Date: Mon, 16 Jul 2001 21:45:31 -0700 (PDT) From: Matt Dillon <dillon@earth.backplane.com> To: Mike Silbersack <silby@silby.com> Cc: Len Conrad <LConrad@Go2France.com>, dougb@freebsd.org, <freebsd-hackers@freebsd.org> Subject: Re: Weird named problem - IN A for nameservers being lost! Message-ID: <200107170445.f6H4jVE37861@earth.backplane.com> References: <20010716215231.T417-100000@achilles.silby.com>
next in thread | previous in thread | raw e-mail | index | archive | help
:...
:> Interesting. He describes in the section about 'expiring glue'
:> creating loops in the DNS server, but doesn't mention a particular
:> bug.
:>
:> However, there's another section where he mentions something about
:> bind reducing the TTL by 5% for certain credibility cases.
:>
:> Going back to my original posting... the NS is 2016 and fuji
:> is 1846 = 170 = 5%.
:>
:> I think This credibility stuff reducing the TTL in named is
:> responsible for these blowups. I am going to email the bind group
:> with this whole mess to see what they have to say.
:>
:> -Matt
:
:I wish you luck in getting it fixed. That 5% may have been intended for
:removal; 8.1.2 used to reduce the TTL by 5% for _each_ query. That was
:clearly removed for 8.2, but perhaps the initial decrement was forgotten.
:
:However, the problem probably indicates a more serious problem in 8.x's
:resolver, which may be fixed in 9 and is not intended to be backported. I
:guess Mark'll have to answer that. (He seems to read and reply to
:-security, so he appears reachable.)
:
:Mike "Silby" Silbersack
I submitted a bug report. Mark and I are talking about it. Basically
what it comes down to is that the 5% code is still there, but
conditionalized with NOADDITIONAL. That is, if you set NOADDITIONAL
then the 5% code is ripped out. I also took a look on Google. The
problem appears to be well known for a long time, I just don't know
why the bind guys haven't ripped out this 5% code stuff.
I am going to commit a change to /usr/src/usr.sbin/named/Makefile.inc
(in -current and MFC to -stable 3 days later) that turns on NOADDITIONAL
and effectively fixes this problem for 8.2.x. Hopefully the bind guys
will rip out the code entirely, it just doesn't belong there. I mean,
it's ok for bind to fail instantly, or to allow the case, but it isn't
ok for bind to allow the case 40 minutes and then fail from that point
on until it's restarted. Judging from the Google, this has been the
source of many, many problems, and I don't quite understand why it
wasn't ripped out last year.
I am also CCing Doug Barton, who appears to be responsible for
bind8 in ports.
-Matt
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200107170445.f6H4jVE37861>