Severe DNS Problems, 6.2-RELEASE, BIND 9.5.2
george+freebsd at m5p.com
george+freebsd at m5p.com
Fri Oct 24 23:33:44 UTC 2008
> From: Matthew Seaman <m.seaman at infracaninophile.co.uk>
> george+freebsd at m5p.com wrote:
> > I'm having severe DNS problems. I'm running 6.2-RELEASE, and I upgrade=
> d
> > to the bind9 port (after cvsup) on July 14. Starting yesterday morning=
> ,
> > DNS became very, very slow. If I repeated a "dig" command three or fou=
> r
> > times, I could get an answer after 20-30 seconds. This morning I cvsup=
> ped
> > again and installed the bind95 port. Still very, very slow. I will
> > probably shift my server to a FreeBSD 7.0 system this weekend, but I
> > would like very much to understand what's going on.
>
> Did you configure DLV (DNSSEC Look-aside Validation)? If so, you were=20
> probably bitten by the ISC key timing out. Key roll-over was scheduled=20
> for the month leading up to Tuesday 21st.
>
> Get the new key from: https://secure.isc.org/ops/dlv/index.php#dlv_key
>
> Cheers,
>
> Matthew
No, I'm not using DLV, but thanks for the hint anyway.
> From: Mike Meyer <mwm at mired.org>
> X-Spam-Score: 0 ()
> X-Scanned-By: MIMEDefang 2.57 on 10.100.0.247
> X-Greylist: Delayed for 00:52:50 by milter-greylist-2.0.2 (mailhost.m5p.com [10.100.0.247]); Fri, 24 Oct 2008 13:41:31 -0400 (EDT)
> Status: R
>
> On Fri, 24 Oct 2008 10:04:50 -0400 (EDT)
> george+freebsd at m5p.com wrote:
>
> > I'm having severe DNS problems. I'm running 6.2-RELEASE, and I upgraded
> > to the bind9 port (after cvsup) on July 14. Starting yesterday morning,
> > DNS became very, very slow. If I repeated a "dig" command three or four
> > times, I could get an answer after 20-30 seconds. This morning I cvsupped
> > again and installed the bind95 port. Still very, very slow. I will
> > probably shift my server to a FreeBSD 7.0 system this weekend, but I
> > would like very much to understand what's going on.
>
> Could this be a downstream server timing out?
>
> <mike
It would have to be every single downstream server on the net. If I
manually dig at the various servers, I can resolve stuff as needed,
but my server responds promptly only for the zones for which it is
authoritative. Thanks anyway for the suggestion. -- George Mitchell
More information about the freebsd-hackers
mailing list