DNS not updating, all hair pulled out
Kevin Darcy
kcd at daimlerchrysler.com
Fri Aug 9 22:07:19 UTC 2002
Micah Anderson wrote:
> Ok, I've been doing DNS for a while, but this one is alluding me, I've
s/alluding/eluding
>
> pulled out nearly all of my hair trying to figure this out.
>
> I did update my serial number and I had my TTL set to about one hour. I did
> an update to my domain, but even a week+ later there are still a good 25% of
> the DNS servers out there who haven't picked up my update.
>
> dig @206.13.28.12 mail.riseup.net
>
> (trimmed)
> ;; ANSWER SECTION:
> mail.riseup.net. 56394 IN CNAME riseup.net.
>
> This is NOT right, it should be:
>
> (trimmed)
> ;; ANSWER SECTION:
> mail.riseup.net. 604800 IN CNAME mars.riseup.net.
> mars.riseup.net. 604800 IN A 216.162.217.191
That's not what the authoritative nameservers for riseup.net are currently
returning:
% dig mail.riseup.net @ns1.riseup.net.
; <<>> DiG 8.3 <<>> mail.riseup.net @ns1.riseup.net.
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUERY SECTION:
;; mail.riseup.net, type = A, class = IN
;; ANSWER SECTION:
mail.riseup.net. 1h40m48s IN A 216.162.217.191
;; AUTHORITY SECTION:
riseup.net. 1h40m48s IN NS ns1.riseup.net.
riseup.net. 1h40m48s IN NS fs.freespeech.org.
;; ADDITIONAL SECTION:
ns1.riseup.net. 1h40m48s IN A 216.162.197.233
;; Total query time: 148 msec
;; FROM: fxiod01.is.chrysler.com to SERVER: ns1.riseup.net. 216.162.197.233
;; WHEN: Fri Aug 9 17:34:25 2002
;; MSG SIZE sent: 33 rcvd: 114
%
> The SOAs on these other DNS servers appear to have the serial numbers of the
> updated zones, so why do they keep reporting the wrong information?
>
> Even more puzzling is if I add a +trace on the end of dig:
>
> dig @206.13.28.12 mail.riseup.net +trace
>
> (trimmed)
>
> ;; Received 114 bytes from 192.5.6.30#53(A.GTLD-SERVERS.net) in 91 ms
>
> mail.riseup.net. 604800 IN CNAME mars.riseup.net.
> mars.riseup.net. 604800 IN A 216.162.217.191
>
> It gets the RIGHT stuff, from the same DNS server that reported the wrong
> information (without the trace).
The +trace option and the @ parameter don't strike me as being very compatible
with each other. I'm not sure *where* that answer is coming from. Obviously the
root or gTLD servers aren't going to be returning that CNAME...
Did your $TTL used to be *really* high before you made this change? I'm seeing
that 206.13.28.12 still has another 9 hours or so before its mail.riseup.net
cache entry expires.
- Kevin
More information about the bind-users
mailing list