[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ISC BIND 9 breakage?

Subject: ISC BIND 9 breakage?
From: drew.weaver at thenap.com (Drew Weaver)
Date: Wed, 25 Mar 2020 17:21:50 +0000
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]>

Oh, yes. I am aware.

I am asking if anyone has any info as to why it just randomly stopped running perfectly normally at exactly 1PM EST?

Thanks,
-Drew


-----Original Message-----
From: Nick Hilliard <nick at foobar.org> 
Sent: Wednesday, March 25, 2020 1:21 PM
To: Drew Weaver <drew.weaver at thenap.com>
Cc: 'nanog at nanog.org' <nanog at nanog.org>
Subject: Re: ISC BIND 9 breakage?

The fix is either to remove "dnssec-lookaside auto;" from the config or else set "dnssec-lookaside no;" and then reload named.

Nick

Drew Weaver wrote on 25/03/2020 17:18:
> Did anyone else on CentOS 6 just have some DNS resolvers totally fall over?
> 
> I noticed that this command: dnssec-lookaside auto; was causing the 
> issue. The issue occurred right at about 1PM EST.
> 
> I see this note in the ISC key file..
> 
> # ISC DLV: See https://www.isc.org/solutions/dlv for details.
> 
>  Â Â Â Â Â Â Â  #
> 
>  Â Â Â Â Â Â Â  # NOTE: The ISC DLV zone is being phased out as of February 
> 2017;
> 
>  Â Â Â Â Â Â Â  # the key will remain in place but the zone will be otherwise 
> empty.
> 
>  Â Â Â Â Â Â Â  # Configuring "dnssec-lookaside auto;" to activate this key 
> is
> 
>  Â Â Â Â Â Â Â  # harmless, but is no longer useful and is not recommended.
> 
> It's not harmless anymore.
>

References:
- ISC BIND 9 breakage?
  - From: drew.weaver at thenap.com (Drew Weaver)
- ISC BIND 9 breakage?
  - From: nick at foobar.org (Nick Hilliard)

Prev by Date: ISC BIND 9 breakage?
Next by Date: ISC BIND 9 breakage?
Previous by thread: ISC BIND 9 breakage?
Next by thread: ISC BIND 9 breakage?
Index(es):
- Date
- Thread