forwarders-weirdness
phn at icke-reklam.ipsec.nu
phn at icke-reklam.ipsec.nu
Mon Jul 22 17:44:31 UTC 2002
Felix Schattschneider <felix_schattschneider at ccmconsult.de> wrote:
> Hi there
> (If this should be a FAQ, please excuse me and tell me. I didn't find
> anything)
> Following scenario:
> <named.conf>
> ...
> recursion no;
> forward first;
> forwarders { www.xxx.yy.zz; }
> ...
> </named.conf>
> I did the following changes in the zonefile:
> <makaranta.de.hosts old>
> NS old.nameserver.de.
> www CNAME makaranta.de.
> makaranta.de A some.ip.
> </makaranta.de.hosts old>
> top
> <makaranta.de.hosts new>
> NS old.nameserver.de.
> www NS new.nameserver.de.
> </makaranta.de.hosts new>
> that is, I delegate the subzone www.makaranta.de to another nameserver (for
> loadbalancing purposes)
> The Problem is, if I query the original nameserver, who is still Authority
> for makaranta.de, it doesn't return the NS-record as it ios supposed de,
> but instead delivers the old CNAME-entry, which it gets from its forwarders
> (who haven't yet uupdated their database, but that is another problem).
> But in my opinion this is wrong, because the old nameserver is still
> Authority for makaranta.de and shouldn't ask his forwarders!!! It has that
> record?
> Why's that??
> If you need any mor infromation, please say so.
lp1.ccmconsult.de. is handling out records with no TTL left (=0)
lp1.ccmconsult.de. is broken in more ways, it does not
answer TCP, and it has no SOA for the zone "www.makaranta.de"
It is also a single point of failure.
The zone makaranta.de is also slightly screwed up, iy uses
a higer negative TTL ( 10800 ) then default TTL ( 3600 )
Note that a default TTL of 3600 is considered broken.
> Thanks, Felix
--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
More information about the bind-users
mailing list