compile.
A patch over the new -r23 or -r25 ebuild would be nice :)
(In reply to comment #2) > A patch over the new -r23 or -r25 ebuild would be nice :) I discovered, after a few hours of work, that my source tree after patching is exactly the same as the one in portage's r23. So the order in which you apply the patches doesn't matter, and you probably shouldn't expect any different results since the code is the same. I recompiled on both of my workstations with USE="ipv6", though, and will wait to see if any problems crop up.
I didn't research this issue in deep yet, but I see random lookup failures on amd64 on net-dns/djbdns-1.05-r26 built with "ipv6" USE-flag and disabled IPv6 support in kernel. Disabling ipv6 USE-flag fixed this issue.
(In reply to comment #4) > I didn't research this issue in deep yet, but I see random lookup failures > on amd64 on net-dns/djbdns-1.05-r26 built with "ipv6" USE-flag and disabled > IPv6 support in kernel. Disabling ipv6 USE-flag fixed this issue. I've been running the same thing on my home/office PCs since my previous comment but haven't spotted anything out of the ordinary. If you run into trouble again, please try `dig foo.example.com` (or your preferred lookup program) and paste the output here so I can try it.
If anyone is still experiencing this issue, I've just committed djbdns-1.05-r29 which has an updated ipv6 patch.
The latest -r29 with the new ipv6 patch has gone stable. I don't want to sound like I'm sweeping the issue under the rug, but it's been four years without an example of a lookup failure. Realistically, without more information, there's nothing I can do. I'll leave this open for a while longer, but eventually I'll have to give up and mark it NEEDINFO.
I'm going to enable ipv6 USE flag now to help you with testing this.
So far everything is fine, I didn't noticed any lookup failures in last month.
(In reply to Alex Efros from comment #9) > So far everything is fine, I didn't noticed any lookup failures in last > month. Thanks for helping out with this. I haven't seen any problems with -r29 either in the last two months or so. Without more info, there's nothing to troubleshoot, so I'm going to close this. If anyone hits the issue in the future please feel free to reopen it.
