Is 9.5 broken

[JINMEI Tatuya / 神明達哉]

At Fri, 26 Sep 2008 14:01:18 +0200,
Bart Van den Broeck <bart at kuleuven.net> wrote:

> > Hi, I have compiled and used 9.5 on several Linuxplatforms but we have to restart the bind-process every day since it stop ansver for some domains after some time.
> > The DNS is recursive and the domain it stop answer for is always .se domains. Is there any DNSSEC issue in 9.5 that is broken maybe? The zones it dont answer for isn't signed by .SE but? When the server stop answer correct it look up other zones correct and after a restart it works ok again.

> Short answer: yes, probably.

We definitely need more details about the problem (for example, I
don't understand what exactly 'it stop answer' means), but my gut
feeling from the above short description is this is a different issue
than this one: http://marc.info/?l=bind-users&m=122239920822324&w=2

> Until the problematic code is fixed in BIND 9.5 we've downgraded to 9.4.  It
> hasn't been running long enough to be completely sure the problem has gone away
> though, but we're hopeful :-)

It's your call, of course, and if you don't see any problem in 9.4 and
don't need a new feature of 9.5, I'd also recommend the former.  9.5
is still pretty new and may be less stable.

Having said that, I'd like to point out that if one likely cause of
your problem is the use of the default max-cache-size (32MB for 9.5).
It's way too conservative for a moderately busy server.  Most
administrators operating a modern server machine with a sufficient
amount of memory would like to specify a much larger value anyway (for
efficient caching), and then this particular problem will also be
greatly mitigated if not solved.

---
JINMEI, Tatuya
Internet Systems Consortium, Inc.