Good job on the amount of troubleshooting work done so far.
Next steps should be to run tcpdump on the interface for port 53 to see what is
happening when an outage is in progress. What you will be looking for
specifically is the query packet in and the response packet out.
Use the following
On Thu, May 30, 2019 at 8:10 PM Gregory Sloop wrote:
>
> So, this is a very odd situation and I'm kind of grasping at straws here.
> So, I've come to see if any of you have any good straws!
>
> The setup.
> ---
> Ubuntu 18.04 LTS is the distro we're running on.
> All software is packaged [from
Maybe to state a little clearer; the dnssec-keymgr is for the automation of
creation and date management of keys.
All of the actual signing does not require the new python bit. If you're happy
managing your keys with dnssec-keygen and dnssec-settime, you can continue
using those (non-python)
Ugh. Not wanting to packet capture. :)
[Yeah, not that hard, but it always seems to suck up so much time - it's like
the black hole for time, I think.]
But, yeah, absent some other smoking gun, that's probably where we're headed.
As for rate limiting - "rndc recursing" didn't show anything
On 30/05/2019 23:45, Dennis Clarke wrote:
Hi Dennis,
Some of the utilities in newer version of BIND, such as dnssec-keymgr,
are written in python. This utility is very useful if you're going to
sign zones using BIND.
If you don't want or need this and a couple of other utilities for
DNSSEC key
On 5/30/19 6:05 PM, Anand Buddhdev wrote:
On 30/05/2019 23:45, Dennis Clarke wrote:
Hi Dennis,
Some of the utilities in newer version of BIND, such as dnssec-keymgr,
are written in python. This utility is very useful if you're going to
sign zones using BIND.
If you don't want or need this and
I didn't think 9.11.7 had any need for python however after a fresh
build I see this :
./lib/python3.7
./lib/python3.7/site-packages
./lib/python3.7/site-packages/isc-2.0-py3.7.egg-info
./lib/python3.7/site-packages/isc
./lib/python3.7/site-packages/isc/parsetab.py
Whilst you mentioned 150 seats and you mentioned 'no firewalls', you didn't
mention the network topology at all, in particular is traffic passing through a
commercial firewall/router (hardware or virtualized) to get to the DNS server?
If there is, it may be worth checking what packet inspection
On 31/05/2019 00:21, Dennis Clarke wrote:
> Someone somewhere figured it made sense to drag in a dependency the size
> of python?
The dnssec-keymgr and a couple of other utilities were introduced in
9.11.0. This is mentioned in the release notes. They are not new to 9.11.7.
> It must be a
So, this is a very odd situation and I'm kind of grasping at straws here.
So, I've come to see if any of you have any good straws!
The setup.
---
Ubuntu 18.04 LTS is the distro we're running on.
All software is packaged [from the distro] - not compiled from sources.
Bind9 acting as a recursive
10 matches
Mail list logo
