Hello,
I can also confirm this for BIND 9.5.0-P2 for DNSSec enabled resolvers
using DLV (an ISP environment, arout 500-600 queries per second according to
BIND query log).
After several hours of operation, the server stopped answering on certain
cached records in signed zones (no packets came back) in irregular
intervals.
After downgrading to 9.4.3, the problems were resolved, works without any
hassles.
I did not try the latest 9.5.1 version, however.
Daniel Ryslink
On Fri, 26 Sep 2008, Bart Van den Broeck wrote:
Rune Rune wrote:
Hi, I have compiled and used 9.5 on several Linuxplatforms but we have to
restart the bind-process every day since it stop ansver for some domains after
some time.
The DNS is recursive and the domain it stop answer for is always .se domains.
Is there any DNSSEC issue in 9.5 that is broken maybe? The zones it dont answer
for isn't signed by .SE but? When the server stop answer correct it look up
other zones correct and after a restart it works ok again.
Regards, Rune
Short answer: yes, probably.
We have experienced the same issue, also with .se domains. It seems to be
related to a cache management issue and JINMEI Tatuya of ISC agrees (cf. his
reply on my post "Re: Frequent SERVFAIL: "nameservers now above QDOMAIN" (BIND
9.5.0-P2)" <http://marc.info/?l=bind-users&m=122239920822324&w=2>).
Restarting the DNS server solves the problem because it also flushes the cache
(as a side-effect).
Until the problematic code is fixed in BIND 9.5 we've downgraded to 9.4. It
hasn't been running long enough to be completely sure the problem has gone away
though, but we're hopeful :-)
Kind regards
Bart Van den Broeck
-- K.U.Leuven - ICTS - ICT Infrastructuur - Netwerken (aka KULeuvenNet)-
Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
