On Jun 30 2011, eugene tsuno wrote:
We saw the problem that is described in 9.8.0-P2 in a few hours. I understand the resolution was a bug fix.
I take it you are referring to RT #24650, fixed by change #3121 (affects everyone, crashes BIND) rather than RT #24631, fixed by change #3120 (affects only validators, gives SERVFAIL when it shouldn't have).
What made it intermittent? I am trying to recreate it on a different server and I can't. Once it happened, I could identify it quite quickly, but I try the same test and it does not fail.
The zone "federalreserve.gov" was un-signed (and remains so) to circumvent the immediate problem. It needs a zone with DNSSEC records of precisely the right size to provoke the bug. (I know that ISC have a zone file that will reliably crash un-patched versions, and I am also fairly sure they aren't going to make it generally available at this time. Black hats are, after all, listening to us.) Upgrade, in any case, if you can. -- Chris Thompson Email: c...@cam.ac.uk _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
