Hi, Thank you all for your help. This fix surely made the difference :).
echo "1" >/proc/sys/net/core/xfrm_larval_drop Nelson Vale On Mon, May 4, 2009 at 8:18 AM, Adam Tkac <at...@redhat.com> wrote: > On Sat, May 02, 2009 at 04:06:18PM +0100, Nelson Vale wrote: > > Hi all, > > > > > > I've been facing a problem in my private network which I was not able to > fix > > yet. > > > > In my gateway (linux debian alike) I have bind 9.5 installed and running, > > and I have one IPSec tunnel to another gateway over the internet. It also > > has configured a forward zone with the name server being the other > gateway > > internal address (accessibly through the IPSec tunnel only). > > > > Recently the other IPSec endpoint was shutdown and, of course, my queries > to > > the forward domain started failling. Nothing strange here... > > > > The real problem is that I suddendly were not able to resolve any other > DNS > > queries, like www.google.com, from inside my network: > > > > "host www.google.com > > ;; connection timed out; no servers could be reached" > > > > I took a look at the named daemon and I see that it does not respond to > > anything as long as the IPSec tunnel is down, but only if it's the other > > endpoint that is down. I've tried stopping my endpoint and this problem > do > > not occur as long as I restart named. I think this happens because as > long > > as my endpoint is up the routes to the other endpoint are set, and named > > trys to querie the forward domain name server. The problem is that the > > queries do not timeout and named hangs there: > > Please check this: > - https://bugzilla.redhat.com/show_bug.cgi?id=427629 > - http://lkml.org/lkml/2007/12/4/260 > - http://lkml.org/lkml/2008/4/17/474 > > $ echo "1" >/proc/sys/net/core/xfrm_larval_drop > > should help you. > > Adam > > -- > Adam Tkac, Red Hat, Inc. >
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users