Hello, This solved our issue, how did you diagnose the issue? what did you find? what was the ultimate solution? What would the downside be to leaving the ends-udp-size setting set to 512
thanks for any help con On Oct 30, 2013, at 2:58 PM, "Samp, Daniel [USA]" <samp_dan...@bah.com> wrote: > In the past when I've had issues with certain .gov sites (e.g. noaa.gov, > nih.gov, ssa.gov) it was due to application based filtering (layer 4). For > some reason the responses from these sites are more often than not fragmented > and if you have something doing filtering based on ports it may not be > delivering the follow-up fragments because they do not have the tcp headers. > Do a tcpdump of your DNS traffic from noaa.gov and check to see if reponses > are being fragmented and whether you are receiving all of the fragments. We > had to set edns-udp-size to 512 as a workaround until we could identify the > problematic piece of hardware. > > Since the only thing you changed was BIND versions, this may have nothing to > do with your issue, but I thought I'd throw it out there. > > -Dan > > ________________________________________ > From: bind-users-bounces+samp_daniel=bah....@lists.isc.org > [bind-users-bounces+samp_daniel=bah....@lists.isc.org] on behalf of Con > Wieland [cwiel...@uci.edu] > Sent: Wednesday, October 30, 2013 5:28 PM > To: BIND List > Subject: [External] Re: intermittent resolution > > The site I am having issues with are a half a dozen sites at noaa.gov. No I > have not tried 9.9.4 when I upgraded 9.8.6 was listed as the current stable > version so I went with that. > > con > > On Oct 30, 2013, at 11:48 AM, Alan Clegg <a...@clegg.com> wrote: > >> >> On Oct 30, 2013, at 10:03 AM, Con Wieland <cwiel...@uci.edu> wrote: >> >>> I recently upgraded to version: 9.8.6. I am having trouble resolving a .gov >>> site. When I reload the name server it will resolve fine for a while then >>> after an hour or two I will get a server fail. I can perform a dig +trace >>> and resolve but dig will fail. If I do an rndc reload it will work for some >>> period of time again. I suspect negative caching but the site has a the >>> ttl set to 60 so I would expect it to resolve again but it doesn't until a >>> reload is preformed, other sites seem to be effected but I don't know. >>> This is a high visibility site. The only configuration change has been to >>> add RPZ which seems to be working fine. >>> >>> Other name servers seem to be unaffected. What am I missing? What else can >>> I check? I can provide more details if it would be helpful. >> >> Can you tell us _what_ .gov site? Do you see the same problem with 9.9.4? >> >> AlanC >> -- >> Alan Clegg | +1-919-355-8851 | a...@clegg.com >> > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
