Caching question BIND 9 help me please
Vo
vo243 at hotmail.removeme.com
Thu Aug 7 14:52:34 UTC 2003
Kevin Darcy <kcd at daimlerchrysler.com> wrote in
news:bgs5ro$3152$1 at sf1.isc.org:
> Vo wrote:
>
.. stuff deleted ...
>> simple. What's a good setting for a stable network with no
>> significant changes being done for these?
>
> $TTL only sets the default TTL for records in the zone. Slaves never
> see the TTL setting; only the TTL values on each record in the zone,
> and they never expire records based on those TTL values either. The
> only relevant "expiration" parameter between masters and slaves is the
> SOA.EXPIRE setting, and 7 days is, of course, much longer than the 28
> hours of your outage. So it's a bit of a mystery.
>
> Is it possible that you've had replication failure for a while and
> just never noticed it? Are your primary and all of the delegated
> slaves currently answering authoritatively for names in the zone?
>
I don't think so. The secondary which is inhouse certainly had the
recent changes, so I don't think that's a problem. All of them are
authoritative, yes.
> When you say "not founds", do you mean NXDOMAIN? Were you using
> nslookup to do the lookups? Sometimes if nslookup hits a SERVFAIL for
> the regular name, it'll proceed to do the searchlist algorithm and
> then if it subsequently gets an NXDOMAIN for a searchlisted name
> (quite likely) it'll *misreport* NXDOMAIN for the whole lookup. This
> is one of many reasons why nslookup sucks and "dig" is the preferred
> DNS troubleshooting tool. At the very least, always turn on "debug"
> with nslookup to see what the hell it's doing behind the scenes.
>
Yes, I was using nslookup and probably should have been using dig, so I
can't say if I was getting NXDOMAIN versus SERVFAIL. Basically my
secondary was sitting there and timed out.
> As for your ISP's "tertiary" server, it should have at least given you
> a SERVFAIL or timed out trying to resolve the name. Sounds like they
> turned off or restricted recursion and never bothered to tell you. Is
> it working now?
>
>
It's working fine now. When I queried the ISP's server for an A record
on my domain, it pumped back the addresses of the root servers.
Thanks so far--this is enlightening. I'm hardly a DNS guru. :-)
Vo
More information about the bind-users
mailing list