named daemon hangs
Adam Tkac
atkac at redhat.com
Mon May 4 07:18:27 UTC 2009
On Sat, May 02, 2009 at 04:06:18PM +0100, Nelson Vale wrote:
> Hi all,
>
>
> I've been facing a problem in my private network which I was not able to fix
> yet.
>
> In my gateway (linux debian alike) I have bind 9.5 installed and running,
> and I have one IPSec tunnel to another gateway over the internet. It also
> has configured a forward zone with the name server being the other gateway
> internal address (accessibly through the IPSec tunnel only).
>
> Recently the other IPSec endpoint was shutdown and, of course, my queries to
> the forward domain started failling. Nothing strange here...
>
> The real problem is that I suddendly were not able to resolve any other DNS
> queries, like www.google.com, from inside my network:
>
> "host www.google.com
> ;; connection timed out; no servers could be reached"
>
> I took a look at the named daemon and I see that it does not respond to
> anything as long as the IPSec tunnel is down, but only if it's the other
> endpoint that is down. I've tried stopping my endpoint and this problem do
> not occur as long as I restart named. I think this happens because as long
> as my endpoint is up the routes to the other endpoint are set, and named
> trys to querie the forward domain name server. The problem is that the
> queries do not timeout and named hangs there:
Please check this:
- https://bugzilla.redhat.com/show_bug.cgi?id=427629
- http://lkml.org/lkml/2007/12/4/260
- http://lkml.org/lkml/2008/4/17/474
$ echo "1" >/proc/sys/net/core/xfrm_larval_drop
should help you.
Adam
--
Adam Tkac, Red Hat, Inc.
More information about the bind-users
mailing list