forwarders-weirdness
phn at icke-reklam.ipsec.nu
phn at icke-reklam.ipsec.nu
Tue Jul 23 08:35:09 UTC 2002
Felix Schattschneider <felix_schattschneider at ccmconsult.de> wrote:
> phn at icke-reklam.ipsec.nu wrote:
>>
>>> Why's that??
>>> If you need any mor infromation, please say so.
>>
>> lp1.ccmconsult.de. is handling out records with no TTL left (=0)
>>
>> lp1.ccmconsult.de. is broken in more ways, it does not
>> answer TCP, and it has no SOA for the zone "www.makaranta.de"
>> It is also a single point of failure.
> lp1 is a radware Linkproof which is not designed to be a complete
> nameserver.
It is used in a position where a complete nameserver is asked for.
Thus broken. Talk to your vendor.
> What ist does: if you have 2 or more provider Lines and one server address
> on each line, it gives back for an A-query the address a) of a line that is
> healthy, or better, if a line is dead, it gives back the (defined) address
> from the other line and b) if proximity checking is on, it "learns" the
> best route to the answering dns and can give back the best address next
> time. Hence the low ttl (but granted, we're still exprimenting with the
> ttl). Oh, and it's not a SPOF, because there's a backup device that will
> take over in case of failure.
I know what it does. And no backup device will restore service if
the single ip for lp1.ccmconsult.de. is unavailable ( for network outage
reasons ?)
> The problem though is not the lp1, which works fine, but the phenomen that
> the bind seems to ask his forwarder (which is identical with the secondary
> in this case) even if it is authoritative for the zone. I think it
> shouldn't do that. It's a recursion or forwarder problem, I think...
>>
>> The zone makaranta.de is also slightly screwed up, iy uses
>> a higer negative TTL ( 10800 ) then default TTL ( 3600 )
>> Note that a default TTL of 3600 is considered broken.
> Oops, my mistake, thanks...
> Felix
--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
More information about the bind-users
mailing list