named daemon hangs

Nelson Vale nelsonduvall at gmail.com
Mon May 4 09:34:21 UTC 2009 

Hi,

Thank you all for your help. This fix surely made the difference :).

echo "1" >/proc/sys/net/core/xfrm_larval_drop


Nelson Vale


On Mon, May 4, 2009 at 8:18 AM, Adam Tkac <atkac at redhat.com> wrote:

> On Sat, May 02, 2009 at 04:06:18PM +0100, Nelson Vale wrote:
> > Hi all,
> >
> >
> > I've been facing a problem in my private network which I was not able to
> fix
> > yet.
> >
> > In my gateway (linux debian alike) I have bind 9.5 installed and running,
> > and I have one IPSec tunnel to another gateway over the internet. It also
> > has configured a forward zone with the name server being the other
> gateway
> > internal address (accessibly through the IPSec tunnel only).
> >
> > Recently the other IPSec endpoint was shutdown and, of course, my queries
> to
> > the forward domain started failling. Nothing strange here...
> >
> > The real problem is that I suddendly were not able to resolve any other
> DNS
> > queries, like www.google.com, from inside my network:
> >
> > "host www.google.com
> > ;; connection timed out; no servers could be reached"
> >
> > I took a look at the named daemon and I see that it does not respond to
> > anything as long as the IPSec tunnel is down, but only if it's the other
> > endpoint that is down. I've tried stopping my endpoint and this problem
> do
> > not occur as long as I restart named. I think this happens because as
> long
> > as my endpoint is up the routes to the other endpoint are set, and named
> > trys to querie the forward domain name server. The problem is that the
> > queries do not timeout and named hangs there:
>
> Please check this:
> - https://bugzilla.redhat.com/show_bug.cgi?id=427629
> - http://lkml.org/lkml/2007/12/4/260
> - http://lkml.org/lkml/2008/4/17/474
>
> $ echo "1" >/proc/sys/net/core/xfrm_larval_drop
>
> should help you.
>
> Adam
>
> --
> Adam Tkac, Red Hat, Inc.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20090504/8f8fc29f/attachment.html>

More information about the bind-users mailing list