NSlookup query - odd results
Mike Diggins
diggins at McMaster.CA
Mon Feb 13 21:05:53 UTC 2006
I'm running two slave name servers, one running Bind 9.2.4 on Solaris 8
(SPARC, single processor), the other Bind 9.3.2 on Solaris 10 (Sparc, dual
Processor). I run nslookup from a Windows XP client in debug mode, looking
up the name www.cnn.com. The 9.3.2 server _sometimes_ times out with a
"DNS Request Timed out, 2 seconds", but the 9.2.4 server never times out.
So I look at the results a bit closer and noticed a difference. With the
9.2.4 server, the 'authoritative name server' records TTL always refreshes
when the A records TTL does. Notice in my output the A record TTL reaching
1 second and the NS records TTL at 8m21s. Next, the A record TTL is
refreshed to 5 minutes as well as the NS record TTL back to 10 minutes.
The same query to the 9.3.2 server yields different results. When the A
record TTL reaches zero and refreshes, the NS record TTL continues to
count down to zero instead of refreshing. When it reaches zero is when I
get the timeout on the next query. The proceeding query usual succeeds as
do the rest.
Can anyone explain the difference?
Bind 9.2.4 Server, Solaris 8 (SPARC)
<SNIP>
------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 28, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 9, authority records = 4, additional = 0
QUESTIONS:
www.cnn.com, type = A, class = IN
ANSWERS:
-> www.cnn.com
canonical name = cnn.com
ttl = 1 (1 sec)
-> cnn.com
internet address = 64.236.16.116
ttl = 1 (1 sec)
-> cnn.com
internet address = 64.236.24.12
ttl = 1 (1 sec)
-> cnn.com
internet address = 64.236.24.20
ttl = 1 (1 sec)
-> cnn.com
internet address = 64.236.24.28
ttl = 1 (1 sec)
-> cnn.com
internet address = 64.236.29.120
ttl = 1 (1 sec)
-> cnn.com
internet address = 64.236.16.20
ttl = 1 (1 sec)
-> cnn.com
internet address = 64.236.16.52
ttl = 1 (1 sec)
-> cnn.com
internet address = 64.236.16.84
ttl = 1 (1 sec)
AUTHORITY RECORDS:
-> cnn.com
nameserver = twdns-02.ns.aol.com
ttl = 501 (8 mins 21 secs)
-> cnn.com
nameserver = twdns-03.ns.aol.com
ttl = 501 (8 mins 21 secs)
-> cnn.com
nameserver = twdns-04.ns.aol.com
ttl = 501 (8 mins 21 secs)
-> cnn.com
nameserver = twdns-01.ns.aol.com
ttl = 501 (8 mins 21 secs)
------------
Non-authoritative answer:
Name: cnn.com
Addresses: 64.236.16.116, 64.236.24.12, 64.236.24.20, 64.236.24.28
64.236.29.120, 64.236.16.20, 64.236.16.52, 64.236.16.84
Aliases: www.cnn.com
> www.cnn.com
<SNIP>
------------
Got answer:
HEADER:
opcode = QUERY, id = 30, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 9, authority records = 4, additional = 0
QUESTIONS:
www.cnn.com, type = A, class = IN
ANSWERS:
-> www.cnn.com
canonical name = cnn.com
ttl = 300 (5 mins)
-> cnn.com
internet address = 64.236.24.20
ttl = 300 (5 mins)
-> cnn.com
internet address = 64.236.24.28
ttl = 300 (5 mins)
-> cnn.com
internet address = 64.236.29.120
ttl = 300 (5 mins)
-> cnn.com
internet address = 64.236.16.20
ttl = 300 (5 mins)
-> cnn.com
internet address = 64.236.16.52
ttl = 300 (5 mins)
-> cnn.com
internet address = 64.236.16.84
ttl = 300 (5 mins)
-> cnn.com
internet address = 64.236.16.116
ttl = 300 (5 mins)
-> cnn.com
