"lame-servers: info: no valid RRSIG resolving ..."

hi- i'm seeing what i'm wondering if is a lot of "lame-servers: info: no valid RRSIG resolving ..." messages in the logs [on average ~500 messages per day]. a small snippet: 15-Apr-2020 18:11:46.057 lame-servers: info: no valid RRSIG resolving 'jwplayer.com/DS/IN': 192.5.6.30#53 15-Apr-2020

Re: Question About Recursion In A Split Horizon Setup

On 17.04.2020 17:56, Tim Daneliuk wrote: On 4/17/20 9:50 AM, Bob Harold wrote: Agree, that's odd, and not what the man page says.  Any chance that there is some other DNS helper running, like resolved, nscd, dnsmasq, etc? Nope. This is vanilla FreeBSD with vanilla bind running. Lately

Re: BIND-9.16.1 memory leak?

>> We have what appears to be a significant memory leak in BIND-9.16.1. ... > I seem to remember we got 'bitten' by large memory use when moving > from a previous version of bind - do you have 'max-cache-size' set in > your config? Yes. Set to 1G. In reality it shouldn't need a cache at all,

Re: Question About Recursion In A Split Horizon Setup

On 4/17/20 9:50 AM, Bob Harold wrote: > > Agree, that's odd, and not what the man page says.  Any chance that there is > some other DNS helper running, like resolved, nscd, dnsmasq, etc? Nope. This is vanilla FreeBSD with vanilla bind running. > 'dig' should tell you what address it used, at

Re: BIND-9.16.1 memory leak?

On 17/04/2020 17:02, Karl Pielorz wrote: Hi Karl, > I seem to remember we got 'bitten' by large memory use when moving from > a previous version of bind - do you have 'max-cache-size' set in your > config? It's an authoritative-only server, so there is (almost) no caching involved. Anand

Re: Question About Recursion In A Split Horizon Setup

On 4/17/20 10:17 AM, julien soula wrote: > On Fri, Apr 17, 2020 at 09:56:21AM -0500, Tim Daneliuk wrote: >> On 4/17/20 9:50 AM, Bob Harold wrote: >>> >>> Agree, that's odd, and not what the man page says.  Any chance that there >>> is some other DNS helper running, like resolved, nscd, dnsmasq,

Re: BIND-9.16.1 memory leak?

--On 17 April 2020 at 15:45:16 +0200 sth...@nethelp.no wrote: We have what appears to be a significant memory leak in BIND-9.16.1. ... Running a ps command for the named process every minute and logging the result, I see the named virtual memory size (VSZ) increasing at around 1.2

Enabling/using ECS feature in BIND 9.16.1

Hi everyone, I have compiled successfully bind-9.16.1 from its source code (bind-9.16.1.tar.xz) and configured to function as a DNS resolver by following the instructions presented in http://www.linuxfromscratch.org/blfs/view/svn/server/bind.html --- [root@ bind]# named -V BIND 9.16.1 (Stable

Re: Question About Recursion In A Split Horizon Setup

On 17-Apr-20 10:56, Tim Daneliuk wrote: > On 4/17/20 9:50 AM, Bob Harold wrote: >> Agree, that's odd, and not what the man page says.  Any chance that there is >> some other DNS helper running, like resolved, nscd, dnsmasq, etc? > Nope. This is vanilla FreeBSD with vanilla bind running. > >>

Re: Question About Recursion In A Split Horizon Setup

On Fri, Apr 17, 2020 at 09:56:21AM -0500, Tim Daneliuk wrote: > On 4/17/20 9:50 AM, Bob Harold wrote: > > > > Agree, that's odd, and not what the man page says.  Any chance that there > > is some other DNS helper running, like resolved, nscd, dnsmasq, etc? > > Nope. This is vanilla FreeBSD

Re: Question About Recursion In A Split Horizon Setup

On Fri, Apr 17, 2020 at 11:03 AM Konstantin Stefanov wrote: > On 17.04.2020 17:56, Tim Daneliuk wrote: > > On 4/17/20 9:50 AM, Bob Harold wrote: > >> > >> Agree, that's odd, and not what the man page says. Any chance that > there is some other DNS helper running, like resolved, nscd, dnsmasq,

Re: Question About Recursion In A Split Horizon Setup

On Fri, Apr 17, 2020 at 12:45 PM Tim Daneliuk wrote: > On 4/17/20 10:17 AM, julien soula wrote: > > On Fri, Apr 17, 2020 at 09:56:21AM -0500, Tim Daneliuk wrote: > >> On 4/17/20 9:50 AM, Bob Harold wrote: > >>> > >>> Agree, that's odd, and not what the man page says. Any chance that > there is

Re: "lame-servers: info: no valid RRSIG resolving ..."

