Paul Wouters: Re: [dnssec-deployment] DNS cache issue

Adam Tkac atkac at redhat.com
Fri Nov 23 08:30:59 UTC 2007


On Thu, Nov 22, 2007 at 12:15:29PM -0500, Michael Richardson wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
> >>>>> "Adam" == Adam Tkac <atkac at redhat.com> writes:
> 
>     Adam> Yes. I'm keeping short patch downstream which adds global edns
>     Adam> option.  This option was discussed on bind-workers and ISC
>     Adam> don't want that option. Our users has problem that log is
>     Adam> flooded with "..disabling EDNS.." messages. Of course, EDNS is
> 
>   Then just turn off that message, or limit it to saying it once.
>   Bind9 turns off EDNS on it's own, right?

Turn off message is nasty hack. BIND turns off EDNS after 3
unsuccessful queries (I think :) ) but this takes time. If you know you have
problems related to ENDS you could fix your network or stop using
EDNS.

Adam

> 
> - -- 
> ]            Bear: "Me, I'm just the shape of a bear."          |  firewalls  [
> ]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
> ] mcr at xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
> ] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Finger me for keys
> 
> iQEVAwUBR0W5K4CLcPvd0N1lAQIiagf/ZZtghcPsKOD7jEwB7LaLSVIUZrDuvF5/
> Xzr3Uh7bcvmlOqWoXmoFBbqHteaDSLh5Q6HcF1Gu2ic3tPHDC4DaQ+u81QY7sR6F
> vVsE0Pir2LAB+J4Nf6+78YQ8xfSMN7VcLJuTE/XvoCerIO7DXBQ81r85aK0PlkiL
> p0ffmxfP++yv5bWHo40h7Ur1wWJGXFv4EYkSUMRpQrim+u6DzHUinU3NydoSWkuJ
> G5mUsJ8MpA9auowg8O6OcBtrYcfnfQ+1kQqP50+K6wbqylDRxukQscu7cSGXxK9j
> qDv8REg+IyCLYAgHCV5vr75lrTER2SI4iNmyx0rSK9K8SmHOCBf5Aw==
> =qMTK
> -----END PGP SIGNATURE-----

-- 
Adam Tkac, Red Hat, Inc.


More information about the bind-workers mailing list