BIND 9.6 freezing on update to signed zone (rare!)

[Chris Thompson]

We had an incident last night on the authoritative nameserver which
is master for dnssec-test.csi.cam.ac.uk (a signed zone). At the time
it was running BIND 9.6.1rc1 (but I doubt if 9.6.1 is going to make
a difference). A script-generated update timed out, and it subsequently
failed to respond to any DNS queries or rndc commands (although the
named process was still running).

It has to have been the update itself that caused this. (It had just
previously processed updates to two unsigned zones perfectly). On
the other hand, it had previously processed dozens of updates to the
signed zone without any problems (it is maintained as an approximate
clone of cam.ac.uk), and there wasn't anything unusual about this one.
Indeed there was no problem re-applying it after BIND had been restarted.
I am reduced to speculating about timing effects, e.g. collision with
a re-signing event.

Unfortunately I failed to get a core dump of named in the non-responding
state (I need to review my procedures for that!) so I haven't got enough
to report to bind-bugs. This is an appeal to ask if anyone has seen
anything similar.

-- 
Chris Thompson
Email: cet1 at cam.ac.uk