They are almost certainly the result of running an older version of named and packet loss causing named to fallback to plain DNS which doesn’t return DNSSEC records. Newer versions of named don’t fallback to plain DNS on packet loss. 5029. [func] Workarounds for servers that

Re: Try to figure a basic conf for BIND on Mac Catalina

Firewall was not enabled. The BIND service was not engaged nor would it engage with anything other than Caching. I have since given up on trying to do this on a Mac and installed Debian. It would appear that the variation used by Debian is more flexible and has less issues than the Mac version

Re: NAT and Question Section Mismatch

John Wiles wrote: > > I am running into a problem that I think is caused by either a > misconfiguration in Bind9, our Cisco NAT, or perhaps both. > > When I am on our internal network, I am able to query both servers and > get the appropriate external ip address. However, when I try to do the >

Re: "lame-servers: info: no valid RRSIG resolving ..."

I see lots of lines like this. They all come from people trying to break into my SSH. -- Best regards Sten Carlsen For every problem, there is a solution that is simple, elegant, and wrong. HL Mencken > On 17 Apr 2020, at 17.24, btb via bind-users wrote: > > hi- > > i'm seeing what i'm

NAT and Question Section Mismatch

Hello all, I am running into a problem that I think is caused by either a misconfiguration in Bind9, our Cisco NAT, or perhaps both. The scenario: We host our own sites locally, including internal and external DNS. The external dns servers are delegated for reverse lookups. The NAT is a

Re: "lame-servers: info: no valid RRSIG resolving ..."

thanks- we're running 9.14.8, courtesy of the isc ubuntu ppa [https://launchpad.net/~isc]: >named -v BIND 9.14.8-Ubuntu (Stable Release) >dpkg -s bind9 Package: bind9 Status: install ok installed Priority: optional Section: net Installed-Size: 872 Maintainer: Debian DNS Team Architecture:

ipv6, was: Re: Question About Recursion ...

On 2020-04-17 11:40, Tim Daneliuk wrote: On 4/17/20 10:17 AM, julien soula wrote: On Fri, Apr 17, 2020 at 09:56:21AM -0500, Tim Daneliuk wrote: On 4/17/20 9:50 AM, Bob Harold wrote: 'dig' should tell you what address it used, at the bottom of the output - what does it say? ;; Query time:

BIND-9.16.1 memory leak?

We have what appears to be a significant memory leak in BIND-9.16.1. Environment: FreeBSD 12.1-STABLE. BIND-9.16.1 installed from packages. Also uses libuv-1.35.0 installed from packages. Authoritative only. Around 800 zones of varying sizes. DNSSEC in use. Running a ps command for the

Re: Question About Recursion In A Split Horizon Setup

On Thu, Apr 16, 2020 at 7:17 PM Tim Daneliuk wrote: > We have split horizon setup and enable our internal and trusted hosts > to do things as follows: > > allow-recursion { trustedhosts; }; > allow-transfer { trustedhosts; }; > > 'trustedhosts' includes a number of public facing IPs as

Re: Question About Recursion In A Split Horizon Setup

On 4/17/20 7:26 AM, Bob Harold wrote: > > On Thu, Apr 16, 2020 at 7:17 PM Tim Daneliuk > wrote: > > We have split horizon setup and enable our internal and trusted hosts > to do things as follows: > >     allow-recursion { trustedhosts; }; >    

Re: Question About Recursion In A Split Horizon Setup

On Fri, Apr 17, 2020 at 10:34 AM Tim Daneliuk wrote: > On 4/17/20 7:26 AM, Bob Harold wrote: > > > > On Thu, Apr 16, 2020 at 7:17 PM Tim Daneliuk > wrote: > > > > We have split horizon setup and enable our internal and trusted hosts > > to do things as