BIND9 resolver SERVFAIL in IPv4 only network

1. - Problem statement
2.  
3. BIND9 resolver returns SERVFAIL if following all conditions are met:
4.  
5. 1. BIND 9 resolver [1][2] in IPv4 only network environment [3].
6. 2. Resolving a zone whose all NS’s are dual stack.
7. 3. When all A RRSets of NS hosts expired, while AAAA not expired
8. in resolver cache.
9.  
10. BIND9 in IPv4-only network is very common. Also, expiration of all NS's A RRset
11. can occur especially when A RRsets TTL are shorter than AAAA RRset TTL.
12.  
13. [1] I confirmed this problem with 9.9.4-P2 and 9.8.6-P2
14. [2] I confirmed this problem with FreeBSD 10.0 and CentOS 6.4
15. [3] Only IPv4 address is assigned to network interface.
16. (IPv6 link local addresses may be assigned)
17.  
18. - How to repeat
19.  
20. I've set up and published a zone (hdais.net) for you can repeat
21. this problem easily; the zone’s NS are all dual stack, whose A RRset TTL is
22. much smaller than AAAA RRset TTL.
23.  
24. 1. Set up BIND9 resolver in IPv4 only network environment.
25. 2. Launch resolver: "named -c /dev/null"
26. 3. "dig @127.0.0.1 www.hdais.net" for some times.
27.  
28.  
29. - Additional Information
30.  
31. This problem can be avoided with these workarounds:
32.  
33. * For resolver side, launch resolver with "named -4 -c /dev/null"
34. * For authoritative server, configure one of NS hosts
35. as single stack (A-RRset only host)
36.  
37. Of course this problem doesn't occur if resolver is running
38. in dual stack network environment.
39.  
40. - Test log example
41.  
42. # First query for www.hdais.net results proper answer.
43. #
44. freebsd10:~ % drill @127.0.0.1 www.hdais.net
45. ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 42947
46. ;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 4
47. ;; QUESTION SECTION:
48. ;; www.hdais.net. IN A
49.  
50. ;; ANSWER SECTION:
51. www.hdais.net. 5 IN A 49.212.156.90
52.  
53. ;; AUTHORITY SECTION:
54. hdais.net. 86400 IN NS ns2.autosign.info.
55. hdais.net. 86400 IN NS ns1.autosign.info.
56.  
57. ;; ADDITIONAL SECTION:
58. ns1.autosign.info. 10 IN A 27.120.111.185
59. ns1.autosign.info. 86400 IN AAAA 2001:2e8:67a:0:2:1:0:39
60. ns2.autosign.info. 10 IN A 49.212.156.90
61. ns2.autosign.info. 86400 IN AAAA 2001:e41:31d4:9c5a::1
62.  
63. ;; Query time: 0 msec
64. ;; SERVER: 127.0.0.1
65. ;; WHEN: Sun Jan 26 21:35:47 2014
66. ;; MSG SIZE rcvd: 184
67.  
68.  
69. # 10 seconds later, ns[12].autosign.info A RRSet expired.
70. # Named starts to return SERVFAIL
71. #
72. freebsd10:~% drill @127.0.0.1 www.hdais.net
73. ;; ->>HEADER<<- opcode: QUERY, rcode: SERVFAIL, id: 10738
74. ;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
75. ;; QUESTION SECTION:
76. ;; www.hdais.net. IN A
77. <snip>
78.  
79. # Further www.hdais.net queries also result SERVFAIL
80. #
81. freebsd10:~ % drill @127.0.0.1 www.hdais.net
82. ;; ->>HEADER<<- opcode: QUERY, rcode: SERVFAIL, id: 2128
83. ;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
84. ;; QUESTION SECTION:
85. ;; www.hdais.net. IN A
86. <snip>