Re: Intermittent failures resolving .org domains in BIND 9.7.0 with DLV enabled

Mark Andrews Wed, 14 Apr 2010 20:26:39 -0700

In message <20100414232855.gp1...@giles.gnomon.org.uk>, Roy Badami writes:
> > Well, FWIW I upgraded to 9.7.0-P1 and tried enabling DLV again and
> > I've seen no repeat of the DNSSEC name resolution issues so far; it's
> > early days yet (only been running DLV for three days) but certainly
> > looking promissing.
> 
> I spoke too soon.  I've now found a query that (at least this evening)
> is consistently failing for me, even if I restart BIND.
> 
> The following query gives me SERVFAIL
> 
>       dig www.bbc.net.uk aaaa
> 
> But the following two queries work:
> 
>       dig www.bbc.net.uk a
>       dig www.bbc.net.uk aaaa +cd
> 
> This is particularly odd, because there is absolutely no DNSSEC
> involved here.


Actually there *is* DNSSEC involved or the query would not have
failed.  There is a bug in the BIND 9.7.0-P1 fixes that triggers
this.  The fix below is in review at the moment.

Mark

Index: bind9/lib/dns/validator.c
diff -u bind9/lib/dns/validator.c:1.188 bind9/lib/dns/validator.c:1.188.4.4
--- bind9/lib/dns/validator.c:1.188     Fri Mar 26 17:12:48 2010
+++ bind9/lib/dns/validator.c   Tue Apr 13 08:31:11 2010
@@ -2990,7 +2990,7 @@
                return (ISC_R_SUCCESS);
        }
 
-       if (val->authcount == val->authfail)
+       if (val->authfail != 0 && val->authcount == val->authfail)
                return (DNS_R_BROKENCHAIN);
        validator_log(val, ISC_LOG_DEBUG(3),
                      "nonexistence proof(s) not found");

 /*%

> No domain above www.bbc.net.uk appears to be in the
> DLV registry, and BIND must be able to successfully verify the
> covering NSEC record that proves that in order to be willing to
> resolve the A query above.  So I can't immediately see any way this
> situation could arise except due to a BIND bug.
> 
> Anyone else have an IPv6-connected BIND 9.7.0-P1 host with DLV enabled
> they can try this query on?
> 
>     -roy
> _______________________________________________
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: ma...@isc.org
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Intermittent failures resolving .org domains in BIND 9.7.0 with DLV enabled

Reply via email to