[ksk-rollover] Bind sending too many DNSKEY queries today, even in recent versions
Wes Hardaker
wjhns1 at hardakers.net
Thu Apr 4 22:22:20 UTC 2019
I couldn't figure out why a caching bug would likely be restricted to
just the period where the key was published with a revoke bit set. So I
decided to re-try the experiment I did in the airport, but this time
with data captures and "real science". The results contain graphs, so
rather than write it up here, I'll direct you over to my write up on
this web site:
https://www.isi.edu/~hardaker/news/20190404-bind-bug.html
TL;DR: some versions of bind (at least), in certain configurations,
still sometimes (15% of the time) enter a state of sending a large
number of DNSKEY queries on a regular basis. Today.
--
Wes Hardaker
USC/ISI
More information about the ksk-rollover
mailing list