nslookup'd bogus hostnames keep adding to cache
Kevin Darcy
kcd at daimlerchrysler.com
Fri Sep 15 00:59:44 UTC 2000
Semicolons indicate comments in master file syntax, so those records don't
_really_ exist as normal resource records in your nameserver's database.
Your nameserver is giving correct responses for those names, isn't it? The
only reason those records are presented as comments in the dump is because
"negative cache entries" exist for them -- that's what the "-$" in the
comment means (negative cash/cache, geddit?). See RFC 2308 for more details
on the rationale, history, theory and mechanics of negative caching.
Normally, you wouldn't want to get rid of those negative cache entries
because, like regular cache entries, they make DNS operate more
efficiently. If you're bound and determined to "cleanse" your nameserver of
them, however, at the expense of some efficiency and performance, you could
use the "max-ncache-ttl" option to expire them more quickly. In conjunction
with that, you might also need to tune the "cleaning-interval" to get the
expired entries removed more often.
- Kevin
sassoj1 at my-deja.com wrote:
> We have an HPUX 10.20 system as a nameserver (BIND 8.2.2). I notice
> that whenever I run 'nslookup foobar.' (or any other bogus hostname,
> with the '.' at the end), then although I do not get a response (and no
> error, either), the bogus hostname seems to get incorporated into the
> cache. If I do an 'ndc dumpdb', I see the following:
>
> $ORIGIN .
> ;foobar 9046 IN A name1.aztec.com. hostmaster.aztec.com. (
> ; 108 7200 900 604800 21600 );.;NODATA ;-$ ;Cr=auth
> ;xgshgsdhh 10795 IN A name1.aztec.com.
> hostmaster.aztec.com. (
> ; 108 7200 900 604800 21600 );.;NODATA ;-$ ;Cr=auth
> ;bogusboy 10770 IN A name1.aztec.com.
> hostmaster.aztec.com. (
> ; 108 7200 900 604800 21600 );.;NODATA ;-$ ;Cr=auth
>
> What's going on here, and how can I prevent this?
>
> --john
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
More information about the bind-users
mailing list