Re: Disabling rate-limit?

>From tcpdump, it appears that customers are receiving delayed response and are >too sensitive for timeouts. The queries they are sending are authoritative i.e the zone is on our nameserver. How do I trouble-shoot this issue? This is really intermittent and hard to reproduce.. thanks Blr

Re: Disabling rate-limit?

Hi Blr, First things first: if your customers are sending queries, this is probably about their own recursive queries timing out, rather than incoming authoritative queries timing out. Something else you should check: are your customers receiving a delayed (say a few seconds) SERVFAIL response,

Re: Disabling rate-limit?

On Mon, 15 Aug 2016, blrmaani wrote: I inherited a DNS server which is running BIND 9.8.x. There was a DNS incident where our customers complained that they saw query timeouts intermittently (Our customers run cassandra/hadoop applications and send same queries repeatedly). They also run nscd

Re: DNSKEY and RRSIG DNSKEY TTL values aren't changed after changing of zone's TTL

In message

Disabling rate-limit?

I inherited a DNS server which is running BIND 9.8.x. There was a DNS incident where our customers complained that they saw query timeouts intermittently (Our customers run cassandra/hadoop applications and send same queries repeatedly). They also run nscd on their hosts but I was told all have

RE: Stub Zone Behavior?

Forwarding is a different beast from "stub" (recursive rather than iterative resolution). I'd look at "static-stub", if your NS list is overgrown with useless/unreachable stuff. It's configured basically the same way as forwarding, but without making the paradigm shift (and possible unforeseen

Re: Delegation questions

Speaking as a European, at least for now, I suspect the forwarding mindset is more from the enterprise and security culture rather than being territorial. There's a viewpoint that says things are better if they are tightly controlled and predictable, so always using the same configured path

DNSKEY and RRSIG DNSKEY TTL values aren't changed after changing of zone's TTL

Hello. I'm using BIND 9.9.5. My steps: 1. Sign zone using one 1 ZSK and 2 KSK: a) adding "*auto-dnssec maintain;*" and "*inline-signing yes;*" directive into zone section of named.conf; b) setting publication and activation timestamps to current time in key files; c) *rndc