Re: bin/51313: named caching server timeouts

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,Hauke Fath <hf%spg.tu-darmstadt.de@localhost>
Subject: Re: bin/51313: named caching server timeouts
From: Havard Eidnes <he%NetBSD.org@localhost>
Date: Fri, 6 Apr 2018 13:15:00 +0000 (UTC)

The following reply was made to PR bin/51313; it has been noted by GNATS.

From: Havard Eidnes <he%NetBSD.org@localhost>
To: tls%netbsd.org@localhost
Cc: gnats-bugs%NetBSD.org@localhost, netbsd-bugs%netbsd.org@localhost
Subject: Re: bin/51313: named caching server timeouts
Date: Fri, 06 Apr 2018 15:14:36 +0200 (CEST)

 > Here are some snippets from /var/log/messages as well as from packet =
 captures
 > on the client-serving (interior) and internet-facing (exterior) inter=
 faces
 > of my NetBSD firewall, showing a query for pool.ntp.org, which:
 > =

 > 1) Appears to have succeded, returning a response to the caching serv=
 er, but
 > 2) Results in ServFail being returned to the interior client, after a=
  delay.

 That would be identical to the sort of failure you would get if
 DNSSEC validation for the looked-up name fails.

 However, when looked at from my vantage point, neither ntp.org
 nor pool.ntp.org do not appear to be DNSSEC-signed.

 Keying pool.ntp.org into dnsviz.net reveals a few warnings,
 though, ref.

   http://dnsviz.net/d/pool.ntp.org/dnssec/

 but nothing catastrophic I think.

 Regards,

 - H=E5vard

Prev by Date: Re: bin/51313: named caching server timeouts
Next by Date: Re: kern/53096 (netbsd-8 crash on heavy disk I/O)
Previous by Thread: Re: bin/51313: named caching server timeouts
Next by Thread: Re: bin/51313: named caching server timeouts
Indexes:

Home | Main Index | Thread Index | Old Index