Re: Problem with BIND 9.10.1-P1 recursion limits

Henderson s...@spacehopper.org Cc: Tony Finch d...@dotat.at, bind-users@lists.isc.org Date: 12/09/2014 01:41 PM Subject:Re: Problem with BIND 9.10.1-P1 recursion limits Sent by:bind-users-boun...@lists.isc.org On Tue, Dec 09, 2014 at 05:51:58PM +, Evan Hunt wrote

Problem with BIND 9.10.1-P1 recursion limits

The new recursion limits (or at least the default values for them) seem to have some problems. Simple example, if I start named for recursive service, no forwarders, debugging enabled, and run dig @::1 www.ibm.com a I get a failure with numerous exceeded max queries log entries for gtld servers

Re: Problem with BIND 9.10.1-P1 recursion limits

On Tue, Dec 09, 2014 at 02:45:13PM +, Stuart Henderson wrote: The new recursion limits (or at least the default values for them) seem to have some problems. Simple example, if I start named for recursive service, no forwarders, debugging enabled, and run dig @::1 www.ibm.com a I get a

Re: Problem with BIND 9.10.1-P1 recursion limits

Evan Hunt e...@isc.org wrote: However, in this case I think it's because you had an empty cache, and sending a second query will clear the problem up. In a future release, we may want to lift the restrictions temporarily while priming. Yes, I could reproduce it after flushing my cache. Had

Re: Problem with BIND 9.10.1-P1 recursion limits

On Tue, Dec 09, 2014 at 05:17:52PM +, Tony Finch wrote: Yes, I could reproduce it after flushing my cache. Had to wait five minutes before the queries succeeded, which seems unpleasantly long. I don't know where that time comes from - the ARM says the default servfail-ttl is 10s. You're

Re: Problem with BIND 9.10.1-P1 recursion limits

On 2014/12/09 17:37, Evan Hunt wrote: On Tue, Dec 09, 2014 at 05:17:52PM +, Tony Finch wrote: Yes, I could reproduce it after flushing my cache. Had to wait five minutes before the queries succeeded, which seems unpleasantly long. I don't know where that time comes from - the ARM says

Re: Problem with BIND 9.10.1-P1 recursion limits

On Tue, Dec 09, 2014 at 05:46:36PM +, Stuart Henderson wrote: It's 5 minutes with 9.10.1-P1 as well. That's unexpected. I'll see if I can reproduce it. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit

Re: Problem with BIND 9.10.1-P1 recursion limits

On Tue, Dec 09, 2014 at 05:51:58PM +, Evan Hunt wrote: That's unexpected. I'll see if I can reproduce it. Okay, I can. Part of the problem is the somewhat crazypants DNS configuration of www.ibm.com: $ dig +noall +answer www.ibm.com www.ibm.com.3600IN CNAME

Re: Problem with BIND 9.10.1-P1 recursion limits

...@dotat.at, bind-users@lists.isc.org bind-users@lists.isc.org Subject: Re: Problem with BIND 9.10.1-P1 recursion limits On Tue, Dec 09, 2014 at 05:51:58PM +, Evan Hunt wrote: That's unexpected. I'll see if I can reproduce it. Okay, I can. Part of the problem is the somewhat crazypants DNS

Re: Problem with BIND 9.10.1-P1 recursion limits

Hi-- On Dec 9, 2014, at 12:04 PM, Mike Hoskins (michoski) micho...@cisco.com wrote: Wanted to point out that (perhaps sadly) this isn't so crazypants...or at least not uncommon. The *edge* and *aka* references speak Akamai DNS+CDN. From my last overview, this has gotten cleaner in the latest