So I run bind and for some reason it was crashing restarting and when to my backup DNS as it restarts
It seem something bad has gone wrong with DNSSEC and the only way to make bind stable was do this:
dnssec-validation no;
from this
dnssec-validation auto;
Anyone know whats going on?
So I think I have worked it out!....very interesting.
So its to do with Acrylic DNS Proxy and Edge
So Acrylic DNS Proxy has been running fine and for some reason Edge is now doing DNS by TCP in the clear which my Acrylic DNS Proxy then does DNS by TCP in the clear to my bind which crashes BIND9.16.50 but not BIND9.16.3...
looking at config options there is this "tcp-clients" which default is 150 which seems low so set to 1000 and now BIND9.16.50 does not crash. :D
So testing every other bind to see when it stops working it between BIND9.16.3 and BIND9.16.4...
but why now? I'm sure BIND9.16.50 was running fine
hmm this is strange... going by this
old bind that lets you dnssec-enable no; - Search
so I can only disable DNSSEC on bind before 9.16.0 so I downloaded 9.15.8 with dnssec-enable no; and now its stable and what odd is these sites say DNSSEC is on
hmm nope still crashing...
