Glue records cached, when they should be coming from zone
Tuomas Toropainen
tuomas.toropainen at lanwan.fi
Tue Nov 13 08:49:03 UTC 2007
Hello
We are having problem with glue records. It seems that for some reason,
instead of retrieving the glue records from zone, bind serves them from
cache. This causes problems especially when the glue record caches time out.
The problematic glue records are ns1.ar.lanwan.fi and ns2.ar.lanwan.fi.
They are part of zone ar.lanwan.fi, which has been delegated from
lanwan.fi. Both zones are public.
Here is the relevant data from lanwan.fi zone file:
---8<---
$TTL 1d
$ORIGIN lanwan.fi.
@ IN SOA ns.lanwan.fi. hostmaster.lanwan.fi. (
2007110201 ; serial
10800 ; refresh
3600 ; retry
7D ; expiry
38400 ) ; minimum
IN NS ns.lanwan.fi.
IN NS ns1.ar.lanwan.fi.
IN NS ns2.ar.lanwan.fi.
ns IN A 213.255.190.40
ns2 IN A 213.255.190.40
ns1.ar.lanwan.fi. IN A 213.255.168.10
ns2.ar.lanwan.fi. IN A 213.255.168.20
ar.lanwan.fi. IN NS ns1.ar.lanwan.fi.
ar.lanwan.fi. IN NS ns2.ar.lanwan.fi.
---8<---
The problem is clearly visible in this dig query. Look at the TTL of
ns1.ar.lanwan.fi A record. Why does ns2.ar.lanwan.fi have constant
default TTL while ns1 TTL is decrementing?
---8<---
$ dig ns ar.lanwan.fi. @ns.lanwan.fi.
; <<>> DiG 9.3.4 <<>> ns ar.lanwan.fi. @ns.lanwan.fi.
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1484
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;ar.lanwan.fi. IN NS
;; AUTHORITY SECTION:
ar.lanwan.fi. 86400 IN NS ns2.ar.lanwan.fi.
ar.lanwan.fi. 86400 IN NS ns1.ar.lanwan.fi.
;; ADDITIONAL SECTION:
ns1.ar.lanwan.fi. 32535 IN A 213.255.168.10
ns2.ar.lanwan.fi. 86400 IN A 213.255.168.20
;; Query time: 4 msec
;; SERVER: 213.255.190.40#53(213.255.190.40)
;; WHEN: Mon Nov 12 14:57:48 2007
;; MSG SIZE rcvd: 98
---8<---
Here is another example. As the query is made from outside (recursion
not allowed), ns2.ar.lanwan.fi A record is missing, because it has
expired from cache.
---8<---
$ dig ns lanwan.fi. @ns.lanwan.fi.
; <<>> DiG 9.3.4 <<>> ns lanwan.fi. @ns.lanwan.fi.
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1313
;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 2
;; QUESTION SECTION:
;lanwan.fi. IN NS
;; ANSWER SECTION:
lanwan.fi. 86400 IN NS ns2.ar.lanwan.fi.
lanwan.fi. 86400 IN NS ns.lanwan.fi.
lanwan.fi. 86400 IN NS ns1.ar.lanwan.fi.
;; ADDITIONAL SECTION:
ns.lanwan.fi. 86400 IN A 213.255.190.40
ns1.ar.lanwan.fi. 47998 IN A 213.255.168.10
;; Query time: 4 msec
;; SERVER: 213.255.190.40#53(213.255.190.40)
;; WHEN: Tue Nov 13 10:40:05 2007
;; MSG SIZE rcvd: 115
---8<---
Bind is version 9.2.4, running on debian 3.1 w/ latest updates. The
debian package version is 9.2.4-1sarge3. This bind has a split dns
setup, in case it makes any difference.
named-checkzone and named-checkconf don't report any problems with zone
files or bind configuration. I don't know what might be wrong. Could it
be that I have run into a bug, or is this caused by misconfiguration?
Thank you very much for any help.
More information about the bind-users
mailing list