Opened 7 years ago

Closed 6 years ago

#2510 closed defect (wontfix)

b10-auth should not accept queries while configuring

Reported by: jreed Owned by:
Priority: medium Milestone: DNS Outstanding Tasks
Component: b10-auth Version:
Keywords: Cc:
CVSS Scoring: Parent Tickets:
Sensitive: no Defect Severity: N/A
Sub-Project: DNS Feature Depending on Ticket:
Estimated Difficulty: 4 Add Hours to Ticket: 0
Total Hours: 0 Internal?: no

Description

I have many zones configured that take about 30 seconds to load.
While loading and before AUTH_DATASRC_CLIENTS_BUILDER_RECONFIGURE_SUCCESS, queries for records within all zones (I think all) return REFUSED.

I think it should not accept queries while loading a configuration.

Subtickets

Change History (8)

comment:1 follow-up: Changed 7 years ago by jwright

This issue probably needs a wider discussion on the bind10 dev list. What does BIND 9 do?

comment:2 in reply to: ↑ 1 Changed 7 years ago by jinmei

Replying to jwright:

This issue probably needs a wider discussion on the bind10 dev list. What does BIND 9 do?

BIND 9 doesn't respond to queries until the very initial configuration is fully loaded.

comment:3 Changed 7 years ago by jinmei

Note that with #2401 this should be pretty easy: we should only introduce
a special case for the very initial config setup where we use the synchronous
mode.

comment:4 follow-up: Changed 7 years ago by shane

It might be beneficial to return something, other than dropping queries on the floor. That would allow a resolver to continue on to other servers, rather than waiting on a timeout. Probably SERVFAIL is the only valid answer here.

OTOH, doing what BIND 9 does may satisfy the principle of least surprise.

comment:5 in reply to: ↑ 4 Changed 7 years ago by jinmei

Replying to shane:

It might be beneficial to return something, other than dropping queries on the floor. That would allow a resolver to continue on to other servers, rather than waiting on a timeout. Probably SERVFAIL is the only valid answer here.

OTOH, doing what BIND 9 does may satisfy the principle of least surprise.

Hmm, SERVFAIL is probably better. When I made my previous comment, I
was thinking about an operational practice I heard before: running
2 instances of BIND 9 named with a tool that checks if particular
instance is working. It's essentially just sending a DNS query to see
if it's responded. It should work whether the failure case is a
timeout or SERVFAIL, and in some sense SERVFAIL may be better in that
it's quicker.

comment:6 Changed 7 years ago by shane

  • Milestone New Tasks deleted

comment:7 Changed 6 years ago by stephen

  • Milestone set to DNS Outstanding Tasks

comment:8 Changed 6 years ago by tomek

  • Resolution set to wontfix
  • Status changed from new to closed

DNS and BIND10 framework is outside of scope for Kea project.
The corresponding code has been removed from Kea git repository.
If you want to follow up on DNS or former BIND10 issues, see
http://bundy-dns.de project.

Closing ticket.

Note: See TracTickets for help on using tickets.