SERVFAIL issues
Frank Bulk - iName.com
frnkblk at iname.com
Fri Jan 16 20:24:28 UTC 2009
Yes, I read that last night before posting. I changed it to "256M". Is
there a way using rndc to see if that "took"?
And how do I see how much of the cache has been used? I don't want to
provision more than necessary. This server acts as a secondary DNS entry
for about 6000 broadband customers and is an authoritative DNS server for
100+ domains.
Frank
-----Original Message-----
From: Fr34k [mailto:freaknetboy at yahoo.com]
Sent: Friday, January 16, 2009 8:45 AM
To: frnkblk at iname.com; bind-users at lists.isc.org
Subject: Re: SERVFAIL issues
Hello,
Has the "max-cache-size" setting in named.conf been considered?
If not, note that in early releases of 9.5.x max-cache-size is 32M by
default instead of unlimited as in 9.4.x
>From the CHANGES file with the bind-9.5.0-P2 source:
""max-cache-size" defaults to 32M"
Using:
max-cache-size 0 ;
will restore previous behavior (unlimited).
The ultimate setting would need to be considered for the environment BIND is
running in.
FWIW, we use max-cache-size 0 ; without issue.
You can search this list archives for max-cache-size for previous
discussions on this.
Thanks.
----- Original Message ----
From: Frank Bulk <frnkblk at iname.com>
To: bind-users at lists.isc.org
Sent: Thursday, January 15, 2009 6:57:10 PM
Subject: SERVFAIL issues
http://marc.info/?l=bind-users&m=122239920822324&w=2
http://marc.info/?l=bind-users&m=122243068905656&w=2
We upgraded to 9.5.0-P1 when the Kaminsky DNS vulnerability was announced
and have had intermittent issues with SERVFAIL problems for some DSL modems
that don't properly fail over to a secondary DNS server. A packet capture
showed that certain domains would result in a SERVFAIL, and once that domain
was identified, if we did a dig against it we had the same result. We've
had to stop and start the named service about half a dozen times this fall
to resolve the issue.
We upgraded to 9.5.0-P2 in early November, hoping that this issue would be
resolved. But today we experienced the problem again. A customer couldn't
query a site, although everything seemed correct. I captured all their
traffic and the trace showed that the DNS server was issuing a SERVFAIL. I
stopped and then started named and immediately all was well. Since we
sometimes reload named when adding/modifying domains, or at other times use
rndc, I'm not sure if that "cleared" things up such that this is the first
time I recall having this problem in 2 months.
Is this intermittent SERVFAIL issue resolved in 9.5.1-P1?
Frank
_______________________________________________
bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
More information about the bind-users
mailing list