Expire question
phn at icke-reklam.ipsec.nu
phn at icke-reklam.ipsec.nu
Tue Apr 16 15:30:27 UTC 2002
Rasmus Aaen <ra at back-bone.dk> wrote:
> Hi all,
> We have two nameservers responsible for our domain (byggeweb.dk). Both are
> running BIND 8.3.1 on Win2000. The primary server is located at our office
> and the slave is at a ISP hosting center, along with the webserver. Today
> our office internet connection went down, and with it the connection to our
> primary dns server. No problem, I thought; the slave name server will
> continue resolving our domain. But alas! After about one hour the slave name
> server expired the record, effectively shutting our website down. This is
> what I don't understand, since the soa record for the zone has an expire
> value of 10 days.
> To get the website up again, I changed the zone type from slave to master on
> the slave name server, which solved the problem. One of the suggestions to
> prevent this in the future is to run both nameserves as masters, but I would
> like to avoid having to sync the files manually.
> Am I missing something, or is our name servers improperly configured?
Do i understand you right : the local network with the slaveserver
was isolated from Internet, and within one hour it lost capability
to resolve the slave zone ?
One possibility that strikes me is :
the nameserver has a name "dns2.back-bone.dk." and the 'A' record
for that name has teh embarrysing short TTLof one hour. Well,
after one hour, it tries to get this info from Internet ( since it
is not auth for "back-bone.dk." and fails. After this failure
it's goes introverted and refuses to work.
Why not call it "ns.byggweb.dk" and assign it a reasonable TTL ?
> /Rasmus
> Here is the soa record:
> C:\>dig byggeweb.dk soa
> ; <<>> DiG 8.3 <<>> byggeweb.dk soa
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
> ;; QUERY SECTION:
> ;; byggeweb.dk, type = SOA, class = IN
> ;; ANSWER SECTION:
> byggeweb.dk. 1H IN SOA dns.back-bone.dk. dns.back-bone.dk.
> (
> 2002032201 ; serial
> 1H ; refresh
> 30M ; retry
> 1w3d ; expiry
> 1H ) ; minimum
> ;; AUTHORITY SECTION:
> byggeweb.dk. 1H IN NS dns.back-bone.dk.
> byggeweb.dk. 1H IN NS dns2.back-bone.dk.
> ;; ADDITIONAL SECTION:
> dns.back-bone.dk. 1H IN A 130.227.165.202
> dns2.back-bone.dk. 1H IN A 195.215.12.120
> ;; Total query time: 0 msec
> ;; FROM: WKS77 to SERVER: default -- 130.227.165.202
> ;; WHEN: Tue Apr 16 15:57:16 2002
> ;; MSG SIZE sent: 29 rcvd: 144
> -------
> [Denne E-mail blev scannet for virus af Declude Virus]
> [This E-mail was scanned for viruses by Declude Virus]
--
Peter Håkanson
IPSec Sverige (At the Riverside of Gothenburg, home of Volvo)
Sorry about my e-mail address, but i'm trying to keep spam out.
Remove "icke-reklam" and it works.
More information about the bind-users
mailing list