> Mark:
>
> The upgrade and the -4 option seemed to fix the problem. I didn't
> change the edns-udp-size since the firewall test passed.


Fine.

> I also specified "--enable-threads" in my build of 9.3.0, but I don't
> know how 9.2.2-P1 was built. I see 5 named processes in 'ps' when I run
> 9.2.2-P1. Does that mean it was built with --enable-threads?


Yes. From the FAQ.

Q: Why do I see 5 (or more) copies of named on Linux?

A: Linux threads each show up as a process under ps. The approximate
number of threads running is n+4, where n is the number of CPUs. Note that
the amount of memory used is not cumulative; if each process is using 10M of
memory, only a total of 10M is used.


> Thanks for your help.
>
> Mark Andrews wrote:
>
> >>I am running bind version "BIND 9.2.2-P1" and I notice that my query
> >>times are very long. When I run Ethereal to see why, I see that initial
> >>queries are sending the OPT pseudo RR. Almost every nameserver out
> >>there responds to this with RCODE "format error" and then bind issues
> >>another query without this extension.
> >>
> >>

> >
> > Actually the majority of servers out there know about EDNS.
> >
> >
> >
> >>This is really increasing my relsoving time. I would really like to
> >>disable this, but apparently I can only do this on a per server basis.
> >>
> >>

> >
> > The delays caused by EDNS probes are generally not noticable to

> the end user.
> >
> > You are most probably seeing the side effects of the addition of
> > AAAA records for A.GTLD-SERVERS.NET and B.GTLD-SERVERS.NET. This
> > tickled a bug in BIND 9 (fixed in 9.2.5/9.3.1 out soon). This also
> > exposed misconfigured firewalls that incorrectly dropped EDNS
> > replies bigger than 512 octets. The EDNS referral to the COM /
> > NET servers now exceeds 512 octets.
> >
> > Upgrade to 9.3.0 and run "named -4" to work around the BIND 9
> > bug.
> >
> > Upgrade to 9.3.0 and set "edns-udp-size 512;" in options if you
> > have a broken firewall. This should be seen as a short term
> > work-around until you get the firewall fixed.
> >
> > You can determine if the firewall is misconfigured if you get
> > a response to the first query and not to the second query.
> >
> > dig soa com +norec @a.root-servers.net
> > dig soa com +norec +bufsize=1024 @a.root-servers.net
> >
> >
> >
> >>First, I would like to know how to disable this globally (hopefully
> >>without recompililng). But something makes me think this is not what I
> >>want to do. I just can't believe that ISC would release BIND9
> >>configured by default to double resolving times. Am I doing something
> >>wrong?
> >>
> >>---
> >>Joe Harvell
> >>
> >>
> >>
> >>

> >--
> >Mark Andrews, ISC
> >1 Seymour St., Dundas Valley, NSW 2117, Australia
> >PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org
> >
> >
> >

>

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org