BIND 10 #2510: b10-auth should not accept queries while configuring
BIND 10 Development
do-not-reply at isc.org
Mon Dec 3 18:27:10 UTC 2012
#2510: b10-auth should not accept queries while configuring
---------------------------------+-----------------------------------------
Reporter: jreed | Owner:
Type: defect | Status: new
Priority: medium | Milestone: New Tasks
Component: b10-auth | Resolution:
Keywords: | CVSS Scoring:
Sensitive: 0 | Defect Severity: N/A
Sub-Project: DNS | Feature Depending on Ticket:
Estimated Difficulty: 0 | Add Hours to Ticket: 0
Total Hours: 0 | Internal?: 0
---------------------------------+-----------------------------------------
Comment (by jinmei):
Replying to [comment:4 shane]:
> It might be beneficial to return something, other than dropping queries
on the floor. That would allow a resolver to continue on to other servers,
rather than waiting on a timeout. Probably SERVFAIL is the only valid
answer here.
>
> OTOH, doing what BIND 9 does may satisfy the principle of least
surprise.
Hmm, SERVFAIL is probably better. When I made my previous comment, I
was thinking about an operational practice I heard before: running
2 instances of BIND 9 named with a tool that checks if particular
instance is working. It's essentially just sending a DNS query to see
if it's responded. It should work whether the failure case is a
timeout or SERVFAIL, and in some sense SERVFAIL may be better in that
it's quicker.
--
Ticket URL: <http://bind10.isc.org/ticket/2510#comment:5>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development
More information about the bind10-tickets
mailing list