broken trust chain
Josef Moellers
jmoellers at suse.de
Tue Sep 29 07:18:09 UTC 2020
On 28.09.20 23:34, Mark Andrews wrote:
> This is nothing more than packet loss causing named to fallback to plain DNS. Start named after the network is up or upgrade to a 9.14 or later which doesn’t fall back to plain DNS in packet loss.
I doubt that it has anything to do with packet loss because
1) It also happens (and this is used to reproduce) when named is
restarted, rather than started
2) Named is not automatically started but is started manually
("systemctl start named") through an ssh connection from the machine
that runs the dnsmasq, so I have the eery feeling the network is up and
running
3) I all scenarios where we have seen the issue, there is no physical
network involved, just virtual ones, so packet loss should not occur.
4) The indication that no DNSKEY RRSIGs are found, which indicates that
name lookup will fail, occurs before anything name service related
passes the network.
Josef
--
SUSE Software Solutions Germany GmbH
Maxfeldstr. 5
90409 Nürnberg
Germany
(HRB 36809, AG Nürnberg)
Geschäftsführer: Felix Imendörffer
More information about the bind-workers
mailing list