So, before I'm allowed to even think about 9.4.3-P1, because of the outage we experienced 9.4.2-P2, I need to run through a full test suite/load testing in my lab. I am trying to find a succinct list of the differences between 9.4.2-P2 and 9.4.3-P1 so I know where I should be focusing my testing.
>From the release notes, I see quite a few changes were made. What changes I am interested in are the ones that might change the normal behaviour of bind and/or cause it to fail again. Not being a developer myself, I can't necessarily understand the impact of the changes in the release notes for 9.4.3 and 9.4.3-p1, so I don't know what the impact is to the overall service. Can anyone In The Know help with a friendlier list of the functional changes that may/may not have been made? Many thanks, T. On Wed, Feb 25, 2009 at 5:43 PM, JINMEI Tatuya / 神明達哉 <[email protected]> wrote: > At Wed, 25 Feb 2009 09:20:52 -0500, > Todd <[email protected]> wrote: > >> My apologies again, you are correct. I ran a named -v on the boxes, >> forgetting that we were directly calling bind in a non-path. We are >> in fact using 9.4.2-P2 on everything, patched to protect against >> kaminsky. We will look at an upgrade program to get these boxes >> (about 80 servers, unfortunately the majority of our infastructure) >> upgraded to protect against this. >> >> Are there any suggestions that anyone can provide to mitigate against >> this coming up until such a time that we can upgrade? > > - make sure the 'files' named.conf option is set to a small value (the > default value should be fine) > - unless you need many number of TCP connections (which is unlikely if > named is caching-only server) decrease the value for > reserved-sockets (allowable minimum is 128 if I remember it > correctly, which should be fine) > > In addition, if your OS is Linux, the following two *MUST* also be > done: > > - make sure named is built with some large number for > ISC_SOCKET_FDSETSIZE. > - if your named is built with threads, make sure the allowable number > of open files ('ulimit -n') is sufficiently large before starting > named. > > --- > JINMEI, Tatuya > Internet Systems Consortium, Inc. > _______________________________________________ bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
