Re: bin/51313: named caching server timeouts

To: tls%netbsd.org@localhost
Subject: Re: bin/51313: named caching server timeouts
From: Havard Eidnes <he%NetBSD.org@localhost>
Date: Fri, 06 Apr 2018 15:14:36 +0200 (CEST)

> Here are some snippets from /var/log/messages as well as from packet captures
> on the client-serving (interior) and internet-facing (exterior) interfaces
> of my NetBSD firewall, showing a query for pool.ntp.org, which:
> 
> 1) Appears to have succeded, returning a response to the caching server, but
> 2) Results in ServFail being returned to the interior client, after a delay.

That would be identical to the sort of failure you would get if
DNSSEC validation for the looked-up name fails.

However, when looked at from my vantage point, neither ntp.org
nor pool.ntp.org do not appear to be DNSSEC-signed.

Keying pool.ntp.org into dnsviz.net reveals a few warnings,
though, ref.

  http://dnsviz.net/d/pool.ntp.org/dnssec/

but nothing catastrophic I think.

Regards,

- Håvard

Prev by Date: Re: port-amd64/53155: OS wedges after <12h uptime when >2 bnx network interfaces in use
Next by Date: Re: bin/51313: named caching server timeouts
Previous by Thread: Re: bin/51313: named caching server timeouts
Next by Thread: Re: bin/51313: named caching server timeouts
Indexes:

Home | Main Index | Thread Index | Old Index