Date: Fri, 24 Oct 2008 19:32:29 -0400 (EDT) From: george+freebsd@m5p.com To: freebsd-hackers@freebsd.org Subject: Re: Severe DNS Problems, 6.2-RELEASE, BIND 9.5.2 Message-ID: <200810242332.m9ONWT8S032380@m5p.com>
next in thread | raw e-mail | index | archive | help
> From: Matthew Seaman <m.seaman@infracaninophile.co.uk> > george+freebsd@m5p.com wrote: > > I'm having severe DNS problems. I'm running 6.2-RELEASE, and I upgrade= > d > > to the bind9 port (after cvsup) on July 14. Starting yesterday morning= > , > > DNS became very, very slow. If I repeated a "dig" command three or fou= > r > > times, I could get an answer after 20-30 seconds. This morning I cvsup= > ped > > again and installed the bind95 port. Still very, very slow. I will > > probably shift my server to a FreeBSD 7.0 system this weekend, but I > > would like very much to understand what's going on. > > Did you configure DLV (DNSSEC Look-aside Validation)? If so, you were=20 > probably bitten by the ISC key timing out. Key roll-over was scheduled=20 > for the month leading up to Tuesday 21st. > > Get the new key from: https://secure.isc.org/ops/dlv/index.php#dlv_key > > Cheers, > > Matthew No, I'm not using DLV, but thanks for the hint anyway. > From: Mike Meyer <mwm@mired.org> > X-Spam-Score: 0 () > X-Scanned-By: MIMEDefang 2.57 on 10.100.0.247 > X-Greylist: Delayed for 00:52:50 by milter-greylist-2.0.2 (mailhost.m5p.com [10.100.0.247]); Fri, 24 Oct 2008 13:41:31 -0400 (EDT) > Status: R > > On Fri, 24 Oct 2008 10:04:50 -0400 (EDT) > george+freebsd@m5p.com wrote: > > > I'm having severe DNS problems. I'm running 6.2-RELEASE, and I upgraded > > to the bind9 port (after cvsup) on July 14. Starting yesterday morning, > > DNS became very, very slow. If I repeated a "dig" command three or four > > times, I could get an answer after 20-30 seconds. This morning I cvsupped > > again and installed the bind95 port. Still very, very slow. I will > > probably shift my server to a FreeBSD 7.0 system this weekend, but I > > would like very much to understand what's going on. > > Could this be a downstream server timing out? > > <mike It would have to be every single downstream server on the net. If I manually dig at the various servers, I can resolve stuff as needed, but my server responds promptly only for the zones for which it is authoritative. Thanks anyway for the suggestion. -- George Mitchell
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200810242332.m9ONWT8S032380>