Re: bind vs glue records

To: Stephen Borrill <netbsd%precedence.co.uk@localhost>
Subject: Re: bind vs glue records
From: "Jeremy C. Reed" <reed%reedmedia.net@localhost>
Date: Thu, 31 Mar 2016 09:08:02 -0500 (CDT)

I tracked your problem down in master (upcoming 9.11) when cookies 
support is enabled by default. I can also reproduce it in bind 9.10 when 
experimental SIT support (using an experimental option code) is enabled. 
(SIT is BIND9 experiment predating Cookies.)

This is enabled by default on NetBSD. (It is not enabled by default with 
BIND 9.10 from ISC.) See src/external/bsd/bind/include/isc/platform.h

#define ISC_PLATFORM_USESIT 1

Change that to an #undef ISC_PLATFORM_USESIT

and it should work for you. (Note there are some other SIT or AES 
settings also enabled related to it in config.h.)

As a workaround, set in your options in named.conf:

request-sit false;

(Be sure to flush your cache after that.)

The problem can easily be seen currently by doing:

dig +nosit bmb.glbaa.barclays.com. @157.83.102.245
 (returns A record)

dig +sit bmb.glbaa.barclays.com. @157.83.102.245
  (no response)

(I was able to reproduce with some of the other examples too.)

But regardless of NetBSD using this experimental code, the real code is 
on by default in upcoming BIND 9.11 and has same problem. I will 
research some more and let you know.

Follow-Ups:
- Re: bind vs glue records
  - From: Mike Pumford
- Re: bind vs glue records
  - From: Jeremy C. Reed

References:
- bind vs glue records
  - From: Stephen Borrill

Prev by Date: Re: RFC: nexthop cache separation
Next by Date: Re: bind vs glue records
Previous by Thread: Re: bind vs glue records
Next by Thread: Re: bind vs glue records
Indexes:

Home | Main Index | Thread Index | Old Index