• Print
  • Share
  • Dark

Why does named lock up when it attempts to connect over IPSEC tunnels?

  • Updated on 10 Oct 2018
  • 1 minute to read
  • Contributors 

This is due to a kernel bug where the fact that a socket is marked non-blocking is ignored. It is reported that setting xfrm_larval_drop to 1 helps but this may have negative side effects.

For more information, see:




xfrm_larval_drop can be set to 1 by the following procedure:

echo "1" > proc/sys/net/core/xfrm_larval_drop
Problems with this site? Email us at marketing@isc.org