nanog mailing list archives

Re: ISC BIND 9 breakage?

From: Nick Hilliard <nick () foobar org>
Date: Wed, 25 Mar 2020 17:20:47 +0000

The fix is either to remove "dnssec-lookaside auto;" from the config orelse set "dnssec-lookaside no;" and then reload named.


Nick

Drew Weaver wrote on 25/03/2020 17:18:

Did anyone else on CentOS 6 just have some DNS resolvers totally fall over?

I noticed that this command: dnssec-lookaside auto; was causing theissue. The issue occurred right at about 1PM EST.


I see this note in the ISC key file..

# ISC DLV: See https://www.isc.org/solutions/dlv for details.

         #

         # NOTE: The ISC DLV zone is being phased out as of February 2017;

# the key will remain in place but the zone will be otherwiseempty.


         # Configuring "dnssec-lookaside auto;" to activate this key is

         # harmless, but is no longer useful and is not recommended.

It’s not harmless anymore.

Current thread:

ISC BIND 9 breakage? Drew Weaver (Mar 25)
- Re: ISC BIND 9 breakage? Nick Hilliard (Mar 25)
  - RE: ISC BIND 9 breakage? Drew Weaver (Mar 25)
  - Re: ISC BIND 9 breakage? Mark Tinka (Mar 31)
- Re: ISC BIND 9 breakage? Stephane Bortzmeyer (Mar 25)
  - RE: ISC BIND 9 breakage? Drew Weaver (Mar 25)
    - Re: ISC BIND 9 breakage? Owen DeLong (Mar 25)
- Re: [EXT] ISC BIND 9 breakage? Chuck Anderson (Mar 25)
  - RE: [EXT] ISC BIND 9 breakage? Drew Weaver (Mar 25)
    - Re: [EXT] ISC BIND 9 breakage? Ray Bellis (Mar 26)
- Re: ISC BIND 9 breakage? Mark Andrews (Mar 25)
  - Re: ISC BIND 9 breakage? Clayton Zekelman (Mar 26)

(Thread continues...)