Re: Weird named problem - IN A for nameservers being lost!

Mon, 16 Jul 2001 21:20:57 -0700 


:...
:>     Interesting.  He describes in the section about 'expiring glue'
:>     creating loops in the DNS server, but doesn't mention a particular
:>     bug.
:>
:>     However, there's another section where he mentions something about
:>     bind reducing the TTL by 5% for certain credibility cases.
:>
:>     Going back to my original posting... the NS is 2016 and fuji
:>     is 1846 = 170 = 5%.
:>
:>     I think This credibility stuff reducing the TTL in named is
:>     responsible for these blowups.  I am going to email the bind group
:>     with this whole mess to see what they have to say.
:>
:>                                          -Matt
:
:I wish you luck in getting it fixed.  That 5% may have been intended for
:removal; 8.1.2 used to reduce the TTL by 5% for _each_ query.  That was
:clearly removed for 8.2, but perhaps the initial decrement was forgotten.
:
:However, the problem probably indicates a more serious problem in 8.x's
:resolver, which may be fixed in 9 and is not intended to be backported.  I
:guess Mark'll have to answer that.  (He seems to read and reply to
:-security, so he appears reachable.)
:
:Mike "Silby" Silbersack

    I submitted a bug report.  Mark and I are talking about it.  Basically
    what it comes down to is that the 5% code is still there, but 
    conditionalized with NOADDITIONAL.   That is, if you set NOADDITIONAL
    then the 5% code is ripped out.  I also took a look on Google.  The
    problem appears to be well known for a long time, I just don't know
    why the bind guys haven't ripped out this 5% code stuff.

    I am going to commit a change to /usr/src/usr.sbin/named/Makefile.inc
    (in -current and MFC to -stable 3 days later) that turns on NOADDITIONAL
    and effectively fixes this problem for 8.2.x.  Hopefully the bind guys
    will rip out the code entirely, it just doesn't belong there.  I mean,
    it's ok for bind to fail instantly, or to allow the case, but it isn't
    ok for bind to allow the case 40 minutes and then fail from that point
    on until it's restarted.  Judging from the Google, this has been the
    source of many, many problems, and I don't quite understand why it
    wasn't ripped out last year.

    I am also CCing Doug Barton, who appears to be responsible for 
    bind8 in ports.

                                                -Matt


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message

Reply via email to