>> Hello Michael >> Thank you for your response. Here is a pcap file and some logs. > > Hello Sami, > > Your pcap shows your resolver making thousands of queries that get > no responses (or at least the pcap does not contain them). There's > not much I can say, beyond that this does not appear to be a > problem > related to BIND.
Sami, My co-worker helpfully pointed out something I missed when reviewing your packet capture. A large number of your resolution failures are because your BIND is configured to use QNAME minimization (a.k.a. "qmin") and the queries are to zones whose configuration is done incorrectly and breaks qmin. The pcap indicates you have the 'qname-minimization strict' setting in your BIND configuration file. See the "qname-minimization" statement in the Options section of the BIND ARM (https://bind9.readthedocs.io/en/v9.16.25/reference.html#options-statement-definition-and-usage). For the general background on qmin, read RFCs 7816 and 9156. I don't know of a reason why you would experience more qmin failures in the evening, other than the requests that fail are only made at that time. Regardless, if you want to stop the failures completely, you can change the 'qname-minimization strict' setting to 'qname-minimization disabled'. The drawback is that your queries will no longer be minimized, so all authoritative servers will see the full query name during recursion. As a compromise between doing nothing and fully disabling qmin, you can use the 'qname-minimization relaxed' setting which will try qmin and if BIND encounters a zone which breaks qmin, then BIND will switch to not doing qmin and do normal recursion (equivalent to 'qname-minimization disabled') for that query. Also, you should upgrade your version of BIND, as we can see that the qmin queries are those used in older versions of BIND. Michael -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
