Forum: Too Lazy BBS

broken trust chain

From Youssef.FassiFihri@Youssef.FassiFihri@inwi.ma to bind-users on Tue Jul 28 23:10:25 2020

From Newsgroup: comp.protocols.dns.bind

--_000_6dac61267286414c979b7ab501647acdinwima_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi All,

I am using Bind as resolver for end users .

At various time, bind logs show "broken trust chain" continuously , for ab= out 20mn ~ 30 mn causing an increase of "recursive clients" shown in "rndc=
status" and a decrease of "DNS sucess rate KPI" supervised from end users=
side. then the error disappear and everything is OK.

the problem appears on different server at different time.

What could be the problem?

Regards,

________________________________

=AB Ce message et toutes les pi=E8ces y jointes sont susceptibles de conten=
ir des informations confidentielles ou privil=E9gi=E9es, lesquelles ne doiv= ent =EAtre reproduites, diffus=E9es ou exploit=E9es sans autorisation. L'in= t=E9grit=E9 des messages =E9lectroniques n'=E9tant pas garantie, WANA CORPO= RATE d=E9cline toute responsabilit=E9 dans le cas o=F9 ce message aurait = =E9t=E9 alt=E9r=E9, d=E9form=E9 ou falsifi=E9.

Ce message est =E9tabli =E0 l'attention exclusive de ses destinataires. Si = vous avez re=E7u ce message par erreur, veuillez le signaler =E0 l'exp=E9di= teur et le d=E9truire y compris les pi=E8ces jointes.

Merci. =BB

---------------------------------------------------------------------------= ---------------------------------------------------------------------------= ---------------------------------------------------------------------------= -----------------------

=AB This message and its attachments may contain confidential or privileged=
information that should not be copied, distributed or used without authori= zation. As the integrity of emails may not be guaranteed, WANA CORPORATE is=
not liable for messages that have been modified, changed or falsified.

If you have received this email in error, please notify the sender and dele=
te this message and its attachments.

Thank you. =BB

--_000_6dac61267286414c979b7ab501647acdinwima_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Diso-8859-=

<style type=3D"text/css" style=3D"display:none;"></style>
</head>
<body dir=3D"ltr">
<div id=3D"divtagdefaultwrapper" style=3D"font-size:12pt;color:#000000;font= -family:Calibri,Helvetica,sans-serif;" dir=3D"ltr">
Hi All,
 

I am using Bind as resolver for end users  .
 

At various time, bind logs show "broken trust chain" con= tinuously  , for about 20mn  ~ 30 mn causing an = increase of "recursive clients" shown in "rndc status&= quot; and a decrease of  "DNS sucess rate KPI" supervised fr=
om end users side.  then
the error disappear and everything is OK.
 

the problem appears on different server at different time.<=

 

What could be the problem?
 

Regards, 
</div>

 
=AB Ce message et toutes les pi=E8ces y jointes sont susceptibles de conten=
ir des informations confidentielles ou privil=E9gi=E9es, lesquelles ne doiv= ent =EAtre reproduites, diffus=E9es ou exploit=E9es sans autorisation. L&#8= 217;int=E9grit=E9 des messages =E9lectroniques n’=E9tant pas
garantie, WANA CORPORATE d=E9cline toute responsabilit=E9 dans le cas o=F9=
ce message aurait =E9t=E9 alt=E9r=E9, d=E9form=E9 ou falsifi=E9. 

Ce message est =E9tabli =E0 l'attention exclusive de ses destinataires. Si = vous avez re=E7u ce message par erreur, veuillez le signaler =E0 l’ex= p=E9diteur et le d=E9truire y compris les pi=E8ces jointes. 

Merci. =BB 

---------------------------------------------------------------------------= ---------------------------------------------------------------------------= ---------------------------------------------------------------------------= ----------------------- 

=AB This message and its attachments may contain confidential or privileged=
information that should not be copied, distributed or used without authori= zation. As the integrity of emails may not be guaranteed, WANA CORPORATE is=
not liable for messages that have
been modified, changed or falsified. 

If you have received this email in error, please notify the sender and dele=
te this message and its attachments. 

Thank you. =BB 


</body>
</html>

--_000_6dac61267286414c979b7ab501647acdinwima_--
--- Synchronet 3.21d-Linux NewsLink 1.2

From Mark Andrews@marka@isc.org to Youssef.FassiFihri on Wed Jul 29 11:15:24 2020

From Newsgroup: comp.protocols.dns.bind

A network link that is dropping packets can trigger EDNS failures in versions of
BIND before 9.13.3. These versions have code to compensate for servers that fail to respond to EDNS queries or fail to respond to EDNS queries with DO=1
or fail to respond to queries with (particular) EDNS options set. BIND would fallback to plain DNS queries to workaround these issues, but that broke
DNSSEC when the answers where coming from a signed zone and the packet loss
is due to network issues.
5029. [func] Workarounds for servers that misbehave when queried
with EDNS have been removed, because these broken
servers and the workarounds for their noncompliance
cause unnecessary delays, increase code complexity,
and prevent deployment of new DNS features. See
https://dnsflagday.net for further details. [GL #150]

On 29 Jul 2020, at 09:10, <Youssef.FassiFihri@inwi.ma> <Youssef.FassiFihri@inwi.ma> wrote:

Hi All,

I am using Bind as resolver for end users .

At various time, bind logs show "broken trust chain" continuously , for about 20mn ~ 30 mn causing an increase of "recursive clients" shown in "rndc status" and a decrease of "DNS sucess rate KPI" supervised from end users side. then the error disappear and everything is OK.

the problem appears on different server at different time.

What could be the problem?

Regards,

-2 Ce message et toutes les pi|?ces y jointes sont susceptibles de contenir des informations confidentielles ou privil|-gi|-es, lesquelles ne doivent |-tre reproduites, diffus|-es ou exploit|-es sans autorisation. LrCOint|-grit|- des messages |-lectroniques nrCO|-tant pas garantie, WANA CORPORATE d|-cline toute responsabilit|- dans le cas o|| ce message aurait |-t|- alt|-r|-, d|-form|- ou falsifi|-.

Ce message est |-tabli |a l'attention exclusive de ses destinataires. Si vous avez re|ou ce message par erreur, veuillez le signaler |a lrCOexp|-diteur et le d|-truire y compris les pi|?ces jointes.

Merci. -+

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

-2 This message and its attachments may contain confidential or privileged information that should not be copied, distributed or used without authorization. As the integrity of emails may not be guaranteed, WANA CORPORATE is not liable for messages that have been modified, changed or falsified.

If you have received this email in error, please notify the sender and delete this message and its attachments.

Thank you. -+

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
--- Synchronet 3.21d-Linux NewsLink 1.2

Who's Online

System Info

Sysop:	Amessyroom
Location:	Fayetteville, NC
Users:	65
Nodes:	6 (0 / 6)
Uptime:	06:12:32
Calls:	862
Files:	1,311
D/L today:	921 files (14,318M bytes)
Messages:	264,699

broken trust chain

Who's Online

System Info