Expire question

phn at icke-reklam.ipsec.nu phn at icke-reklam.ipsec.nu
Tue Apr 16 15:30:27 UTC 2002 

Rasmus Aaen <ra at back-bone.dk> wrote:

> Hi all,

> We have two nameservers responsible for our domain (byggeweb.dk). Both are
> running BIND 8.3.1 on Win2000. The primary server is located at our office
> and the slave is at a ISP hosting center, along with the webserver. Today
> our office internet connection went down, and with it the connection to our
> primary dns server. No problem, I thought; the slave name server will
> continue resolving our domain. But alas! After about one hour the slave name
> server expired the record, effectively shutting our website down. This is
> what I don't understand, since the soa record for the zone has an expire
> value of 10 days.

> To get the website up again, I changed the zone type from slave to master on
> the slave name server, which solved the problem. One of the suggestions to
> prevent this in the future is to run both nameserves as masters, but I would
> like to avoid having to sync the files manually.

> Am I missing something, or is our name servers improperly configured?

Do i understand you right : the local network with the slaveserver
was isolated from Internet, and within one hour it lost capability
to resolve the slave zone ?

One possibility that strikes me is :
the nameserver has a name "dns2.back-bone.dk." and the 'A' record
for that name has teh embarrysing short TTLof one hour. Well,
after one hour, it tries to get this info from Internet ( since it
is not auth for "back-bone.dk." and fails. After this failure
it's goes introverted and refuses to work. 

Why not call it "ns.byggweb.dk" and assign it a reasonable TTL ?



> /Rasmus


> Here is the soa record:

> C:\>dig byggeweb.dk soa

> ; <<>> DiG 8.3 <<>> byggeweb.dk soa
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
> ;; QUERY SECTION:
> ;;      byggeweb.dk, type = SOA, class = IN

> ;; ANSWER SECTION:
> byggeweb.dk.            1H IN SOA       dns.back-bone.dk. dns.back-bone.dk.
> (
>                                         2002032201      ; serial
>                                         1H              ; refresh
>                                         30M             ; retry
>                                         1w3d            ; expiry
>                                         1H )            ; minimum


> ;; AUTHORITY SECTION:
> byggeweb.dk.            1H IN NS        dns.back-bone.dk.
> byggeweb.dk.            1H IN NS        dns2.back-bone.dk.

> ;; ADDITIONAL SECTION:
> dns.back-bone.dk.       1H IN A         130.227.165.202
> dns2.back-bone.dk.      1H IN A         195.215.12.120

> ;; Total query time: 0 msec
> ;; FROM: WKS77 to SERVER: default -- 130.227.165.202
> ;; WHEN: Tue Apr 16 15:57:16 2002
> ;; MSG SIZE  sent: 29  rcvd: 144


> -------
> [Denne E-mail blev scannet for virus af Declude Virus]
> [This E-mail was scanned for viruses by Declude Virus]



-- 
Peter Håkanson         
        IPSec  Sverige      (At the Riverside of Gothenburg, home of Volvo)
           Sorry about my e-mail address, but i'm trying to keep spam out.
	   Remove "icke-reklam" and it works.

More information about the bind-users mailing list