managed-keys update when outgoing UDP is blocked

Branko Mijuskovic branko.mijuskovic.hiag at gmail.com
Tue Feb 25 09:14:43 UTC 2020


Hi Tony,

Thanks for that.

But I'm curious, do you know does BIND failover to TCP if UDP timeouts
during DNSKEY fetching?

Thanks

On Tue, Feb 25, 2020 at 12:47 AM Tony Finch <dot at dotat.at> wrote:

> Branko Mijuskovic <branko.mijuskovic.hiag at gmail.com> wrote:
> >
> > We have an authoritative DNS hidden master (bind-9.11.4-9) running behind
> > the network where outgoing UDP traffic to unlisted IPs is blocked.
> >
> > We are using DNSSEC and I've noticed that we are getting following errors
> > in the bind9 logfile: 'managed-keys-zone/default: Unable to fetch DNSKEY
> > set '.': timed out'
>
> I have configured my hidden primary with a `forwarders` clause pointing at
> my recursive servers, which should stop it from trying to talk to the
> outside world.
>
> Tony.
> --
> f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
> Irish Sea: Westerly 5 to 7, occasionally gale 8 later in south. Moderate,
> becoming rough or very rough in south. Wintry showers. Good, occasionally
> poor.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200225/b8516e55/attachment.htm>


More information about the bind-users mailing list