Confusion about "try-tcp-refresh"
Anand Buddhdev
anandb at ripe.net
Mon Apr 20 09:24:34 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello BIND developers,
We have some BIND servers configured as slaves for many hundreds of
zones, with the master pointing to our distribution master's IPv4 and
IPv6 address.
One some of these servers, the IPv6 routing was broken, so that when
BIND tried to refresh from the master's IPv6 address, it timed out.
Then it tried to refresh over TCP, because the option
"try-tcp-refresh" defaults to "yes". This caused even more delays in
trying to refresh zones. Eventually they fell back to IPv4, but this
caused many zones to lag behind quite often.
I've fixed the IPv6 issue now, but then I wanted to set
"try-tcp-refresh" to "no" on all these servers, but I'm confused about
the location of this setting. The BIND 9.10.2 ARM suggests that it is
a per-zone setting. Can I also set it in the global "options" area?
Finally, why is this setting defaulting to "yes"? If it's for BIND8
compatibility, isn't it time it defaulted to "no"?
Regards,
Anand Buddhdev
RIPE NCC
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iEYEARECAAYFAlU0xdIACgkQi+U8Q0SwlCtvmQCffVXRNn9ey83plPJjoIqHhlTs
4B0Anisoifyruha15LLFRVW/QaiOai30
=N+Oi
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list