- Posted In
- Red Hat Enterprise Linux
I have updated a working Bind with this update to address a vulnerability CVE-2018-5743
Before that everything was working fine for zone transfers to other systems. Once updated, the zones fail to copy over. Errors are in this format:
xfer-out: error: client AAA.BBB.CCC.DDD #61783 (example.com): view internal: transfer of 'example.com/IN': aborted: timed out
lsof -Pni | grep named | grep WAIT | wc -l
typically shows 90 connections to the remote NS servers in CLOSE_WAIT state.
If I roll back to the prior version of bind: 9.9.4-73.el7_6 then zone transfers resume good function.
We're tried the option "transfers-out 100;" and it makes no difference in the current release 9.9.4-74.el7_6.1
dig with +trace confirms the new hosts are not resolved by remote DNS.
I may have to run this server with the older release until we understand how to make a better configuration or there is a bug fix. Is anyone else seeing a problem? It isn't obvious unless you try a DNS query that happens to be resolved by one of the remote DNS servers and with a freshly added record to check.