Intermittent "failure trying master... operation canceled" on zone refresh

Hi All, We're running a series of RHEL 7.4 machines (kernel version 3.10.0-693.1.1.el7.x86_64) running bind version 9.9.4-RedHat-9.9.4-51.el7. Our configuration consists of a hidden master and three hidden slave/recursive resolvers. I'm getting a LOT of errors on the slaves that look like:

Re: also-notify and allow-notify

On 17 May 2018 at 13:30, Blason R wrote: > Hi, > > I have RPZ installed on server and its acting as a master server but > somehow port setting is not working on master > > [...] > > So here I am sending notification to 192.168.5.49 on port 4545; my > queries are > > How do

also-notify and allow-notify

Hi, I have RPZ installed on server and its acting as a master server but somehow port setting is not working on master ## Master Server configuration response-policy { zone "malware.trap"; }; zone "malware.trap" { type master; file "/var/lib/bind/malware.trap.db"; notify explicit;

Re: BIND srtt algorithm not working as expected

Hey Nico, long time no speak, hope you are well! You still at Efficient IP? Yes that would be a great idea in theory but in practice it would require a massive infrastructure change for this customer, we'd also have to migrate the anycast IPs to these new nodes (does dnsdist support anycast?),

Re: DNS primary and secondary receiveing queries at the same time

Hi Roberto, > On 17 May 2018, at 16:25, Roberto Carna wrote: > > Dear Tony, so you say that it's impossible what I want... > > In this scenario that my two DNS servers respond queries at the same > time, suppose the primary server goes downhow do clients know that

Re: DNS primary and secondary receiveing queries at the same time

On Thu, May 17, 2018 at 4:26 PM Roberto Carna wrote: > Dear Tony, so you say that it's impossible what I want... > In this scenario that my two DNS servers respond queries at the same > time, suppose the primary server goes downhow do clients know that > they have

Re: DNS primary and secondary receiveing queries at the same time

OK, now I understandthank you very much !!! Regards. 2018-05-17 11:25 GMT-03:00 Roberto Carna : > Dear Tony, so you say that it's impossible what I want... > > In this scenario that my two DNS servers respond queries at the same > time, suppose the primary server

Re: DNS primary and secondary receiveing queries at the same time

Dear Tony, so you say that it's impossible what I want... In this scenario that my two DNS servers respond queries at the same time, suppose the primary server goes downhow do clients know that they have to query the secondary DNS server at this moment? Thanks again. 2018-05-17 11:19

Re: DNS primary and secondary receiveing queries at the same time

On Thu, May 17, 2018 at 4:07 PM Roberto Carna wrote: > Hi people, I've implemented two BIND9 servers for my company, one as > primary public DNS server and the other as secondary public DNS > server. > I always believed that all the client queries coming from Internet

Re: DNS primary and secondary receiveing queries at the same time

Dear Nico, my BIND servers are authoritativethey have delegated several zones. 2018-05-17 11:12 GMT-03:00 Nico CARTRON : > Hi Roberto, > > On 17 May 2018, at 16:06, Roberto Carna wrote: > > Hi people, I've implemented two BIND9 servers for my

Re: DNS primary and secondary receiveing queries at the same time

Roberto Carna wrote: > > I always believed that all the client queries coming from Internet go > to the DNS primary server, and if it is down, just in this case go to > the DNS secondary server. It can't happen that way because there's no way for a resolver to tell

Re: DNS primary and secondary receiveing queries at the same time

Hi Roberto, > On 17 May 2018, at 16:06, Roberto Carna wrote: > > Hi people, I've implemented two BIND9 servers for my company, one as > primary public DNS server and the other as secondary public DNS > server. > > I always believed that all the client queries coming

DNS primary and secondary receiveing queries at the same time

Hi people, I've implemented two BIND9 servers for my company, one as primary public DNS server and the other as secondary public DNS server. I always believed that all the client queries coming from Internet go to the DNS primary server, and if it is down, just in this case go to the DNS

Re: BIND srtt algorithm not working as expected

Hi Paul, > On 17 May 2018, at 13:46, Paul Roberts wrote: > > Good grief indeed! > > I would love to implement 'fetches-per-zone' but we need to get them onto > BIND 9.11 first, that's a few months away. > > Unfortunately I can't just block this traffic else I'll

Re: BIND srtt algorithm not working as expected

Good grief indeed! I would love to implement 'fetches-per-zone' but we need to get them onto BIND 9.11 first, that's a few months away. Unfortunately I can't just block this traffic else I'll have the security teams wanting to know why we are compromising their desktop security. Even

Re: Observed random DNS update failures

nagaraju wrote: > > Scenario: Querying information of Domain "A" and "B", use the IP address > of the domain "B" to associate for domain "A" > > Issue: During the above scenario testing, observed there rejection of DNS > update requests by named process. What

Re: BIND srtt algorithm not working as expected

Paul Roberts wrote: > After doing some more packet captures, it looks like a lot of the > queries are related to Sophos live protection DNS lookups (lots of > queries for sophosxl.net), so there are a lot of queries which don't get > resolved. Good grief. There are a

Re: BIND srtt algorithm not working as expected

please wrap your lines when possible. <76 characters ideally. On 17.05.18 08:32, Paul Roberts wrote: After doing some more packet captures, it looks like a lot of the queries are related to Sophos live protection DNS lookups (lots of queries for sophosxl.net), so there are a lot of queries

Re: BIND srtt algorithm not working as expected

After doing some more packet captures, it looks like a lot of the queries are related to Sophos live protection DNS lookups (lots of queries for sophosxl.net), so there are a lot of queries which don't get resolved. We see multiple queries for the same name and the resolver seems to retransmit