Re: AAAA domain bug in Sarge Package bind9 9.2.4
I've reported this bug using the Debian bug tracking system.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=336614
On 8/21/05, Martynas Brijunas <mbrijun@gmail.com> wrote:
> hi Franz,
>
> looks like it means that there is no way to have a properly working
> BIND9 if you want to stay within the "stable" branch of code (offering
> 9.2.4-1 at the moment)?
>
> Martynas
>
> On 21/08/05, Lehner Franz <franz@caos.at> wrote:
> > from: http://archive.netbsd.se/?ml=bind-users&a=2004-12&t=556166
> >
> > -> fixed in fixed in 9.2.5/9.3.1 out soon)
> >
> >
> > Subject: turning off EDNS0
> > From: Mark Andrews <Mark_Andrews(-at-)isc.org>
> > Id:<200412292345.iBTNj4Jj097636@drugs.dv.isc.org>
> > Date: Thu, 30 Dec 2004 10:45:04 +1100
> >
> >
> > > I am running bind version "BIND 9.2.2-P1" and I notice that my query
> > > times are very long. When I run Ethereal to see why, I see that initial
> > > queries are sending the OPT pseudo RR. Almost every nameserver out
> > > there responds to this with RCODE "format error" and then bind issues
> > > another query without this extension.
> >
> > Actually the majority of servers out there know about EDNS.
> >
> > > This is really increasing my relsoving time. I would really like to
> > > disable this, but apparently I can only do this on a per server basis.
> >
> > The delays caused by EDNS probes are generally not noticable to
> > the end user.
> >
> > You are most probably seeing the side effects of the addition of
> > AAAA records for A.GTLD-SERVERS.NET and B.GTLD-SERVERS.NET. This
> > tickled a bug in BIND 9 (fixed in 9.2.5/9.3.1 out soon). This also
> > exposed misconfigured firewalls that incorrectly dropped EDNS
> > replies bigger than 512 octets. The EDNS referral to the COM /
> > NET servers now exceeds 512 octets.
> >
> > Upgrade to 9.3.0 and run "named -4" to work around the BIND 9
> > bug.
> >
> > Upgrade to 9.3.0 and set "edns-udp-size 512;" in options if you
> > have a broken firewall. This should be seen as a short term
> > work-around until you get the firewall fixed.
> >
> > You can determine if the firewall is misconfigured if you get
> > a response to the first query and not to the second query.
> >
> > dig soa com +norec @a.root-servers.net
> > dig soa com +norec +bufsize24 @a.root-servers.net
> >
> > > First, I would like to know how to disable this globally (hopefully
> > > without recompililng). But something makes me think this is not what I
> > > want to do. I just can't believe that ISC would release BIND9
> > > configured by default to double resolving times. Am I doing something
> > > wrong?
> > >
> > > ---
> > > Joe Harvell
> > >
> > >
> > --
> > Mark Andrews, ISC
> > 1 Seymour St., Dundas Valley, NSW 2117, Australia
> > PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org
> >
> >
>
>
Reply to: