How to trace cache information?

Barry Margolin barmar at bbnplanet.com
Tue Jun 1 19:02:14 UTC 1999 

In article <7iut7o$cdb$1 at news.IAEhv.nl>,
Edwin de Graaf <graaf at surf.iae.nl> wrote:
>We are seeing a problem when looking up information for the domain
>capacity.nl. Occasionally Named will return a NXDOMAIN for this domain,
>most of the time it works. The NXDOMAIN is cached for a while then. A
>database dump shows the following for capacity.nl when the lookup fails:
....
>I guess the NXDOMAIN result should have come from a server that is
>authoritive for the nl. zone. I have checked with dig, and all servers
>that are reported with "dig nl nx" have the correct information for
>capacity.nl. How can I find out where the NXDOMAIN result came from (which
>nameserver)? I have tried using debugging (kill -USR1 three times), but I
>was unable to deduce much from the named.run file. Some help here would be
>much appreciated.

No, the NXDOMAIN is coming from mail.capacity.nl:

% dig capacity.nl a @mail.capacity.nl

; <<>> DiG 2.2 <<>> capacity.nl a @mail.capacity.nl 
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10
;; flags: qr aa rd ra; Ques: 1, Ans: 0, Auth: 0, Addit: 0
;; QUESTIONS:
;;	capacity.nl, type = A, class = IN

;; Total query time: 141 msec
;; FROM: tools to SERVER: mail.capacity.nl  195.86.70.194
;; WHEN: Tue Jun  1 14:56:24 1999
;; MSG SIZE  sent: 29  rcvd: 29

However, an ANY query returns the records:

% dig capacity.nl any @mail.capacity.nl

; <<>> DiG 2.2 <<>> capacity.nl any @mail.capacity.nl 
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10
;; flags: qr aa rd ra; Ques: 1, Ans: 6, Auth: 3, Addit: 7
;; QUESTIONS:
;;	capacity.nl, type = ANY, class = IN

;; ANSWERS:
capacity.nl.	86400	NS	mail.capacity.nl.
capacity.nl.	86400	NS	ns.wirehub.net.
capacity.nl.	86400	NS	ns2.wirehub.net.
capacity.nl.	86400	SOA	mail.capacity.nl. postmaster.capacity.nl. (
			1999050619	; serial
			28800	; refresh (8 hours)
			7200	; retry (2 hours)
			604800	; expire (7 days)
			86400 )	; minimum (1 day)
capacity.nl.	86400	MX	110 mx.wirehub.net.
capacity.nl.	86400	MX	100 mail.capacity.nl.

;; AUTHORITY RECORDS:
Capacity.nl.	86400	NS	ns2.wirehub.net.
Capacity.nl.	86400	NS	ns.wirehub.net.
Capacity.nl.	86400	NS	mail.capacity.nl.

;; ADDITIONAL RECORDS:
mail.capacity.nl.	86400	A	195.86.70.194
ns.wirehub.net.	86400	A	194.165.94.1
ns2.wirehub.net.	86400	A	194.165.94.5
mail.capacity.nl.	86400	A	195.86.70.194
ns2.wirehub.net.	927884062	A	194.165.94.5
ns.wirehub.net.	927884062	A	194.165.94.1
mail.capacity.nl.	86400	A	195.86.70.194

;; Total query time: 186 msec
;; FROM: tools to SERVER: mail.capacity.nl  195.86.70.194
;; WHEN: Tue Jun  1 14:56:30 1999
;; MSG SIZE  sent: 29  rcvd: 341

>We are using Bind version 8.1 on FreeBSD 3.1-STABLE.

When I query mail.capacity.nl for the VERSION.BIND record, it doesn't
recognize it.  Are you sure this machine is running BIND 8.1?  It looks to
me like it's running a broken server that returns an NXDOMAIN error when
the name exists but there are no records for the specific type that was
requested.  That's a violation of the protocol -- it should return a
NOERROR status with an empty Answer section.

-- 
Barry Margolin, barmar at bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

More information about the bind-users mailing list