Package: bind9 Version: 1:9.8.4.dfsg.P1-6+nmu2+deb7u2 Severity: important This is a regression from older versions of bind (possibly since 9.2.4 but I didn't check when it was introduced).
Previously when bind9 encountered an idle timeout and a query in lib/dns/resolver.c it would simply spawn a new query if possible. Only when the user-configurable query timeout is exceeded would the existing query fail. With the current bind9 a query is cancelled as soon as the idle timeout is breached, which is usually just 0.8s. This means that when the network slows down suddenly, you will see bind9 send out a bunch of queries spaced 0.8s apart, and closing the socket before each response comes back, resulting in ICMP unreachable packets . This is highly suboptimal. The comment in the code indicates that this is done to conserve file descriptors. On a modern Linux kernel, you can easily raise the number of file descriptors so this seems to be a poor excuse. My suggestion would be to either back out this change completely, or make it user configurable, possibly even disabling it by default in Debian. PS I couldn't find the original patch on the net but I did find a copy of it here: http://lists.freebsd.org/pipermail/svn-src-projects/2008-November/000087.html Look for the patch that modifies lib/dns/resolver.c. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
