From ba73b71d5178004f765561ab5a7665cc0df2c003 Mon Sep 17 00:00:00 2001
From: Paul Wouters <paul@xelerance.com>
Date: Tue, 26 Oct 2010 10:32:35 -0400
Subject: [PATCH] Disable IPv6 per default, as it causes strong ipv4
 degradation on machines with no or bad IPv6. Added comments in unbound.conf
 pointing to discussion and test sites.

---
 unbound.conf | 7 ++++++-
 unbound.spec | 6 +++++-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/unbound.conf b/unbound.conf
index 2f32c73..a969c38 100644
--- a/unbound.conf
+++ b/unbound.conf
@@ -145,7 +145,12 @@ server:
 	# do-ip4: yes
 
 	# Enable IPv6, "yes" or "no".
-	# do-ip6: yes
+	# If you need ipv6, check MTU and you might have to disable ip6tables
+	# see https://dnssec.surfnet.nl/?p=464
+	# Test using https://www.dns-oarc.net/oarc/services/replysizetest
+	# Setting this to yes on non-ipv6 enabled machine can cause the
+	# ipv4 query rate to drop from 40k qps to 1k qps
+	do-ip6: no
 
 	# Enable UDP, "yes" or "no".
 	# do-udp: yes
diff --git a/unbound.spec b/unbound.spec
index 1cae4ec..f2f3480 100644
--- a/unbound.spec
+++ b/unbound.spec
@@ -9,7 +9,7 @@
 Summary: Validating, recursive, and caching DNS(SEC) resolver
 Name: unbound
 Version: 1.4.5
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: BSD
 Url: http://www.nlnetlabs.nl/unbound/
 Source: http://www.unbound.net/downloads/%{name}-%{version}.tar.gz
@@ -195,6 +195,10 @@ fi
 %postun libs -p /sbin/ldconfig
 
 %changelog
+* Tue Oct 26 2010 Paul Wouters <paul@xelerance.com> - 1.4.5-3
+- Disable do-ipv6 per default - causes severe degradation on non-ipv6 machines
+  (see comments in inbound.conf)
+
 * Tue Jun 15 2010 Paul Wouters <paul@xelerance.com> - 1.4.5-2
 - Bump release - forgot to upload the new tar ball.