Intermittent failures resolving .org domains in BIND 9.7.0 with DLV enabled
Mark Andrews
marka at isc.org
Thu Apr 15 03:20:39 UTC 2010
In message <20100414232855.GP1547 at giles.gnomon.org.uk>, Roy Badami writes:
> > Well, FWIW I upgraded to 9.7.0-P1 and tried enabling DLV again and
> > I've seen no repeat of the DNSSEC name resolution issues so far; it's
> > early days yet (only been running DLV for three days) but certainly
> > looking promissing.
>
> I spoke too soon. I've now found a query that (at least this evening)
> is consistently failing for me, even if I restart BIND.
>
> The following query gives me SERVFAIL
>
> dig www.bbc.net.uk aaaa
>
> But the following two queries work:
>
> dig www.bbc.net.uk a
> dig www.bbc.net.uk aaaa +cd
>
> This is particularly odd, because there is absolutely no DNSSEC
> involved here.
Actually there *is* DNSSEC involved or the query would not have
failed. There is a bug in the BIND 9.7.0-P1 fixes that triggers
this. The fix below is in review at the moment.
Mark
Index: bind9/lib/dns/validator.c
diff -u bind9/lib/dns/validator.c:1.188 bind9/lib/dns/validator.c:1.188.4.4
--- bind9/lib/dns/validator.c:1.188 Fri Mar 26 17:12:48 2010
+++ bind9/lib/dns/validator.c Tue Apr 13 08:31:11 2010
@@ -2990,7 +2990,7 @@
return (ISC_R_SUCCESS);
}
- if (val->authcount == val->authfail)
+ if (val->authfail != 0 && val->authcount == val->authfail)
return (DNS_R_BROKENCHAIN);
validator_log(val, ISC_LOG_DEBUG(3),
"nonexistence proof(s) not found");
/*%
> No domain above www.bbc.net.uk appears to be in the
> DLV registry, and BIND must be able to successfully verify the
> covering NSEC record that proves that in order to be willing to
> resolve the A query above. So I can't immediately see any way this
> situation could arise except due to a BIND bug.
>
> Anyone else have an IPv6-connected BIND 9.7.0-P1 host with DLV enabled
> they can try this query on?
>
> -roy
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list