Intermittent failures resolving .org domains in BIND 9.7.0 with DLV enabled
Chris Thompson
cet1 at cam.ac.uk
Fri Apr 16 10:06:39 UTC 2010
On Apr 15 2010, Roy Badami wrote:
>> Actually there *is* DNSSEC involved or the query would not have
>> failed.
>
>Yes, sorry. I meant to imply that there is no DNSSEC involved beyond
>the verification of the covering NSEC that proves the lack of a DLV
>record.
>
>> There is a bug in the BIND 9.7.0-P1 fixes that triggers this. The
>> fix below is in review at the moment.
>
>Interesting - so it sounds like the problems I was seeing with 9.7.0
>were probably unrelated.
>
>The patch certainly seems to fix the issue with www.bbc.net.uk. I'll
>run with it for a few days and see if the .org issue I was having
>earlier recurs.
Incidentally, the same patch appears to cure the problem with 9.7.0-P1
and 9.6.2-P1 that I reported earlier as
"dig dnskey int." different responses from recent BIND versions
Caveat emptor until ISC make the patch official, of course.
--
Chris Thompson
Email: cet1 at cam.ac.uk
More information about the bind-users
mailing list