[dns-operations] Signing of the ARPA zone
Mark Andrews
marka at isc.org
Thu Mar 25 17:17:24 UTC 2010
In message <20100325164812.GA5758 at eb6.speedkom.net>, "Andreas S. Kerber" writes:
> On Thu, Mar 25, 2010 at 09:16:36AM -0700, Michael Graff wrote:
> > > I actually half expected this to happen
> > I didn't. If this is widespread, I will pull arpa from dlv for now.
>
> For us "something" started at 23:30 CET, resulting in more queries of type PTR and DNSKEY on our two
> authoritative servers. The problematic resolver was very sluggish and showed much more recursing clie
> nts than usual. I haven't had much this workday to even finding there is a problem at all, so I don't
> think it's necessary to pull it from the dlv.
>
> I've flushed the cache of the resolver and the query load dropped to normal level immediatly. Heres a
> graph (from on of our authoritiative servers). Maybe though this has nothing to do with signing of a
> rpa. at all - I simply haven't had time to debug this harder.
>
> http://hilfe.idkom.de/queries-2010-03-25.png
>
> Andreas Kerber
Arpa uses algorithm 8. If you are running BIND 9.6.0 or BIND
9.6.0-P1, then you will have a problem with this. This was pointed
out about a year ago (when GOV was added to the DLV) that you would
need to upgrade to BIND 9.6.1 when it came out.
Reminders to upgrade to BIND 9.6.1 or later were sent out a couple of
weeks ago.
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the dns-operations
mailing list