Re: BIND 9.11.1-P3 revives expired zones briefly during reconfig
On Sun, Aug 06, 2017 at 08:07:51PM +0200, Anand Buddhdev wrote: > On 06/08/2017 13:49, Mukund Sivaraman wrote: > > Hi Mukund, > > > Which exact version of 9.11 is this? Is their master NSD or some 3rd > > party signer? Can you create a bug ticket with your named config > > (named-checkconf -px) ? > > As I wrote in the subject, it's BIND 9.11.1-P3. The masters of these Sorry Anand, I missed that :) > name servers are unknown, but I can attempt to probe them with > ch/txt/version.bind queries to try and find out. I wonder if the zones on the slaves expired because the slave was not able to XFR them. After the recent TSIG CVE, for about a week, we had a (non-security) bug in BIND due to which named didn't correctly validate a kind of TSIG signed AXFR/IXFR (specifically BIND as slave receiving from NSD as master was affected by the bug - due to BIND's fault). It was fixed soon after in another patch release. 9.11.1-P3 has the fix for this, but I wonder if the older 9.10 release that you were running had this bug that prevented successful transfers of the slave zones that caused them to expire, which cause them to be unloaded on startup. Or there could be some other reason. :) > Will the bug report be publicly viewable? You can send it to bind9-confident...@isc.org. Mukund ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND 9.11.1-P3 revives expired zones briefly during reconfig
Hello i'm not working in this company anymore ! please write to Volia support Здравствуйте ! я уже больше не работаю в данной компании пожалуйста пишите в поддержку компании Воля ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND 9.11.1-P3 revives expired zones briefly during reconfig
On 06/08/2017 13:49, Mukund Sivaraman wrote: Hi Mukund, > Which exact version of 9.11 is this? Is their master NSD or some 3rd > party signer? Can you create a bug ticket with your named config > (named-checkconf -px) ? As I wrote in the subject, it's BIND 9.11.1-P3. The masters of these name servers are unknown, but I can attempt to probe them with ch/txt/version.bind queries to try and find out. Will the bug report be publicly viewable? Regards, Anand ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND 9.11.1-P3 revives expired zones briefly during reconfig
Hi Anand On Sun, Aug 06, 2017 at 09:30:01AM +0200, Anand Buddhdev wrote: > Hello BIND developers, > > I've updated from BIND 9.10 to 9.11, and noticed the following happening > whenever "rndc reconfig" is run: > > 05-Aug-2017 11:11:42.066 general: received control channel command > 'reconfig' > 05-Aug-2017 11:11:42.066 general: loading configuration from > '/etc/named/named.conf' > ... > ... > 05-Aug-2017 11:11:42.525 general: zone 116.195.in-addr.arpa/IN/main: > loaded serial 2017020301 > 05-Aug-2017 11:11:42.525 general: zone 116.195.in-addr.arpa/IN/main: expired > 05-Aug-2017 11:11:42.533 general: zone egouv.ci/IN/main: loaded serial > 2017062009 > 05-Aug-2017 11:11:42.606 general: zone 232.128.in-addr.arpa/IN/main: > loaded serial 2017071557 (DNSSEC signed) > 05-Aug-2017 11:11:42.638 general: zone 43.137.in-addr.arpa/IN/main: > loaded serial 2017071100 > 05-Aug-2017 11:11:42.638 general: zone 43.137.in-addr.arpa/IN/main: expired > 05-Aug-2017 11:11:42.639 general: any newly configured zones are now loaded > 05-Aug-2017 11:11:42.639 general: zone egouv.ci/IN/main: expired > 05-Aug-2017 11:11:42.646 general: zone 232.128.in-addr.arpa/IN/main: expired > 05-Aug-2017 11:11:42.659 general: running > > For a moment, BIND loads expired zones, and even answers queries for > them, and then sets their state back to expired. This didn't happen on > 9.10, but has been happening on 9.11. Is there a reason this behaviour > has changed? Which exact version of 9.11 is this? Is their master NSD or some 3rd party signer? Can you create a bug ticket with your named config (named-checkconf -px) ? Mukund ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND 9.11.1-P3 revives expired zones briefly during reconfig
Hello i'm not working in this company anymore ! please write to Volia support Здравствуйте ! я уже больше не работаю в данной компании пожалуйста пишите в поддержку компании Воля ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
