glibc-2.3.2-r9 has a broken reverse resolving for IPv6 addresses. The bitstring reverse format has been deprecated in RFC3363 (3.2) because it simply does not work anywhere. Although this is the case, a patch to use bitstring first was introduced in the middle of November into Redhat/Fedora and is also in the 20031115 branch-update used for glibc-2.3.2-r9. The relevant lines in the Changelog of the patch are 2003-10-26 Ulrich Drepper <drepper@redhat.com> [...] * resolv/nss_dns/dns-host.c (_nss_dns_gethostbyaddr_r): Default reverse lookup format for IPv6 addresses is using bitstring and .ip6.arpa suffix. * resolv/ns_name.c: Implement encoding and decoding bitstring in hex format. There is one bug filed at redhat which contains the whole story http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=101261 The big (very big) problem is that most servers simply discard requests for a bitstring reverse lookup. Depending on your configuration you will have a timeout every time you query for an IPv6 reverse name. A test program is contained in the above mentioned redhat bug. It is more an upstream bug in glibc, but perhaps it would be possible to revert the patch from the branch-update or even fix the behaviour completely (standard would be nibble reverse with ip6.arpa, if that one fails nibble with ip6.int) Reproducible: Always Steps to Reproduce: 1. update glibc to glibc-2.3.2-r9 2. compile the test program from the redhat-bugzilla 3. run ./a.out 2001:6f8:985:1000::2:1 while dumping your resolver (either tcpdump or querylogs on your nameserver) Actual Results: Two requests to your nameserver 1.) \[x200106F8098510000000000000020001/128].ip6.arpa IN PTR which will return either NXDOMAIN (if you are lucky) or simply time out (normally) 2.) 1.0.0.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.5.8.9.0.8.f.6.0.1.0.0.2.ip6.int IN PTR which should return the right reverse name Expected Results: 1.) Query for 1.0.0.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.5.8.9.0.8.f.6.0.1.0.0.2.ip6.arpa IN PTR if that one fails (6bone-space which has no nibble ip6.arpa delegated) 2.) Query for 1.0.0.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.5.8.9.0.8.f.6.0.1.0.0.2.ip6.int IN PTR Portage 2.0.50-r1 (default-x86-1.4, gcc-3.3.2, glibc-2.3.2-r9, 2.6.2) ================================================================= System uname: 2.6.2 i686 AMD Athlon(TM) XP 2000+ Gentoo Base System version 1.4.3.13 distcc 2.11.1 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] Autoconf: sys-devel/autoconf-2.58-r1 Automake: sys-devel/automake-1.7.7 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-march=athlon-xp -O3 -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" COMPILER="gcc3" CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/env.d" CXXFLAGS="-march=athlon-xp -O3 -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs ccache sandbox" GENTOO_MIRRORS="ftp://obelix.birkenwald.intern ftp://ftp.uni-erlangen.de/mirrors/gentoo ftp://ftp.ipv6.uni-muenster.de/pub/linux/distributions/gentoo http://linux.rz.ruhr-uni-bochum.de/download/gentoo-mirror/ ftp://ftp.tu-clausthal.de/pub/linux/gentoo" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.de.gentoo.org/gentoo-portage" USE="3dnow X alsa apm avi berkdb cdr crypt cups dvd encode esd foomaticdb gdbm gif gpm gtk gtk2 guile imlib ipv6 java jpeg libg++ libwww mad mikmod motif mozilla moznocompose moznomail mpeg ncurses nls oggvorbis opengl oss pam pdflib perl pic png python qt quicktime radeon readline samba sdl slang spell sse ssl svga tcltk tcpd tetex truetype x86 xml2 xmms xv zlib"
Looks like it has been fixed in version 1.39 of resolv/nss_dns/dns-host.c http://sources.redhat.com/cgi-bin/cvsweb.cgi/libc/resolv/nss_dns/dns-host.c?cvsroot=glibc
Created attachment 26120 [details, diff] Proposed patch The attached patch fixes the problem entirely. It should be applied in the ebuild just after the branch update Compiles clean and works fine on x86.
Just for clarification, this patch is the original glibc-patch imported into glibc-CVS on Jan, 15th. In http://sources.redhat.com/cgi-bin/cvsweb.cgi/libc/resolv/?cvsroot=glibc resolv.h 1.37 -> 1.38 res_debug.c 1.34 -> 1.35 nss_dns/dns-host.c 1.38 -> 1.39 The patch res_init.c 1.34 -> 1.35 looks related as well, but it is definitely not needed to compile and work well.
Added, thanks.