NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: bin/51313: named caching server timeouts



> Here are some snippets from /var/log/messages as well as from packet captures
> on the client-serving (interior) and internet-facing (exterior) interfaces
> of my NetBSD firewall, showing a query for pool.ntp.org, which:
> 
> 1) Appears to have succeded, returning a response to the caching server, but
> 2) Results in ServFail being returned to the interior client, after a delay.

That would be identical to the sort of failure you would get if
DNSSEC validation for the looked-up name fails.

However, when looked at from my vantage point, neither ntp.org
nor pool.ntp.org do not appear to be DNSSEC-signed.

Keying pool.ntp.org into dnsviz.net reveals a few warnings,
though, ref.

  http://dnsviz.net/d/pool.ntp.org/dnssec/

but nothing catastrophic I think.

Regards,

- Håvard


Home | Main Index | Thread Index | Old Index