---
title: "Why does named lock up when it attempts to connect over IPSEC tunnels?"
slug: "aa-00316"
description: "This is the result of a kernel bug."
updated: 2018-10-10T16:01:59Z
published: 2018-10-10T16:01:59Z
canonical: "kb.isc.org/aa-00316"
---

> ## Documentation Index
> Fetch the complete documentation index at: https://kb.isc.org/llms.txt
> Use this file to discover all available pages before exploring further.

# Why does named lock up when it attempts to connect over IPSEC tunnels?

This is due to a kernel bug where the fact that a socket is marked non-blocking is ignored. It is reported that setting `xfrm_larval_drop` to 1 helps but this may have negative side effects.

For more information, see:

[https://bugzilla.redhat.com/show_bug.cgi?id=427629](https://bugzilla.redhat.com/show_bug.cgi?id=427629)

and

[https://lkml.org/lkml/2007/12/4/260](https://lkml.org/lkml/2007/12/4/260)

xfrm_larval_drop can be set to 1 by the following procedure:

```
echo "1" > proc/sys/net/core/xfrm_larval_drop
```