internet address = 64.236.24.12
ttl = 300 (5 mins)
AUTHORITY RECORDS:
-> cnn.com
nameserver = twdns-02.ns.aol.com
ttl = 600 (10 mins)
-> cnn.com
nameserver = twdns-03.ns.aol.com
ttl = 600 (10 mins)
-> cnn.com
nameserver = twdns-04.ns.aol.com
ttl = 600 (10 mins)
-> cnn.com
nameserver = twdns-01.ns.aol.com
ttl = 600 (10 mins)
------------
Non-authoritative answer:
Name: cnn.com
Addresses: 64.236.24.20, 64.236.24.28, 64.236.29.120, 64.236.16.20
64.236.16.52, 64.236.16.84, 64.236.16.116, 64.236.24.12
Aliases: www.cnn.com
____________________________________________________________________________
Bind 9.3.2 Server, Solaris 10 (SPARC)
Got answer:
HEADER:
opcode = QUERY, id = 48, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 9, authority records = 4, additional = 0
QUESTIONS:
www.cnn.com, type = A, class = IN
ANSWERS:
-> www.cnn.com
canonical name = cnn.com
ttl = 1 (1 sec)
-> cnn.com
internet address = 64.236.16.84
ttl = 1 (1 sec)
-> cnn.com
internet address = 64.236.16.116
ttl = 1 (1 sec)
-> cnn.com
internet address = 64.236.24.12
ttl = 1 (1 sec)
-> cnn.com
internet address = 64.236.24.20
ttl = 1 (1 sec)
-> cnn.com
internet address = 64.236.24.28
ttl = 1 (1 sec)
-> cnn.com
internet address = 64.236.29.120
ttl = 1 (1 sec)
-> cnn.com
internet address = 64.236.16.20
ttl = 1 (1 sec)
-> cnn.com
internet address = 64.236.16.52
ttl = 1 (1 sec)
AUTHORITY RECORDS:
-> cnn.com
nameserver = twdns-03.ns.aol.com
ttl = 301 (5 mins 1 sec)
-> cnn.com
nameserver = twdns-04.ns.aol.com
ttl = 301 (5 mins 1 sec)
-> cnn.com
nameserver = twdns-01.ns.aol.com
ttl = 301 (5 mins 1 sec)
-> cnn.com
nameserver = twdns-02.ns.aol.com
ttl = 301 (5 mins 1 sec)
------------
Non-authoritative answer:
Name: cnn.com
Addresses: 64.236.16.84, 64.236.16.116, 64.236.24.12, 64.236.24.20
64.236.24.28, 64.236.29.120, 64.236.16.20, 64.236.16.52
Aliases: www.cnn.com
> www.cnn.com
<SNIP>
------------
Got answer:
HEADER:
opcode = QUERY, id = 50, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 9, authority records = 4, additional = 0
QUESTIONS:
www.cnn.com, type = A, class = IN
ANSWERS:
-> www.cnn.com
canonical name = cnn.com
ttl = 300 (5 mins)
-> cnn.com
internet address = 64.236.16.20
ttl = 300 (5 mins)
-> cnn.com
internet address = 64.236.16.52
ttl = 300 (5 mins)
-> cnn.com
internet address = 64.236.16.84
ttl = 300 (5 mins)
-> cnn.com
internet address = 64.236.16.116
ttl = 300 (5 mins)
-> cnn.com
internet address = 64.236.24.12
ttl = 300 (5 mins)
-> cnn.com
internet address = 64.236.24.20
ttl = 300 (5 mins)
-> cnn.com
internet address = 64.236.24.28
ttl = 300 (5 mins)
-> cnn.com
internet address = 64.236.29.120
ttl = 300 (5 mins)
AUTHORITY RECORDS:
-> cnn.com
nameserver = twdns-04.ns.aol.com
ttl = 299 (4 mins 59 secs)
-> cnn.com
nameserver = twdns-01.ns.aol.com
ttl = 299 (4 mins 59 secs)
-> cnn.com
nameserver = twdns-02.ns.aol.com
ttl = 299 (4 mins 59 secs)
-> cnn.com
nameserver = twdns-03.ns.aol.com
ttl = 299 (4 mins 59 secs)
------------
Non-authoritative answer:
Name: cnn.com
Addresses: 64.236.16.20, 64.236.16.52, 64.236.16.84, 64.236.16.116
64.236.24.12, 64.236.24.20, 64.236.24.28, 64.236.29.120
Aliases: www.cnn.com
-Mike
More information about the bind-users
mailing list