DNS not updating, all hair pulled out

Kevin Darcy kcd at daimlerchrysler.com
Fri Aug 9 22:07:19 UTC 2002 

Micah Anderson wrote:

> Ok, I've been doing DNS for a while, but this one is alluding me, I've

s/alluding/eluding

>
> pulled out nearly all of my hair trying to figure this out.
>
> I did update my serial number and I had my TTL set to about one hour. I did
> an update to my domain, but even a week+ later there are still a good 25% of
> the DNS servers out there who haven't picked up my update.
>
> dig @206.13.28.12 mail.riseup.net
>
> (trimmed)
> ;; ANSWER SECTION:
> mail.riseup.net.        56394   IN      CNAME   riseup.net.
>
> This is NOT right, it should be:
>
> (trimmed)
> ;; ANSWER SECTION:
> mail.riseup.net.        604800  IN      CNAME   mars.riseup.net.
> mars.riseup.net.        604800  IN      A       216.162.217.191

That's not what the authoritative nameservers for riseup.net are currently
returning:

% dig mail.riseup.net @ns1.riseup.net.

; <<>> DiG 8.3 <<>> mail.riseup.net @ns1.riseup.net.
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUERY SECTION:
;;      mail.riseup.net, type = A, class = IN

;; ANSWER SECTION:
mail.riseup.net.        1h40m48s IN A   216.162.217.191

;; AUTHORITY SECTION:
riseup.net.             1h40m48s IN NS  ns1.riseup.net.
riseup.net.             1h40m48s IN NS  fs.freespeech.org.

;; ADDITIONAL SECTION:
ns1.riseup.net.         1h40m48s IN A   216.162.197.233

;; Total query time: 148 msec
;; FROM: fxiod01.is.chrysler.com to SERVER: ns1.riseup.net.  216.162.197.233
;; WHEN: Fri Aug  9 17:34:25 2002
;; MSG SIZE  sent: 33  rcvd: 114

%

> The SOAs on these other DNS servers appear to have the serial numbers of the
> updated zones, so why do they keep reporting the wrong information?
>
> Even more puzzling is if I add a +trace on the end of dig:
>
> dig @206.13.28.12 mail.riseup.net +trace
>
> (trimmed)
>
> ;; Received 114 bytes from 192.5.6.30#53(A.GTLD-SERVERS.net) in 91 ms
>
> mail.riseup.net.        604800  IN      CNAME   mars.riseup.net.
> mars.riseup.net.        604800  IN      A       216.162.217.191
>
> It gets the RIGHT stuff, from the same DNS server that reported the wrong
> information (without the trace).

The +trace option and the @ parameter don't strike me as being very compatible
with each other. I'm not sure *where* that answer is coming from. Obviously the
root or gTLD servers aren't going to be returning that CNAME...

Did your $TTL used to be *really* high before you made this change? I'm seeing
that 206.13.28.12 still has another 9 hours or so before its mail.riseup.net
cache entry expires.


- Kevin

More information about the bind-users mailing list