On Sun, Aug 06, 2017 at 08:07:51PM +0200, Anand Buddhdev wrote: > On 06/08/2017 13:49, Mukund Sivaraman wrote: > > Hi Mukund, > > > Which exact version of 9.11 is this? Is their master NSD or some 3rd > > party signer? Can you create a bug ticket with your named config > > (named-checkconf -px) ? > > As I wrote in the subject, it's BIND 9.11.1-P3. The masters of these
Sorry Anand, I missed that :) > name servers are unknown, but I can attempt to probe them with > ch/txt/version.bind queries to try and find out. I wonder if the zones on the slaves expired because the slave was not able to XFR them. After the recent TSIG CVE, for about a week, we had a (non-security) bug in BIND due to which named didn't correctly validate a kind of TSIG signed AXFR/IXFR (specifically BIND as slave receiving from NSD as master was affected by the bug - due to BIND's fault). It was fixed soon after in another patch release. 9.11.1-P3 has the fix for this, but I wonder if the older 9.10 release that you were running had this bug that prevented successful transfers of the slave zones that caused them to expire, which cause them to be unloaded on startup. Or there could be some other reason. :) > Will the bug report be publicly viewable? You can send it to bind9-confident...@isc.org. Mukund _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users