From owner-freebsd-hackers@FreeBSD.ORG Fri Oct 24 23:33:44 2008 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 081B91065673 for ; Fri, 24 Oct 2008 23:33:44 +0000 (UTC) (envelope-from george@m5p.com) Received: from mailhost.m5p.com (unknown [IPv6:2001:418:3fd::2]) by mx1.freebsd.org (Postfix) with ESMTP id CEC328FC19 for ; Fri, 24 Oct 2008 23:33:43 +0000 (UTC) (envelope-from george@m5p.com) Received: from m5p.com (mailhost.m5p.com [IPv6:2001:418:3fd::f7]) by mailhost.m5p.com (8.13.8/8.13.8) with ESMTP id m9ONWTYe032383 for ; Fri, 24 Oct 2008 19:32:34 -0400 (EDT) Received: (from george@localhost) by m5p.com (8.13.8/8.13.7/Submit) id m9ONWT8S032380; Fri, 24 Oct 2008 19:32:29 -0400 (EDT) Date: Fri, 24 Oct 2008 19:32:29 -0400 (EDT) Message-Id: <200810242332.m9ONWT8S032380@m5p.com> From: george+freebsd@m5p.com To: freebsd-hackers@freebsd.org X-Spam-Score: -0.001 () NO_RELAYS X-Scanned-By: MIMEDefang 2.57 on IPv6:2001:418:3fd::f7 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0.2 (mailhost.m5p.com [IPv6:2001:418:3fd::f7]); Fri, 24 Oct 2008 19:32:35 -0400 (EDT) Subject: Re: Severe DNS Problems, 6.2-RELEASE, BIND 9.5.2 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Oct 2008 23:33:44 -0000 > From: Matthew Seaman > george+freebsd@m5p.com wrote: > > I'm having severe DNS problems. I'm running 6.2-RELEASE, and I upgrade= > d > > to the bind9 port (after cvsup) on July 14. Starting yesterday morning= > , > > DNS became very, very slow. If I repeated a "dig" command three or fou= > r > > times, I could get an answer after 20-30 seconds. This morning I cvsup= > ped > > again and installed the bind95 port. Still very, very slow. I will > > probably shift my server to a FreeBSD 7.0 system this weekend, but I > > would like very much to understand what's going on. > > Did you configure DLV (DNSSEC Look-aside Validation)? If so, you were=20 > probably bitten by the ISC key timing out. Key roll-over was scheduled=20 > for the month leading up to Tuesday 21st. > > Get the new key from: https://secure.isc.org/ops/dlv/index.php#dlv_key > > Cheers, > > Matthew No, I'm not using DLV, but thanks for the hint anyway. > From: Mike Meyer > X-Spam-Score: 0 () > X-Scanned-By: MIMEDefang 2.57 on 10.100.0.247 > X-Greylist: Delayed for 00:52:50 by milter-greylist-2.0.2 (mailhost.m5p.com [10.100.0.247]); Fri, 24 Oct 2008 13:41:31 -0400 (EDT) > Status: R > > On Fri, 24 Oct 2008 10:04:50 -0400 (EDT) > george+freebsd@m5p.com wrote: > > > I'm having severe DNS problems. I'm running 6.2-RELEASE, and I upgraded > > to the bind9 port (after cvsup) on July 14. Starting yesterday morning, > > DNS became very, very slow. If I repeated a "dig" command three or four > > times, I could get an answer after 20-30 seconds. This morning I cvsupped > > again and installed the bind95 port. Still very, very slow. I will > > probably shift my server to a FreeBSD 7.0 system this weekend, but I > > would like very much to understand what's going on. > > Could this be a downstream server timing out? > >