Slave zero-TTL on CNAMES
Reindl Harald
h.reindl at thelounge.net
Thu Jun 5 16:43:30 UTC 2014
Am 05.06.2014 17:58, schrieb /dev/rob0:
> On Thu, Jun 05, 2014 at 05:21:47PM +0200, Reindl Harald wrote:
>> what the hell invents "$TTL 0 ; 0 seconds" lines before
>> each CNAME block while on the master there is exactly
>> one TTL line with 86400 on top of the file?
>
> The way named writes a zone file is not the way I would do it.
> Records are strictly in alphabetic order, and $TTL blocks are made
> around all RRSETs where TTL varies.
>
> The zone FILE is not your problem. I don't know exactly what the
> problem might be. It seems that something is intercepting and
> filtering the zone transfers?
>
> You could try transfers manually from the slave:
>
> dig [key auth if required] rhsoft.net. axfr @91.118.73.16
>
> Does that show any zero TTLs? If so I suggest you place a couple of
> sniffers at strategic spots, one leaving the master, another entering
> the slave, and force a zone transfer.
as yolu can see clearly below any CNAME record comes with a zero TTL
the dotted line are a lot of CNAMES, all with zero TTL
after them the first A-record has again the desired 86400
the SOA at the end comes also with 86400 and the CNAME
block before again has a TTL of zero
i can't imagine anyhting which would sit between the
transfer and change things - aaaah wait there was a
Zyxel router in front of ns1 which was exploitable
and now is replaced by a small Cisco from the ISP
oh, no, don't tell me that my ISP clutters DNS again :-(
[root at ns2:~]$ dig rhsoft.net. axfr @91.118.73.16
; <<>> DiG 9.9.3-rl.13207.22-P2-RedHat-9.9.3-15.P2.fc19 <<>> rhsoft.net. axfr @91.118.73.16
;; global options: +cmd
rhsoft.net. 86400 IN SOA ns2.thelounge.net. hostmaster.thelounge.net. 1226095186 3600 1800
1814400 3600
rhsoft.net. 86400 IN MX 10 barracuda.thelounge.net.
rhsoft.net. 86400 IN TXT "v=spf1 ip4:91.118.73.0/24 ip4:89.207.144.27 ip4:62.178.103.85 -all"
rhsoft.net. 86400 IN SPF "v=spf1 ip4:91.118.73.0/24 ip4:89.207.144.27 ip4:62.178.103.85 -all"
rhsoft.net. 86400 IN NS ns2.thelounge.net.
rhsoft.net. 86400 IN NS ns1.thelounge.net.
rhsoft.net. 86400 IN A 91.118.73.4
**.rhsoft.net. 0 IN CNAME **.rhsoft.net.
**.rhsoft.net. 0 IN CNAME **.rhsoft.net.
................................
testserver.rhsoft.net. 86400 IN A 84.113.92.77
**.rhsoft.net. 0 IN CNAME **.rhsoft.net.
rhsoft.net. 86400 IN SOA ns2.thelounge.net. hostmaster.thelounge.net. 1226095186 3600 1800
1814400 3600
;; Query time: 22 msec
;; SERVER: 91.118.73.16#53(91.118.73.16)
;; WHEN: Do Jun 05 18:35:08 CEST 2014
;; XFR size: 58 records (messages 1, bytes 1545)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20140605/6e074507/attachment.bin>
More information about the bind-users
mailing list