SERVFAIL issues

Thomas Schulz schulz at adi.com
Sat Jan 17 05:00:28 UTC 2009 

In article <gkqqei$1nqf$1 at sf1.isc.org>,
Frank Bulk - iName.com <frnkblk at iname.com> wrote:
>Yes, I read that last night before posting.  I changed it to "256M".  Is
>there a way using rndc to see if that "took"?  

Note that 9.5.1 reverts the limit to unlimited AND fixes the bug causing
the failure.  You should not be running 9.5.0 at all.

>
>And how do I see how much of the cache has been used?  I don't want to
>provision more than necessary.  This server acts as a secondary DNS entry
>for about 6000 broadband customers and is an authoritative DNS server for
>100+ domains.
>
>Frank
>
>-----Original Message-----
>From: Fr34k [mailto:freaknetboy at yahoo.com] 
>Sent: Friday, January 16, 2009 8:45 AM
>To: frnkblk at iname.com; bind-users at lists.isc.org
>Subject: Re: SERVFAIL issues
>
>Hello,
>
>Has the "max-cache-size" setting in named.conf been considered?
>
>If not, note that in early releases of 9.5.x max-cache-size is 32M by
>default instead of unlimited as in 9.4.x
>
>>From the CHANGES file with the bind-9.5.0-P2 source:
>""max-cache-size" defaults to 32M"
>
>Using:
>max-cache-size 0 ;
>will restore previous behavior (unlimited).
>
>The ultimate setting would need to be considered for the environment BIND is
>running in.
>
>FWIW, we use max-cache-size 0 ; without issue.
>
>You can search this list archives for max-cache-size for previous
>discussions on this.
>
>Thanks.
>
>
>
>----- Original Message ----
>From: Frank Bulk <frnkblk at iname.com>
>To: bind-users at lists.isc.org
>Sent: Thursday, January 15, 2009 6:57:10 PM
>Subject: SERVFAIL issues
>
>http://marc.info/?l=bind-users&m=122239920822324&w=2
>http://marc.info/?l=bind-users&m=122243068905656&w=2
>
>We upgraded to 9.5.0-P1 when the Kaminsky DNS vulnerability was announced
>and have had intermittent issues with SERVFAIL problems for some DSL modems
>that don't properly fail over to a secondary DNS server.  A packet capture
>showed that certain domains would result in a SERVFAIL, and once that domain
>was identified, if we did a dig against it we had the same result.  We've
>had to stop and start the named service about half a dozen times this fall
>to resolve the issue.
>
>We upgraded to 9.5.0-P2 in early November, hoping that this issue would be
>resolved.  But today we experienced the problem again.  A customer couldn't
>query a site, although everything seemed correct.  I captured all their
>traffic and the trace showed that the DNS server was issuing a SERVFAIL.  I
>stopped and then started named and immediately all was well.  Since we
>sometimes reload named when adding/modifying domains, or at other times use
>rndc, I'm not sure if that "cleared" things up such that this is the first
>time I recall having this problem in 2 months.
>
>Is this intermittent SERVFAIL issue resolved in 9.5.1-P1?
>
>Frank
>
>
>_______________________________________________
>bind-users mailing list
>bind-users at lists.isc.org
>https://lists.isc.org/mailman/listinfo/bind-users
>
>
>_______________________________________________
>bind-users mailing list
>bind-users at lists.isc.org
>https://lists.isc.org/mailman/listinfo/bind-users


-- 
Tom Schulz
schulz at adi.com

More information about the bind-users mailing list