Hello! this is going to be fixed by going multithreaded, then the BGP sessions will be independent on DNS resolution in RPKI.
Basically, BIRD 3 is the solution and there is not much of a hurry to fix this in BIRD 2. Also, you can just add the record to /etc/hosts, as you may want the RPKI to load before DNS is reachable. Maria On 21 October 2024 10:17:50 GMT-04:00, "Ondřej Caletka" <ond...@caletka.cz> wrote: >Dear BIRD users, > >I have recently noticed an interesting issue. A newly set up BGP session >between BIRD on our side and a remote party running whatever was taken down >every hour or so. The reason for the session being terminated was Received: >Hold timer expired. > >Looking at the logs, it turned out that this was caused by broken DNS resolver >on the machine where BIRD is running. Whenever BIRD was trying to resolve the >host name of the RPKI Validator cache, it got stuck for 24 seconds. This was >apparently enough for the other BGP speaker to consider it dead and take the >session down (the hold timers were shortened from the standard values there). > >Oct 15 13:45:51 vrtr-4.mtg.ripe.net bird[907]: rpki_validator: Cannot resolve >hostname 'rpki-validator.mtg.ripe.net': > >Oct 15 13:45:51 vrtr-4.mtg.ripe.net bird[907]: I/O loop cycle took 24009.001 >ms for 1 events >Oct 15 13:45:51 vrtr-4.mtg.ripe.net bird[907]: Kernel dropped some netlink >messages, will resync on next scan. >Oct 15 13:45:51 vrtr-4.mtg.ripe.net bird[907]: peer_as2852_v4: Received: Hold >timer expired >Oct 15 13:46:55 vrtr-4.mtg.ripe.net bird[907]: peer_as2852_v4.ipv4: Automatic >RPKI reload not active for import > >This case was fixed by making sure DNS resolver works, but I still wonder >whether this is a known limitation or whether this is something that can >possibly be improved. > >-- >Best regards, > >Ondřej Caletka -- Maria Matejka (she/her) | BIRD Team Leader | CZ.NIC, z.s.p.o.