loss of masters over ipsec hoses bind

Matt LaPlante cyberdog3k at gmail.com
Fri Dec 21 19:20:07 UTC 2007

I'm currently running Bind 9.4.1 (Ubuntu Gutsy).  I have several zones
in master->slave setups, which normally works just fine.  The other
day, however, I ran into an odd problem.  A couple of the slave zones
generally update over an ipsec connected network.  The ipsec
connection went away, and shortly thereafter bind royally wedged
itself, refusing to serve any data (including basic forward lookups)
and was not even responding to rndc restarts.  It took me a good while
of restarting the system and poking around logs to decide to strace
the process, which eventually lead me to removing the ipsec-dependant
slave zones from the config.  As soon as I did this, Bind became
stable again.  Interestingly, zones which updated over public IP space
behaved fine, even if the master server was unreachable.  It was only
zones that were trying to go over the down ipsec connection that hosed
the daemon.

This whole issue is logged in a bit more detail here, including output
from strace:

I can (apparently) reproduce this issue again with little difficulty,
so I'd be glad to help debug it.

Matt LaPlante

More information about the bind-users mailing list