Having IPv6 enabled on our nameservers, I’ve noticed that new domains where no longer slaved. We use PowerDNS’s supermaster feature for this, which basicly means it verifies NOTIFY messages against a list of ‘trusted masters’, if the sender address of the NOTIFY message matches any of the trusted masters it automaticly creates the new domain as a slave domain and performs an AXFR-query on the master to retrieve the zonefile.
When using IPv6 with PowerDNS, the PowerDNS server ‘pdns’ binds to its port with AF_INET6. By default, AF_INET6 binds to both IPv4 and IPv6 and uses v4-in-v6 mapping. If a IPv4 connection is made the address is in the form of “::ffff:127.0.0.1′.
The problem is that it is not possible to open a IPv6 connection to “::ffff:127.0.0.1”. However, this is wat pdns wants to to to query the supermaster server. The resulting error is:
Error resolving SOA or NS at: ::ffff:22.214.171.124: Unable to ask query of ::ffff:126.96.36.199:53: Address family not supported by protocol
The solution is to set the sysctl setting sys.net.ipv6.bindv6only to ‘1’. If set, this makes AF_INET6 sockets only listening on IPv6 addresses thus disabling the v4-in-v6 mapping.
Furthermore you have to make sure that PowerDNS is explicitly configured to listen on your IPv4 address with “local-address=” and your IPv6 address with “local-ipv6=”.
Then everything should be okay again.